shell bypass 403
<!doctype html>
<html class="fixed">
<?php require('inv_header.php'); ?>
<body>
<section class="body">
<?php $active = 11; ?>
<?php $subactive = 0; ?>
<?php require('inv_nav.php'); ?>
<?php require('inv_manu.php'); ?>
<section role="main" class="content-body">
<header class="page-header">
<h2>รายการการสั่งซื้อ</h2>
<div class="right-wrapper pull-right">
<ol class="breadcrumbs">
<li>
<a href="index.php">
<i class="fa fa-home"></i>
</a>
</li>
<li><span>สั่งสินค้า (โดยผู้ดูแล) </span></li>
</ol>
<a class="sidebar-right-toggle" data-open="sidebar-right"><i class="fa fa-chevron-left"></i></a>
</div>
</header>
<!-- start: page -->
<section class="panel">
<div class="row">
<div class="col-xs-12">
<!-- <form class="form-horizontal form-bordered" method="POST" action="sql/sql_create_order2_d.php"> -->
<form class="form-horizontal form-bordered" id="save" name="save">
<section class="panel">
<header class="panel-heading">
<div class="panel-actions">
<a href="#" class="fa fa-caret-down"></a>
<a href="#" class="fa fa-times"></a>
</div>
<h2 class="panel-title">เพิ่มรายการการสั่งซื้อ</h2>
</header>
<div class="panel-body">
<div class="form-body">
<div class="form-group">
<label class="col-md-3 control-label">รายชื่อสมาชิก</label>
<div class="col-md-6">
<select class="form-control populate" id="st_order" name="st_order" onchange="SelectList(this.value)">
<option value="0">ไม่ทราบชื่อสมาชิก</option>
<option value="1">ทราบชื่อสมาชิก</option>
</select>
</div>
</div>
<div class="form-group" style="display: none;" id="username" name="username">
<label class="col-md-3 control-label">ชื่อสมาชิก</label>
<div class="col-md-6">
<input class="form-control" id="name" name="name" />
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label">ประเภทโค้ดส่วนลด</label>
<div class="col-md-6">
<select class="form-control populate" id="typecode" name="typecode" onchange="SelectTypeCode(this.value)">
<option value="0">--- เลือก ---</option>
<option value="1">โค้ดส่วดลด</option>
<option value="2">โค้ดของแถม</option>
<option value="3">โค้ดฟรีค่าขนส่ง</option>
</select>
</div>
</div>
<div class="form-group" id="codetext" name="codetext" style="display: none;"></div>
<script type="text/javascript">
function SelectTypeCode(id) {
console.log(id);
if (id>0) {
$.ajax({
type: 'POST',
url: 'sql/sql_typeCode.php',
dataType: 'json',
data : {id:id},
success: function (result) {
var table = ('<label class="col-md-3 control-label">โค้ดส่วนลด</label>');
table += ('<div class="col-md-6">');
table += ('<select class="form-control populate" id="code" name="code">');
$.each(result, function (key, value) {
table += ('<option value="'+value.code+'">');
table += (''+value.code+'');
table += ('</option>');
});
table += ('</select>');
table += ('</div>');
$("#codetext").show();
$("#codetext").html(table);
}
});
}else{
$("#codetext").hide();
}
}
</script>
<div class="form-group">
<label class="col-md-3 control-label">ช่องการสั่งซื้อ</label>
<div class="col-md-6">
<select class="form-control populate" id="orderway" name="orderway">
<option value="Website">Website</option>
<option value="Facebook">Facebook</option>
<option value="Line">Line</option>
<option value="ตัวแทนจัดจำหน่าย">ตัวแทนจัดจำหน่าย</option>
</select>
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label">การขนส่ง</label>
<div class="col-md-6">
<select class="form-control populate" id="type_delivery" name="type_delivery">
<option value="1">การจัดส่งแบบลงทะเบียน</option>
<option value="2">การจัดส่งด่วน</option>
<option value="3">จัดส่งเอกชน</option>
<option value="4">แบบพัสดุธรรมดา</option>
</select>
<br><code>กรุณตรวจสอบสินค้าให้ตรงกับการจัดส่งก่อนกดบันทึก</code>
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label">ชำระเงินผ่าน</label>
<div class="col-md-6">
<select class="form-control populate" id="payment" name="payment">
<option value="1" selected="">โอนผ่านบัญชีธนาคาร</option>
</select>
</div>
</div>
<div class="container">
<div class='element' id='div_1'></div>
</div>
<div class="row" style="text-align: center;">
<span class='add btn btn-success'><i class="fa fa-plus"></i> เพิ่มรายการสินค้า</span><br>
</div>
</div><br>
<div class="panel-footer">
<button type="submit" class="mb-xs mt-xs mr-xs btn btn-lg btn-primary" style="margin-left: 81%;">บันทึกข้อมูล</button>
</div>
</section>
</form>
</div>
</div>
</section>
<!-- end: page -->
</section>
</section>
<?php require('inv_footer.php'); ?>
<script src="script_addproduct.js"></script>
<link rel="stylesheet" href="../css/waitMe.css" />
<script src="../js/waitMe.js"></script>
<script type="text/javascript">
function run_waitMe(el, num, effect){
text = 'Please wait...';
fontSize = '';
switch (num) {
case 1:
maxSize = '';
textPos = 'vertical';
break;
case 2:
text = '';
maxSize = 30;
textPos = 'vertical';
break;
case 3:
maxSize = 30;
textPos = 'horizontal';
fontSize = '18px';
break;
}
el.waitMe({
effect: effect,
text: text,
bg: 'rgba(255,255,255,0.7)',
color: '#000',
maxSize: maxSize,
waitTime: -1,
source: 'img.svg',
textPos: textPos,
fontSize: fontSize,
onClose: function(el) {}
});
}
</script>
<script type="text/javascript">
function SelectList(value){
console.log(value);
if (value==1) {
$('#username').show();
}else{
$('#username').hide();
}
}
</script>
<script type="text/javascript">
$("#save").submit(function(e){
e.preventDefault();
var formData = new FormData(this);
$.ajax({
type:'POST',
url: 'sql/sql_create_order2.php',
data:formData,
cache:false,
contentType: false,
processData: false,
beforeSend: function() {
run_waitMe($('body'), 3, 'roundBounce');
},
success:function(data){
console.log(data);
console.log(data);
if ( data == 'Faill') {
$('body').waitMe('hide');
swal('Warning. Please Try Again.');
}else{
swal('Complete..');
setTimeout(function(){location.href= data} , 2000);
}
},
error: function(data){
swal(
'Warning. Please Try Again.',
'',
'error'
)
}
});
});
</script>
</body>
</html>