403Webshell
Server IP : 119.59.102.212  /  Your IP : 3.139.94.189
Web Server : Apache/2
System : Linux narin 2.6.32-042stab142.1 #1 SMP Tue Jan 28 23:44:17 MSK 2020 x86_64
User : yangkam ( 1022)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/news/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yangkam/domains/yangkam.go.th/public_html/coremain/module/news/news_output.php
<?php
if(id_top_permission("news")!=1){	
	permission_fail();			
}
// Status Package Module
$status_module=select_query("status_module","cms_status_module","id","2");
if($status_module[0]!=1)	{	
	fieldset_no_module();
}
$navig['news']="เพิ่มข่าวประชาสัมพันธ์ (ภายในหน่วยงาน)";
navigator($navig);
echo"<br>";
bar_header("เพิ่มข่าวประชาสัมพันธ์ (ภายในหน่วยงาน)"); // Bar_Header
fieldset_top("ข่าวประชาสัมพันธ์");
include_once("class.upload.php");
import_request_variables('pG', 'p_');
if($p_id_type!="")									{  $id_type=trim($p_id_type);												}
if($p_id_sub!="")									{  $id_sub=trim($p_id_sub);												}
if($p_topic!="")										{  $topic=trim($p_topic);														}
if($p_evar!="")										{  $fulltexts=trim($p_evar);													}
if($p_date!="")										{  $date=trim($p_date);														}
if($p_month!="")									{  $month=trim($p_month);													}
if($p_year!="")										{  $year=trim($p_year);															}
if($p_date1!="")										{  $date1=trim($p_date1);													}
if($p_month1!="")									{  $month1=trim($p_month1);												}
if($p_year1!="")										{  $year1=trim($p_year1);													}
if($p_who!="")										{  $who=trim($p_who);															}
if($p_position_pic1!="")						{  $position_pic1=trim($p_position_pic1);							}
if($p_position_pic2!="")						{  $position_pic2=trim($p_position_pic2);							}
if($p_position_pic3!="")						{  $position_pic3=trim($p_position_pic3);							}
if($p_position_pic4!="")						{  $position_pic4=trim($p_position_pic4);							}
if($p_explain1!="")								{  $explain1=trim($p_explain1);											}
if($p_explain2!="")								{  $explain2=trim($p_explain2);											}
if($p_explain3!="")								{  $explain3=trim($p_explain3);											}
if($p_explain4!="")								{  $explain4=trim($p_explain4);											}
	$date_post=$year.$month.$date;
	$date_line=$year1.$month1.$date1;
$userfile1_name=trim($_FILES['userfile1']['name']);
$userfile2_name=trim($_FILES['userfile2']['name']);
$userfile3_name=trim($_FILES['userfile3']['name']);
$userfile4_name=trim($_FILES['userfile4']['name']);
$userfile5_name=trim($_FILES['userfile5']['name']);




$sql="ALTER TABLE `cms_news`   DROP `files6`,  DROP `files7`,  DROP `files8`";
mysql_query($sql);

/*
// เช็คไฟล์ว่าถูกต้องหรือไม่
if($userfile1_name!="")			{	check_pic($userfile1_name,1);	}
if($userfile2_name!="")			{	check_pic($userfile2_name,2);	}
if($userfile3_name!="")			{	check_pic($userfile3_name,3);	}
if($userfile4_name!="")			{	check_pic($userfile4_name,4);	}
if($userfile5_name!="")			{	check_file($userfile5_name,'document');	}
	
