Create New Item
×
Item Type
File
Folder
Item Name
×
Search file in folder and subfolders...
File Manager
/
admin
Advanced Search
Upload
New Item
Settings
Back
Back Up
Advanced Editor
Save
<?php include('authentication.php'); include('function.php'); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); if(isset($_POST['slider_detete_btn'])) { $slider_id= $_POST['slider_detete_btn']; $find_sql = "SELECT * FROM slider WHERE id = ? LIMIT 1"; $stmt = $conn->prepare($find_sql); $stmt->bind_param("s", $_POST['slider_detete_btn']); // Assuming modal_id is a string. Use "i" for integer. $stmt->execute(); $result = $stmt->get_result(); // $check_img_query = "SELECT * FROM slider WHERE id ='$slider_id' LIMIT 1"; // $img_res = mysqli_query($con, $check_img_query); $res_data = mysqli_fetch_array($result); $image = $res_data['image']; $find_sql = "DELETE from slider WHERE id = ? LIMIT 1"; $stmt2 = $conn->prepare($find_sql); $stmt2->bind_param("s", $_POST['slider_detete_btn']); // Assuming modal_id is a string. Use "i" for integer. $stmt2->execute(); // $query = "DELETE from slider WHERE id = '$slider_id' LIMIT 1"; // $query_run = mysqli_query($con, $query); if($stmt && $stmt2) { if(file_exists('../uploads/slider/'.$image)) { unlink('../uploads/slider/'.$image); } $_SESSION['message'] = "Slider Deleted Successfully"; header('Location: slider-view.php'); exit(0); }else{ $_SESSION['message'] = "Something Went Wrong"; header('Location: slider-view.php'); exit(0); } } if(isset($_POST['slider_update'])) { $slider_id = $_POST['slider_id']; // $name = $_POST['name']; $name = mysqli_real_escape_string($conn, $_POST['name']); // $name_bn = $_POST['name_bn']; $name_bn = mysqli_real_escape_string($conn, $_POST['name_bn']); $author = $_POST['author']; $old_filename = $_POST['old_image']; $image = $_FILES['image']['name']; $update_filename = ""; if($image != NULL) { //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $update_filename = $filename; } else { $update_filename = $old_filename; } if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } // $query = "UPDATE slider SET name='$name', name_bn='$name_bn', image = '$update_filename', author ='$author', status ='$status' WHERE id = '$slider_id'"; // $query_run = mysqli_query($con, $query); $find_sql= "UPDATE slider SET name = ?, name_bn = ?, image = ?, author = ?, status = ? WHERE id = ?"; $stmt = $conn->prepare($find_sql); $stmt->bind_param('sssssi', $name, $name_bn, $update_filename, $author, $status, $_POST['slider_id']); $stmt->execute(); // $stmt->close(); if($stmt) { if($image != NULL) { if(file_exists('../uploads/slider/'.$old_filename)) { unlink('../uploads/slider/'.$old_filename); } move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/slider/'.$update_filename); } $_SESSION['message'] = "Updated Successfully"; header('Location: slider-edit.php?id='.$slider_id); exit(0); }else{ $_SESSION['message'] = "Something Went Wrong"; header('Location: slider-edit.php?id='.$slider_id); exit(0); } } if(isset($_POST['slider_add'])) { $name = mysqli_real_escape_string($con, $_POST['name']); $name_bn = mysqli_real_escape_string($con, $_POST['name_bn']); $image = $_FILES['image']['name']; //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $author = $_POST['author']; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("INSERT INTO slider (name, name_bn, image, author, status) VALUES (?, ?, ?, ?, ?)"); $stmt->bind_param('sssss', $name, $name_bn, $filename, $author, $status); $stmt->execute(); $stmt->close(); // $query= "INSERT into slider (name, name_bn, image, author, status) VALUES ('$name', '$name_bn', '$filename','$author' ,'$status' )"; // $query_run = mysqli_query($con, $query); if($stmt) { move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/slider/'.$filename); $_SESSION['message'] = "Slider Created Successfully"; header('Location: slider-add.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: slider-add.php'); exit(0); } } //Gallery Add if(isset($_POST['gallery_add'])) { $category_id = $_POST['category_id']; $field_1 = mysqli_real_escape_string($con, $_POST['field_1']); $field_2 = mysqli_real_escape_string($con, $_POST['field_2']); //$field_3 = mysqli_real_escape_string($con, $_POST['field_3']); //$field_4 = mysqli_real_escape_string($con, $_POST['field_4']); $image = $_FILES['image']['name']; //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $author = $_POST['author']; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("INSERT into gallery (category_id, field_1, field_2, image, author, status) VALUES (?, ?,?, ?,?, ?)"); $stmt->bind_param('ssssss', $category_id, $field_1, $field_2, $filename, $author ,$status); $stmt->execute(); $stmt->close(); // $query= "INSERT into gallery (category_id, field_1, field_2, field_3, field_4, image, author, status) // VALUES ('$category_id', '$field_1', '$field_2','$field_3', '$field_4', '$filename','$author' ,'$status' )"; // $query_run = mysqli_query($con, $query); if($stmt) { move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/gallery/'.$filename); $_SESSION['message'] = "Gallery Image Added Successfully"; header('Location: gallery-view.php?id='.