Cylul007 Webshell
Uname
:
Linux server.vianetmedia.com 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64
PHP
:
7.4.33
on
fpm-fcgi
Time
:
03 Jun 2024 03:59:41
Path :
/
home
/
bhaktidarshanin
/
public_html
/
manage_panel
/
File Upload :
New File
New Folder
Current File : /home/bhaktidarshanin/public_html/manage_panel/quotation_add_edit_query.php
Download
HOME
<?php session_start(); require_once("lib/connect.php"); include("lib/login_verify.php"); extract($_POST); $date_time = time(); $date = date("Y/m/d H:i:s"); //print_r($_POST); //die(); //Array([edit_id] => [title_name] => 11 [image_prev] => [desc1] =>11[desc2] =>22[desc3] =>33[add_post] => Publish) /* ******** Avatar image upload here ****************** */ if($_FILES['image'][name]!='') { $name1 = $_FILES['image'][name]; $tmp_name1 = $_FILES['image'][tmp_name]; $filename1 = preg_replace('/\s+/', '_', $name1); $yatra_pic1 = "files/".$date_time."_".$filename1; $done = move_uploaded_file($tmp_name1, $yatra_pic1); }else{ $yatra_pic1 = $_POST['image_prev']; } if($_FILES['banner_image'][name]!='') { $name = $_FILES['banner_image'][name]; $tmp_name = $_FILES['banner_image'][tmp_name]; $filename = preg_replace('/\s+/', '_', $name); $yatra_pic = "files/".$date_time."_".$filename; $done = move_uploaded_file($tmp_name, $yatra_pic); }else{ $yatra_pic = $_POST['banner_image_prev']; } /* ******** Avatar image upload end here ****************** */ if($_POST['add_post']=='Publish') { $sql2="INSERT INTO `quotation_table` (`id`, `title`,`desc`, `avatar`, `banner_image`, `status`, `del_status`, `date_time`) VALUES (NULL, '$_POST[quotation_title]', '".mysqli_escape_string($link,$_POST[desc])."', '$yatra_pic1', '$yatra_pic', '1', '1', '$date')"; $res2=mysqli_query($link,$sql2); $lastid = mysqli_insert_id($link); }elseif($_POST['add_post']=='Update'){ $sql3="UPDATE `quotation_table` SET `title` = '$_POST[quotation_title]',`desc` = '".mysqli_escape_string($link,$_POST[desc])."', `avatar` = '$yatra_pic1', `banner_image` = '$yatra_pic', `date_time` = '$date' WHERE `id` = $edit_id"; $res3=mysqli_query($link,$sql3); } elseif($_GET['status']=='delete'){ $sqldel="UPDATE `quotation_table` SET `del_status` = '0', `status` = '0', `date_time` = '$date' WHERE `id` = $_GET[del_id]"; $resdel=mysqli_query($link,$sqldel); }elseif($_GET['status']=='active'){ $sqlact="UPDATE `quotation_table` SET `status` = '0' WHERE `id` = $_GET[action_id]"; $resact=mysqli_query($link,$sqlact); }elseif($_GET['status']=='inactive'){ $sqlinact="UPDATE `quotation_table` SET `status` = '1' WHERE `id` = $_GET[action_id]"; $resinact=mysqli_query($link,$sqlinact); } /* ************* Log Query Start Here *************** */ if($_POST[add_post]=='Update'){ $post_id = $edit_id; $activity = 'Update Quotation'; }elseif($_POST[add_post]=='Publish'){ $post_id = $lastid; $activity = 'New Record Inserted in Quotation'; }elseif($_GET[status]=='active'){ $post_id = $_GET[action_id]; $activity = 'Quotation Status InActive'; }elseif($_GET[status]=='inactive'){ $post_id = $_GET[action_id]; $activity = 'Quotation Status Active'; }elseif($_GET['status']=='delete'){ $post_id = $_GET[del_id]; $activity = 'Record Delete from Quotation'; } $sql_view_count = "INSERT INTO `login_info`(`id`,`login_id`,`username`,`table_name`,`post_id`,`activity`,`ip_address`,`date_time`)VALUES(NULL,'$_SESSION[userid]','$_SESSION[login_user]','quotation_table','$post_id','$activity', '$ip' ,'$date')"; $result = mysqli_query($link,$sql_view_count); /* ************* Log Query End Here *************** */ header("location:quotation.php?msg=Done"); ?>
Copyright © 2018 - Powered By CytoXploit