h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/lib/newe/pages/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/lib/newe/pages//index.php
<?php include 'dbconnect.php';?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
  <link href="../vendor/font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">
<style>
body {
  /*font-family: "Lato", sans-serif;*/
  margin-left: 5px;
  margin-right: 5px;
}

.sidenav {
  height: 100%;
  width: 0;
  position: fixed;
  z-index: 1;
  top: 0;
  left: 0;
  background-color: #9FFF9F;
  overflow-x: hidden;
  transition: 0.5s;
  padding-top: 60px;
}

.sidenav a {
  padding: 8px 8px 8px 32px;
  text-decoration: none;
  font-size: 18px;
  /*color: #818181;*/
  color: #003300;
  display: block;
  transition: 0.3s;
}

.sidenav a:hover {
  color: #f1f1f1;
}

.sidenav .closebtn {
  position: absolute;
  top: 0;
  right: 25px;
  font-size: 36px;
  margin-left: 50px;
}

@media screen and (max-height: 450px) {
  .sidenav {padding-top: 15px;}
  .sidenav a {font-size: 18px;}
}


.book {
	padding: 15px 0 0 0;
	margin: auto;
}
a.book:before { /* Just to give a little puddle of a shadow without adding another element */
	content: '';
    display: block;
    width: 80%;
    height: 1em;
    background: rgba(0,0,0,.35);
    border-radius: 50%;
    position: absolute;
    bottom:-10px;
    -webkit-filter: blur(5px);
    filter: blur(5px);
    z-index:-5;
}
.shelf {
	border-bottom: 30px solid #FFCC66;
    border-left: 20px solid transparent;
    border-right: 20px solid transparent;
	top: -15px;
	z-index: -10;
}
/*Example adding pseudo element to give shelf depth*/
.shelf:after {
	content: '';
	background: #FF9900;
	height: 20px;
	width: calc(100% + 40px); /*IE9+*/
	position: absolute;
	top: 30px;
	left: 0;
	right: 0;
	z-index: 1;
	margin: 0 -20px;
}
.book-caption {
    position: absolute;
    top: 50%;
    left: 50%;
    transform: translate( -50%, -50% );
    text-align: center;
    color: white;
    font-weight: bold;
}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php
	$pagett = "หนังสืออิเล็กทรอนิกส์มาใหม่";
?>	
    <title><?php echo $pagett;?></title>
</head>
<body>

<?php
// Function to get the client IP address
function get_client_ip() {
    $ipaddress = '';
    if (getenv('HTTP_CLIENT_IP'))
        $ipaddress = getenv('HTTP_CLIENT_IP');
    else if(getenv('HTTP_X_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
    else if(getenv('HTTP_X_FORWARDED'))
        $ipaddress = getenv('HTTP_X_FORWARDED');
    else if(getenv('HTTP_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_FORWARDED_FOR');
    else if(getenv('HTTP_FORWARDED'))
       $ipaddress = getenv('HTTP_FORWARDED');
    else if(getenv('REMOTE_ADDR'))
        $ipaddress = getenv('REMOTE_ADDR');
    else
        $ipaddress = 'UNKNOWN';
    return $ipaddress;
}
	$client_ip = get_client_ip();
	$current_date = date('Y-m-d');
	$current_date1 = $current_date . " 00:00:00";
	$current_date2 = $current_date . " 23:59:59";

	$type_code = (isset($_GET["type_code"])) ? $_GET["type_code"] : '';
	$max_detail_length = 500;
	$num_newest_ebook = 5;
	$num_popular_ebook = 5;
	$num_week_popular_ebook = 5;
	$strKeyword = null;
	if(isset($_POST["txtKeyword"]))
	{
		$strKeyword = $_POST["txtKeyword"];
		if($strKeyword<>"") {
			//เก็บสถิติการค้นหา ลงตาราง stat_search
			$sql = "SELECT ipaddress FROM stat_search";
			$sql .= " WHERE ( (enter_date BETWEEN '" . $current_date1 . "' AND '" . $current_date2 . "') AND (ipaddress='" . $client_ip . "') AND (search_text='" . $strKeyword . "') )";
			$query = mysqli_query($conn,$sql);
			if (!$result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
				//เพิ่มข้อมูลในตาราง stat_search
				$sql2 = "INSERT INTO stat_search ";
				$sql2 .="(ipaddress, search_text) ";
				$sql2 .="VALUES ";
				$sql2 .="('" . $client_ip . "' ";	
				$sql2 .=",'" . $strKeyword . "') ";
				$query2 = mysqli_query($conn,$sql2);
			}  //if (!$result2=mysqli_fetch_array($query2,MYSQLI_ASSOC)) {		
		}
	}
	if(isset($_GET["txtKeyword"]))
	{
		$strKeyword = $_GET["txtKeyword"];
	}
	if($strKeyword<>"") {
		$pagetitle_text = "ผลการค้นหา " . $strKeyword;;
	} elseif($type_code<>"") {
		$sql = "SELECT * from subject_detail WHERE subject_id='" . $type_code . "'";
		$query = mysqli_query($conn,$sql);
		if($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {	
			$pagetitle_text = "รายชื่อหนังสือหมวด " . $result["subject_name"];
		} else {
			$pagetitle_text = "รายชื่อหนังสืออิเล็กทรอนิกส์มาใหม่";	
		}
	} else {
		$pagetitle_text = "รายชื่อหนังสืออิเล็กทรอนิกส์มาใหม่";		
	}

