BLACKSITE
:
216.73.217.4
:
104.37.75.190 / alpenpass.ca
:
Linux server3.pointsplan.com 5.14.0-503.38.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Apr 18 08:52:10 EDT 2025 x86_64
:
/
home
/
apca
/
www
/
admin
/
Upload File:
files >> /home/apca/www/admin/gallery_uploads.php
<?php session_start(); error_reporting(0); include('includes/config.php'); if(strlen($_SESSION['alogin'])==0) { header('location:index.php'); } else{ if (!function_exists('resizeImage')) { function resizeImage($source, $destination, $new_width) { list($width, $height, $type) = getimagesize($source); $new_height = ($height / $width) * $new_width; $image = null; switch ($type) { case IMAGETYPE_JPEG: $image = imagecreatefromjpeg($source); break; case IMAGETYPE_PNG: $image = imagecreatefrompng($source); break; case IMAGETYPE_GIF: $image = imagecreatefromgif($source); break; default: return false; } $resized_image = imagecreatetruecolor($new_width, $new_height); imagecopyresampled($resized_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); switch ($type) { case IMAGETYPE_JPEG: imagejpeg($resized_image, $destination, 90); break; case IMAGETYPE_PNG: imagepng($resized_image, $destination); break; case IMAGETYPE_GIF: imagegif($resized_image, $destination); break; } imagedestroy($image); imagedestroy($resized_image); } } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_REQUEST['id']) && is_numeric($_REQUEST['id']) && $_REQUEST['action'] == "edit") { $id = intval($_REQUEST['id']); $title = isset($_POST['title']) ? trim($_POST['title']) : ''; $caption = isset($_POST['caption']) ? trim($_POST['caption']) : ''; $category = isset($_POST['category']) ? trim($_POST['category']) : ''; $new_category = isset($_POST['new_category']) ? trim($_POST['new_category']) : ''; $tags = isset($_POST['tags']) ? trim($_POST['tags']) : ''; $sort_order = isset($_POST['sort_order']) ? intval($_POST['sort_order']) : 0; $type = isset($_POST['type']) ? trim($_POST['type']) : 'image'; $archived = isset($_POST['archived']) ? 1 : 0; if (strlen($new_category)>=3) { $category = $new_category; } // Fetch existing file paths $stmt = $dbh->prepare("SELECT gallery_url, full_url, video_url FROM gallery WHERE id = :id"); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $existing = $stmt->fetch(PDO::FETCH_ASSOC); if (!$existing) { die("Error: Record not found."); } $gallery_url = $existing['gallery_url']; $full_url = $existing['full_url']; $video_url = $existing['video_url']; // Handle file uploads if (isset($_FILES['file']['name']) && $_FILES['file']['error'] === UPLOAD_ERR_OK) { $filename = time() . '_' . basename($_FILES['file']['name']); if ($type === 'image') { $target_full = '../uploads/full/' . $filename; $target_gallery = '../uploads/gallery/' . $filename; // Delete old images before replacing if (!empty($existing['full_url']) && file_exists($existing['full_url'])) { unlink($existing['full_url']); } if (!empty($existing['gallery_url']) && file_exists($existing['gallery_url'])) { unlink($existing['gallery_url']); } // Move the new file if (move_uploaded_file($_FILES['file']['tmp_name'], $target_full)) { $gallery_url = $target_gallery; $full_url = $target_full; resizeImage($target_full, $target_gallery, 600); resizeImage($target_full, $target_full, 1920); } else { die("Error: File upload failed."); } } elseif ($type === 'video') { $target_video = 'uploads/video/' . $filename; // Delete old video before replacing if (!empty($existing['video_url']) && file_exists($existing['video_url'])) { unlink($existing['video_url']); } if (move_uploaded_file($_FILES['file']['tmp_name'], $target_video)) { $video_url = $target_video; } else { die("Error: Video upload failed."); } } } // Update the database record $stmt = $dbh->prepare("UPDATE gallery SET title = :title, caption = :caption, category = :category, type = :type, gallery_url = :gallery_url, full_url = :full_url, video_url = :video_url, archived = :archived, tags = :tags, sort_order = :sort_order WHERE id = :id"); $stmt->bindParam(':title', $title, PDO::PARAM_STR); $stmt->bindParam(':caption', $caption, PDO::PARAM_STR); $stmt->bindParam(':category', $category, PDO::PARAM_STR); $stmt->bindParam(':type', $type, PDO::PARAM_STR); $stmt->bindParam(':gallery_url', $gallery_url, PDO::PARAM_STR); $stmt->bindParam(':full_url', $full_url, PDO::PARAM_STR); $stmt->bindParam(':video_url', $video_url, PDO::PARAM_STR); $stmt->bindParam(':archived', $archived, PDO::PARAM_INT); $stmt->bindParam(':tags', $tags, PDO::PARAM_STR); $stmt->bindParam(':sort_order', $sort_order, PDO::PARAM_INT); $stmt->bindParam(':id', $id, PDO::PARAM_INT); if ($stmt->execute()) { header("Location: gallery_uploads.php?action=edit&id=".$_REQUEST['id']."&message=Image loaded successfully"); } else { echo "<pre>Error 142: " . print_r($stmt->errorInfo(), true) . "</pre>"; } } if ($_SERVER['REQUEST_METHOD'] === 'POST' AND $_REQUEST['action']=="insert") { $user_id = isset($_SESSION['id']) ? $_SESSION['id'] : 0; if (!