ikan Uploader :
Directory : /home/ni05r7l36tus/www/sabksolutions.com/admin/
Upload File : |
| Current File : /home/ni05r7l36tus/www/sabksolutions.com/admin/function.php |
<?php
include "connection/config.php";
//login //
if (isset($_REQUEST['login'])) {
session_start();
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
try {
// Prepare and execute query securely
$stmt = $pdo->prepare("SELECT * FROM `login` WHERE `username` = ?");
$stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
// Login success
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
header("Location: index.php");
exit();
} else {
// Invalid credentials
header("Location: login.php?error=1");
exit();
}
} catch (PDOException $e) {
echo "Login Error: " . $e->getMessage();
}
}
// ----------- Add Blog ------------
if (isset($_REQUEST['add_blog'])) {
$author = htmlentities($_POST['author'] ?? '');
$type1 = htmlentities($_POST['type1'] ?? '');
$type2 = htmlentities($_POST['type2'] ?? '');
$title = htmlentities($_POST['title'] ?? '');
$category = htmlentities($_POST['category'] ?? '');
$pagetitle = htmlentities($_POST['pagetitle'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$addate = htmlentities($_POST['addate'] ?? '');
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
// Handle file upload (DOCX)
$file = $_POST['hidden_file'] ?? '';
if (!empty($_FILES['docFile']['name'])) {
$file_extn = strtolower(pathinfo($_FILES['docFile']['name'], PATHINFO_EXTENSION));
if ($file_extn === 'docx') {
$file = rand(100, 999) . time() . '.' . $file_extn;
if (move_uploaded_file($_FILES['docFile']['tmp_name'], "upload/" . $file)) {
if (!empty($_POST['hidden_file']) && file_exists("upload/" . $_POST['hidden_file'])) {
unlink("upload/" . $_POST['hidden_file']);
}
} else {
exit("ERROR: File upload failed.");
}
} else {
exit("ERROR: Only .docx files are allowed.");
}
}
// Handle image upload
$image_name = '';
if (!empty($_FILES['blogimage']['name'])) {
$image_extn = pathinfo($_FILES['blogimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $image_extn;
if (!move_uploaded_file($_FILES['blogimage']['tmp_name'], "upload/" . $image_name)) {
exit("ERROR: Image not uploaded.");
}
}
// Insert query
$stmt = $pdo->prepare("INSERT INTO blog (author, type1, type2, title, cat_id, pagetitle, description, image, date, slug, keyword, metadescription, file)
VALUES (:author, :type1, :type2, :title, :cat_id, :pagetitle, :description, :image, :date, :slug, :keyword, :metadescription, :file)");
$success = $stmt->execute([
':author' => $author,
':type1' => $type1,
':type2' => $type2,
':title' => $title,
':cat_id' => $category,
':pagetitle' => $pagetitle,
':description' => $description,
':image' => $image_name,
':date' => $addate,
':slug' => $slug,
':keyword' => $keyword,
':metadescription' => $seodescription,
':file' => $file,
]);
header("Location: " . ($success ? "blog.php" : "add_blog.php"));
exit();
}
// ----------- Update Blog ------------
if (isset($_REQUEST['update_blog'])) {
$id = intval($_POST['id']);
$author = htmlentities($_POST['author'] ?? '');
$type1 = htmlentities($_POST['type1'] ?? '');
$type2 = htmlentities($_POST['type2'] ?? '');
$title = htmlentities($_POST['title'] ?? '');
$category = htmlentities($_POST['category'] ?? '');
$pagetitle = htmlentities($_POST['pagetitle'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$addate = htmlentities($_POST['addate'] ?? '');
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
// File update
$file = $_POST['hidden_file'] ?? '';
if (!empty($_FILES['docFile']['name'])) {
$file_extn = strtolower(pathinfo($_FILES['docFile']['name'], PATHINFO_EXTENSION));
if ($file_extn === 'docx') {
$file = rand(100, 999) . time() . '.' . $file_extn;
if (move_uploaded_file($_FILES['docFile']['tmp_name'], "upload/" . $file)) {
if (!empty($_POST['hidden_file']) && file_exists("upload/" . $_POST['hidden_file'])) {
unlink("upload/" . $_POST['hidden_file']);
}
} else {
exit("ERROR: File upload failed.");
}
} else {
exit("ERROR: Only .docx files are allowed.");
}
}
// Image update
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['image']['name'])) {
$image_extn = pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $image_extn;
if (!move_uploaded_file($_FILES['image']['tmp_name'], "upload/" . $image_name)) {
exit("ERROR: Image upload failed.");
}
}
// Update query
$stmt = $pdo->prepare("UPDATE blog SET
author = :author,
type1 = :type1,
type2 = :type2,
title = :title,
cat_id = :cat_id,
pagetitle = :pagetitle,
description = :description,
file = :file,
image = :image,
date = :date,
slug = :slug,
keyword = :keyword,
metadescription = :metadescription
WHERE id = :id");
$success = $stmt->execute([
':author' => $author,
':type1' => $type1,
':type2' => $type2,
':title' => $title,
':cat_id' => $category,
':pagetitle' => $pagetitle,
':description' => $description,
':file' => $file,
':image' => $image_name,
':date' => $addate,
':slug' => $slug,
':keyword' => $keyword,
':metadescription' => $seodescription,
':id' => $id,
]);
if ($success) {
header("Location: blog.php");
} else {
echo "Blog not updated.";
}
exit();
}
// ----------- Delete Blog ------------
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_blog') {
$id = intval($_GET['id']);
// Fetch file to delete
$stmt = $pdo->prepare("SELECT image FROM blog WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && !empty($row['image']) && file_exists("upload/" . $row['image'])) {
unlink("upload/" . $row['image']);
}
// Delete blog
$del_stmt = $pdo->prepare("DELETE FROM blog WHERE id = :id");
$del_stmt->execute([':id' => $id]);
header("Location: blog.php");
exit();
}
$upload_dir = "upload/";
// ----------- Add Home Gallery ------------
if (isset($_REQUEST['add_homegallery'])) {
$title = trim(htmlentities($_POST['title'] ?? ''));
$image_name = '';
