shell bypass 403
<?php session_start(); ?>
<!doctype html>
<html class="fixed">
<?php require('inv_header.php'); ?>
<link rel="stylesheet" type="text/css" href="css/waitMe.css">
<link rel="stylesheet" type="text/css" href="css/waitMe.min.css">
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.20/css/jquery.dataTables.css">
<link type="text/css" href="//gyrocode.github.io/jquery-datatables-checkboxes/1.2.11/css/dataTables.checkboxes.css" rel="stylesheet" />
<style media="screen">
.color{
overflow: hidden;
width: 40px;
height: 40px;
border: solid 2px #ddd;
border-radius: 40px;
}
/* set model center */
.modal {
text-align: center;
padding: 0!important;
}
.modal:before {
content: '';
display: inline-block;
height: 100%;
vertical-align: middle;
margin-right: -4px;
}
.modal-dialog {
display: inline-block;
text-align: left;
vertical-align: middle;
}
.dropdown-backdrop {
display:none;
}
</style>
<body class="waitMe_body">
<div class="waitMe_container img" style="background:#fff">
<div style="background:url('img.svg')"></div>
</div>
<section class="body">
<?php $active = 11; ?>
<?php $subactive = 0; ?>
<?php
if (isset($_POST['search'])) {
if ($_POST['search'] == 0) { // รอชำระเงิน
$product = "SELECT * FROM `tb_order_head` WHERE st_verify = 0 AND st_payment = 0 AND tb_order_head.st_verify != 2 ORDER BY `tb_order_head`.`datecreate` DESC";
}elseif ($_POST['search'] == 1) { // รอตรวจสอบ
$product = "SELECT * FROM `tb_order_head` WHERE st_verify = 1 AND st_payment = 0 AND tb_order_head.st_verify != 2 ORDER BY `tb_order_head`.`datecreate` DESC";
}elseif($_POST['search'] == 2){ // ชำระเงินแล้ว
$product = "SELECT * FROM `tb_order_head` WHERE st_payment = 1 AND st_transport = 0 AND tb_order_head.st_verify != 2 ORDER BY `tb_order_head`.`datecreate` DESC";
}else{ // ส่งสินค้าแล้ว
$product = "SELECT * FROM `tb_order_head` WHERE st_transport = 1 AND tb_order_head.st_verify != 2 ORDER BY `tb_order_head`.`datecreate` DESC";
}
} else {
$product = "SELECT * FROM `tb_order_head` ORDER BY datecreate DESC";
}
$objproduct = mysqli_query($myConn,$product);
$data = [];
while ($row = mysqli_fetch_array($objupdate)) {
$data[] = array(
"id" => $row['id'],
"index" => $row['index'],
"member" => $row['id_member'],
"st_payment" => $row['st_payment'],
"st_transport" => $row['st_transport'],
"report" => $row['log_report'],
"name" => $row['name'],
"datecreate" => $row['datecreate'],
);
}
?>
<?php require('inv_nav.php'); ?>
<?php require('inv_manu.php'); ?>
<section role="main" class="content-body">
<header class="page-header">
<h2>รายการสั่งซื้อสินค้า</h2>
<div class="right-wrapper pull-right">
<ol class="breadcrumbs">
<li>
<a href="index.php">
<i class="fa fa-home"></i>
</a>
</li>
<li><span>รายการสั่งซื้อสินค้า</span></li>
</ol>
<a class="sidebar-right-toggle" data-open="sidebar-right"></a>
</div>
</header>
<!-- start: page -->
<form id="frm-example" method="POST">
<section class="panel">
<header class="panel-heading">
<div class="panel-actions">
<a href="form_create_order2.php">
<button type="button" class="btn btn-default" style="border-radius:0px"><i class="fa fa-plus" title="" ></i> ADD ORDER</button></a>
</div>
<h2 class="panel-title">รายการสั่งซื้อสินค้า</h2>
</header>
<div class="panel-body">
<div class="panel-body" style="background: #f9f9f9">
<p style="font-size: 15px;"><b>หมายเหตุ : <code style="color: #d2322d">สีแดง = รอชำระเงิน</code>,<code style="color: #ffc107">สีเหลือง = รอตรวจสอบ</code>,<code style="color: #8bc34a">สีเขียว = ชำระแล้ว</code>,<code style="color: #35a815">สีเขียวเข้ม = ส่งสินค้าสำเร็จ</code>,<code style="color: #616161">สีเทา = ยกเลิกรายการ</code></b>
</p>
</div>
<table class="table mb-none">
<tbody>
<tr>
<td class="left hidden-phone">
<button value="0" type="button" class="btn reload_data btn-danger" style="border-radius:0px">ค้นหา รอชำระเงิน</button>
<button value="1" type="button" class="btn reload_data btn-warning" style="border-radius:0px">ค้นหา รอตรวจสอบ</button>
<button value="2" type="button" class="btn reload_data btn-success" style="border-radius:0px">ค้นหา ชำระเงินแล้ว</button>
<button value="3" type="button" class="btn reload_data btn-primary" style="border-radius:0px">ค้นหา สินค้าจัดส่ง</button>
