File Manager
Back to List
| Current Directory: ~/
Editing: search_resultlet.asp
Full path: C:\ict\ICT\search_resultlet.asp
Permissions: rwx
Write test: File appears not directly writable
Current process identity: IIS APPPOOL\DefaultAppPool
<%response.cachecontrol="private"%> <!--#INCLUDE FILE="ConnectDB.asp"--> <!--#include file="chk_login.asp"--> <%' pern=session("username") per="2" tb="letterin" sqlnc="select * from tb_permission where id_staff='"&pern&"' and tb_edit='"&per&"' and tb_name='"&tb&"'" set orsnc=server.createobject("adodb.recordset") orsnc.open sqlnc,conn,1,3 'if not orsnc.eof then %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><!-- InstanceBegin template="/Templates/ICT.dwt" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>�к����ʹ�����͡�ú�����</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=windows-874"> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="bsri2006.css" rel="stylesheet" type="text/css"> <link href="image/favicon.ico" rel="shortcut icon" type="image/x-icon"> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="100%" border="0"> <tr> <td colspan="2"><div align="right"><img src="Image/head1.gif" width="800" height="61"></div></td> </tr> <tr> <td colspan="2" background="Image/bghead1.gif"><div align="right"><font size="2" face="MS Sans Serif, Tahoma, sans-serif"><strong>| <a href="http://www.swu.ac.th" target=_blank>SWU</a> | <a href="http://bsri.swu.ac.th" target=_blank>BSRI</a> |<a href="chaPW.asp"><strong>Change Password</strong></a>|<a href="log_out.asp">Log Out </a></strong></font>|</div></td> </tr> <tr> <td width="20%" align="left" valign="top" bgcolor="#FFCCCC"><!-- InstanceBeginEditable name="EditRegion5" --><!--#include file="chk_menu.asp"--><!-- InstanceEndEditable --></td> <td width="77%" align="left" valign="top"><!-- InstanceBeginEditable name="EditRegion3" --> <div align="center"> <p><strong>˹ѧ������ʶҺѹ�Ԩ�¾ĵԡ�����ʵ��<br> <%if not orsnc.eof then%> [<a href="indexletterin.asp">+����˹ѧ������+</a>] <% end if%> [<a href="all_letterin.asp">˹ѧ��ͷ�����</a>][<a href="searchletter.asp">����˹ѧ���</a>][<a href=letterin_staff.asp>˹ѧ��������ºؤ��</a>]</strong></p> <table width="100%" border="0" cellspacing="0"> <tr> <td height="21" colspan="6"><div align="center">�š�ä��Ң�����˹ѧ������</div></td> </tr> <% type1=request.form("type1") type2=request.form("type2") type3=request.form("id_itletter") keyword=request.form("keyword") 'dreceive=request.form("dreceive") 'fm=request.form("fm") 'fy=request.form("fy") date1=request.form("date1") dreceive=left(date1,2) fm=mid(date1,4,2) fy=right(date1,4) 'dend=request.form("dend") 'em=request.form("em") 'ey=request.form("ey") date2=request.form("date2") dend=left(date2,2) em=mid(date2,4,2) ey=right(date2,4) if fy="" then fy=0 end if if fm=1 then fm="01" elseif fm=2 then fm="02" elseif fm=3 then fm="03" elseif fm=4 then fm="04" elseif fm=5 then fm="05" elseif fm=6 then fm="06" elseif fm=7 then fm="07" elseif fm=8 then fm="08" elseif fm=9 then fm="09" end if if em=1 then em="01" elseif em=2 then em="02" elseif em=3 then em="03" elseif em=4 then em="04" elseif em=5 then em="05" elseif em=6 then em="06" elseif em=7 then em="07" elseif em=8 then em="08" elseif em=9 then em="09" end if if dreceive=1 then dreceive="01" elseif dreceive=2 then dreceive="02" elseif dreceive=3 then dreceive="03" elseif dreceive=4 then dreceive="04" elseif