$_SESSION['alogin']) { die("Error: User is not logged in."); } $title = isset($_POST['title']) ? trim($_POST['title']) : ''; $caption = isset($_POST['caption']) ? trim($_POST['caption']) : ''; $category = isset($_POST['category']) ? trim($_POST['category']) : ''; $new_category = isset($_POST['new_category']) ? trim($_POST['new_category']) : ''; $tags = isset($_POST['tags']) ? trim($_POST['tags']) : ''; $sort_order = isset($_POST['sort_order']) ? intval($_POST['sort_order']) : 0; $type = isset($_POST['type']) ? trim($_POST['type']) : 'image'; $archived = isset($_POST['archived']) ? 1 : 0; if (strlen($new_category)>=3) { $category = $new_category; } $upload_dir_full = '../uploads/full/'; $upload_dir_gallery = '../uploads/gallery/'; $upload_dir_video = '../uploads/video/'; if (!file_exists($upload_dir_full)) mkdir($upload_dir_full, 0777, true); if (!file_exists($upload_dir_gallery)) mkdir($upload_dir_gallery, 0777, true); if (!file_exists($upload_dir_video)) mkdir($upload_dir_video, 0777, true); $gallery_url = ''; $full_url = ''; $video_url = ''; if (isset($_FILES['file']['name']) && $_FILES['file']['error'] === UPLOAD_ERR_OK) { $filename = time() . '_' . basename($_FILES['file']['name']); if ($type === 'image') { $target_full = $upload_dir_full . $filename; $target_gallery = $upload_dir_gallery . $filename; if (move_uploaded_file($_FILES['file']['tmp_name'], $target_full)) { $gallery_url = '../uploads/gallery/' . $filename; $full_url = '../uploads/full/' . $filename; resizeImage($target_full, $target_gallery, 600); resizeImage($target_full, $target_full, 1920); } } elseif ($type === 'video') { $target_video = $upload_dir_video . $filename; if (move_uploaded_file($_FILES['file']['tmp_name'], $target_video)) { $video_url = 'admin/uploads/video/' . $filename; } } } $stmt = $dbh->prepare("INSERT INTO gallery (title, caption, category, type, gallery_url, full_url, video_url, archived, uploaded_at, user_id, tags, sort_order) VALUES (:title, :caption, :category, :type, :gallery_url, :full_url, :video_url, :archived, NOW(), :user_id, :tags, :sort_order)"); $stmt->bindParam(':title', $title, PDO::PARAM_STR); $stmt->bindParam(':caption', $caption, PDO::PARAM_STR); $stmt->bindParam(':category', $category, PDO::PARAM_STR); $stmt->bindParam(':type', $type, PDO::PARAM_STR); $stmt->bindParam(':gallery_url', $gallery_url, PDO::PARAM_STR); $stmt->bindParam(':full_url', $full_url, PDO::PARAM_STR); $stmt->bindParam(':video_url', $video_url, PDO::PARAM_STR); $stmt->bindParam(':archived', $archived, PDO::PARAM_INT); $stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT); $stmt->bindParam(':tags', $tags, PDO::PARAM_STR); $stmt->bindParam(':sort_order', $sort_order, PDO::PARAM_INT); if ($stmt->execute()) { $noticeMessage= "Upload successful!"; } else { echo "<pre>Error: " . print_r($stmt->errorInfo(), true) . "</pre>"; } } if($_REQUEST['action']=="edit"){ function getGalleryItem($id, $dbh) { global $dbh; if (!is_numeric($id)) { return false; } $stmt = $dbh->prepare("SELECT * FROM gallery WHERE id = :id"); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); return $result ? $result : false; } $gallery_id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0; $row = getGalleryItem($gallery_id, $dbh); } ?> <!doctype html> <html lang="en" class="no-js"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1"> <meta name="description" content=""> <meta name="author" content=""> <meta name="theme-color" content="#3e454c"> <title>Alpenpass Motorcycle Rental Portal | Admin Update Brand</title> <!-- Font awesome --> <link rel="stylesheet" href="css/font-awesome.min.css"> <!-- Sandstone Bootstrap CSS --> <link rel="stylesheet" href="css/bootstrap.min.css"> <!-- Bootstrap Datatables --> <link rel="stylesheet" href="css/dataTables.bootstrap.min.css"> <!-- Bootstrap social button library --> <link rel="stylesheet" href="css/bootstrap-social.css"> <!-- Bootstrap select --> <link rel="stylesheet" href="css/bootstrap-select.css"> <!-- Bootstrap file input --> <link rel="stylesheet" href="css/fileinput.min.css"> <!-- Awesome Bootstrap checkbox --> <link rel="stylesheet" href="css/awesome-bootstrap-checkbox.css"> <!-- Admin Stye --> <link rel="stylesheet" href="css/style.css"> <style> .errorWrap { padding: 10px; margin: 0 0 20px 0; background: #fff; border-left: 4px solid #dd3d36; -webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); } .succWrap{ padding: 10px; margin: 0 0 20px 0; background: #fff; border-left: 4px solid #5cb85c; -webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); } .img-thumbnail { width: 250px; height: auto; display: inline-block; margin: 0px 20px 20px 10px; } </style> </head> <body> <?php include('includes/header.php');?