if (!empty($_FILES['homegalleryimage']['name'])) {
$image_extn = strtolower(pathinfo($_FILES['homegalleryimage']['name'], PATHINFO_EXTENSION));
$allowed = ['jpg', 'jpeg', 'png', 'webp'];
if (!in_array($image_extn, $allowed)) {
exit("ERROR: Only JPG, PNG, WEBP files allowed.");
}
$image_name = rand(10, 100) . time() . '.' . $image_extn;
if (!move_uploaded_file($_FILES['homegalleryimage']['tmp_name'], $upload_dir . $image_name)) {
exit("ERROR: Image upload failed.");
}
}
$stmt = $pdo->prepare("INSERT INTO homepage_gallery (name, image) VALUES (:title, :image)");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name
]);
header("Location: " . ($success ? "homegallery.php" : "add_homegallery.php"));
exit();
}
// ----------- Update Home Gallery ------------
if (isset($_REQUEST['update_homegallery'])) {
$id = intval($_POST['id']);
$title = trim(htmlentities($_POST['title'] ?? ''));
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['homegalleryimage']['name'])) {
$image_extn = strtolower(pathinfo($_FILES['homegalleryimage']['name'], PATHINFO_EXTENSION));
$allowed = ['jpg', 'jpeg', 'png', 'webp'];
if (!in_array($image_extn, $allowed)) {
exit("ERROR: Only JPG, PNG, WEBP files allowed.");
}
$new_image_name = rand(10, 100) . time() . '.' . $image_extn;
if (move_uploaded_file($_FILES['homegalleryimage']['tmp_name'], $upload_dir . $new_image_name)) {
// Delete old image
if (!empty($image_name) && file_exists($upload_dir . $image_name)) {
unlink($upload_dir . $image_name);
}
$image_name = $new_image_name;
} else {
exit("ERROR: Image upload failed.");
}
}
$stmt = $pdo->prepare("UPDATE homepage_gallery SET name = :title, image = :image WHERE id = :id");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name,
':id' => $id
]);
header("Location: " . ($success ? "homegallery.php" : "edit_homegallery.php?id=" . $id));
exit();
}
// ----------- Delete Home Gallery ------------
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_homegallery') {
$id = intval($_GET['id']);
// Get image file name to delete
$stmt = $pdo->prepare("SELECT image FROM homepage_gallery WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && !empty($row['image']) && file_exists($upload_dir . $row['image'])) {
unlink($upload_dir . $row['image']);
}
// Delete DB record
$del_stmt = $pdo->prepare("DELETE FROM homepage_gallery WHERE id = :id");
$del_stmt->execute([':id' => $id]);
header("Location: homegallery.php");
exit();
}
// ----------- Add Highlight Image ------------
if (isset($_REQUEST['add_highlightimage'])) {
$title = trim(htmlentities($_POST['title'] ?? ''));
$image_name = '';
if (!empty($_FILES['highlightimageimage']['name'])) {
$image_extn = strtolower(pathinfo($_FILES['highlightimageimage']['name'], PATHINFO_EXTENSION));
$allowed_ext = ['jpg', 'jpeg', 'png', 'webp'];
if (!in_array($image_extn, $allowed_ext)) {
exit("ERROR: Only JPG, PNG, WEBP files allowed.");
}
$image_name = rand(10, 100) . time() . '.' . $image_extn;
if (!move_uploaded_file($_FILES['highlightimageimage']['tmp_name'], $upload_dir . $image_name)) {
exit("ERROR: Image upload failed.");
}
}
$stmt = $pdo->prepare("INSERT INTO highlight_images (name, image) VALUES (:title, :image)");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name
]);
header("Location: " . ($success ? "highlightimage.php" : "add_highlightimage.php"));
exit();
}
// ----------- Update Highlight Image ------------
if (isset($_REQUEST['update_highlightimage'])) {
$id = intval($_POST['id']);
$title = trim(htmlentities($_POST['title'] ?? ''));
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['highlightimageimage']['name'])) {
$image_extn = strtolower(pathinfo($_FILES['highlightimageimage']['name'], PATHINFO_EXTENSION));
$allowed_ext = ['jpg', 'jpeg', 'png', 'webp'];
if (!in_array($image_extn, $allowed_ext)) {
exit("ERROR: Only JPG, PNG, WEBP files allowed.");
}
$new_image_name = rand(10, 100) . time() . '.' . $image_extn;
if (move_uploaded_file($_FILES['highlightimageimage']['tmp_name'], $upload_dir . $new_image_name)) {
// Delete old image if exists
if (!empty($image_name) && file_exists($upload_dir . $image_name)) {
unlink($upload_dir . $image_name);
}
$image_name = $new_image_name;
} else {
exit("ERROR: Image upload failed.");
}
}
$stmt = $pdo->prepare("UPDATE highlight_images SET name = :title, image = :image WHERE id = :id");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name,
':id' => $id
]);
header("Location: " . ($success ? "highlightimage.php" : "edit_highlightimage.php?id=" . $id));
exit();
}
// ----------- Delete Highlight Image ------------
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_highlightimage') {
$id = intval($_GET['id']);
// Fetch image to delete
$stmt = $pdo->prepare("SELECT image FROM highlight_images WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && !empty($row['image']) && file_exists($upload_dir . $row['image'])) {
unlink($upload_dir . $row['image']);
}
// Delete from database
$del_stmt = $pdo->prepare("DELETE FROM highlight_images WHERE id = :id");
$del_stmt->execute([':id' => $id]);
header("Location: highlightimage.php");
exit();
}
// -------- Add Service --------
if (isset($_REQUEST['add_service'])) {
$title = htmlentities($_POST['title'] ?? '');
$pagetitle = htmlentities($_POST['pagetitle'] ?? '');
$icon = htmlentities($_POST['icon'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$shortdescription = htmlentities(strip_tags($_POST['shortdescription'] ?? ''));
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
// Handle image
$image_name = '';
if (!empty($_FILES['serviceimage']['name'])) {
$image_ext = strtolower(pathinfo($_FILES['serviceimage']['name'], PATHINFO_EXTENSION));
$image_name = rand(10, 100) . time() . '.' . $image_ext;
if (!move_uploaded_file($_FILES['serviceimage']['tmp_name'], $uploadDir . $image_name)) {
