403WebShell

h( )($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms��Sb�,;R''6c2I�!\��kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K��x)1�6@r*2�89ma��&��'ti��{~#��t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1��w�r��l&-t*3�<<�u��#��j&.u��J68\8?"#$%&'()*+,-./0 !
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell403Webshell

Server IP : 10.254.12.21 / Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /proc/self/root/var/www/html/

Upload File :

[ Back ]

Current File : /proc/self/root/var/www/html/database.php

<?php
include 'header.php';
include 'dbnews.php';

function MonthThai($strMonth) {
    $strMonth = (int)$strMonth; // แปลงให้ชัวร์ว่าเป็นตัวเลข
    $strMonthName = ["", "ม.ค.", "ก.พ.", "มี.ค.", "เม.ย.", "พ.ค.", "มิ.ย.", "ก.ค.", "ส.ค.", "ก.ย.", "ต.ค.", "พ.ย.", "ธ.ค."];
    return isset($strMonthName[$strMonth]) ? $strMonthName[$strMonth] : '';
}


function escape($string) {
    return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}

function safe_url($url) {
    return filter_var($url, FILTER_VALIDATE_URL) ?: "#";
}

$num_string_detail = 200;

// เชื่อมต่อฐานข้อมูล
$dbName = "db_lib";
$conn = mysqli_connect($serverName, $userName, $userPassword, $dbName);
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
mysqli_set_charset($conn, "utf8");

// ประเภทฐานข้อมูล
$db_types = [
    6 => "ฐานข้อมูลทดลองใช้",
    1 => "ฐานข้อมูลออนไลน์", // รวม 1, 2, 3, 5
    12 => "E-Book (หนังสืออิเล็กทรอนิกส์)",
    9 => "วารสาร นิตยสาร",
    10 => "เรียนออนไลน์ ทีวี วิดีโอ",
	11 => "แหล่งสารสนเทศออนไลน์อื่นๆ"
];

// เริ่มการแสดงผล
foreach ($db_types as $type => $title) {
    echo '<section class="blog_w3ls pt-1 pb-1 mt-5">';
    echo '<div class="container pb-xl-5 pb-lg-3">';
    echo '<h3 class="title text-uppercase text-center text-bl mb-1 pb-xl-1">' . escape($title) . '</h3>';
    echo '<div class="row">';

    // กรณีพิเศษรวมหลายประเภท
    if ($type == 1) {
        $query = "SELECT * FROM db_online WHERE db_type IN (1,2,3,5) ORDER BY db_id DESC";
        $result = mysqli_query($conn, $query);
    } else {
        $stmt = $conn->prepare("SELECT * FROM db_online WHERE db_type = ? ORDER BY db_id DESC");
        $stmt->bind_param("i", $type);
        $stmt->execute();
        $result = $stmt->get_result();
    }

    // แสดงผลแต่ละฐานข้อมูล
    while ($row = mysqli_fetch_assoc($result)) {
        $db_id = (int)$row["db_id"];
        $db_name = escape($row['db_name']);
        $db_link = safe_url($row['db_link']);
        $openathensurl = safe_url($row['openathensurl']);
        $manual2 = safe_url($row['manual2']);
        $db_message = escape($row['db_message']);
        $img_url = "images/DBonline/" . basename($row["logo2"]);

        $show_detail = mb_strlen($db_message, 'UTF-8') > $num_string_detail
            ? mb_substr($db_message, 0, $num_string_detail, 'UTF-8') . "... <a href=\"bdetail_accept.php?db_id={$db_id}\">อ่านต่อ</a>"
            : $db_message;
?>

        <div class="col-lg-3 col-md-6 pt-5">
            <div class="card border-0 med-blog">
                <div class="card-header p-0 border-0">
                    <a href="<?php echo $db_link; ?>">
                        <img src="<?php echo $img_url; ?>" alt="logo" height="20">
                    </a>
                </div>
                <div class="card-body border mt-3">
                    <div class="mb-3">
                        <h5 class="blog-title card-title font-weight-bold m-0">
                            <a href="<?php echo $db_link; ?>"><?php echo $db_name; ?></a>
                        </h5>
                    </div>
                    <p><?php echo $show_detail; ?></p>
                    <a href="<?php echo $db_link; ?>" class="btn button-style mt-sm-2 mt-2">ใช้บริการ</a>
                    <?php if ($openathensurl !== "#"): ?>
                        <a href="<?php echo $openathensurl; ?>" class="btn button-style mt-sm-2 mt-2">OpenAthens</a>
                    <?php endif; ?>
                    <?php if ($manual2 !== "#"): ?>
                        <a href="<?php echo $manual2; ?>" class="btn button-style mt-sm-2 mt-2">คู่มือ</a>
                    <?php endif; ?>
                </div>
            </div>
        </div>

<?php
    }

    echo '</div></div></section>';

    if (isset($stmt)) {
        $stmt->close();
    }
}
?>
			<!--ข่าวหนังสือพิมพ์-->
			<section class="blog_w3ls pt-3 pb-5" id="newspaper">
				<div class="container pb-xl-5 pb-lg-3">
					<h3 class="title text-uppercase text-center text-bl mb-1 pb-xl-1">ข่าว หนังสือพิมพ์</h3>
					<div class="row">
<?php
	//$dbName = "db_lib";
	//$conn = mysqli_connect($serverName,$userName,$userPassword,$dbName);
	//mysqli_set_charset($conn,"utf8");
	/*$sql = "SELECT * from db_online";
	$sql .= " WHERE db_type=8";
	$sql .= " ORDER BY db_id ASC";
	//$sql .= " LIMIT 3";
	$query = mysqli_query($conn,$sql);*/
	$stmt = $conn->prepare("SELECT * FROM db_online WHERE db_type = ?");
	$type = 8;
	$stmt->bind_param("i", $type);
	$stmt->execute();
	$result = $stmt->get_result();
	while ($row = mysqli_fetch_assoc($result)) {
	//while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
?>						
						
						<!-- blog grid -->
						<div class="col-lg-2 col-md-3 col-sm-4 col-6 pt-5">
							<div class="card border-0 med-blog">
								<div class="card-header p-0 border-0">
									<a href="<?php echo $row["db_link"];?>">
<?php
		//$img_url = "images/DBonline/" . $row["logo2"];
		$img_url = "images/DBonline/" . escape(basename($row["logo2"]));	
?>										
										<img class="card-img-bottom" src="<?php echo $img_url;?>" alt="image">
									</a>
								</div>
							</div>
						</div>
						<!-- //blog grid -->
<?php
	} //end while
?>							
					</div>
				</div>
			</section>
			<!-- /ข่าวหนังสือพิมพ์-->
<?php
mysqli_close($conn);
?>

						
<?php include 'footer.php';?>

Youez - 2016 - github.com/yon3zu
LinuXploit