UnknownSec Bypass 403

: /var/www/cotutilitydash/ [ drwxrwxr-x ]
name : areawise_permission.php <?php include "header.php"?> <?php include "sidemenu.php"?> <div id="page-wrapper"> <div class="col-md-12 graphs"> <div class="xs"> <h3>Manage Area Wise Permission</h3> <input type="hidden" class="form-control1" id="hdid" name="hdid"> <div class="well1 white"> <fieldset> <!-- <div class="form-group"> <div class="row"> <div class="col-md-6 grid_box1"> <label class="control-label">Select Area</label> <input type="text" class="form-control1" placeholder=".col-md-2"> </div> <div class="col-md-6"> <label class="control-label">Select Area</label> <input type="text" class="form-control1" placeholder=".col-md-10"> </div> <div class="clearfix"> </div> </div> </div> --> <div class="form-group"> <div class="row"> <div class="col-md-6 grid_box1"> <label class="control-label">Select User</label> <select class="form-control1 ng-invalid ng-invalid-required" ng-model="model.select" required="" id="user" name="user"> </select> </div> <div class="col-md-6 grid_box1"> <label class="control-label">Select Area</label> <select class="form-control1 ng-invalid ng-invalid-required" ng-model="model.select" required="" id="area" name="area" onchange="getequipment(this.value,'')"> </select> </div> <div class="clearfix"> </div> </div> </div> <div class="form-group"> <div class="row"> <div class="col-md-6"> <label class="control-label">Select Equipment</label> <select class="form-control1 ng-invalid ng-invalid-required" ng-model="model.select" required="" id="equipment" name="equipment" onchange="getsubarea(this.value,'')"> </select> </div> <div class="col-md-6 grid_box1"> <label class="control-label">Select Sub Area</label> <select class="form-control1 ng-invalid ng-invalid-required" ng-model="model.select" required="" id="subarea" name="subarea"> </select> </div> <div class="clearfix"> </div> </div> </div> <!-- <div class="form-group filled"> <label class="control-label">Select Area</label> <select class="form-control1 ng-invalid ng-invalid-required" ng-model="model.select" required="" id="area" name="area"> </select> </div> <div class="form-group"> <label class="control-label">Sub Area Name</label> <input type="text" id="subarea" name="subarea" class="form-control1 ng-invalid ng-invalid-required ng-touched" required=""> </div> --> <!-- <div class="form-group"> <label class="control-label">Min. Consumption</label> <input type="text" id="mincon" name="mincon" class="form-control1 ng-invalid ng-invalid-required ng-touched" required=""> </div> <div class="form-group"> <label class="control-label">Max. Consumption</label> <input type="text" id="maxcon" name="maxcon" class="form-control1 ng-invalid ng-invalid-required ng-touched" required=""> </div> --> <div class="form-group"> <button type="submit" onclick="curdsubarea();" class="btn btn-primary" id="btnsave">SAVE</button> <button type="reset" class="btn btn-default" onclick="clearall();">Reset</button> </div> </fieldset> </div> <div class="bs-example4 tab-content" data-example-id="simple-responsive-table"> <h3>Area Wise Permission List</h3> <div class="table-responsive"> <?php $sql= "SELECT mas.id,mas.area,mas.equipment,mas.subarea,cuser.username,case when mas.isdeleted=0 then 'ACTIVE' else 'DEACTIVE' end as status from areapermissiontb as mas,createusertb as cuser where mas.userid=cuser.id order by id DESC"; $result=mysqli_query($conn, $sql) or die("Query Failed."); if (mysqli_num_rows($result)>0) { ?> <table id="studtable" class="table table-striped table-bordered"> <thead> <tr> <th>No.</th> <!-- <th>ID</th> --> <th>User Name</th> <th>Area Name</th> <th>Equipment</th> <th>Sub Area</th> <th>Status</th> <th></th> <th></th> </tr> </thead> <tbody> <?php $serial= 1; while ($row = mysqli_fetch_assoc($result)) { ?> <tr> <td><?php echo $serial ?></td> <!-- <td><?php echo $row['id']; ?></td> --> <td> <?php echo $row['username']; ?> </td> <td> <?php echo $row['area']; ?> </td> <td> <?php echo $row['equipment']; ?> </td> <td> <?php echo $row['subarea']; ?> </td> <td> <?php echo $row['status']; ?> </td> <td align="center"> <a href="#" onclick="edit(<?php echo $row['id']; ?