dreceive=5 then dreceive="05" elseif dreceive=6 then dreceive="06" elseif dreceive=7 then dreceive="07" elseif dreceive=8 then dreceive="08" elseif dreceive=9 then dreceive="09" end if if dend=1 then dend="01" elseif dend=2 then dend="02" elseif dend=3 then dend="03" elseif dend=4 then dend="04" elseif dend=5 then dend="05" elseif dend=6 then dend="06" elseif dend=7 then dend="07" elseif dend=8 then dend="08" elseif dend=9 then dend="09" end if dbegin=fy&""&fm&""&dreceive ddend=ey&""&em&""&dend 'response.write dbegin&" "&ddend if type1=1 then typec="id_letter" typet="�Ţ���˹ѧ����Ѻ" elseif type1=2 then typec="titleletter" typet="��������ͧ" elseif type1=3 then typec="originletter" typet="�ҡ˹��§ҹ" elseif type1=4 then typec="id_sent" typet="�Ţ���˹ѧ�����" else typec="0" typet="����к�" end if 'response.write type1&"-"&type2&"-"&keyword&"-"&dreceive&"-"&fm&"-"&fy&"-"&dend&"-"&em&"-"&ey if type1=0 and type2<>99 then '�͡������˹ѧ��� �����͡��Ҩ��ҷ��� if keyword="" then '���͡��������� ��� ��˹ѧ��ͻ�������� �ء � ��Ѻ1 sql1="select * from letterin where dbreceive between '"&dbegin&"' and '"&ddend&"' and id_typeletin='"&type2&"' order by id_letter,yreceive desc" else '�͡��������� ��� ��˹ѧ��ͻ�������� �����͡����ҷ���˹2 'sql1="select * from letterin where dbreceive between '"&dbegin&"' and '"&ddend&"' and titleletter like '%"&keyword&"%' or originletter like '%"&keyword&"%' or id_letter like '%"&keyword&"%' or wordding like '%"&keyword&"%' and id_typeletin='"&type2&"' order by id_letter desc" sql1="select * from letterin where titleletter like '%"&keyword&"%' or originletter like '%"&keyword&"%' or id_letter like '%"&keyword&"%' or wordding like '%"&keyword&"%' and id_typeletin='"&type2&"' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" end if elseif type1<>0 and type2=99 and keyword<>"" then '�͡����ҷ��� ������͡ ������˹ѧ��� �ѹ�������Ѻ��� ��˹ѧ���� �ҡ�ѹ���֧�ѹ��� 3�Ҩ������ ��к͡ ��������� sql1="select * from letterin where "&typec&" like '%"&keyword&"%' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" elseif type1=0 and type2=99 and keyword<>"" then sql1="select * from letterin where titleletter like '%"&keyword&"%' or originletter like '%"&keyword&"%' or id_letter like '%"&keyword&"%' or wordding like '%"&keyword&"%' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" elseif type1<>0 and type2<>99 and keyword<>"" then sql1="select * from letterin where "&typec&" like '%"&keyword&"%' and id_typeletin='"&type2&"' and dbreceive between '"&dbegin&"' and '"&ddend&"' order by id_letter desc" 'else sql1="select * from letterin order by id_letter desc" �ѹ��� ��� �����ҧ�ѡ���ҧ ��駻����� ��觷����� ��Ф�������� else sql1="select * from letterin where dbreceive between '"&dbegin&"' and '"&ddend&"'order by id_letter desc" end if '������繡�����ѹ���ͧ˹ѧ��� set ors1=server.CreateObject("adodb.recordset") ors1.open sql1,conn,1,3 'response.write sql1 response.write "<tr><td height=21 colspan=6>" response.write "��觷����� ���</td></tr>" response.write "<tr><td height=21 colspan=6>" sqlt="select * from itletter where id_itletter='"&type3&"'" set orst=server.CreateObject("adodb.recordset") orst.open sqlt,conn,1,3 if not orst.eof then response.write "������˹ѧ��� "&orst("itletter") else response.write "������˹ѧ��� ����к�" end if response.write "<tr><td height=21 colspan=6>" sqlt="select * from type_letterin where id_typeletin='"&type2&"'" set