<button value="4" type="button" class="btn reload_data btn-dark" style="border-radius:0px"> ยกเลิกรายการ</button>
</td>
<td class="hidden-phone" style="text-align: right;">
<button type="button" class="btn btn-info" id="change_status" style="border-radius:0px;" >เปลี่ยนสถานะชำระเงินแล้ว</button>
<button type="button" class="btn btn-info" id="change_status2" style="border-radius:0px;" >ออกรายงาน</button>
</td>
</tr>
</tbody>
</table>
<br>
<table id="example" class="display">
<thead>
<tr>
<th></th>
<th>ออกรายงาน</th>
<th>ACTION</th>
<th>วันที่ทำการสั่งซื้อ</th>
<th>เลขที่ใบสั่งซื้อ.</th>
<th>สถานะการชำระเงิน</th>
<th>สถานะการขนส่ง</th>
<th>ชื่อ - นามสกุล</th>
</tr>
</thead>
</table>
</div>
</section>
</form>
<!-- end: page -->
</section>
</section>
<div class="modal fade" id="modalBootstrap" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">สำหรับ Copy URL ให้ลูกค้า</h4>
</div>
<div id="modal_copylink"></div>
</div>
</div>
</div>
<!-- Modal URL Status -->
<div class="modal fade" id="copylink2" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">สำหรับ Copy URL ให้ลูกค้า</h4>
</div>
<div id="modal_copylink2"></div>
</div>
</div>
</div>
<div class="modal fade" id="modalbill" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">ใบแจ้งชำระ </h4>
</div>
<div id="modal_bill"></div>
</div>
</div>
</div>
<div class="modal fade" id="modal_tacking" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">เพิ่มเลขพัสดุ ( Tracking Number )</h4>
</div>
<div id="modaltacking"></div>
</div>
</div>
</div>
<?php require('inv_footer.php'); ?>
<script type="text/javascript" src="js/waitMe.js"></script>
<script type="text/javascript" src="js/waitMe.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.20/js/jquery.dataTables.js"></script>
<script src="https://clipboardjs.com/dist/clipboard.min.js"></script>
<script type="text/javascript" src="//gyrocode.github.io/jquery-datatables-checkboxes/1.2.11/js/dataTables.checkboxes.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
var listorder = $('#example').DataTable( {
scrollY: true,
scrollCollapse: true,
"ajax": 'ajaxTable_d.php',
"columnDefs": [
{
"targets": 5,
"createdCell": function (td, cellData, rowData, row, col) {
var rows = cellData.toString();
if (rows == 'รอชำระเงิน ')
{
$(td).css('color', 'white')
$(td).css('background', 'red')
} else if(rows == "ชำระแล้ว ")
{
$(td).css('color', 'white')
$(td).css('background', '#8bc34a')
}else if(rows == "รอตรวจสอบ ")
{
$(td).css('color', 'white')
$(td).css('background', '#ffc107')
}else if(rows == "ส่งสินค้าสำเร็จ ")
{
$(td).css('color', 'white')
$(td).css('background', 'darkgreen')
}else if(rows == "ยกเลิกรายการ")
{
$(td).css('color', 'white')
$(td).css('background', 'gray')
}
}
},
{
'targets': 0,
'checkboxes': {
'selectRow': true
}
}
],
columns : [
{ data : 'id' },
{ data : 'report' },
{ data : 'action' },
{ data : 'datecreate' },
{ data : 'index' },
{ data : 'st_payment' },
{ data : 'st_transport' },
{ data : 'name' },
],
'select': {
'style': 'multi'
},
'order': [[1, 'asc']]
});
$('#change_status').on('click', function(e){
var change = 1;
var form = $('#frm-example');
var rows_selected = listorder.column(0).checkboxes.selected();
var selectedItems = [];
$.each(rows_selected, function(index, rowId){
selectedItems.push(rowId);
});
// console.log(selectedItems.toString());
$.ajax({
url: 'sql/sql_multichangstauts_order_d.php',
type: "POST",
datatype: "json",
data : {selectedItems:selectedItems,change:change},
ContentType:"application/json",
success: function(response){
console.log(response);
var x = jQuery.parseJSON(response);
if(x.flag == true){
swal(x.mag);
window.setTimeout('location.reload()', 1000); //Reloads after 2000 seconds
}else{
swal("Error, Please Try Again");
}
},error: function(err){
alert(err);
}
});
});
$('#change_status2').on('click', function(e){
var form = $('#frm-example');
var rows_selected = listorder.column(0).checkboxes.selected();
var selectedItems2 = [];
$.each(rows_selected, function(index, rowId){
selectedItems2.push(rowId);
});
location.target = "_blank";
location.href = "mpdf/index_multi.php?id="+selectedItems2;
