| Server IP : 51.89.169.208 / Your IP : 3.148.107.92 Web Server : Apache System : Linux ns3209505.ip-198-244-202.eu 4.18.0-553.27.1.el8_10.x86_64 #1 SMP Tue Nov 5 04:50:16 EST 2024 x86_64 User : yellowleaf ( 1019) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/yellowleaf/public_html/members/ajax/ |
Upload File : |
<?php
$path = $_SERVER['DOCUMENT_ROOT'];
include_once $path.'/connect_db.php';
session_start();
// print_r($_SESSION);
if (isset($_COOKIE["yl_user"])) {
$useremail = $_COOKIE["yl_user"];
if (isset($_FILES["ads_image"]) && isset($_POST["adid"]) && isset($_POST["pid"])) {
$res_member = $connect->query("SELECT * FROM `members` WHERE `ename` = '{$useremail}'");
if ($res_member->num_rows > 0) {
$row = $res_member->fetch_array(MYSQLI_ASSOC);
$memberid = $row["memberid"];
$adid = addslashes(trim($_POST["adid"]));
$pid = addslashes(trim($_POST["pid"]));
$target_dir = $path."/members/uploads/{$pid}/";
$image = $_FILES['ads_image']['name'];
$tmp_image = $_FILES['ads_image']['tmp_name'];
$filename = $adid.'.'. pathinfo($image , PATHINFO_EXTENSION);
$newFileName = $target_dir.$filename;
move_uploaded_file($tmp_image, $newFileName);
$set_clause = "";
$result = $connect->query("UPDATE `ads` SET `photo_{$pid}` = '$filename' WHERE memberid ='{$memberid}' AND `adid` = '$adid'");
if ($result) {
echo 'UPLOAD_SUCCESS';
} else {
echo "UPLOAD_FAILED";
}
}
// print_r($_FILES["logoImg"]);
}
if(isset($_POST["delete"]) && isset($_POST["adid"]) && isset($_POST["pid"])){
$adid = addslashes((trim($_POST["adid"])));
$pid = addslashes((trim($_POST["pid"])));
$res_member = $connect->query("SELECT * FROM `members` WHERE `ename` = '{$useremail}'");
if ($res_member->num_rows > 0) {
$row = $res_member->fetch_array(MYSQLI_ASSOC);
$memberid = $row["memberid"];
$target_dir = $path."/members/uploads/{$pid}/";
$res_ad = $connect->query("SELECT * FROM `ads` WHERE `memberid` = '{$memberid}' AND `adid` = '{$adid}'");
if ($res_ad->num_rows > 0) {
$row_ad = $res_ad->fetch_array(MYSQLI_ASSOC);
$col_name = "photo_{$pid}";
$photo = $row_ad[$col_name];
$image_path = $target_dir.$photo;
$connect->query("UPDATE `ads` SET `$col_name` = '' WHERE `memberid` = '{$memberid}' AND `adid` = '{$adid}'");
unlink($image_path);
echo "SUCCESS";
}else{
echo "FAILED";
}
}
}
}
?>