public function loadpage($obj, $c)
{
// load constructor
$s2 = $obj->url("segment", 2);
$file = $obj->url_last();
// select page types
$type_obj = new page_type();
$page_type = $type_obj->get_page_type($c);
$get_ip = new get_ip();
$ip = $get_ip->ip;
if ($c['website.mode'] == "UnderDeveloper" && !in_array($ip, $c['allowes.ips'])) {
// if under developer
$controller = "controller/under.php";
if (file_exists($controller)) {
$controller = new under($c);
} else {
$controller = new error_page();
}
} else {
if ($file == 'cron') {
//insertemail
// if under developer
$controller = "controller/cron.php";
if (file_exists($controller)) {
$controller = new cron($c);
} else {
$controller = new error_page();
}
} else {
if ($file == 'ajax') {
//insertemail
// if under developer
$controller = "controller/ajax.php";
if (file_exists($controller)) {
$controller = new ajax($c);
} else {
$controller = new error_page();
}
} else {
if ($file == 'sendemail') {
//
// if under developer
$controller = "controller/sendemail.php";
if (file_exists($controller)) {
$controller = new sendemail();
} else {
$controller = new error_page();
}
} else {
if ($file == 'insertemail') {
//
// if under developer
$controller = "controller/insertemail.php";
if (file_exists($controller)) {
$controller = new insertemail($c);
} else {
$controller = new error_page();
}
} else {
if ($obj->url("segment", 1) == 'unsubscribe') {
// if under developer
$controller = "controller/unsubscribe.php";
if (file_exists($controller)) {
$encr = $obj->url("segment", 2);
$controller = new unsubscribe($c, $encr);
} else {
$controller = new error_page();
}
} else {
if ($file == $c['admin.slug']) {
// administrator page
$controller = "controller/admin.php";
if (file_exists($controller)) {
$controller = new admin($obj, $c);
} else {
$controller = new error_page();
}
} else {
if ($file == "session_timeout") {
$controller_sessiontime = 'controller/session_timeout.php';
if (file_exists($controller_sessiontime)) {
$controller = new session_timeout();
}
} else {
if ($file == "ajaxloadoptions") {
$controller_ajaxloadoptions = 'controller/ajaxloadoptions.php';
if (file_exists($controller_ajaxloadoptions)) {
$controller = new ajaxloadoptions();
}
} else {
if ($s2 == "gallery") {
$controller_gallery = 'controller/gallery.php';
if (file_exists($controller_gallery)) {
$controller = new gallery();
}
} else {
if ($file == "invoices") {
$controller_ajaxloadoptions = 'controller/invoices.php';
if (file_exists($controller_ajaxloadoptions)) {
$controller = new invoices($obj, $c);
}
} else {
if ($file == "ajaxmoveimage") {
$controller_ajaxmoveimage = 'controller/ajaxmoveimage.php';
if (file_exists($controller_ajaxmoveimage)) {
$controller = new ajaxmoveimage();
}
} else {
if ($file == "ajaxupload") {
$controller_ajaxupload = 'controller/ajaxupload.php';
if (file_exists($controller_ajaxupload)) {
$controller = new ajaxupload();
}
} else {
if ($file == "image") {
$controller_image = 'controller/image.php';
if (file_exists($controller_image)) {
$controller = new image();
}
} else {
$get_slug_from_url = new get_slug_from_url();
$slug = $get_slug_from_url->slug();
$slug_ = str_replace(array("/", "\\"), array("", ""), strip_tags(urlencode($slug)));
$id = (int) Input::method("GET", "id");
$v = (int) Input::method("GET", "v");
$pn = (int) Input::method("GET", "pn");
$cache_file = "_cache/" . $type . $slug_ . $id . $v . $pn . LANG_ID . ".html";
//select page types
$get_page_type = new get_page_type();
$page_type = $get_page_type->type_page($c);
if (file_exists($cache_file) && $page_type != "eventpage") {
@(include $cache_file);
} else {
ob_start();
if ($file != "admin") {
// load pages
// text pages
$controller_text = "controller/text.php";
// home page
$controller_home = "controller/homepage.php";
// photo gallery page
$controller_photo_gallery = "controller/photogallery.php";
// video gallery page
$contoller_video_gallery = "controller/videogallery.php";
// catalog page
$controller_catalog = "controller/catalog.php";
// custom page
$cust = str_replace("-", "", $file);
$controller_custom = "controller/custom/" . $cust . ".php";
//event page
$controller_event = "controller/events.php";
//eventsinside page
$controller_eventsinside = "controller/eventsinside.php";
//news page
$controller_news = "controller/news.php";
//news inside page
$controller_news_inside = "controller/news_inside.php";
// event inside page
$controller_events_inside = "controller/eventinside.php";
//publication page
$controller_publication = "controller/publication.php";
// team page
$controller_team = "controller/team.php";
// administrator pages
