403Webshell
Server IP : 202.29.229.35  /  Your IP : 18.119.120.88
Web Server : Apache
System : Linux aapanel2 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
User : www ( 1001)
PHP Version : 5.5.38
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /www/wwwroot/www.ivecr2.ac.th/stdcard/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /www/wwwroot/www.ivecr2.ac.th/stdcard/card_process_ok.php
<?php
$host="localhost";
$user_name="root";
$pass_word="1234";
$db="std_card_db";
	
@mysql_connect( $host,$user_name,$pass_word) or die ("can not connect to server");
mysql_query("SET NAMES utf8");
@mysql_select_db($db) or die("can not select database"); 

	$years = $_REQUEST['years'];
	$group_id = $_REQUEST['group_id'];
	$student_id = $_REQUEST['student_id'];
	$d = $_REQUEST['d'];
	$m = $_REQUEST['m'];
	$y = $_REQUEST['y'];
	$d2 = $_REQUEST['d2'];
	$m2 = $_REQUEST['m2'];
	$y2 = $_REQUEST['y2'];
	
	if(strlen($m)==1) $m = "0".$m;
	if(strlen($m2)==1) $m2 = "0".$m2;
	
	$date_print = $d."/".$m."/". $y;
	$date_expire = $d2."/".$m2."/". $y2;
	
	if($years=="" && $group_id=="" && $student_id=="" ){
		echo "กรุณากรอกปีการศึกษาที่เข้า หรือ รหัสกลุ่ม หรือ รหัสนักเรียนนักศึกษา";
		exit();
	}
	
	if($years!=""){
			if($group_id!="" ){
				$sql_process = "select * from tblstd_idcard  where group_id = '$group_id' order by student_id";
			}else{
					if($student_id!=""){
						$sql_process = "select * from tblstd_idcard  where where student_id = '$student_id' ";
					}else{
						$sql_process = "select * from tblstd_idcard  where where start_year = '$years' order by group_id,student_id";
					}
			}
	}
	
$sql_max = "select max(card_no) from tblstd_idcard  where start_year = '$years' ";
$result1 = mysql_query($sql_max);	
$rs_max = mysql_fetch_array($result1);
	$card_no_max = $rs_max['0'];

$n=0;
$result1 = mysql_query($sql_process);
while($rs_std = mysql_fetch_array($result1)){
	$n++;
	$card_no_max++;
	$student_id = 	$rs_std['student_id'];
	$people_id = 	$rs_std['people_id'];
	$perfix_id = 	$rs_std['perfix_id'];
	$stu_fname = 	$rs_std['stu_fname'];
	$stu_lname = 	$rs_std['stu_fname'];
	$start_year = 	$rs_std['start_year'];
		
	if(strlen($card_no_max)==1)
		$card_no_show = "000".$card_no_max;
	else if(strlen($card_no_max)==2)
		$card_no_show = "00".$card_no_max;
	else if(strlen($card_no_max)==3)
		$card_no_show = "0".$card_no_max;
	else
		$card_no_show = $card_no_max;		

		$sql_upd="update tblstd_idcard set card_no = '$card_no_max', date_print = '$date_print', date_expire='$date_expire' where student_id = '$student_id' ";
		$result = mysql_query($sql_upd);
		echo $n."=>".$student_id."=>".$stu_fname ." ".$stu_lname."=>".$card_no_show."=>".$date_print."=>".$date_expire."<br>";
} // end while
?>

Youez - 2016 - github.com/yon3zu
LinuXploit