$category_id); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: gallery-add.php'); exit(0); } } //gallery update if(isset($_POST['gallery_update'])) { $gallery_id = $_POST['gallery_id']; $category_id = $_POST['category_id']; $field_1 = mysqli_real_escape_string($con, $_POST['field_1']); $field_2 = mysqli_real_escape_string($con, $_POST['field_2']); // $field_3 = mysqli_real_escape_string($con, $_POST['field_3']); // $field_4 = mysqli_real_escape_string($con, $_POST['field_4']); $author = $_POST['author']; $old_filename = $_POST['old_image']; $image = $_FILES['image']['name']; $update_filename = ""; if($image != NULL) { //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $update_filename = $filename; }else{ $update_filename = $old_filename; } if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("UPDATE gallery SET category_id = ?, field_1 = ?, field_2 = ?, image = ?, author = ?, status = ? WHERE id = ?"); $stmt->bind_param('ssssssi', $category_id, $field_1, $field_2, $update_filename, $author, $status, $gallery_id ); $stmt->execute(); $stmt->close(); // $query = "UPDATE gallery SET category_id='$category_id', field_1='$field_1', field_2='$field_2', image = '$update_filename', author ='$author', status ='$status' WHERE id = '$gallery_id'"; // $query_run = mysqli_query($con, $query); if($stmt) { if($image != NULL) { if(file_exists('../uploads/gallery/'.$old_filename)) { unlink('../uploads/gallery/'.$old_filename); } move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/gallery/'.$update_filename); } $_SESSION['message'] = "Gallery Updated Successfully"; header('Location: gallery-view.php?id='.$category_id); exit(0); }else{ $_SESSION['message'] = "Something Went Wrong"; header('Location: gallery-view.php?id='.$category_id); exit(0); } } if(isset($_POST['gallery_detete_btn'])) { $gallery_id= $_POST['gallery_detete_btn']; $category_id = $_POST['category_id']; $stmt = $conn->prepare("SELECT * FROM gallery WHERE id = ? LIMIT 1"); $stmt->bind_param("s", $gallery_id); $stmt->execute(); $result = $stmt->get_result(); // $check_img_query = "SELECT * FROM gallery WHERE id ='$gallery_id' LIMIT 1"; // $img_res = mysqli_query($con, $check_img_query); $res_data = mysqli_fetch_array($result); $image = $res_data['image']; $stmt = $conn->prepare("DELETE from gallery WHERE id = ? LIMIT 1"); $stmt->bind_param("s", $gallery_id); $stmt->execute(); // $query = "DELETE from gallery WHERE id = '$gallery_id' LIMIT 1"; // $query_run = mysqli_query($con, $query); if($stmt) { if(file_exists('../uploads/gallery/'.$image)) { unlink('../uploads/gallery/'.$image); } $_SESSION['message'] = "Image Deleted Successfully"; header('Location: gallery-view.php?id='.$category_id); exit(0); }else{ $_SESSION['message'] = "Something Went Wrong"; header('Location: gallery-view.php?id='.$category_id); exit(0); } } if(isset($_POST['service_update'])) { $service_id = $_POST['service_id']; $name = mysqli_real_escape_string($con, $_POST['name']); $name_bn = mysqli_real_escape_string($con, $_POST['name_bn']); // slug take from form /*$string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']); $final_string = preg_replace('/-+/', '-', $string); $name = $final_string;*/ // slug generated by function //$name= $_POST['slug']; $table = "services"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); $description_bn = mysqli_real_escape_string($con, $_POST['description_bn']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); $old_filename = $_POST['old_image']; $image = $_FILES['image']['name']; $update_filename = ""; if($image != NULL) { //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $update_filename = $filename; } else { $update_filename = $old_filename; } $old_filename2 = $_POST['old_image2']; $icon = $_FILES['icon']['name']; $update_filename2 = ""; if($icon != NULL) { //rename this image $image_extension = pathinfo($icon, PATHINFO_EXTENSION); $filename= time().'2.'.$image_extension; $update_filename2 = $filename; } else { $update_filename2 = $old_filename2; } if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } /* $query = "UPDATE services SET name='$name', name_bn='$name_bn', slug ='$slug', description ='$description', description_bn ='$description_bn', image = '$update_filename', icon = '$update_filename2', meta_title ='$meta_title', meta_description ='$meta_description', meta_keyword ='$meta_keyword', status ='$status' WHERE id = '$service_id'"; $query_run = mysqli_query($con, $query); */ $stmt = $conn->prepare("UPDATE services SET name=?, slug = ?, description =?, image = ?, icon = ?, meta_title =?, meta_description =?, meta_keyword =?, status = ? WHERE id = ?"); $stmt->bind_param('sssssssssi', $name, $slug, $description, $update_filename, $update_filename2, $meta_title, $meta_description, $meta_keyword, $status, $service_id); $stmt->execute(); if($stmt) { if($image != NULL) { if(file_exists('../uploads/service/'.$old_filename)) { unlink('../uploads/service/'.$old_filename); } move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/service/'.$update_filename); } if($icon != NULL) { if(file_exists('../uploads/service/'.$old_filename2)) { unlink('../uploads/service/'.$old_filename2); } move_uploaded_file($_FILES['icon']['tmp_name'], '../uploads/service/'.$update_filename2); } $_SESSION['message'] = "Service Updated Successfully"; header('Location: service-edit.php?id='.$service_id); exit(0); }else{ $_SESSION['message'] = $query;//"Something Went Wrong"; header('Location: service-edit.php?id='.