shell bypass 403
<?php
session_start();
include('../include/dbconnect.php');
include('include/sessioncheck.php');
$Msg="";
if(isset($_POST["address_update"])){
$add1=mysqli_real_escape_string($con,$_POST["add1"]);
$mobile=mysqli_real_escape_string($con,$_POST["mobile"]);
$email=mysqli_real_escape_string($con,$_POST["email"]);
$update_address_sql="UPDATE contact_us SET c_partner1='".$add1."',c_mobile1='".$mobile."',c_partner2='".$add1."',c_mobile2='".$mobile."',c_email='".$email."'";
//die($update_con_sql);
mysqli_query($con,$update_address_sql) or die('Update Failed');
$Msg=showSuccessAlert('Address Details Updated Successfully',$con);
}
else if(isset($_REQUEST["map_link_update"])){
$mlink=mysqli_real_escape_string($con,$_POST["m_link"]);
$update_mlink_sql="UPDATE contact_us SET c_map_link='".$mlink."'";
mysqli_query($con,$update_mlink_sql) or die('Update Failed');
$Msg=showSuccessAlert('Map Link Updated Successfully',$con);
}
else if(isset($_REQUEST["area_update"])){
$area_content=mysqli_real_escape_string($con,$_POST["content"]);
$update_area_sql="UPDATE contact_us SET content='".$area_content."'";
mysqli_query($con,$update_area_sql) or die('Update Failed');
$Msg=showSuccessAlert('Updated Successfully',$con);
}
else if(isset($_REQUEST["open_update"])){
$open_hour=mysqli_real_escape_string($con,$_POST["open_hour"]);
$update_sql="UPDATE contact_us SET open_hour='".$open_hour."'";
mysqli_query($con,$update_sql) or die('Update Failed');
$Msg=showSuccessAlert('Updated Successfully',$con);
}
else if(isset($_REQUEST["enq_update"])){
$enq_mail=mysqli_real_escape_string($con,$_POST["enq_mail"]);
$update_enq_sql="UPDATE contact_us SET c_enquiry_mail='".$enq_mail."'";
mysqli_query($con,$update_enq_sql) or die('Update Failed');
$Msg=showSuccessAlert('Enquiry Detail Updated Successfully',$con);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- Meta, title, CSS, favicons, etc. -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php echo TITLE; ?></title>
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="css/bootstrap-fileupload.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css">
<link href="css/font-awesome.min.css" rel="stylesheet">
<!-- NProgress -->
<!--<link href="../vendors/nprogress/nprogress.css" rel="stylesheet">-->
<!-- iCheck -->
<link href="../vendors/iCheck/skins/flat/green.css" rel="stylesheet">
<!-- Custom Theme Style -->
<link href="css/custom.min.css" rel="stylesheet">
</head>
<body class="nav-md">
<div class="container body">
<div class="main_container">
<div class="col-md-3 left_col">
<div class="left_col scroll-view">
<?php include('include/sidebar.php'); ?>
<!-- /menu footer buttons -->
<div class="sidebar-footer hidden-small">
<a data-toggle="tooltip" data-placement="top" title="Settings">
<span class="glyphicon glyphicon-cog" aria-hidden="true"></span>
</a>
<a data-toggle="tooltip" data-placement="top" title="FullScreen">
<span class="glyphicon glyphicon-fullscreen" aria-hidden="true"></span>
</a>
<a data-toggle="tooltip" data-placement="top" title="Lock">
<span class="glyphicon glyphicon-eye-close" aria-hidden="true"></span>
</a>
<a data-toggle="tooltip" data-placement="top" title="Logout">
<span class="glyphicon glyphicon-off" aria-hidden="true"></span>
</a>
</div>
<!-- /menu footer buttons -->
</div>
</div>
<!-- top navigation -->
<?php include('include/header.php'); ?>
<!-- /top navigation -->
<!-- page content -->
<div class="right_col" role="main">
<div class="">
<div class="clearfix"></div>
<div class="row">
<div class="col-md-12 col-sm-12 col-xs-12">
<div class="x_panel">
<div class="x_content">
<br />
<form method="post" enctype="multipart/form-data" data-parsley-validate class="form-horizontal form-label-left">
