X7ROOT File Manager
Current Path:
/home/u126090504/domains/oceanicabeachresort.com/public_html/admin
home
/
u126090504
/
domains
/
oceanicabeachresort.com
/
public_html
/
admin
/
📁
..
📁
assets
📄
banners.php
(9.78 KB)
📄
booking-dashboard.php
(4.93 KB)
📄
booking_status_update.php
(6.14 KB)
📄
booking_view.php
(4.04 KB)
📄
branding_settings.php
(5.93 KB)
📄
change_password.php
(3.01 KB)
📄
contacts.php
(3.83 KB)
📄
dashboard.php
(5.64 KB)
📁
dompdf
📄
downloads.php
(4.91 KB)
📄
forgot_password.php
(5.76 KB)
📄
gallery.php
(3.08 KB)
📁
img
📁
includes
📄
index.php
(82 B)
📁
invoices
📄
login.php
(13.47 KB)
📄
logo.png
(19.29 KB)
📄
logout.php
(102 B)
📄
manage_albums.php
(10.82 KB)
📄
manage_media.php
(11.77 KB)
📄
manage_photos.php
(6.35 KB)
📄
manage_videos.php
(18.38 KB)
📄
new_password.php
(3.9 KB)
📄
notice.php
(15.52 KB)
📄
notice_error.log
(38.45 KB)
📄
notices.php
(8.24 KB)
📄
payments.php
(14.96 KB)
📄
pdf_bill_template.php
(30.69 KB)
📁
phpmailer
📄
popup.php
(14.07 KB)
📄
reset_password.php
(2.27 KB)
📄
secure_session.php
(1000 B)
📄
settings.php
(8.34 KB)
📄
test.php
(239 B)
📄
test_pdf.php
(1.58 KB)
📄
testimonials.php
(15.15 KB)
📁
tmp
📄
update_status.php
(1.66 KB)
📄
upi_settings.php
(1.52 KB)
Editing: notice.php
<?php /******************************* * Admin > Notices (CRUD + File Upload + NEW badge) *******************************/ ob_start(); // safety buffer: avoid "headers already sent" include 'secure_session.php'; include 'includes/auth.php'; require_once '../config.php'; /* ------------------------------------------------- Polyfills / helpers --------------------------------------------------*/ if (!function_exists('str_starts_with')) { function str_starts_with($haystack, $needle) { return $needle !== '' && strpos($haystack, $needle) === 0; } } /** * Safely unlink a path only if it's inside /uploads/notices/ */ function safe_unlink_notice_path(?string $publicPath): void { if (!$publicPath) return; $base = realpath(__DIR__ . '/..'); if (!$base) return; $abs = $base . $publicPath; $real = @realpath($abs); if ($real === false) $real = $abs; $allowedRoot = $base . '/uploads/notices/'; if (str_starts_with($real, $allowedRoot) && file_exists($real)) { @unlink($real); } } /* ------------------------------------------------- Auto-migrate table/column (compatible MySQL) --------------------------------------------------*/ $conn->query("CREATE TABLE IF NOT EXISTS notices ( id INT AUTO_INCREMENT PRIMARY KEY, title VARCHAR(255) NOT NULL, url VARCHAR(500) DEFAULT NULL, file_path VARCHAR(500) DEFAULT NULL, starts_on DATE NULL, ends_on DATE NULL, is_active TINYINT(1) NOT NULL DEFAULT 1, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); $needFilePath = true; $res = $conn->query("SHOW COLUMNS FROM notices LIKE 'file_path'"); if ($res && $res->num_rows > 0) { $needFilePath = false; } if ($needFilePath) { $conn->query("ALTER TABLE notices ADD COLUMN file_path VARCHAR(500) NULL AFTER url"); } /* ------------------------------------------------- CSRF --------------------------------------------------*/ if (empty($_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(random_bytes(16)); } $CSRF = $_SESSION['csrf']; function check_csrf(){ if (($_POST['csrf'] ?? '') !== ($_SESSION['csrf'] ?? '')) { http_response_code(400); die('Invalid CSRF token.'); } } /* ------------------------------------------------- Upload helper --------------------------------------------------*/ function handle_notice_upload(string $field, ?string $oldPath=null): ?string { if (empty($_FILES[$field]) || $_FILES[$field]['error'] === UPLOAD_ERR_NO_FILE) return null; $f = $_FILES[$field]; if ($f['error'] !