$service_id); exit(0); } } if(isset($_POST['add_service'])) { $name = mysqli_real_escape_string($con, $_POST['name']); $name_bn = mysqli_real_escape_string($con, $_POST['name_bn']); // slug take from form $string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['name']);//remove all special characters $final_string = preg_replace('/-+/', '-', $string); $slug = $final_string; // slug generated by function $table = "services"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); $description_bn = mysqli_real_escape_string($con, $_POST['description_bn']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); $image = $_FILES['image']['name']; //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $icon = $_FILES['icon']['name']; //rename this image $image_extension = pathinfo($icon, PATHINFO_EXTENSION); $iconfilename= time().'2.'.$image_extension; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("INSERT INTO services (name, name_bn, slug, description, description_bn, image, icon, meta_title, meta_description, meta_keyword, status) VALUES (?, ?,?, ?,?, ?,?, ?,?, ?,?)"); $stmt->bind_param('sssssssssss', $name, $name_bn, $slug, $description, $description_bn, $filename, $iconfilename, $meta_title, $meta_description, $meta_keyword,$status ); $stmt->execute(); $stmt->close(); /* $query= "INSERT into services (name, name_bn, slug, description, description_bn, image, icon, meta_title, meta_description, meta_keyword, status) VALUES ('$name', '$name_bn', '$slug', '$description', '$description_bn', '$filename', '$iconfilename', '$meta_title', '$meta_description', '$meta_keyword','$status' )"; $query_run = mysqli_query($con, $query); */ if($stmt) { move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/service/'.$filename); move_uploaded_file($_FILES['icon']['tmp_name'], '../uploads/service/'.$iconfilename); $_SESSION['message'] = "Service Created Successfully"; header('Location: service-view.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: service-view.php'); exit(0); } } //page add if(isset($_POST['add_page'])) { $category_id = mysqli_real_escape_string($con, $_POST['category_id']); $sql = "SELECT name from categories WHERE id = '$category_id' AND status ='0'"; $result = $conn->query($sql); if ($result->num_rows > 0) { // Show each data returned by mysql while($row = $result->fetch_assoc()) { $cat_name = $row["name"]; }} $name = mysqli_real_escape_string($con, $_POST['name']); $name_bn = mysqli_real_escape_string($con, $_POST['name_bn']); // slug take from form //$string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']);//remove all special characters //$final_string = preg_replace('/-+/', '-', $string); //$slug = $final_string; // slug generated by function $table = "pages"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); $description_bn = mysqli_real_escape_string($con, $_POST['description_bn']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); $image = $_FILES['image']['name']; //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $icon = $_FILES['icon']['name']; //rename this image $image_extension1 = pathinfo($icon, PATHINFO_EXTENSION); $iconfilename= time().'2.'.$image_extension1; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("INSERT INTO pages (category_id, category, name, name_bn, slug, description, description_bn, image, icon, meta_title, meta_description, meta_keyword, status) VALUES (?, ?,?, ?,?, ?,?, ?,?, ?,?,?,?)"); $stmt->bind_param('sssssssssssss', $category_id, $cat_name, $name, $name_bn, $slug, $description, $description_bn, $filename, $iconfilename, $meta_title, $meta_description, $meta_keyword,$status ); $stmt->execute(); $stmt->close(); /* $query= "INSERT into pages (name, name_bn, slug, description, description_bn, image, icon, meta_title, meta_description, meta_keyword, status) VALUES ('$name', '$name_bn', '$slug', '$description', '$description_bn', '$filename', '$iconfilename', '$meta_title', '$meta_description', '$meta_keyword','$status' )"; $query_run = mysqli_query($con, $query); */ if($stmt) { move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/page/'.$filename); move_uploaded_file($_FILES['icon']['tmp_name'], '../uploads/page/'.$iconfilename); $_SESSION['message'] = "Page Created Successfully"; header('Location: page-view.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: page-view.php'); exit(0); } } //page update if(isset($_POST['page_update'])) { $page_id = $_POST['page_id']; $category_id = $_POST['category_id']; $sql = "SELECT name from categories WHERE id = '$category_id' AND status ='0'"; //category name fetch $result = $conn->query($sql); if ($result->num_rows > 0) { // Show each data returned by mysql while($row = $result->fetch_assoc()) { $cat_name = $row["name"]; }} $name = mysqli_real_escape_string($con, $_POST['name']); $name_bn = mysqli_real_escape_string($con, $_POST['name_bn']); // slug take from form $string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']);//remove all special characters $final_string = preg_replace('/-+/', '-', $string); $slug = $final_string; // slug generated by function $table = "pages"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); $description_bn = mysqli_real_escape_string($con, $_POST['description_bn']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); $old_filename = $_POST['old_image']; $image = $_FILES['image']['name']; $update_filename = ""; if($image != NULL) { //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $update_filename = $filename; } else { $update_filename = $old_filename; } $old_filename2 = $_POST['old_image2']; $icon = $_FILES['icon']['name']; $update_filename2 = ""; if($icon != NULL) { //rename this image $image_extension = pathinfo($icon, PATHINFO_EXTENSION); $filename= time().'2.'.