shell bypass 403
<?php session_start(); ?>
<!doctype html>
<html class="fixed">
<head>
<!-- Basic -->
<meta charset="UTF-8">
<title>Huskiesbag | Back-office </title>
<?php require('inv_header.php'); ?>
<!-- Mobile Metas -->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<!-- Web Fonts -->
<link href="http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800|Shadows+Into+Light" rel="stylesheet" type="text/css">
<!-- Vendor CSS -->
<link rel="stylesheet" href="assets/vendor/bootstrap/css/bootstrap.css" />
<link rel="stylesheet" href="assets/vendor/font-awesome/css/font-awesome.css" />
<link rel="stylesheet" href="assets/vendor/magnific-popup/magnific-popup.css" />
<link rel="stylesheet" href="assets/vendor/bootstrap-datepicker/css/datepicker3.css" />
<!-- Specific Page Vendor CSS -->
<link rel="stylesheet" href="assets/vendor/jquery-ui/css/ui-lightness/jquery-ui-1.10.4.custom.css" />
<link rel="stylesheet" href="assets/vendor/bootstrap-multiselect/bootstrap-multiselect.css" />
<link rel="stylesheet" href="assets/vendor/morris/morris.css" />
<!-- Theme CSS -->
<link rel="stylesheet" href="assets/stylesheets/theme.css" />
<!-- Skin CSS -->
<link rel="stylesheet" href="assets/stylesheets/skins/default.css" />
<!-- Theme Custom CSS -->
<link rel="stylesheet" href="assets/stylesheets/theme-custom.css">
<!-- Head Libs -->
<script src="assets/vendor/modernizr/modernizr.js"></script>
</head>
<body>
<section class="body">
<?php $active = 1; ?>
<?php $subactive = 0; ?>
<?php require('inv_nav.php'); ?>
<?php require('inv_manu.php'); ?>
<?php
date_default_timezone_set('Asia/Bangkok');
$datenow = date("Y-m-d");
$year = date("Y");
$contactform = "SELECT COUNT(idc) AS summary FROM `form_contact`";
$objsql = mysqli_query($myConn,$contactform);
$resultcontact = mysqli_fetch_array($objsql);
$SUMCOUNT = $resultcontact['summary'];
$sumtotal = 0;
$Jan = 0;
$Feb = 0;
$Mar = 0;
$Apr = 0;
$May = 0;
$Jun = 0;
$Jul = 0;
$Aug = 0;
$Sep = 0;
$Oct = 0;
$Nov = 0;
$Dec = 0;
$profit = "SELECT * FROM `tb_order_detail`
INNER JOIN tb_product ON tb_order_detail.id_product = tb_product.id_product";
$Objprofit = mysqli_query($myConn,$profit);
while ($resultprofit = mysqli_fetch_array($Objprofit)) {
// SALE
$sale3 = "SELECT * FROM `tb_type_sale` WHERE `id_sale` ='".$resultprofit['id_sale']."' ";
$objsale3 = mysqli_query($myConn,$sale3);
$numsale3 = mysqli_num_rows($objsale3);
$resultsale3 = mysqli_fetch_array($objsale3);
// Not Sale
$pricedefault3 = $resultprofit['price'];
// Sale
$sal3 = substr($resultsale3['percent_sale'],0,-1);
$a3 = ($sal3/100);
$b3 = $pricedefault3*$a3;
$saleprice = $pricedefault3-$b3;
$total = (($numsale3<>0) ? $saleprice : $pricedefault3)*$resultprofit['number']; // total of pice
$sumtotal += $total; // All Total
}
// Today's Orders
$orders = "SELECT COUNT(id) AS countid FROM `tb_order_head` WHERE datecreate LIKE '".$datenow."%'";
$objorders = mysqli_query($myConn,$orders);
$resultorder = mysqli_fetch_array($objorders);
$countorder = $resultorder['countid'];
// count visitor
$SQLvisitor = "SELECT COUNT(id) AS COUNTID FROM `tb_visitor` ORDER BY `tb_visitor`.`id` ASC";
$Objvisitor = mysqli_query($myConn,$SQLvisitor);
$resultvisitor = mysqli_fetch_array($Objvisitor);
$countvisitor = $resultvisitor['COUNTID'];
?>
<section role="main" class="content-body">
<header class="page-header">
<h2>Dashboard</h2>
<div class="right-wrapper pull-right">
<ol class="breadcrumbs">
<li>
<a href="index.php">
<i class="fa fa-home"></i>
</a>
</li>
<li style="padding-right: 20px;"><span>Dashboard</span></li>
</ol>
<!-- <a class="sidebar-right-toggle" data-open="sidebar-right"><i class="fa fa-chevron-left"></i></a> -->
</div>
</header>
<div class="row">
<div class="col-lg-12">
<section class="panel">
<header class="panel-heading panel-heading-transparent">
<h2 class="panel-title">Order Stats</h2>
</header>
<div class="panel-body">
<div class="table-responsive">
<table class="table table-striped mb-none">
<thead>
<tr>
<th>#</th>
<th>เลขที่ใบสั่งซื้อ</th>
<th>ชื่อผู้สั่งซื้อ</th>
<th>วันที่ทำการสั่งซื้อ</th>
<th>สถานะ</th>
</tr>
</thead>
<tbody>
<?php
$no = 0;
$mod = '';
$text = '';
