| Server IP : 192.169.170.185 / Your IP : 216.73.216.97 Web Server : Apache System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64 User : akhilnew ( 1712764) PHP Version : 5.6.40 Disable Function : NONE MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/akhilnew/public_html/electrojournal.com/admin/inc/ |
Upload File : |
<?php
require_once('editors.functions.php');
if($option === 'delete' OR $option === 'enabled' OR $option === 'disabled' OR $option === 'showpicture' OR $option === 'hidepicture' OR $option === 'removepicture'):
if( ! $dataid):
die(output('Nothing selected.'));
endif;
foreach($dataid as $id):
$stmt = $mysqli->prepare("SELECT picture FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($picture);
$stmt->fetch();
$stmt->close();
if($count_rows === 1):
if($option === 'delete'):
$stmt = $mysqli->prepare("DELETE FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$e = $stmt->execute();
$stmt->close();
if($e):
$fn->delete_file($uploadpath.$page.'/'.$picture);
$text = 'Content has been deleted.';
$stat = true;
else:
die(output('Content has not been deleted.'));
endif;
elseif($option === 'enabled' OR $option === 'disabled'):
$stmt = $mysqli->prepare("UPDATE $table SET status = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('si', $option, $id);
$e = $stmt->execute();
$stmt->close();
if($e):
$text = 'Selected element has been marked as '.$option.'.';
$stat = true;
else:
die(output('Selected element has not been marked as '.$option.'.'));
endif;
elseif($option === 'showpicture' OR $option === 'hidepicture'):
$pictureshow = $option === 'showpicture' ? 'Y' : 'N';
$stmt = $mysqli->prepare("UPDATE $table SET pictureshow = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('si', $pictureshow, $id);
$e = $stmt->execute();
$stmt->close();
if($e):
$text = 'You changes have been saved.';
$stat = true;
else:
die(output('You changes have not been saved.'));
endif;
elseif($option === 'removepicture'):
if($picture && file_exists($uploadpath.$page.'/'.$picture)):
if(@unlink($uploadpath.$page.'/'.$picture)):
$stmt = $mysqli->prepare("UPDATE $table SET picture = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('si', $null, $id);
$stmt->execute();
$stmt->close();
$text = 'Picture has been removed.';
$stat = true;
else:
die(output('Picture has not been removed.'));
endif;
else:
die(output('Picture doesn\'t exist.'));
endif;
else:
die(output('No valid action found.'));
endif;
else:
die(output('Content is not found.'));
endif;
endforeach;
die(output(array('text' => $text, 'stat' => $stat)));
elseif($option === 'add' OR ($option === 'edit' && $dataid)):
$category = $fn->escape($_POST['category']);
$applytoall = isset($_POST['applytoall']) ? $fn->escape($_POST['applytoall']) : 'N';
$subcategory= $fn->escape($_POST['subcategory']);
$name = $fn->escape($_POST['name']);
$name = stripslashes($name);
$degree = $fn->escape($_POST['degree']);
$degree = stripslashes($degree);
$post = $fn->escape($_POST['post']);
$post = stripslashes($post);
$content = $fn->escape($_POST['content']);
$content = stripslashes($content);
$email = $fn->escape($_POST['email']);
$email = strtolower($email);
$emailshow = isset($_POST['emailshow']) ? $fn->escape($_POST['emailshow']) : 'N';
$phone = $fn->escape($_POST['phone']);
$phone = preg_replace('/[^0-9+-,]/', '', $phone);
$phoneshow = isset($_POST['phoneshow']) ? $fn->escape($_POST['phoneshow']) : 'N';
$my_pic = $fn->escape($_FILES['picture']['name']);
$pictmp = $fn->escape($_FILES['picture']['tmp_name']);
$picext = strtolower(pathinfo($my_pic, PATHINFO_EXTENSION));
$pictureshow= isset($_POST['pictureshow']) ? $fn->escape($_POST['pictureshow']) : 'N';
$catsortnumber = $fn->escape($_POST['catsortnumber']);
$catsortnumber = preg_replace('/[^0-9]/', '', $catsortnumber);
$send_email = isset($_POST['send_email']) ? $fn->escape($_POST['send_email']) : 'N';
$send_certificate= isset($_POST['send_certificate']) ? $fn->escape($_POST['send_certificate']) : 'N';
$send_sms = isset($_POST['send_sms']) ? $fn->escape($_POST['send_sms']) : 'N';
$status = isset($_POST['status']) ? $fn->escape($_POST['status']) : 'disabled';
$newpic = date('ymdhis').'.'.$picext;
$validext = array('jpg', 'jpeg', 'png', 'gif');
if(!is_dir(rtrim($uploadpath, '/'))):
@mkdir(rtrim($uploadpath, '/'));
endif;
if(!is_dir($uploadpath.$page)):