$image_extension; $update_filename2 = $filename; } else { $update_filename2 = $old_filename2; } if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("UPDATE pages SET category_id = ?, category = ?, name= ?, name_bn= ?, slug = ?, description =? , description_bn =?, image = ?, icon = ?, meta_title =?, meta_description =?, meta_keyword =?, status =? WHERE id = ?"); $stmt->bind_param('sssssssssssssi', $category_id, $cat_name, $name, $name_bn, $slug, $description, $description_bn, $update_filename, $update_filename2, $meta_title, $meta_description, $meta_keyword,$status, $page_id); $stmt->execute(); $stmt->close(); if($stmt) { if($image != NULL) { if(file_exists('../uploads/page/'.$old_filename)) { unlink('../uploads/page/'.$old_filename); } move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/page/'.$update_filename); } if($icon != NULL) { if(file_exists('../uploads/page/'.$old_filename2)) { unlink('../uploads/page/'.$old_filename2); } move_uploaded_file($_FILES['icon']['tmp_name'], '../uploads/page/'.$update_filename2); } $_SESSION['message'] = "page Updated Successfully"; header('Location: page-edit.php?id='.$page_id); exit(0); }else{ $_SESSION['message'] = $query;//"Something Went Wrong"; header('Location: page-edit.php?id='.$page_id); exit(0); } } if(isset($_POST['post_detete_btn'])) { // $post_id= $_POST['post_detete_btn']; /*$check_img_query = "SELECT * FROM posts WHERE id ='$post_id' LIMIT 1"; $img_res = mysqli_query($con, $check_img_query); $res_data = mysqli_fetch_array($img_res);*/ $stmt = $conn->prepare("SELECT * FROM posts WHERE id = ? LIMIT 1"); $stmt->bind_param("s", $_POST['post_detete_btn']); $stmt->execute(); $result = $stmt->get_result(); $res_data = mysqli_fetch_array($result); $image = $res_data['image']; $stmt2 = $conn->prepare("DELETE from posts WHERE id = ? LIMIT 1"); $stmt2->bind_param("i", $_POST['post_detete_btn']); $stmt2->execute(); //$query = "DELETE from posts WHERE id = '$post_id' LIMIT 1"; //$query_run = mysqli_query($con, $query); if($stmt && $stmt2) { if(file_exists('../'.$image)) { unlink('../'.$image); } $_SESSION['message'] = "Post Deleted Successfully"; header('Location: post-view.php'); exit(0); }else{ $_SESSION['message'] = "Something Went Wrong"; header('Location: post-view.php'); exit(0); } } if(isset($_POST['post_update'])) { $post_id = $_POST['post_id']; $category_id = $_POST['category_id']; $name = mysqli_real_escape_string($con, $_POST['name']); // $name_bn = mysqli_real_escape_string($con, $_POST['name_bn']); $sql = "SELECT name from categories WHERE id = '$category_id' AND status ='0'"; $result = $conn->query($sql); if ($result->num_rows > 0) { // Show each data returned by mysql while($row = $result->fetch_assoc()) { $cat_name = $row["name"]; }} // slug take from form /*$string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']);//remove all special characters $final_string = preg_replace('/-+/', '-', $string); $slug = $final_string;*/ // slug generated by function $table = "posts"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); // $description_bn = mysqli_real_escape_string($con, $_POST['description_bn']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); $date= $_POST['date']; $author = $_POST['author']; //$status = $_POST['status'] == true ? '1':'0'; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $old_filename = $_POST['old_image']; $image = $_FILES['image']['name']; $frmdomain_path = ""; if($image != NULL) { //rename this image //image upload code purpose $temp = explode(".", $_FILES["image"]["name"]); $extension = end($temp); if(!( $_FILES['image']['type']=='image/jpeg' || $_FILES['image']['type']=='image/png' || $_FILES['image']['type']=='image/gif' || $_FILES['image']['type']=='image/bmp' )) // if file does not equal these types, kill it { echo $_FILES['image']['type'] . " is not an acceptable format."; die(); } if ($_FILES["image"]["size"] > 1000000) { echo "File too big. Max 1 mb Accepted!"; die(); } if ($_FILES["image"]["error"] > 0) { echo "Return Code: " . $_FILES["image"]["error"] . "<br>"; } else { //for image file $newname = $slug; $new_file_name = $newname.".".$extension; $path = "../uploads/"; $year_folder = $path . date("Y"); $month_folder = $year_folder . '/' . date("m"); !file_exists($year_folder) && mkdir($year_folder , 0777); !file_exists($month_folder) && mkdir($month_folder, 0777); $path = $month_folder . '/' . $new_file_name; $frmdomain_path = ltrim($path, '..'); } } else { $frmdomain_path = $old_filename; } //if image not null end // $path = "../uploads/posts/".$new_file_name; // $frmdomain_path = "/uploads/posts/".$new_file_name; /* $query= "INSERT into posts (category_id, name, slug, description, image, meta_title, meta_description, meta_keyword, date, author, status) VALUES ('$category_id', '$name', '$slug', '$description', '$frmdomain_path', '$meta_title', '$meta_description', '$meta_keyword','$date','$author' ,'$status' )"; $query_run = mysqli_query($con, $query); */ /* $query = "UPDATE posts SET category_id ='$category_id' , name='$name', slug ='$slug', description ='$description', image = '$frmdomain_path', meta_title ='$meta_title', meta_description ='$meta_description', meta_keyword ='$meta_keyword', date ='$date' , author ='$author', status ='$status' WHERE id = '$post_id'"; $query_run = mysqli_query($con, $query); */ $stmt = $conn->prepare("UPDATE posts SET category_id =?, category = ?, name=?, slug =?, description =?, image = ?, meta_title =?, meta_description =?, meta_keyword =?, date =? , author =?, status =? WHERE id = ?"); $stmt->bind_param('ssssssssssssi', $category_id, $cat_name, $name, $slug, $description, $frmdomain_path, $meta_title, $meta_description, $meta_keyword, $date, $author ,$status, $post_id); $stmt->execute(); $stmt->close(); if($stmt) { if($image != NULL) { if(file_exists('..'