| Server IP : 192.169.170.185 / Your IP : 216.73.216.97 Web Server : Apache System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64 User : akhilnew ( 1712764) PHP Version : 5.6.40 Disable Function : NONE MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/akhilnew/public_html/medicinepaper.net/admin/inc/ |
Upload File : |
<?php
require_once($table.'.functions.php');
if($option === 'delete' OR $option === 'enabled' OR $option === 'disabled' OR $option === 'removepicture' OR $option === 'showpicture' OR $option === 'hidepicture'):
if($idcount > 0):
for($i = 0; $i < $idcount; $i++):
$id = $dataid[$i];
$stmt = $mysqli->prepare("SELECT picture FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($picture);
$stmt->fetch();
$stmt->close();
if($count_rows > 0):
if($option === 'delete'):
$stmt = $mysqli->prepare("DELETE FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$e = $stmt->execute();
$stmt->close();
if($e):
if($picture && file_exists($uploadpath.$page.'/'.$picture)):
@unlink($uploadpath.$page.'/'.$picture);
endif;
$text = 'Content has been deleted.';
$stat = TRUE;
else:
die(output('Content has not been deleted.'));
endif;
elseif($option === 'enabled' OR $option === 'disabled'):
$stmt = $mysqli->prepare("UPDATE $table SET status = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('si', $option, $id);
$e = $stmt->execute();
$stmt->close();
if($e):
$text = 'Selected element has been marked as '.$option.'.';
$stat = TRUE;
else:
die(output('Selected element has not been marked as '.$option.'.'));
endif;
elseif($option === 'removepicture'):
if($picture && file_exists($uploadpath.$page.'/'.$picture)):
if(@unlink($uploadpath.$page.'/'.$picture)):
$stmt = $mysqli->prepare("UPDATE $table SET picture = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('si', $null, $id);
$stmt->execute();
$stmt->close();
$text = 'Picture has been removed.';
$stat = TRUE;
else:
die(output('Picture has not been removed.'));
endif;
else:
die(output('Picture doesn\'t exist.'));
endif;
elseif($option === 'showpicture' OR $option === 'hidepicture'):
$pictureshow = $option === 'showpicture' ? 'Y' : 'N';
$stmt = $mysqli->prepare("UPDATE $table SET pictureshow = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('si', $pictureshow, $id);
$e = $stmt->execute();
$stmt->close();
if($e):
$text = 'You changes have been saved.';
$stat = TRUE;
else:
die(output('You changes have not been saved.'));
endif;
else:
die(output('No valid action found.'));
endif;
else:
die(output('Content is not found.'));
endif;
endfor;
die(output(array('text' => $text, 'stat' => $stat)));
else:
die(output('Nothing selected.'));
endif;
elseif($option === 'add' OR ($option === 'edit' && $dataid)):
$category = strip_tags($fn->escape($_POST['category']));
$category = stripslashes(stripcslashes(htmlentities($category, ENT_QUOTES)));
$subcategory= strip_tags($fn->escape($_POST['subcategory']));
$subcategory= stripslashes(stripcslashes(htmlentities($subcategory, ENT_QUOTES)));
$name = strip_tags($fn->escape($_POST['name']));
$name = mb_convert_case($name, MB_CASE_TITLE, 'UTF-8');
$name = stripslashes(stripcslashes(htmlentities($name, ENT_QUOTES)));
$degree = strip_tags($fn->escape($_POST['degree']));
$degree = stripslashes(stripcslashes(htmlentities($degree, ENT_QUOTES)));
$post = strip_tags($fn->escape($_POST['post']));
$post = preg_replace_callback('/[a-zA-Z]+/', 'changecase', $post);
$post = stripslashes(stripcslashes(htmlentities($post, ENT_QUOTES)));
$content = strip_tags($fn->escape($_POST['content']));