$controller = "controller/" . $file . ".php";
// session timeout
$controller_sessiontime = "controller/session_timeout.php";
//product page
$controller_product = "controller/product.php";
// error page
$controller_errorpage = "controller/error_page.php";
if (empty($page_type) || $page_type == "error_page") {
if (file_exists($controller_home)) {
$controller = new $c["welcome.page.class"]($c);
}
} else {
//echo $page_type;
switch ($page_type) {
case 'homepage':
if (file_exists($controller_home)) {
$controller = new homepage($c);
}
break;
case 'session_timeout':
if (file_exists($controller_sessiontime)) {
$controller = new session_timeout();
}
break;
case 'textpage':
if (file_exists($controller_text)) {
$controller = new text($c);
}
break;
case 'photogallerypage':
if (file_exists($controller_photo_gallery)) {
$controller = new photogallery($c);
}
break;
case 'videogallerypage':
if (file_exists($contoller_video_gallery)) {
$controller = new videogallery($c);
}
break;
case 'catalogpage':
if (file_exists($controller_catalog)) {
$controller = new catalog($c);
}
break;
case 'custompage':
if (file_exists($controller_custom)) {
$controller = new $cust($c);
}
break;
case 'eventpage':
if (file_exists($controller_event)) {
$controller = new events($c);
}
break;
case 'eventsinside':
if (file_exists($controller_eventsinside)) {
$controller = new eventsinside($c);
}
break;
case 'newspage':
if (file_exists($controller_news)) {
$controller = new news($c);
}
break;
case 'newsinside':
if (file_exists($controller_news_inside)) {
$controller = new news_inside($c);
}
break;
case 'publicationpage':
if (file_exists($controller_publication)) {
$controller = new publication($c);
}
break;
case 'teampage':
if (file_exists($controller_team)) {
$controller = new team($c);
}
break;
case 'product':
if (file_exists($controller_product)) {
$controller = new product($c);
}
break;
case 'error_page':
if (file_exists($controller_errorpage)) {
$controller = new error_page();
}
break;
default:
if (file_exists($controller)) {
$controller = new $file($obj, $c);
}
break;
}
}
} else {
$controller = new error_page();
}
$content = ob_get_contents();
ob_clean();
$fh = @fopen($cache_file, 'w') or die("Error opening output file");
@fwrite($fh, $content);
@fclose($fh);
@(include $cache_file);
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
public function select($c)
{
$out = array();
if (isset($_GET['search']) && !empty($_GET['search'])) {
$search = '%' . $_GET['search'] . '%';
$search_in = ' AND `studio404_media_item`.`title` LIKE :search ';
} else {
$search = 'a';
$search_in = ' AND `studio404_media_item`.`id`!=:search ';
}
//page type
$get_page_type = new get_page_type();
$page_type = $get_page_type->type($_SESSION["C"], $_GET['id']);
$sql = 'SELECT
`studio404_media_item`.`idx` AS smi_idx,
`studio404_media_item`.`date` AS smi_date,
`studio404_media_item`.`title` AS smi_title,
`studio404_media_item`.`tags` AS smi_tags,
`studio404_media_item`.`slug` AS smi_slug,
`studio404_media_item`.`position` AS smi_position,
`studio404_media_item`.`visibility` AS smi_visibility
FROM
`studio404_media_attachment`, `studio404_media`, `studio404_media_item`
WHERE
`studio404_media_attachment`.`connect_idx`=:sma_connect_id AND
`studio404_media_attachment`.`page_type`=:sma_page_type AND
`studio404_media_attachment`.`lang`=:lang AND
`studio404_media_attachment`.`status`!=:status AND
`studio404_media_attachment`.`idx`=`studio404_media`.`idx` AND
`studio404_media`.`lang`=:lang AND
`studio404_media`.`status`!=:status AND
`studio404_media`.`idx`=`studio404_media_item`.`media_idx` AND
`studio404_media_item`.`lang`=:lang AND
`studio404_media_item`.`status`!=:status ' . $search_in . '
ORDER BY
`studio404_media_item`.`position` ASC
';
$exe_array = array(":sma_connect_id" => $_GET['id'], ":sma_page_type" => $page_type, ":status" => 1, ":search" => $search, ":lang" => LANG_ID);
$path = '?action=gallery&type=photogallerypage&id=' . $_GET['id'] . '&pn=';
$itemsPerPage = 10;
$pager = new pager();
$pager = $pager->action($c, $sql, $exe_array, $path, $itemsPerPage);
$out['table'] = $this->table($c, $pager[0], $exe_array);
$out['pager'] = $pager[1];
return $out;
}
public function select($c)
{
$out = array();
if (isset($_GET['search']) && !empty($_GET['search'])) {
$search = '%' . $_GET['search'] . '%';
$search_in = ' AND (`title` LIKE :search OR `code` LIKE :search)';
} else {
$search = 'a';
$search_in = ' AND `id`!=:search ';
}
//page type
$get_page_type = new get_page_type();
$page_type = $get_page_type->type($_SESSION["C"], $_GET['id']);
$sql = 'SELECT `idx`,`title`, `code` FROM `studio404_vectormap` WHERE `lang`=:lang ' . $search_in . ' ORDER BY `title` ASC';