	*/
// ########################ข่าวประชาสัมพันธ์ภายในหน่วยงาน ######################
// Create_Filename
if($userfile1_name!="")	{	
	//*********************** ReSize *************************
	// กำหนดชื่อไฟล์ที่ upload ใหม่ ทั้งนี้เพื่อให้ ไฟล์ไม่ซ้ำกัน
		$str  = "123456789abcdefghijkmnpqrstuvwxyz";
		$pic1 = substr(str_shuffle($str), 0, 9);
		$strings = end(explode('.', $userfile1_name));
		$strings = strtolower($strings);
		$name1="pic$pic1.$strings";
		$dlink="$_SESSION[web_name]/mainfile/".$name1;
		$hup = new upload($_FILES['userfile1']);
		if($hup->uploaded){
			$hup->image_resize = true;
			$hup->image_y  = 300;
			$hup->image_x = 400;
			$hup->image_ratio = true;			
			$hup->jpeg_quality = 95;
			$hup->image_ratio_no_zoom_in = true;
			$hup->file_new_name_body = "pic{$pic1}";
			$hup->Process("$_SESSION[web_name]/mainfile/");
			if($hup->processed){				
			}
		}
} 
if($userfile2_name!="")	{	
	//*********************** ReSize *************************
	// กำหนดชื่อไฟล์ที่ upload ใหม่ ทั้งนี้เพื่อให้ ไฟล์ไม่ซ้ำกัน
		$str  = "123456789abcdefghijkmnpqrstuvwxyz";
		$pic2 = substr(str_shuffle($str), 0, 9);
		$strings = end(explode('.', $userfile2_name));
		$strings = strtolower($strings);
		$name2="pic$pic2.$strings";
		$dlink="$_SESSION[web_name]/mainfile/".$name2;
		$hup = new upload($_FILES['userfile2']);
		if($hup->uploaded){
			$hup->image_resize = true;
			$hup->image_y  = 300;
			$hup->image_x = 400;
			$hup->image_ratio = true;			
			$hup->jpeg_quality = 95;
			$hup->image_ratio_no_zoom_in = true;
			$hup->file_new_name_body = "pic{$pic2}";
			$hup->Process("$_SESSION[web_name]/mainfile/");
			if($hup->processed){
				
			}
		}
	//*******************************************************
} 
if($userfile3_name!="")	{	
	//*********************** ReSize *************************
	// กำหนดชื่อไฟล์ที่ upload ใหม่ ทั้งนี้เพื่อให้ ไฟล์ไม่ซ้ำกัน
		$str  = "123456789abcdefghijkmnpqrstuvwxyz";
		$pic3 = substr(str_shuffle($str), 0, 9);
		$strings = end(explode('.', $userfile3_name));
		$strings = strtolower($strings);
		$name3="pic$pic3.$strings";
		$dlink="$_SESSION[web_name]/mainfile/".$name3;
		$hup = new upload($_FILES['userfile3']);
		if($hup->uploaded){
			$hup->image_resize = true;
			$hup->image_y  = 300;
			$hup->image_x = 400;
			$hup->image_ratio = true;			
			$hup->jpeg_quality = 95;
			$hup->image_ratio_no_zoom_in = true;
			$hup->file_new_name_body = "pic{$pic3}";
			$hup->Process("$_SESSION[web_name]/mainfile/");
			if($hup->processed){
				
			}
		}
	//*******************************************************
} 
if($userfile4_name!="")	{	
	//*********************** ReSize *************************
	// กำหนดชื่อไฟล์ที่ upload ใหม่ ทั้งนี้เพื่อให้ ไฟล์ไม่ซ้ำกัน
		$str  = "123456789abcdefghijkmnpqrstuvwxyz";
		$pic4 = substr(str_shuffle($str), 0, 9);
		$strings = end(explode('.', $userfile4_name));
		$strings = strtolower($strings);
		$name4="pic$pic4.$strings";
		$dlink="$_SESSION[web_name]/mainfile/".$name4;
		$hup = new upload($_FILES['userfile4']);
		if($hup->uploaded){
			$hup->image_resize = true;
			$hup->image_y  = 300;
			$hup->image_x = 400;
			$hup->image_ratio = true;			
			$hup->jpeg_quality = 95;
			$hup->image_ratio_no_zoom_in = true;
			$hup->file_new_name_body = "pic{$pic4}";
			$hup->Process("$_SESSION[web_name]/mainfile/");
			if($hup->processed){
				