	//หาจำนวนครั้งที่เข้าใช้บริการ
	$sql = "SELECT COUNT(num) AS count_num FROM stat_ebook WHERE (enter_date Between '" . $current_date1 . "' And '" . $current_date2 . "')";
	$query = mysqli_query($conn,$sql);	
	if($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {  		
		$today_enter = $result["count_num"];	
	} else {
		$today_enter = 0;
	}
?>
<div id="mySidenav" class="sidenav">
  <a href="javascript:void(0)" class="closebtn" onClick="closeNav()">&times;</a>
<!--  <a href="#">About</a>
  <a href="#">Services</a>
  <a href="#">Clients</a>
  <a href="#">Contact</a>-->
							<h3><font color="#003300">&nbsp;&nbsp;หมวดหนังสือ</font></h3>
							<a href="index.php"><i class="fa fa-book fa-fw"></i> ทุกหมวด</a>  
<?php
	//$sql = "SELECT * FROM subject_detail ORDER BY subject_name ASC";
	$sql = "SELECT DISTINCT subject_detail.subject_id, subject_detail.subject_name FROM (subject_detail INNER JOIN book_detail ON subject_detail.subject_id = book_detail.subject_id) WHERE book_detail.database_id='dbt004' ORDER BY subject_detail.subject_name ASC";
	$query = mysqli_query($conn,$sql);	
	while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
?>						
                            <a href="index.php?type_code=<?php echo $result["subject_id"];?>"><i class="fa fa-book fa-fw"></i> <?php echo $result["subject_name"];?></a>
<?php
	} //while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
?>	  
							<a href="admin/login.php"><i class="fa fa-user fa-fw"></i> เข้าสู่ระบบ</a>  
</div>
<h2><?php echo $pagett;?></h2>
<!--<p>Click on the element below to open the side navigation menu.</p>-->
<span style="font-size:30px;cursor:pointer" onClick="openNav()">&#9776; เมนู (เลือกหมวดหนังสือ)</span>

<script>
function openNav() {
  document.getElementById("mySidenav").style.width = "250px";
}

function closeNav() {
  document.getElementById("mySidenav").style.width = "0";
}
</script>

<div class="container">
    <div class="row">
		<hr>
		<div align="center">
		<h2><?php echo $pagetitle_text;?>&nbsp;&nbsp;&nbsp;<a href="<?php echo $_SERVER['SCRIPT_NAME'];?>"><button type="button" class="btn btn-primary">คลิกที่นี่เพื่อกลับไปหน้าแรก</button></a></h2>
			  <form class="form-inline" action="<?php echo $_SERVER['SCRIPT_NAME'];?>">
				<div class="form-group">
				  <input type="text" class="form-control" id="txtKeyword" placeholder="พิมพ์คำค้น..." name="txtKeyword" title="พิมพ์คำที่ต้องการค้นหา">
				</div>
				<button type="submit" class="btn btn-default"><i class="fa fa-search"></i></button>
			  </form>
		</div>
		<hr>
<?php
	$iorder=0;
	$sql = "SELECT * FROM book_detail WHERE ( (database_id = 'dbe002') OR (database_id='dbe003') ) ";
	if($strKeyword<>"") {
		$sql .= " AND ( (title LIKE '%" . $strKeyword . "%')";
		$sql .= " OR (author LIKE '%" . $strKeyword . "%')";
		$sql .= " OR (note LIKE '%" . $strKeyword . "%') )";
	} elseif($type_code<>"") {
		$sql .= " AND subject_id='" . $type_code . "'";
	}
	$sql .= " ORDER BY book_id DESC";
	$query = mysqli_query($conn,$sql);
	$num_rows = mysqli_num_rows($query);
	$per_page = 24;   // Per Page
	$page  = 1;
	if(isset($_GET["Page"]))
	{
		$page = $_GET["Page"];
	}
	$prev_page = $page-1;
	$next_page = $page+1;
	$row_start = (($per_page*$page)-$per_page);
	if($num_rows<=$per_page) {
		$num_pages =1;
	} elseif(($num_rows % $per_page)==0) { //if($num_rows<=$per_page) {
		$num_pages =($num_rows/$per_page) ;
	} else { //if($num_rows<=$per_page) {
		$num_pages =($num_rows/$per_page)+1;
		$num_pages = (int)$num_pages;
	} //if($num_rows<=$per_page) {
	$row_end = $per_page;
	$sql .= " LIMIT $row_start ,$row_end";
	$query = mysqli_query($conn,$sql);
			
