shell bypass 403
<?php session_start();
if(isset($_SESSION['status']) != 1 || isset($_SESSION['stauts_login']) != 1 ){
header("Location:index.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>AdminLTE 2 | Dashboard</title>
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<link rel="stylesheet" href="bower_components/bootstrap/dist/css/bootstrap.min.css">
<link rel="stylesheet" href="bower_components/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="bower_components/Ionicons/css/ionicons.min.css">
<link rel="stylesheet" href="dist/css/AdminLTE.css">
<link rel="stylesheet" href="dist/css/skins/_all-skins.min.css">
<link rel="stylesheet" href="bower_components/morris.js/morris.css">
<link rel="stylesheet" href="bower_components/jvectormap/jquery-jvectormap.css">
<link rel="stylesheet" href="bower_components/bootstrap-datepicker/dist/css/bootstrap-datepicker.min.css">
<link rel="stylesheet" href="bower_components/bootstrap-daterangepicker/daterangepicker.css">
<link rel="stylesheet" href="plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.min.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
</head>
<body class="hold-transition skin-blue sidebar-mini">
<div class="wrapper">
<?php include('layout/header.php'); ?>
<?php include('layout/sidebar.php'); ?>
<div class="content-wrapper">
<div class="row" style="margin-left:20px;">
<div class="col-md-12">
<h2>Edit Project</h2>
<hr/>
<?php
include('../config/config.php');
$sql = "SELECT * FROM projects
LEFT JOIN layouts on (layouts.l_id = projects.p_l_id)
LEFT JOIN types on (types.t_id = projects.p_t_id)
LEFT JOIN categorys on (categorys.c_id = projects.p_c_id)
WHERE p_id = ".$_GET['q']." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$check_title = substr($row['p_tt'],0,6);
?>
<form id="edit_project" method="post" enctype="multipart/form-data">
<div id="error_edit_project"></div>
<div class="row">
<div class="col-md-6">
<p class="text-right">
<?php if($row['p_l_id'] == 1){ ?>
<a href="edit_setting_images.php?q=<?php echo $row['p_id']; ?>" class="btn btn-warning"><span class="fa fa-pencil"> Edit Images Detail Project</span></a>
<?php }else if($row['p_l_id'] == 2){ ?>
<a href="edit_setting_images2.php?q=<?php echo $row['p_id']; ?>" class="btn btn-warning"><span class="fa fa-pencil"> Edit Images Detail Project</span></a>
<?php }else if($row['p_l_id'] == 3){ ?>
<a href="edit_setting_images3.php?q=<?php echo $row['p_id']; ?>" class="btn btn-warning"><span class="fa fa-pencil"> Edit Images Detail Project</span></a>
<?php }else if($row['p_l_id'] == 4){
?>
<a href="edit_setting_images4.php?q=<?php echo $row['p_id']; ?>" class="btn btn-warning"><span class="fa fa-pencil"> Edit Images Detail Project</span></a>
<?php
}else if($row['p_l_id'] == 5){
?>
<a href="edit_setting_images5.php?q=<?php echo $row['p_id']; ?>" class="btn btn-warning"><span class="fa fa-pencil"> Edit Images Detail Project</span></a>
<?php
} ?>
</p>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label>Project Name</label>
<input type="text" class="form-control" id="project_name" name="project_name" placeholder="Project Name" value="<?php echo $row['p_name']; ?>">
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label>Project Description</label>
<textarea rows="5" class="form-control" id="project_desc" name="project_desc"><?php echo $row['p_desc']; ?></textarea>
</div>
</div>
</div>
<div class="row">
<div class="col-md-4">
<div class="form-group">
<label>Project Title :</label><span class="text-danger">| **image size : 2000px * 948px</span>
<div class="radio">
<label><input type="radio" name="title_select" id="title_select1" value="1" <?php if($check_title == "upload"){ echo "checked"; } ?> >Title Images</label>
<input type="file" name="title_image" id="title_image" class="form-control">
</div>
<div class="radio">
<label><input type="radio" name="title_select" id="title_select2" value="2" <?php if($check_title != "upload"){ echo "checked"; } ?>>Title Youtube</label>
<input type="text" class="form-control" id="title_youtube" name="title_youtube" placeholder="Title Youtube">
</div>
</div>
</div>
<div class="col-md-2">
<div class="form-group">
<?php if($check_title == "upload"){ echo "<img src="."../".$row['p_tt']." class='img-responsive'/>"; }else{
?>
<div class="embed-responsive embed-responsive-16by9">