$content = preg_replace_callback('/[a-zA-Z]+/', 'changecase', $content);
$content = stripslashes(stripcslashes(htmlentities($content, ENT_QUOTES)));
$email = strip_tags($fn->escape($_POST['email']));
$email = strtolower($email);
$emailshow = isset($_POST['emailshow']) ? $fn->escape($_POST['emailshow']) : 'N';
$phone = strip_tags($fn->escape($_POST['phone']));
$phone = preg_replace('/[^0-9+-,]/', '', $phone);
$phoneshow = isset($_POST['phoneshow']) ? $fn->escape($_POST['phoneshow']) : 'N';
$my_pic = $fn->escape($_FILES['picture']['name']);
$pictmp = $fn->escape($_FILES['picture']['tmp_name']);
$picext = strtolower(pathinfo($my_pic, PATHINFO_EXTENSION));
$catsortnumber = strip_tags($fn->escape($_POST['catsortnumber']));
$catsortnumber = preg_replace('/[^0-9]/', '', $catsortnumber);
$applytoall = isset($_POST['applytoall']) ? $fn->escape($_POST['applytoall']) : 'N';
$pictureshow= isset($_POST['pictureshow']) ? $fn->escape($_POST['pictureshow']) : 'N';
$sendsms = isset($_POST['sendsms']) ? $fn->escape($_POST['sendsms']) : 'N';
$sendemail = isset($_POST['sendemail']) ? $fn->escape($_POST['sendemail']) : 'N';
$certificate= isset($_POST['certificate']) ? $fn->escape($_POST['certificate']) : 'N';
$status = isset($_POST['status']) ? $fn->escape($_POST['status']) : 'disabled';
$newpic = 'IMG_'.date('Ymd_his').'.'.$picext;
$validext = array('jpg', 'jpeg', 'png', 'gif');
$creation = date('Y-m-d H:i:s');
if(!is_dir(rtrim($uploadpath, '/'))):
@mkdir(rtrim($uploadpath, '/'));
endif;
if(!is_dir($uploadpath.$page)):
@mkdir($uploadpath.$page);
endif;
$stmt = $mysqli->prepare("SELECT * FROM $table WHERE (category = ? AND name = ? AND email = ?)") or die(output($mysqli->error));
$stmt->bind_param('sss', $category, $name, $email);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->close();
if(empty($category)):
die(output('Please select category or enter a new category.'));
elseif(empty($name)):
die(output('Please enter editor name.'));
elseif($option === 'add' && $count_rows > 0):
die(output('Duplicate entry for editor name and email '.$name.', ' .$email.'.'));
elseif(empty($content)):
die(output('Please enter content.'));
else:
if($sendemail === 'Y' && empty($email)):
die(output('Please enter email ID to send email.'));
endif;
if($certificate === 'Y' && empty($email)):
die(output('Please enter email ID to send certificate.'));
endif;
if($email && $fn->valid_email($email) === FALSE):
die(output('Please enter a valid email ID.'));
endif;
if($email && method_exists('functions', 'insert_email')):
$fn->insert_email($email);
endif;
if($sendsms === 'Y' && empty($phone)):
die(output('Please enter phone number to send SMS.'));
endif;
if($sendsms === 'Y'):
if($phone):
foreach(explode(',', $phone) as $phone_number):
if(strlen(trim($phone_number)) !== 10 OR !ctype_digit($phone_number)):
die(output('Please enter a valid phone number.'));
endif;
endforeach;
endif;
endif;
if($option === 'add'):
$stmt = $mysqli->prepare("SELECT catsortnumber, MAX(sortnumber) FROM $table WHERE category = ? ORDER BY $firstcol DESC LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('s', $category);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($ecatsortnumber, $esortnumber);
$stmt->fetch();
$stmt->close();
if($ecatsortnumber):
$catsortnumber = $ecatsortnumber;
$sortnumber = $esortnumber + 1;
else:
if(empty($catsortnumber) OR strlen($catsortnumber) === 0):
die(output('Please enter category sort number.'));
elseif( ! ctype_digit($catsortnumber)):
die(output('Please enter a valid category sort number.'));