	while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
		if ($result["picture"] <> "") {
			$img_location = "titlepicture/" . $result["picture"];
		} else {
			$img_location = "titlepicture/" . "nocover2.jpg";
		}	
?>
		<div class="col-xs-4 col-md-2">
        	<a href="#myModal<?php echo $result["book_id"];?>" data-toggle="modal" data-target="#myModal<?php echo $result["book_id"];?>" class="book" title="<?php echo $result["title"] . "...คลิกที่รูปเพื่อดูรายละเอียด";?>"><img src="<?php echo $img_location;?>" class="img-responsive book"></a>	
<?php
		if ($result["picture"] == "") {
?>
          <div class="book-caption">
              <p><a href="#myModal<?php echo $result["book_id"];?>" data-toggle="modal" data-target="#myModal<?php echo $result["book_id"];?>" style="color:white;" title="<?php echo $result["title"] . "...คลิกที่รูปเพื่อดูรายละเอียด";?>"><?php echo $result["title"];?></a></p>
          </div>
<?php
		}
?>		  			
			<!-- Modal -->
			<div class="modal fade" id="myModal<?php echo $result["book_id"];?>" role="dialog">
				<div class="modal-dialog">
				
					<!-- Modal content-->
					<div class="modal-content">
						<div class="modal-header">
						  <button type="button" class="close" data-dismiss="modal">&times;</button>
						  <h4 class="modal-title"><?php echo $result["title"];?></h4>
						</div>
						<div class="modal-body">
						  <p><font color="#009900">ผู้แต่ง : </font><?php echo $result["author"];?></p>
						  <p><font color="#009900">ปีที่พิมพ์ : </font><?php echo $result["pub_year"];?></p>
						   <p><font color="#009900">รายละเอียด : </font><?php echo $result["note"];?></p>
						</div>
						<div class="modal-footer">
<?php
		//if ($result["link"] <> "") {
?>
						  <!--<a href="title_detail.php?title_code=<?php //echo $result["book_id"];?>"><button type="button" class="btn btn-success">อ่านเล่มนี้</button></a>-->
						  <a href="<?php echo $result["link"];?>"><button type="button" class="btn btn-success">อ่านเล่มนี้</button></a>
<?php		
		//} //if ($result["link"] <> "") {
?>						
						  <button type="button" class="btn btn-default" data-dismiss="modal">ปิด</button>
						</div>
					</div>
				</div>
			</div>	
		  <!--end Modal-->		
		</div>
<?php
		$iorder += 1;
		if ($iorder == 3) {
?>
			<div class="col-xs-12 shelf hidden-md hidden-lg"></div>
<?php		
		} elseif ($iorder == 6) { //if ($iorder == 3) {
			$iorder = 0;
?>
			<div class="col-xs-12 shelf"></div>
<?php		
		} //if ($iorder == 3) {
	} //while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
	if ($iorder <> 0) {
?>
			<div class="col-xs-12 shelf"></div>
<?php	
	}
?>	
	</div>
	<div class="row">
<br>
<p>จำนวน <?php echo $num_rows;?> รายการ : <?php echo $num_pages;?> หน้า</p>
<?php

if($prev_page)
{
	$fpage = $_SERVER['SCRIPT_NAME'] . "?Page=1&txtKeyword=" . $strKeyword . "&type_code=" . $type_code;
	$ppage = $_SERVER['SCRIPT_NAME'] . "?Page=" . $prev_page . "&txtKeyword=" . $strKeyword . "&type_code=" . $type_code;
	//echo " <a href='$_SERVER[SCRIPT_NAME]?Page=1&txtKeyword=$strKeyword'><< หน้าแรก</a> ";
	//echo " <a href='$_SERVER[SCRIPT_NAME]?Page=$prev_page&txtKeyword=$strKeyword'><< หน้าที่แล้ว</a> ";
?>
	<a href="<?php echo $fpage;?>"><button type="button" class="btn btn-primary"><< หน้าแรก</button></a>	
	<a href="<?php echo $ppage;?>"><button type="button" class="btn btn-info">< หน้าที่แล้ว</button></a>		
<?php
}