== UPLOAD_ERR_OK) return null; $allowed = ['pdf','doc','docx','jpg','jpeg','png']; $max = 10 * 1024 * 1024; // 10 MB if ($f['size'] > $max) return null; $ext = strtolower(pathinfo($f['name'], PATHINFO_EXTENSION)); if (!in_array($ext, $allowed, true)) return null; $base = realpath(__DIR__ . '/..'); $dir = $base . '/uploads/notices'; if (!is_dir($dir)) @mkdir($dir, 0775, true); $safe = preg_replace('/[^a-zA-Z0-9._-]/', '_', pathinfo($f['name'], PATHINFO_FILENAME)); $name = $safe . '_' . bin2hex(random_bytes(4)) . '.' . $ext; $abs = $dir . '/' . $name; $public = '/uploads/notices/' . $name; if (move_uploaded_file($f['tmp_name'], $abs)) { if ($oldPath && str_starts_with($oldPath, '/uploads/notices/')) { safe_unlink_notice_path($oldPath); } return $public; } return null; } /* ------------------------------------------------- Actions (MUST run before any output) --------------------------------------------------*/ $action = $_POST['action'] ?? $_GET['action'] ?? ''; if ($action === 'create') { check_csrf(); $title = trim($_POST['title'] ?? ''); $url = trim($_POST['url'] ?? ''); $starts_on = $_POST['starts_on'] ?: NULL; $ends_on = $_POST['ends_on'] ?: NULL; $is_active = isset($_POST['is_active']) ? 1 : 0; // file_path: keep '' (not NULL) to satisfy NOT NULL schemas $file_path = handle_notice_upload('notice_file', null) ?? ''; if ($title !== '') { $stmt = $conn->prepare("INSERT INTO notices (title, url, file_path, starts_on, ends_on, is_active) VALUES (?,?,?,?,?,?)"); $stmt->bind_param('sssssi', $title, $url, $file_path, $starts_on, $ends_on, $is_active); $stmt->execute(); $stmt->close(); } header('Location: notice.php?msg=created'); exit; } if ($action === 'update') { check_csrf(); $id = (int)($_POST['id'] ?? 0); $title = trim($_POST['title'] ?? ''); $url = trim($_POST['url'] ?? ''); $starts_on = $_POST['starts_on'] ?: NULL; $ends_on = $_POST['ends_on'] ?: NULL; $is_active = isset($_POST['is_active']) ? 1 : 0; $remove = isset($_POST['remove_file']); if ($id > 0 && $title !== '') { $cur = $conn->query("SELECT file_path FROM notices WHERE id = {$id}")->fetch_assoc(); $old = $cur['file_path'] ?? null; if ($remove && $old) { safe_unlink_notice_path($old); $old = null; } $new = handle_notice_upload('notice_file', ($remove ? null : $old)); // never send NULL to DB if your column is NOT NULL $save = ($new !== null) ? $new : ($remove ? '' : ($old ?? '')); $stmt = $conn->prepare("UPDATE notices SET title=?, url=?, file_path=?, starts_on=?, ends_on=?, is_active=? WHERE id=?"); $stmt->bind_param('sssssii', $title, $url, $save, $starts_on, $ends_on, $is_active, $id); $stmt->execute(); $stmt->close(); } header('Location: notice.php?msg=updated'); exit; } if ($action === 'toggle' && isset($_GET['id'])) { $id = (int)$_GET['id']; $conn->query("UPDATE notices SET is_active = 1 - is_active WHERE id = {$id}"); header('Location: notice.php?msg=toggled'); exit; } if ($action === 'delete' && isset($_GET['id'])) { $id = (int)$_GET['id']; $cur = $conn->query("SELECT file_path FROM notices WHERE id = {$id}")->fetch_assoc(); if (!empty($cur['file_path'])) { safe_unlink_notice_path($cur['file_path']); } $conn->query("DELETE FROM notices WHERE id = {$id}"); header('Location: notice.php?msg=deleted'); exit; } /* ------------------------------------------------- Fetch after actions --------------------------------------------------*/ $rows = []; if ($res = $conn->query("SELECT * FROM notices ORDER BY created_at DESC")) { while ($r = $res->fetch_assoc()) $rows[] = $r; } /* ------------------------------------------------- Now it's safe to output HTML --------------------------------------------------*/ include 'includes/header.php'; // <- after actions (no redirect now) ?