exit("ERROR: File not uploaded.");
}
} else {
exit("No primary image uploaded.");
}
$stmt = $pdo->prepare("INSERT INTO service
(title, icon, description, image, short_description, page_title, slug, keyword, metadescription)
VALUES (:title, :icon, :description, :image, :shortdesc, :pagetitle, :slug, :keyword, :metadesc)");
$success = $stmt->execute([
':title' => $title,
':icon' => $icon,
':description' => $description,
':image' => $image_name,
':shortdesc' => $shortdescription,
':pagetitle' => $pagetitle,
':slug' => $slug,
':keyword' => $keyword,
':metadesc' => $seodescription
]);
header("Location: " . ($success ? "service.php" : "add_service.php"));
exit();
}
// -------- Update Service --------
if (isset($_REQUEST['update_service'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$pagetitle = htmlentities($_POST['pagetitle'] ?? '');
$icon = htmlentities($_POST['icon'] ?? '');
$description = htmlentities($_POST['description'] ?? '');
$shortdesc = htmlentities(strip_tags($_POST['shortdescription'] ?? ''));
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$metadescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
// Handle image
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['serviceimage']['name'])) {
$image_ext = strtolower(pathinfo($_FILES['serviceimage']['name'], PATHINFO_EXTENSION));
$new_image_name = rand(10, 100) . time() . '.' . $image_ext;
if (move_uploaded_file($_FILES['serviceimage']['tmp_name'], $uploadDir . $new_image_name)) {
// Delete old image if exists
if (!empty($image_name) && file_exists($uploadDir . $image_name)) {
unlink($uploadDir . $image_name);
}
$image_name = $new_image_name;
} else {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("UPDATE service SET
title = :title,
page_title = :pagetitle,
short_description = :shortdesc,
icon = :icon,
description = :description,
image = :image,
slug = :slug,
keyword = :keyword,
metadescription = :metadesc
WHERE id = :id");
$success = $stmt->execute([
':title' => $title,
':pagetitle' => $pagetitle,
':shortdesc' => $shortdesc,
':icon' => $icon,
':description' => $description,
':image' => $image_name,
':slug' => $slug,
':keyword' => $keyword,
':metadesc' => $metadescription,
':id' => $id
]);
header("Location: " . ($success ? "service.php" : "add_service.php"));
exit();
}
// -------- Delete Service --------
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_service') {
$id = intval($_GET['id']);
// Fetch and delete image
$stmt = $pdo->prepare("SELECT image FROM service WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists($uploadDir . $row['image'])) {
unlink($uploadDir . $row['image']);
}
// Delete DB record
$stmt = $pdo->prepare("DELETE FROM service WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: service.php");
exit();
}
// -------- Delete Gallery Image (related table: gallery) --------
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_image') {
$id = intval($_REQUEST['id']);
$stmt = $pdo->prepare("SELECT image FROM gallery WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists($uploadDir . $row['image'])) {
unlink($uploadDir . $row['image']);
}
$del_stmt = $pdo->prepare("DELETE FROM gallery WHERE id = :id");
$success = $del_stmt->execute([':id' => $id]);
echo $success ? "success" : "error";
exit();
}
// -------- Add Project --------
if (isset($_REQUEST['add_project'])) {
$title = htmlentities($_POST['title'] ?? '');
$pagetitle = htmlentities($_POST['pagetitle'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$shortdescription = htmlentities(strip_tags($_POST['shortdescription'] ?? ''));
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
// Handle image upload
if (!empty($_FILES['projectimage']['name'])) {
$image_ext = pathinfo($_FILES['projectimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $image_ext;
if (!move_uploaded_file($_FILES['projectimage']['tmp_name'], $uploadDir . $image_name)) {
exit("ERROR: File not uploaded.");
}
} else {
exit("No primary image uploaded.");
}
// Insert into DB
$stmt = $pdo->prepare("INSERT INTO project (title, description, image, short_description, page_title, slug, keyword, metadescription)
VALUES (:title, :description, :image, :shortdescription, :pagetitle, :slug, :keyword, :metadesc)");
$success = $stmt->execute([
':title' => $title,
':description' => $description,
':image' => $image_name,
':shortdescription' => $shortdescription,
':pagetitle' => $pagetitle,
':slug' => $slug,
':keyword' => $keyword,
':metadesc' => $seodescription
]);
header("Location: " . ($success ? "project.php" : "add_project.php"));
exit();
}
// -------- Update Project --------
if (isset($_REQUEST['update_project'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$pagetitle = htmlentities($_POST['pagetitle'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$shortdescription = htmlentities(strip_tags($_POST['shortdescription'] ?? ''));
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['projectimage']['name'])) {
$image_ext = pathinfo($_FILES['projectimage']['name'], PATHINFO_EXTENSION);
$new_image_name = rand(10, 100) . time() . '.' . $image_ext;
if (move_uploaded_file($_FILES['projectimage']['tmp_name'], $uploadDir . $new_image_name)) {
// Delete old image if exists
if (!empty($image_name) && file_exists($uploadDir . $image_name)) {
unlink($uploadDir . $image_name);
}
$image_name = $new_image_name;
} else {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("UPDATE project SET
title = :title,
page_title = :pagetitle,
short_description = :shortdescription,
description = :description,
image = :image,
slug = :slug,
keyword = :keyword,
metadescription = :metadesc
WHERE id = :id");
$success = $stmt->execute([
':title' => $title,
':pagetitle' => $pagetitle,
':shortdescription' => $shortdescription,
':description' => $description,
':image' => $image_name,
':slug' => $slug,