$exe_array = array(":search" => $search, ":lang" => LANG_ID);
$path = '?action=vectormap&pn=';
$itemsPerPage = 20;
$pager = new pager();
$pager = $pager->action($c, $sql, $exe_array, $path, $itemsPerPage);
$out['table'] = $this->table($c, $pager[0], $exe_array);
$out['pager'] = $pager[1];
return $out;
}
public function content_images($fetch, $c, $media_type = "photo")
{
if (isset($_GET["type"]) && $_GET["type"] == 'videogallerypage') {
$ext = 'mp4,avi';
} else {
$ext = 'jpeg,jpg,gif,png';
}
$out = '<div class="button makeFileDragable2" style="background-color:green; float:left">
<a href="#" style="color:white"><i class="fa fa-arrows"></i><span id="dragText2">Start sorting</span> </a>
</div>';
if ($_GET["type"] == 'videogallerypage') {
$out .= '<div class="button addYtVideo" style="background-color:green; float:left; margin-left:10px;">
<a href="#" style="color:white"><i class="fa fa-plus"></i><span id="dragText2">Add youtube video</span> </a>
</div>';
}
$out .= '<div class="clearfix"></div>';
$out .= '<input type="file" name="bgfile3" id="bgfile3" style="position:absolute; visibility:hidden" />';
$out .= '<div class="dropArea2">';
$out .= '<div class="Droptitle2">
Drag and drop photo (' . $ext . ')
<span id="progress2">0%</span>
</div>';
$out .= '<div class="dragElements2">';
/////////////// start
$conn = $this->conn($c);
if (isset($_GET['newsidx'])) {
$sp_idx = $_GET['newsidx'];
} else {
if (isset($_GET['cidx'])) {
$sp_idx = $_GET['cidx'];
} else {
if (isset($_GET['midx'])) {
$sp_idx = $_GET['midx'];
} else {
$sp_idx = $_GET['id'];
}
}
}
// get page type
$get_page_type = new get_page_type();
$page_type = $get_page_type->type($_SESSION["C"], $_GET['id']);
$sql = 'SELECT
`studio404_gallery_file`.`id` AS sgf_id,
`studio404_gallery_file`.`idx` AS sgf_idx,
`studio404_gallery_file`.`title` AS sgf_title,
`studio404_gallery_file`.`file` AS sgf_file,
`studio404_gallery_file`.`filev` AS sgf_filev
FROM
`studio404_gallery_attachment`,`studio404_gallery`, `studio404_gallery_file`
WHERE
`studio404_gallery_attachment`.`connect_idx`=:sp_idx AND
`studio404_gallery_attachment`.`lang`=:lang AND
`studio404_gallery_attachment`.`pagetype`=:page_type AND
`studio404_gallery_attachment`.`status`!=:status AND
`studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND
`studio404_gallery`.`lang`=:lang AND
`studio404_gallery`.`status`!=:status AND
`studio404_gallery`.`idx`=`studio404_gallery_file`.`gallery_idx` AND
`studio404_gallery_file`.`lang`=:lang AND
`studio404_gallery_file`.`media_type`=:media_type AND
`studio404_gallery_file`.`status`!=:status
ORDER BY `studio404_gallery_file`.`position` ASC
';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":sp_idx" => $sp_idx, ":lang" => LANG_ID, ":media_type" => $media_type, ":page_type" => $page_type, ":status" => 1));
$prepare->setFetchMode(PDO::FETCH_CLASS, "get_files");
if ($media_type == "video") {
$out .= '<input type="file" name="bgfile" id="bgfile" value="" style="position:absolute; visibility:hidden">';
}
while ($r = $prepare->fetch()) {
$out .= '<div class="filebox2" id="flexbox2-' . $r->sgf_idx . '">';
$out .= '<div class="action_panel2">';
if (true == strpos($r->sgf_file, '://')) {
$url = $r->sgf_file;
} else {
$url = "/" . $r->sgf_file;
}
$out .= '<a href="' . $url . '" target="_blank"><i class="fa fa-eye"></i></a>';
$out .= '<a href="javascript:;" onclick="openPromt2(\'' . $r->sgf_idx . '\')"><i class="fa fa-pencil-square-o"></i></a>';
if ($media_type == "video") {
$out .= '<a href="javascript:;" onclick="upload_filev(\'' . $r->sgf_idx . '\')"><i class="fa fa-camera"></i></a>';
}
$out .= '<a href="javascript:;" onclick="askBeforeDelete(\'' . $media_type . '\',\'' . $r->sgf_idx . '\')"><i class="fa fa-times"></i></a>';
$out .= '</div>';
if ($media_type == "video") {
if ($r->sgf_filev == "false") {
$out .= '<div class="extention2"><img src="/images/video_icon.png" width="100%" /></div>';
} else {
$out .= '<div class="extention2"><img src="/' . $r->sgf_filev . '" width="100%" /></div>';
}
} else {
$out .= '<div class="extention2"><img src="/' . $r->sgf_file . '" width="100%" /></div>';
}
$out .= '<div class="filename2 n2-' . $r->sgf_idx . '" id="fid2-' . $r->sgf_id . '">' . $r->sgf_title . '</div>';
$out .= '</div>';
}
/////////////// end
$out .= '</div><div class="clearfix"></div>';
$out .= '</div>';
return $out;
}
function __construct()
{
set_time_limit($_SESSION["C"]["time.limit"]);
$conn = $this->conn($_SESSION["C"]);
$allowfiletypes = array("doc", "docx", "xls", "xlsx", "zip", "rar", "pdf");
$allowfiletypes2 = array("jpg", "jpeg", "gif", "png", "mp4", "avi");
