jpsagrisolution.com - UnknownSec 403

UnknownSec Bypass 403

: /var/www/html/adminpnl/ [ drwxr-xr-x ]
name : load_token_report.php
 <?php
      include "../conclass.php";
       session_start();

       if(!isset($_SESSION['admincanteenname'])){
              header("Location: {$hostname}/admin_login.php");
  }

   $canteenname= $_SESSION["admincanteenname"];


$connect = new PDO("mysql:localhost=3306; dbname=stbookingslotdb", "root", "vG!fM@*p!8#3P3bss(_%FE");

/*function get_total_row($connect)
{
  $query = "
  SELECT * FROM tbl_webslesson_post
  ";
  $statement = $connect->prepare($query);
  $statement->execute();
  return $statement->rowCount();
}

$total_record = get_total_row($connect);*/

$limit = '1000';
$page = 1;
if($_POST['page'] > 1)
{
  $start = (($_POST['page'] - 1) * $limit);
  $page = $_POST['page'];
}
else
{
  $start = 0;
}

$from=$_POST['fromdate'];
 $to= $_POST['todate'];


   $fromdateArray = array();

    $fromdateArray=explode('-',$from);

     $todateArray = array();
    $todateArray=explode('-',$to);

         $fromdateformat = intval($fromdateArray[2])."-".intval($fromdateArray[1])."-".intval($fromdateArray[0]);
         $todateformat = intval($todateArray[2])."-".intval($todateArray[1])."-".intval($todateArray[0]);


         $totalglcount="";

         $qry="select * from bookingqry
                where itemcategory='Grocery' and  bookingdatetime between '".$fromdateformat."' and  '".$todateformat."' and canteenname='".$canteenname."' ";

          $statement = $connect->prepare($qry);
           $statement->execute();
           $groceycount = $statement->rowCount();



           $qry="select * from bookingqry
                where itemcategory='Grocery and Liquor' and  bookingdatetime between '".$fromdateformat."' and  '".$todateformat."' and canteenname='".$canteenname."' ";

          $statement = $connect->prepare($qry);
           $statement->execute();
           $groceyliquorcount = $statement->rowCount();



            $qry="select * from bookingqry
                where itemCategory='Liquor' and  bookingdatetime between '".$fromdateformat."' and  '".$todateformat."' and canteenname='".$canteenname."' ";

          $statement = $connect->prepare($qry);
           $statement->execute();
           $liquorcount = $statement->rowCount();

             if($groceyliquorcount>0)
             {
                 $totalglcount= $totalglcount." Total Grocery and Liquor Token :".$groceyliquorcount;

             }

           if($groceycount>0)
                 $totalglcount= $totalglcount." Total Grocery Token :".$groceycount;

                  if($liquorcount>0)
                 $totalglcount= $totalglcount." Total Liquor Token :".$liquorcount;


$query = "
       select newtokenno,tokenno, CONCAT( REPLACE(Left(personalno,Char_Length(Trim(personalno))-4),Left(Trim(personalno),Char_Length(Trim(personalno))-4),'XXXXX'),'',RIGHT(Trim(personalno),4)) as personalno ,name,cusrank,mobileno,case when isdeleted=0 then 'Booked' else 'Cancel' end bookingtype,
    Case When ItemCategory='Grocery and Liquor' then 'Gro & Liq' else ItemCategory end as ItemCategory,TIME_FORMAT(bookingtime, '%h %i %p') as bookingtime
    from bookingqry where bookingdatetime between '".$fromdateformat."' and  '".$todateformat."' and canteenname='".$canteenname."' order by tokenno  ";



$filter_query = $query . 'LIMIT '.$start.', '.$limit.'';

$statement = $connect->prepare($query);
$statement->execute();
$total_data = $statement->rowCount();

$statement = $connect->prepare($filter_query);
$statement->execute();
$result = $statement->fetchAll();
$total_filter_data = $statement->rowCount();

if($total_filter_data ==0)

