/
home
/
efamember
/
domains
/
efa-member.com
/
public_html
/
backoffice
/
ajax
/
blog_setting
/
up file
home
<?php session_start(); include("../../../config/main_function.php"); $secure = "cAh3DrJACzw4RbU"; $connection = connectDB($secure); $authorization = $_SESSION['SaraburiFDAAdmin']; $blog_id = mysqli_real_escape_string($connection, $_POST['edit_blog_id']); $list_order = mysqli_real_escape_string($connection, $_POST['list_order']); $content_type = mysqli_real_escape_string($connection, $_POST['content_type']); $datetime = date('Y-m-d H:i:s'); if ($connection) { if ($content_type == 1) { $content_text = mysqli_real_escape_string($connection, $_POST['content_text']); $sql_content = "UPDATE tbl_blog_content SET content_text = " . ($content_text != "" ? "'" . $content_text . "'" : "NULL") . " WHERE blog_id = '$blog_id' AND list_order = '$list_order';"; $content = mysqli_query($connection, $sql_content); if ($content) { $result = 1; } else { $result = 0; } } elseif ($content_type == 2) { if ($_FILES["content_image"]["name"] != "") { $allowed = array('gif', 'png', 'jpg', "jpeg"); $file_type = $_FILES["content_image"]['name']; $ext = pathinfo($file_type, PATHINFO_EXTENSION); if (in_array($ext, $allowed)) { $file = explode(".", $_FILES["content_image"]['name']); $file_surname = end($file); $filename_images = md5(date("dmYhis") . rand(1000, 9999)) . "." . $file_surname; $target_file = "../../../files/blog_files/" . $filename_images; if (move_uploaded_file($_FILES["content_image"]["tmp_name"], $target_file)) { $sql_content = "UPDATE tbl_blog_content SET content_image = " . ($filename_images != "" ? "'" . $filename_images . "'" : "NULL") . " WHERE blog_id = '$blog_id' AND list_order = '$list_order';"; $content = mysqli_query($connection, $sql_content); if ($content) { $result = 1; } else { $result = 0; } } } } } elseif ($content_type == 3) { $content_yt_id = mysqli_real_escape_string($connection, $_POST["content_yt_id"]); $sql_content = "UPDATE tbl_blog_content SET content_yt_id = " . ($content_yt_id != "" ? "'" . $content_yt_id . "'" : "NULL") . " WHERE blog_id = '$blog_id' AND list_order = '$list_order';"; $content = mysqli_query($connection, $sql_content); if ($content) { $result = 1; } else { $result = 0; } } elseif ($content_type == 4) { if ($_FILES["content_video"]["name"] != "") { $allowed = array("mp4"); $file_type = $_FILES["content_video"]['name']; $ext = pathinfo($file_type, PATHINFO_EXTENSION); if (in_array($ext, $allowed)) { $file = explode(".", $_FILES["content_video"]['name']); $file_surname = end($file); $filename_images = md5(date("dmYhis") . rand(1000, 9999)) . "." . $file_surname; $target_file = "../../../files/blog_files/" . $filename_images; if (move_uploaded_file($_FILES["content_video"]["tmp_name"], $target_file)) { $sql_content = "UPDATE tbl_blog_content SET content_video = " . ($filename_images != "" ? "'" . $filename_images . "'" : "NULL") . " WHERE blog_id = '$blog_id' AND list_order = '$list_order';"; $content = mysqli_query($connection, $sql_content); if ($content) { $result = 1; } else { $result = 0; } } } } } } else { $result = 0; } mysqli_close($connection); $arr['result'] = $result; echo json_encode($arr);