Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
50mmla
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/50mmla/admin/galleryEdit.php
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('includes/appTop.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } $html = ""; $gallery_id=0; if(isset($_REQUEST['galleryId'])){ $gallery_id = $_REQUEST['galleryId']; } $artist_id=0; if(isset($_REQUEST['artistId'])){ $artist_id = $_REQUEST['artistId']; } $action = ""; if(isset($_REQUEST['action'])){ $action = $_REQUEST['action']; } if($action == "addArtist"){ $sql = "INSERT INTO 50mm_other_artists (gallery_id,artist_id) VALUES ('$gallery_id','$artist_id')"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } if($action =="removeArtist"){ $sql = "DELETE FROM 50mm_other_artists WHERE artist_id='$artist_id' AND gallery_id='$gallery_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } if($action=="update"){ $cur_file = $_FILES['file']['name']; $cur_temp = $_FILES['file']['tmp_name']; $cur_mime = $_FILES['file']['type']; $cur_size = $_FILES['file']['size']; $cur_error = $_FILES['file']['error']; $comment = $_REQUEST['comment']; $location = $_REQUEST['location']; $year= $_REQUEST['year']; if(empty($cur_file)){ $sql = "UPDATE 50mm_gallery SET artist_id = '$artist_id',comment='$comment',year_painted='$year',location='$location' WHERE gallery_id='$gallery_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $html.="<div class=\"hilite\">operation successful</div>"; }else{ $valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,GALLERY_MAX_KB); if($valid['result']){ $type = explode("/",$cur_mime); $cur_type = trim($type[0]); $unique_name = get_unique_filename($cur_file); $gd = new gd_img($cur_mime,$cur_temp); if(!$gd->img_id){ die($gd->gd_error);} $id = $gd->img_id; //create watermark image $w_type = getimagesize(WATERMARK_FILE); $gdw = new gd_img($w_type['mime'],WATERMARK_FILE); if(!$gdw->img_id){ die($gdw->gd_error);} //apply watermark $res = $gd->gd_merge_ids($id,$gdw->img_id); if(!$res){ die($gd->gd_error);} //create image $res = $gd->gd_create_img($id,ROOT_DIR.GALLERY_LIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} //create thumbnail $id_t = $gd->gd_crop_img(GALLERY_THUMB_WIDTH,GALLERY_THUMB_HEIGHT,IMG_QUALITY); if(!$id_t){ die($gd->gd_error);} $res = $gd->gd_create_img($id_t,ROOT_DIR.GALLERY_SIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} //add new artist //add photo $sql = "UPDATE 50mm_gallery SET artist_id = '$artist_id',image='$unique_name',comment='$comment',year_painted='$year',location='$location' WHERE gallery_id='$gallery_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $html.="<div class=\"hilite\">operation successful</div>"; }else{ $html.="<div class=\"error\">".$valid['error']."</div>"; } } } include_once('includes/header.php'); ?> <script> divs = new Array(); </script> <? //get info for this image $sql = "SELECT g.artist_id,g.image,g.comment,g.location,g.year_painted,g.entry_time,a.artist_name FROM 50mm_gallery g LEFT JOIN 50mm_artists a ON g.artist_id = a.artist_id WHERE g.gallery_id = '$gallery_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); ?> <?echo $html;?> <form id="gallery" action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'flickError');"> <? $image_info = @getimagesize(ROOT_DIR.GALLERY_LIMG_DIR.$row['image']); $js = "popImage('".urlencode(GALLERY_LIMG_DIR.$row['image'])."','".$image_info[0]."','".$image_info[1]."');"; echo "<img src=\"".GALLERY_SIMG_DIR.$row['image']."\" border=\"0\" style=\"cursor:pointer;\" onClick=\"".$js."\">"; ?