ok

Mini Shell

Direktori : /proc/thread-self/root/home2/selectio/www/ramali.in/dashboard/api-firebase/
Upload File :
Current File : //proc/thread-self/root/home2/selectio/www/ramali.in/dashboard/api-firebase/offer-images.php

<?php
header('Access-Control-Allow-Origin: *');
session_start();
include '../includes/crud.php';
include_once '../includes/variables.php';
include_once '../includes/custom-functions.php';
$fn = new custom_functions;
include_once('verify-token.php');
$db = new Database();
$db->connect();
$response = array();

$config = $fn->get_configurations();
$time_slot_config = $fn->time_slot_config();
$time_zone = $fn->set_timezone($config);
if (!$time_zone) {
    $response['error'] = true;
    $response['message'] = "Time Zone is not set.";
    print_r(json_encode($response));
    return false;
    exit();
}

/*
1.get-offer-images.php
    accesskey:90336
    get-offer-images:1
*/

if (!isset($_POST['accesskey'])) {
    if (!isset($_GET['accesskey'])) {
        $response['error'] = true;
        $response['message'] = "Access key is invalid or not passed!";
        print_r(json_encode($response));
        return false;
    }
}

if (isset($_POST['accesskey'])) {
    $accesskey = $db->escapeString($fn->xss_clean($_POST['accesskey']));
} else {
    $accesskey = $db->escapeString($fn->xss_clean($_GET['accesskey']));
}

if ($access_key != $accesskey) {
    $response['error'] = true;
    $response['message'] = "invalid accesskey!";
    print_r(json_encode($response));
    return false;
}
if ((!isset($_REQUEST['ajax_call']))) {
    if (!verify_token()) {
        return false;
    }
}

if ((isset($_POST['add-image'])) && ($_POST['add-image'] == 1)) {

    $permissions = $fn->get_permissions($_SESSION['id']);

    if ($permissions['new_offers']['create'] == 0) {
        $response["message"] = "<p class='alert alert-danger'>You have no permission to create new offers.</p>";
        echo json_encode($response);
        return false;
    }
    $position = $db->escapeString($fn->xss_clean($_POST['position']));
    $main_title = $db->escapeString($fn->xss_clean($_POST['main_title']));
    $second_title = $db->escapeString($fn->xss_clean($_POST['second_title']));
    $section_position = isset($_POST['section_position']) ? $db->escapeString($fn->xss_clean($_POST['section_position'])) : "";
    $section_name = '';

    if (!empty($section_position)) {
        $section_data = $fn->get_data($columns = ['title'], 'id =' . $section_position, 'sections');
        $section_name = $section_data[0]['title'];
    }

    $image = $db->escapeString($fn->xss_clean($_FILES['image']['name']));
    $image_error = $db->escapeString($fn->xss_clean($_FILES['image']['error']));
    $image_type = $db->escapeString($fn->xss_clean($_FILES['image']['type']));
    $type = $db->escapeString($fn->xss_clean($_POST['type']));


    $target_path = '../upload/offers/';
    $error = array();

    error_reporting(E_ERROR | E_PARSE);
    $extension = end(explode(".", $_FILES["image"]["name"]));
    if ($image_error > 0) {
        $error['image'] = " <span class='label label-danger'>Not uploaded!</span>";
    } else {
        if ($type == 'image') {
            $result = $fn->validate_image($_FILES["image"]);
            if ($result) {
                $response["message"] = "<span class='label label-danger'>Image type must jpg, jpeg, gif, or png!</span>";
                echo json_encode($response);
                $error['image'] = " <span class='label label-danger'>Image type must jpg, jpeg, gif, or png!</span>";
                return false;
            }
        } else if ($type == 'video') {
            $result = $fn->validate_video($_FILES["image"]);
            if ($result) {
                $response["message"] = "<span class='label label-danger'>Video type must mp4, mpeg, webm, or mpg!</span>";
                echo json_encode($response);
                $error['image'] = " <span class='label label-danger'>Video type must mp4, mpeg, webm, or mpg!</span>";
                return false;
            }
        }
    }

    if (empty($error['image'])) {
        $mt = explode(' ', microtime());
        $microtime = ((int)$mt[1]) * 1000 + ((int)round($mt[0] * 1000));
        $file = preg_replace("/\s+/", "_", $_FILES['image']['name']);

        $image = $microtime . "." . $extension;

        if (!is_dir($target_path)) {
            mkdir($target_path, 0777, true);
        }

        $upload = move_uploaded_file($_FILES['image']['tmp_name'], '../upload/offers/' . $image);

        $upload_image = 'upload/offers/' . $image;
        $sql = "INSERT INTO `offers`(`image`,`position`,`main_title`,`second_title`,`section_position`,`type`) VALUES ('$upload_image','$position','$main_title','$second_title','$section_name','$type')";
        $db->sql($sql);
        $res = $db->getResult();

        $sql = "SELECT id FROM `offers` ORDER BY id DESC";
        $db->sql($sql);
        $res = $db->getResult();
        $response["message"] = "<p class='alert alert-success'>Offer Uploaded Successfully</p>";
        $response["id"] = $res[0]['id'];
    } else {
        $response["message"] = "<p class='alert alert-danger'>Offer could not be Uploaded!Try Again</p>";
    }
    echo json_encode($response);
}

if (isset($_GET['type']) && $_GET['type'] != '' && $_GET['type'] == 'delete-offer') {
    $permissions = $fn->get_permissions($_SESSION['id']);
    if ($permissions['new_offers']['delete'] == 0) {
        echo 2;
        return false;
    }
    $id        = $db->escapeString($fn->xss_clean($_GET['id']));
    $image     = $db->escapeString($fn->xss_clean($_GET['image']));

    if (!empty($image))
        unlink('../' . $image);

    $sql = 'DELETE FROM `offers` WHERE `id`=' . $id;
    if ($db->sql($sql)) {
        echo 1;
    } else {
        echo 0;
    }
}

if (isset($_POST['get-offer-images']) && !empty($_POST['get-offer-images'] && $_POST['get-offer-images'] == 1)) {
    if (!verify_token()) {
        return false;
    }

    $sql = 'select * from offers where status = 1 order by id desc ';
    $db->sql($sql);
    $result = $db->getResult();
    $response = $temp = $temp1 = array();
    if (!empty($result)) {
        $response['error'] = false;
        $response['message'] = "Offer images retrived successfully!";
        foreach ($result as $row) {
            $temp['id'] = $row['id'];
            $temp['image'] = DOMAIN_URL . $row['image'];
            $temp['position'] = !empty($row['position']) ? $row['position'] : "top";
            $temp['section_position'] = !empty($row['section_position']) ? $row['section_position'] : "";
            $temp1[] = $temp;
        }
        $response['data'] = $temp1;
    } else {
        $response['error'] = true;
        $response['message'] = "No offer images uploaded yet!";
    }
    print_r(json_encode($response));
}

Zerion Mini Shell 1.0