/
var
/
www
/
html
/
stengineers
/
admin
/
api
/
Upload FileeE
HOME
<?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); header('Access-Control-Allow-Origin: *'); require_once 'dbconnection.php'; // error_reporting(0); $action = $_POST['action']; $ref = $_POST['referer']; if ($ref == 'ezioaws') { function validateData($data) { $resultData = htmlspecialchars(stripslashes(trim($data))); return $resultData; } //Code for Adding blog if ($action == 'addnews') { if (function_exists('date_default_timezone_set')) { date_default_timezone_set("Asia/Kolkata"); } $title = $con -> real_escape_string($_POST['title']); $dates = date("Y-m-d"); $msgs = ($_POST['bcontent']); $description = $con -> real_escape_string($_POST['description']); $status = $_POST['status']; $news_type = $_POST['news_type']; $event_date = $_POST['event_date']; $alt_content = $_POST['alt_content']; $news_url = $_POST['news_url']; $gal_img = $_POST['gal_img']; $thumb_img = $_POST['thumb_img']; $dcont = implode(' ', array_slice(explode(' ', $title), 0, 6)); $furl = strtolower(str_replace(" ", "-", $dcont)); $imname1 = $thumb_img; $msgs = str_replace("'", "", $msgs); //$msgs = str_replace("div", "p", $msgs); $msgs = preg_replace('/font-family.+?;/', "", $msgs); $msgs = preg_replace('/font-size.+?;/', "", $msgs); // $mshortd = strip_tags($_POST['msgs']); // $shortdesc = implode(' ', array_slice(explode(' ', $mshortd), 0, 20)); $description = str_replace("'", "", $description); $s = "select * from news_events where title = '$title' or news_url = '$news_url'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 1) { $json['status'] = 'failed'; $json['message'] = "News already exists"; } else { $sql = "INSERT INTO news_events (title, created_at, updated_at,thump_image,gal_img,image,news_content,alt_content,news_type,event_date,news_url, description,status) VALUES ('$title','$dates','$dates','$imname1','$gal_img','uploads/news/test.png','$msgs','$alt_content','$news_type','$event_date','$news_url','$description','$status')"; // echo $sql; // exit; // echo $sql; // exit; $msg = mysqli_query($con, $sql); if ($msg) { $url = "https://stengineers.com/news/" . $news_url; $carr = array(); $sql = "SELECT * FROM subscriber_details"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } if ($status == 'active' && count($carr) > 0) { require "mailer/PHPMailerAutoload.php"; for ($x = 0; $x <= count($carr); $x++) { $email = $carr[$x]['email']; $mail = new PHPMailer; $mail->IsSMTP(); $mail->Host = 'smtp.gmail.com'; // Specify main and backup server $mail->Port = 465; // Set the SMTP port $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = 'connecteziosolutions@gmail.com'; // SMTP username $mail->Password = 'ptgxeggsplseysit'; // SMTP password $mail->SMTPSecure = 'ssl'; // Enable encryption, 'STARTTLS' also accepted $mail->setFrom('ramya@eziosolutions.com', "New News and Events -Desher"); $mail->AddAddress($email, "New News - Desher"); // Add a recipient $mail->IsHTML(true); // Set email format to HTML $mail->Subject = " Check Out Our News and Events - Desher "; $mail->Body = "<p style='text-align:center;font-weight: bold;'> Remember Your Website is a Powerful Tool for Your Business Growth<br>We Make it Easy for You </p><p><br><br> Hi reader! <br><br>We have added a new blog post to our website that is worth your time. Just give it a read! <br>We hope you will enjoy reading it. <br> <br>Just Click Below to Head on Over to Our Website.<br> Blog Link - <a href='$url' target='_black'>$url</a><br><br>Thanks for reading! <br> </p> "; if (!$mail->send()) { // $json['message']= "We were unable to send your request.Please try again"; // echo 'Mailer Error: ' . $mail->ErrorInfo; } else { // $json['message']= "Your request has been sent successfuly"; } } } $json['status'] = 'success'; $json['message'] = "Added Successfully"; } else { $json['status'] = 'failed'; $json['message'] = "Failed to Add News"; } } echo json_encode($json); } // Code for blog update if ($action == 'updatenews1') { if (function_exists('date_default_timezone_set')) { date_default_timezone_set("Asia/Kolkata"); } $title = $con -> real_escape_string($_POST['title']); $dates = date("Y-m-d"); $msgs = ($_POST['bcontent']); $description = $con -> real_escape_string($_POST['description']); $news_type = $_POST['news_type']; $event_date = $_POST['event_date']; $status = $_POST['status']; $id = $_POST['id']; $alt_content = $_POST['alt_content']; $news_url = $_POST['news_url']; $msgs = str_replace("'", "", $msgs); // $msgs = str_replace("div", "p", $msgs); $gal_img = $_POST['gal_img']; $thumb_img = $_POST['thumb_img']; // $images = json_decode($_POST['gal_img']); // $image = implode(",",$images); // print_r($_POST); // exit; $msgs = preg_replace('/font-family.+?;/', "", $msgs); $msgs = preg_replace('/font-size.