WebShell: t.me/oghbnz
<?php require("header.php"); ?>
<?php require("sub_header.php");
$a=$_GET['id'];
$query=$conn->query("SELECT * FROM manage_upload WHERE id='$a' ");
$title=$query->fetch(PDO::FETCH_ASSOC);
?>
<div class="main">
<div class="container">
<div class="row">
<div class="span12"> <!-- there are 1 to 12 spans we can use for size according to size -->
<div class="widget stacked ">
<div class="widget-header" align="center">
<a href="manage_uploads_settings.php" style="float: left;margin-top: 5px;margin-left:5px" class="btn btn-success"><< Back</a>
<h3>Add/Alter Upload</h3>
</div> <!-- /widget-header -->
<div class="widget-content">
<div class="tabbable">
<div class="tab-content">
<div class="tab-pane active" id="profile">
<form name="form" id="form" action="" method="POST" class="form-horizontal" enctype='multipart/form-data'>
<div class="login-fields">
<?php if($_GET['msg']=='error'){?>
<h3 style="color: green" style="padding-left: 182px;">Unable to update please try again</h3>
<?php } ?>
<div class="control-group">
<label class="control-label" for="image1">Image :</label>
<?php if($title['image']){
$h=$title['image'];
echo "<img height='500' width='350' src='../images/manage_uploads/".$h."'>";
} ?>
<br>
<div class="controls">
<input type="FILE" id="image1" name="image1" class="login username-field" />
</div>
<div class=class="controls" style="padding-left: 182px; ">
<button class="btn btn-primary" name='update'>Update</button>
</div>
</div> <!-- /login-fields -->
</form>
</div><!-- /tab-pane active -->
</div><!-- /tab-content -->
</div><!-- /tabbable -->
</div> <!-- /widget-content -->
</div> <!-- /widget -->
</div> <!-- /span8 -->
</div> <!-- /row -->
</div> <!-- /container -->
</div> <!-- /main -->
<?php include_once("foter.php"); ?>
<?php
$query=$conn->query("SELECT * FROM manage_upload WHERE id='$a' ");
$noid=$query->fetch(PDO::FETCH_ASSOC);
if(isset($_FILES['image1']) && $_FILES['image1']['size']>0){
$tmp = $_FILES['image1']['tmp_name'];
if(is_uploaded_file($tmp)){
$oname=$_FILES['image1']['name'];
$name=getRand().'-'.$oname; //use this if you want to randamise the name write a function to it.
$desc="../images/manage_uploads/".$name;
move_uploaded_file($tmp,$desc);
}
}else{
$name= $noid['image'];
}
if(isset($_POST['update']) && $_GET['id'] != ''){
$sql1 = $conn->prepare( "UPDATE manage_upload SET image=:name WHERE id='$a' ");
$sql1->bindValue(':name',$name, PDO::PARAM_STR);
if($sql1->execute()){
echo "<script>document.location.href='manage_uploads_settings.php?msg=update'</script>";
}else{
echo "<script>document.location.href='manage_uploads_settings.php?heading=$id?msg=error'</script>";
}
}
if(isset($_POST['update']) && $_GET['id'] == '') {
$sql1 = $conn->prepare("INSERT INTO manage_upload (image) VALUES (:name)");
$sql1->bindValue(':name',$name, PDO::PARAM_STR);
if($sql1->execute()){
echo "<script>document.location.href='manage_uploads_settings.php?msg=update'</script>";
}else{
echo "<script>document.location.href='manage_uploads.php?msg=error'</script>";
}
}
function getRand(){
$str=str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890$%@^");
return sha1(str_shuffle(crypt($str)));
}
?>
<?php include_once("foter.php"); ?>