if ((isset($_POST) or isset($_GET)) && (count($_POST) > 0 or count($_GET) > 0)) {
$files = glob(DIR . '_cache/*');
// get all file names
foreach ($files as $file) {
// iterate files
if (is_file($file)) {
@unlink($file);
}
// delete file
}
}
if (!isset($_GET['extention']) && !isset($_GET['filename']) && !isset($_GET['removefile']) && !isset($_GET['idxes']) && !isset($_GET['idxes2']) && !isset($_GET['idxes3']) && !isset($_GET['idxes_photos']) && !isset($_POST['youtubeLink'])) {
$str = file_get_contents("php://input");
$filename = md5(time()) . ".jpg";
$path = 'files_pre/' . $filename;
file_put_contents($path, $str);
echo $path;
} else {
if (isset($_GET['pageidx'], $_GET['extention'], $_GET['token']) && in_array($_GET['extention'], $allowfiletypes)) {
$pageidx = isset($_GET['newsidx']) && $_GET['newsidx'] != "false" ? $_GET['newsidx'] : $_GET['pageidx'];
// get page type
$get_page_type = new get_page_type();
$page_type = $get_page_type->type($_SESSION["C"], $_GET['pageidx']);
$str = file_get_contents("php://input");
$timegenerate = md5(time());
$filename = $timegenerate . "." . $_GET['extention'];
$path = 'files_pre/' . $filename;
$color_array = array("pdf" => "#e74c3c", "doc" => "#2ecc71", "docx" => "#27ae60", "xls" => "#1abc9c", "xlsx" => "#16a085", "zip" => "#4aa3df", "rar" => "#2980b9");
file_put_contents($path, $str);
// check if exists attachment
$sql = 'SELECT
`studio404_gallery`.`idx` AS `sg_idx`
FROM
`studio404_gallery_attachment`,`studio404_gallery`
WHERE
`studio404_gallery_attachment`.`connect_idx`=:connect_idx AND
`studio404_gallery_attachment`.`status`!=:status AND
`studio404_gallery_attachment`.`pagetype`=:page_type AND
`studio404_gallery_attachment`.`lang`=:lang AND
`studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND
`studio404_gallery`.`status`!=:status
';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":connect_idx" => $pageidx, ":page_type" => $page_type, ":lang" => (int) $_GET['l'], ":status" => 1));
$fetch = $prepare->fetch(PDO::FETCH_ASSOC);
if ($fetch['sg_idx']) {
// select max idx gallery photo
try {
$sql2 = 'SELECT `id`, MAX(`idx`) as maxid FROM `studio404_gallery_file` WHERE `lang`=:lang AND `status`!=:status';
$prepare2 = $conn->prepare($sql2);
$prepare2->execute(array("lang" => (int) $_GET['l'], ":status" => 1));
$fetch2 = $prepare2->fetch(PDO::FETCH_ASSOC);
$maxid = $fetch2['maxid'] ? $fetch2['maxid'] + 1 : 1;
$fileid = $fetch2['id'];
} catch (Exeption $e) {
$maxid = 1;
}
// select max position of gallery photo
try {
$sql3 = 'SELECT MAX(`position`) as maxpos FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `lang`=:lang AND `gallery_idx`=:gallery_idx AND `status`!=:status';
$prepare3 = $conn->prepare($sql3);
$prepare3->execute(array(":media_type" => 'document', ":lang" => (int) $_GET['l'], ":gallery_idx" => $fetch['sg_idx'], ":status" => 1));
$fetch3 = $prepare3->fetch(PDO::FETCH_ASSOC);
$maxpos = $fetch3['maxpos'] ? $fetch3['maxpos'] + 1 : 1;
} catch (Exeption $e) {
$maxpos = 1;
}
// move file to file folder
$path_new = "files/document/" . $timegenerate . "." . $_GET["extention"];
if (@copy($path, $path_new)) {
@unlink($path);
}
$filesize = @filesize($path_new);
//insert gallery photo
$sql4 = 'INSERT INTO `studio404_gallery_file` SET
`idx`=:idx,
`date`=:datex,
`gallery_idx`=:gallery_idx,
`file`=:file,
`media_type`=:media_type,
`title`=:title,
`description`=:description,
`filesize`=:filesize,
`insert_admin`=:insert_admin,
`position`=:position,
`lang`=:lang,
`status`=:status
';
$prepare4 = $conn->prepare($sql4);
$prepare4->execute(array(":idx" => $maxid, ":datex" => time(), ":gallery_idx" => $fetch['sg_idx'], ":file" => $path_new, ":media_type" => "document", ":title" => "Not defined", ":description" => "Not defined", ":filesize" => $filesize, ":insert_admin" => $_SESSION["user404_id"], ":position" => $maxpos, ":lang" => (int) $_GET['l'], ":status" => 0));
//get inserted file id with current language
$sql5 = 'SELECT `id`,`position` FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status';
$prepare5 = $conn->prepare($sql5);
$prepare5->execute(array(":media_type" => 'document', ":idx" => $maxid, ":lang" => (int) $_GET['l'], ":status" => 1));
$fetch5 = $prepare5->fetch(PDO::FETCH_ASSOC);
$out = '<div class="filebox" style="background-color:' . $color_array[$_GET['extention']] . '" id="flexbox-' . $maxid . '">';
$out .= '<div class="action_panel">';
$out .= '<a href="/' . $path_new . '" target="_blank"><i class="fa fa-eye"></i></a>';
$out .= '<a href="javascript:;" onclick="openPromt(\'' . $maxid . '\')"><i class="fa fa-pencil-square-o"></i></a>';