':keyword' => $keyword,
':metadesc' => $seodescription,
':id' => $id
]);
header("Location: " . ($success ? "project.php" : "add_project.php"));
exit();
}
// -------- Delete Project --------
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_project') {
$id = intval($_GET['id']);
// Get image
$stmt = $pdo->prepare("SELECT image FROM project WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && !empty($row['image']) && file_exists($uploadDir . $row['image'])) {
unlink($uploadDir . $row['image']);
}
// Delete row
$stmt = $pdo->prepare("DELETE FROM project WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: project.php");
exit();
}
// -------- Add Gallery --------
if (isset($_REQUEST['add_gallery'])) {
$category = htmlentities($_POST['category'] ?? '');
$title = htmlentities($_POST['title'] ?? '');
if (!empty($_FILES['galleryimage']['name'])) {
$image_ext = pathinfo($_FILES['galleryimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $image_ext;
if (!move_uploaded_file($_FILES['galleryimage']['tmp_name'], $uploadDir . $image_name)) {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("INSERT INTO gallery (name, image, cat_id) VALUES (:title, :image, :category)");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name,
':category' => $category
]);
header("Location: " . ($success ? "gallery.php" : "add_gallery.php"));
exit();
}
// -------- Update Gallery --------
if (isset($_REQUEST['update_gallery'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['galleryimage']['name'])) {
$image_ext = pathinfo($_FILES['galleryimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10, 100) . time() . '.' . $image_ext;
if (move_uploaded_file($_FILES['galleryimage']['tmp_name'], $uploadDir . $new_image)) {
if (!empty($image_name) && file_exists($uploadDir . $image_name)) {
unlink($uploadDir . $image_name);
}
$image_name = $new_image;
} else {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("UPDATE gallery SET title = :title, image = :image WHERE id = :id");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name,
':id' => $id
]);
header("Location: gallery.php");
exit();
}
// -------- Delete Gallery --------
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_gallery') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM gallery WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists($uploadDir . $row['image'])) {
unlink($uploadDir . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM gallery WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: gallery.php");
exit();
}
// -------- Add Slider --------
if (isset($_REQUEST['add_slider'])) {
$title = htmlentities($_POST['title'] ?? '');
if (!empty($_FILES['sliderimage']['name'])) {
$image_ext = pathinfo($_FILES['sliderimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $image_ext;
if (!move_uploaded_file($_FILES['sliderimage']['tmp_name'], $uploadDir . $image_name)) {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("INSERT INTO slider (title, image) VALUES (:title, :image)");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name
]);
header("Location: " . ($success ? "slider.php" : "add_slider.php"));
exit();
}
// -------- Update Slider --------
if (isset($_REQUEST['update_slider'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['sliderimage']['name'])) {
$image_ext = pathinfo($_FILES['sliderimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10, 100) . time() . '.' . $image_ext;
if (move_uploaded_file($_FILES['sliderimage']['tmp_name'], $uploadDir . $new_image)) {
if (!empty($image_name) && file_exists($uploadDir . $image_name)) {
unlink($uploadDir . $image_name);
}
$image_name = $new_image;
} else {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("UPDATE slider SET title = :title, image = :image WHERE id = :id");
$success = $stmt->execute([
':title' => $title,
':image' => $image_name,
':id' => $id
]);
header("Location: slider.php");
exit();
}
// -------- Delete Slider --------
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_slider') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM slider WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists($uploadDir . $row['image'])) {
unlink($uploadDir . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM slider WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: slider.php");
exit();
}
// ---------- Add Testimonial ----------
if (isset($_REQUEST['add_testimonial'])) {
$title = htmlentities($_POST['title'] ?? '');
$position = htmlentities($_POST['position'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$image_name = '';
if (!empty($_FILES['testimonialimage']['name'])) {
$dir = "upload/";
$ext = pathinfo($_FILES['testimonialimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $ext;
if (!move_uploaded_file($_FILES['testimonialimage']['tmp_name'], $dir . $image_name)) {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("INSERT INTO testimonial (name, role, image, testimonial) VALUES (:title, :position, :image, :description)");
$success = $stmt->execute([
':title' => $title,
':position' => $position,
':image' => $image_name,
':description' => $description
]);
header("Location: " . ($success ? "testimonial.php" : "add_testimonial.php"));
exit();
}
// ---------- Update Testimonial ----------
if (isset($_REQUEST['update_testimonial'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$position = htmlentities($_POST['position'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['testimonialimage']['name'])) {
$ext = pathinfo($_FILES['testimonialimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10, 100) . time() . '.' . $ext;
if (move_uploaded_file($_FILES['testimonialimage']['tmp_name'], "upload/" . $new_image)) {
if (!empty($image_name) && file_exists("upload/" . $image_name)) {
unlink("upload/" . $image_name);
}
$image_name = $new_image;
