One Hat Cyber Team

Your IP : 216.73.216.240

Server IP : 162.240.106.28

Server : Linux server.ganesand.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64

Server Software : Apache

PHP Version : 7.1.33

Buat File | Buat Folder

Dir : ~/home/thoa/public_html/admin/

Edit File: mg_status.php

<?php include('config.php');

error_reporting(0);

if($_POST['submit']){

$app_id = mysql_real_escape_string($_POST['app_id']);

$reg_no = mysql_real_escape_string($_POST['reg_no']);
			  
			  $status = mysql_real_escape_string($_POST['status']); 
	
			  $for = mysql_real_escape_string($_POST['for']); 
			  
			  $forsub = mysql_real_escape_string($_POST['forsub']); 			  
			  
			  $package = mysql_real_escape_string($_POST['package']);

$name = mysql_real_escape_string($_POST['name']); 
			  
			  $passportno = mysql_real_escape_string($_POST['passportno']); 
	 
			  $sex = mysql_real_escape_string($_POST['sex']); 
	 
			  $dob = mysql_real_escape_string($_POST['dob']); 
			  
			  $address = mysql_real_escape_string($_POST['address']); 			  
			  
			  $date = mysql_real_escape_string($_POST['date']); 
			  
	  		  $maknam = mysql_real_escape_string($_POST['maknam']);

$makadd = mysql_real_escape_string($_POST['makadd']);	
			  
	  		  $makmob = mysql_real_escape_string($_POST['makmob']);	
			  
	  		  $makpho = mysql_real_escape_string($_POST['makpho']);

$makfax = mysql_real_escape_string($_POST['makfax']);

$makweb = mysql_real_escape_string($_POST['makweb']);

$makmail = mysql_real_escape_string($_POST['makmail']);

$makgait = mysql_real_escape_string($_POST['makgait']);

$makhar = mysql_real_escape_string($_POST['makhar']);

$makstay = mysql_real_escape_string($_POST['makstay']);

$makto = mysql_real_escape_string($_POST['makto']);	
			  
					
	  		  $madnam = mysql_real_escape_string($_POST['madnam']);

$madadd = mysql_real_escape_string($_POST['madadd']);	
			  
	  		  $madmob = mysql_real_escape_string($_POST['madmob']);	
			  
	  		  $madpho = mysql_real_escape_string($_POST['madpho']);

$madfax = mysql_real_escape_string($_POST['madfax']);

$madweb = mysql_real_escape_string($_POST['madweb']);

$madmail = mysql_real_escape_string($_POST['madmail']);

$madgait = mysql_real_escape_string($_POST['madgait']);

$madhar = mysql_real_escape_string($_POST['madhar']);

$madstay = mysql_real_escape_string($_POST['madstay']);

$madto = mysql_real_escape_string($_POST['madto']);

$azinam = mysql_real_escape_string($_POST['azinam']);

$aziadd = mysql_real_escape_string($_POST['aziadd']);	
			  
	  		  $azimob = mysql_real_escape_string($_POST['azimob']);	
			  
	  		  $azipho = mysql_real_escape_string($_POST['azipho']);

$azifax = mysql_real_escape_string($_POST['azifax']);

$aziweb = mysql_real_escape_string($_POST['aziweb']);

$azimail = mysql_real_escape_string($_POST['azimail']);

$azigait = mysql_real_escape_string($_POST['azigait']);

$azihar = mysql_real_escape_string($_POST['azihar']);

$azistay = mysql_real_escape_string($_POST['azistay']);	
			  
	  		  $azito = mysql_real_escape_string($_POST['azito']);

$munam = mysql_real_escape_string($_POST['munam']);

$muser = mysql_real_escape_string($_POST['muser']);

$muadd = mysql_real_escape_string($_POST['muadd']);	
			  
	  		  $mumob = mysql_real_escape_string($_POST['mumob']);	
			  
	  		  $mupho = mysql_real_escape_string($_POST['mupho']);

