shell bypass 403
<?php session_start(); ?>
<!doctype html>
<html class="fixed">
<?php require('inv_header.php'); ?>
<!-- Specific Page Vendor CSS -->
<link rel="stylesheet" href="assets/vendor/owl-carousel/owl.carousel.css" />
<link rel="stylesheet" href="assets/vendor/owl-carousel/owl.theme.css" />
<!-- Theme CSS -->
<link rel="stylesheet" href="assets/stylesheets/theme.css" />
<!-- Skin CSS -->
<link rel="stylesheet" href="assets/stylesheets/skins/default.css" />
<!-- Theme Custom CSS -->
<link rel="stylesheet" href="assets/stylesheets/theme-custom.css">
<!-- Head Libs -->
<script src="assets/vendor/modernizr/modernizr.js"></script>
<link rel="stylesheet" href="assets/vendor/bootstrap-fileupload/bootstrap-fileupload.min.css" />
<style media="screen">
.color{
overflow: hidden;
width: 40px;
height: 40px;
border: solid 2px #ddd;
border-radius: 40px;
}
input[type=file]{
display: inline;
}
#image_preview{
border: 1px solid black;
padding: 10px;
}
#image_preview img{
width: 100%;
padding: 15px;
}
/* set model center */
.modal {
text-align: center;
padding: 0!important;
}
.modal:before {
content: '';
display: inline-block;
height: 100%;
vertical-align: middle;
margin-right: -4px;
}
.modal-dialog {
display: inline-block;
text-align: left;
vertical-align: middle;
}
</style>
<body>
<section class="body">
<?php $active = 2; ?>
<?php $subactive = 1; ?>
<?php
$product = "SELECT * FROM `tb_product` WHERE `id_product` = '".$_GET['id']."'";
$objproduct = mysqli_query($myConn,$product);
$resultproduct = mysqli_fetch_array($objproduct);
?>
<?php require('inv_nav.php'); ?>
<?php require('inv_manu.php'); ?>
<section role="main" class="content-body">
<header class="page-header">
<h2>รูปภาพ</h2>
<div class="right-wrapper pull-right">
<ol class="breadcrumbs">
<li>
<a href="index.html">
<i class="fa fa-home"></i>
</a>
</li>
<li><a href="form_product.php"><span>สินค้า</span></a></li>
<li><span>รูปประกอบสินค้า</span></li>
</ol>
<a class="sidebar-right-toggle" data-open="sidebar-right"><i class="fa fa-chevron-left"></i></a>
</div>
</header>
<!-- start: page -->
<div class="owl-carousel" data-plugin-carousel data-plugin-options='{ "autoPlay": 100000, "items": 6, "itemsDesktop": [1199,4], "itemsDesktopSmall": [979,3], "itemsTablet": [768,2], "itemsMobile": [479,1] }'>
<?php
$sql = "SELECT * FROM `tb_product_images` WHERE `id_product` = '".$_GET['id']."' ";
$obj = mysqli_query($myConn,$sql);
while ($result = mysqli_fetch_array($obj)) {
$sqlcolor = "SELECT * FROM `tb_type_color` WHERE `id_col` = '".$result['id_col']."' ";
$objcolor = mysqli_query($myConn,$sqlcolor);
$resultcolor = mysqli_fetch_array($objcolor);
$mark = $result['st']==1 ? "success" : "default" ;
?>
<div class="item spaced">
<div class="panel-body" style="text-align: center;">
<?php echo ($resultcolor['name_color']<>'') ? $resultcolor['name_color'] : 'Not Choose' ; ?>
</div>
<img class="img-thumbnail" src="<?php echo $result['images'] ?>" alt="">
<button type="button" class="mb-xs mt-xs mr-xs btn btn-<?php echo $mark ?>" onclick="changSt(<?php echo $result['id_img'] ?>)">
<i class="fa fa-bookmark"></i>
</button>
<button type="button" class="mb-xs mt-xs mr-xs btn btn-danger" onclick="delete_Product_img(<?php echo $result['id_img'] ?>)">
<i class="fa fa-trash-o"></i>
</button>
<button type="button" class="mb-xs mt-xs mr-xs btn btn-info" data-toggle="modal" onclick="edit_images_detail(<?php echo $result['id_img'] ?>,<?php echo $_GET['id'] ?>)" data-target="#modalBootstrap">
<i class="fa fa-edit"> รายละเอียด</i>
</button>
<button type="button" class="mb-xs mt-xs mr-xs btn btn-default"><?php echo $result['Priority'] ?></button>
</div>
<?php } ?>
</div>
<hr>
<div class="row">
<div class="col-md-2"></div>
<div class="col-md-9">
<!-- <form class="form-horizontal" method="POST" action="sql/sql_product_img2.php" enctype="multipart/form-data"> -->
<form class="form-horizontal" id="saveimg" name="saveimg" enctype="multipart/form-data">
<input type="hidden" name="id" id="id" value="<?php echo $_GET['id']; ?>">
<section class="panel">
<header class="panel-heading">
<h2 class="panel-title">อัพโหลดรูปประกอบสินค้า</h2>
