shell bypass 403
<?php session_start(); ?>
<!doctype html>
<html class="fixed">
<?php require('inv_header.php'); ?>
<link rel="stylesheet" type="text/css" href="css/waitMe.css">
<link rel="stylesheet" type="text/css" href="css/waitMe.min.css">
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.20/css/jquery.dataTables.css">
<style media="screen">
.color{
overflow: hidden;
width: 40px;
height: 40px;
border: solid 2px #ddd;
border-radius: 40px;
}
.unpay{
background-color: #d2322d;
color: white;
}
.pay{
background-color: #8BC34A;
color: white;
}
.checkpay{
background-color: #FFC107;
color: white;
}
.tran{
background-color: #1d6908;
color: white;
}
/* set model center */
.modal {
text-align: center;
padding: 0!important;
}
.modal:before {
content: '';
display: inline-block;
height: 100%;
vertical-align: middle;
margin-right: -4px;
}
.modal-dialog {
display: inline-block;
text-align: left;
vertical-align: middle;
}
@media (min-width: 1200px)
.container {
width: 1170px;
}
</style>
<body class="waitMe_body">
<div class="waitMe_container img" style="background:#fff">
<div style="background:url('img.svg')"></div>
</div>
<section class="body">
<?php $active = 11; ?>
<?php $subactive = 0; ?>
<?php
$check = "SELECT * FROM `tb_order_head` WHERE `id` = '".$_GET['id']."' ";
$objcheck = mysqli_query($myConn,$check);
$resultcheck = mysqli_fetch_array($objcheck);
$index = "SELECT * FROM `tb_order_head` INNER JOIN tb_order_detail ON tb_order_head.id = tb_order_detail.id WHERE tb_order_head.id ='".$_GET['id']."' ";
$objindex = mysqli_query($myConn,$index);
while ($resultindex = mysqli_fetch_array($objindex)) {
$item[] = $resultindex['id_product'];
$number[] = $resultindex['number'];
$color[] = $resultindex['id_col'];
}
?>
<?php require('inv_nav.php'); ?>
<?php require('inv_manu.php'); ?>
<section role="main" class="content-body">
<header class="page-header">
<h2>เพิ่มเลขพัสดุ</h2>
<div class="right-wrapper pull-right">
<ol class="breadcrumbs">
<li>
<a href="index.php">
<i class="fa fa-home"></i>
</a>
</li>
<li>
<a href="form_listorder.php"><span>รายการสั่งซื้อสินค้า</span></a>
</li>
<li>
<span>เพิ่มเลขพัสดุ</span>
</li>
</ol>
<a class="sidebar-right-toggle" data-open="sidebar-right"></a>
</div>
</header>
<!-- start: page -->
<section class="panel">
<header class="panel-heading">
<h2 class="panel-title">เพิ่มเลขพัสดุ</h2>
</header>
<div class="panel-body">
<form id="save" name="save" enctype="multipart/form-data">
<input type="hidden" id="id" name="id" value="<?php echo $_GET['id']?>">
<input type="hidden" id="order" name="order" value="<?php echo $resultcheck['index']?>">
<input type="hidden" id="item" name="item[]" value="<?php echo $item; ?>">
<input type="hidden" id="number" name="number[]" value="<?php echo $number; ?>">
<input type="hidden" id="color" name="color[]" value="<?php echo $color; ?>">
<div class="modal-body">
<div class="form-group">
<label class="col-sm-3 control-label">Tracking Number <span class="required">*</span></label>
<div class="col-sm-9">
<input type="text" name="traking" class="form-control" id="traking" value="<?php echo $resultcheck['tracking'] ?>">
</div>
</div>
</div>
<div class="footer">
<button type="submit" class="btn btn-primary">Save Data</button>
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</form>
</div>
</section>
<!-- end: page -->
</section>
</section>
<?php require('inv_footer.php'); ?>
<script type="text/javascript" src="js/waitMe.js"></script>
<script type="text/javascript" src="js/waitMe.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.20/js/jquery.dataTables.js"></script>
<script type="text/javascript">
$("#save").submit(function(e){
e.preventDefault();
var item = [];
var number = [];
var color = [];
var id = $('#id').val();
var traking = $('#traking').val();
var order = $('#order').val();
item = $('#item').val();
number = $('#number').val();
color = $('#color').val();
$.ajax({
url: 'sql/sql_trackingnumber.php',
type: "POST",
datatype: "json",
data : {id:id,traking:traking,item:item,number:number,color:color,order:order},
ContentType:"application/json",
success: function(response){
console.log(response);
var x = jQuery.parseJSON(response);
if(x.flag == true){
swal(
'เพิ่มเลขพัสดุสำเร็จ!!',
'',
'success'
)
// window.setTimeout('location.reload()', 2000); //Reloads after 2000 seconds
window.location.href = 'sentmail2.php?id='+order;
}else{
swal(
'error',
x.message,
'error'
)
console.log(x.message);
}
},error: function(err){
alert(err);
}
});
});
</script>
</body>
</html>