UnknownSec Bypass
403
:
/
var
/
www
/
jpsagrisolution
/
cpanel
/ [
drwxr-xr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
operation_product.php
<?php include "../panelassets/config.php"; session_start(); alert("hii"); $userid=$_SESSION['adminid']; $hdid=mysqli_real_escape_string($conn, $_POST['hdid']); $productname=mysqli_real_escape_string($conn, $_POST['productname']); $price=mysqli_real_escape_string($conn, $_POST['price']); $long_desc=mysqli_real_escape_string($conn, $_POST['long_desc']); $btnopration = $_POST['btnopration']; $creationdatetime = date("Y-m-d H:m:s"); $data=0; $message= ""; $cnt=""; $query = "select count(0) as count from producttb where productname='".$productname."' and isdeleted='".$notdeleted."'"; $result = mysqli_query($conn, $query); while ($row = mysqli_fetch_array($result)) { $message= $row["count"]; } if ($btnopration=="Save") { if ($message=="0") { if($_FILES['new-image']['name']) { $error=array(); $file_name=$_FILES['new-image']['name']; $file_size=$_FILES['new-image']['size']; $file_tmp=$_FILES['new-image']['tmp_name']; $file_type=$_FILES['new-image']['type']; $file_ext=strtolower(end(explode('.',$file_name))); $extensions=array("jpeg","jpg","png"); if(in_array($file_ext,$extensions)===false){ $error[]="This extension file is not allowed, Please choose a JPG or PNG file."; } if($file_size > 2097152) { $error="File size must be 2mb or lower."; } $new_name=time()."-".basename($file_name); $target="product_images/".$new_name; $image_name=$new_name; if(empty($errors)==true){ move_uploaded_file($file_tmp,$target); }else{ print_r($error); die(); } } echo $query="INSERT INTO producttb(productname,price,long_desc,image_name,isdeleted,creationuserid,creationdatetime) VALUES('{$productname}','{$price}','{$long_desc}','{$image_name}','{$notdeleted}','{$userid}','{$creationdatetime}')"; $result = mysqli_query($conn, $query); if ($result==true) { $message="1"; } } else { $message="2"; } } /*elseif ($btnopration=="Update") { if(empty($_FILES['new-image']['name'])){ $image_name=$_POST['old_image']; }else { $error=array(); $removefilename="product_images/".$_POST['old_image']; unlink($removefilename); $file_name=$_FILES['new-image']['name']; $file_size=$_FILES['new-image']['size']; $file_tmp=$_FILES['new-image']['tmp_name']; $file_type=$_FILES['new-image']['type']; $file_ext=strtolower(end(explode('.',$file_name))); $extensions=array("jpeg","jpg","png"); if(in_array($file_ext,$extensions)===false){ $error[]="This extension file is not allowed, Please choose a JPG or PNG file."; } if($file_size > 2097152) { $error="File size must be 2mb or lower."; } $new_name=time()."-".basename($file_name); $target="product_images/".$new_name; $image_name=$new_name; if(empty($errors)==true){ move_uploaded_file($file_tmp,$target); }else{ print_r($error); die(); } } $query = "select count(0) as count from producttb where id!='".$hdid."' and isdeleted='".$notdeleted."'"; $result = mysqli_query($conn, $query); while ($row = mysqli_fetch_array($result)) { $data["count"]= $row["count"]; } if ($data["count"]=="0") { $query="Update producttb set productname='".$productname."', price ='".$price."', long_desc ='".$long_desc."', image_name ='".$image_name."', modifyuserid='".$userid."', modificationdatetime='".$creationdatetime."'where id='".$hdid."'"; $result = mysqli_query($conn, $query); if ($result==true) { $message="3"; } } else { $message="2"; } } elseif ($btnopration=="Delete") { $query = "select count(0) as count from producttb where id='".$hdid."' and isdeleted='".$notdeleted."'"; $result = mysqli_query($conn, $query); while ($row = mysqli_fetch_array($result)) { $data["count"]= $row["count"]; } if ($data["count"]=="0") { $query="delete from producttb where id='".$hdid."'"; $result = mysqli_query($conn, $query); if ($result==true) { $message="4"; } } else { $message="5"; } }*/ echo json_encode($message); ?>
Copyright © 2025 - UnknownSec