$mufax = mysql_real_escape_string($_POST['mufax']);

$muweb = mysql_real_escape_string($_POST['muweb']);

$mumail = mysql_real_escape_string($_POST['mumail']);

$mugait = mysql_real_escape_string($_POST['mugait']);

$mustay = mysql_real_escape_string($_POST['mustay']);				  
			 
			if($_GET['id']==""){

$querytot=mysql_query("select *  from newstatus where app_id='".$app_id."'");
					if($rowtot=mysql_fetch_array($querytot))
					{

?>
<script type="text/javascript">
alert("Status already submitted");
location.href = 'mg_status.php';</script>
<?				
					
					
					
					}
			
			else{

$ins = mysql_query("insert into newstatus (app_id, reg_no, status, for1,package, surname, name, passportno, sex, dob, address,date,MAK_NAM,MAK_ADD,MAK_MOB,MAK_PHO,MAK_FAX,MAK_WEB,MAK_MAIL,MAK_GAIT,MAK_HAR,MAK_STAY,MAK_TO,MAD_NAM,MAD_ADD,MAD_MOB,MAD_PHO,MAD_FAX,MAD_WEB,MAD_MAIL,MAD_GAIT,MAD_HAR,MAD_STAY,MAD_TO,AZI_NAM,AZI_ADD,AZI_MOB,AZI_PHO,AZI_FAX,AZI_WEB,AZI_MAIL,AZI_GAIT,AZI_HAR,AZI_STAY,AZI_TO,MU_NAM,MU_SER,MU_ADD,MU_MOB,MU_PHO,MU_FAX,MU_WEB,MU_MAIL,MU_GAIT,MU_STAY) values ('$app_id','$reg_no','$status','$for','$forsub','$package','$name','$passportno','$sex','$dob','$address','$date','$maknam','$makadd','$makmob','$makpho','$makfax','$makweb','$makmail','$makgait','$makhar','$makstay','$makto','$madnam','$madadd','$madmob','$madpho','$madfax','$madweb','$madmail','$madgait','$madhar','$madstay','$madto','$azinam','$aziadd','$azimob','$azipho','$azifax','$aziweb','$azimail','$azigait','$azihar','$azistay','$azito','$munam','$muser','$muadd','$mumob','$mupho','$mufax','$muweb','$mumail','$mugait','$mustay')");	
	
		  			?><script>alert("Inserted sucessfully");
			</script><?
			           
	
			}  }

}

?>

<!DOCTYPE html>

<html>

<head>

<title>Admin Panel</title>

<!--[if lt IE 9]>

<![endif]-->

addCalendar("date", "date", "", "2003/03/20", "cal-1", "cal-2", 0, 0);

addDateTips("date", "2003/03/01", "- sometimes it dances<br>- and sometimes it flies<br>- but I don't know<br>- when it dances<br>- and when it flies");

addDateTips("date", "2003/03/15", "mocha is my favorite");

addDateTips("date", "2003/03/30", "here is a message for you");

</script>

function getXMLHTTP() { //fuction to return the xml http object

var xmlhttp=false;

try{

xmlhttp=new XMLHttpRequest();

}

catch(e)	{

try{

xmlhttp= new ActiveXObject("Microsoft.XMLHTTP");

}

catch(e){

try{

xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");

}

catch(e1){

xmlhttp=false;

}

return xmlhttp;

}

function getpass(strURL) {

var req = getXMLHTTP();

if (req) {

req.onreadystatechange = function() {

if (req.readyState == 4) {

// only if "OK"

if (req.status == 200) {

document.getElementById('valpassport1').innerHTML=req.responseText;

} else {

alert("There was a problem while using XMLHTTP:\n" + req.statusText);

}

req.open("GET", strURL, true);

req.send(null);

}

}
	$(document).ready(function(){
		$("table").width('100%');
	});