/*for($i=1; $i<=$num_pages; $i++){
	if($i != $page)
	{
		echo "[ <a href='$_SERVER[SCRIPT_NAME]?Page=$i&txtKeyword=$strKeyword'>$i</a> ]";
	}
	else
	{
		echo "<b> $i </b>";
	}
}*/
$num_before_current_page = 3;
$num_after_current_page = 3;
if ($page > $num_before_current_page)
{
	$before_current_page = $page - $num_before_current_page;
}
else
{
	$before_current_page = 1;
}

if (($page + $num_after_current_page)>=$num_pages)
{
	$after_current_page = $num_pages;
}
else
{
	$after_current_page = $page + $num_after_current_page;
}

for($i=$before_current_page; $i<=$page-1; $i++){
	//echo "[ <a href='$_SERVER[SCRIPT_NAME]?Page=$i&txtKeyword=$strKeyword'>$i</a> ]";
	$ipage = $_SERVER['SCRIPT_NAME'] . "?Page=" . $i . "&txtKeyword=" . $strKeyword . "&type_code=" . $type_code;
?>
	<a href="<?php echo $ipage;?>"><button type="button" class="btn btn-success"><?php echo $i;?></button></a>		
<?php
}

//echo "<b> $i </b>";
?>
	<button type="button" class="btn btn-warning"><?php echo $i;?></button>
<?php

for($i=$page+1; $i<=$after_current_page; $i++){
	//echo "[ <a href='$_SERVER[SCRIPT_NAME]?Page=$i&txtKeyword=$strKeyword'>$i</a> ]";
	$ipage = $_SERVER['SCRIPT_NAME'] . "?Page=" . $i . "&txtKeyword=" . $strKeyword . "&type_code=" . $type_code;
?>
	<a href="<?php echo $ipage;?>"><button type="button" class="btn btn-success"><?php echo $i;?></button></a>		
<?php
}

if($page!=$num_pages)
{
	//echo " <a href ='$_SERVER[SCRIPT_NAME]?Page=$next_page&txtKeyword=$strKeyword'>หน้าถัดไป >></a> ";
	//echo " <a href ='$_SERVER[SCRIPT_NAME]?Page=$num_pages&txtKeyword=$strKeyword'>หน้าสุดท้าย >></a> ";
	$npage = $_SERVER['SCRIPT_NAME'] . "?Page=" . $next_page . "&txtKeyword=" . $strKeyword . "&type_code=" . $type_code;
	$lpage = $_SERVER['SCRIPT_NAME'] . "?Page=" . $num_pages . "&txtKeyword=" . $strKeyword . "&type_code=" . $type_code;
?>
	<a href="<?php echo $npage;?>"><button type="button" class="btn btn-info">หน้าถัดไป ></button></a>	
	<a href="<?php echo $lpage;?>"><button type="button" class="btn btn-primary">หน้าสุดท้าย >></button></a>		
<?php
}
?>
<!--<p>
<form class="form-inline" action="<?php //echo $_SERVER['SCRIPT_NAME'];?>">
    <input name="txtKeyword" type="hidden" id="txtKeyword" value="<?php //echo $strKeyword;?>">
	<div class="form-group">
		<input type="text" class="form-control" id="Page" placeholder="ไปยังหน้า..." name="Page" title="ไปยังหน้าที่ระบุ" size="3">
	</div>
	<button type="submit" class="btn btn-danger">ไปยังหน้าที่ระบุ</button>
</form>
</p>-->
<BR><BR><BR>
	</div>
</div>  

<?php
	//เก็บสถิติการเข้าเว็บ ebook ลงตาราง stat_ebook
	$sql = "SELECT ipaddress FROM stat_ebook";
	$sql .= " WHERE ( (enter_date BETWEEN '" . $current_date1 . "' AND '" . $current_date2 . "') AND (ipaddress='" . $client_ip . "') )";
	$query = mysqli_query($conn,$sql);
	if (!$result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
		//เพิ่มข้อมูลในตาราง stat_ebook
		$sql2 = "INSERT INTO stat_ebook ";
		$sql2 .="(ipaddress) ";
		$sql2 .="VALUES ";
		$sql2 .="('" . $client_ip . "') ";	
		$query2 = mysqli_query($conn,$sql2);
	}  //if (!$result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
?>
   
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit