File Manager
Back to List
| Current Directory: ~/
Editing: command_remove_file.asp
Full path: C:\ict\ICT\command_remove_file.asp
Permissions: rwx
Write test: File appears not directly writable
Current process identity: IIS APPPOOL\DefaultAppPool
<!--#INCLUDE FILE="ConnectDB.asp"--> <!--#include file="chk_login.asp"--> <% pern=session("username") per="2" tb="command" sqlnc="select * from tb_permission where id_staff='"&pern&"' and tb_edit='"&per&"' and tb_name='"&tb&"'" set orsnc=server.createobject("adodb.recordset") orsnc.open sqlnc,conn,1,3 if not orsnc.eof then 'cidauthor=request.form("cidauthor") 'cno=request.form("cno") 'cname=request.form("cname") 'cyear=request.form("cyear") cid=request("id") 'date0=request.form("date0") 'cdate2=request.form("cdate2") 'cmon2=request.form("cmon2") 'cyear2=request.form("cyear2") 'cday2=cyear2+cmon2+cdate2 'cday3=request.form("date1") 'cdate3=request.form("cdate3") 'cmon3=request.form("cmon3") 'cyear3=request.form("cyear3") 'cday3=cdate3&"/"&cmon3&"/"&cyear3 'cdetail=request.form("cdetail") date_mo=now username=session("username") sqldata="update commando set cfile=0 where cid = '" & cid&"' " 'sqldata="insert into commando(cno,cid_author,cname,cyear,cdetail,cdate2,cmonth2,cyear2,cid,cday2,username,date_mo,cday3,cdate3,cmonth3,cyear3) values('"&cno&"','"&cidauthor&"','"&cname&"','"&cyear&"','"&cdetail&"','"&cdate2&"','"&cmon2&"','"&cyear2&"','"&cid&"','"&cday2&"','"&username&"','"&date_mo&"','"&cday3&"','"&cdate3&"','"&cmon3&"','"&cyear3&"')" 'response.write sqldata set orsdata = Server.CreateObject("adodb.recordset") ' sqlcheck="select * from other_lec where firstname='"&firstname&"' and lastname='"&lastname&"'" 'set orscheck=server.createobject("adodb.recordset") 'orscheck.open sqlcheck,conn,1,3 'if orscheck.eof then orsdata.open sqldata,conn,1,3 dim fs,f set fs=server.createobject("scripting.filesystemobject") 'set f=fs.getfile(server.mappath("command/"&id&".pdf") set f=fs.getfile ("d:\wwwroot\ict\command\"&cid&".pdf") f.delete set f=nothing set fs=nothing response.write sqldata %> <SCRIPT LANGUAGE="JavaScript"> <% response.write"alert('�ѹ�֡���������º��������');" %> </SCRIPT> <% response.write "<meta http-equiv='refresh' content ='0;url=command_detail.asp?id="&cid&"'>" else %> <SCRIPT LANGUAGE="JavaScript"> <% response.write"alert('�ѹ�֡���������º��������');" response.write "window.location.href='command_detail.asp?id="&cid&"';" %> </SCRIPT> <% end if %>