WebShell: t.me/oghbnz
<?php require("header.php"); ?>
<?php require("sub_header.php");
$ongoing_id=$_GET['ongoing_id'];
$city_id=$_GET['city_id'];
$a=$_GET['id'];
$query=$conn->query("SELECT * FROM ongoing_images WHERE id='$a' ");
$title=$query->fetch(PDO::FETCH_ASSOC);
?>
<div class="main">
<div class="container">
<div class="row">
<div class="span8">
<div class="widget stacked ">
<div class="widget-header" align="center">
<a href="ongoing_images.php?ongoing_id=<?php echo $ongoing_id; ?>&city_id=<?php echo $city_id; ?>" style="float: left;margin-top: 5px;margin-left:5px" class="btn btn-success"><< Back</a>
<h3>Add Image's</h3>
</div> <!-- /widget-header -->
<div class="widget-content">
<div class="tabbable">
<div class="tab-content">
<div class="tab-pane active" id="profile">
<form name="form" id="form" action="" method="POST" class="form-horizontal" enctype='multipart/form-data'>
<div class="login-fields">
<?php if($_GET['msg']=='error'){?>
<h3 style="color: green" style="padding-left: 182px;">Unable to Update Please Try Again</h3>
<?php } ?>
<!-- <div class="control-group">
<label class="control-label col-md-4" for="title">Title :</label>
<div class="controls">
<input type="text" id="title" name="title" value="<?php echo $title['title']; ?>" class="span4" />
</div>
</div> -->
<?php if($a == ""){ ?>
<div class="control-group">
<label class="control-label" for="pic">Add/Change Image :</label>
<?php if($title['image']){
$f=$title['image'];
echo "<img height='500' width='350' src='../images/ongoing_images/".$f."'>";
} ?>
<div class="controls">
<input type="FILE" id="pic" name="pic[]" multiple="multiple" class="login username-field" />
</div>
<div style="padding-left: 182px;" > <b>Note :</b><p><i>Please uplode ( 750 X 450 ) Pixel ongoing_images to maintain design</i> </p></div>
</div>
<?php } ?>
<?php if($a != ""){ ?>
<div class="control-group">
<label class="control-label" for="pic">Add/Change Image :</label>
<?php if($title['image']){
$f=$title['image'];
echo "<img height='500' width='350' src='../images/ongoing_images/".$f."'>";
} ?>
<div class="controls">
<input type="FILE" id="pic" name="pic" class="login username-field" />
</div>
<div style="padding-left: 182px;" > <b>Note :</b><p><i>Please uplode ( 750 X 450 ) Pixel ongoing_images to maintain design</i> </p></div>
</div>
<?php } ?>
<div class=class="controls" style="padding-left: 182px;" >
<button class="btn btn-primary" name='update'>Update</button>
</div>
</form>
</div> <!-- /login-fields -->
</div>
</div>
</div>
</div>
</div> <!-- /widget-content -->
</div> <!-- /widget -->
</div> <!-- /span8 -->
</div> <!-- /row -->
</div> <!-- /container -->
</div> <!-- /main -->
<?php
$query=$conn->query("SELECT * FROM ongoing_images WHERE id='$a'");
$title1=$query->fetch(PDO::FETCH_ASSOC);
extract($_POST);
if (isset($_POST['update']) && $_GET['id'] != ""){
if(isset($_FILES['pic']) && $_FILES['pic']['size']>0){
$tmp = $_FILES['pic']['tmp_name'];
if(is_uploaded_file($tmp)){
$oname=$_FILES['pic']['name'];
$sname=getRand().'-'.$oname; //use this if you want to randamise the name write a function to it.
$desc="../images/ongoing_images/".$sname;
move_uploaded_file($tmp,$desc);
}
}else{
$sname=$title1['image'];
}
$sql1=$conn->prepare("UPDATE ongoing_images SET image=:sname WHERE id='$a' ");
$sql1->bindValue(':sname',$sname, PDO::PARAM_STR);
// $sql1->bindValue(':title',$title, PDO::PARAM_STR);
if($sql1->execute()){
echo "<script>document.location.href='ongoing_images.php?msg=update&ongoing_id=$ongoing_id&city_id=$city_id'</script>";
}else{
echo "<script>document.location.href='ongoing_images_settings.php?msg=error&ongoing_id=$ongoing_id&city_id=$city_id'</script>";
}
}
if (isset($_POST['update']) && $_GET['id'] == ''){
$desc="../images/ongoing_images/";
$path=$desc;
if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST"){
// Loop $_FILES to exeicute all files
foreach ($_FILES['pic']['name'] as $f => $name) {
$sname=getRand().'-'.$name; //use this if you want to randamise the name write a function to it.
if(move_uploaded_file($_FILES["pic"]["tmp_name"][$f], $path.$sname)){
// $filename = $sname;
// $title = substr($filename, 0, strrpos($filename, ".")); //name with out wxtension
// Number of successfully uploaded file
$sql1=$conn->prepare("INSERT INTO ongoing_images (`image`,`ongoing_id`,`city_id`) values (:sname, :ongoing_id, :city_id) ");
$sql1->bindValue(':sname',$sname, PDO::PARAM_STR);
$sql1->bindValue(':ongoing_id',$ongoing_id, PDO::PARAM_STR);
$sql1->bindValue(':city_id',$city_id, PDO::PARAM_STR);
// $sql1->bindValue(':title',$title, PDO::PARAM_STR);
}else{
echo "File is empty";
}
if($sql1->execute()){
echo "<script>document.location.href='ongoing_images.php?msg=update&ongoing_id=$ongoing_id&city_id=$city_id'</script>";
}else{
echo "<script>document.location.href='ongoing_images_settings.php?msg=error&ongoing_id=$ongoing_id&city_id=$city_id'</script>";
}
}
}
}
function getRand(){
$str=str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890$%@^");
return sha1(str_shuffle(crypt($str)));
}
?>
<?php include_once("foter.php"); ?>
<script type="text/javascript">
$(function()
{
$("#form").validate(
{
// Rules for form validation
rules:
{
pic:
{
accept:"jpg,png,jpeg,gif"
}
},
// Messages for form validation
messages:
{
pic:
{
accept: "Only image type jpg/png/jpeg/gif is allowed"
}
},
// Do not change code below
errorPlacement: function(error, element)
{
error.appendTo(element.parent());
}
});
});
</script>