<p class="panel-subtitle">
รายละเอียดการอัพโหลด <code>ขนาดรูป 1000 pixel X 1500 pixel</code> | ประเภทไฟล์ <code>JPG , PNG</code>
</p>
<div style=" text-align: right; ">
<button type="submit" id="submit" name="submit" class="btn btn-success">บันทึกข้อมูล</button>
<button type="reset" class="btn btn-default">ยกเลิก</button>
</div>
</header>
<div class="panel-body">
<div class="form-group">
<label class="col-md-3 control-label">File Upload</label>
<div class="col-md-6">
<input type="file" id="uploadFile" name="uploadFile[]" class="form-control" accept="image/jpeg,image/jpg" multiple/>
</div>
</div><br><br>
<label for="image_preview"> Show Images.</label>
<div id="image_preview"></div>
</div>
<!-- <footer class="panel-footer">
<button type="submit" id="submit" name="submit" class="btn btn-primary">Submit </button>
<button type="reset" class="btn btn-default">Reset</button>
</footer> -->
</section>
</form>
</div>
</div>
<!-- end: page -->
</section>
</section>
<div class="modal fade" id="modalBootstrap" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">แก้ไขข้อมูลรูปภาพสินค้า</h4>
</div>
<div id="modal_images_product"></div>
</div>
</div>
</div>
<?php require('inv_footer.php'); ?>
<!-- Specific Page Vendor -->
<script src="assets/vendor/owl-carousel/owl.carousel.js"></script>
<!-- Theme Base, Components and Settings -->
<script src="assets/javascripts/theme.js"></script>
<!-- Theme Custom -->
<script src="assets/javascripts/theme.custom.js"></script>
<!-- Theme Initialization Files -->
<script src="assets/javascripts/theme.init.js"></script>
<!-- Specific Page Vendor -->
<script src="assets/vendor/jquery-autosize/jquery.autosize.js"></script>
<script src="assets/vendor/bootstrap-fileupload/bootstrap-fileupload.min.js"></script>
<script type="text/javascript">
function delete_Product_img(id) {
console.log(id);
swal({
title: "คุณต้องการลบรูปภาพสินค้านี้ หรือไม่?",
text: "Item(s) will be removed from product!",
buttons: true,
dangerMode: true,
})
.then((willDelete) => {
if (willDelete) {
$.ajax({
url: 'sql/sql_delete_productimg.php',
type: "POST",
datatype: "json",
data : {id:id},
ContentType:"application/json",
success: function(response){
console.log(response);
var x = jQuery.parseJSON(response);
if(x.flag == true){
console.log(x.message);
swal(
'Your imaginary file has been deleted!!',
'',
'success'
)
window.setTimeout('location.reload()', 1000); //Reloads after 2000 seconds
}else{
swal(
'error',
'',
'error'
)
}
},error: function(err){
alert(err);
}
});
}
});
}
function changSt(id){
console.log(id);
console.log(id);
swal({
title: "คุณต้องการเปลี่ยนสถานะ หรือไม่?",
text: "Item(s) will be Chang Status from Images!",
buttons: true,
dangerMode: true,
})
.then((willDelete) => {
if (willDelete) {
$.ajax({
url: 'sql/sql_Chang_imgproduct.php',
type: "POST",
datatype: "json",
data : {id:id},
ContentType:"application/json",
success: function(response){
console.log(response);
var x = jQuery.parseJSON(response);
if(x.flag == true){
swal(
'Change the status of the photo successfully.!!',
'',
'success'
)
window.setTimeout('location.reload()', 1000); //Reloads after 2000 seconds
}else{
swal(
'error',
'',
'error'
)
}
},error: function(err){
alert(err);
}
});
}
});
}
$("#saveimg").submit(function(e){
e.preventDefault();
var formData = new FormData(this);
$.ajax({
type:'POST',
url: 'sql/sql_product_img2.php',
data:formData,
cache:false,
contentType: false,
processData: false,
success:function(data){
console.log("process ->"+data);
if(data == "true"){
swal(
'ทำการเพิ่มรูปลงอัลบั้มสำเร็จ!!',
'',
'success'
)
}else{
swal(
'ผิดพลาด กรุณาลองใหม่อีกครั้ง!!',
'',
'error'
)
}
window.setTimeout('location.reload()', 800); //Reloads after 2000 seconds
},
error: function(data){
console.log("error");
console.log(data);
alert(data);
}
});
});
</script>
<script>
$("#uploadFile").change(function(){
$('#image_preview').html("");
var total_file=document.getElementById("uploadFile").files.length;
for(var i=0;i<total_file;i++)
{
$('#image_preview').append("<img src='"+URL.createObjectURL(event.target.files[i])+"'>");
}
});
</script>
</body>
</html>