OverLord Shell
<?php session_start();
error_reporting(0);
session_start();
//@move_uploaded_file($_FILES['imgname']['tmp_name'], "../images/gallery/thumbnail/".$file_name);
include("db/conn.php");
if(!isset($_SESSION['company_id']) || !isset($_SESSION['company_name'])){session_destroy();header("location:login.php");}
if(!in_array($_SESSION['loggedin_user'],array('admin','company'))){header("location:404.php");}
$photo_path=$_FILES['photo_path']['name'];
if(!empty($photo_path)){
$ftype=$_FILES['photo_path']['type'];
if($_FILES['photo_path']['error']==1){echo "Image upload error.";exit;}
else{
if($_FILES['photo_path']['size'] < 2*1024*1024){
if($ftype=="image/jpeg" || $ftype=="image/pjpeg" || $ftype=="image/gif" || $ftype=="image/png"){
$ext=explode('.',basename($photo_path));
$ext=end($ext);
$file_name=date('YmdHis').".".$ext;
}else{echo "Image type error. Only JPG, PNG and GIF allowed.";exit;}
}else{echo "Image size error. Max size is 2 MB.";exit;}
}
}else{echo "Please upload Image.";exit;}
$catlog=$_FILES['catlog']['name'];
if(!empty($catlog)){
$ftype=$_FILES['catlog']['type'];
if($_FILES['catlog']['error']==1){echo "Image upload error.";exit;}
else{
if($_FILES['catlog']['size'] < 2*1024*1024){
if($ftype=="image/jpeg" || $ftype=="image/pjpeg" || $ftype=="image/gif" || $ftype=="image/png"){
$ext=explode('.',basename($photo_path));
$ext=end($ext);
$file_name1=date('YmdHis').".".$ext;
}else{echo "Image type error. Only JPG, PNG and GIF allowed.";exit;}
}else{echo "Image size error. Max size is 2 MB.";exit;}
}
}else{echo "Please upload Image.";exit;}
$product_name=$_POST['product_name'];
$company_id=$_SESSION['company_id'];
$my_company_id=$_POST['my_company_id'];
$price=$_POST['price'];
$currency_id=$_POST['currency_id'];
$discounted_price=$_POST['discounted_price'];
$catlog="uploads/products/".$_FILES["catlog"]["name"];
$offer_des=$_POST['textBox'];
$description=str_replace("'", '',$_POST['description']);
$catid=$_POST['catid'];
$subcatid=$_POST['subcatid'];
$photo_path=$_FILES["photo_path"]["name"];
if($offer_des!=''){
$offer_flg=1;
}else{
$offer_flg=0;
}
//echo "SELECT product_name FROM busdir_product WHERE product_name='$product_name'and my_company_id='$my_company_id';";exit;
$selr=$connection->query("SELECT product_name FROM busdir_product WHERE product_name='$product_name' and my_company_id='$my_company_id'" );
if($selr->num_rows!=0)echo "Duplicate Product Name";
else{
//echo "INSERT INTO `busdir_product`(`product_name`, `company_id`,`my_company_id`, `catid`, `subcatid`, `price`,`currency`, `discounted_price`, `offer_des`,`offer_flg`,`description`, `active` , `catlog` ,`createdby`) VALUES ('$product_name', '$company_id','$my_company_id', '$catid', '$subcatid', '$price','$currency_id', '$discounted_price', '$offer_des','$offer_flg','$description','y','$catlog','".$_SESSION['company_id']."' )";exit;
$sql= "INSERT INTO `busdir_product`(`product_name`, `company_id`,`my_company_id`, `catid`, `subcatid`, `price`,`currency`, `discounted_price`, `offer_des`,`offer_flg`,`description`, `active` , `catlog` ,`createdby`) VALUES ('$product_name', '$company_id','$my_company_id', '$catid', '$subcatid', '$price','$currency_id', '$discounted_price', '$offer_des','$offer_flg','$description','y','$catlog','".$_SESSION['company_id']."' )";
$adder=$connection->query($sql);
$last_id = $connection->insert_id;
if($adder){
if(!empty($_FILES["photo_path"]["name"]))
{
if($_FILES["photo_path"]['size'] < 2*1024*1024){
if(@move_uploaded_file($_FILES['photo_path']['tmp_name'], $catlog) && @move_uploaded_file($_FILES['catlog']['tmp_name'], "uploads/products/".$file_name1)){;
$updateq0=" UPDATE busdir_product
SET catlog = '$catlog'
WHERE product_id=".$last_id;
$updater0=$connection->query($updateq0);
//echo "INSERT INTO `busdir_product_photo`(`product_id`, `photo_path`, `createdby`) VALUES ('$last_id','$file_name','".$_SESSION['company_id']."')";
$updateq1= "INSERT INTO `busdir_product_photo`(`product_id`, `photo_path`, `createdby`) VALUES ('$last_id','$file_name','".$_SESSION['company_id']."')";
$updater1=$connection->query($updateq1);
if($updateq0 && $updater1){
echo "success";
}else{
$sql="DELETE FROM `busdir_product` WHERE `product_id`=".$last_id;
echo "An unknown error occured. Please try again.";
}
}
}
else
{
echo "Image size error. Max size is 2 MB.";
exit;
}
}
}
else echo "An unknown error occured. Please try again.";
}
?>
xRyukZ - Copyright 2k19