}
}
$stmt = $pdo->prepare("UPDATE testimonial SET name = :title, role = :position, image = :image, testimonial = :description WHERE id = :id");
$stmt->execute([
':title' => $title,
':position' => $position,
':image' => $image_name,
':description' => $description,
':id' => $id
]);
header("Location: testimonial.php");
exit();
}
// ---------- Delete Testimonial ----------
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_testimonial') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM testimonial WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists("upload/" . $row['image'])) {
unlink("upload/" . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM testimonial WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: testimonial.php");
exit();
}
// ---------- Add Our Story ----------
if (isset($_REQUEST['add_ourstory'])) {
$title = htmlentities($_POST['title'] ?? '');
$description = $_POST['description'] ?? '';
$image_name = '';
if (!empty($_FILES['ourstoryimage']['name'])) {
$ext = pathinfo($_FILES['ourstoryimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $ext;
if (!move_uploaded_file($_FILES['ourstoryimage']['tmp_name'], "upload/" . $image_name)) {
exit("ERROR: File not uploaded.");
}
}
$stmt = $pdo->prepare("INSERT INTO ourstory (title, image, description) VALUES (:title, :image, :description)");
$stmt->execute([
':title' => $title,
':image' => $image_name,
':description' => $description
]);
header("Location: ourstory.php");
exit();
}
// ---------- Update Our Story ----------
if (isset($_REQUEST['update_ourstory'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$description = $_POST['description'] ?? '';
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['ourstoryimage']['name'])) {
$ext = pathinfo($_FILES['ourstoryimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10, 100) . time() . '.' . $ext;
if (move_uploaded_file($_FILES['ourstoryimage']['tmp_name'], "upload/" . $new_image)) {
if (!empty($image_name) && file_exists("upload/" . $image_name)) {
unlink("upload/" . $image_name);
}
$image_name = $new_image;
}
}
$stmt = $pdo->prepare("UPDATE ourstory SET title = :title, image = :image, description = :description WHERE id = :id");
$stmt->execute([
':title' => $title,
':image' => $image_name,
':description' => $description,
':id' => $id
]);
header("Location: ourstory.php");
exit();
}
// ---------- Delete Our Story ----------
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_ourstory') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM ourstory WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists("upload/" . $row['image'])) {
unlink("upload/" . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM ourstory WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: ourstory.php");
exit();
}
// ---------- Add FAQ ----------
if (isset($_REQUEST['add_faq'])) {
$question = htmlentities($_POST['question'] ?? '');
$answer = htmlentities(strip_tags($_POST['answer'] ?? ''));
$stmt = $pdo->prepare("INSERT INTO faq (question, answer) VALUES (:question, :answer)");
$stmt->execute([
':question' => $question,
':answer' => $answer
]);
header("Location: faq.php");
exit();
}
// ---------- Update FAQ ----------
if (isset($_REQUEST['update_faq'])) {
$id = intval($_POST['id']);
$question = htmlentities($_POST['question'] ?? '');
$answer = htmlentities(strip_tags($_POST['answer'] ?? ''));
$stmt = $pdo->prepare("UPDATE faq SET question = :question, answer = :answer WHERE id = :id");
$stmt->execute([
':question' => $question,
':answer' => $answer,
':id' => $id
]);
header("Location: faq.php");
exit();
}
// ---------- Delete FAQ ----------
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_faq') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM faq WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: faq.php");
exit();
}
// --- Add Blog Category ---
if (isset($_REQUEST['add_blog_category'])) {
$title = htmlentities($_POST['title'] ?? '');
$stmt = $pdo->prepare("INSERT INTO blog_category (blog_category) VALUES (:title)");
$stmt->execute([':title' => $title]);
header("Location: blog_category.php");
exit();
}
// --- Update Blog Category ---
if (isset($_REQUEST['update_blog_category'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$stmt = $pdo->prepare("UPDATE blog_category SET blog_category = :title WHERE id = :id");
$stmt->execute([':title' => $title, ':id' => $id]);
header("Location: blog_category.php");
exit();
}
// --- Delete Blog Category ---
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_blog_category') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM blog_category WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: blog_category.php");
exit();
}
// --- Add Team ---
if (isset($_REQUEST['add_team'])) {
$title = htmlentities($_POST['title'] ?? '');
$position = htmlentities($_POST['position'] ?? '');
$about = htmlentities($_POST['about'] ?? '');
$facebook = htmlentities($_POST['facebook'] ?? '');
$twitter = htmlentities($_POST['twitter'] ?? '');
$instagram = htmlentities($_POST['instagram'] ?? '');
$linkedin = htmlentities($_POST['linkedin'] ?? '');
$image_name = '';
if (!empty($_FILES['homegalleryimage']['name'])) {
$ext = pathinfo($_FILES['homegalleryimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10,100) . time() . '.' . $ext;
move_uploaded_file($_FILES['homegalleryimage']['tmp_name'], "upload/$image_name");
}
$stmt = $pdo->prepare("INSERT INTO team (name, designation, about, facebook, twitter, instagram, linkedin, image)
VALUES (:title, :position, :about, :facebook, :twitter, :instagram, :linkedin, :image)");
$stmt->execute([
':title' => $title,
':position' => $position,
':about' => $about,
':facebook' => $facebook,
':twitter' => $twitter,
':instagram' => $instagram,
':linkedin' => $linkedin,
':image' => $image_name
]);