});
});
$('.reload_data').on( 'click', function () {
$('#example').dataTable().fnDestroy();
reload_data($(this).val());
})
function reload_data(val)
{
var listorder = $('#example').DataTable( {
"ajax": {
"url": "ajaxTable_d.php",
"type": 'POST',
"data": {
"id": val
},
},
"columnDefs": [
{
"targets": 5,
"createdCell": function (td, cellData, rowData, row, col) {
var rows = cellData.toString();
if (rows == 'รอชำระเงิน ')
{
$(td).css('color', 'white')
$(td).css('background', 'red')
} else if(rows == "ชำระแล้ว ")
{
$(td).css('color', 'white')
$(td).css('background', '#8bc34a')
}else if(rows == "รอตรวจสอบ ")
{
$(td).css('color', 'white')
$(td).css('background', '#ffc107')
}else if(rows == "ส่งสินค้าสำเร็จ ")
{
$(td).css('color', 'white')
$(td).css('background', 'darkgreen')
}else if(rows == "ยกเลิกรายการ")
{
$(td).css('color', 'white')
$(td).css('background', 'gray')
}
}
},
{
'targets': 0,
'checkboxes': {
'selectRow': true
}
}
],
columns : [
{ data : 'id' },
{ data : 'report' },
{ data : 'action' },
{ data : 'datecreate' },
{ data : 'index' },
{ data : 'st_payment' },
{ data : 'st_transport' },
{ data : 'name' },
],
'select': {
'style': 'multi'
},
'order': [[1, 'asc']]
} );
}
</script>
<script>
$(document).click(function (event) {
$('.dropdown-menu[data-parent]').hide();
});
$(document).on('click', '.table-responsive [data-toggle="dropdown"]', function () {
if ($('body').hasClass('modal-open')) {
throw new Error("This solution is not working inside a responsive table inside a modal, you need to find out a way to calculate the modal Z-index and add it to the element")
return true;
}
$buttonGroup = $(this).parent();
if (!$buttonGroup.attr('data-attachedUl')) {
var ts = +new Date;
$ul = $(this).siblings('ul');
$ul.attr('data-parent', ts);
$buttonGroup.attr('data-attachedUl', ts);
$(window).resize(function () {
$ul.css('display', 'none').data('top');
});
} else {
$ul = $('[data-parent=' + $buttonGroup.attr('data-attachedUl') + ']');
}
if (!$buttonGroup.hasClass('open')) {
$ul.css('display', 'none');
return;
}
dropDownFixPosition($(this).parent(), $ul);
function dropDownFixPosition(button, dropdown) {
var dropDownTop = button.offset().top + button.outerHeight();
dropdown.css('top', dropDownTop + "px");
dropdown.css('right', "5%");
dropdown.css('position', "absolute");
dropdown.css('width', dropdown.width());
dropdown.css('heigt', dropdown.height());
dropdown.css('display', 'block');
dropdown.appendTo('body');
}
});
</script>
<script type="text/javascript">
function change_status3(id){
console.log(id);
$.ajax({
url: 'sql/sql_cancel_order.php',
type: "POST",
datatype: "json",
data : {id:id},
ContentType:"application/json",
success: function(response){
console.log(response);
var x = jQuery.parseJSON(response);
if(x.flag == true){
swal(x.mag);
window.setTimeout('location.reload()', 1000); //Reloads after 2000 seconds
}else{
swal("Error, Please Try Again");
}
},error: function(err){
alert(err);
}
});
}
//-------------------------------------------------------
var clipboard = new ClipboardJS('.btn');
clipboard.on('success', function(e) {
console.info('Action:', e.action);
console.info('Text:', e.text);
console.info('Trigger:', e.trigger);
e.clearSelection();
alert("copied successfully.");
});
clipboard.on('error', function(e) {
console.error('Action:', e.action);
console.error('Trigger:', e.trigger);
});
//--------------------------------------------------
function delete_order(id) {
console.log(id);
swal({
title: "คุณต้องการลบสินค้านี้ หรือไม่?",
text: "Item(s) will be removed from product!",
buttons: true,
dangerMode: true,
})
.then((willDelete) => {
if (willDelete) {
$.ajax({
url: 'sql/sql_delete_order.php',
type: "POST",
datatype: "json",
data : {id:id},
ContentType:"application/json",
success: function(response){
console.log(response);
var x = jQuery.parseJSON(response);
if(x.flag == true){
swal(
'Your imaginary file has been deleted!!',
'',
'success'
)
window.setTimeout('location.reload()', 1000); //Reloads after 2000 seconds
}else{
swal(
'error',
'',
'error'
)
}
},error: function(err){
alert(err);
}
});
}
});
}
</script>
</body>
</html>