.$old_filename)) { unlink('..'.$old_filename); } // move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/'.$frmdomain_path); move_uploaded_file($_FILES["image"]["tmp_name"],$path); echo json_encode(array( "success" => true, "imagepath" => $path, "filetype" => $_FILES["image"]["type"], "new_file_name" => $newname, "fileName" => $_FILES["image"]["name"], "fileTmp" => $_FILES["image"]["tmp_name"], )); } $_SESSION['message'] = "Post Updated Successfully"; header('Location: post-edit.php?id='.$post_id); exit(0); }else{ $_SESSION['message'] = "Something Went Wrong"; header('Location: post-edit.php?id='.$post_id); exit(0); } //query run end }//isset button end if(isset($_POST['post_add'])) { // ob_start(); // Start output buffering $category_id = mysqli_real_escape_string($con, $_POST['category_id']); $sql = "SELECT name from categories WHERE id = '$category_id' AND status ='0'"; $result = $conn->query($sql); if ($result->num_rows > 0) { // Show each data returned by mysql while($row = $result->fetch_assoc()) { $cat_name = $row["name"]; }} $name = mysqli_real_escape_string($con, $_POST['name']); // $name_bn = mysqli_real_escape_string($con, $_POST['name_bn']); // slug take from form /* $string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']);//remove all special characters $final_string = preg_replace('/-+/', '-', $string); $slug = $final_string;*/ // slug generated by function $table = "posts"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); //$description_bn = mysqli_real_escape_string($con, $_POST['description_bn']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); $date= $_POST['date']; $author = $_POST['author']; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } /* $image = $_FILES['image']['name']; //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension;*/ //image upload code purpose $temp = explode(".", $_FILES["image"]["name"]); $extension = end($temp); if(!( $_FILES['image']['type']=='image/jpeg' || $_FILES['image']['type']=='image/png' || $_FILES['image']['type']=='image/gif' || $_FILES['image']['type']=='image/bmp' )) // if file does not equal these types, kill it { echo $_FILES['image']['type'] . " is not an acceptable format."; die(); } if ($_FILES["image"]["size"] > 1000000) { echo "File too big. Max 1 mb Accepted!"; die(); } if ($_FILES["image"]["error"] > 0) { echo "Return Code: " . $_FILES["image"]["error"] . "<br>"; } else { //for image file $newname = $slug; $new_file_name = $newname.".".$extension; $path = "../uploads/"; // $path = "uploads/"; $year_folder = $path . date("Y"); $month_folder = $year_folder . '/' . date("m"); !file_exists($year_folder) && mkdir($year_folder , 0777); !file_exists($month_folder) && mkdir($month_folder, 0777); $path = $month_folder . '/' . $new_file_name; // $frmdomain_path = ltrim($path, '../'); if (str_starts_with($path, '../')) { $frmdomain_path = mb_substr($path, 3); // Remove the first three characters '../' } else { $frmdomain_path = $path; } $stmt = $con->prepare("INSERT into posts (category_id, category, name, slug, description, image, meta_title, meta_description, meta_keyword, date, author, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?)"); $stmt->bind_param('ssssssssssss', $category_id, $cat_name, $name, $slug, $description, $frmdomain_path, $meta_title, $meta_description, $meta_keyword,$date,$author ,$status); $stmt->execute(); $stmt->close(); // $path = "../uploads/posts/".$new_file_name; // $frmdomain_path = "/uploads/posts/".$new_file_name; /* $query= "INSERT into posts (category_id, name, slug, description, image, meta_title, meta_description, meta_keyword, date, author, status) VALUES ('$category_id', '$name', '$slug', '$description', '$frmdomain_path', '$meta_title', '$meta_description', '$meta_keyword','$date','$author' ,'$status' )"; $query_run = mysqli_query($con, $query); */ if($stmt) { move_uploaded_file($_FILES["image"]["tmp_name"],$path); json_encode(array( "success" => true, "imagepath" => $path, "filetype" => $_FILES["image"]["type"], "new_file_name" => $newname, "fileName" => $_FILES["image"]["name"], "fileTmp" => $_FILES["image"]["tmp_name"], )); //move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/posts/'.$filename); $_SESSION['message'] ="Post Created Successfully"; header('Location:post-add.php'); // ob_end_flush(); // Flush output buffer and send headers exit;; }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location:post-add.php'); exit;; }//if query run end } //if file error end } //if isset end if(isset($_POST['category_update'])) { $category_id = $_POST['category_id']; $name = mysqli_real_escape_string($con, $_POST['name']); // slug take from form $string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']);//remove all special characters $final_string = preg_replace('/-+/', '-', $string); $slug = $final_string; // slug generated by function $table = "categories"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); $category_type = mysqli_real_escape_string($con, $_POST['category_type']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); $navbar_status = $_POST['navbar_status'] == true ? '1':'0'; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("UPDATE categories SET name = ?, slug = ?, description = ?, category_type = ?, meta_title = ?, meta_description = ?, meta_keyword = ?, navbar_status = ?, status = ? WHERE id = ?"); $stmt->bind_param('sssssssssi', $name, $slug, $description, $category_type, $meta_title, $meta_description, $meta_keyword, $navbar_status, $status, $category_id); $stmt->execute(); $stmt->close(); /* $query= "UPDATE categories SET name = '$name', slug = '$slug', description = '$description', category_type = '$category_type', meta_title = '$meta_title', meta_description = '$meta_description', meta_keyword = '$meta_keyword', navbar_status = '$navbar_status', status = '$status' WHERE id = $category_id"; $query_run= mysqli_query($con, $query); */ if($stmt) { $_SESSION['message'] ="Category Updated Successfully"; header('Location: category-edit.php?id='.