403WebShell

403Webshell
Server IP : 104.21.80.248 / Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : /Inetpub/www/news/edu2018/admin/
Upload File :
[ Back ]
Current File : /Inetpub/www/news/edu2018/admin/fetch.php
<?php
/* Database connection start */
require '../config.php';
$table = "student";
$conn = mysqli_connect($hostname, $user, $pass, $db) or die("Connection failed: " . mysqli_connect_error());
mysqli_set_charset($conn,"utf8");
/* Database connection end */


// storing  request (ie, get/post) global array to a variable  
$requestData= $_REQUEST;


$columns = array( 
// column ของตารางในฐานข้อมูล
	0 =>'code',
	1 =>'prefix', 
	2 =>'name',
	3=> 'sname',
	4=> 'nicname',
	5=> 'class',
	6=> 'rsroom',
	7=> 'pic'	
);

// getting total number records without any search
$sql = "SELECT * FROM $table where active='yes'";
$query=mysqli_query($conn, $sql) or die("fetch.php: get $table");
$totalData = mysqli_num_rows($query);
$totalFiltered = $totalData;  // when there is no search parameter then total number rows = total number filtered rows.


$sql = "SELECT * FROM $table where active='yes'";
if( !empty($requestData['search']['value']) ) {   // if there is a search parameter, $requestData['search']['value'] contains search parameter
	$sql.=" AND ( code LIKE '%".$requestData['search']['value']."%' ";    
	$sql.=" OR name LIKE '%".$requestData['search']['value']."%' ";
	$sql.=" OR sname LIKE '%".$requestData['search']['value']."%' ";	
	$sql.=" OR class LIKE '%".$requestData['search']['value']."%' ";
	$sql.=" OR rsroom LIKE '%".$requestData['search']['value']."%' )";
}
$query=mysqli_query($conn, $sql) or die("fetch.php: get $table");
$totalFiltered = mysqli_num_rows($query); // when there is a search parameter then we have to modify total number filtered rows as per search result. 
$sql.=" ORDER BY ". $columns[$requestData['order'][0]['column']]."   ".$requestData['order'][0]['dir']."  LIMIT ".$requestData['start']." ,".$requestData['length']."   ";
/* $requestData['order'][0]['column'] contains colmun index, $requestData['order'][0]['dir'] contains order such as asc/desc  */	
$query=mysqli_query($conn, $sql) or die("fetch.php: get $table");

$data = array();

$i=1+$requestData['start'];
while( $row=mysqli_fetch_array($query) ) {  // preparing an array

	$nestedData=array(); 

	$nestedData[] = '<center>'.number_format($i).'</center>';
	$nestedData[] = $row["code"];
	$nestedData[] = ''.$row["prefix"].''.$row["name"].' '.$row["sname"].'';		
	$nestedData[] = $row["sname"];
	$nestedData[] = $row["class"];
	$nestedData[] = $row["rsroom"];	
	$nestedData[] = '
	<center>
	<a href=\'index.php?dash='.md5("7").'&id='.$row[0].'&op=mstudent&m=2\'>
	<button type=\'button\' class=\'btn btn-success btn-xs\'><span class=\'glyphicon glyphicon glyphicon-stats\'></span> ผู้ปกครอง <span class=\'badge\'></span></button></a>&nbsp;&nbsp
	<a href=\'index.php?dash='.md5("10").'&code='.$row[0].'&op=mstudent&m=2\'>					
	<button type=\'button\' class=\'btn btn-primary btn-xs\'><span class=\'glyphicon glyphicon glyphicon-stats\'></span> ข้อมูล</button></a>&nbsp;&nbsp;
	<a href=\'index.php?dash='.md5("11").'&id='.$row[0].'&op=mstudent&m=2\'>
	<button type=\'button\' class=\'btn btn-info btn-xs\'><span class=\'glyphicon glyphicon-edit\'></span> แก้ไข</button></a>&nbsp;&nbsp;
<a href=\'#del'.$row[0].'\' type=\'input\' class=\'btn btn-danger btn-xs glyphicon glyphicon-trash del-co\'  data-toggle=\'modal\'  data-toggle=\'tooltip\' title=\'ลบข้อมูล\'></a>
<!-- Modal -->
  <div class=\'modal fade\' id=del'.$row[0].' role=\'dialog\'>
    <div class=\'modal-dialog\'>
      <div class=\'modal-content\'>
        <div class=\'modal-header\'>
          <button type=\'button\' class=\'close\' data-dismiss=\'modal\'>&times;</button>
          <h4 class=\'modal-title\'>ลบข้อมูล</h4>
        </div>
        <div class=\'modal-body\'>
			 <div class=\'row clearfix\'>
				<div class=\'col-md-2\'>
				<center><img src=\'../img/what.jpg\' width=\'70\'></center>
				</div>
				<div class=\'col-md-10\'><br>
					<p align=\'left\'>คุณต้องการลบข้อมูล <font color=\'red\'>'.$row[1].''.$row[2].'&nbsp;'.$row[3].' </font>จากระบบหรือไม่?</p>
					<p align=\'left\'>ข้อมูลผู้ปกครอง ข้อมูลคะแนนความประพฤติ จะถูกลบออกด้วย</p>
				</div>
              </div>
			 
        </div>
        <div class=\'modal-footer\'>
          <button type=\'button\' class=\'btn btn-default\' data-dismiss=\'modal\'>ยกเลิก</button>
		  <a href=\'index.php?dash='.md5("3").'&id='.$row[0].'&action=delstu&op=mstudent&m=2\' class=\'btn btn-danger\' role=\'button\'>ลบข้อมูล</a>
        </div>
      </div>      
    </div>
  </div>	
    </center>
	';
	$data[] = $nestedData;
	$i++;
}

$json_data = array(
			"draw"            => intval( $requestData['draw'] ),   // for every request/draw by clientside , they send a number as a parameter, when they recieve a response/data they first check the draw number, so we are sending same number in draw. 
			"recordsTotal"    => intval( $totalData ),  // total number of records
			"recordsFiltered" => intval( $totalFiltered ), // total number of records after searching, if there is no searching then totalFiltered = totalData
			"data"            => $data   // total data array
			);

echo json_encode($json_data);  // send data as json format

?>
Youez - 2016 - github.com/yon3zu
LinuXploit