Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/gyaniguru.org/admin/models/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/gyaniguru.org/admin/models/PostDynamicContents.class.php
<?php
include_once '../inc/DatabaseMysql.class.php';

/**
 * PostDynamicContents Class
 */
class PostDynamicContents
{
	// DB stuff
	private $conn;
	private $database;
	private $table = 'dynamic_contents';
	private $query_string;
	private $query_exe;
	private $section;
	private $resMsg;

	public function __construct()
	{
		// Instantiate DB & connect
		$this->database = new DatabaseMysql();
		$this->conn = $this->database->connect();

		$this->query_exe = false;
		$this->section = "";
	}

	public function updateData($postData)
	{
		$this->section = isset($postData['section']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['section']))))) : null;

		if ('countdown' == $this->section) {

			// Input Sanitizations
			$show_countdown = isset($postData['show_countdown']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_countdown']))))) : null;
			$CountdownDatetimeRange = isset($postData['CountdownDatetimeRange']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['CountdownDatetimeRange']))))) : " - ";
			$expired_text = isset($postData['expired_text']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['expired_text']))))) : null;

			// Seperate Start & End date from the daterange
			$explodeCountdownDatetimeRange = explode(' - ', $CountdownDatetimeRange);
			$start_datetime = !empty($explodeCountdownDatetimeRange) ? $explodeCountdownDatetimeRange[0] : "";
			$end_datetime = !empty($explodeCountdownDatetimeRange) ? $explodeCountdownDatetimeRange[1] : "";

			// Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_countdown' WHERE flag_type = '".$this->section."' AND flag_name = 'show_countdown';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$start_datetime' WHERE flag_type = '".$this->section."' AND flag_name = 'start_datetime';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$end_datetime' WHERE flag_type = '".$this->section."' AND flag_name = 'end_datetime';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$expired_text' WHERE flag_type = '".$this->section."' AND flag_name = 'expired_text';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('homepage' == $this->section) {

			// Input Sanitizations
			$home_subtitle = isset($postData['home_subtitle']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['home_subtitle']))))) : null;
			$home_title = isset($postData['home_title']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['home_title']))))) : null;
			$enable_text_logo = isset($postData['enable_text_logo']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['enable_text_logo']))))) : null;
			$text_logo = isset($postData['text_logo']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['text_logo']))))) : null;
			$show_logo_image = isset($postData['show_logo_image']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_logo_image']))))) : null;
			$logo_image = isset($postData['logo_image']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['logo_image']))))) : null;
			$show_logo_favicon = isset($postData['show_logo_favicon']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_logo_favicon']))))) : null;
			$logo_favicon = isset($postData['logo_favicon']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['logo_favicon']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$home_subtitle' WHERE flag_type = '".$this->section."' AND flag_name = 'home_subtitle';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$home_title' WHERE flag_type = '".$this->section."' AND flag_name = 'home_title';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$enable_text_logo' WHERE flag_type = '".$this->section."' AND flag_name = 'enable_text_logo';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$text_logo' WHERE flag_type = '".$this->section."' AND flag_name = 'text_logo';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_logo_image' WHERE flag_type = '".$this->section."' AND flag_name = 'show_logo_image';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_logo_favicon' WHERE flag_type = '".$this->section."' AND flag_name = 'show_logo_favicon';";


			// Logo Images Upload
			$target_dir = "uploads/";
			if ($show_logo_image) {
				// Logo Image
				$logo_image = !empty($_FILES["logo_image"]["name"]) ? mysqli_escape_string($this->conn, trim($_FILES["logo_image"]["name"])) : null;
				if ($logo_image) {
					$target_file = $target_dir . basename($_FILES["logo_image"]["name"]);

					// Select file type
					$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

					// Valid file extensions
					$allowTypes = array("jpg","jpeg","png","gif");

					// Check extension
					if( in_array($imageFileType, $allowTypes) ){
						$logo_image = 'logo_image.'.$imageFileType;

					  // Insert record
					  $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$logo_image' WHERE flag_type = '".$this->section."' AND flag_name = 'logo_image';";

					  // Upload file
					  move_uploaded_file($_FILES["logo_image"]["tmp_name"],$target_dir.$logo_image);