> <div class="container my-4"> <div class="d-flex align-items-center justify-content-between mb-3"> <h3 class="page-title mb-0"><i class="fas fa-bullhorn mr-2"></i>Manage Notices</h3> <a href="dashboard.php" class="btn btn-light"><i class="fas fa-arrow-left mr-1"></i> Back to Dashboard</a> </div> <?php if(isset($_GET['msg'])): ?> <div class="alert alert-success py-2"><?php echo htmlspecialchars($_GET['msg']); ?></div> <?php endif; ?> <style> .page-title{color:red;font-weight:800;letter-spacing:.3px} .card-soft{border:none;border-radius:14px;background:#eef1ff;box-shadow:0 6px 18px rgba(0,0,0,.08)} .table td,.table th{vertical-align:middle} .badge.on{background:#064e3b;color:#34d399;} .badge.off{background:#4b1b1b;color:#fca5a5;} .blink-new{background:#ea0000;color:#fff;border-radius:6px;padding:2px 6px;font-size:11px;font-weight:700;animation:newBlink 1s steps(2,start) infinite;margin-left:8px} @keyframes newBlink{50%{opacity:.15}} </style> <!-- Create --> <div class="card card-soft mb-4"> <div class="card-body"> <h5 class="mb-3"><i class="fas fa-plus mr-2"></i>Add Notice</h5> <form method="post" class="row" enctype="multipart/form-data"> <input type="hidden" name="action" value="create"> <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($CSRF); ?>"> <div class="form-group col-md-6"> <label>Title <span class="text-danger">*</span></label> <input class="form-control" name="title" required placeholder="e.g., Admission open for 2025-26"> </div> <div class="form-group col-md-6"> <label>Optional URL</label> <input class="form-control" name="url" type="url" placeholder="https://example.com/details"> </div> <div class="form-group col-md-6"> <label>Attach File (PDF/Doc/Image)</label> <input class="form-control" type="file" name="notice_file" accept=".pdf,.doc,.docx,.jpg,.jpeg,.png"> <small class="text-muted">Max 10 MB. If both URL & file are given, file link is used.</small> </div> <div class="form-group col-md-3"> <label>Starts On</label> <input class="form-control" name="starts_on" type="date"> </div> <div class="form-group col-md-3"> <label>Ends On</label> <input class="form-control" name="ends_on" type="date"> </div> <div class="form-group col-md-3 d-flex align-items-center"> <div class="custom-control custom-checkbox mt-4"> <input type="checkbox" class="custom-control-input" id="createActive" name="is_active" checked> <label class="custom-control-label" for="createActive">Active</label> </div> </div> <div class="form-group col-md-12"> <button class="btn btn-primary" style="background:red;border-color:red;">Save Notice</button> </div> </form> </div> </div> <!-- List --> <div class="card card-soft"> <div class="card-body"> <h5 class="mb-3"><i class="fas fa-list mr-2"></i>All Notices</h5> <div class="table-responsive"> <table class="table table-sm"> <thead class="thead-light"> <tr> <th style="width:60px">ID</th> <th>Title</th> <th style="width:120px">Starts</th> <th style="width:120px">Ends</th> <th style="width:100px">Status</th> <th style="width:220px">Actions</th> </tr> </thead> <tbody> <?php if (empty($rows)): ?> <tr><td colspan="6" class="text-muted">No notices yet.</td></tr> <?php else: foreach ($rows as $r): ?> <?php $publish = !empty($r['starts_on']) ? $r['starts_on'] : ($r['created_at'] ?? null); $is_new = $publish ? (strtotime($publish) >= strtotime('-15 days')) : false; $id = (int)$r['id']; $title = htmlspecialchars($r['title'], ENT_QUOTES, 'UTF-8'); $starts = htmlspecialchars($r['starts_on'] ?? ''); $ends = htmlspecialchars($r['ends_on'] ?? ''); $isActive = !empty($r['is_active']); $link = !empty($r['file_path']) ? $r['file_path'] : ($r['url'] ?? ''); ?> <tr> <td><?php echo $id; ?