> <div class="ts-main-content"> <?php include('includes/leftbar.php');?> <div class="content-wrapper"> <div class="container-fluid"> <div class="row"> <div class="col-md-12"> <?php $pageName=($_REQUEST['action']=="edit")? "Edit Gallery Image" : "Upload Gallery Image" ?> <h2 class="page-title"><?php echo $pageName;?></h2> <div class="row"> <div class="col-md-10"> <?php if($noticeMessage OR $_GET['message']){?> <div style="width:100%; text-align: center; padding: 20px;background-color: #CCFFCC; border-radius: 20px; border: thin solid #339966; margin-bottom:20px; font-size: 24px;"><?php echo $_GET['message']." ".$noticeMessage;?></div> <?php } ?> <div class="panel panel-default"> <div class="panel-heading"><?php echo $pageName;?></div> <div class="panel-body"> <div class="container"> <form action="" method="POST" enctype="multipart/form-data" id="uploadForm"> <input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" > <input type="hidden" name="action" value="<?php echo $_GET['action']; ?>" > <label>Title:</label> <input type="text" name="title" class="form-control" value="<?php echo $row['title']; ?>" required> <label>Caption:</label> <textarea name="caption" class="form-control" required><?php echo $row['caption']; ?></textarea> <label>Category:</label> <select name="category" class="form-control"> <option value="">Select a Category</option> <?php $stmt = $dbh->query("SELECT DISTINCT category FROM gallery ORDER BY category"); while ($row2 = $stmt->fetch(PDO::FETCH_ASSOC)) { $selected=($row2['category']==$row['category'])? " selected " :""; echo "<option value='" . htmlentities($row2['category']) . "' $selected >" . htmlentities($row2['category']) . "</option>"; } ?> </select> <label>Or add a new category:</label> <input type="text" name="new_category" class="form-control"> <label>Tags (comma separated):</label> <input type="text" name="tags" value="<?php echo $row['tags']; ?>" class="form-control"> <label>Sort Order:</label> <input type="number" name="sort_order" class="form-control" value="<?php echo $row['sort_order']; ?>" > <label>Type:</label> <select name="type" class="form-control"> <?php $typeArray=array("image","video"); foreach($typeArray as $value){ $selected=($value==$row['type'])? " selected " :""; echo "<option value='$value'>".ucfirst($value)."</option>"; } ?> </select> <?php if($_REQUEST['action']=="edit"){?> <label>File Upload:</label><br />Current Image:<img src="../<?php echo htmlentities($row['gallery_url']); ?>" class="img-thumbnail"> Uplaod a new image, or leave blank to keep the current image.<br /> <?php } $required=($_REQUEST['action']=="edit")? "" :" required "; ?> <input type="file" name="file" class="form-control" <?php echo $required;?>> <p style="font-size: 10px;">Please wait for the file name to show here before pushing the Upload button</p> <br> <button type="submit" class="btn btn-primary" id="submitBtn">Upload</button> <!-- Hidden loading spinner --> <div id="loading" style="display: none; text-align: center; margin-top: 15px;"> <img src="img/loading_bar_blue.gif" alt="Uploading..." width="400"> <p>Uploading... Please wait</p> </div> </form> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </body> </html> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://cdn.datatables.net/1.13.6/js/jquery.dataTables.min.js"></script> <script src="https://cdn.datatables.net/buttons/2.3.6/js/dataTables.buttons.min.js"></script> <script src="https://cdn.datatables.net/buttons/2.3.6/js/buttons.html5.min.js"></script> <script src="js/main.js"></script> <script> document.addEventListener("DOMContentLoaded", function () { const form = document.getElementById("uploadForm"); const categorySelect = form.querySelector("select[name='category']"); const newCategoryInput = form.querySelector("input[name='new_category']"); const loading = document.getElementById("loading"); const submitBtn = document.getElementById("submitBtn"); form.addEventListener("submit", function (event) { const category = categorySelect.value.trim(); const newCategory = newCategoryInput.value.trim(); // Validation: only one of the two can be filled if ((category && newCategory) || (!category && !newCategory)) { event.preventDefault(); alert("Please select a category OR enter a new one - not both."); return false; } // If validation passes, show loading and delay actual submission event.preventDefault(); // Still prevent default to delay submission loading.style.display = "block"; submitBtn.disabled = true; setTimeout(() => { form.submit(); // Now submit the form manually }, 500); }); // Optional: clear other field categorySelect.addEventListener("change", function () { if (categorySelect.value) newCategoryInput.value = ""; }); newCategoryInput.addEventListener("input", function () { if (newCategoryInput.value.trim() !== "") categorySelect.value = ""; }); }); </script> <?php } ?>