OverLord Shell
<?php session_start();
error_reporting(0);
session_start();
include("db/conn.php");
if(!isset($_SESSION['company_id']) || !isset($_SESSION['company_name'])){session_destroy();header("location:login.php");}
if(!in_array($_SESSION['loggedin_user'],array('admin','company'))){header("location:404.php");}
$textBox = htmlentities(trim($_POST['textBox']),ENT_QUOTES);
$description = htmlentities(trim($_POST['description']),ENT_QUOTES);
$patterns = array();
$patterns[0] = '/([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)/';
$patterns[1] = '/([0-9]+[\- ]?[0-9]{9}+)/';
$patterns[2] = '/([0-9]{2,}-[0-9]{0,}-[0-9]{0,})/';
$patterns[3] = "/(http|https|ftp|ftps)\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)?/";
$replacements = array();
$replacements[0] = '';
$replacements[1] = '';
$replacements[2] = '';
$replacements[3] = '';
//should use just one call of preg_replace for perfomance issues
$description = preg_replace($patterns, $replacements, $description);
$offer_des = preg_replace($patterns, $replacements, $textBox);
$pid=$_POST['product_id'];
$product_name=$_POST['product_name'];
$company_id=$_POST['company_id'];
$my_company_id=$_POST['my_company_id'];
$price=$_POST['price'];
$currency_id=$_POST['currency_id'];
$discounted_price=$_POST['discounted_price'];
$catlog=$_FILES["catlog"]["name"];
$catid=$_POST['catid'];
$subcatid=$_POST['subcatid'];
$keyword=$_POST['keyword'];
if($offer_des!=''){
$offer_flg=1;
}else{
$offer_flg=0;
}
//$text = str_replace("'", '', $string);
if(!empty($_FILES["catlog"]["name"]))
{
$cat=time()."_".basename($_FILES["catlog"]["name"]);
$catlogpath= "uploads/products/".time()."_".basename($_FILES["catlog"]["name"]);
if($_FILES["catlog"]['size'] < 2*1024*1024){
@unlink("uploads/products/".$_POST["old_catlog"]);
@move_uploaded_file($_FILES["catlog"]["tmp_name"], $catlogpath);
$updateq0="UPDATE busdir_product SET `catlog`='$cat'WHERE product_id=".$pid;
$updater0=$connection->query($updateq0);
$updateq1="UPDATE busdir_product_photo SET `photo_path`='$cat' WHERE product_id='".$pid."' and mycatlog='y'";
$updater1=$connection->query($updateq1);
}
else
{
echo "Image size error. Max size is 2 MB.";
exit;
}
}else{
$cat = $_POST["old_catlog"];
$updateq0="UPDATE busdir_product SET `catlog`='$cat' WHERE product_id=".$pid;
$updater0=$connection->query($updateq0);
}
$updateq= "UPDATE `busdir_product` SET
`product_name`='$product_name',
`price`='$price',
`currency`='$currency_id',
`my_company_id`='$my_company_id',
`discounted_price`='$discounted_price',
`description`='$description',
`offer_flg`='$offer_flg',
`offer_des`='$offer_des',
`keyword`='$keyword',
`catid`='$catid',
`subcatid`='$subcatid',
`company_id`='".$_SESSION['company_id']."',
`active`='y',
`modifiedby`='".$_SESSION['company_id']."'
WHERE `product_id`=$pid";
//echo $updateq;exit;
$updater=$connection->query($updateq);
if($updater)echo "success";
else echo "An unknown error occured. Please try again.";
?>
xRyukZ - Copyright 2k19