| Server IP : 192.169.170.185 / Your IP : 216.73.216.97 Web Server : Apache System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64 User : akhilnew ( 1712764) PHP Version : 5.6.40 Disable Function : NONE MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/akhilnew/public_html/electrojournal.com/admin/inc/ |
Upload File : |
<?php
if($option === 'delete' OR $option === 'enabled' OR $option === 'disabled'):
if( ! $dataid):
die(output('Nothing selected.'));
endif;
foreach($dataid as $id):
$stmt = $mysqli->prepare("SELECT * FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->close();
if($count_rows === 1):
if($option === 'delete'):
$stmt = $mysqli->prepare("DELETE FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$e = $stmt->execute();
$stmt->close();
if($e):
$text = 'Content has been deleted.';
$stat = true;
else:
die(output('Content has not been deleted.'));
endif;
elseif($option === 'enabled' OR $option === 'disabled'):
$stmt = $mysqli->prepare("UPDATE $table SET status = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('si', $option, $id);
$e = $stmt->execute();
$stmt->close();
if($e):
$text = 'Selected element has been marked as '.$option.'.';
$stat = true;
else:
die(output('Selected element has not been marked as '.$option.'.'));
endif;
else:
die(output('No valid action found.'));
endif;
else:
die(output('Content is not found.'));
endif;
endforeach;
die(output(array('text' => $text, 'stat' => $stat)));
elseif($option === 'add' OR ($option === 'edit' && $dataid)):
$category = $fn->escape($_POST['category']);
$category = stripslashes($category);
$applytoall = isset($_POST['applytoall']) ? $fn->escape($_POST['applytoall']) : 'N';
$content = $fn->escape($_POST['content'], false, false);
$content = strip_tags($content, '<a><b><i><em><h3><h4><h5><img><span><strong><table><thead><tbody><tfoot><tr><th><td>');
$content = str_replace(array(' ', '\r\n', '\r', '\n'), ' ', $content);
$content = stripslashes($content);
$catsortnumber = $fn->escape($_POST['catsortnumber']);
$catsortnumber = preg_replace('/[^0-9]/', '', $catsortnumber);
$alignment = isset($_POST['alignment']) ? $fn->escape($_POST['alignment']) : 'T';
$status = isset($_POST['status']) ? $fn->escape($_POST['status']) : 'disabled';
if(empty($content)):
die(output('Please enter content.'));
else:
if($option === 'add'):
$stmt = $mysqli->prepare("SELECT COUNT(*) as count_rows, alignment, catsortnumber, MAX(sortnumber) AS esortnumber FROM $table WHERE category = ?") or die(output($mysqli->error));
$stmt->bind_param('s', $category);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($count_rows, $ealignment, $ecatsortnumber, $esortnumber);
$stmt->fetch();
$stmt->close();
if($count_rows > 0):
$alignment = $ealignment;
$catsortnumber = $ecatsortnumber;
$sortnumber = $esortnumber + 1;
else:
if(empty($catsortnumber) && strlen($catsortnumber) == 0):
die(output('Please enter category sort number.'));
elseif( ! ctype_digit($catsortnumber) OR $catsortnumber === '0' OR $catsortnumber === '00'):
die(output('Please enter a valid category sort number.'));
endif;
$sortnumber = 1;
endif;
$stmt = $mysqli->prepare("INSERT INTO $table(category, content, alignment, status, catsortnumber, sortnumber, creation) VALUES(?, ?, ?, ?, ?, ?, ?)") or die(output($mysqli->error));
$stmt->bind_param('ssssiis', $category, $content, $alignment, $status, $catsortnumber, $sortnumber, $creation);
$e = $stmt->execute();
$stmt->close();
$mysqli->close();
if($e):
die(output(array('text' => 'Content has been added.', 'stat' => true)));
else:
die(output('Content has not been added.'));
endif;
elseif($option === 'edit'):
$sortnumber = $fn->escape($_POST['sortnumber']);
$sortnumber = preg_replace('/[^0-9]/', '', $sortnumber);
if(empty($catsortnumber) && strlen($catsortnumber) == 0):
die(output('Please enter category sort number.'));
elseif( ! ctype_digit($catsortnumber) OR $catsortnumber === '0' OR $catsortnumber === '00'):
die(output('Please enter a valid category sort number.'));
elseif(empty($sortnumber) && strlen($sortnumber) == 0):
die(output('Please enter sort number.'));
elseif( ! ctype_digit($sortnumber) OR $sortnumber === '0' OR $sortnumber === '00'):
die(output('Please enter a valid sort number.'));
else:
$stmt = $mysqli->prepare("SELECT category, sortnumber FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $dataid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($ecategory, $esortnumber);
$stmt->fetch();
$stmt->close();
if($applytoall === 'Y'):
$stmt = $mysqli->prepare("UPDATE $table SET category = ? WHERE category = ?") or die(output($mysqli->error));
$stmt->bind_param('ss', $category, $ecategory);
$stmt->execute();
$stmt->close();
endif;
$stmt = $mysqli->prepare("UPDATE $table SET alignment = ?, catsortnumber = ? WHERE category = ?") or die(output($mysqli->error));
$stmt->bind_param('sis', $alignment, $catsortnumber, $category);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("UPDATE $table SET sortnumber = ? WHERE (category = ? AND sortnumber = ?)") or die(output($mysqli->error));
$stmt->bind_param('isi', $esortnumber, $category, $sortnumber);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("UPDATE $table SET category = ?, content = ?, alignment = ?, Status = ?, catsortnumber = ?, sortnumber = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('ssssiii', $category, $content, $alignment, $status, $catsortnumber, $sortnumber, $dataid);
$e = $stmt->execute();
$stmt->close();
$mysqli->close();
if($e):
die(output(array('text' => 'Your changes have been saved.', 'stat' => true)));
else:
die(output('Your changes have not been saved.'));
endif;
endif;
else:
die(output('No valid action found.'));
endif;
endif;
else:
die(output('No valid action found.'));
endif;
?>