$out .= '<a href="javascript:;" onclick="removeFile(\'' . $maxid . '\')"><i class="fa fa-times"></i></a>';
$out .= '</div>';
$out .= '<div class="extention">' . $_GET['extention'] . '</div>';
$out .= '<div class="filename n-' . $maxid . '" id="fid-' . $fetch5['id'] . '">Not defined</div>';
$out .= '</div>';
echo $out;
}
} else {
if (isset($_GET['id'], $_GET['filename'])) {
$sql = 'UPDATE `studio404_gallery_file` SET `title`=:title WHERE `id`=:id';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":title" => $_GET['filename'], ":id" => $_GET['id']));
} else {
if (isset($_GET['idx'], $_GET['idxes2'])) {
$sql = 'UPDATE `studio404_gallery_file` SET `status`=:status WHERE `idx`=:idx AND lang=:lang AND `media_type`=:media_type';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":status" => 1, ":media_type" => "document", ":idx" => $_GET['idx'], ":lang" => $_GET['l']));
$position = 1;
$unserialize = unserialize($_GET['idxes2']);
foreach ($unserialize as $idx) {
$sql2 = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status';
$prepare2 = $conn->prepare($sql2);
$prepare2->execute(array(":media_type" => "document", ":position" => $position, ":idx" => $idx, ":status" => 1, ":lang" => $_GET["l"]));
$position++;
}
echo "Done";
} else {
if (isset($_GET['idx'], $_GET['idxes3'])) {
$media_type = isset($_GET["media_type"]) && $_GET["media_type"] == "video" ? "video" : "photo";
$sql = 'UPDATE `studio404_gallery_file` SET `status`=:status WHERE `idx`=:idx';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":status" => 1, ":idx" => $_GET['idx']));
$position = 1;
if ($_GET["idxes3"] != "empty") {
foreach ($_GET['idxes3'] as $idx) {
$sql2 = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `status`!=:status';
$prepare2 = $conn->prepare($sql2);
$prepare2->execute(array(":media_type" => $media_type, ":position" => $position, ":idx" => $idx, ":status" => 1));
$position++;
}
}
} else {
if (isset($_GET['idxes'])) {
$position = 1;
foreach ($_GET['idxes'] as $idx) {
$sql = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `status`!=:status';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":media_type" => "document", ":position" => $position, ":idx" => $idx, ":status" => 1));
$position++;
}
} else {
if (isset($_GET['idxes_photos'])) {
$position = 1;
$media_type = isset($_GET["type"]) && $_GET["type"] == "videogallerypage" ? "video" : "photo";
$unserialize = unserialize($_GET['idxes_photos']);
foreach ($unserialize as $idx) {
$sql = 'UPDATE `studio404_gallery_file` SET `position`=:position WHERE `media_type`=:media_type AND `idx`=:idx AND `status`!=:status';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":media_type" => $media_type, ":position" => $position, ":idx" => $idx, ":status" => 1));
$position++;
}
} else {
if (isset($_GET['pageidx'], $_GET['extention'], $_GET['token']) && in_array($_GET['extention'], $allowfiletypes2)) {
$pageidx = isset($_GET['newsidx']) && $_GET['newsidx'] != "false" ? $_GET['newsidx'] : $_GET['pageidx'];
$media_type = isset($_GET["media"]) && $_GET["media"] == "false" ? "video" : "photo";
// get page type
$get_page_type = new get_page_type();
$page_type = $get_page_type->type($_SESSION["C"], $_GET['pageidx']);
// photo upload
$str = file_get_contents("php://input");
$timegenerate = md5(time());
$filename = $timegenerate . "." . $_GET['extention'];
$path = 'files_pre/' . $filename;
file_put_contents($path, $str);
// check if exists attachment
$sql = 'SELECT
`studio404_gallery`.`idx` AS `sg_idx`
FROM
`studio404_gallery_attachment`,`studio404_gallery`
WHERE
`studio404_gallery_attachment`.`connect_idx`=:connect_idx AND
`studio404_gallery_attachment`.`pagetype`=:pagetype AND
`studio404_gallery_attachment`.`status`!=:status AND
`studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND
`studio404_gallery`.`status`!=:status
';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":connect_idx" => $pageidx, ":pagetype" => $page_type, ":status" => 1));
$fetch = $prepare->fetch(PDO::FETCH_ASSOC);
if ($fetch['sg_idx']) {
// select max idx gallery photo
$sql2 = 'SELECT `id`, MAX(`idx`) AS maxid FROM `studio404_gallery_file`';
$prepare2 = $conn->prepare($sql2);
$prepare2->execute();
$fetch2 = $prepare2->fetch(PDO::FETCH_ASSOC);
$maxid = $fetch2['maxid'] ? $fetch2['maxid'] + 1 : 1;
$fileid = $fetch2['id'];
// select max position of gallery photo
try {
$sql3 = 'SELECT MAX(`position`) as maxpos FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `lang`=:lang AND `gallery_idx`=:gallery_idx AND `status`!=:status';
$prepare3 = $conn->prepare($sql3);
$prepare3->execute(array(":media_type" => $media_type, ":lang" => LANG_ID, ":gallery_idx" => $fetch['sg_idx'], ":status" => 1));
