File Manager

X7ROOT File Manager

Current Path: /home/u126090504/domains/oca.org.in/public_html/admin

home / u126090504 / domains / oca.org.in / public_html / admin /

📁 ..
📄 achievers.php(13.81 KB)
📄 admissions.php(5.67 KB)
📄 banners.php(7.18 KB)
📄 change_password.php(3.54 KB)
📄 contacts.php(3.83 KB)
📄 dashboard.php(9.73 KB)
📄 downloads.php(4.91 KB)
📄 export_franchise.php(930 B)
📄 faculty.php(13.27 KB)
📄 forgot_password.php(6.52 KB)
📄 franchise.php(7.28 KB)
📄 gallery.php(3.08 KB)
📄 governing-body-manage.php(9.12 KB)
📄 grievance-update.php(1003 B)
📄 grievance-view.php(5.32 KB)
📄 grievances.php(5.79 KB)
📁 includes
📄 index.php(82 B)
📄 login.php(6.59 KB)
📄 logout.php(102 B)
📄 manage_albums.php(2.28 KB)
📄 manage_media.php(3.02 KB)
📄 manage_photos.php(5.66 KB)
📄 manage_videos.php(3.62 KB)
📄 new_password.php(3.9 KB)
📄 notice.php(16.36 KB)
📄 notices.php(8.24 KB)
📄 payments.php(15.23 KB)
📁 phpmailer
📄 popup.php(10.68 KB)
📄 reset_password.php(2.27 KB)
📄 secure_session.php(1000 B)
📄 settings.php(5.21 KB)
📄 submit-grievance.php(4.97 KB)
📄 testimonials.php(10.25 KB)
📄 update_status.php(1.29 KB)
📄 upi_settings.php(1.52 KB)

Editing: banners.php

<?php
// Banner Manager with Manual Display Position
include 'secure_session.php';   // 🔐 Always first (session security)
include 'includes/auth.php';    // ✅ Your authentication check
require_once '../config.php';   // ✅ DB connection
include 'includes/header.php';  // ✅ Layout header

$allowedTypes = ['jpg','jpeg','png'];
$maxSize = 1 * 1024 * 1024; // 1MB
$success = $error = "";

// ✅ CSRF token
if (empty($_SESSION['csrf'])) {
    $_SESSION['csrf'] = bin2hex(random_bytes(32));
}
function csrf_ok() {
    return isset($_POST['csrf'], $_SESSION['csrf']) && hash_equals($_SESSION['csrf'], $_POST['csrf']);
}

// ✅ Add Banner
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_banner'])) {
    if (!csrf_ok()) { die("❌ CSRF token mismatch."); }

$position = isset($_POST['position']) ? intval($_POST['position']) : 0;
    $burl = '';

if (!empty($_FILES['bfile']['name'])) {
        $targetDir = __DIR__ . "/../uploads/banners/";
        if (!is_dir($targetDir)) { mkdir($targetDir, 0755, true); }

$ext = strtolower(pathinfo($_FILES['bfile']['name'], PATHINFO_EXTENSION));

if (!in_array($ext, $allowedTypes)) {
            $error = "❌ Only JPG/PNG allowed.";
        } elseif ($_FILES['bfile']['size'] > $maxSize) {
            $error = "❌ File too large (max 1MB).";
        } elseif (!is_uploaded_file($_FILES['bfile']['tmp_name'])) {
            $error = "❌ Invalid upload.";
        } else {
            $safeName = time() . "_" . bin2hex(random_bytes(5)) . "." . $ext;
            $targetFile = $targetDir . $safeName;

if (move_uploaded_file($_FILES['bfile']['tmp_name'], $targetFile)) {
                $burl = $safeName;

$stmt = $conn->prepare("INSERT INTO bannertab (imgfile, position) VALUES (?, ?)");
                $stmt->bind_param("si", $burl, $position);
                $stmt->execute();
                $stmt->close();
                $success = "✅ Banner added.";
            } else {
                $error = "❌ File upload failed.";
            }
        }
    } else {
        $error = "⚠️ Please select a file.";
    }
}

// ✅ Update only Position (inline)
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_position'])) {
    if (!csrf_ok()) { die("❌ CSRF token mismatch."); }

$id = intval($_POST['id']);
    $position = isset($_POST['position']) ? intval($_POST['position']) : 0;