@mkdir($uploadpath.$page);
endif;
$stmt = $mysqli->prepare("SELECT * FROM $table WHERE (name = ? AND email = ?)") or die(output($mysqli->error));
$stmt->bind_param('ss', $name, $email);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->close();
if(empty($category)):
die(output('Please select category or enter a new category.'));
elseif(empty($name)):
die(output('Please enter editor name.'));
elseif(empty($content)):
die(output('Please enter content.'));
elseif($email && $fn->valid_email($email) === false):
die(output('Please enter a valid email address.'));
elseif(($option === 'add' && $count_rows > 0)):
die(output('That record already exist.'));
else:
if($send_email === 'Y' && empty($email)):
die(output('Please enter email address to send email.'));
endif;
if($send_certificate === 'Y' && empty($email)):
die(output('Please enter email address to send certificate.'));
endif;
if($send_sms === 'Y' && empty($phone)):
die(output('Please enter mobile number to send sms.'));
endif;
if($send_sms === 'Y' && $phone && $fn->valid_phone($phone) === false):
die(output('Please enter a valid phone number.'));
endif;
if($email && method_exists('functions', 'insert_email')):
$fn->insert_email($email);
endif;
if($option === 'add'):
$stmt = $mysqli->prepare("SELECT catsortnumber, MAX(sortnumber) FROM $table WHERE category = ? ORDER BY $firstcol DESC LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('s', $category);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($ecatsortnumber, $esortnumber);
$stmt->fetch();
$stmt->close();
if($ecatsortnumber):
$catsortnumber = $ecatsortnumber;
$sortnumber = $esortnumber + 1;
else:
if(empty($catsortnumber) OR strlen($catsortnumber) === 0):
die(output('Please enter category sort number.'));
elseif( ! ctype_digit($catsortnumber)):
die(output('Please enter a valid category sort number.'));
endif;
$sortnumber = 1;
endif;
if($my_pic):
if( ! method_exists('functions', 'resize_image')):
die(output('Image resize function doesn\'t exist.'));
endif;
if( ! in_array($picext, $validext)):
die(output('Invalid image type. Only JPG, JPEG, PNG and GIF allowed.'));
endif;
if( ! $fn->resize_image($picext, $pictmp, $uploadpath.$page.'/', $newpic, 128)):
die(output('Image resize function doesn\'t work.'));
endif;
else:
$newpic = '';
endif;
$stmt = $mysqli->prepare("INSERT INTO $table(category, subcategory, name, degree, post, content, email, emailshow, phone, phoneshow, picture, pictureshow, catsortnumber, sortnumber, status, creation) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") or die(output($mysqli->error));
$stmt->bind_param('ssssssssssssiiss', $category, $subcategory, $name, $degree, $post, $content, $email, $emailshow, $phone, $phoneshow, $newpic, $pictureshow, $catsortnumber, $sortnumber, $status, $creation);
$e = $stmt->execute();
$lastid = $stmt->insert_id;
$stmt->close();
if($e):
if($send_sms === 'Y' && method_exists('functions', 'send_sms')):
$fn->send_sms($phone, 'We have updated our editorial board with your information in '.$websitename);
endif;
if($send_email === 'Y' && method_exists('sendmail', 'send') && function_exists('SendEmail')):
SendEmail('add', $lastid, $category, $name, $post, $content, $email, $creation, ($send_certificate === 'Y'));
endif;
die(output(array('text' => 'Content has been added.', 'stat' => true)));
else:
die(output('Content has not been added.'));
endif;
elseif($option === 'edit'):
$sortnumber = $fn->escape($_POST['sortnumber']);
$sortnumber = preg_replace('/[^0-9]/', '', $sortnumber);
if(empty($catsortnumber) OR strlen($catsortnumber) == 0):
die(output('Please enter category sort number.'));
elseif( ! ctype_digit($catsortnumber)):
die(output('Please enter a valid category sort number.'));
elseif(empty($sortnumber) OR strlen($sortnumber) == 0):
die(output('Please enter sort number.'));
elseif( ! ctype_digit($sortnumber)):
die(output('Please enter a valid sort number.'));
endif;
$stmt = $mysqli->prepare("SELECT category, picture, catsortnumber, sortnumber, creation FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $dataid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($ecategory, $epicture, $ecatsortnumber, $esortnumber, $ecreation);
$stmt->fetch();
$stmt->close();
if($my_pic):
if( ! method_exists('functions', 'resize_image')):
die(output('Image resize function doesn\'t exist.'));