<iframe class="embed-responsive-item" src="https://www.youtube.com/embed/<?php echo $row['p_tt']; ?>"></iframe>
</div>
<?php
} ?>
</div>
</div>
</div>
<div class="row">
<div class="col-md-4">
<div class="form-group">
<label>Images Cover</label><span id="text_youtube"></span><span class="text-danger">| **image size : 1200px * 790px / 850px * 1150px</span>
<input type="file" name="im_cover" id="im_cover" class="form-control" >
</div>
</div>
<div class="col-md-2">
<div class="form-group">
<?php if($row['p_typecover'] == "1"){
?>
<div align="center" id="<?php echo $row['p_id']; ?>" class="embed-responsive embed-responsive-16by9">
<video autoplay loop class="embed-responsive-item">
<source src="<?php echo "../".$row['p_im_show']; ?>" type="video/mp4">
</video>
</div>
<?php
}else{
?>
<img src="<?php echo "../".$row['p_im_show']; ?>" id="<?php echo $row['p_id']; ?>" class="img-responsive">
<?php
} ?>
</div>
</div>
</div>
<div class="row">
<div class="col-md-3">
<div class="form-group">
<label>Location :</label>
<input type="text" class="form-control" id="location" name="location" placeholder="Location" value="<?php echo $row['p_location']; ?>">
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<label>Owner :</label>
<input type="text" class="form-control" id="owner" name="owner" placeholder="Owner" value="<?php echo $row['p_owner']; ?>">
</div>
</div>
</div>
<div class="row">
<div class="col-md-3">
<div class="form-group">
<label>Type Project :</label>
<select name="types" id="types" class="form-control">
<option value="<?php echo $row['p_t_id']; ?>"><?php echo $row['t_name']; ?></option>';
<?php
include('../config/config.php');
$sql1 = "SELECT * FROM types WHERE t_id not in ('".$row['p_t_id']."') ";
$res1 = $conn->query($sql1);
$num_rows = $res1->num_rows;
if($num_rows > 0){
while($row1 = $res1->fetch_assoc()){
?>
<option value="<?php echo $row1['t_id']; ?>"><?php echo $row1['t_name']; ?></option>';
<?php
}
}else{
?>
<option value="0">No Layout</option>
<?php
}
?>
</select>
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<label>Category Project :</label>
<select name="cats" id="cats" class="form-control">
<option value="<?php echo $row['p_c_id']; ?>"><?php echo $row['c_name']; ?></option>';
<?php
include('../config/config.php');
$sql1 = "SELECT * FROM categorys WHERE c_id not in ('".$row['p_c_id']."') ";
$res1 = $conn->query($sql1);
$num_rows = $res1->num_rows;
if($num_rows > 0){
while($row1 = $res1->fetch_assoc()){
?>
<option value="<?php echo $row1['c_id']; ?>"><?php echo $row1['c_name']; ?></option>';
<?php
}
}else{
?>
<option value="0">No Category</option>
<?php
}
?>
</select>
</div>
</div>
</div>
<input type="hidden" name="pro_id" id="pro_id" value="<?php echo $row['p_id']; ?>" />
<button class="btn btn-primary" type="submit">Update</button>
<a href="project_list.php" class="btn btn-danger" >Cancel</a>
</form>
<?php
} ?>
</div>
</div>
</section>
</div>
<?php include('layout/aside.php') ?>
<div class="control-sidebar-bg"></div>
</div>
<!-- Modal -->
<div id="myModal" class="modal fade" role="dialog">
<div class="modal-dialog modal-lg">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Layout Select</h4>
</div>
<div class="modal-body">
<div class="col-md-6">
<label>Layout No. 1</label>
<img src="../images/ex1.jpg" class="img-responsive" />
</div>
<div class="col-md-6">
<label>Layout No. 2</label>
<img src="../images/ex2.jpg" class="img-responsive" />
</div>
</div>
<div class="modal-footer">
</div>
</div>
</div>
</div>
</body>
<script src="bower_components/jquery/dist/jquery.min.js"></script>
<script src="bower_components/jquery-ui/jquery-ui.min.js"></script>
<script>
$.widget.bridge('uibutton', $.ui.button);
</script>
<script src="bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
<script src="bower_components/raphael/raphael.min.js"></script>
<script src="bower_components/morris.js/morris.min.js"></script>
<script src="bower_components/jquery-sparkline/dist/jquery.sparkline.min.js"></script>
<script src="plugins/jvectormap/jquery-jvectormap-1.2.2.min.js"></script>
<script src="plugins/jvectormap/jquery-jvectormap-world-mill-en.js"></script>
<script src="bower_components/jquery-knob/dist/jquery.knob.min.js"></script>
<script src="bower_components/moment/min/moment.min.js"></script>
<script src="bower_components/bootstrap-daterangepicker/daterangepicker.js"></script>
