OverLord Shell

Path : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/
File Upload :
Current File : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/userproductadd_save.php

<?php session_start();
error_reporting(0);
session_start();
//@move_uploaded_file($_FILES['imgname']['tmp_name'], "../images/gallery/thumbnail/".$file_name);
include("db/conn.php");
if(!isset($_SESSION['company_id']) || !isset($_SESSION['company_name'])){session_destroy();header("location:login.php");}
if(!in_array($_SESSION['loggedin_user'],array('admin','company'))){header("location:404.php");}

/*$photo_path=$_FILES['photo_path']['name'];
if(!empty($photo_path)){
	$ftype=$_FILES['photo_path']['type'];
	if($_FILES['photo_path']['error']==1){echo "Image upload error.";exit;}
	else{
		if($_FILES['photo_path']['size'] < 2*1024*1024){
			if($ftype=="image/jpeg" || $ftype=="image/pjpeg" || $ftype=="image/gif" || $ftype=="image/png"){
				$ext=explode('.',basename($photo_path));
				$ext=end($ext);
				$file_name=date('YmdHis').".".$ext;
			}else{echo "Image type error. Only JPG, PNG and GIF allowed.";exit;}
		}else{echo "Image size error. Max size is 2 MB.";exit;}
	}
}else{echo "Please upload Image.";exit;}
*/
$catlog=$_FILES['catlog']['name'];
if(!empty($catlog)){
	$ftype=$_FILES['catlog']['type'];
	if($_FILES['catlog']['error']==1){echo "Image upload error.";exit;}
	else{
		if($_FILES['catlog']['size'] < 2*1024*1024){
			if($ftype=="image/jpeg" || $ftype=="image/pjpeg" || $ftype=="image/gif" || $ftype=="image/png"){
				$ext=explode('.',basename($photo_path));
				$ext=end($ext);
				$file_name1=date('YmdHis').".".$ext;
			}else{echo "Image type error. Only JPG, PNG and GIF allowed.";exit;}
		}else{echo "Image size error. Max size is 2 MB.";exit;}
	}
}else{echo "Please upload Image.";exit;}

  $textBox = htmlentities($_POST['textBox'],ENT_QUOTES);
  $description = htmlentities($_POST['description'],ENT_QUOTES);
    $patterns = array();
    $patterns[0] = '/([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)/';
    $patterns[1] = '/([0-9]+[\- ]?[0-9]{9}+)/';
	$patterns[2] = '/([0-9]{2,}-[0-9]{0,}-[0-9]{0,})/';
	$patterns[3] =  "/(http|https|ftp|ftps)\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)?/";
	
    $replacements = array();
    $replacements[0] = '';
    $replacements[1] = '';
	$replacements[2] = '';
	$replacements[3] = '';


    //should use just one call of preg_replace for perfomance issues
    $description = preg_replace($patterns, $replacements, $description);
	$textBox = preg_replace($patterns, $replacements, $textBox);


$product_name=$_POST['product_name'];
$company_id=$_SESSION['company_id'];
$my_company_id=$_POST['my_company_id'];
$price=$_POST['price'];
$currency_id=$_POST['currency_id']; 
$discounted_price=$_POST['discounted_price'];
$catlog=$_FILES["catlog"]["name"];
$offer_des=$textBox;
$description=$description;
$catid=$_POST['catid'];
$subcatid=$_POST['subcatid'];
$keyword=$_POST['keyword'];
//$photo_path=$_FILES["photo_path"]["name"];


if($offer_des!=''){
	$offer_flg=1;
	
}else{
	$offer_flg=0;
}
//echo "SELECT product_name FROM busdir_product WHERE product_name='$product_name'and my_company_id='$my_company_id';";exit;
$selr=$connection->query("SELECT product_name FROM busdir_product WHERE product_name='$product_name' and  my_company_id='$my_company_id'" );
if($selr->num_rows!=0)echo "Duplicate Product Name";
else{
	//echo "INSERT INTO `busdir_product`(`product_name`, `company_id`,`my_company_id`, `catid`, `subcatid`,  `price`,`currency`, `discounted_price`, `offer_des`,`offer_flg`,`description`, `active` , `catlog` ,`createdby`) VALUES ('$product_name', '$company_id','$my_company_id',  '$catid', '$subcatid',  '$price','$currency_id', '$discounted_price', '$offer_des','$offer_flg','$description','y','$photo_path','".$_SESSION['company_id']."' )";
   $sql=	"INSERT INTO `busdir_product`(`product_name`, `company_id`,`my_company_id`, `catid`, `subcatid`,  `price`,`currency`, `discounted_price`, `offer_des`,`offer_flg`,`description`, `active` , `catlog` ,`createdby`,`keyword`) VALUES ('$product_name', '$company_id','$my_company_id',  '$catid', '$subcatid',  '$price','$currency_id', '$discounted_price', '$offer_des','$offer_flg','$description','y','$catlog','".$_SESSION['company_id']."','".$keyword ."')";
			$adder=$connection->query($sql);
			
			 $last_id = $connection->insert_id;
			
			if($adder){
							
				if(!empty($_FILES["catlog"]["name"]))
{
	  	
	
		if($_FILES["photo_path"]['size'] < 2*1024*1024){
			
			if(@move_uploaded_file($_FILES['catlog']['tmp_name'], "uploads/products/".$catlog)){;
			    $updateq0="INSERT INTO `busdir_product_photo`(`product_id`, `photo_path`,  `active` ,`mycatlog`) VALUES ('$last_id','$catlog','y','y')";
						
						
						
			$updater0=$connection->query($updateq0);
			echo "success";
		
		
			
		}
		}
		else
		{
			
			echo "Image size error. Max size is 2 MB.";
			exit;
		}
}
				
			}
			
			
			else echo "An unknown error occured. Please try again.";
			
}

?>

xRyukZ - Copyright 2k19