orst=server.CreateObject("adodb.recordset") orst.open sqlt,conn,1,3 if not orst.eof then response.write "�ѵ�ػ��ʧ��ͧ˹ѧ��� "&orst("typeletin") else response.write "�ѵ�ػ��ʧ��ͧ˹ѧ��� ����к�" end if response.write "</td></tr>" response.write "<tr><td height=21 colspan=6>" response.write "���Ҩҡ "&typet response.write "</td></tr>" response.write "<tr><td height=21 colspan=6>" response.write "���Ӥѭ "&keyword response.write "</td></tr>" response.write "<tr><td height=21 colspan=5>" response.write "�ҡ�ѹ��� "&dreceive&"-"&fm&"-"&fy 'response.write "</td></tr>" 'response.write "<tr><td height=21 colspan=6>" response.write " �֧�ѹ��� "&dend&"-"&em&"-"&ey response.write "</td>" response.write "<td height=21>" Response.write "<form name=form1 method=post action=search_letexcel.asp>" %> <input type="hidden" name="sqlname" value=<%=sql1%>> <input type="hidden" name="type1" value=<%=type1%>> <input type="hidden" name="type2" value=<%=type2%>> <input type="hidden" name="type3" value=<%=type3%>> <input type="hidden" name="keyword" value=<%=keyword%>> <input type="hidden" name="dreceive" value=<%=dreceive%>> <input type="hidden" name="fm" value=<%=fm%>> <input type="hidden" name="fy" value=<%=fy%>> <input type="hidden" name="dend" value=<%=dend%>> <input type="hidden" name="em" value=<%=em%>> <input type="hidden" name="ey" value=<%=ey%>> <% Response.write "<input type=submit name=Submit value=Excel> " Response.write "</form>" response.write "</td></tr>" %> <tr> <td bgcolor="#669900"><div align="center" class="style1">�Ţ����Ѻ</div></td> <td bgcolor="#669900"><div align="center">�ѹ����Ѻ˹ѧ��� </div></td> <td bgcolor="#669900"><div align="center" class="style1">�Ţ���˹ѧ���</div></td> <td bgcolor="#669900"><div align="center" class="style1">�ѹ �� �� </div></td> <td bgcolor="#669900"><div align="center" class="style1">�ҡ</div></td> <td bgcolor="#669900"><div align="center" class="style1" >����ͧ</div></td> <!-- <td bgcolor="#669900"><div align="center" class="style1">ʶҹ�</div></td>--> <!-- <td bgcolor="#669900"><div align="center" class="style1">��觷�����Ҵ���</div></td> --> <td bgcolor="#669900" width="15%"><div align="center" class="style1" >���������Ǣ�ͧ</div></td> </tr> <% if not ors1.eof then 'response.write ".0." ors1.movefirst do while not ors1.eof dbreceive=cint(ors1("dreceive"))&"/"&cint(ors1("mreceive"))&"/"&cint(ors1("yreceive")) ' response.write datevalue(&dbreceive&" 'response.write dbreceive '' if datevalue("dbreceive")>=datevalue("dbegin") then '' response.write "a" '' if datevalue("dbereceive")<=datevalue("ddend") then '' response.write "b" 'if cint(ors1("yreceive"))<= cint(ey) then 'response.write "*1*" 'ors1.movenext 'loop 'if cint(ors1("mreceive"))<=cint(em) then 'response.write "*2*" '�������ҡѹ������ѹ���¡��ҷӵ�� 'if cint(ors1("mreceive"))=cint(em) and cint(ors1("dreceive"))<=cint(dend) then 'if cint(ors1("dreceive"))<=cint(dend) then 'response.write "*3*" ' if cint(ors1("yreceive"))>=cint(fy) then 'response.write "*4*" ' if cint(ors1("mreceive"))>=cint(fm) then 'response.write "*5*" 'if cint(ors1("mreceive"))=cint(fm) then ' if cint(ors1("dreceive"))>=cint(dreceive) then 'else 'end if 'response.write "*6*" '������ʴ������ŷ�������� ii=i mod 2 if ii=0 then bgc="#ccffcc" else bgc="#ffffff" end if %> <tr bgcolor=<%=bgc%>><td> <% i=i+1 if not orsnc.eof then response.write "[<a