$fetch3 = $prepare3->fetch(PDO::FETCH_ASSOC);
$maxpos = $fetch3['maxpos'] ? $fetch3['maxpos'] + 1 : 1;
} catch (Exeption $e) {
$maxpos = 1;
}
// move file to file folder
$path_new = "files/" . $media_type . "/" . $timegenerate . "." . $_GET["extention"];
if (@copy($path, $path_new)) {
@unlink($path);
}
$filesize = @filesize($path_new);
//insert gallery photo
$sql4 = 'INSERT INTO `studio404_gallery_file` SET
`idx`=:idx,
`date`=:datex,
`gallery_idx`=:gallery_idx,
`file`=:file,
`media_type`=:media_type,
`title`=:title,
`description`=:description,
`filesize`=:filesize,
`insert_admin`=:insert_admin,
`position`=:position,
`lang`=:lang,
`status`=:status
';
$prepare4 = $conn->prepare($sql4);
$prepare4->execute(array(":idx" => $maxid, ":datex" => time(), ":gallery_idx" => $fetch['sg_idx'], ":file" => $path_new, ":media_type" => $media_type, ":title" => "Not defined", ":description" => "Not defined", ":filesize" => $filesize, ":insert_admin" => $_SESSION["user404_id"], ":position" => $maxpos, ":lang" => (int) $_GET['l'], ":status" => 0));
//get inserted file id with current language
$sql5 = 'SELECT `id`,`position` FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status';
$prepare5 = $conn->prepare($sql5);
$prepare5->execute(array(":media_type" => $media_type, ":idx" => $maxid, ":lang" => LANG_ID, ":status" => 1));
$fetch5 = $prepare5->fetch(PDO::FETCH_ASSOC);
$out = '<div class="filebox2" id="flexbox2-' . $maxid . '">';
$out .= '<div class="action_panel2">';
$out .= '<a href="/' . $path_new . '" class="fancybox"><i class="fa fa-eye"></i></a>';
$out .= '<a href="javascript:;" onclick="openPromt2(\'' . $maxid . '\')"><i class="fa fa-pencil-square-o"></i></a>';
$out .= '<a href="javascript:;" onclick="removeFile2(\'' . $maxid . '\')"><i class="fa fa-times"></i></a>';
$out .= '</div>';
if ($media_type == "video") {
$out .= '<div class="extention2"><img src="/images/video_icon.png" width="100%" /></div>';
} else {
$out .= '<div class="extention2"><img src="/' . $path_new . '" width="100%" /></div>';
}
$out .= '<div class="filename2 n2-' . $maxid . '" id="fid2-' . $fetch5['id'] . '">Not defined</div>';
$out .= '</div>';
echo $out;
}
} else {
if (isset($_POST['youtubeLink'])) {
///////////////////////////////////////////////////////////////////////
$pageidx = isset($_POST['yt_mid']) ? $_POST['yt_mid'] : 0;
$media_type = "video";
$page_type = "videogallerypage";
$sql = 'SELECT
`studio404_gallery`.`idx` AS `sg_idx`
FROM
`studio404_gallery_attachment`,`studio404_gallery`
WHERE
`studio404_gallery_attachment`.`connect_idx`=:connect_idx AND
`studio404_gallery_attachment`.`pagetype`=:pagetype AND
`studio404_gallery_attachment`.`status`!=:status AND
`studio404_gallery_attachment`.`idx`=`studio404_gallery`.`idx` AND
`studio404_gallery`.`status`!=:status
';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":connect_idx" => $pageidx, ":pagetype" => $page_type, ":status" => 1));
$fetch = $prepare->fetch(PDO::FETCH_ASSOC);
if ($fetch['sg_idx']) {
// select max idx gallery photo
try {
$sql2 = 'SELECT `id`, MAX(`idx`) as maxid FROM `studio404_gallery_file` WHERE `lang`=:lang AND `status`!=:status';
$prepare2 = $conn->prepare($sql2);
$prepare2->execute(array("lang" => LANG_ID, ":status" => 1));
$fetch2 = $prepare2->fetch(PDO::FETCH_ASSOC);
$maxid = $fetch2['maxid'] ? $fetch2['maxid'] + 1 : 1;
$fileid = $fetch2['id'];
} catch (Exeption $e) {
$maxid = 1;
}
// select max position of gallery photo
try {
$sql3 = 'SELECT MAX(`position`) as maxpos FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `lang`=:lang AND `gallery_idx`=:gallery_idx AND `status`!=:status';
$prepare3 = $conn->prepare($sql3);
$prepare3->execute(array(":media_type" => $media_type, ":lang" => LANG_ID, ":gallery_idx" => $fetch['sg_idx'], ":status" => 1));
$fetch3 = $prepare3->fetch(PDO::FETCH_ASSOC);
$maxpos = $fetch3['maxpos'] ? $fetch3['maxpos'] + 1 : 1;
} catch (Exeption $e) {
$maxpos = 1;
}
$sql4 = 'INSERT INTO `studio404_gallery_file` SET
`idx`=:idx,
`date`=:datex,
`gallery_idx`=:gallery_idx,
`file`=:file,
`media_type`=:media_type,
`title`=:title,
`description`=:description,
`filesize`=:filesize,
`insert_admin`=:insert_admin,
`position`=:position,
`lang`=:lang,
`status`=:status
';
$prepare4 = $conn->prepare($sql4);
$prepare4->execute(array(":idx" => $maxid, ":datex" => time(), ":gallery_idx" => $fetch['sg_idx'], ":file" => $_POST['youtubeLink'], ":media_type" => $media_type, ":title" => "Not defined", ":description" => "Not defined", ":filesize" => "0", ":insert_admin" => $_SESSION["user404_id"], ":position" => $maxpos, ":lang" => (int) $_GET['l'], ":status" => 0));