<script src="bower_components/bootstrap-datepicker/dist/js/bootstrap-datepicker.min.js"></script>
<script src="plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js"></script>
<script src="bower_components/jquery-slimscroll/jquery.slimscroll.min.js"></script>
<script src="bower_components/fastclick/lib/fastclick.js"></script>
<script src="dist/js/adminlte.min.js"></script>
<script src="dist/js/pages/dashboard.js"></script>
<script src="dist/js/demo.js"></script>
<script src="dist/js/jquery.validate.min.js"></script>
<script src="http://malsup.github.com/jquery.form.js"></script>
<script>
$("input[name=title_select").click(function(){
var value = $(this).val();
if(value == 1){
$("#title_image").show();
$("#title_youtube").hide();
$("#text_youtube").html("");
}else{
$("#title_image").hide();
$("#title_youtube").show();
$("#text_youtube").html("<span class='text-danger'>| **Use Image GIF File </span>");
}
});
$('#edit_project').validate({
rules: {
project_name: {
required: true,
},
project_desc: {
required: true,
},
location: {
required: true,
},
owner: {
required: true,
},
},
messages: {
project_name: {
required: "<p style='color:red'>Please Insert Project Name</p>",
},
project_desc: {
required: "<p style='color:red'>Please Insert Project Description</p>",
},
location: {
required: "<p style='color:red'>Please Insert Loacation</p>",
},
owner: {
required: "<p style='color:red'>Please Insert Owner</p>",
},
},submitHandler: function(form) {
var file_data = $('#title_image').prop('files')[0];
var project_name = $('#project_name').val();
var project_desc = $('#project_desc').val();
var layout = $('#layout').val();
var location = $('#location').val();
var owner = $('#owner').val();
var types = $('#types').val();
var cats = $('#cats').val();
var pro_id = $('#pro_id').val();
var title_youtube = $('#title_youtube').val();
var im_cover = $('#im_cover').prop('files')[0];
var form_data = new FormData();
form_data.append('file', file_data);
form_data.append('project_name', project_name);
form_data.append('project_desc', project_desc);
form_data.append('layout', layout);
form_data.append('location', location);
form_data.append('owner', owner);
form_data.append('title_youtube', title_youtube);
form_data.append('types', types);
form_data.append('cats', cats);
form_data.append('im_cover', im_cover);
form_data.append('q', pro_id);
$.ajax({
url: "update_project.php",
dataType: 'text',
cache: false,
contentType: false,
processData: false,
data: form_data,
type: 'post',
}).done(function(data){
console.log(data);
if(data == 1){
$("#error_edit_project").html('<div class="alert alert-success"><strong>Success! </strong>Edit Project.</div>').fadeIn(1000).delay(3000).fadeOut(function(){ window.location.href="project_list.php" });
$('#edit_project')[0].reset();
}else if(data == 3){
$("#error_edit_project").html('<div class="alert alert-danger"><strong>Please! </strong> Select Type Images Is GIF.</div>').fadeIn(1000).delay(3000).fadeOut();
$('#im_cover').val("");
return false;
}else if(data == 4){
$("#error_edit_project").html('<div class="alert alert-danger"><strong>Please </strong> Insert New Image Title is GIF File </div>').fadeIn(1000).delay(3000).fadeOut();
return false;
}else if(data == 5){
$("#error_edit_project").html('<div class="alert alert-danger"><strong>Please </strong> Insert New Image Title is JPG or PNG File </div>').fadeIn(1000).delay(3000).fadeOut();
return false;
}else{
$("#error_edit_project").html('<div class="alert alert-danger"><strong>Warning! </strong> Not Edit Project </div>').fadeIn(1000).delay(3000).fadeOut();
return false;
}
});
}
});
var _URL = window.URL || window.webkitURL;
$("#title_image").change(function (e) {
var file, img;
if ((file = this.files[0])) {
img = new Image();
img.onload = function () {
var width = this.width;
var height = this.height;
if((width != 2000) || (height != 948)){
alert("ขนาดภาพเกินที่กำหนด");
$("#title_image").val("");
return false;
}
};
img.src = _URL.createObjectURL(file);
}
});
$("#im_cover").change(function (e) {
var file, img;
if ((file = this.files[0])) {
img = new Image();
img.onload = function () {
var width = this.width;
var height = this.height;
if(((width == 1200) || (height == 790)) || ((width == 850) || (height == 1150))){
}else{
alert("ขนาดภาพเกินที่กำหนด");
$("#im_cover").val("");
return false;
}
};
img.src = _URL.createObjectURL(file);
}
});
</script>
</html>