X7ROOT File Manager
Current Path:
/home/u126090504/domains/oceanicabeachresort.com/public_html/admin
home
/
u126090504
/
domains
/
oceanicabeachresort.com
/
public_html
/
admin
/
📁
..
📁
assets
📄
banners.php
(9.78 KB)
📄
booking-dashboard.php
(4.93 KB)
📄
booking_status_update.php
(6.14 KB)
📄
booking_view.php
(4.04 KB)
📄
branding_settings.php
(5.93 KB)
📄
change_password.php
(3.01 KB)
📄
contacts.php
(3.83 KB)
📄
dashboard.php
(5.64 KB)
📁
dompdf
📄
downloads.php
(4.91 KB)
📄
forgot_password.php
(5.76 KB)
📄
gallery.php
(3.08 KB)
📁
img
📁
includes
📄
index.php
(82 B)
📁
invoices
📄
login.php
(13.47 KB)
📄
logo.png
(19.29 KB)
📄
logout.php
(102 B)
📄
manage_albums.php
(10.82 KB)
📄
manage_media.php
(11.77 KB)
📄
manage_photos.php
(6.35 KB)
📄
manage_videos.php
(18.38 KB)
📄
new_password.php
(3.9 KB)
📄
notice.php
(15.52 KB)
📄
notice_error.log
(38.45 KB)
📄
notices.php
(8.24 KB)
📄
payments.php
(14.96 KB)
📄
pdf_bill_template.php
(30.69 KB)
📁
phpmailer
📄
popup.php
(14.07 KB)
📄
reset_password.php
(2.27 KB)
📄
secure_session.php
(1000 B)
📄
settings.php
(8.34 KB)
📄
test.php
(239 B)
📄
test_pdf.php
(1.58 KB)
📄
testimonials.php
(15.15 KB)
📁
tmp
📄
update_status.php
(1.66 KB)
📄
upi_settings.php
(1.52 KB)
Editing: notices.php
<?php include 'secure_session.php'; // 🔐 Always first (session security) include 'includes/auth.php'; // ✅ Your authentication check require_once '../config.php'; // ✅ DB connection include 'includes/header.php'; // ✅ Layout header $allowedTypes = ['pdf','jpg','jpeg','png']; $maxSize = 5 * 1024 * 1024; // 5MB $success = $error = ""; // ✅ CSRF Token if (empty($_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(random_bytes(32)); } // ✅ Add Notice if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_notice'])) { $date = trim($_POST['date']); $ntext = trim($_POST['ntext']); $nurl = ''; $nurl1 = ''; // File Upload if (!empty($_FILES['nfile']['name'])) { $targetDir = __DIR__ . "/../uploads/notices/"; if (!is_dir($targetDir)) mkdir($targetDir, 0755, true); $ext = strtolower(pathinfo($_FILES['nfile']['name'], PATHINFO_EXTENSION)); if (!in_array($ext, $allowedTypes)) { $error = "❌ Only JPG, PNG, or PDF allowed."; } elseif ($_FILES['nfile']['size'] > $maxSize) { $error = "❌ File too large (max 5MB)."; } else { $safeName = time() . "_" . bin2hex(random_bytes(5)) . "." . $ext; if (move_uploaded_file($_FILES['nfile']['tmp_name'], $targetDir.$safeName)) { $nurl = $safeName; } } } // External Link if (!empty($_POST['nurl1'])) { $nurl1 = trim($_POST['nurl1']); if (!preg_match("~^(?:f|ht)tps?://~i", $nurl1)) { $nurl1 = "https://" . $nurl1; } } if (!$error) { $stmt = $conn->prepare("INSERT INTO nboard (date,ntext,nurl,nurl1) VALUES (?,?,?,?)"); $stmt->bind_param("ssss", $date, $ntext, $nurl, $nurl1); $stmt->execute(); $success = "✅ Notice added successfully."; } } // ✅ Edit Notice if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['edit_notice'])) { $id = intval($_POST['id']); $date = trim($_POST['date']); $ntext = trim($_POST['ntext']); $nurl1 = trim($_POST['nurl1']); $newFile = ""; // File Upload (optional) if (!empty($_FILES['nfile']['name'])) { $targetDir = __DIR__ . "/../uploads/notices/"; $ext = strtolower(pathinfo($_FILES['nfile']['name'], PATHINFO_EXTENSION)); if (in_array($ext, $allowedTypes) && $_FILES['nfile']['size'] <= $maxSize) { $safeName = time() . "_" . bin2hex(random_bytes(5)) . "." . $ext; if (move_uploaded_file($_FILES['nfile']['tmp_name'], $targetDir.$safeName)) { $newFile = $safeName; } } } // Update query if ($newFile) { $stmt = $conn->prepare("UPDATE nboard SET date=?, ntext=?, nurl=?, nurl1=? WHERE id=?"); $stmt->bind_param("ssssi", $date, $ntext, $newFile, $nurl1, $id); } else { $stmt = $conn->prepare("UPDATE nboard SET date=?, ntext=?, nurl1=? WHERE id=?"); $stmt->bind_param("sssi", $date, $ntext, $nurl1, $id); } if ($stmt->execute()) { $success = "✏️ Notice updated successfully."; } else { $error = "❌ Failed to update notice."; } } // ✅ Delete Notice if (isset($_GET['delete'])) { $id = intval($_GET['delete']); $stmt = $conn->prepare("SELECT nurl FROM nboard WHERE id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->bind_result($oldFile); $stmt->fetch(); $stmt->close(); if ($oldFile && file_exists(__DIR__."