MMCT TEAM
Server IP : 162.214.80.37  /  Your IP : 216.73.216.83
Web Server : Apache
System : Linux sh013.webhostingservices.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : imyrqtmy ( 2189)
PHP Version : 8.2.18
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0755) :  /home2/imyrqtmy/public_html/localapp/vendor/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home2/imyrqtmy/public_html/localapp/vendor/add_news.php
<?php
session_start();
include("inc/config.php");

if(isset($_POST['add_news'])) {
    $reporter_id = $_POST['reporter_id'];
    $news_title = $_POST['news_title'];
    $category_id = $_POST['category_id'];
    $short_description = $_POST['short_description'];
    $news_description = $_POST['news_description'];

    $status = $_POST['status'];
    $state = $_POST['state'];
    $district = $_POST['district']; 

    // Sanitize input data
    $reporter_id = mysqli_real_escape_string($conn, $reporter_id);
    $news_title = mysqli_real_escape_string($conn, $news_title);
    $category_id = mysqli_real_escape_string($conn, $category_id);
    $short_description = mysqli_real_escape_string($conn, $short_description);
    $news_description = mysqli_real_escape_string($conn, $news_description);

    $status = mysqli_real_escape_string($conn, $status);
    $state = mysqli_real_escape_string($conn, $state);
    $district = mysqli_real_escape_string($conn, $district);


    // Handle Image Upload
    $photo = "";
    if(isset($_FILES["photo"]) && $_FILES["photo"]["error"] == 0) {
        $photo = $_FILES["photo"]["name"];
        $target_directory = "news/"; // Folder where the image will be stored
        $target_file = $target_directory . basename($photo);

        // Move the uploaded file to the target directory
        move_uploaded_file($_FILES["photo"]["tmp_name"], $target_file);
    }

    // Insert data into database
    $query = "INSERT INTO `news` (`reporter_id`, `news_title`, `category_id`, `short_description`, `news_description`,  `status`,  `state`, `district`, `photo`) 
              VALUES ('$reporter_id', '$news_title', '$category_id', '$short_description', '$news_description',  '$status', '$state', '$district', '$photo')";

    if(mysqli_query($conn, $query)) {
        $_SESSION['status'] = "Data Uploaded Successfully";
        header('Location: view-news.php');
        exit;
    } else {
        $_SESSION['status'] = "Error: " . mysqli_error($conn);
        header('Location: view-news.php');
        exit;
    }
}



if(isset($_POST['update_news'])){
    $id = $_POST['id'];

    $reporter_id = $_POST['reporter_id'];
    $news_title = $_POST['news_title'];
    $category_id = $_POST['category_id'];
    $short_description = $_POST['short_description'];
    $news_description = $_POST['news_description'];
    $state = $_POST['state'];
    $status = $_POST['status'];  // New field for status
    $district = $_POST['district']; 
    $old_photo = $_POST['image_old'];

    // File upload handling
    $update_photo_filename = !empty($_FILES["photo"]["name"]) ? $_FILES["photo"]["name"] : $old_photo;
    $photo_tmp_name = $_FILES["photo"]["tmp_name"];
    
    $allowed_image_extensions = array('gif','png','jpg','jpeg','webp','WEBP');
    $photo_file_extension = strtolower(pathinfo($update_photo_filename, PATHINFO_EXTENSION));

    if(!in_array($photo_file_extension, $allowed_image_extensions)){
        $_SESSION['status'] = "The image file type is not allowed. Please upload a valid image.";
        header("Location: edit-news.php?id=$id");
        exit;
    }

    // Move new image before updating DB to avoid data inconsistency
    if(!empty($_FILES["photo"]["name"])){
        $target_directory = "news/";
        $new_photo_path = $target_directory . basename($update_photo_filename);

        if(move_uploaded_file($photo_tmp_name, $new_photo_path)){
            if(file_exists("news/".$old_photo) && $old_photo != $update_photo_filename){
                unlink("news/".$old_photo); // Delete old photo only if a new one is uploaded successfully
            }
        } else {
            $_SESSION['status'] = "Error uploading the image.";
            header("Location: edit-news.php?id=$id");
            exit;
        }
    }

    // Use Prepared Statements for Security
    $query = "UPDATE news 
              SET reporter_id=?, news_title=?, category_id=?, short_description=?, news_description=?, photo=?, state=?, status=?, district=? 
              WHERE id=?";
    
    $stmt = mysqli_prepare($conn, $query);
    mysqli_stmt_bind_param($stmt, "issssssssi", $reporter_id, $news_title, $category_id, $short_description, $news_description, $update_photo_filename, $state, $status, $district, $id);

    // mysqli_stmt_bind_param($stmt, "isssssssi", $reporter_id, $news_title, $category_id, $short_description, $news_description, $update_photo_filename, $state, $status,  $district, $id);
    
    if(mysqli_stmt_execute($stmt)){
        $_SESSION['status'] = "Updated Successfully";
    } else {
        $_SESSION['status'] = "Update Failed";
    }

    header('Location: view-news.php');
    exit;
}

// delete

if(isset($_POST['delete_news'])){
    $id = $_POST['delete_id'];
    $photo = $_POST['del_news'];
   

    $query = "DELETE FROM news WHERE id = '$id'";
    $query_run = mysqli_query($conn, $query);

    if($query_run){
        if(unlink("news/".$photo)) {
            $_SESSION['status'] = "Deleted Successfully";
            header('Location: view-news.php');
        } else {
            $_SESSION['status'] = "Error deleting files";
            header('Location: view-news.php');
        }
    } else {
        $_SESSION['status'] = "Not Deleted Successfully";
        header('Location: view-news.php');
    }
}
?>

MMCT - 2023