></td> <td> <div class="font-weight-bold"> <?php echo $title; ?> <?php if ($is_new): ?><span class="blink-new">NEW</span><?php endif; ?> </div> <?php if ($link): ?> <div> <a target="_blank" href="<?php echo htmlspecialchars($link, ENT_QUOTES, 'UTF-8'); ?>"> <?php echo !empty($r['file_path']) ? 'Download file' : 'Open link'; ?> </a> </div> <?php endif; ?> </td> <td><?php echo $starts; ?></td> <td><?php echo $ends; ?></td> <td><?php echo $isActive ? '<span class="badge on">Active</span>' : '<span class="badge off">Inactive</span>'; ?></td> <td> <button class="btn btn-sm btn-outline-secondary mr-1" onclick='editNotice(<?php echo $id; ?>, <?php echo json_encode($r, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP); ?>)'> <i class="fas fa-edit"></i> Edit </button> <a class="btn btn-sm btn-outline-primary mr-1" href="?action=toggle&id=<?php echo $id; ?>"> <i class="fas fa-toggle-on"></i> Toggle </a> <a class="btn btn-sm btn-outline-danger" onclick="return confirm("Delete this notice?");" href="?action=delete&id=<?php echo $id; ?>"> <i class="fas fa-trash"></i> Delete </a> </td> </tr> <?php endforeach; endif; ?> </tbody> </table> </div> </div> </div> </div> <!-- Edit Modal --> <div class="modal fade" id="editModal" tabindex="-1" role="dialog" aria-labelledby="editTitle" aria-hidden="true"> <div class="modal-dialog modal-dialog-centered" role="document"> <form class="modal-content" method="post" enctype="multipart/form-data"> <input type="hidden" name="action" value="update"> <input type="hidden" name="id" id="edit_id"> <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($CSRF); ?>"> <div class="modal-header"> <h5 class="modal-title" id="editTitle"><i class="fas fa-edit mr-1"></i> Edit Notice</h5> <button type="button" class="close" data-dismiss="modal"><span>×</span></button> </div> <div class="modal-body"> <div class="form-group"> <label>Title *</label> <input class="form-control" name="title" id="edit_title" required> </div> <div class="form-group"> <label>URL</label> <input class="form-control" name="url" id="edit_url" type="url"> </div> <div class="form-row"> <div class="form-group col-6"> <label>Starts On</label> <input class="form-control" name="starts_on" id="edit_starts" type="date"> </div> <div class="form-group col-6"> <label>Ends On</label> <input class="form-control" name="ends_on" id="edit_ends" type="date"> </div> </div> <div class="form-group"> <label>Replace File</label> <input class="form-control" type="file" name="notice_file" accept=".pdf,.doc,.docx,.jpg,.jpeg,.png"> <div class="custom-control custom-checkbox mt-2"> <input type="checkbox" class="custom-control-input" id="remove_file" name="remove_file"> <label class="custom-control-label" for="remove_file">Remove existing file</label> </div> </div> <div class="custom-control custom-checkbox"> <input type="checkbox" class="custom-control-input" id="edit_active" name="is_active"> <label class="custom-control-label" for="edit_active">Active</label> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" style="background:red;border-color:red;">Save Changes</button> </div> </form> </div> </div> <script> function editNotice(id, data){ document.getElementById('edit_id').value = id; document.getElementById('edit_title').value = data.title || ''; document.getElementById('edit_url').value = data.url || ''; document.getElementById('edit_starts').value = data.starts_on || ''; document.getElementById('edit_ends').value = data.ends_on || ''; document.getElementById('edit_active').checked = (parseInt(data.is_active, 10) === 1); $('#editModal').modal('show'); } </script> <?php include 'includes/footer.php'; ob_end_flush();
Upload File
Create Folder