$category_id); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: category-edit.php?id='.$category_id); exit(0); } } if(isset($_POST['category_add'])) { $name = mysqli_real_escape_string($con, $_POST['name']); // $string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']); //$final_string = preg_replace('/-+/', '-', $string); //$slug = $final_string; // slug generated by function $table = "categories"; $slug = generateSlug($name, $table); $description = mysqli_real_escape_string($con, $_POST['description']); $category_type = mysqli_real_escape_string($con, $_POST['category_type']); $meta_title = mysqli_real_escape_string($con, $_POST['meta_title']); $meta_description = mysqli_real_escape_string($con, $_POST['meta_description']); $meta_keyword = mysqli_real_escape_string($con, $_POST['meta_keyword']); if(isset($_POST['navbar_status'])) { // $navbar_status = $_POST['navbar_status']; $navbar_status = $_POST['navbar_status'] == true ? '1':'0'; } else { $navbar_status = '0'; // echo "Warning: 'navbar_status' is not set in the POST array."; } // $navbar_status = $_POST['navbar_status'] == true ? '1':'0'; // $status = $_POST['status'] == true ? '1':'0'; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("INSERT INTO categories (name, slug, description, category_type, meta_title, meta_description, meta_keyword, navbar_status, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param('sssssssss', $name, $slug, $description, $category_type, $meta_title, $meta_description, $meta_keyword, $navbar_status, $status); $stmt->execute(); $stmt->close(); /* $query="INSERT INTO categories (name, slug, description, category_type, meta_title, meta_description, meta_keyword, navbar_status, status) VALUES ('$name', '$slug', '$description', '$category_type', '$meta_title', '$meta_description', '$meta_keyword', '$navbar_status', '$status')"; $query_run= mysqli_query($con, $query); */ if($stmt) { $_SESSION['message'] ="Category Added Successfully"; header('Location: category-view.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: category-add.php'); exit(0); } } //Location Start if(isset($_POST['location_add'])) { $zone_name = mysqli_real_escape_string($con, $_POST['zone_name']); $br_name = mysqli_real_escape_string($con, $_POST['br_name']); $type = mysqli_real_escape_string($con, $_POST['type']); $br_address = mysqli_real_escape_string($con, $_POST['br_address']); $inaguration = mysqli_real_escape_string($con, $_POST['inaguration']); $lattitude = mysqli_real_escape_string($con, $_POST['lattitude']); $longitude = mysqli_real_escape_string($con, $_POST['longitude']); $email = mysqli_real_escape_string($con, $_POST['email']); $br_manager = mysqli_real_escape_string($con, $_POST['br_manager']); $man_opration = mysqli_real_escape_string($con, $_POST['man_opration']); $br_code = mysqli_real_escape_string($con, $_POST['br_code']); $routing_no = mysqli_real_escape_string($con, $_POST['routing_no']); $phone_no = mysqli_real_escape_string($con, $_POST['phone_no']); $fax = mysqli_real_escape_string($con, $_POST['fax']); $mother_br = mysqli_real_escape_string($con, $_POST['mother_br']); // $navbar_status = $_POST['navbar_status'] == true ? '1':'0'; // $status = $_POST['status'] == true ? '1':'0'; $stmt = $conn->prepare("INSERT INTO location (zone_name, br_name, br_address, inaguration, lattitude, longitude, email, br_manager, man_opration, br_code, routing_no, type, phone_no, fax, mother_br) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param('sssssssssssssss', $zone_name, $br_name, $br_address, $inaguration, $lattitude, $longitude, $email, $br_manager, $man_opration, $br_code, $routing_no, $type, $phone_no, $fax, $mother_br); $stmt->execute(); $stmt->close(); /* $query="INSERT INTO location (zone_name, br_name, br_address, inaguration, lattitude, longitude, email, br_manager, man_opration, br_code, routing_no, type, phone_no, fax, mother_br) VALUES ('$zone_name', '$br_name', '$br_address', '$inaguration', '$lattitude', '$longitude', '$email', '$br_manager', '$man_opration', '$br_code', '$routing_no', '$type', '$phone_no', '$fax', '$mother_br')"; $query_run= mysqli_query($con, $query); */ if($stmt) { $_SESSION['message'] = $zone_name;//"Location Added Successfully"; header('Location: location-view.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: location-add.php'); exit(0); } } if(isset($_POST['location_update'])) { // // slug take from form // $string = preg_replace('/[^A-Za-z0-9\-]/','-',$_POST['slug']);//remove all special characters // $final_string = preg_replace('/-+/', '-', $string); // $slug = $final_string; // // slug generated by function // $slug = generateSlug($name); $id = $_POST['location_id']; $zone_name = mysqli_real_escape_string($con, $_POST['zone_name']); $br_name = mysqli_real_escape_string($con, $_POST['br_name']); $type = mysqli_real_escape_string($con, $_POST['type']); $br_address = mysqli_real_escape_string($con, $_POST['br_address']); $inaguration = mysqli_real_escape_string($con, $_POST['inaguration']); $lattitude = mysqli_real_escape_string($con, $_POST['lattitude']); $longitude = mysqli_real_escape_string($con, $_POST['longitude']); $email = mysqli_real_escape_string($con, $_POST['email']); $br_manager = mysqli_real_escape_string($con, $_POST['br_manager']); $man_opration = mysqli_real_escape_string($con, $_POST['man_opration']); $br_code = mysqli_real_escape_string($con, $_POST['br_code']); $routing_no = mysqli_real_escape_string($con, $_POST['routing_no']); $phone_no = mysqli_real_escape_string($con, $_POST['phone_no']); $fax = mysqli_real_escape_string($con, $_POST['fax']); $mother_br = mysqli_real_escape_string($con, $_POST['mother_br']); $stmt = $conn->prepare("UPDATE location SET zone_name = ?, br_name = ?, type = ?, br_address = ?, inaguration = ?, lattitude = ?, longitude = ?, email = ?, br_manager = ?, man_opration = ?, br_code = ?, routing_no = ?, phone_no = ?, fax = ?, mother_br = ? WHERE id = ?"); $stmt->bind_param('sssssssssi', $zone_name, $br_name, $type, $br_address, $inaguration, $lattitude, $longitude, $email, $br_manager, $man_opration, $br_code, $routing_no, $phone_no, $fax, $mother_br); $stmt->execute(); $stmt->close(); if($stmt) { $_SESSION['message'] ="Location Updated Successfully"; header('Location: location-edit.php?id='.$id); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: location-edit.php?id='.$id); exit(0); } } //Location End if(isset($_POST['update_user'])) { $user_id = mysqli_real_escape_string($con, $_POST['user_id']); $fname = mysqli_real_escape_string($con, $_POST['fname']); $lname = mysqli_real_escape_string($con, $_POST['lname']); $email = mysqli_real_escape_string($con, $_POST['email']); //$password = $_POST['password']; $hash = password_hash($_POST['password'], PASSWORD_DEFAULT); $role_as = $_POST['role_as']; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("UPDATE users SET fname=?, lname=?, email=?, password=?, role_as=?, status=? WHERE id = ?"); $stmt->bind_param('ssssssi', $fname, $lname, $email, $hash, $role_as, $status, $user_id); $stmt->execute(); $stmt->close(); /* $query = "UPDATE users SET fname='$fname', lname='$lname', email='$email', password='$hash', role_as='$role_as', status='$status' WHERE id = '$user_id'"; $query_run = mysqli_query($con, $query); */ if($stmt) { $_SESSION['message'] = "Updated Successfully"; header('Location: view-register.php'); exit(0); } } if(isset($_POST['add_user'])) { $fname = mysqli_real_escape_string($con, $_POST['fname']); $lname = mysqli_real_escape_string($con, $_POST['lname']); $email = mysqli_real_escape_string($con, $_POST['email']); // $password = $_POST['password']; $hash = password_hash($_POST['password'], PASSWORD_DEFAULT); $role_as = $_POST['role_as']; if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("INSERT INTO users (fname, lname, email, password, role_as, status) VALUES (?, ?, ?, ?, ?, ?)"); $stmt->bind_param('ssssss', $fname, $lname, $email, $hash, $role_as, $status); $stmt->execute(); $stmt->close(); // $query="INSERT INTO users (fname, lname, email, password, role_as, status) VALUES ('$fname', '$lname', '$email', '$hash', '$role_as', '$status')"; // $query_run= mysqli_query($con, $query); if($stmt) { $_SESSION['message'] ="Admin Added Successfully"; header('Location: view-register.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: view-register.php'); exit(0); } } if(isset($_POST['user_delete'])) { $user_id = $_POST['user_delete']; $stmt = $conn->prepare("DELETE from users WHERE id = ?"); $stmt->bind_param("s", $user_id); $stmt->execute(); if($stmt) { $_SESSION['message'] ="User Delted Successfully"; header('Location: view-register.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: view-register.php'); exit(0); } } //add site info if(isset($_POST['add_siteinfo'])) { $fieldname = mysqli_real_escape_string($con, $_POST['fieldname']); $value = mysqli_real_escape_string($con, $_POST['value']); if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $stmt = $conn->prepare("INSERT INTO site_details (field_name, value, status) VALUES (?, ?, ?)"); $stmt->bind_param('sss', $fieldname, $value, $status); $stmt->execute(); $stmt->close(); ///$query="INSERT INTO site_details (field_name, value, status) VALUES ('$fieldname', '$value', '$status')"; // $query_run= mysqli_query($con, $query); if($stmt) { $_SESSION['message'] ="Info Field Added Successfully"; header('Location: site_view.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: site_view.php'); exit(0); } } //site info delete if(isset($_POST['siteinfo_delete'])) { $siteinfo_id = $_POST['siteinfo_delete']; $stmt = $conn->prepare("DELETE from site_details WHERE id = ?"); $stmt->bind_param("s", $siteinfo_id); $stmt->execute(); if($stmt) { $_SESSION['message'] ="Info Deleted Successfully"; header('Location: site_view.php'); exit(0); }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location: site_view.php'); exit(0); } } //update site info if(isset($_POST['update_info'])) { $info_id = $_POST['info_id']; $fieldname = mysqli_real_escape_string($con, $_POST['fieldname']); $value = mysqli_real_escape_string($con, $_POST['value']); if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } $old_filename = $_POST['old_image']; $image = $_FILES['image']['name']; //$update_filename = ""; if($fieldname == "Logo"){ if($image != NULL) { //rename this image $image_extension = pathinfo($image, PATHINFO_EXTENSION); $filename= time().'.'.$image_extension; $value = $filename; } else { $value = $old_filename; } } /*$query = "UPDATE site_details SET id='$info_id', field_name='$fieldname', value='$value', status='$status' WHERE id = '$info_id'"; $query_run = mysqli_query($con, $query);*/ $stmt = $conn->prepare("UPDATE site_details SET id=?, field_name=?, value=?, status=? WHERE id = ?"); $stmt->bind_param('ssssi', $info_id, $fieldname, $value, $status, $info_id); $stmt->execute(); $stmt->close(); /* if($image != NULL) { }else{ $query = "UPDATE site_details SET id='$info_id', field_name='$fieldname', value='$value', status='$status' WHERE id = '$info_id'"; } */ if($stmt) { if($image != NULL) { if(file_exists('../uploads/'.$old_filename)) { unlink('../uploads/'.$old_filename); $value1 = '../uploads/'.$old_filename; } move_uploaded_file($_FILES['image']['tmp_name'], '../uploads/'.$value); } $_SESSION['message'] = "Updated Successfully"; header('Location: site_view.php'); exit(0); }else{ $_SESSION['message'] = "Something Went Wrong"; header('Location: site_view.php'); exit(0); } } //Bulk Content Upload start /* if (isset($_POST['bulk_content_upload'])) { $author= $_SESSION['auth_user']['user_name']; $status = 0; $fileMimes = array( 'text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel', 'text/plain' ); // Validate selected file is a CSV file or not if (!empty($_FILES['file']['name']) && in_array($_FILES['file']['type'], $fileMimes)) { // Open uploaded CSV file with read-only mode $csvFile = fopen($_FILES['file']['tmp_name'], 'r'); // Skip the first line fgetcsv($csvFile); // Parse data from CSV file line by line while (($getData = fgetcsv($csvFile, 10000, ",")) !== FALSE) { // Get row data // $branch_code = $getData[0]; $title = $getData[1]; $slug = generateSlug($title); $content = mysqli_real_escape_string($con, $getData[2]); $image = $getData[3]; $category = $getData[4]; // $cat_query = mysqli_query($connection_db, "SELECT id FROM `categories` WHERE name = '$category'"); $category_id= 36; //$div_name = mysqli_real_escape_string($connection_db, $getData[4]); $date = $getData[5]; // $div_code = $getData[6]; $query_insert = "INSERT INTO posts (category_id, name, slug, description, image, meta_title, status, date, author) VALUES ('" . $category_id . "', '" . $title . "', '" . $slug . "', '" . $content . "', '" . $image . "', '" . $title . "','" . $status . "','" . $date . "', '" . $author . "')"; $res = mysqli_query($con, $query_insert); } // Close opened CSV file fclose($csvFile); $_SESSION['success'] = "Completed"; header("Location: bulk_content_Upload.php"); } else { echo "Please select valid file"; } } //Bulk Content Upload end ?> */ //merchant add if(isset($_POST['merchant_add'])) { $merchant_name = mysqli_real_escape_string($con, $_POST['merchant_name']); $merchant_category = mysqli_real_escape_string($con, $_POST['merchant_category']); $discount_text = mysqli_real_escape_string($con, $_POST['discount_text']); $date= $_POST['date']; $author = $_POST['author']; // slug generated by function $table = "merchant_card"; $name = $merchant_name; //fr different form $slug = generateSlug($name, $table); if(isset($_POST['status'])) { $status = $_POST['status'] ? '1' : '0'; } else { $status = '0'; // Default value } //image upload code purpose $temp = explode(".", $_FILES["image"]["name"]); $extension = end($temp); if(!( $_FILES['image']['type']=='image/jpeg' || $_FILES['image']['type']=='image/png' || $_FILES['image']['type']=='image/gif' || $_FILES['image']['type']=='image/bmp' )) // if file does not equal these types, kill it { $_SESSION['message'] = $_FILES['image']['type'] . " is not an acceptable format."; header('Location:merchant-add.php'); exit; } if ($_FILES["image"]["size"] > 500000) { $_SESSION['message'] ="File too big. Max 500 kb Accepted!"; header('Location:merchant-add.php'); exit; // echo "File too big. Max 500 kb Accepted!"; die(); } if ($_FILES["image"]["error"] > 0) { echo "Return Code: " . $_FILES["image"]["error"] . "<br>"; } else { //for image file $newname = $slug; $new_file_name = $newname.".".$extension; $path = "../uploads/merchant_card"; $path = $path . '/' . $new_file_name; // $path = "uploads/"; // $year_folder = $path . date("Y"); // $month_folder = $year_folder . '/' . date("m"); // !file_exists($year_folder) && mkdir($year_folder , 0777); // !file_exists($month_folder) && mkdir($month_folder, 0777); // $path = $month_folder . '/' . $new_file_name; // $frmdomain_path = ltrim($path, '../'); if (str_starts_with($path, '../')) { $frmdomain_path = mb_substr($path, 3); // Remove the first three characters '../' } else { $frmdomain_path = $path; } $stmt = $conn->prepare("INSERT INTO merchant_card (merchant_name, slug, merchant_category, discount_text, expiry_date, image, status, author) VALUES (?, ?,?, ?,?, ?,?, ?)"); $stmt->bind_param('ssssssss', $merchant_name, $slug, $merchant_category, $discount_text, $date, $frmdomain_path, $status, $author ); $stmt->execute(); $stmt->close(); if($stmt) { move_uploaded_file($_FILES["image"]["tmp_name"],$path); json_encode(array( "success" => true, "imagepath" => $path, "filetype" => $_FILES["image"]["type"], "new_file_name" => $newname, "fileName" => $_FILES["image"]["name"], "fileTmp" => $_FILES["image"]["tmp_name"], )); $_SESSION['message'] ="Merchant Added Successfully"; header('Location:merchant-view.php'); // ob_end_flush(); // Flush output buffer and send headers exit; }else{ $_SESSION['message'] ="Something Went Wrong"; header('Location:merchant-add.php'); exit; }//if stmt } //if file error end } //if isset end ?>