//get inserted file id with current language
$sql5 = 'SELECT `id`,`position` FROM `studio404_gallery_file` WHERE `media_type`=:media_type AND `idx`=:idx AND `lang`=:lang AND `status`!=:status';
$prepare5 = $conn->prepare($sql5);
$prepare5->execute(array(":media_type" => $media_type, ":idx" => $maxid, ":lang" => LANG_ID, ":status" => 1));
$fetch5 = $prepare5->fetch(PDO::FETCH_ASSOC);
$out = '<div class="filebox2" id="flexbox2-' . $maxid . '">';
$out .= '<div class="action_panel2">';
$out .= '<a href="' . $_POST['youtubeLink'] . '" target="_blank"><i class="fa fa-eye"></i></a>';
$out .= '<a href="javascript:;" onclick="openPromt2(\'' . $maxid . '\')"><i class="fa fa-pencil-square-o"></i></a>';
$out .= '<a href="javascript:;" onclick="upload_filev(\'' . $maxid . '\')"><i class="fa fa-camera"></i></a>';
$out .= '<a href="javascript:;" onclick="removeFile2(\'' . $maxid . '\')"><i class="fa fa-times"></i></a>';
$out .= '</div>';
$out .= '<div class="extention2"><img src="/images/video_icon.png" width="100%" /></div>';
$out .= '<div class="filename2 n2-' . $maxid . '" id="fid2-' . $fetch5['id'] . '">Not defined</div>';
$out .= '</div>';
echo $out;
}
/////////////////////////////////////////////////////////////////
} else {
if (isset($_GET['videoimage']) && is_numeric($_GET['videoimage'])) {
$str = file_get_contents("php://input");
$filename = md5(time()) . "." . $_GET['extention'];
$path = 'files/photo/' . $filename;
file_put_contents($path, $str);
$sql = 'UPDATE `studio404_gallery_file` SET `filev`=:filev WHERE `idx`=:idx AND `status`!=:status';
$prepare = $conn->prepare($sql);
$prepare->execute(array(":filev" => $path, ":idx" => $_GET['videoimage'], ":status" => 1));
echo $path;
} else {
echo "error";
exit;
}
}
}
}
}
}
}
}
}
}
}
public function loadpage($obj, $c)
{
// load constructor
$s2 = $obj->url("segment", 2);
$file = $obj->url_last();
// select page types
$type_obj = new page_type();
$page_type = $type_obj->get_page_type($c);
$get_ip = new get_ip();
$ip = $get_ip->ip;
if ($c['website.mode'] == "UnderDeveloper" && !in_array($ip, $c['allowes.ips'])) {
// if under developer
$controller = "controller/under.php";
if (file_exists($controller)) {
$controller = new under($c);
} else {
$controller = new error_page();
}
} else {
if ($file == 'cron') {
//insertemail
// if under developer
$controller = "controller/cron.php";
if (file_exists($controller)) {
$controller = new cron($c);
} else {
$controller = new error_page();
}
} else {
if ($file == 'ajax') {
//insertemail
// if under developer
$controller = "controller/ajax.php";
if (file_exists($controller)) {
$controller = new ajax($c);
} else {
$controller = new error_page();
}
} else {
if ($file == 'download') {
//insertemail
// if under developer
$controller = "controller/download.php";
if (file_exists($controller)) {
$controller = new download();
} else {
$controller = new error_page();
}
} else {
if ($file == 'insertemail') {
//
// if under developer
$controller = "controller/insertemail.php";
if (file_exists($controller)) {
$controller = new insertemail($c);
} else {
$controller = new error_page();
}
} else {
if ($obj->url("segment", 1) == 'unsubscribe') {
// if under developer
$controller = "controller/unsubscribe.php";
if (file_exists($controller)) {
$encr = $obj->url("segment", 2);
$controller = new unsubscribe($c, $encr);
} else {
$controller = new error_page();
}
} else {
if ($file == $c['admin.slug']) {
// administrator page
$controller = "controller/admin.php";
if (file_exists($controller)) {
$controller = new admin($obj, $c);
} else {
$controller = new error_page();
}
} else {
if ($file == "session_timeout") {
$controller_sessiontime = 'controller/session_timeout.php';
if (file_exists($controller_sessiontime)) {
$controller = new session_timeout();
}
} else {
if ($file == "ajaxloadoptions") {
$controller_ajaxloadoptions = 'controller/ajaxloadoptions.php';
if (file_exists($controller_ajaxloadoptions)) {
$controller = new ajaxloadoptions();
}
} else {
if ($s2 == "gallery") {
$controller_gallery = 'controller/gallery.php';
if (file_exists($controller_gallery)) {
$controller = new gallery();
}
} else {
if ($file == "invoices") {
$controller_ajaxloadoptions = 'controller/invoices.php';
if (file_exists($controller_ajaxloadoptions)) {
$controller = new invoices($obj, $c);
}
} else {
if ($file == "ajaxmoveimage") {
$controller_ajaxmoveimage = 'controller/ajaxmoveimage.php';
if (file_exists($controller_ajaxmoveimage)) {
$controller = new ajaxmoveimage();
}
} else {
if ($file == "ajaxupload") {
$controller_ajaxupload = 'controller/ajaxupload.php';
if (file_exists($controller_ajaxupload)) {