<?php
$dis_address_sql="SELECT * FROM contact_us";
$dis_address_exe=mysqli_query($con,$dis_address_sql);
$dis_address_result=mysqli_fetch_array($dis_address_exe);
?>
<div class="col-md-12">
<div class="x_title">
<h2> Contact<!--<small>different form elements</small>--></h2>
<div class="clearfix"></div>
</div>
<!-- <div class="form-group">
<label class="col-md-3 control-label">Introduction <span class="required">*</span></label>
<div class="col-md-9">
<textarea class="form-control ckeditor" name="intro" rows="6" required><?php echo $dis_about_result["a_content"]; ?></textarea>
</div>
</div>-->
<div class="form-group">
<div class="col-md-6">
<label class="col-md-4 control-label">Partner1 <span class="required">*</span></label>
<div class="col-md-8">
<input type="text" name="add1" class="form-control" value="<?php echo $dis_address_result["c_partner1"]; ?>" required />
</div>
</div>
<div class="col-md-6">
<label class="col-md-4 control-label">Phone <span class="required">*</span></label>
<div class="col-md-8">
<input type="text" name="mobile" class="form-control" value="<?php echo $dis_address_result["c_mobile1"]; ?>" required />
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-6">
<label class="col-md-4 control-label">Partner2 <span class="required">*</span></label>
<div class="col-md-8">
<input type="text" name="add1" class="form-control" value="<?php echo $dis_address_result["c_partner2"]; ?>" required />
</div>
</div>
<div class="col-md-6">
<label class="col-md-4 control-label">Phone <span class="required">*</span></label>
<div class="col-md-8">
<input type="text" name="mobile" class="form-control" value="<?php echo $dis_address_result["c_mobile2"]; ?>" required />
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-6">
<label class="col-md-4 control-label">Email <span class="required">*</span></label>
<div class="col-md-8">
<input type="text" name="email" class="form-control" value="<?php echo $dis_address_result["c_email"]; ?>" required />
</div>
</div>
</div>
</div>
<div class="ln_solid"></div>
<div class="form-group">
<div class="col-md-6 col-sm-6 col-xs-12 col-md-offset-3">
<button type="submit" class="btn btn-primary">Cancel</button>
<button type="submit" name="address_update" class="btn btn-success">Update</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12 col-sm-12 col-xs-12">
<div class="x_panel">
<div class="x_content">
<form class="form-horizontal" role="form" action="" method="post" enctype="multipart/form-data">
<?php
$dis_map_sql="SELECT * FROM contact_us";
$dis_map_exe=mysqli_query($con,$dis_map_sql);
$dis_map_result=mysqli_fetch_array($dis_map_exe);
?>
<div class="col-md-12">
<div class="x_title">
<h2> Edit Map Detail <!--<small>different form elements</small>--></h2>
<div class="clearfix"></div>
</div>
<div class="form-group">
<div class="col-md-10">
<label class="col-md-2 control-label">Link <span class="required">*</span></label>
<div class="col-md-10">
<input type="text" name="m_link" class="form-control" value="<?php echo $dis_map_result["c_map_link"]; ?>" required />
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-10">
<label class="col-md-2 control-label">Preview </label>
<div class="col-md-10">
<iframe src="<?php echo $dis_map_result["c_map_link"] ?>" width="550" height="350" frameborder="0" style="border:0"></iframe>
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-12">
<div class="admin_btn">
<button type="submit" name="map_link_update" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-primary">Cancel</button>
</div>
</div>
</div>
</div>
</form>
</div></div>
</div>
</div>
<!--Master Mail-->
<div class="row">
<div class="col-md-12">
<div class="x_panel">
<div class="x_content">