+?;/', "", $msgs); $description = str_replace("'", "", $description); $news_type = str_replace("'", "", $news_type); $imname1 = $thumb_img; $dcont = implode(' ', array_slice(explode(' ', $title), 0, 6)); $furl = strtolower(str_replace(" ", "-", $dcont)); $mshortd = strip_tags($msgs); $shortdesc = implode(' ', array_slice(explode(' ', $mshortd), 0, 20)); $gal_img = str_replace(',,', ',', $gal_img); $sql = "UPDATE news_events SET title='$title', updated_at='$dates', thump_image='$imname1',gal_img='$gal_img', news_content='$msgs', alt_content='$alt_content', news_url='$news_url', status='$status',news_type='$news_type',event_date='$event_date', description='$description' WHERE id='$id'"; // echo $sql; // exit; $msg = mysqli_query($con, $sql); if ($msg) { $json['status'] = 'success'; $json['message'] = "Updated Successfully"; } else { $json['status'] = 'failed'; $json['message'] = "Failed to Update"; } echo json_encode($json); } //Code for blog delete if ($action == 'deletenews') { $id = $_POST['id']; $sql = "DELETE FROM news_events WHERE id='$id'"; $msg = mysqli_query($con, $sql); if ($msg) { $json['status'] = 'success'; $json['message'] = "Deleted Successfully"; } else { $json['status'] = 'failed'; $json['message'] = "Failed to Delete"; } echo json_encode($json); } //Code for blog fetch if ($action == 'selectnewsall') { $s = "select * from news_events"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No News Added"; echo json_encode($json); } else { $carr = array(); $sql = "SELECT * FROM news_events"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'editnews') { $id = $_POST['id']; $ss = "select * from news_events where id='$id'"; $ress = mysqli_query($con, $ss); $nums = mysqli_num_rows($ress); if ($nums == 0) { $json['status'] = 'failed'; $json['message'] = "News Details Not Found"; echo json_encode($json); } else { $carrs = array(); $sqls = "SELECT * FROM news_events WHERE id='$id'"; $selecteds = mysqli_query($con, $sqls); $rows = mysqli_fetch_assoc($selecteds); $carrs[] = $rows; $tvals = json_encode($carrs); print_r($tvals); } } if ($action == 'newsDetail') { $url = $_POST['url']; $ss = "select * from news_events where news_url='$url'"; // echo $ss; $ress = mysqli_query($con, $ss); $nums = mysqli_num_rows($ress); if ($nums == 0) { $json['status'] = 'failed'; $json['message'] = "News Details Not Found"; echo json_encode($json); } else { $carrs = array(); $sqls = "SELECT * FROM news_events WHERE news_url='$url'"; $selecteds = mysqli_query($con, $sqls); $rows = mysqli_fetch_assoc($selecteds); $carrs[] = $rows; $tvals = json_encode($carrs); print_r($tvals); } } if ($action == 'addblogcomment') { $username = $_POST['username']; $dates = date("Y-m-d"); $email = $_POST['email']; $comments = $_POST['comments']; $url = $_POST['url']; $blog_id = $_POST['blog_id']; $status = 'pending'; // echo $msgs; $s = "select * from blog_comments where email = '$email' and blog_id = '$blog_id'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 1) { $json['status'] = 'failed'; $json['message'] = "Comment already exists"; } else { $sql = "INSERT INTO blog_comments (username, email, comments, url, blog_id, created_at, status) VALUES ('$username','$email','$comments','$url', $blog_id, '$dates','$status')"; // echo $sql; $msg = mysqli_query($con, $sql); if ($msg) { $json['status'] = 'success'; $json['message'] = "Your comment was added successfully. You can see your comment after admin will approved it."; } else { $json['status'] = 'failed'; $json['message'] = "Failed to Add Blog"; } } echo json_encode($json); } if ($action == 'selectblogcomments') { $url = $_POST['url']; $blog_id = $_POST['blog_id']; $s = "select * from blog_comments where blog_id = '$blog_id' and status='approved'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No data found"; echo json_encode($json); } else { $carr = array(); $sql = "SELECT username, email, comments, url, DATE_FORMAT(created_at, '%d-%m-%Y') as created_at , status FROM blog_comments where status='approved' and blog_id = '$blog_id' ORDER BY id DESC"; // echo $sql; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'selectblog') { $s = "select * from blog_comments"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No data found"; echo json_encode($json); } else { $carr = array(); $sql = "SELECT id,title,id as blog_id, DATE_FORMAT(created_at, '%d-%m-%Y') as created_at ,'0' as total_count,'0' as pending_count ,'0' as approved_count FROM blogs ORDER BY id DESC"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } for ($i = 0; $i < count($carr); $i++) { $blog_id = $carr[$i]['blog_id']; // echo $url; $row1 = mysqli_query($con, "select count(*) as pending from blog_comments as a where a.status='pending' and a.blog_id = '$blog_id'"); $row2 = mysqli_fetch_array($row1); $carr[$i]['pending_count'] = $row2['pending']; $row3 = mysqli_query($con, "select