$controller = new ajaxupload();
}
} else {
if ($file == "image") {
$controller_image = 'controller/image.php';
if (file_exists($controller_image)) {
$controller = new image();
}
} else {
if ($file != "admin") {
// load pages
//select page types
$get_page_type = new get_page_type();
$page_type = $get_page_type->type_page($c);
// text pages
$controller_text = "controller/text.php";
// home page
$controller_home = "controller/homepage.php";
// photo gallery page
$controller_photo_gallery = "controller/photogallery.php";
// video gallery page
$contoller_video_gallery = "controller/videogallery.php";
// catalog page
$controller_catalog = "controller/catalog.php";
// custom page
$cust = str_replace("-", "", $file);
$controller_custom = "controller/custom/" . $cust . ".php";
//event page
$controller_event = "controller/events.php";
//eventsinside page
$controller_eventsinside = "controller/eventsinside.php";
//news page
$controller_news = "controller/news.php";
//news inside page
$controller_news_inside = "controller/news_inside.php";
// event inside page
$controller_events_inside = "controller/eventinside.php";
//publication page
$controller_publication = "controller/publication.php";
// team page
$controller_team = "controller/team.php";
// administrator pages
$controller = "controller/" . $file . ".php";
// session timeout
$controller_sessiontime = "controller/session_timeout.php";
//product page
$controller_product = "controller/product.php";
// error page
$controller_errorpage = "controller/error_page.php";
if (empty($page_type) || $page_type == "error_page") {
if (file_exists($controller_home)) {
$controller = new $c["welcome.page.class"]($c);
}
} else {
switch ($page_type) {
case 'homepage':
if (file_exists($controller_home)) {
$controller = new homepage($c);
}
break;
case 'session_timeout':
if (file_exists($controller_sessiontime)) {
$controller = new session_timeout();
}
break;
case 'textpage':
if (file_exists($controller_text)) {
$controller = new text($c);
}
break;
case 'photogallerypage':
if (file_exists($controller_photo_gallery)) {
$controller = new photogallery($c);
}
break;
case 'videogallerypage':
if (file_exists($contoller_video_gallery)) {
$controller = new videogallery($c);
}
break;
case 'catalogpage':
if (file_exists($controller_catalog)) {
$controller = new catalog($c);
}
break;
case 'custompage':
if (file_exists($controller_custom)) {
$controller = new $cust($c);
}
break;
case 'eventpage':
if (file_exists($controller_event)) {
$controller = new events($c);
}
break;
case 'eventsinside':
if (file_exists($controller_eventsinside)) {
$controller = new eventsinside($c);
}
break;
case 'newspage':
if (file_exists($controller_news)) {
$controller = new news($c);
}
break;
case 'newsinside':
if (file_exists($controller_news_inside)) {
$controller = new news_inside($c);
}
break;
case 'publicationpage':
if (file_exists($controller_publication)) {
$controller = new publication($c);
}
break;
case 'teampage':
if (file_exists($controller_team)) {
$controller = new team($c);
}
break;
case 'product':
if (file_exists($controller_product)) {
$controller = new product($c);
}
break;
case 'error_page':
if (file_exists($controller_errorpage)) {
$controller = new error_page();
}
break;
default:
if (file_exists($controller)) {
$controller = new $file($obj, $c);
}
break;
}
}
} else {
$controller = new error_page();
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
public function insertmedia($c, $connect_idx, $lang)
{
$conn = $this->conn($c);
// get page type
$get_page_type = new get_page_type();
$page_type = $get_page_type->type($_SESSION["C"], $_GET['newsidx']);
//select gallery max idx
$sqlg = 'SELECT MAX(`idx`) AS maxid FROM `studio404_gallery` WHERE `lang`=:lang';
$prepareg = $conn->prepare($sqlg);
$prepareg->execute(array(":lang" => $lang));
$fetchg = $prepareg->fetch(PDO::FETCH_ASSOC);
$maxid = $fetchg['maxid'] ? $fetchg['maxid'] + 1 : 1;
// insert gallery
$sql_media = 'INSERT INTO `studio404_gallery` SET
`idx`=:idx,
`date`=:datex,
`title`=:title,
`lang`=:lang,
`status`=:status
';
$prepare_media = $conn->prepare($sql_media);
$prepare_media->execute(array(":idx" => $maxid, ":datex" => time(), ":title" => $_POST['title'], ":lang" => $lang, ":status" => 0));
// insert gallery attachment
$sql_media2 = 'INSERT INTO `studio404_gallery_attachment` SET
`idx`=:idx,
`connect_idx`=:connect_idx,
`pagetype`=:pagetype,
`lang`=:lang,
`status`=:status
';
$prepare_media2 = $conn->prepare($sql_media2);
$prepare_media2->execute(array(":idx" => $maxid, ":connect_idx" => $connect_idx, ":pagetype" => $page_type, ":lang" => $lang, ":status" => 0));
}