header("Location: team.php");
exit();
}
// --- Update Team ---
if (isset($_REQUEST['update_team'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$position = htmlentities($_POST['position'] ?? '');
$about = htmlentities($_POST['about'] ?? '');
$facebook = htmlentities($_POST['facebook'] ?? '');
$twitter = htmlentities($_POST['twitter'] ?? '');
$instagram = htmlentities($_POST['instagram'] ?? '');
$linkedin = htmlentities($_POST['linkedin'] ?? '');
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['homegalleryimage']['name'])) {
$ext = pathinfo($_FILES['homegalleryimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10,100) . time() . '.' . $ext;
if (move_uploaded_file($_FILES['homegalleryimage']['tmp_name'], "upload/$new_image")) {
if (!empty($image_name) && file_exists("upload/$image_name")) {
unlink("upload/$image_name");
}
$image_name = $new_image;
}
}
$stmt = $pdo->prepare("UPDATE team SET name = :title, designation = :position, about = :about, facebook = :facebook,
twitter = :twitter, instagram = :instagram, linkedin = :linkedin, image = :image WHERE id = :id");
$stmt->execute([
':title' => $title,
':position' => $position,
':about' => $about,
':facebook' => $facebook,
':twitter' => $twitter,
':instagram' => $instagram,
':linkedin' => $linkedin,
':image' => $image_name,
':id' => $id
]);
header("Location: team.php");
exit();
}
// --- Delete Team ---
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_team') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM team WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists("upload/" . $row['image'])) {
unlink("upload/" . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM team WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: team.php");
exit();
}
// --- Add Client ---
if (isset($_REQUEST['add_client'])) {
$title = htmlentities($_POST['title'] ?? '');
$image_name = '';
if (!empty($_FILES['clientimage']['name'])) {
$ext = pathinfo($_FILES['clientimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10,100) . time() . '.' . $ext;
move_uploaded_file($_FILES['clientimage']['tmp_name'], "upload/$image_name");
}
$stmt = $pdo->prepare("INSERT INTO client (company_name, image) VALUES (:title, :image)");
$stmt->execute([
':title' => $title,
':image' => $image_name
]);
header("Location: client.php");
exit();
}
// --- Update Client ---
if (isset($_REQUEST['update_client'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['clientimage']['name'])) {
$ext = pathinfo($_FILES['clientimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10,100) . time() . '.' . $ext;
if (move_uploaded_file($_FILES['clientimage']['tmp_name'], "upload/$new_image")) {
if (!empty($image_name) && file_exists("upload/$image_name")) {
unlink("upload/$image_name");
}
$image_name = $new_image;
}
}
$stmt = $pdo->prepare("UPDATE client SET company_name = :title, image = :image WHERE id = :id");
$stmt->execute([
':title' => $title,
':image' => $image_name,
':id' => $id
]);
header("Location: client.php");
exit();
}
// --- Delete Client ---
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_client') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM client WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists("upload/" . $row['image'])) {
unlink("upload/" . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM client WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: client.php");
exit();
}
// ---- Add Place ----
if (isset($_REQUEST['add_place'])) {
$title = htmlentities($_POST['title'] ?? '');
$image_name = '';
if (!empty($_FILES['placeimage']['name'])) {
$ext = pathinfo($_FILES['placeimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $ext;
move_uploaded_file($_FILES['placeimage']['tmp_name'], "upload/$image_name");
}
$stmt = $pdo->prepare("INSERT INTO place (name, image) VALUES (:name, :image)");
$stmt->execute([
':name' => $title,
':image' => $image_name
]);
header("Location: place.php");
exit();
}
// ---- Update Place ----
if (isset($_REQUEST['update_place'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['placeimage']['name'])) {
$ext = pathinfo($_FILES['placeimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10, 100) . time() . '.' . $ext;
if (move_uploaded_file($_FILES['placeimage']['tmp_name'], "upload/$new_image")) {
if (!empty($image_name) && file_exists("upload/$image_name")) {
unlink("upload/$image_name");
}
$image_name = $new_image;
}
}
$stmt = $pdo->prepare("UPDATE place SET name = :name, image = :image WHERE id = :id");
$stmt->execute([
':name' => $title,
':image' => $image_name,
':id' => $id
]);
header("Location: place.php");
exit();
}
// ---- Delete Place ----
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_place') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM place WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists("upload/" . $row['image'])) {
unlink("upload/" . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM place WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: place.php");
exit();
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_contact') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM contact WHERE id = :id");
$stmt->execute([':id' => $id]);
header("location:contact.php");
exit();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_enquiryform'])) {
$name = trim($_POST['name'] ?? '');
$email = trim($_POST['email'] ?? '');
$message = trim($_POST['message'] ?? '');
$errors = [];
if ($name === '') $errors[] = 'Name is required.';
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) $errors[] = 'Invalid email format.';
if ($message === '') $errors[] = 'Message cannot be empty.';
if (empty($errors)) {
$stmt = $pdo->prepare("INSERT INTO enquiryform (name, email, message) VALUES (:name, :email, :message)");
$result = $stmt->execute([
':name' => htmlentities($name),