endif;
if( ! in_array($picext, $validext)):
die(output('Invalid image type. Only JPG, JPEG, PNG and GIF allowed.'));
endif;
if( ! $fn->resize_image($picext, $pictmp, $uploadpath.$page.'/', $newpic, 128)):
die(output('Image resize function doesn\'t work.'));
endif;
if($epicture && file_exists($uploadpath.$page.'/'.$epicture)):
@unlink($uploadpath.$page.'/'.$epicture);
endif;
else:
$newpic = $epicture;
endif;
$stmt = $mysqli->prepare("UPDATE $table SET catsortnumber = ? WHERE catsortnumber = ?") or die(output($mysqli->error));
$stmt->bind_param('ii', $ecatsortnumber, $catsortnumber);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("UPDATE $table SET catsortnumber = ? WHERE category = ?") or die(output($mysqli->error));
$stmt->bind_param('is', $catsortnumber, $category);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("UPDATE $table SET sortnumber = ? WHERE (category = ? AND sortnumber = ?)") or die(output($mysqli->error));
$stmt->bind_param('isi', $esortnumber, $category, $sortnumber);
$stmt->execute();
$stmt->close();
if($applytoall === 'Y'):
$stmt = $mysqli->prepare("UPDATE $table SET category = ? WHERE category = ?") or die(output($mysqli->error));
$stmt->bind_param('ss', $category, $ecategory);
$stmt->execute();
$stmt->close();
endif;
$stmt = $mysqli->prepare("UPDATE $table SET category = ?, subcategory = ?, name = ?, degree = ?, post = ?, content = ?, email = ?, emailshow = ?, phone = ?, phoneshow = ?, picture = ?, pictureshow = ?, catsortnumber = ?, sortnumber = ?, status = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('ssssssssssssiisi', $category, $subcategory, $name, $degree, $post, $content, $email, $emailshow, $phone, $phoneshow, $newpic, $pictureshow, $catsortnumber, $sortnumber, $status, $dataid);
$e = $stmt->execute();
$stmt->close();
if($e):
if($send_sms === 'Y' && method_exists('functions', 'send_sms')):
$fn->send_sms($phone, 'We have corrected your information in editorial board in '.$websitename);
endif;
if($send_email === 'Y' && method_exists('sendmail', 'send') && function_exists('SendEmail')):
SendEmail('edit', $dataid, $category, $name, $post, $content, $email, $ecreation, ($send_certificate === 'Y'));
endif;
die(output(array('text' => 'Your changes have been saved.', 'stat' => true)));
else:
die(output('Your changes have not been saved.'));
endif;
else:
die(output('No valid action found.'));
endif;
endif;
elseif($option === 'downloadcertificate'):
if( ! method_exists('functions', 'mkzip')):
die(output('ZIP creater function doesn\'t exist.'));
endif;
$files = array();
foreach($dataid as $id):
$stmt = $mysqli->prepare("SELECT category, name, post, content, creation FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($category, $name, $post, $content, $creation);
$stmt->fetch();
$stmt->close();
if($count_rows === 1):
$files[] = GenerateCertificate($id, $category, $name, $post, $content, $creation);
else:
die(output('Content is not found.'));
endif;
endforeach;
$zipname = 'EditorCertificateZip.zip';
$fn->mkzip($zipname, $files);
die(output(array('surl' => $adminurl.'download/'.$zipname, 'stat' => true)));
elseif($option === 'settings'):
$mode = isset($_POST['mode']) ? $fn->escape($_POST['mode']) : '';
$emailshow = isset($_POST['emailshow']) ? $fn->escape($_POST['emailshow']) : 'N';
$phoneshow = isset($_POST['phoneshow']) ? $fn->escape($_POST['phoneshow']) : 'N';
$pictureshow= isset($_POST['pictureshow']) ? $fn->escape($_POST['pictureshow']) : 'N';
$status = isset($_POST['status']) ? $fn->escape($_POST['status']) : 'disabled';
if(empty($mode)):
die(output('Please choose any mode.'));
endif;
$arr = array('email' => array('emailshow', $emailshow), 'phone' => array('phoneshow', $phoneshow), 'picture' => array('pictureshow', $pictureshow), 'status' => array('status', $status));
$column = $arr[$mode][0];
$value = $arr[$mode][1];
$stmt = $mysqli->prepare("UPDATE $table SET $column = ?") or die(output($mysqli->error));
$stmt->bind_param('s', $value);
$e = $stmt->execute();
$stmt->close();
$mysqli->close();
if($e):
die(output(array('text' => 'Your changes have been saved.', 'stat' => true)));
else:
die(output('Your changes have not been saved.'));
endif;
elseif($option === 'downloademails'):
$fn->download_emails($dataid);
else:
die(output('No valid action found.'));
endif;
?>