</script>

</head>

tinymce.init({

selector: "textarea",

themes: "modern",

plugins: [

"advlist autolink lists link image charmap print preview anchor",

"searchreplace visualblocks code fullscreen",

"insertdatetime media table contextmenu paste"

],

});

</script>

$.ajax({
  type: "GET",
  url: "get_cust.php?cid="+cid,
    success: function(result){
     $("#custid").html(result);
  }

});

}
</script>

<body>

<a href="#">
					<span class="sr-only">Toggle navigation</span>

</button>

<a class="navbar-brand" href="#">Admin</a>

<li><a href="#"><span class="glyphicon glyphicon-user"></span> Profile</a></li>

<li><a href="#"><span class="glyphicon glyphicon-cog"></span> Settings</a></li>

<li><a href="logou.php"><span class="glyphicon glyphicon-log-out"></span> Logout</a></li>

</ul>

</li>

</ul>

</div>

</div>

</nav>

</div>
		
	<div class="col-sm-9 col-sm-offset-3 col-lg-10 col-lg-offset-2 main">			
		<div class="row">
			<ol class="breadcrumb">
				<li><a href="dash.php"><span class="glyphicon glyphicon-home"></span></a></li>

<li class="active">Manage Status</li>

</ol>

</div>

<div class="col-lg-8">
				<h2 class="page-header">Add New Status</h2>

</div>

</div>

<tr>

</tr>

</table>

<label for="exampleInputEmail1">Enter Status Details:</label>
					  
					</div>

<label for="exampleInputEmail1">Choose :</label>
					<div class="container">						
					<?php 
					$queryear=mysql_query("select *  from year ORDER BY Y_LIST DESC");
					while($rowyear=mysql_fetch_array($queryear)) {?>	
					 <div class="box">
					 <div class="top">
					<?php echo $yr=$rowyear['Y_LIST'];?>				
					</div>
					<br>
					<?php 
					$querypak=mysql_query("select *  from package");
					while($rowpak=mysql_fetch_array($querypak)) {?>	
					<div class="panel-body bottom">
					<div class="box1">
<h4 style="color:red;" class="top1"><?php echo $pk=$rowpak['P_NAME'];?></h4>
<div class="panel-body bottom1">
					
					<select class="form-control" onclick="cust(this.value);"> 	
				<?	$querys=mysql_query("select *  from newapplication where APP_DATE like '$yr-%-%' AND AP_SEL='$pk' AND AP_CANCEL='0' ORDER BY AP_ID DESC");
					while($rows=mysql_fetch_array($querys)) {?>							
				<option value="<?php echo $rows['AP_NO'];?>"><?php echo $rows['AP_NO'];?></option>    
						 <?php }?>					
					</select>
					</div>
					</div>

</div>
					
					<? } ?>
					</div>
					<? } ?>
					</div>					  
  </div>

</div>

</div>
</section>

<hr>

</div>

$('#calendar').datepicker({

});

!function ($) {

$(document).on("click","ul.nav li.parent > a > span.icon", function(){

$(this).find('em:first').toggleClass("glyphicon-minus");

});

$(".sidebar span.icon").find('em:first').addClass("glyphicon-plus");

}(window.jQuery);

$(window).on('resize', function () {

if ($(window).width() > 768) $('#sidebar-collapse').collapse('show')

})

$(window).on('resize', function () {

if ($(window).width() <= 767) $('#sidebar-collapse').collapse('hide')

})

</script>

.container .box1 .bottom1 {

display: none;
}
.container .box .top {
  padding: 12px;
  background-color: blue;
  color: white;
  cursor: pointer;
}

.container .box .bottom {

display: none;
}

@media (min-width: 501px) and (max-width: 2000px){
.container .box {
width:auto;
max-width:900px;
}
.container .box1 {
width:auto;
max-width:900px;
}

}

@media (min-width: 5px) and (max-width: 500px){
.container .box {
width:100%;
max-width:350px;
}

.container .box1 {
width:100%;
max-width:350px;
}
}
</style>
</body>

</html>