MOON
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4
System: Linux vps.panamaemb.org.sg 3.10.0-1160.80.1.vz7.191.4 #1 SMP Thu Dec 15 20:31:06 MSK 2022 x86_64
User: panama (500)
PHP: 5.2.17
Disabled: NONE
$ pwd: /home/panama/public_html_old/managesite/
Upload Files
File: /home/panama/public_html_old/managesite/event_edit_photo - Copy.php
<?php
	include("../include/config.php"); 
	include("../include/opner_admin.php");
	
	$event_id = base64_decode(trim($_GET['event_id']));
	if(!empty($_GET['edit_photo']))
	{
	   $edit_photo = base64_decode(trim($_GET['edit_photo']));
	}
	else {$edit_photo = base64_decode(trim($_POST['edit_photo'])); }
	//$edit_photo = base64_decode(empty(trim($_GET['edit_photo']))?trim($_POST['edit_photo']):trim($_GET['edit_photo'])); 
	$remove_photo = base64_decode(trim($_GET['remove_photo']));

	if(strlen(trim($remove_photo)) > 0)
	{
	    $db_del = new database();
		$db_del->where("photo_id=".$remove_photo." and event_id=".$event_id);		
		$db_del->delete("event_photos");	
	}
	
	
	
	
	if(strlen(trim($_POST["btnSave"])) > 0)
	{
		$oldimage = $_POST['image'];
		if($_FILES['new_image']['name']<>'')   {    $flag = $functions->isValidImage($_FILES['new_image']['type']); };
		if($flag =='0') { $error=1;  $err="Please provide Correct Image Format";	};	
			
		if($error <> 1)
		{					
			if($flag > 0)
			{				
				// UPLOAD Sign HERE			    
				$tokan = array(" ", "'","`","’");
				$image_name 	= time()."_".strtolower(str_replace($tokan, "_" , $_FILES['new_image']['name']));
				move_uploaded_file($_FILES['new_image']['tmp_name'] , "../uploaded_images/".$image_name);
					
				//delete previous image
				if($oldimage <>"")
				{
					 $oldpath="../uploaded_images/".$oldimage;
					 @unlink($oldpath);					
				}					
			} 
			else 
			{ 	$image_name = $_POST['image'];	}
			
			$title = $functions->anti_injection($_POST['title']);
	 	    
			$db = new database();
			$db->data("title",$title);
			$db->data("path",$image_name);
			if(!empty($edit_photo))
			{  
				$db->where("photo_id=".$edit_photo." and event_id=".$event_id);	
				$db->update("event_photos");
				$edit_photo ='';
//				$path =	$image_name;	
			}
			else
			{
				$db->data("event_id",$event_id);
				$db->addnew("event_photos");	
			}
			$err = "Event information updated successfully.";
			//header("location:event_listing.php");
		}
	}	
	if(strlen(trim($edit_photo)) > 0)
	{
	    $db_edit = new database();
		$db_edit->where("photo_id=".$edit_photo." and event_id=".$event_id);		
		$db_edit->selectstmt("event_photos");
		$title = $db_edit->f_title;
		$path = $db_edit->f_path;
	}
	
?>
<html>
<head>
	<title><?=SITE_ADMIN_TITLE?></title>
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
	<meta name="description" content="<?=META_DESCRIPTION?>" />
	<meta name="keywords" content="<?=META_KEYWORD?>" />
	<link href="css.css" rel="stylesheet" type="text/css" />
	<link rel="stylesheet" type="text/css" href="js/style.css" />
	<link href="calender/rfnet.css" rel="stylesheet" type="text/css">
	<script type="text/javascript" src="calender/datetimepicker_css.js"></script>
	<script type="text/javascript" src="js/lib/prototype.js"></script>
	<script type="text/javascript" src="js/src/effects.js"></script>
	<script type="text/javascript" src="js/validation.js"></script>
	
</head>
<body>
<? include("header.php")?>
  
	<?
	   $db_photo = new database();
	   $db_photo->where("event_id=".$event_id);
	   $db_photo->selectstmt("event_photos");
	   
	?>
	<form name="frmabout" id="frmabout" action="<?=$_SERVER['PHP_SELF']?>?event_id=<?=base64_encode($event_id);?>" method="post" enctype="multipart/form-data">
    	<div align="center" style="height:auto; border:none;">  
		    