{      $msg="No Record Found";
      echo $msg;
 return;
}

$output = '
 <div align="Center"><label>Canteen Name - '.$canteenname.' </label>  </div>

  <div align="Center"><label>From Date - '.$from.' To Date-'.$to.' </label></div>

<div align="Center"> <label>Total Records - '.$total_data.' </label> </div>

 <div align="Center"> <label>'.$totalglcount.' </label></div>
<table class="table table-striped table-bordered">
  <tr>
    <th>Tok. No</th>
    <th>Personal No</th>

      <th>Name</th>
       <th>Rank</th>
        
         <th>Type</th>
          <th>Category</th>

          <th>Time</th>

  </tr>
';
if($total_data > 0)
{
  foreach($result as $row)
  {
    $output .= '
    <tr>
      <td>'.$row["tokenno"].'</td>
      <td>'.$row["personalno"].'</td>
       <td>'.$row["name"].'</td>
        <td>'.$row["cusrank"].'</td>
                   <td>'.$row["bookingtype"].'</td>
           <td>'.$row["ItemCategory"].'</td>
            <td>'.$row["bookingtime"].'</td>


    </tr>
    ';
  }
}
else
{
  $output .= '
  <tr>
    <td colspan="8" align="center">No Data Found</td>
  </tr>
  ';
}

$output .= '
</table>
<br />
<div align="center">
  <ul class="pagination">
';

$total_links = ceil($total_data/$limit);
$previous_link = '';
$next_link = '';
$page_link = '';

//echo $total_links;

if($total_links > 4)
{
  if($page < 5)
  {
    for($count = 1; $count <= 5; $count++)
    {
      $page_array[] = $count;
    }
    $page_array[] = '...';
    $page_array[] = $total_links;
  }
  else
  {
    $end_limit = $total_links - 5;
    if($page > $end_limit)
    {
      $page_array[] = 1;
      $page_array[] = '...';
      for($count = $end_limit; $count <= $total_links; $count++)
      {
        $page_array[] = $count;
      }
    }
    else
    {
      $page_array[] = 1;
      $page_array[] = '...';
      for($count = $page - 1; $count <= $page + 1; $count++)
      {
        $page_array[] = $count;
      }
      $page_array[] = '...';
      $page_array[] = $total_links;
    }
  }
}
else
{
  for($count = 1; $count <= $total_links; $count++)
  {
    $page_array[] = $count;
  }
}

for($count = 0; $count < count($page_array); $count++)
{
  if($page == $page_array[$count])
  {
    $page_link .= '
    <li class="page-item active">
      <a class="page-link" href="#">'.$page_array[$count].' <span class="sr-only">(current)</span></a>
    </li>
    ';

    $previous_id = $page_array[$count] - 1;
    if($previous_id > 0)
    {
      $previous_link = '<li class="page-item"><a class="page-link" href="javascript:void(0)" data-page_number="'.$previous_id.'">Previous</a></li>';
    }
    else
    {
      $previous_link = '
      <li class="page-item disabled">
        <a class="page-link" href="#">Previous</a>
      </li>
      ';
    }
    $next_id = $page_array[$count] + 1;
    if($next_id >= $total_links)
    {
      $next_link = '
      <li class="page-item disabled">
        <a class="page-link" href="#">Next</a>
      </li>
        ';
    }
    else
    {
      $next_link = '<li class="page-item"><a class="page-link" href="javascript:void(0)" data-page_number="'.$next_id.'">Next</a></li>';
    }
  }
  else
  {
    if($page_array[$count] == '...')
    {
      $page_link .= '
      <li class="page-item disabled">
          <a class="page-link" href="#">...</a>
      </li>
      ';
    }
    else
    {
      $page_link .= '
      <li class="page-item"><a class="page-link" href="javascript:void(0)" data-page_number="'.$page_array[$count].'">'.$page_array[$count].'</a></li>
      ';
    }
  }
}

$output .= $previous_link . $page_link . $next_link;
$output .= '
  </ul>

</div>
';

echo $output;

?>