403Webshell
Server IP : 104.21.80.248  /  Your IP : 172.71.28.155
Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586
User : SYSTEM ( 0)
PHP Version : 5.6.30
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  E:/Inetpub/www/training/group/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : E:/Inetpub/www/training/group/question_form_old.php
<?php
include("../session.php");
if ($role != 'group') {
    header("Location: ../index.php");
    exit;
}

include("../db.php");

if (!isset($_GET['subject_id'])) {
    echo "กรุณาระบุ subject_id"; exit;
}

$subject_id = intval($_GET['subject_id']);
$user_id = $_SESSION['user_id'];

// ตรวจสอบว่าวิชานี้เป็นของกลุ่มนี้จริงไหม
$res = mysqli_query($conn, "SELECT id FROM subjects WHERE id = $subject_id AND group_id = $user_id");
if (mysqli_num_rows($res) == 0) {
    echo "คุณไม่มีสิทธิ์ในวิชานี้"; exit;
}

$question = $choice1 = $choice2 = $choice3 = $choice4 = $correct_choice = "";
$score = 1;
$is_edit = false;

if (isset($_GET['id'])) {
    $is_edit = true;
    $id = intval($_GET['id']);
    $res = mysqli_query($conn, "SELECT * FROM questions WHERE id = $id AND subject_id = $subject_id");
    if ($row = mysqli_fetch_assoc($res)) {
        $question = $row['question'];
        $choice1 = $row['choice1'];
        $choice2 = $row['choice2'];
        $choice3 = $row['choice3'];
        $choice4 = $row['choice4'];
        $correct_choice = $row['correct_choice'];
        $score = $row['score'];
    } else {
        echo "ไม่พบคำถาม"; exit;
    }
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $question = trim($_POST['question']);
    $choice1 = trim($_POST['choice1']);
    $choice2 = trim($_POST['choice2']);
    $choice3 = trim($_POST['choice3']);
    $choice4 = trim($_POST['choice4']);
    $correct_choice = $_POST['correct_choice'];
    $score = intval($_POST['score']);

    if ($is_edit) {
        $sql = "UPDATE questions SET question='$question', choice1='$choice1', choice2='$choice2',
                choice3='$choice3', choice4='$choice4', correct_choice='$correct_choice', score=$score
                WHERE id=$id AND subject_id=$subject_id";
    } else {
        $sql = "INSERT INTO questions 
                (subject_id, question, choice1, choice2, choice3, choice4, correct_choice, score)
                VALUES 
                ($subject_id, '$question', '$choice1', '$choice2', '$choice3', '$choice4', '$correct_choice', $score)";
    }

    mysqli_query($conn, $sql);
    header("Location: questions.php?subject_id=$subject_id");
    exit;
}
?>

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title><?php echo $is_edit ? "แก้ไข" : "เพิ่ม"; ?> คำถาม</title>
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
    <script>
    function updateCorrectChoices() {
        const correctSelect = document.getElementById("correct_choice");
        const selected = correctSelect.value;
        correctSelect.innerHTML = '<option value="">-- เลือก --</option>';
        for (let i = 1; i <= 4; i++) {
            let val = document.getElementById("choice" + i).value;
            if (val.trim() !== "") {
                let opt = document.createElement("option");
                opt.value = i;
                opt.text = "ตัวเลือกที่ " + i + ": " + val;
                if (selected == i) opt.selected = true;
                correctSelect.appendChild(opt);
            }
        }
    }
    window.onload = function () {
        updateCorrectChoices();
        for (let i = 1; i <= 4; i++) {
            document.getElementById("choice" + i).addEventListener("input", updateCorrectChoices);
        }
    };
    </script>
</head>
<body>
<div class="container">
    <h3 class="text-center"><?php echo $is_edit ? "แก้ไข" : "เพิ่ม"; ?> คำถาม</h3>
    <form method="post">
        <div class="form-group"><label>คำถาม</label>
            <textarea name="question" class="form-control" required><?php echo htmlspecialchars($question); ?></textarea>
        </div>
        <?php for ($i = 1; $i <= 4; $i++): ?>
        <div class="form-group">
            <label>ตัวเลือก <?php echo $i; ?><?php echo $i > 2 ? " (ไม่บังคับ)" : ""; ?></label>
            <input type="text" name="choice<?php echo $i; ?>" id="choice<?php echo $i; ?>" class="form-control"
                value="<?php echo htmlspecialchars(${"choice$i"}); ?>" <?php echo $i <= 2 ? "required" : ""; ?>>
        </div>
        <?php endfor; ?>
        <div class="form-group">
            <label>คำตอบที่ถูกต้อง</label>
            <select name="correct_choice" id="correct_choice" class="form-control" required></select>
        </div>
        <div class="form-group">
            <label>คะแนน</label>
            <input type="number" name="score" class="form-control" required min="1" value="<?php echo $score; ?>">
        </div>
        <button type="submit" class="btn btn-success"><?php echo $is_edit ? "อัปเดต" : "บันทึก"; ?></button>
    </form>
</div>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit