public function loadpage($obj, $c) { // load constructor $s2 = $obj->url("segment", 2); $file = $obj->url_last(); // select page types $type_obj = new page_type(); $page_type = $type_obj->get_page_type($c); $get_ip = new get_ip(); $ip = $get_ip->ip; if ($c['website.mode'] == "UnderDeveloper" && !in_array($ip, $c['allowes.ips'])) { // if under developer $controller = "controller/under.php"; if (file_exists($controller)) { $controller = new under($c); } else { $controller = new error_page(); } } else { if ($file == 'cron') { //insertemail // if under developer $controller = "controller/cron.php"; if (file_exists($controller)) { $controller = new cron($c); } else { $controller = new error_page(); } } else { if ($file == 'ajax') { //insertemail // if under developer $controller = "controller/ajax.php"; if (file_exists($controller)) { $controller = new ajax($c); } else { $controller = new error_page(); } } else { if ($file == 'sendemail') { // // if under developer $controller = "controller/sendemail.php"; if (file_exists($controller)) { $controller = new sendemail(); } else { $controller = new error_page(); } } else { if ($file == 'insertemail') { // // if under developer $controller = "controller/insertemail.php"; if (file_exists($controller)) { $controller = new insertemail($c); } else { $controller = new error_page(); } } else { if ($obj->url("segment", 1) == 'unsubscribe') { // if under developer $controller = "controller/unsubscribe.php"; if (file_exists($controller)) { $encr = $obj->url("segment", 2); $controller = new unsubscribe($c, $encr); } else { $controller = new error_page(); } } else { if ($file == $c['admin.slug']) { // administrator page $controller = "controller/admin.php"; if (file_exists($controller)) { $controller = new admin($obj, $c); } else { $controller = new error_page(); } } else { if ($file == "session_timeout") { $controller_sessiontime = 'controller/session_timeout.php'; if (file_exists($controller_sessiontime)) { $controller = new session_timeout(); } } else { if ($file == "ajaxloadoptions") { $controller_ajaxloadoptions = 'controller/ajaxloadoptions.php'; if (file_exists($controller_ajaxloadoptions)) { $controller = new ajaxloadoptions(); } } else { if ($s2 == "gallery") { $controller_gallery = 'controller/gallery.php'; if (file_exists($controller_gallery)) { $controller = new gallery(); } } else { if ($file == "invoices") { $controller_ajaxloadoptions = 'controller/invoices.php'; if (file_exists($controller_ajaxloadoptions)) { $controller = new invoices($obj, $c); } } else { if ($file == "ajaxmoveimage") { $controller_ajaxmoveimage = 'controller/ajaxmoveimage.php'; if (file_exists($controller_ajaxmoveimage)) { $controller = new ajaxmoveimage(); } } else { if ($file == "ajaxupload") { $controller_ajaxupload = 'controller/ajaxupload.php'; if (file_exists($controller_ajaxupload)) { $controller = new ajaxupload(); } } else { if ($file == "image") { $controller_image = 'controller/image.php'; if (file_exists($controller_image)) { $controller = new image(); } } else { $get_slug_from_url = new get_slug_from_url(); $slug = $get_slug_from_url->slug(); $slug_ = str_replace(array("/", "\\"), array("", ""), strip_tags(urlencode($slug))); $id = (int) Input::method("GET", "id"); $v = (int) Input::method("GET", "v"); $pn = (int) Input::method("GET", "pn"); $cache_file = "_cache/" . $type . $slug_ . $id . $v . $pn . LANG_ID . ".html"; //select page types $get_page_type = new get_page_type(); $page_type = $get_page_type->type_page($c); if (file_exists($cache_file) && $page_type != "eventpage") { @(include $cache_file); } else { ob_start(); if ($file != "admin") { // load pages // text pages $controller_text = "controller/text.php"; // home page $controller_home = "controller/homepage.php"; // photo gallery page $controller_photo_gallery = "controller/photogallery.php"; // video gallery page $contoller_video_gallery = "controller/videogallery.php"; // catalog page $controller_catalog = "controller/catalog.php"; // custom page $cust = str_replace("-", "", $file); $controller_custom = "controller/custom/" . $cust . ".php"; //event page $controller_event = "controller/events.php"; //eventsinside page $controller_eventsinside = "controller/eventsinside.php"; //news page $controller_news = "controller/news.php"; //news inside page $controller_news_inside = "controller/news_inside.php"; // event inside page $controller_events_inside = "controller/eventinside.php"; //publication page $controller_publication = "controller/publication.php"; // team page $controller_team = "controller/team.php"; // administrator pages $controller = "controller/" . $file . ".php"; // session timeout $controller_sessiontime = "controller/session_timeout.php"; //product page $controller_product = "controller/product.php"; // error page $controller_errorpage = "controller/error_page.php"; if (empty($page_type) || $page_type == "error_page") { if (file_exists($controller_home)) { $controller = new $c["welcome.page.class"]($c); } } else { //echo $page_type; switch ($page_type) { case 'homepage': if (file_exists($controller_home)) { $controller = new homepage($c); } break; case 'session_timeout': if (file_exists($controller_sessiontime)) { $controller = new session_timeout(); } break; case 'textpage': if (file_exists($controller_text)) { $controller = new text($c); } break; case 'photogallerypage': if (file_exists($controller_photo_gallery)) { $controller = new photogallery($c); } break; case 'videogallerypage': if (file_exists($contoller_video_gallery)) { $controller = new videogallery($c); } break; case 'catalogpage': if (file_exists($controller_catalog)) { $controller = new catalog($c); } break; case 'custompage': if (file_exists($controller_custom)) { $controller = new $cust($c); } break; case 'eventpage': if (file_exists($controller_event)) { $controller = new events($c); } break; case 'eventsinside': if (file_exists($controller_eventsinside)) { $controller = new eventsinside($c); } break; case 'newspage': if (file_exists($controller_news)) { $controller = new news($c); } break; case 'newsinside': if (file_exists($controller_news_inside)) { $controller = new news_inside($c); } break; case 'publicationpage': if (file_exists($controller_publication)) { $controller = new publication($c); } break; case 'teampage': if (file_exists($controller_team)) { $controller = new team($c); } break; case 'product': if (file_exists($controller_product)) { $controller = new product($c); } break; case 'error_page': if (file_exists($controller_errorpage)) { $controller = new error_page(); } break; default: if (file_exists($controller)) { $controller = new $file($obj, $c); } break; } } } else { $controller = new error_page(); } $content = ob_get_contents(); ob_clean(); $fh = @fopen($cache_file, 'w') or die("Error opening output file"); @fwrite($fh, $content); @fclose($fh); @(include $cache_file); } } } } } } } } } } } } } } } }
public function select($c) { $out = array(); if (isset($_GET['search']) && !empty($_GET['search'])) { $search = '%' . $_GET['search'] . '%'; $search_in = ' AND `studio404_media_item`.`title` LIKE :search '; } else { $search = 'a'; $search_in = ' AND `studio404_media_item`.`id`!=:search '; } //page type $get_page_type = new get_page_type(); $page_type = $get_page_type->type($_SESSION["C"], $_GET['id']); $sql = 'SELECT `studio404_media_item`.`idx` AS smi_idx, `studio404_media_item`.`date` AS smi_date, `studio404_media_item`.`title` AS smi_title, `studio404_media_item`.`tags` AS smi_tags, `studio404_media_item`.`slug` AS smi_slug, `studio404_media_item`.`position` AS smi_position, `studio404_media_item`.`visibility` AS smi_visibility FROM `studio404_media_attachment`, `studio404_media`, `studio404_media_item` WHERE `studio404_media_attachment`.`connect_idx`=:sma_connect_id AND `studio404_media_attachment`.`page_type`=:sma_page_type AND `studio404_media_attachment`.`lang`=:lang AND `studio404_media_attachment`.`status`!=:status AND `studio404_media_attachment`.`idx`=`studio404_media`.`idx` AND `studio404_media`.`lang`=:lang AND `studio404_media`.`status`!=:status AND `studio404_media`.`idx`=`studio404_media_item`.`media_idx` AND `studio404_media_item`.`lang`=:lang AND `studio404_media_item`.`status`!=:status ' . $search_in . ' ORDER BY `studio404_media_item`.`position` ASC '; $exe_array = array(":sma_connect_id" => $_GET['id'], ":sma_page_type" => $page_type, ":status" => 1, ":search" => $search, ":lang" => LANG_ID); $path = '?action=gallery&type=photogallerypage&id=' . $_GET['id'] . '&pn='; $itemsPerPage = 10; $pager = new pager(); $pager = $pager->action($c, $sql, $exe_array, $path, $itemsPerPage); $out['table'] = $this->table($c, $pager[0], $exe_array); $out['pager'] = $pager[1]; return $out; }
public function select($c) { $out = array(); if (isset($_GET['search']) && !empty($_GET['search'])) { $search = '%' . $_GET['search'] . '%'; $search_in = ' AND (`title` LIKE :search OR `code` LIKE :search)'; } else { $search = 'a'; $search_in = ' AND `id`!=:search '; } //page type $get_page_type = new get_page_type(); $page_type = $get_page_type->type($_SESSION["C"], $_GET['id']); $sql = 'SELECT `idx`,`title`, `code` FROM `studio404_vectormap` WHERE `lang`=:lang ' . $search_in . ' ORDER BY `title` ASC'; $exe_array = array(":search" => $search, ":lang" => LANG_ID); $path = '?action=vectormap&pn='; $itemsPerPage = 20; $pager = new pager(); $pager = $pager->action($c, $sql, $exe_array, $path, $itemsPerPage); $out['table'] = $this->table($c, $pager[0], $exe_array); $out['pager'] = $pager[1]; return $out; }
public function content_images($fetch, $c, $media_type = "photo") { if (isset($_GET["type"]) && $_GET["type"] == 'videogallerypage') { $ext = 'mp4,avi'; } else { $ext = 'jpeg,jpg,gif,png'; } $out = '<div class="button makeFileDragable2" style="background-color:green; float:left"> <a href="#" style="color:white"><i class="fa fa-arrows"></i><span id="dragText2">Start sorting</span> </a> </div>'; if ($_GET["type"] == 'videogallerypage') { $out .= '<div class="button addYtVideo" style="background-color:green; float:left; margin-left:10px;"> <a href="#" style="color:white"><i class="fa fa-plus"></i><span id="dragText2">Add youtube video</span> </a> </div>'; } $out .= '<div class="clearfix"></div>'; $out .= '<input type="file" name="bgfile3" id="bgfile3" style="position:absolute; visibility:hidden" />'; $out .= '<div class="dropArea2">'; $out .= '<div class="Droptitle2"> Drag and drop photo (' . $ext . ') <span id="progress2">0%</span> </div>'; $out .= '<div class="dragElements2">'; /////////////// start $conn = $this->conn($c); if (isset($_GET['newsidx'])) { $sp_idx = $_GET['newsidx']; } else { if (isset($_GET['cidx'])) { $sp_idx = $_GET['cidx']; } else { if (isset($_GET['midx'])) { $sp_idx = $_GET['midx']; } else { $sp_idx = $_GET['id']; } } } // get page type $get_page_type = new get_page_type(); $page_type = $get_page_type->type($_SESSION["C"], $_GET['id']); $sql = 'SELECT `studio404_gallery_file`.`id` AS sgf_id, `studio404_gallery_file`.`idx` AS sgf_idx, `studio404_gallery_file`.`title` AS sgf_title, `studio404_gallery_file`.`file` AS sgf_file, `studio404_gallery_file`.`filev` AS sgf_filev FROM `studio404_gallery_attachment`,`studio404_gallery`, `studio404_gallery_file` WHERE `studio404_gallery_attachment`.`connect_idx`=:sp_idx AND `studio404_gallery_attachment`.`lang`=:lang AND `studio404_gallery_attachment`.`pagetype`=:page_type AND `studio404_gallery_attachment`.`status`!=:status AND `studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND `studio404_gallery`.`lang`=:lang AND `studio404_gallery`.`status`!=:status AND `studio404_gallery`.`idx`=`studio404_gallery_file`.`gallery_idx` AND `studio404_gallery_file`.`lang`=:lang AND `studio404_gallery_file`.`media_type`=:media_type AND `studio404_gallery_file`.`status`!=:status ORDER BY `studio404_gallery_file`.`position` ASC '; $prepare = $conn->prepare($sql); $prepare->execute(array(":sp_idx" => $sp_idx, ":lang" => LANG_ID, ":media_type" => $media_type, ":page_type" => $page_type, ":status" => 1)); $prepare->setFetchMode(PDO::FETCH_CLASS, "get_files"); if ($media_type == "video") { $out .= '<input type="file" name="bgfile" id="bgfile" value="" style="position:absolute; visibility:hidden">'; } while ($r = $prepare->fetch()) { $out .= '<div class="filebox2" id="flexbox2-' . $r->sgf_idx . '">'; $out .= '<div class="action_panel2">'; if (true == strpos($r->sgf_file, '://')) { $url = $r->sgf_file; } else { $url = "/" . $r->sgf_file; } $out .= '<a href="' . $url . '" target="_blank"><i class="fa fa-eye"></i></a>'; $out .= '<a href="javascript:;" onclick="openPromt2(\'' . $r->sgf_idx . '\')"><i class="fa fa-pencil-square-o"></i></a>'; if ($media_type == "video") { $out .= '<a href="javascript:;" onclick="upload_filev(\'' . $r->sgf_idx . '\')"><i class="fa fa-camera"></i></a>'; } $out .= '<a href="javascript:;" onclick="askBeforeDelete(\'' . $media_type . '\',\'' . $r->sgf_idx . '\')"><i class="fa fa-times"></i></a>'; $out .= '</div>'; if ($media_type == "video") { if ($r->sgf_filev == "false") { $out .= '<div class="extention2"><img src="/images/video_icon.png" width="100%" /></div>'; } else { $out .= '<div class="extention2"><img src="/' . $r->sgf_filev . '" width="100%" /></div>'; } } else { $out .= '<div class="extention2"><img src="/' . $r->sgf_file . '" width="100%" /></div>'; } $out .= '<div class="filename2 n2-' . $r->sgf_idx . '" id="fid2-' . $r->sgf_id . '">' . $r->sgf_title . '</div>'; $out .= '</div>'; } /////////////// end $out .= '</div><div class="clearfix"></div>'; $out .= '</div>'; return $out; }
function __construct() { set_time_limit($_SESSION["C"]["time.limit"]); $conn = $this->conn($_SESSION["C"]); $allowfiletypes = array("doc", "docx", "xls", "xlsx", "zip", "rar", "pdf"); $allowfiletypes2 = array("jpg", "jpeg", "gif", "png", "mp4", "avi"); if ((isset($_POST) or isset($_GET)) && (count($_POST) > 0 or count($_GET) > 0)) { $files = glob(DIR . '_cache/*'); // get all file names foreach ($files as $file) { // iterate files if (is_file($file)) { @unlink($file); } // delete file } } if (!isset($_GET['extention']) && !isset($_GET['filename']) && !isset($_GET['removefile']) && !isset($_GET['idxes']) && !isset($_GET['idxes2']) && !isset($_GET['idxes3']) && !isset($_GET['idxes_photos']) && !isset($_POST['youtubeLink'])) { $str = file_get_contents("php://input"); $filename = md5(time()) . ".jpg"; $path = 'files_pre/' . $filename; file_put_contents($path, $str); echo $path; } else { if (isset($_GET['pageidx'], $_GET['extention'], $_GET['token']) && in_array($_GET['extention'], $allowfiletypes)) { $pageidx = isset($_GET['newsidx']) && $_GET['newsidx'] != "false" ? $_GET['newsidx'] : $_GET['pageidx']; // get page type $get_page_type = new get_page_type(); $page_type = $get_page_type->type($_SESSION["C"], $_GET['pageidx']); $str = file_get_contents("php://input"); $timegenerate = md5(time()); $filename = $timegenerate . "." . $_GET['extention']; $path = 'files_pre/' . $filename; $color_array = array("pdf" => "#e74c3c", "doc" => "#2ecc71", "docx" => "#27ae60", "xls" => "#1abc9c", "xlsx" => "#16a085", "zip" => "#4aa3df", "rar" => "#2980b9"); file_put_contents($path, $str); // check if exists attachment $sql = 'SELECT `studio404_gallery`.`idx` AS `sg_idx` FROM `studio404_gallery_attachment`,`studio404_gallery` WHERE `studio404_gallery_attachment`.`connect_idx`=:connect_idx AND `studio404_gallery_attachment`.`status`!=:status AND `studio404_gallery_attachment`.`pagetype`=:page_type AND `studio404_gallery_attachment`.`lang`=:lang AND `studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND `studio404_gallery`.`status`!=:status '; $prepare = $conn->prepare($sql); $prepare->execute(array(":connect_idx" => $pageidx, ":page_type" => $page_type, ":lang" => (int) $_GET['l'], ":status" => 1)); $fetch = $prepare->fetch(PDO::FETCH_ASSOC); if ($fetch['sg_idx']) { // select max idx gallery photo try { $sql2 = 'SELECT `id`, MAX(`idx`) as maxid FROM `studio404_gallery_file` WHERE `lang`=:lang AND `status`!=:status'; $prepare2 = $conn->prepare($sql2); $prepare2->execute(array("lang" => (int) $_GET['l'], ":status" => 1)); $fetch2 = $prepare2->fetch(PDO::FETCH_ASSOC); $maxid = $fetch2['maxid'] ? $fetch2['maxid'] + 1 : 1; $fileid = $fetch2['id']; } catch (Exeption $e) { $maxid = 1; } // select max position of gallery photo try { $sql3 = 'SELECT MAX(`position`) as maxpos FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `lang`=:lang AND `gallery_idx`=:gallery_idx AND `status`!=:status'; $prepare3 = $conn->prepare($sql3); $prepare3->execute(array(":media_type" => 'document', ":lang" => (int) $_GET['l'], ":gallery_idx" => $fetch['sg_idx'], ":status" => 1)); $fetch3 = $prepare3->fetch(PDO::FETCH_ASSOC); $maxpos = $fetch3['maxpos'] ? $fetch3['maxpos'] + 1 : 1; } catch (Exeption $e) { $maxpos = 1; } // move file to file folder $path_new = "files/document/" . $timegenerate . "." . $_GET["extention"]; if (@copy($path, $path_new)) { @unlink($path); } $filesize = @filesize($path_new); //insert gallery photo $sql4 = 'INSERT INTO `studio404_gallery_file` SET `idx`=:idx, `date`=:datex, `gallery_idx`=:gallery_idx, `file`=:file, `media_type`=:media_type, `title`=:title, `description`=:description, `filesize`=:filesize, `insert_admin`=:insert_admin, `position`=:position, `lang`=:lang, `status`=:status '; $prepare4 = $conn->prepare($sql4); $prepare4->execute(array(":idx" => $maxid, ":datex" => time(), ":gallery_idx" => $fetch['sg_idx'], ":file" => $path_new, ":media_type" => "document", ":title" => "Not defined", ":description" => "Not defined", ":filesize" => $filesize, ":insert_admin" => $_SESSION["user404_id"], ":position" => $maxpos, ":lang" => (int) $_GET['l'], ":status" => 0)); //get inserted file id with current language $sql5 = 'SELECT `id`,`position` FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status'; $prepare5 = $conn->prepare($sql5); $prepare5->execute(array(":media_type" => 'document', ":idx" => $maxid, ":lang" => (int) $_GET['l'], ":status" => 1)); $fetch5 = $prepare5->fetch(PDO::FETCH_ASSOC); $out = '<div class="filebox" style="background-color:' . $color_array[$_GET['extention']] . '" id="flexbox-' . $maxid . '">'; $out .= '<div class="action_panel">'; $out .= '<a href="/' . $path_new . '" target="_blank"><i class="fa fa-eye"></i></a>'; $out .= '<a href="javascript:;" onclick="openPromt(\'' . $maxid . '\')"><i class="fa fa-pencil-square-o"></i></a>'; $out .= '<a href="javascript:;" onclick="removeFile(\'' . $maxid . '\')"><i class="fa fa-times"></i></a>'; $out .= '</div>'; $out .= '<div class="extention">' . $_GET['extention'] . '</div>'; $out .= '<div class="filename n-' . $maxid . '" id="fid-' . $fetch5['id'] . '">Not defined</div>'; $out .= '</div>'; echo $out; } } else { if (isset($_GET['id'], $_GET['filename'])) { $sql = 'UPDATE `studio404_gallery_file` SET `title`=:title WHERE `id`=:id'; $prepare = $conn->prepare($sql); $prepare->execute(array(":title" => $_GET['filename'], ":id" => $_GET['id'])); } else { if (isset($_GET['idx'], $_GET['idxes2'])) { $sql = 'UPDATE `studio404_gallery_file` SET `status`=:status WHERE `idx`=:idx AND lang=:lang AND `media_type`=:media_type'; $prepare = $conn->prepare($sql); $prepare->execute(array(":status" => 1, ":media_type" => "document", ":idx" => $_GET['idx'], ":lang" => $_GET['l'])); $position = 1; $unserialize = unserialize($_GET['idxes2']); foreach ($unserialize as $idx) { $sql2 = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status'; $prepare2 = $conn->prepare($sql2); $prepare2->execute(array(":media_type" => "document", ":position" => $position, ":idx" => $idx, ":status" => 1, ":lang" => $_GET["l"])); $position++; } echo "Done"; } else { if (isset($_GET['idx'], $_GET['idxes3'])) { $media_type = isset($_GET["media_type"]) && $_GET["media_type"] == "video" ? "video" : "photo"; $sql = 'UPDATE `studio404_gallery_file` SET `status`=:status WHERE `idx`=:idx'; $prepare = $conn->prepare($sql); $prepare->execute(array(":status" => 1, ":idx" => $_GET['idx'])); $position = 1; if ($_GET["idxes3"] != "empty") { foreach ($_GET['idxes3'] as $idx) { $sql2 = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `status`!=:status'; $prepare2 = $conn->prepare($sql2); $prepare2->execute(array(":media_type" => $media_type, ":position" => $position, ":idx" => $idx, ":status" => 1)); $position++; } } } else { if (isset($_GET['idxes'])) { $position = 1; foreach ($_GET['idxes'] as $idx) { $sql = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `status`!=:status'; $prepare = $conn->prepare($sql); $prepare->execute(array(":media_type" => "document", ":position" => $position, ":idx" => $idx, ":status" => 1)); $position++; } } else { if (isset($_GET['idxes_photos'])) { $position = 1; $media_type = isset($_GET["type"]) && $_GET["type"] == "videogallerypage" ? "video" : "photo"; $unserialize = unserialize($_GET['idxes_photos']); foreach ($unserialize as $idx) { $sql = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `status`!=:status'; $prepare = $conn->prepare($sql); $prepare->execute(array(":media_type" => $media_type, ":position" => $position, ":idx" => $idx, ":status" => 1)); $position++; } } else { if (isset($_GET['pageidx'], $_GET['extention'], $_GET['token']) && in_array($_GET['extention'], $allowfiletypes2)) { $pageidx = isset($_GET['newsidx']) && $_GET['newsidx'] != "false" ? $_GET['newsidx'] : $_GET['pageidx']; $media_type = isset($_GET["media"]) && $_GET["media"] == "false" ? "video" : "photo"; // get page type $get_page_type = new get_page_type(); $page_type = $get_page_type->type($_SESSION["C"], $_GET['pageidx']); // photo upload $str = file_get_contents("php://input"); $timegenerate = md5(time()); $filename = $timegenerate . "." . $_GET['extention']; $path = 'files_pre/' . $filename; file_put_contents($path, $str); // check if exists attachment $sql = 'SELECT `studio404_gallery`.`idx` AS `sg_idx` FROM `studio404_gallery_attachment`,`studio404_gallery` WHERE `studio404_gallery_attachment`.`connect_idx`=:connect_idx AND `studio404_gallery_attachment`.`pagetype`=:pagetype AND `studio404_gallery_attachment`.`status`!=:status AND `studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND `studio404_gallery`.`status`!=:status '; $prepare = $conn->prepare($sql); $prepare->execute(array(":connect_idx" => $pageidx, ":pagetype" => $page_type, ":status" => 1)); $fetch = $prepare->fetch(PDO::FETCH_ASSOC); if ($fetch['sg_idx']) { // select max idx gallery photo $sql2 = 'SELECT `id`, MAX(`idx`) AS maxid FROM `studio404_gallery_file`'; $prepare2 = $conn->prepare($sql2); $prepare2->execute(); $fetch2 = $prepare2->fetch(PDO::FETCH_ASSOC); $maxid = $fetch2['maxid'] ? $fetch2['maxid'] + 1 : 1; $fileid = $fetch2['id']; // select max position of gallery photo try { $sql3 = 'SELECT MAX(`position`) as maxpos FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `lang`=:lang AND `gallery_idx`=:gallery_idx AND `status`!=:status'; $prepare3 = $conn->prepare($sql3); $prepare3->execute(array(":media_type" => $media_type, ":lang" => LANG_ID, ":gallery_idx" => $fetch['sg_idx'], ":status" => 1)); $fetch3 = $prepare3->fetch(PDO::FETCH_ASSOC); $maxpos = $fetch3['maxpos'] ? $fetch3['maxpos'] + 1 : 1; } catch (Exeption $e) { $maxpos = 1; } // move file to file folder $path_new = "files/" . $media_type . "/" . $timegenerate . "." . $_GET["extention"]; if (@copy($path, $path_new)) { @unlink($path); } $filesize = @filesize($path_new); //insert gallery photo $sql4 = 'INSERT INTO `studio404_gallery_file` SET `idx`=:idx, `date`=:datex, `gallery_idx`=:gallery_idx, `file`=:file, `media_type`=:media_type, `title`=:title, `description`=:description, `filesize`=:filesize, `insert_admin`=:insert_admin, `position`=:position, `lang`=:lang, `status`=:status '; $prepare4 = $conn->prepare($sql4); $prepare4->execute(array(":idx" => $maxid, ":datex" => time(), ":gallery_idx" => $fetch['sg_idx'], ":file" => $path_new, ":media_type" => $media_type, ":title" => "Not defined", ":description" => "Not defined", ":filesize" => $filesize, ":insert_admin" => $_SESSION["user404_id"], ":position" => $maxpos, ":lang" => (int) $_GET['l'], ":status" => 0)); //get inserted file id with current language $sql5 = 'SELECT `id`,`position` FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status'; $prepare5 = $conn->prepare($sql5); $prepare5->execute(array(":media_type" => $media_type, ":idx" => $maxid, ":lang" => LANG_ID, ":status" => 1)); $fetch5 = $prepare5->fetch(PDO::FETCH_ASSOC); $out = '<div class="filebox2" id="flexbox2-' . $maxid . '">'; $out .= '<div class="action_panel2">'; $out .= '<a href="/' . $path_new . '" class="fancybox"><i class="fa fa-eye"></i></a>'; $out .= '<a href="javascript:;" onclick="openPromt2(\'' . $maxid . '\')"><i class="fa fa-pencil-square-o"></i></a>'; $out .= '<a href="javascript:;" onclick="removeFile2(\'' . $maxid . '\')"><i class="fa fa-times"></i></a>'; $out .= '</div>'; if ($media_type == "video") { $out .= '<div class="extention2"><img src="/images/video_icon.png" width="100%" /></div>'; } else { $out .= '<div class="extention2"><img src="/' . $path_new . '" width="100%" /></div>'; } $out .= '<div class="filename2 n2-' . $maxid . '" id="fid2-' . $fetch5['id'] . '">Not defined</div>'; $out .= '</div>'; echo $out; } } else { if (isset($_POST['youtubeLink'])) { /////////////////////////////////////////////////////////////////////// $pageidx = isset($_POST['yt_mid']) ? $_POST['yt_mid'] : 0; $media_type = "video"; $page_type = "videogallerypage"; $sql = 'SELECT `studio404_gallery`.`idx` AS `sg_idx` FROM `studio404_gallery_attachment`,`studio404_gallery` WHERE `studio404_gallery_attachment`.`connect_idx`=:connect_idx AND `studio404_gallery_attachment`.`pagetype`=:pagetype AND `studio404_gallery_attachment`.`status`!=:status AND `studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND `studio404_gallery`.`status`!=:status '; $prepare = $conn->prepare($sql); $prepare->execute(array(":connect_idx" => $pageidx, ":pagetype" => $page_type, ":status" => 1)); $fetch = $prepare->fetch(PDO::FETCH_ASSOC); if ($fetch['sg_idx']) { // select max idx gallery photo try { $sql2 = 'SELECT `id`, MAX(`idx`) as maxid FROM `studio404_gallery_file` WHERE `lang`=:lang AND `status`!=:status'; $prepare2 = $conn->prepare($sql2); $prepare2->execute(array("lang" => LANG_ID, ":status" => 1)); $fetch2 = $prepare2->fetch(PDO::FETCH_ASSOC); $maxid = $fetch2['maxid'] ? $fetch2['maxid'] + 1 : 1; $fileid = $fetch2['id']; } catch (Exeption $e) { $maxid = 1; } // select max position of gallery photo try { $sql3 = 'SELECT MAX(`position`) as maxpos FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `lang`=:lang AND `gallery_idx`=:gallery_idx AND `status`!=:status'; $prepare3 = $conn->prepare($sql3); $prepare3->execute(array(":media_type" => $media_type, ":lang" => LANG_ID, ":gallery_idx" => $fetch['sg_idx'], ":status" => 1)); $fetch3 = $prepare3->fetch(PDO::FETCH_ASSOC); $maxpos = $fetch3['maxpos'] ? $fetch3['maxpos'] + 1 : 1; } catch (Exeption $e) { $maxpos = 1; } $sql4 = 'INSERT INTO `studio404_gallery_file` SET `idx`=:idx, `date`=:datex, `gallery_idx`=:gallery_idx, `file`=:file, `media_type`=:media_type, `title`=:title, `description`=:description, `filesize`=:filesize, `insert_admin`=:insert_admin, `position`=:position, `lang`=:lang, `status`=:status '; $prepare4 = $conn->prepare($sql4); $prepare4->execute(array(":idx" => $maxid, ":datex" => time(), ":gallery_idx" => $fetch['sg_idx'], ":file" => $_POST['youtubeLink'], ":media_type" => $media_type, ":title" => "Not defined", ":description" => "Not defined", ":filesize" => "0", ":insert_admin" => $_SESSION["user404_id"], ":position" => $maxpos, ":lang" => (int) $_GET['l'], ":status" => 0)); //get inserted file id with current language $sql5 = 'SELECT `id`,`position` FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status'; $prepare5 = $conn->prepare($sql5); $prepare5->execute(array(":media_type" => $media_type, ":idx" => $maxid, ":lang" => LANG_ID, ":status" => 1)); $fetch5 = $prepare5->fetch(PDO::FETCH_ASSOC); $out = '<div class="filebox2" id="flexbox2-' . $maxid . '">'; $out .= '<div class="action_panel2">'; $out .= '<a href="' . $_POST['youtubeLink'] . '" target="_blank"><i class="fa fa-eye"></i></a>'; $out .= '<a href="javascript:;" onclick="openPromt2(\'' . $maxid . '\')"><i class="fa fa-pencil-square-o"></i></a>'; $out .= '<a href="javascript:;" onclick="upload_filev(\'' . $maxid . '\')"><i class="fa fa-camera"></i></a>'; $out .= '<a href="javascript:;" onclick="removeFile2(\'' . $maxid . '\')"><i class="fa fa-times"></i></a>'; $out .= '</div>'; $out .= '<div class="extention2"><img src="/images/video_icon.png" width="100%" /></div>'; $out .= '<div class="filename2 n2-' . $maxid . '" id="fid2-' . $fetch5['id'] . '">Not defined</div>'; $out .= '</div>'; echo $out; } ///////////////////////////////////////////////////////////////// } else { if (isset($_GET['videoimage']) && is_numeric($_GET['videoimage'])) { $str = file_get_contents("php://input"); $filename = md5(time()) . "." . $_GET['extention']; $path = 'files/photo/' . $filename; file_put_contents($path, $str); $sql = 'UPDATE `studio404_gallery_file` SET `filev`=:filev WHERE `idx`=:idx AND `status`!=:status'; $prepare = $conn->prepare($sql); $prepare->execute(array(":filev" => $path, ":idx" => $_GET['videoimage'], ":status" => 1)); echo $path; } else { echo "error"; exit; } } } } } } } } } } }
public function loadpage($obj, $c) { // load constructor $s2 = $obj->url("segment", 2); $file = $obj->url_last(); // select page types $type_obj = new page_type(); $page_type = $type_obj->get_page_type($c); $get_ip = new get_ip(); $ip = $get_ip->ip; if ($c['website.mode'] == "UnderDeveloper" && !in_array($ip, $c['allowes.ips'])) { // if under developer $controller = "controller/under.php"; if (file_exists($controller)) { $controller = new under($c); } else { $controller = new error_page(); } } else { if ($file == 'cron') { //insertemail // if under developer $controller = "controller/cron.php"; if (file_exists($controller)) { $controller = new cron($c); } else { $controller = new error_page(); } } else { if ($file == 'ajax') { //insertemail // if under developer $controller = "controller/ajax.php"; if (file_exists($controller)) { $controller = new ajax($c); } else { $controller = new error_page(); } } else { if ($file == 'download') { //insertemail // if under developer $controller = "controller/download.php"; if (file_exists($controller)) { $controller = new download(); } else { $controller = new error_page(); } } else { if ($file == 'insertemail') { // // if under developer $controller = "controller/insertemail.php"; if (file_exists($controller)) { $controller = new insertemail($c); } else { $controller = new error_page(); } } else { if ($obj->url("segment", 1) == 'unsubscribe') { // if under developer $controller = "controller/unsubscribe.php"; if (file_exists($controller)) { $encr = $obj->url("segment", 2); $controller = new unsubscribe($c, $encr); } else { $controller = new error_page(); } } else { if ($file == $c['admin.slug']) { // administrator page $controller = "controller/admin.php"; if (file_exists($controller)) { $controller = new admin($obj, $c); } else { $controller = new error_page(); } } else { if ($file == "session_timeout") { $controller_sessiontime = 'controller/session_timeout.php'; if (file_exists($controller_sessiontime)) { $controller = new session_timeout(); } } else { if ($file == "ajaxloadoptions") { $controller_ajaxloadoptions = 'controller/ajaxloadoptions.php'; if (file_exists($controller_ajaxloadoptions)) { $controller = new ajaxloadoptions(); } } else { if ($s2 == "gallery") { $controller_gallery = 'controller/gallery.php'; if (file_exists($controller_gallery)) { $controller = new gallery(); } } else { if ($file == "invoices") { $controller_ajaxloadoptions = 'controller/invoices.php'; if (file_exists($controller_ajaxloadoptions)) { $controller = new invoices($obj, $c); } } else { if ($file == "ajaxmoveimage") { $controller_ajaxmoveimage = 'controller/ajaxmoveimage.php'; if (file_exists($controller_ajaxmoveimage)) { $controller = new ajaxmoveimage(); } } else { if ($file == "ajaxupload") { $controller_ajaxupload = 'controller/ajaxupload.php'; if (file_exists($controller_ajaxupload)) { $controller = new ajaxupload(); } } else { if ($file == "image") { $controller_image = 'controller/image.php'; if (file_exists($controller_image)) { $controller = new image(); } } else { if ($file != "admin") { // load pages //select page types $get_page_type = new get_page_type(); $page_type = $get_page_type->type_page($c); // text pages $controller_text = "controller/text.php"; // home page $controller_home = "controller/homepage.php"; // photo gallery page $controller_photo_gallery = "controller/photogallery.php"; // video gallery page $contoller_video_gallery = "controller/videogallery.php"; // catalog page $controller_catalog = "controller/catalog.php"; // custom page $cust = str_replace("-", "", $file); $controller_custom = "controller/custom/" . $cust . ".php"; //event page $controller_event = "controller/events.php"; //eventsinside page $controller_eventsinside = "controller/eventsinside.php"; //news page $controller_news = "controller/news.php"; //news inside page $controller_news_inside = "controller/news_inside.php"; // event inside page $controller_events_inside = "controller/eventinside.php"; //publication page $controller_publication = "controller/publication.php"; // team page $controller_team = "controller/team.php"; // administrator pages $controller = "controller/" . $file . ".php"; // session timeout $controller_sessiontime = "controller/session_timeout.php"; //product page $controller_product = "controller/product.php"; // error page $controller_errorpage = "controller/error_page.php"; if (empty($page_type) || $page_type == "error_page") { if (file_exists($controller_home)) { $controller = new $c["welcome.page.class"]($c); } } else { switch ($page_type) { case 'homepage': if (file_exists($controller_home)) { $controller = new homepage($c); } break; case 'session_timeout': if (file_exists($controller_sessiontime)) { $controller = new session_timeout(); } break; case 'textpage': if (file_exists($controller_text)) { $controller = new text($c); } break; case 'photogallerypage': if (file_exists($controller_photo_gallery)) { $controller = new photogallery($c); } break; case 'videogallerypage': if (file_exists($contoller_video_gallery)) { $controller = new videogallery($c); } break; case 'catalogpage': if (file_exists($controller_catalog)) { $controller = new catalog($c); } break; case 'custompage': if (file_exists($controller_custom)) { $controller = new $cust($c); } break; case 'eventpage': if (file_exists($controller_event)) { $controller = new events($c); } break; case 'eventsinside': if (file_exists($controller_eventsinside)) { $controller = new eventsinside($c); } break; case 'newspage': if (file_exists($controller_news)) { $controller = new news($c); } break; case 'newsinside': if (file_exists($controller_news_inside)) { $controller = new news_inside($c); } break; case 'publicationpage': if (file_exists($controller_publication)) { $controller = new publication($c); } break; case 'teampage': if (file_exists($controller_team)) { $controller = new team($c); } break; case 'product': if (file_exists($controller_product)) { $controller = new product($c); } break; case 'error_page': if (file_exists($controller_errorpage)) { $controller = new error_page(); } break; default: if (file_exists($controller)) { $controller = new $file($obj, $c); } break; } } } else { $controller = new error_page(); } } } } } } } } } } } } } } } }
public function insertmedia($c, $connect_idx, $lang) { $conn = $this->conn($c); // get page type $get_page_type = new get_page_type(); $page_type = $get_page_type->type($_SESSION["C"], $_GET['newsidx']); //select gallery max idx $sqlg = 'SELECT MAX(`idx`) AS maxid FROM `studio404_gallery` WHERE `lang`=:lang'; $prepareg = $conn->prepare($sqlg); $prepareg->execute(array(":lang" => $lang)); $fetchg = $prepareg->fetch(PDO::FETCH_ASSOC); $maxid = $fetchg['maxid'] ? $fetchg['maxid'] + 1 : 1; // insert gallery $sql_media = 'INSERT INTO `studio404_gallery` SET `idx`=:idx, `date`=:datex, `title`=:title, `lang`=:lang, `status`=:status '; $prepare_media = $conn->prepare($sql_media); $prepare_media->execute(array(":idx" => $maxid, ":datex" => time(), ":title" => $_POST['title'], ":lang" => $lang, ":status" => 0)); // insert gallery attachment $sql_media2 = 'INSERT INTO `studio404_gallery_attachment` SET `idx`=:idx, `connect_idx`=:connect_idx, `pagetype`=:pagetype, `lang`=:lang, `status`=:status '; $prepare_media2 = $conn->prepare($sql_media2); $prepare_media2->execute(array(":idx" => $maxid, ":connect_idx" => $connect_idx, ":pagetype" => $page_type, ":lang" => $lang, ":status" => 0)); }