href=detail_letterin.asp?id="&ors1("id_letter")&">"&ors1("id_letter")&"</a>]</td>" else response.write ors1("id_letter") end if response.write "<td>" response.write ors1("dreceive")&"/"&ors1("mreceive")&"/"&ors1("yreceive")&"</td>" response.write "<td>" response.write ors1("id_sent")&"</td>" response.write "<td>" response.write ors1("dletter")&"/"&ors1("mletter")&"/"&ors1("yletter")&"</td>" response.write "<td>" response.write ors1("originletter")&"</td>" filename=ors1("filename") filename2=ors1("filename2") response.write "<td>" response.write ors1("titleletter") If ors1("filename")="" Or IsNull(filename) Then 'Response.write "bb" else response.write "<br>[<a href=countletin.asp?id="&ors1("id_letter")&"&t2=1 target=_blank>"&ors1("filename")&"</a>][��:"&ors1("hitc")&" ����]" ' response.write "<br>[<a href=countletin.asp?id="&rs("id_letter")&"&t2=1 target=_blank>File1</a>][��:"&rs("hitc")&" ����]" End If If ors1("filename2")="" Or IsNull(filename2) Then else response.write "<br>[<a href=countletin.asp?id="&ors1("id_letter")&"&t2=2 target=_blank>"&ors1("filename2")&"</a>]</td>" ' response.write "<br>[<a href=countletin.asp?id="&rs("id_letter")&"&t2=2 target=_blank>File2"&rs("filename2")&"</a>]</td>" End if response.write "</td>" 'response.write "[<a href=countletin.asp?id="&ors1("id_letter")&">"&ors1("filename")&"</a>][��:"&ors1("hitc")&" ����] </td>" idl=ors1("id_letter") response.write "<td>" set ors2=server.CreateObject("adodb.recordset") osql2 = "Select * From staffletter where id_letter='"&idl&"' Order By id_staff Desc" ors2.Open osql2, conn, 1, 3 'response.write osql1 b=2 c=0 if not ors2.eof then ors2.movefirst do while not ors2.eof idaaa=ors2("id_letter") c=c+1 sqls="select * from lecturer where id_lecturer='"&ors2("id_staff")&"'" set orss=server.createobject("adodb.recordset") orss.open sqls,conn,1,3 if statusread=0 then response.write "<img src=Image/close.gif />" else response.write "<img src=Image/open.gif />" end if if not orss.eof then response.write orss("name_lec")&" "&orss("sur_lec")&"<br>" else sqlst="select * from staff where id_staff='"&ors2("id_staff")&"'" set orsst=server.createobject("adodb.recordset") orsst.open sqlst,conn,1,3 if not orsst.eof then response.write orsst("name_st")&" "&orsst("sur_st")&"<br>" end if end if statusread=ors2("statusread") ors2.MoveNext if c=2 then '����ʴ������ 2 ���� ����Թ ���͡ 'ors1.movelast response.write "[<a href=detail_letterin.asp?id="&ors1("id_letter")&">more..</a>]" exit do end if loop end if response.write "</td>" response.write "</tr>" '' end if '' end if '������ʴ������ŷ�������� ' else ' response.write "-66-" ''end if ''else ''response.write cint(ors1("mreceive"))&"x"&cint(fm) ' 'response.write "-55-" 'end if 'else 'response.write "-44-" ' end if ' else ' response.write "-33-" 'end if ' else ' response.write "-22-" 'response.write ors1("id_letter") 'end if 'else 'response.write cint(ors1("yreceive"))&"-"&cint(ey) 'response.write "-11-" 'end if ors1.movenext loop else response.write "<tr><td colspan=6>" response.write "����բ������ �</td></tr>" end if %> </table> </div> <!-- InstanceEndEditable --></td> </tr> <tr> <td colspan="2" background="Image/bghead1.gif">Contact Admin:: wassanaw@swu.ac.th tel.02-649-5000 ext 17600</td> </tr> </table> </body> <!-- InstanceEnd --></html> <% 'else 'response.write "No Permission" 'response.write "<a href=index_academic.asp>Return</a>" 'end if %>