> <table cellspacing="0" cellpadding="4" border="0"> <tr> <td>Replace Image<span id="errfile" class="error" style="visibility:hidden;"> *</span></td> <td><input type="file" name="file" class="field"></td> </tr> <tr> <td>Primary Name</td> <td> <table cellspacing="0" cellpadding="0" border="0"> <tr> <td> Select an existing 50mm artist.<br> <?//make drop down menu $sql = "SELECT artist_name,artist_id FROM 50mm_artists WHERE approved = 1 ORDER BY artist_name ASC;"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $options = '<select name="artistId">'."\n"; $options.= '<option value="">-- select artist --</option>'."\n"; while($row2 = $db->sql_fetchrow($result)){ if($row2['artist_id'] == $row['artist_id']){ $options.= '<option value="'.$row2['artist_id'].'" selected>'.$row2['artist_name'].'</option>'."\n"; }else{ $options.= '<option value="'.$row2['artist_id'].'">'.$row2['artist_name'].'</option>'."\n"; } } $options.= '</select>'."\n"; echo $options; ?> </td> </tr> </table> </td> </tr> <tr> <td>City/Country</td> <td><input type="text" name="location" value="<?echo $row['location'];?>" class="field"></td> </tr> <tr valign="top"> <td><b>Comments<br>Or<br>Additonal Artist</b></td> <td><textarea wrap="on" name="comment" class="body" style="width: 400px; height: 200px;"><?echo $row['comment'];?></textarea></td> </tr> <tr> <td>Year Painted</td> <td> <?//make drop down menu $year = 1901; $year_end = 2006; $options = '<select name="year">'."\n"; $options.= '<option value="">-- select year --</option>'."\n"; for($year;$year<=$year_end;$year++){ if($row['year_painted'] == $year){ $options.= '<option value="'.$year.'" selected>'.$year.'</option>'."\n"; }else{ $options.= '<option value="'.$year.'">'.$year.'</option>'."\n"; } } $options.= '</select>'."\n"; echo $options; ?> </td> </tr> <tr> <td colspan="2" align="center"> <input name="submit" type="submit" class="button" value="Update"> <input name="action" type="hidden" value="update"> <input name="galleryId" type="hidden" value="<?echo $gallery_id;?>"> <div id="flickError" class="error" style="visibility:hidden;">Please correct the fields marked by *</div> </td> </tr> </table> </form> <form id="addArtist" action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data"> <table cellspacing="0" cellpadding="0" border="0"> <tr><td colspan="3">Add Secondary Artist:</td></tr> <tr> <td> <?//make drop down menu $sql = "SELECT artist_name,artist_id FROM 50mm_artists WHERE approved = 1 ORDER BY artist_name ASC;"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $options = '<select name="artistId">'."\n"; $options.= '<option value="">-- additional artist --</option>'."\n"; while($row2 = $db->sql_fetchrow($result)){ $options.= '<option value="'.$row2['artist_id'].'">'.$row2['artist_name'].'</option>'."\n"; } $options.= '</select>'."\n"; echo $options; ?> </td> <td width="10"> </td> <td> <input name="add" type="submit" class="button" value="Add Artist"> <input name="action" type="hidden" value="addArtist"> <input name="galleryId" type="hidden" value="<?echo $gallery_id;?>"> </td> </tr> </table> </form> <? //get other artist info $sql = "SELECT a.artist_id,a.artist_name FROM 50mm_other_artists o,50mm_artists a, 50mm_gallery g WHERE o.gallery_id='$gallery_id' AND a.artist_id=o.artist_id AND g.gallery_id = o.gallery_id"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $modrows = Array(); while ($row = $db->sql_fetchrow($result)){ $id = $row['artist_id']; $xtras = Array( "delete"=>"<a href=\"galleryEdit.php?artistId=$id&galleryId=$gallery_id&action=removeArtist\">remove</a>" ); unset($row['artist_id']); $all = array_merge($row,$xtras); array_push($modrows, $all); } echo(get_table($modrows)); ?> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>