			    <?
				     if($db_photo->row_count > 0)
					 {
				?>
				  <div style="width:50%;">
					  <div class="img_div_heading"><strong>Uploaded Image</strong></div>  
					  <div class="title_div_heading"><strong>Title</strong></div> 
					  <div class="edit_del_div_heading"><strong>Edit</strong></div>
					  <div class="edit_del_div_heading"><strong>Delete</strong></div>   
				<?	  
						  for($i=0;$i < $db_photo->row_count;$i++)
						  {
							 $db_photo->moveto($i);
				?>
					 <div class="img_div">
						 <img src="../display_image.php?path=uploaded_images/<?php echo $db_photo->f_path;?>&width=70&height=65&watermark=-1" border="0" style="padding-top:10px"/></div>
					 <div class="title_div"><?php echo $db_photo->f_title;?></div>
					 <div class="edit_del_div" >
					 	 <a href="event_edit_photo.php?event_id=<?=base64_encode($event_id);?>&edit_photo=<?php echo base64_encode($db_photo->f_photo_id);?>">
						 <img src="images/icon-edit.gif" alt="Edit" title="Edit" width="16" height="16" border="0" style="margin-top:23px"/></a></div>
					 <div class="edit_del_div" >
					  	 <a href="event_edit_photo.php?event_id=<?=base64_encode($event_id);?>&remove_photo=<?php echo base64_encode($db_photo->f_photo_id);?>">
						 <img src="images/delete.png" alt="Delete" title="Delete" width="16" height="16" border="0" style="margin-top:23px" /></a></div>	
				<?
				         }
					echo '</div>';
					}
					else
					{
				        echo '<div style=" min-height:15px; width:100%; margin:auto; float:left">';
						echo '<span class="error">No photo uploaded. Upload photos.</span></div>';
					}	
				?>	  			 
			 	 
			 <div style="clear:both; min-height:15px; width:100%; margin:auto; float:left">&nbsp;</div>
			 <div style="width:60%;">
			 <? if(isset($path)){?>
			      <div class="img_div1">
						 <img src="../display_image.php?path=uploaded_images/<?=$path;?>&width=100&height=100&watermark=-1" border="0" style="padding-top:15px"/> 				                  </div>
			   <? }?>
				  <div style="width:70%;height:auto">
				       <div style="width:100%;text-align:left" class="menu-inner2"><strong>Add Event Images</strong></div>
				       <span class="error"><?=$err?></span><br><br>
					   <div align="right" style="width:20%;float:left" class="menu-inner2">Title &nbsp;</div>
					   <div style="width:80%;text-align:left;"><input type="text" name="title" class="required" size="40" value="<?=$title?>" /></div>
					   <div style="clear:both;height:10px">&nbsp;</div>
					   <div align="right" style="width:20%;float:left" class="menu-inner2">Image &nbsp;</div>
					   <div style="width:80%;text-align:left;"><input type="file" name="new_image" id="new_image" class="textbold" size="35" /></div>
					   <div style="clear:both;height:10px">&nbsp;</div>
					   <? if (!empty($edit_photo))
					      {
					   ?>	  
	   				   		 <input type="hidden" name="image" value="<?=$path?>" />	
							 <input type="hidden" name="edit_photo" value="<?=base64_encode($edit_photo)?>" />
					   <?
					   	  }
					   ?>	  	 	
					   <div align="center">
					   <input name="btnSave" type="submit" class="btn" value="Submit" style="border:none;" />&nbsp;&nbsp;
					   <input name="btnBack" type="button" class="btn" value="Back to Listing" onClick="javascript:window.location='event_listing.php'" style="border:none;" /></div>
					   <div style="clear:both;height:10px">&nbsp;</div>
				   </div>				      	   		        
			 </div>	
			  <div style=" min-height:20px; width:100%; margin:auto; float:left">&nbsp;</div>		
		</div>
 	  
	  </div>
	  
	  
	  
	</form>
	<script type="text/javascript">
		function formCallback(result, form) {
			window.status = "valiation callback for form '" + form.id + "': result = " + result;
		}
		
		var valid = new Validation('frmabout', {immediate : true, onFormValidate : formCallback});
	</script>
</body>
</html>
@ Telegram