/../uploads/notices/".$oldFile)) { unlink(__DIR__."/../uploads/notices/".$oldFile); } $stmt = $conn->prepare("DELETE FROM nboard WHERE id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $success = "⚠️ Notice deleted."; } ?> <div class="container mt-4"> <h3 class="mb-4">📢 Manage Notices</h3> <?php if ($success): ?><div class="alert alert-success"><?php echo $success; ?></div><?php endif; ?> <?php if ($error): ?><div class="alert alert-danger"><?php echo $error; ?></div><?php endif; ?> <!-- Add Notice Form --> <div class="card mb-4"> <div class="card-header">➕ Add Notice</div> <div class="card-body"> <form method="POST" enctype="multipart/form-data"> <div class="form-group"><label>Date</label><input type="date" name="date" class="form-control" required></div> <div class="form-group"><label>Text</label><input type="text" name="ntext" class="form-control" required></div> <div class="form-group"><label>File (optional)</label><input type="file" name="nfile" class="form-control"></div> <div class="form-group"><label>External Link (optional)</label><input type="url" name="nurl1" class="form-control"></div> <button type="submit" name="add_notice" class="btn btn-primary">Add Notice</button> </form> </div> </div> <!-- Notices Table --> <div class="table-responsive"> <table class="table table-bordered table-hover text-center"> <thead class="thead-dark"><tr> <th>ID</th><th>Date</th><th>Text</th><th>File</th><th>External Link</th><th>Action</th> </tr></thead> <tbody> <?php $res = $conn->query("SELECT * FROM nboard ORDER BY id DESC"); if ($res->num_rows > 0) { while ($row = $res->fetch_assoc()) { $file = $row['nurl'] ? "<a href='../uploads/notices/".htmlspecialchars($row['nurl'])."' target='_blank'>View</a>" : "—"; $extlink = $row['nurl1'] ? "<a href='".htmlspecialchars($row['nurl1'])."' target='_blank'>Open Link</a>" : "—"; echo "<tr> <td>".(int)$row['id']."</td> <td>".htmlspecialchars($row['date'])."</td> <td>".htmlspecialchars($row['ntext'])."</td> <td>$file</td> <td>$extlink</td> <td> <a href='?edit=".$row['id']."' class='btn btn-warning btn-sm'>Edit</a> <a href='?delete=".$row['id']."' class='btn btn-danger btn-sm' onclick='return confirm(\"Delete this notice?\")'>Delete</a> </td> </tr>"; } } else { echo "<tr><td colspan='6'>No Records Found</td></tr>"; } ?> </tbody> </table> </div> <!-- Edit Form --> <?php if (isset($_GET['edit'])) { $id = intval($_GET['edit']); $stmt = $conn->prepare("SELECT * FROM nboard WHERE id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $res = $stmt->get_result(); if ($row = $res->fetch_assoc()) { ?> <div class="card mt-4"> <div class="card-header">✏️ Edit Notice</div> <div class="card-body"> <form method="POST" enctype="multipart/form-data"> <input type="hidden" name="id" value="<?php echo $row['id']; ?>"> <div class="form-group"><label>Date</label><input type="date" name="date" class="form-control" value="<?php echo htmlspecialchars($row['date']); ?>" required></div> <div class="form-group"><label>Text</label><input type="text" name="ntext" class="form-control" value="<?php echo htmlspecialchars($row['ntext']); ?>" required></div> <div class="form-group"><label>Replace File (optional)</label><input type="file" name="nfile" class="form-control"></div> <div class="form-group"><label>External Link</label><input type="url" name="nurl1" class="form-control" value="<?php echo htmlspecialchars($row['nurl1']); ?>"></div> <button type="submit" name="edit_notice" class="btn btn-success">Update Notice</button> <a href="notices.php" class="btn btn-secondary">Cancel</a> </form> </div> </div> <?php } } ?> </div> <?php include 'includes/footer.php'; ?>
Upload File
Create Folder