':email' => htmlentities($email),
':message' => htmlentities($message),
]);
if ($result) {
echo "<script>alert('Message sent successfully!'); window.location.href='/consulting/sabksolutions/contact.php';</script>";
} else {
echo "<script>alert('Failed to send message. Please try again later.'); window.history.back();</script>";
}
} else {
foreach ($errors as $error) {
echo "<p style='color: red;'>$error</p>";
}
}
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_enquiryform') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM enquiryform WHERE id = :id");
$stmt->execute([':id' => $id]);
header("location:enquiryform.php");
exit();
}
if (isset($_REQUEST['add_about'])) {
$title = htmlentities($_POST['title'] ?? '');
$experience = htmlentities($_POST['experience'] ?? '');
$description = $_POST['description'] ?? '';
$shortdescription = htmlentities(strip_tags($_POST['shortdescription'] ?? ''));
$mission = $_POST['mission'] ?? '';
$vision = $_POST['vision'] ?? '';
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
$image_name = '';
if (!empty($_FILES['aboutimage']['name'])) {
$ext = pathinfo($_FILES['aboutimage']['name'], PATHINFO_EXTENSION);
$image_name = rand(10, 100) . time() . '.' . $ext;
move_uploaded_file($_FILES['aboutimage']['tmp_name'], "upload/$image_name");
}
$stmt = $pdo->prepare("INSERT INTO about (title, shortdescription, description, mission, vision, experience, slug, keyword, metadescription, image) VALUES (:title, :shortdescription, :description, :mission, :vision, :experience, :slug, :keyword, :metadescription, :image)");
$stmt->execute([
':title' => $title,
':shortdescription' => $shortdescription,
':description' => $description,
':mission' => $mission,
':vision' => $vision,
':experience' => $experience,
':slug' => $slug,
':keyword' => $keyword,
':metadescription' => $seodescription,
':image' => $image_name
]);
header("location:about.php");
exit();
}
if (isset($_REQUEST['update_about'])) {
$id = intval($_POST['id']);
$title = htmlentities($_POST['title'] ?? '');
$experience = htmlentities($_POST['experience'] ?? '');
$description = $_POST['description'] ?? '';
$shortdescription = htmlentities(strip_tags($_POST['shortdescription'] ?? ''));
$mission = $_POST['mission'] ?? '';
$vision = $_POST['vision'] ?? '';
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['image']['name'])) {
$ext = pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION);
$new_image = rand(10, 100) . time() . '.' . $ext;
if (move_uploaded_file($_FILES['image']['tmp_name'], "upload/$new_image")) {
if (!empty($image_name) && file_exists("upload/$image_name")) {
unlink("upload/$image_name");
}
$image_name = $new_image;
}
}
$stmt = $pdo->prepare("UPDATE about SET title = :title, image = :image, experience = :experience, description = :description, shortdescription = :shortdescription, mission = :mission, vision = :vision, slug = :slug, keyword = :keyword, metadescription = :metadescription WHERE id = :id");
$stmt->execute([
':title' => $title,
':image' => $image_name,
':experience' => $experience,
':description' => $description,
':shortdescription' => $shortdescription,
':mission' => $mission,
':vision' => $vision,
':slug' => $slug,
':keyword' => $keyword,
':metadescription' => $seodescription,
':id' => $id
]);
header("location:about.php");
exit();
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_about') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("SELECT image FROM about WHERE id = :id");
$stmt->execute([':id' => $id]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && file_exists("upload/" . $row['image'])) {
unlink("upload/" . $row['image']);
}
$stmt = $pdo->prepare("DELETE FROM about WHERE id = :id");
$stmt->execute([':id' => $id]);
header("location:about.php");
exit();
}
if (isset($_REQUEST['update_setting'])) {
$id = intval($_POST['id']);
$companyname = htmlentities($_POST['companyname'] ?? '');
$email1 = htmlentities($_POST['email1'] ?? '');
$email2 = htmlentities($_POST['email2'] ?? '');
$number1 = htmlentities($_POST['number1'] ?? '');
$number2 = htmlentities($_POST['number2'] ?? '');
$facebook = htmlentities($_POST['facebook'] ?? '');
$youtube = htmlentities($_POST['youtube'] ?? '');
$instagram = htmlentities($_POST['instagram'] ?? '');
$linkedin = htmlentities($_POST['linkedin'] ?? '');
$image_name = $_POST['hidden_image'] ?? '';
if (!empty($_FILES['settingimage']['name'])) {
$ext = pathinfo($_FILES['settingimage']['name'], PATHINFO_EXTENSION);
$new_image = rand(10, 100) . time() . '.' . $ext;
if (move_uploaded_file($_FILES['settingimage']['tmp_name'], "upload/$new_image")) {
if (!empty($image_name) && file_exists("upload/$image_name")) {
unlink("upload/$image_name");
}
$image_name = $new_image;
} else {
echo "ERROR: File not uploaded. Try again.";
exit();
}
}
$stmt = $pdo->prepare("UPDATE setting SET company_name = :companyname, owner_email1 = :email1, owner_email2 = :email2, owner_number1 = :number1, owner_number2 = :number2, facebook = :facebook, youtube = :youtube, instagram = :instagram, linkedin = :linkedin, company_logo = :logo WHERE id = :id");
$result = $stmt->execute([
':companyname' => $companyname,
':email1' => $email1,
':email2' => $email2,
':number1' => $number1,
':number2' => $number2,
':facebook' => $facebook,
':youtube' => $youtube,
':instagram' => $instagram,
':linkedin' => $linkedin,
':logo' => $image_name,
':id' => $id
]);
if ($result) {
header("location:setting.php");
exit();
} else {
echo "Setting has not been updated.";
}
}
if (isset($_REQUEST['add_booking'])) {
$id = htmlentities($_POST['id'] ?? '');
$category = htmlentities($_POST['category'] ?? '');
$service = htmlentities($_POST['service'] ?? '');
$name = htmlentities($_POST['name'] ?? '');
$email = htmlentities($_POST['email'] ?? '');
$phone = htmlentities($_POST['phone'] ?? '');