>);" style="corsor:pointer"><i class=" glyphicon glyphicon-pencil"></i></a> <a </td> <td align="center"> <a href="#" onclick="remove(<?php echo $row['id']; ?>);"><i class="glyphicon glyphicon-trash"></i></a> </td> </tr> <?php $serial++; } } ?> </tbody> </table> </div><!-- /.table-responsive --> </div> </div> <script> function getsubarea(equipment,val) { var area = document.getElementById("area").value; var sel = $("#subarea"); sel.empty(); $.ajax({ type: "Post", url: "get_subarea.php", data: '&area=' + area+'&equipment=' + equipment, success: function(res) { var data = JSON.parse(res); $("#subarea").append('<option> </option>'); for (var i = 0; i < data.length; i++) { if (data[i].tname == val) { sel.append('<option value="' + data[i].tname + '" selected=true>' + data[i] .tname + '</option>'); } else { sel.append('<option value="' + data[i].tname + '">' + data[i].tname + '</option>'); } } } }); } function getequipment(val,val1) { var sel = $("#equipment"); sel.empty(); $.ajax({ type: "Post", url: "get_equipment.php", data: '&area=' + val, success: function(res) { var data = JSON.parse(res); $("#equipment").append('<option>Select Equipment</option>'); for (var i = 0; i < data.length; i++) { if (data[i].tname == val1) { sel.append('<option value="' + data[i].tname + '" selected=true>' + data[i] .tname + '</option>'); } else { sel.append('<option value="' + data[i].tname + '">' + data[i].tname + '</option>'); } } // $('#particular').editableSelect(); /// $("#state").html(data); } }); } function getarea(val) { $.ajax({ type: "Post", url: "get_area.php", success: function(res) { var data = JSON.parse(res); var sel = $("#area"); sel.empty(); $("#area").append('<option>Select Area</option>'); for (var i = 0; i < data.length; i++) { if (data[i].tname == val) { sel.append('<option value="' + data[i].tname + '" selected=true>' + data[i] .tname + '</option>'); } else { sel.append('<option value="' + data[i].tname + '">' + data[i].tname + '</option>'); } } // $('#particular').editableSelect(); /// $("#state").html(data); } }); } function getusername(val) { $.ajax({ type: "Post", url: "get_onlyusername.php", success: function(res) { var data = JSON.parse(res); var sel = $("#user"); sel.empty(); $("#user").append('<option>Select User Name</option>'); for (var i = 0; i < data.length; i++) { if (data[i].tid == val) { sel.append('<option value="' + data[i].tid + '" selected=true>' + data[i] .tname + '</option>'); } else { sel.append('<option value="' + data[i].tid + '">' + data[i].tname + '</option>'); } } // $('#particular').editableSelect(); /// $("#state").html(data); } }); } $(document).ready(function() { getusername(""); getarea(""); checkpermission(); $("#studtable").DataTable({ bLengthChange: true, "iDisplayLength": 10, bInfo: false, responsive: true, "bAutoWidth": false }); }); function checkpermission() { var formname = "manage_subarea.php"; try { var urlgetcode = 'get_permissiondetails.php'; $.ajax({ method: 'POST', url: urlgetcode, data: '&formname=' + formname, dataType: 'json', async: true, cache: false, success: function(data) { var btntext = document.getElementById("btnsave").innerHTML; if (btntext == "SAVE") { if (data.add == 0) { $(btnsave).prop("disabled", true); alert( "You do not have permission to add area please contact to administrator" ); return; } else { $(btnsave).prop("disabled", false); } } else if (btntext == "UPDATE") { if (data.edit == 0) { $(btnsave).prop("disabled", true); alert( "You do not have permission to edit area please contact to administrator" ); return; } else { $(btnsave).prop("disabled", false); } } else if (btntext == "DEACTIVE") { if (data.delete == 0) { $(btnsave).prop("disabled", true); alert( "You do not have permission to deactive area please contact to administrator" ); return; } else { $(btnsave).prop("disabled", false); } } else if (btntext == "ACTIVE") { if (data.delete == 0) { $(btnsave).prop("disabled", true); alert( "You do not have permission to active area please contact to administrator" ); return; } else { $(btnsave).prop("disabled", false); } } }, error: