File Manager
Back to List
| Current Directory: ~/
Editing: command_add_file.asp.bak
Full path: C:\ict\ICT\command_add_file.asp.bak
Permissions: rwx
Write test: File appears not directly writable
Current process identity: IIS APPPOOL\DefaultAppPool
<!--#include file="inc_cache_control.asp"--> <!--#include file="inc_access_control.asp"--> <!--#include file="chk_login.asp"--> <% '***************************************************************** 'session("tb_name")="student" 'id_stu=request("id_stu") %> <!--#include file="chk_permission.asp"--> <% '***************************************************************** 'if session("tb_preview") <> 1 and session("tb_edit")<>1 or session("id_stu1") = id_stu then '���Է��� �����㹰ҹ ��� ����Ңͧ�������ͧ pern=session("username") per="2" tb="command" sqlnc="select * from tb_permission where id_staff='"&pern&"' and tb_edit='"&per&"' and tb_name='"&tb&"'" set orsnc=server.createobject("adodb.recordset") orsnc.open sqlnc,conn,1,3 if not orsnc.eof then %> <html> <meta http-equiv="Content-Type" content="text/html; charset=windows-874"></HEAD> <body> <% id=session("idcommand") response.write id date_mo=now username=session("username") savefile=session("savefile") 'sql="update commando set cfile='1' where cid = '" & id&"' " 'set ors = Server.CreateObject("adodb.recordset") 'ors.open sql,conn,1,3 sqlch="select cid,cfile from commando where cid='"&id&"'" set orsch=server.createobject("adodb.recordset") orsch.open sqlch,conn,1,3 chf=id+".pdf" if orsch("cfile")=chf then '��á��������ͧ cfile �դ���� 0 dim fs,f set fs=server.createobject("scripting.filesystemobject") 'set f=fs.getfile(server.mappath("command/"&id&".pdf") set f=fs.getfile ("d:\wwwroot\ict\command\"&id&".pdf") f.delete set f=nothing set fs=nothing end if dim fso set fso=createobject("scripting.filesystemobject") fso.movefile server.mappath("command/"&savefile&""), server.mappath("command/"&id&".pdf") response.write (server.mappath("command/00Final.pdf")) cfile=id+".pdf" sqlupload="update commando set cfile='"&cfile&"' where cid = '" & id&"' " set orsupload = Server.CreateObject("adodb.recordset") response.write sqlupload orsupload.open sqlupload,conn,1,3 'response.write "aaa"&id_stu %> <meta http-equiv="refresh" content ="0;url=command_detail.asp?id=<%=id%>"> Upload Complete... </body> </html> <% 'else '���Է� 'response.write "<tr><td colspan=3><center>�س������Է����� �س���ѵԹ��" 'response.write "<meta http-equiv=refresh content =4;url=javascript:history.back();>" '���Է� end if '���Է� %>