Mini Shell
<?php
include("../config.php");
$conn = dbconnect();
error_reporting(0);
date_default_timezone_set('Asia/Kolkata');
session_start();
$admin_id = $_SESSION['admin_id'];
$today = date( 'Y-m-d H:i:s');
$type = $_POST['type'];
if($type=='add')
{
$title = mysqli_real_escape_string($conn,$_POST['title']);
$sub_title = '';
$news_content = mysqli_real_escape_string($conn,$_POST['news_content']);
$new_file_name1 = $_FILES["files"]["name"];
$url_query = "SELECT * FROM tb1_url WHERE url_title='news'";
$res_url = mysqli_query($conn,$url_query);
$fetch_url = mysqli_fetch_object($res_url);
$url_path=$fetch_url->url_path;
$filepath = '../../'.$url_path;
if($new_file_name1 != '')
{
$new_file_name1 = $_FILES["files"]["name"];
$lname1 = "news";
$emrand1 = $lname1.rand(1000,2000);
$fileType1 = $_FILES["files"]["type"];
$str1=explode("/",$fileType1);
$new_file_name1 = $emrand1.'.'.$str1[1];
$target_path1 = $filepath .'/' . basename($new_file_name1);
move_uploaded_file($_FILES['files']['tmp_name'], $target_path1);
$sql = "INSERT INTO tb1_latestnews(title,sub_title,news_content,news_img,status,crm_id,created_log,updated_log) VALUES ('$title','$sub_title','$news_content','$new_file_name1','1','$admin_id','$today','$today')";
$content_res = mysqli_query($conn, $sql);
$code = 'done';
}
else
{
$sql = "INSERT INTO tb1_latestnews(title,sub_title,news_content,news_img,status,crm_id,created_log,updated_log) VALUES ('$title','$sub_title','$news_content','','1','$admin_id','$today','$today')";
$content_res = mysqli_query($conn, $sql);
$code = 'done';
}
$code = 'done';
}
else if($type=='active')
{
$news_id = $_POST['news_id'];
$sql = "UPDATE tb1_latestnews SET status=1,crm_id='$admin_id',updated_log='$today' WHERE latestnews_id='$news_id'";
$content_res = mysqli_query($conn, $sql);
$code = 'done';
}
else if($type== 'inactive'){
$news_id = $_POST['news_id'];
$sql = "UPDATE tb1_latestnews SET status=0,crm_id='$admin_id',updated_log='$today' WHERE latestnews_id='$news_id'";
$content_res = mysqli_query($conn, $sql);
$code = 'done';
}
else if($type== 'update')
{
$news_id = $_POST['news_id'];
$title = mysqli_real_escape_string($conn,$_POST['title']);
$sub_title = mysqli_real_escape_string($conn,$_POST['sub_title']);
$news_content = mysqli_real_escape_string($conn,$_POST['news_content']);
$new_file_name1 = $_FILES["files"]["name"];
$url_query = "SELECT * FROM tb1_url WHERE url_title='news'";
$res_url = mysqli_query($conn,$url_query);
$fetch_url = mysqli_fetch_object($res_url);
$url_path=$fetch_url->url_path;
$filepath = '../../'.$url_path;
if($new_file_name1 != '')
{
$new_file_name1 = $_FILES["files"]["name"];
$lname1 = "news";
$emrand1 = $lname1.rand(1000,2000);
$fileType1 = $_FILES["files"]["type"];
$str1=explode("/",$fileType1);
$new_file_name1 = $emrand1.'.'.$str1[1];
$target_path1 = $filepath .'/' . basename($new_file_name1);
move_uploaded_file($_FILES['files']['tmp_name'], $target_path1);
$sql = "UPDATE tb1_latestnews SET title='$title',sub_title='$sub_title',news_content='$news_content',news_img='$new_file_name1',status='1',crm_id='$admin_id',updated_log='$today' WHERE latestnews_id='$news_id'";
//echo $sql;
$content_res = mysqli_query($conn, $sql);
$code = 'done';
}
else
{
$sql = "UPDATE tb1_latestnews SET title='$title',sub_title='$sub_title',news_content='$news_content',status='1',crm_id='$admin_id',updated_log='$today' WHERE latestnews_id='$news_id'";
$content_res = mysqli_query($conn, $sql);
$code = 'done';
}
$code = 'done';
}
echo $data = json_encode($code);
?>
Zerion Mini Shell 1.0