count(*) as total from blog_comments as a where a.blog_id = '$blog_id'"); $row4 = mysqli_fetch_array($row3); $carr[$i]['total_count'] = $row4['total']; $row5 = mysqli_query($con, "select count(*) as approved from blog_comments as a where a.status='approved' and a.blog_id = '$blog_id'"); $row6 = mysqli_fetch_array($row5); $carr[$i]['approved_count'] = $row6['approved']; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'selectadminblogcomments') { $title = $_POST['title']; $blog_id = $_POST['blog_id']; $s = "select * from blog_comments where blog_id = '$blog_id'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No data found"; echo json_encode($json); } else { $carr = array(); $sql = "SELECT id,username, email, comments, url, DATE_FORMAT(created_at, '%d-%m-%Y') as created_at , status FROM blog_comments where blog_id = '$blog_id' ORDER BY id DESC"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'updatecommentstatus') { $status = $_POST['status']; $dates = date("Y-m-d"); $id = $_POST['id']; // echo $msgs; if ($status == 'rejected') { $sql = "DELETE FROM blog_comments WHERE id='$id'"; $msg = mysqli_query($con, $sql); if ($msg) { $json['status'] = 'success'; $json['message'] = "Deleted Successfully"; } else { $json['status'] = 'failed'; $json['message'] = "Failed to Delete"; } } else if ($status == 'approved') { $sql = "UPDATE blog_comments SET status='$status' WHERE id='$id'"; // echo $sql; $msg = mysqli_query($con, $sql); if ($msg) { $json['status'] = 'success'; $json['message'] = "Comment approved successfully."; } else { $json['status'] = 'failed'; $json['message'] = "Failed to approved"; } } else if ($status == 'pending') { $sql = "UPDATE blog_comments SET status='$status' WHERE id='$id'"; // echo $sql; $msg = mysqli_query($con, $sql); if ($msg) { $json['status'] = 'success'; $json['message'] = "Comment moved to Pending."; } else { $json['status'] = 'failed'; $json['message'] = "Failed to approved"; } } echo json_encode($json); } if ($action == 'selectnewsforwebsite') { $s = "select * from news_events where status='active' ORDER BY event_date DESC"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No News Added"; echo json_encode($json); } else { $carr = array(); $sql = "select * from news_events where status='active' ORDER BY event_date DESC"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'selectcommentcount') { $blog_id = $_POST['blog_id']; $s = "select * from blog_comments where status='approved' and blog_id='$blog_id'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No Comments Found"; echo json_encode($json); } else { $carr = array(); $sql = "select count(*) as commentcount from blog_comments where status='approved' and blog_id='$blog_id'"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'selectrelatedpost') { $blog_id = $_POST['blog_id']; $s = "select * from blogs where status='active' and id !='$blog_id'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No Blog Added"; echo json_encode($json); } else { $carr = array(); $sql = "select * from blogs where status='active' and id !='$blog_id' ORDER BY id DESC LIMIT 4"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'selectprevpost') { $blog_id = $_POST['blog_id']; $s = "select * from blogs where status='active' and id !='$blog_id'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No Blog Added"; echo json_encode($json); } else { $carr = array(); $sql = "SELECT * FROM blogs WHERE status='active' AND id<'$blog_id' ORDER BY id DESC LIMIT 1 "; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'selectnextpost') { $blog_id = $_POST['blog_id']; $s = "select * from blogs where status='active' and id !='$blog_id'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No Blog Added"; echo json_encode($json); } else { $carr = array(); $sql = "SELECT * FROM blogs WHERE status='active' AND id>'$blog_id' ORDER BY id ASC LIMIT 1 "; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } if ($action == 'selectnews_for_home') { $s = "select * from news_events WHERE status='active'"; $res = mysqli_query($con, $s); $num = mysqli_num_rows($res); if ($num == 0) { $json['status'] = 'failed'; $json['message'] = "No News Added"; echo json_encode($json); } else { $carr = array(); $sql = "SELECT * FROM news_events WHERE status='active' ORDER BY id DESC LIMIT 3"; $selected = mysqli_query($con, $sql); while ($row = mysqli_fetch_assoc($selected)) { $carr[] = $row; } $tvals = json_encode($carr); print_r($tvals); } } } else { $json['status'] = 'failed'; $json['message'] = "Access Denied"; echo json_encode($json); } if ($action == 'deleteimg') { if (isset($_POST["gal_img"])) { $file_path = 'news/'; if (unlink($file_path)) { $query = "DELETE FROM news_events WHERE gal_img = '" . $_POST["gal_img"] . "'"; $statement = $connect->prepare($query); $statement->execute(); } } }