Path : /var/www/html/smart_kpp2_bk17 มีค 69/export/
File Upload :
Current File : /var/www/html/smart_kpp2_bk17 มีค 69/export/xml.php

<?php
header("Content-type:text/xml; charset=UTF-8");              
header("Cache-Control: no-store, no-cache, must-revalidate");             
header("Cache-Control: post-check=0, pre-check=0", false);   
echo '<?xml version="1.0" encoding="utf-8" ?>';
define( "_VALID_", 1 );

require_once "../smss_connect.php";	

$commputer_ip=$_SERVER['REMOTE_ADDR'];
$user_permission=0;
$warning_text="";

$sql="select * from system_export_requester where requester='$_GET[username]' and requester_password='$_GET[password]' and status='1'";
$dbquery = mysqli_query($connect,$sql);
$result1 = mysqli_fetch_array($dbquery);
if($result1){
	if($result1['requester_server_id']==""){
	$user_permission=1;
	}
	else{
		if($commputer_ip==$result1['requester_server_id']){
		$user_permission=1;
		}
		else{
		$warning_text=$warning_text."IP Address คอมพิวเตอร์ไม่ถูกต้อง";
		}
	}
}
else{
$warning_text=$warning_text."Username Password ไม่ถูกต้อง";
}
//////////////////////////
if(isset($_GET['order'])){
$order=$_GET['order'].".php";
}
else{
$order="warning.php";
}

if($user_permission==1){
$sql = "select * from system_export_permission where requester='$_GET[username]' and data_name='$_GET[order]' and status='1'";
$dbquery2 = mysqli_query($connect,$sql);
$result2 = mysqli_fetch_array($dbquery2);
	if($result2){
	require_once "$order";	
	}
	else{
	$warning_text=$warning_text."ไม่ได้รับอนุญาตในข้อมูลนี้";
	require_once "warning.php";	
	}
}
else{
require_once "warning.php";	
}

mysqli_close($connect);
?>