$stmt = $conn->prepare("UPDATE bannertab SET position=? WHERE id=?");
    $stmt->bind_param("ii", $position, $id);
    $stmt->execute();
    $stmt->close();
    $success = "✅ Position updated.";
}

// ✅ Delete Banner
if (isset($_GET['delete'])) {
    if (!isset($_GET['csrf']) || !hash_equals($_SESSION['csrf'], $_GET['csrf'])) {
        die("❌ CSRF token mismatch.");
    }
    $id = intval($_GET['delete']);

$stmt = $conn->prepare("SELECT imgfile FROM bannertab WHERE id=? LIMIT 1");
    $stmt->bind_param("i", $id);
    $stmt->execute();
    $stmt->bind_result($oldFile);
    $stmt->fetch();
    $stmt->close();

if ($oldFile && file_exists(__DIR__ . "/../uploads/banners/" . $oldFile)) {
        @unlink(__DIR__ . "/../uploads/banners/" . $oldFile);
    }

$stmt = $conn->prepare("DELETE FROM bannertab WHERE id=?");
    $stmt->bind_param("i", $id);
    $stmt->execute();
    $stmt->close();
    $success = "⚠️ Banner deleted.";
}
?>

<div class="container mt-4">
    <h3 class="mb-4">🖼 Manage Banners</h3>

<?php if ($success): ?><div class="alert alert-success"><?php echo $success; ?></div><?php endif; ?>
    <?php if ($error): ?><div class="alert alert-danger"><?php echo $error; ?></div><?php endif; ?>

<div class="card shadow mb-4">
        <div class="card-header bg-primary text-white">➕ Add Banner</div>
        <div class="card-body">
            <form method="POST" enctype="multipart/form-data">
                <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']); ?>">
                <div class="form-group">
                    <label>Upload Banner (JPG/PNG, max 1MB)</label>
                    <input type="file" name="bfile" class="form-control-file" required>
                </div>
                <div class="form-group">
                    <label>Display Position (0 = show first)</label>
                    <input type="number" name="position" class="form-control" min="0" value="0">
                </div>
                <button type="submit" name="add_banner" class="btn btn-success">Upload</button>
            </form>
        </div>
    </div>

<div class="table-responsive">
        <table class="table table-bordered table-hover text-center">
            <thead class="thead-dark">
                <tr>
                    <th>ID</th>
                    <th>Preview</th>
                    <th>Position</th>
                    <th>Actions</th>
                </tr>
            </thead>
            <tbody>
            <?php
            // 🔁 Order by position first, then latest
            $res = $conn->query("SELECT * FROM bannertab ORDER BY position ASC, id DESC");
            if ($res && $res->num_rows > 0):
                while ($row = $res->fetch_assoc()):
                    $id = (int)$row['id'];
                    $preview = $row['imgfile'] ? "<img src='../uploads/banners/".htmlspecialchars($row['imgfile'])."' width='150' alt='banner'>" : "—";
            ?>
                <tr>
                    <td><?php echo $id; ?></td>
                    <td><?php echo $preview; ?></td>
                    <td style="width:180px">
                        
                        <form method="POST" class="form-inline d-inline-block">
                            <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($_SESSION['csrf']); ?>">
                            <input type="hidden" name="id" value="<?php echo $id; ?>">
                            <div class="input-group">
                                <input type="number" name="position" class="form-control" min="0" value="<?php echo (int)$row['position']; ?>" style="max-width:90px">
                                <div class="input-group-append">
                                    <button type="submit" name="update_position" class="btn btn-outline-primary btn-sm">Save</button>
                                </div>
                            </div>
                        </form>
                    </td>
                    <td>
                        <a href='?delete=<?php echo $id; ?>&csrf=<?php echo htmlspecialchars($_SESSION["csrf"]); ?>'
                           class='btn btn-danger btn-sm'
                           onclick='return confirm("Delete this banner?")'>Delete</a>
                    </td>
                </tr>
            <?php
                endwhile;
                $res->free();
            else:
                echo "<tr><td colspan='4'>No Banners Found</td></tr>";
            endif;
            ?>
            </tbody>
        </table>
    </div>
</div>

<?php include 'includes/footer.php'; ?>

X7ROOT File Manager

Editing: banners.php

Upload File

Create Folder