endif;
$sortnumber = 1;
endif;
if($my_pic):
if( ! method_exists('functions', 'resize_image')):
die(output('Image resize function doesn\'t exist.'));
endif;
if( ! in_array($picext, $validext)):
die(output('Invalid image type. Only JPG, JPEG, PNG and GIF allowed.'));
endif;
if( ! $fn->resize_image($picext, $pictmp, $uploadpath.$page.'/', $newpic, 128)):
die(output('Image resize function doesn\'t work.'));
endif;
else:
$newpic = '';
endif;
$stmt = $mysqli->prepare("INSERT INTO $table(category, subcategory, name, degree, post, content, email, emailshow, phone, phoneshow, picture, pictureshow, catsortnumber, sortnumber, status, creation) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") or die(output($mysqli->error));
$stmt->bind_param('ssssssssssssiiss', $category, $subcategory, $name, $degree, $post, $content, $email, $emailshow, $phone, $phoneshow, $newpic, $pictureshow, $catsortnumber, $sortnumber, $status, $creation);
$e = $stmt->execute();
$dataid = $stmt->insert_id;
$stmt->close();
elseif($option === 'edit'):
$sortnumber = strip_tags($fn->escape($_POST['sortnumber']));
$sortnumber = preg_replace('/[^0-9]/', '', $sortnumber);
if(empty($catsortnumber) OR strlen($catsortnumber) == 0):
die(output('Please enter category sort number.'));
elseif( ! ctype_digit($catsortnumber)):
die(output('Please enter a valid category sort number.'));
elseif(empty($sortnumber) OR strlen($sortnumber) == 0):
die(output('Please enter sort number.'));
elseif( ! ctype_digit($sortnumber)):
die(output('Please enter a valid sort number.'));
endif;
$stmt = $mysqli->prepare("SELECT category, picture, catsortnumber, sortnumber, creation FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $dataid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($ecategory, $epicture, $ecatsortnumber, $esortnumber, $ecreation);
$stmt->fetch();
$stmt->close();
if($my_pic):
if( ! method_exists('functions', 'resize_image')):
die(output('Image resize function doesn\'t exist.'));
endif;
if( ! in_array($picext, $validext)):
die(output('Invalid image type. Only JPG, JPEG, PNG and GIF allowed.'));
endif;
if( ! $fn->resize_image($picext, $pictmp, $uploadpath.$page.'/', $newpic, 128)):
die(output('Image resize function doesn\'t work.'));
endif;
if($epicture && file_exists($uploadpath.$page.'/'.$epicture)):
@unlink($uploadpath.$page.'/'.$epicture);
endif;
else:
$newpic = $epicture;
endif;
$stmt = $mysqli->prepare("UPDATE $table SET catsortnumber = ? WHERE catsortnumber = ?") or die(output($mysqli->error));
$stmt->bind_param('ii', $ecatsortnumber, $catsortnumber);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("UPDATE $table SET catsortnumber = ? WHERE category = ?") or die(output($mysqli->error));
$stmt->bind_param('is', $catsortnumber, $category);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("UPDATE $table SET sortnumber = ? WHERE (category = ? AND sortnumber = ?)") or die(output($mysqli->error));
$stmt->bind_param('isi', $esortnumber, $category, $sortnumber);
$stmt->execute();
$stmt->close();
if($applytoall === 'Y'):
$stmt = $mysqli->prepare("UPDATE $table SET category = ? WHERE category = ?") or die(output($mysqli->error));
$stmt->bind_param('ss', $category, $ecategory);
$stmt->execute();
$stmt->close();
endif;
$stmt = $mysqli->prepare("UPDATE $table SET category = ?, subcategory = ?, name = ?, degree = ?, post = ?, content = ?, email = ?, emailshow = ?, phone = ?, phoneshow = ?, picture = ?, pictureshow = ?, catsortnumber = ?, sortnumber = ?, status = ? WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('ssssssssssssiisi', $category, $subcategory, $name, $degree, $post, $content, $email, $emailshow, $phone, $phoneshow, $newpic, $pictureshow, $catsortnumber, $sortnumber, $status, $dataid);