$header = "SELECT * FROM `tb_order_head` ORDER BY `tb_order_head`.`id` DESC LIMIT 10";
$objheader = mysqli_query($myConn,$header);
while ($resulthead = mysqli_fetch_array($objheader)) {
$no++;
// $item = $resultlistt['productcode'].' '.$resultlistt['name_product'];
if ($resulthead['st_verify']==1) {
if ($resulthead['st_payment']==1) {
if ($resulthead['st_transport']==1) {
$text = 'ส่งสินค้าสำเร็จ';
$mod = "success";
} else {
$text = 'ชำระแล้ว';
$mod = "info";
}
}else{
$text = 'รอตรวจสอบ';
$mod = "warning";
}
}else{
if ($resulthead['st_payment']==1) {
if ($resulthead['st_transport']==1) {
$text = 'ส่งสินค้าสำเร็จ';
$mod = "success";
} else {
$text = 'ชำระแล้ว';
$mod = "info";
}
}else{
$text = 'รอชำระเงิน';
$mod = "danger";
}
}
?>
<tr>
<td><?php echo $no; ?></td>
<td><?php echo $resulthead['index']; ?></td>
<td><?php echo $resulthead['name']; ?></td>
<td><?php echo date("d M, Y", strtotime($resulthead['datecreate'])); ?></td>
<td><span class="label label-<?php echo $mod; ?>"><?php echo $text; ?></span></td>
</tr>
<? } ?>
</tbody>
</table>
</div>
</div>
</section>
</div>
</div>
<!-- start: page -->
<div class="row">
<div class="col-md-6 col-lg-12 col-xl-6">
<section class="panel">
<div class="panel-body">
<div class="row">
<div class="col-lg-12">
<div class="chart-data-selector" id="salesSelectorWrapper">
<h2>
Sales Price:
<strong style="display: none;">
<select class="form-control" id="salesSelector">
<option value="JSOFT Admin" selected>JSOFT Admin</option>
<option value="JSOFT Drupal" >JSOFT Drupal</option>
<option value="JSOFT Wordpress" >JSOFT Wordpress</option>
</select>
</strong>
</h2>
<div id="salesSelectorItems" class="chart-data-selector-items mt-sm">
<div class="chart chart-sm" data-sales-rel="JSOFT Admin" id="flotDashSales1" class="chart-active"></div>
<script>
var flotDashSales1Data = [{
data: [
["Jan", 140],
["Feb", 240],
["Mar", 190],
["Apr", 140],
["May", 180],
["Jun", 320],
["Jul", 270],
["Aug", 180],
["Sep", 180],
["Oct", 180],
["Nov", 180],
["Dec", 180]
],
color: "#0088cc"
}];
</script>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div class="col-md-6 col-lg-12 col-xl-6">
<div class="row">
<div class="col-md-12 col-lg-6 col-xl-6">
<section class="panel panel-featured-left panel-featured-primary">
<div class="panel-body">
<div class="widget-summary">
<div class="widget-summary-col widget-summary-col-icon">
<div class="summary-icon bg-primary">
<i class="fa fa-life-ring"></i>
</div>
</div>
<div class="widget-summary-col">
<div class="summary">
<h4 class="title">Contact form</h4>
<div class="info">
<strong class="amount"><?php echo $SUMCOUNT; ?></strong>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div class="col-md-12 col-lg-6 col-xl-6">
<section class="panel panel-featured-left panel-featured-secondary">
<div class="panel-body">
<div class="widget-summary">
<div class="widget-summary-col widget-summary-col-icon">
<div class="summary-icon bg-secondary">
<i class="fa fa-usd"></i>
</div>
</div>
<div class="widget-summary-col">
<div class="summary">
<h4 class="title">Total Profit</h4>
<div class="info">
<strong class="amount">฿ <?php echo number_format($sumtotal); ?></strong>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div class="col-md-12 col-lg-6 col-xl-6">
<section class="panel panel-featured-left panel-featured-tertiary">
<div class="panel-body">
<div class="widget-summary">
<div class="widget-summary-col widget-summary-col-icon">
<div class="summary-icon bg-tertiary">
<i class="fa fa-shopping-cart"></i>
</div>
</div>
<div class="widget-summary-col">
<div class="summary">
<h4 class="title">Today's Orders</h4>
<div class="info">
<strong class="amount"><?php echo $countorder; ?></strong>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div class="col-md-12 col-lg-6 col-xl-6">
<section class="panel panel-featured-left panel-featured-quartenary">
<div class="panel-body">
<div class="widget-summary">
<div class="widget-summary-col widget-summary-col-icon">
<div class="summary-icon bg-quartenary">
<i class="fa fa-user"></i>
</div>
</div>
<div class="widget-summary-col">
<div class="summary">
<h4 class="title">Today's Visitors</h4>
<div class="info">
<strong class="amount"><?php echo $countvisitor; ?></strong>
