Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
ridazz
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/ridazz/admin/galleryApprove.php
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon2.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('includes/appTop2.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } if( isset($_REQUEST['approve']) || isset($_REQUEST['delete']) ){ //loop through all while(list($key,$value) = each($_REQUEST)){ if(preg_match("/gallery_/i",$key)){ $ids = explode("_",$db->sanitize_input($key)); if(isset($_REQUEST['approve'])){ $sql = "UPDATE 50mm_gallery SET approved = 1,entry_time=NOW() WHERE gallery_id = '".$ids[1]."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } //also approve artist $sql = "SELECT artist_id FROM 50mm_gallery WHERE gallery_id = '".$ids[1]."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); $sql = "UPDATE 50mm_artists SET approved = 1 WHERE artist_id = '".$row['artist_id']."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } }else if(isset($_REQUEST['delete'])){ $sql = "DELETE FROM 50mm_gallery WHERE gallery_id = '".$ids[1]."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } } } } include_once('includes/header.php'); ?> <form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data"> <? //content $sql = "SELECT g.gallery_id,g.image,a.artist_name,g.entry_time,u.username,u.user_id FROM 50mm_gallery g LEFT JOIN 50mm_artists a ON g.artist_id=a.artist_id LEFT JOIN 50mm_users u ON g.user_id = u.user_id WHERE g.approved = 0"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $modrows = Array(); while ($row = $db->sql_fetchrow($result)){ $id = $row['gallery_id']; $uid = $row['user_id']; unset($row['user_id']); $image_info = @getimagesize(ROOT_DIR.GALLERY_LIMG_DIR.$row['image']); $js = "popImage('".urlencode(GALLERY_LIMG_DIR.$row['image'])."','".$image_info[0]."','".$image_info[1]."');"; $row['image'] ="<img src=\"".GALLERY_SIMG_DIR.$row['image']."\" border=\"0\" style=\"cursor:pointer;\" onClick=\"".$js."\">"; $xtras = Array(); if(has_permission("galleryEdit")){ $xtras['edit'] = "<a href=\"galleryEdit.php?galleryId=$id\">edit</a>"; } if(has_permission("userEmail")){ $xtras['send email'] = "<a href=\"userEmail.php?userId=$uid\">email</a>"; } if(has_permission("galleryDelete")){ $xtras['approve \ delete'] = "<input type=\"checkbox\" name=\"gallery_".$id."\" value=\"\">"; }else{ $xtras['approve'] = "<input type=\"checkbox\" name=\"gallery_".$id."\" value=\"\">"; } //unset($row['image']); $all = array_merge($row,$xtras); array_push($modrows, $all); } echo(get_table($modrows)); ?> <? if(has_permission("galleryDelete")){ $submit = "<br><br><br><input class=\"button\" type=\"submit\" name=\"delete\" value=\"Delete Selected\" onClick=\"return validateDelete(this.form);\"> "; echo $submit; } ?> <br><br><br><input class="button" type="submit" name="approve" value="Approve Selected"> <br><br><br><input type="checkbox" name="selectAll" onClick="return checkUncheckAll(this.form);"> Select/Deselect All<br> </form> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>