<form class="form-horizontal" role="form" action="" method="post" enctype="multipart/form-data">
<?php
$dis_enq_sql="SELECT * FROM contact_us";
$dis_enq_exe=mysqli_query($con,$dis_enq_sql);
$dis_enq_result=mysqli_fetch_array($dis_enq_exe);
?>
<div class="col-md-12">
<div class="x_title">
<h2> Master Mail<!--<small>different form elements</small>--></h2>
<div class="clearfix"></div>
</div>
<div class="form-group">
<div class="col-md-8">
<label class="col-md-4 control-label">Enquiry Email <span class="required">*</span></label>
<div class="col-md-8">
<input type="mail" name="enq_mail" class="form-control" value="<?php echo $dis_enq_result["c_enquiry_mail"]; ?>" required />
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-12">
<div class="admin_btn">
<button type="submit" name="enq_update" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-primary">Cancel</button>
</div>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<!--Service Provider Area-->
<div class="row">
<div class="col-md-12 col-sm-12 col-xs-12">
<div class="x_panel">
<div class="x_content">
<form class="form-horizontal" role="form" action="" method="post" enctype="multipart/form-data">
<?php
$dis_con_sql="SELECT * FROM contact_us";
$dis_con_exe=mysqli_query($con,$dis_con_sql);
$dis_con_result=mysqli_fetch_array($dis_con_exe);
?>
<div class="col-md-12">
<div class="x_title">
<h2> Service Provided Areas<!--<small>different form elements</small>--></h2>
<div class="clearfix"></div>
</div>
<div class="form-group">
<label class="col-md-3 control-label">Content<span class="required">*</span></label>
<div class="col-md-9">
<textarea class="form-control ckeditor" name="content" rows="6" required><?php echo $dis_con_result["content"]; ?></textarea>
</div>
</div>
<div class="form-group">
<div class="col-md-12">
<div class="admin_btn">
<button type="submit" name="area_update" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-primary">Cancel</button>
</div>
</div>
</div>
</div>
</form>
</div></div>
</div>
</div>
<!--Opening Hours-->
<div class="row">
<div class="col-md-12 col-sm-12 col-xs-12">
<div class="x_panel">
<div class="x_content">
<form class="form-horizontal" role="form" action="" method="post" enctype="multipart/form-data">
<?php
$dis_open_sql="SELECT * FROM contact_us";
$dis_open_exe=mysqli_query($con,$dis_open_sql);
$dis_open_result=mysqli_fetch_array($dis_open_exe);
?>
<div class="col-md-12">
<div class="x_title">
<h2> Opening Hours<!--<small>different form elements</small>--></h2>
<div class="clearfix"></div>
</div>
<div class="form-group">
<label class="control-label col-md-3 col-sm-3 col-xs-12" for="first-name">Opening Hour
<span class="required">*</span>
</label>
<div class="col-md-4 col-sm-6 col-xs-12">
<input type="text" name="open_hour" required="required" value="<?php echo $dis_open_result["open_hour"]; ?>" class="form-control col-md-7 col-xs-12">
</div>
</div>
<div class="form-group">
<div class="col-md-12">
<div class="admin_btn">
<button type="submit" name="open_update" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-primary">Cancel</button>
</div>
</div>
</div>
</div>
</form>
</div></div>
</div>
</div>
<?php include('include/footer.php'); ?>
</div>
</div>
<!-- jQuery -->
<script src="js/jquery.min.js"></script>
<!--<script src="js/jquery-1.8.3.min.js"></script>-->
<!-- Bootstrap -->
<script type="text/javascript" src="js/bootstrap-fileupload.js"></script>
<script src="js/bootstrap.min.js"></script>
<!--ckeditor-->
<script type="text/javascript" src="js/ckeditor/ckeditor.js"></script>
<script src="js/moment.min.js"></script>
<script src="js/daterangepicker.js"></script>
<!-- Custom Theme Scripts -->
<script src="js/custom.min.js"></script>
</body>
</html>