X7ROOT File Manager
Current Path:
/home/u126090504/domains/kiitacademy.in/public_html/admin
home
/
u126090504
/
domains
/
kiitacademy.in
/
public_html
/
admin
/
📁
..
📄
achievers.php
(8.99 KB)
📄
admissions.php
(5.67 KB)
📄
banners.php
(5.47 KB)
📄
change_password.php
(3.54 KB)
📄
contacts.php
(3.83 KB)
📄
dashboard.php
(8.71 KB)
📄
downloads.php
(4.91 KB)
📄
export_franchise.php
(930 B)
📄
faculty.php
(9.92 KB)
📄
forgot_password.php
(3.75 KB)
📄
franchise.php
(7.28 KB)
📄
gallery.php
(3.08 KB)
📁
includes
📄
index.php
(82 B)
📄
login.php
(6.59 KB)
📄
logout.php
(102 B)
📄
manage_albums.php
(2.28 KB)
📄
manage_media.php
(3.02 KB)
📄
manage_photos.php
(5.66 KB)
📄
manage_videos.php
(3.62 KB)
📄
new_password.php
(3.9 KB)
📄
notices.php
(8.24 KB)
📄
payments.php
(15.23 KB)
📄
popup.php
(10.68 KB)
📄
reset_password.php
(4.23 KB)
📄
secure_session.php
(1000 B)
📄
settings.php
(5.21 KB)
📄
testimonials.php
(10.25 KB)
📄
update_status.php
(1.29 KB)
📄
upi_settings.php
(1.52 KB)
Editing: banners.php
<?php include 'secure_session.php'; // 🔐 Always first (session security) include 'includes/auth.php'; // ✅ Your authentication check require_once '../config.php'; // ✅ DB connection include 'includes/header.php'; // ✅ Layout header $success = $error = ""; $allowedTypes = ['jpg','jpeg','png']; $maxSize = 1 * 1024 * 1024; // 1MB $success = $error = ""; // ✅ Generate CSRF token if not set if (empty($_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(random_bytes(32)); } // ✅ Add Banner if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_banner'])) { // Check CSRF if (!isset($_POST['csrf']) || !hash_equals($_SESSION['csrf'], $_POST['csrf'])) { die("❌ CSRF token mismatch."); } $burl = ''; if (!empty($_FILES['bfile']['name'])) { $targetDir = __DIR__ . "/../uploads/banners/"; if (!is_dir($targetDir)) { mkdir($targetDir, 0755, true); } $originalName = $_FILES['bfile']['name']; $ext = strtolower(pathinfo($originalName, PATHINFO_EXTENSION)); // Validate file type if (!in_array($ext, $allowedTypes)) { $error = "❌ Only JPG/PNG allowed."; } // Validate file size elseif ($_FILES['bfile']['size'] > $maxSize) { $error = "❌ File too large (max 1MB)."; } // Validate upload is real file elseif (!is_uploaded_file($_FILES['bfile']['tmp_name'])) { $error = "❌ Invalid upload."; } else { // Safe rename $safeName = time() . "_" . bin2hex(random_bytes(5)) . "." . $ext; $targetFile = $targetDir . $safeName; if (move_uploaded_file($_FILES['bfile']['tmp_name'], $targetFile)) { $burl = $safeName; $stmt = $conn->prepare("INSERT INTO bannertab (imgfile) VALUES (?)"); $stmt->bind_param("s", $burl); $stmt->execute(); $success = "✅ Banner Added"; } else { $error = "❌ File upload failed."; } } } else { $error = "⚠️ Please select a file."; } } // ✅ Delete Banner if (isset($_GET['delete'])) { // Check CSRF in GET for delete if (!isset($_GET['csrf']) || !hash_equals($_SESSION['csrf'], $_GET['csrf'])) { die("❌ CSRF token mismatch."); } $id = intval($_GET['delete']); $stmt = $conn->prepare("SELECT imgfile FROM bannertab WHERE id=? LIMIT 1"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->bind_result($oldFile); $stmt->fetch(); $stmt->close(); if ($oldFile && file_exists(__DIR__ . "/../uploads/banners/" . $oldFile)) { unlink(__DIR__ . "/../uploads/banners/" . $oldFile); } $stmt = $conn->prepare("DELETE FROM bannertab WHERE id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $success = "⚠️ Banner Deleted"; } ?> <div class="container mt-4"> <h3 class="mb-4">🖼 Manage Banners</h3> <?php if ($success): ?> <div class="alert alert-success"><?php echo $success; ?></div> <?php endif; ?> <?php if ($error): ?> <div class="alert alert-danger"><?php echo $error; ?></div> <?php endif; ?> <!-- Upload Form --> <div class="card shadow mb-4"> <div class="card-header bg-primary text-white">➕ Add Banner</div> <div class="card-body"> <form method="POST" enctype="multipart/form-data"> <input type="hidden" name="csrf" value="<?php echo $_SESSION['csrf']; ?>"> <div class="form-group"> <label>Upload Banner (JPG/PNG, max 1MB)</label> <input type="file" name="bfile" class="form-control-file" required> </div> <button type="submit" name="add_banner" class="btn btn-success">Upload</button> </form> </div> </div> <!-- Banner List --> <div class="table-responsive"> <table class="table table-bordered table-hover text-center"> <thead class="thead-dark"> <tr> <th>ID</th> <th>Banner</th> <th>Action</th> </tr> </thead> <tbody> <?php $res = $conn->query("SELECT * FROM bannertab ORDER BY id DESC"); if ($res->num_rows > 0) { while ($row = $res->fetch_assoc()) { $img = $row['imgfile'] ? "<img src='../uploads/banners/" . htmlspecialchars($row['imgfile']) . "' width='150'>" : "—"; echo "<tr> <td>" . (int)$row['id'] . "</td> <td>$img</td> <td> <a href='?delete=" . $row['id'] . "&csrf=" . $_SESSION['csrf'] . "' class='btn btn-danger btn-sm' onclick='return confirm(\"Delete this banner?\")'>Delete</a> </td> </tr>"; } } else { echo "<tr><td colspan='3'>No Banners Found</td></tr>"; } ?> </tbody> </table> </div> </div> <?php include 'includes/footer.php'; ?>
Upload File
Create Folder