</div>
</div>
<div class="summary-footer">
<a class="text-muted text-uppercase">(detail)</a>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
</div>
</div>
<!-- end: page -->
</section>
</div>
</section>
<!-- Vendor -->
<script src="assets/vendor/jquery/jquery.js"></script>
<script src="assets/vendor/jquery-browser-mobile/jquery.browser.mobile.js"></script>
<script src="assets/vendor/bootstrap/js/bootstrap.js"></script>
<script src="assets/vendor/nanoscroller/nanoscroller.js"></script>
<script src="assets/vendor/bootstrap-datepicker/js/bootstrap-datepicker.js"></script>
<script src="assets/vendor/magnific-popup/magnific-popup.js"></script>
<script src="assets/vendor/jquery-placeholder/jquery.placeholder.js"></script>
<!-- Specific Page Vendor -->
<script src="assets/vendor/jquery-ui/js/jquery-ui-1.10.4.custom.js"></script>
<script src="assets/vendor/jquery-ui-touch-punch/jquery.ui.touch-punch.js"></script>
<script src="assets/vendor/jquery-appear/jquery.appear.js"></script>
<script src="assets/vendor/bootstrap-multiselect/bootstrap-multiselect.js"></script>
<script src="assets/vendor/jquery-easypiechart/jquery.easypiechart.js"></script>
<script src="assets/vendor/flot/jquery.flot.js"></script>
<script src="assets/vendor/flot-tooltip/jquery.flot.tooltip.js"></script>
<script src="assets/vendor/flot/jquery.flot.pie.js"></script>
<script src="assets/vendor/flot/jquery.flot.categories.js"></script>
<script src="assets/vendor/flot/jquery.flot.resize.js"></script>
<script src="assets/vendor/jquery-sparkline/jquery.sparkline.js"></script>
<script src="assets/vendor/raphael/raphael.js"></script>
<script src="assets/vendor/morris/morris.js"></script>
<script src="assets/vendor/gauge/gauge.js"></script>
<script src="assets/vendor/snap-svg/snap.svg.js"></script>
<script src="assets/vendor/liquid-meter/liquid.meter.js"></script>
<script src="assets/vendor/jqvmap/jquery.vmap.js"></script>
<script src="assets/vendor/jqvmap/data/jquery.vmap.sampledata.js"></script>
<script src="assets/vendor/jqvmap/maps/jquery.vmap.world.js"></script>
<script src="assets/vendor/jqvmap/maps/continents/jquery.vmap.africa.js"></script>
<script src="assets/vendor/jqvmap/maps/continents/jquery.vmap.asia.js"></script>
<script src="assets/vendor/jqvmap/maps/continents/jquery.vmap.australia.js"></script>
<script src="assets/vendor/jqvmap/maps/continents/jquery.vmap.europe.js"></script>
<script src="assets/vendor/jqvmap/maps/continents/jquery.vmap.north-america.js"></script>
<script src="assets/vendor/jqvmap/maps/continents/jquery.vmap.south-america.js"></script>
<!-- Theme Base, Components and Settings -->
<script src="assets/javascripts/theme.js"></script>
<!-- Theme Custom -->
<script src="assets/javascripts/theme.custom.js"></script>
<!-- Theme Initialization Files -->
<script src="assets/javascripts/theme.init.js"></script>
<!-- Examples -->
<script src="assets/javascripts/dashboard/examples.dashboard.js"></script>
<!-- --------------- Notify --------------- -->
<!-- Specific Page Vendor -->
<script src="assets/vendor/pnotify/pnotify.custom.js"></script>
<!-- Theme Base, Components and Settings -->
<script src="assets/javascripts/theme.js"></script>
<!-- Theme Custom -->
<script src="assets/javascripts/theme.custom.js"></script>
<!-- Theme Initialization Files -->
<script src="assets/javascripts/theme.init.js"></script>
<script src="assets/javascripts/ui-elements/examples.notifications.js"></script>
<?php
$dates = date('ymd');
$Notify = "SELECT * FROM `tb_order_head` WHERE `index` LIKE '".$dates."%'";
$objnotify = mysqli_query($myConn,$Notify);
while ($resultnotify = mysqli_fetch_array($objnotify)) {
$ar = explode(" ",$resultnotify['datecreate']);
$date = $ar[0];
$time = $ar[1];
$at = explode(":",$time);
$hr = $at[0];
$minutes = $at[1];
$seconds = $at[2];
$fulltime = $hr.":".$minutes.":".$seconds;
?>
<script type="text/javascript">
new PNotify({
title: 'การสั่งซื้อเลขที่ <?php echo $resultnotify['index']; ?>',
text: 'ทำการรายการสั่งซื้อใหม่ เมื่อ. <?php echo $date." เวลา ".$fulltime; ?>',
addclass: 'notification-dark',
hide: false,
buttons: {
sticker: false
}
});
</script>
<?php
}
?>
</body>
</html>