			}
		}
	//*******************************************************
} 

if($userfile5_name!="")	{
  $name5=create_filename($userfile5_name);		
  $dlink="$_SESSION[web_name]/mainfile/".$name5;
  upload_file_to_server2($dlink,$_FILES['userfile5']);	
  //move_uploaded_file($_FILES['userfile5']['tmp_name'], $dlink);
}

	$datamax1=select_max_query0("id","cms_news");
			if ($datamax1[0]=="")		{			$datamax1[0]="1";		}

	$d1=select_max_query0("orders","cms_news");
			if ($d1[0]=="")					{			$d1[0]="1";						}

//#########เพิ่มข้อมูลลงในฐาน	
		$sql="INSERT INTO `cms_news` ( `id` ,`id_sub`,`id_type` , `topic` , `fulltexts` , `date_post` , `date_line` , `who` , `pic1` , `position_pic1` , `explain1` , `pic2` , `position_pic2` , `explain2` , `pic3` , `position_pic3` , `explain3` , `pic4` , `position_pic4` , `explain4` , `files` , `status` , `state` , `orders` ) values('{$datamax1[0]}','$id_sub','$id_type','$topic','$fulltexts','$date_post','$date_line','$main_data[name_web]','$name1','$position_pic1','$explain1','$name2','$position_pic2','$explain2','$name3','$position_pic3','$explain3','$name4','$position_pic4','$explain4','$name5','1','0','$d1[0]')";
		mysql_query($sql) or die(mysql_error());



// ########################ข่าวประชาสัมพันธ์ภายนอกหน่วยงาน ######################
if($p_news_out!="")				{  $news_out=trim($p_news_out);					}


include('coremain/connec_out.php');
if($name1!="")	{	$name1="http://$_SERVER[HTTP_HOST]/$_SESSION[web_name]/mainfile/$name1"; } 
if($name2!="")	{	$name2="http://$_SERVER[HTTP_HOST]/$_SESSION[web_name]/mainfile/$name2"; } 
if($name3!="")	{	$name3="http://$_SERVER[HTTP_HOST]/$_SESSION[web_name]/mainfile/$name3"; } 
if($name4!="")	{	$name4="http://$_SERVER[HTTP_HOST]/$_SESSION[web_name]/mainfile/$name4"; } 
if($name5!="")	{	$name5="http://$_SERVER[HTTP_HOST]/$_SESSION[web_name]/mainfile/$name5"; } 

//#########เพิ่มข้อมูลลงในฐาน	
		 $sql="INSERT INTO `cms_news` ( `id` ,`id_tumbon`,`id_type` , `topic` , `fulltexts` , `date_post` , `date_line` , `who` , `pic1` , `position_pic1` , `explain1` , `pic2` , `position_pic2` , `explain2` , `pic3` , `position_pic3` , `explain3` , `pic4` , `position_pic4` , `explain4` , `files` , `status` , `state` , `orders` , `province` , `show_on_off` ) values('{$datamax1[0]}','$_SESSION[id_tumbon]','$id_type','$topic','$fulltexts','$date_post','$date_line','$main_data[name_web]','$name1','$position_pic1','$explain1','$name2','$position_pic2','$explain2','$name3','$position_pic3','$explain3','$name4','$position_pic4','$explain4','$name5','1','0','0','$_SESSION[name_province]','$news_out')";

		mysql_query($sql) or die(mysql_error());
		mysql_close($handle_out);
		include("$_SESSION[web_name]/connect.php");



echo msg_insert_data();			// ข้อความแสดงการผลการเพิ่มข้อมูล
refresh_data('index.php',1);	// กลับหน้าหลัก
fieldset_down();
?>

Youez - 2016 - github.com/yon3zu
LinuXploit