function(request) { alert(request.responseText); } }); } catch (Error) { alert(Error); } return; } function clearall() { $('#hdid').val(""); $('#area').val("Select Area"); $('#equipment').val("Select Equipment"); $('#subarea').val("Select Subarea"); $('#user').val("Select User Name"); document.getElementById("btnsave").innerHTML = "SAVE"; checkpermission(); } function remove(id) { var id = id; var identifier = 3; try { var urlgetcode = 'get_areawise_perdetails.php'; $.ajax({ method: 'POST', url: urlgetcode, data: '&id=' + id, dataType: 'json', async: true, cache: false, success: function(data) { $('#hdid').val(data.id); getarea(data.area); getequipment(data.area,data.equipment); getsubarea1(data.area,data.equipment,data.subarea); getusername(data.userid); if (data.status == 0) { document.getElementById("btnsave").innerHTML = "DEACTIVE"; } else { document.getElementById("btnsave").innerHTML = "ACTIVE"; } //checkpermission(); }, error: function(request) { alert(request.responseText); } }); } catch (Error) { alert(Error); } return; } function getsubarea1(area,equipment,val) { var sel = $("#subarea"); sel.empty(); $.ajax({ type: "Post", url: "get_subarea.php", data: '&area=' + area+'&equipment=' + equipment, success: function(res) { var data = JSON.parse(res); $("#subarea").append('<option> </option>'); for (var i = 0; i < data.length; i++) { if (data[i].tname == val) { sel.append('<option value="' + data[i].tname + '" selected=true>' + data[i] .tname + '</option>'); } else { sel.append('<option value="' + data[i].tname + '">' + data[i].tname + '</option>'); } } } }); } function edit(id) { var id = id; try { var urlgetcode = 'get_areawise_perdetails.php'; $.ajax({ method: 'POST', url: urlgetcode, data: '&id=' + id , dataType: 'json', async: true, cache: false, success: function(data) { $('#hdid').val(data.id); getarea(data.area); getequipment(data.area,data.equipment); getsubarea1(data.area,data.equipment,data.subarea); getusername(data.userid); document.getElementById("btnsave").innerHTML = "UPDATE"; // checkpermission(); }, error: function(request) { alert(request.responseText); } }); } catch (Error) { alert(Error); } return; } function curdsubarea() { var flag = true; var inputField2 = document.getElementById("user"); if (inputField2.value == "Select User Name") { flag = false; alert("Please select user name."); document.getElementById("user").focus(); return false; } var inputField1 = document.getElementById("area"); if (inputField1.value == "Select Area") { flag = false; alert("Please select area."); document.getElementById("area").focus(); return false; } var inputField2 = document.getElementById("equipment"); if (inputField2.value == "Select Equipment") { flag = false; alert("Please select equipment."); document.getElementById("equipment").focus(); return false; } var inputField3 = document.getElementById("subarea"); if (inputField3.value == "") { flag = false; alert("Please select subarea."); document.getElementById("subarea").focus(); return false; } var area = document.getElementById("area").value; var equipment = document.getElementById("equipment").value; var subarea = document.getElementById("subarea").value; var user = document.getElementById("user").value; var id = document.getElementById("hdid").value; var btnopration = document.getElementById("btnsave").innerHTML; var identifier = 3; try { if (flag == true) { var text = "Do you want to " + btnopration + " the area wise permission"; if (confirm(text) == false) { flag = false; return false; } var urlgetcode = 'manage_areawiser_per.php'; $.ajax({ method: 'POST', url: urlgetcode, data: ' &area=' + area+' &equipment=' + equipment +' &subarea=' + subarea + '&user=' + user + '&id=' + id + ' &btnopration=' + btnopration, dataType: 'json', async: true, cache: false, success: function(data) { alert(data); window.location.href = "areawise_permission.php"; $('#hdid').val(""); $('#area').val(""); $('#equipment').val(""); $('#subarea').val(""); $('#user').val(""); }, error: function(request) { alert(request.responseText); } }); } } catch (Error) { alert(Error); } return; } </script> <?php include "footer.php"?>