$e = $stmt->execute();
$stmt->close();
else:
die(output('No valid action found.'));
endif;
if($e):
if($sendsms === 'Y' && method_exists('functions', 'send_sms')):
$messages = array('add' => 'We have updated our editorial board with your information in '.$websitename, 'edit' => 'We have corrected your information in editorial board in '.$websitename);
$message = $fn->element($option, $messages);
$fn->send_sms($phone, $message);
endif;
if($sendemail === 'Y' && method_exists('sendmail', 'send') && function_exists('SendEmail')):
$isSendCertificate = $certificate === 'Y' ? TRUE : FALSE;
$date = $option === 'add' ? $creation : $ecreation;
$filename = SendEmail($option, $dataid, $category, $name, $post, $content, $email, $date, $isSendCertificate);
if(file_exists($filename)):@unlink($filename);endif;
endif;
if($option === 'add'):
die(output(array('text' => 'Content has been added.', 'stat' => TRUE)));
elseif($option === 'edit'):
die(output(array('text' => 'Your changes have been saved.', 'stat' => TRUE)));
else:
die(output('No valid action found.'));
endif;
else:
if($option === 'add'):
die(output('Content has not been added.'));
elseif($option === 'edit'):
die(output('Your changes have not been saved.'));
else:
die(output('No valid action found.'));
endif;
endif;
endif;
elseif($option === 'certificate'):
if( ! method_exists('functions', 'mkzip')):
die(output('ZIP creater function doesn\'t exist.'));
endif;
$files = array();
for($i = 0; $i < $idcount; $i++):
$id = $dataid[$i];
$stmt = $mysqli->prepare("SELECT category, name, post, content, creation FROM $table WHERE $firstcol = ? LIMIT 1") or die(output($mysqli->error));
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($category, $name, $post, $content, $creation);
$stmt->fetch();
$stmt->close();
if($count_rows === 1):
$files[] = GenerateCertificate($id, $category, $name, $post, $content, $creation);
else:
die(output('Content is not found.'));
endif;
endfor;
$zipname = 'EditorCertificateZip.zip';
$fn->mkzip($zipname, $files);
die(output(array('surl' => $adminurl.'download/'.$zipname, 'stat' => TRUE)));
elseif($option === 'settings'):
$mode = isset($_POST['mode']) ? $fn->escape($_POST['mode']) : '';
$emailshow = isset($_POST['emailshow']) ? $fn->escape($_POST['emailshow']) : 'N';
$phoneshow = isset($_POST['phoneshow']) ? $fn->escape($_POST['phoneshow']) : 'N';
$pictureshow= isset($_POST['pictureshow']) ? $fn->escape($_POST['pictureshow']) : 'N';
$status = isset($_POST['status']) ? $fn->escape($_POST['status']) : 'disabled';
if(empty($mode)):
die(output('Please choose any mode.'));
endif;
$arr = array('email' => array('emailshow', $emailshow), 'phone' => array('phoneshow', $phoneshow), 'picture' => array('pictureshow', $pictureshow), 'status' => array('status', $status));
$column = $arr[$mode][0];
$value = $arr[$mode][1];
$stmt = $mysqli->prepare("UPDATE $table SET $column = ?") or die(output(false, $mysqli->error));
$stmt->bind_param('s', $value);
$e = $stmt->execute();
$stmt->close();
$mysqli->close();
if($e):
die(output(array('text' => 'Your changes have been saved.', 'stat' => TRUE)));
else:
die(output('Your changes have not been saved.'));
endif;
elseif($option === 'downloademails'):
$fn->download_emails($dataid);
else:
die(output('No valid action found.'));
endif;
?>