V1rus Private
User / IP
:
216.73.217.26
Host / Server
:
103.138.189.202 / chaitanyalaw.com
System
:
Linux s1325.sgp1.mysecurecloudhost.com 4.18.0-513.9.1.lve.el8.x86_64 #1 SMP Mon Dec 4 15:01:22 UTC 2023 x86_64
Cmd
|
Upload
|
Mass Deface
|
Create
|
Sym
:
/
home
/
chaitany
/
public_html
/
CMS
/
Practices
/
Viewing: managepra.php
<?php include_once("../layouts/header.php"); include_once("../layouts/validate.php"); if (isset($_POST['submit'])) { function create($conn, $data = []) { $title = validate_script(mysqli_real_escape_string($conn, $data['title'])); $content = validate_script(mysqli_real_escape_string($conn, $data['content'])); $isValidTitle = validate_title($title); $isValidContent = validate_content($content); $isvalidImage = validate_image($_FILES, 'file', 'files/'); if ($isValidTitle && $isValidContent && $isvalidImage) { $file_name = $_FILES['file']['name']; $sql = "INSERT INTO practice (title,files,content) VALUES ('$title','$file_name','$content')"; $res = mysqli_query($conn, $sql); if ($res) { $_SESSION['statusPractice'] = "Data Added Sucessfully"; header("location: showpra.php"); } } else { $_SESSION['statusPracticesError'] = "Sorry, Something went wrong, data can not be added into the database."; header("location: showpra.php"); } } create($conn, $_POST); } if (isset($_GET['updateid'])) { $id = $_GET['updateid']; function edit($id) { header("location: editpra.php?id=$id"); } edit($id); } function previousdata($conn, $id) { $sql = "SELECT * FROM practice WHERE id='$id'"; $res = mysqli_query($conn, $sql); $numrows = mysqli_num_rows($res); if ($numrows > 0) { $row = mysqli_fetch_assoc($res); return $row; } } function update($conn, $id, $data = []) { $title = validate_script(mysqli_real_escape_string($conn, $data['title'])); $content = validate_script(mysqli_real_escape_string($conn, $data['content'])); $isValidTitle = validate_title($title); $isValidContent = validate_content($content); $isvalidImage = validate_image($_FILES, 'file', 'files/'); // var_dump($isValidTitle); // var_dump($isValidContent); // var_dump($isvalidImage); $file_name = $_FILES['file']['name']; $path = "files/"; $pre_file = previousdata($conn, $id)['files']; $fileupload = ($file_name == "" && file_exists($path . $pre_file)) ? ($file_name = $pre_file) || true : false; if ($fileupload) unset($_SESSION['imageError']); if (($isValidTitle && $isValidContent && $isvalidImage) || ($isValidTitle && $isValidContent && $fileupload)) { $sql = " UPDATE practice SET title='$title', files='$file_name' , content= '$content' WHERE id= '$id'"; $res = mysqli_query($conn, $sql); if ($res) { $_SESSION['statusPractice'] = "Data Updated sucessfully"; $path = "location.href='" . ADMINURL . "Practices/showpra.php'"; echo "<script>$path</script>"; } } else { $_SESSION['statusPracticesError'] = "Sorry, Something went wrong, data can not be added into the database."; $path = "location.href='" . ADMINURL . "Practices/showpra.php'"; echo "<script>$path</script>"; } } if (isset($_POST['delete_btn'])) { $id = mysqli_real_escape_string($conn, $_POST['deleteid']); $sql = "DELETE FROM practice WHERE id='$id'"; $res = mysqli_query($conn, $sql); if ($res) { // $_SESSION['status']= "Data deleted Sucessfully"; echo 6; // header("location: showlawyer.php"); } else { echo 5; } }
Coded With 💗 by
HanzOFC