$subject = htmlentities($_POST['subject'] ?? '');
$message = htmlentities($_POST['message'] ?? '');
$stmt = $pdo->prepare("INSERT INTO bookingform (service_id, category_name, service_name, name, email, phone, subject, message) VALUES (:id, :category, :service, :name, :email, :phone, :subject, :message)");
$result = $stmt->execute([
':id' => $id,
':category' => $category,
':service' => $service,
':name' => $name,
':email' => $email,
':phone' => $phone,
':subject' => $subject,
':message' => $message
]);
if ($result) {
echo "<script>
alert('Form submitted successfully');
window.location.href = 'http://localhost/EventManagement/event/service_details.php?id=$id';
</script>";
}
}
if (isset($_REQUEST['add_newsletter'])) {
$email = htmlentities($_POST['email'] ?? '');
$stmt = $pdo->prepare("INSERT INTO newsletter (email) VALUES (:email)");
$result = $stmt->execute([':email' => $email]);
if ($result) {
echo "<script>
alert('Form submitted successfully');
window.location.href = 'http://localhost/consulting/sabksolutions/index.php';
</script>";
}
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_newsletter') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM newsletter WHERE id = :id");
$stmt->execute([':id' => $id]);
header("location:newsletter.php");
exit();
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'delete_contact') {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM contact WHERE id = :id");
$stmt->execute([':id' => $id]);
header("location:contact.php");
exit();
}
if (isset($_REQUEST['add_jobdetails'])) {
$name = htmlentities($_POST['name'] ?? '');
$locationandsalary = htmlentities($_POST['locationandsalary'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$responsibility = htmlentities(strip_tags($_POST['responsibility'] ?? ''));
$requirments = htmlentities(strip_tags($_POST['requirments'] ?? ''));
$location = htmlentities($_POST['location'] ?? '');
$salary = htmlentities($_POST['salary'] ?? '');
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
$stmt = $pdo->prepare("INSERT INTO job_details (`name`, `description`, `locationandsalary`, `responsibility`, `requirments`, `location`, `salary`, `slug`, `keyword`, `metadescription`)
VALUES (:name, :description, :locationandsalary, :responsibility, :requirments, :location, :salary, :slug, :keyword, :metadescription)");
$success = $stmt->execute([
':name' => $name,
':description' => $description,
':locationandsalary' => $locationandsalary,
':responsibility' => $responsibility,
':requirments' => $requirments,
':location' => $location,
':salary' => $salary,
':slug' => $slug,
':keyword' => $keyword,
':metadescription' => $seodescription
]);
header("Location: " . ($success ? "jobdetails.php" : "add_jobdetails.php"));
exit();
}
if (isset($_REQUEST['update_jobdetails'])) {
$id = intval($_REQUEST['id']);
$name = htmlentities($_POST['name'] ?? '');
$locationandsalary = htmlentities($_POST['locationandsalary'] ?? '');
$description = htmlentities(strip_tags($_POST['description'] ?? ''));
$responsibility = htmlentities(strip_tags($_POST['responsibility'] ?? ''));
$requirments = htmlentities(strip_tags($_POST['requirments'] ?? ''));
$location = htmlentities($_POST['location'] ?? '');
$salary = htmlentities($_POST['salary'] ?? '');
$slug = htmlentities($_POST['slug'] ?? '');
$keyword = htmlentities($_POST['keyword'] ?? '');
$seodescription = htmlentities(strip_tags($_POST['seodescription'] ?? ''));
$stmt = $pdo->prepare("UPDATE job_details SET
name = :name, description = :description, locationandsalary = :locationandsalary,
responsibility = :responsibility, requirments = :requirments, location = :location,
salary = :salary, slug = :slug, keyword = :keyword, metadescription = :metadescription
WHERE id = :id");
$success = $stmt->execute([
':name' => $name,
':description' => $description,
':locationandsalary' => $locationandsalary,
':responsibility' => $responsibility,
':requirments' => $requirments,
':location' => $location,
':salary' => $salary,
':slug' => $slug,
':keyword' => $keyword,
':metadescription' => $seodescription,
':id' => $id
]);
header("Location: jobdetails.php");
exit();
}
if (isset($_GET['action']) && $_GET['action'] === 'delete' && isset($_GET['id'])) {
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM job_details WHERE id = :id");
$stmt->execute([':id' => $id]);
header("Location: jobdetails.php?msg=deleted");
exit();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_jobenquiryform'])) {
$name = trim($_POST['name'] ?? '');
$email = trim($_POST['email'] ?? '');
$phone = trim($_POST['phone'] ?? '');
$message = trim($_POST['message'] ?? '');
$errors = [];
if (empty($name)) $errors[] = "Name is required.";
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) $errors[] = "Invalid email.";
if (empty($message)) $errors[] = "Message is required.";
$cv_path = '';
if (isset($_FILES['cv']) && $_FILES['cv']['error'] === 0) {
$target_dir = "uploads/";
if (!is_dir($target_dir)) mkdir($target_dir, 0777, true);
$cv_name = time() . '_' . basename($_FILES["cv"]["name"]);
$cv_path = $target_dir . $cv_name;
if (!move_uploaded_file($_FILES["cv"]["tmp_name"], $cv_path)) {
$errors[] = "Failed to upload CV.";
}
}
if (empty($errors)) {
$stmt = $pdo->prepare("INSERT INTO jobenquiryform (name, email, phone, message, cv_path) VALUES (:name, :email, :phone, :message, :cv)");
$success = $stmt->execute([
':name' => $name,
':email' => $email,
':phone' => $phone,
':message' => $message,
':cv' => $cv_path
]);
if ($success) {
echo "<script>alert('Message sent successfully!'); window.location.href = '/consulting/sabksolutions/jobdetails.php';</script>";
} else {
echo "<script>alert('Failed to send message.'); window.history.back();</script>";
}
} else {
foreach ($errors as $error) {
echo "<p style='color:red;'>$error</p>";
}
}
}
?>
........