/
home
/
efamember
/
domains
/
efa-member.com
/
public_html
/
backoffice
/
ajax
/
blog_setting
/
up file
home
<?php session_start(); include("../../../config/main_function.php"); $secure = "cAh3DrJACzw4RbU"; $connection = connectDB($secure); if ($connection) { $blog_id = mysqli_real_escape_string($connection, $_POST['blog_id']); $content_type = mysqli_real_escape_string($connection, $_POST['content_type']); $sql = "SELECT (MAX(list_order) + 1) AS max_order FROM tbl_blog_content WHERE blog_id = '$blog_id'"; $rs = mysqli_query($connection, $sql); $row = mysqli_fetch_array($rs); $list_order = ($row["max_order"] != "" ? $row["max_order"] : 1); if ($content_type == 1) { $content_text = mysqli_real_escape_string($connection, $_POST['content_text']); $content_id = getRandomID(10, "tbl_blog_content", "content_id"); $sql_content = "INSERT INTO tbl_blog_content SET content_id = '$content_id', blog_id = '$blog_id', list_order = '$list_order', content_type = '$content_type', content_text = " . ($content_text != "" ? "'" . $content_text . "'" : "NULL") . ";"; $content = mysqli_query($connection, $sql_content); if ($content) { $arr['result'] = 1; } else { $arr['result'] = 0; } } elseif ($content_type == 2) { $count_file = count($_FILES["content_image"]["name"]); $success = 0; for ($i = 0; $i < $count_file; $i++) { $list_order = list_order('tbl_blog_content','list_order',"WHERE blog_id = '$blog_id'"); $content_id = getRandomID(10, "tbl_blog_content", "content_id"); if ($_FILES["content_image"]["name"][$i] != "") { $allowed = array('gif', 'png', 'jpg', "jpeg"); $file_type = $_FILES["content_image"]['name'][$i]; $ext = pathinfo($file_type, PATHINFO_EXTENSION); if (in_array($ext, $allowed)) { $file = explode(".", $_FILES["content_image"]['name'][$i]); $file_surname = end($file); $filename_images = md5(date("dmYhis") . rand(1000, 9999)) . "." . $file_surname; $target_file = "../../../files/blog_files/" . $filename_images; if (move_uploaded_file($_FILES["content_image"]["tmp_name"][$i], $target_file)) { $sql_content = "INSERT INTO tbl_blog_content SET content_id = '$content_id', blog_id = '$blog_id', list_order = '$list_order', content_type = '$content_type', content_image = " . ($filename_images != "" ? "'" . $filename_images . "'" : "NULL") . ";"; $content = mysqli_query($connection, $sql_content); if ($content) { $success++; } } } } } $success; if ($success == $count_file) { $arr['result'] = 1; } else { $arr['result'] = 0; } } elseif ($content_type == 3) { $content_yt_id = mysqli_real_escape_string($connection, $_POST["content_yt_id"]); $content_id = getRandomID(10, "tbl_blog_content", "content_id"); $sql_content = "INSERT INTO tbl_blog_content SET content_id = '$content_id', blog_id = '$blog_id', list_order = '$list_order', content_type = '$content_type', content_yt_id = " . ($content_yt_id != "" ? "'" . $content_yt_id . "'" : "NULL") . ";"; $content = mysqli_query($connection, $sql_content); if ($content) { $arr['result'] = 1; } else { $arr['result'] = 0; } } elseif ($content_type == 4) { $content_id = getRandomID(10, "tbl_blog_content", "content_id"); if ($_FILES["content_video"]["name"] != "") { $allowed = array("mp4"); $file_type = $_FILES["content_video"]['name']; $ext = pathinfo($file_type, PATHINFO_EXTENSION); if (in_array($ext, $allowed)) { $file = explode(".", $_FILES["content_video"]['name']); $file_surname = end($file); $filename_images = md5(date("dmYhis") . rand(1000, 9999)) . "." . $file_surname; $target_file = "../../../files/blog_files/" . $filename_images; if (move_uploaded_file($_FILES["content_video"]["tmp_name"], $target_file)) { $sql_content = "INSERT INTO tbl_blog_content SET content_id = '$content_id', blog_id = '$blog_id', list_order = '$list_order', content_type = '$content_type', content_video = " . ($filename_images != "" ? "'" . $filename_images . "'" : "NULL") . ";"; $content = mysqli_query($connection, $sql_content); if ($content) { $arr['result'] = 1; } else { $arr['result'] = 0; } } } } } else { $arr['result'] = 0; } } else { $arr['result'] = 9; } echo json_encode($arr);