					}
				}
			} else {
				$this->query_string .= "UPDATE ".$this->table." SET flag_value = 'logo.png' WHERE flag_type = '".$this->section."' AND flag_name = 'logo_image';";
			}

			if ($show_logo_favicon) {
				// Logo Favicon
				$logo_favicon = !empty($_FILES["logo_favicon"]["name"]) ? mysqli_escape_string($this->conn, trim($_FILES["logo_favicon"]["name"])) : null;
				if ($logo_favicon) {
					$target_file = $target_dir . basename($_FILES["logo_favicon"]["name"]);

					// Select file type
					$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

					// Valid file extensions
					$allowTypes = array("jpg","jpeg","png","ico");

					// Check extension
					if( in_array($imageFileType, $allowTypes) ){
						$logo_favicon = 'logo_favicon.'.$imageFileType;

					  // Insert record
					  $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$logo_favicon' WHERE flag_type = '".$this->section."' AND flag_name = 'logo_favicon';";

					  // Upload file
					  move_uploaded_file($_FILES["logo_favicon"]["tmp_name"],$target_dir.$logo_favicon);

					}
				}
			} else {
				$this->query_string .= "UPDATE ".$this->table." SET flag_value = 'logo-icon.png' WHERE flag_type = '".$this->section."' AND flag_name = 'logo_favicon';";
			}

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('callus' == $this->section) {

			// Input Sanitizations
			$show_callus = isset($postData['show_callus']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_callus']))))) : null;
			$display_text = isset($postData['display_text']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['display_text']))))) : null;
			$phone_number = isset($postData['phone_number']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['phone_number']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_callus' WHERE flag_type = '".$this->section."' AND flag_name = 'show_callus';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$display_text' WHERE flag_type = '".$this->section."' AND flag_name = 'display_text';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$phone_number' WHERE flag_type = '".$this->section."' AND flag_name = 'phone_number';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('google_analytics' == $this->section) {

			// Input Sanitizations
			$use_ga = isset($postData['use_ga']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['use_ga']))))) : null;
			$enable_ip = isset($postData['enable_ip']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['enable_ip']))))) : null;
			$tracking_code = isset($postData['tracking_code']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['tracking_code']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$use_ga' WHERE flag_type = '".$this->section."' AND flag_name = 'use_ga';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$enable_ip' WHERE flag_type = '".$this->section."' AND flag_name = 'enable_ip';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$tracking_code' WHERE flag_type = '".$this->section."' AND flag_name = 'tracking_code';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('maintenance' == $this->section) {

			// Input Sanitizations
			$enable_maintenance = isset($postData['enable_maintenance']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['enable_maintenance']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$enable_maintenance' WHERE flag_type = '".$this->section."' AND flag_name = 'enable_maintenance';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('social_links' == $this->section) {

			// Input Sanitizations
			$show_socials = isset($postData['show_socials']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_socials']))))) : null;
			$links_target = isset($postData['links_target']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['links_target']))))) : null;
			$facebook_url = isset($postData['facebook_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['facebook_url']))))) : null;
			$twitter_url = isset($postData['twitter_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['twitter_url']))))) : null;
			$skype_url = isset($postData['skype_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['skype_url']))))) : null;
			$pinterest_url = isset($postData['pinterest_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['pinterest_url']))))) : null;
			$dribbble_url = isset($postData['dribbble_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['dribbble_url']))))) : null;
			$instagram_url = isset($postData['instagram_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['instagram_url']))))) : null;
			$googleplus_url = isset($postData['googleplus_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['googleplus_url']))))) : null;
			$linkedin_url = isset($postData['linkedin_url']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['linkedin_url']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_socials' WHERE flag_type = '".$this->section."' AND flag_name = 'show_socials';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$links_target' WHERE flag_type = '".$this->section."' AND flag_name = 'links_target';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$facebook_url' WHERE flag_type = '".$this->section."' AND flag_name = 'facebook_url';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$twitter_url' WHERE flag_type = '".$this->section."' AND flag_name = 'twitter_url';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$skype_url' WHERE flag_type = '".$this->section."' AND flag_name = 'skype_url';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$pinterest_url' WHERE flag_type = '".$this->section."' AND flag_name = 'pinterest_url';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$dribbble_url' WHERE flag_type = '".$this->section."' AND flag_name = 'dribbble_url';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$instagram_url' WHERE flag_type = '".$this->section."' AND flag_name = 'instagram_url';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$googleplus_url' WHERE flag_type = '".$this->section."' AND flag_name = 'googleplus_url';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$linkedin_url' WHERE flag_type = '".$this->section."' AND flag_name = 'linkedin_url';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('design_templates' == $this->section) {

			// Input Sanitizations
			$dt_home_style = isset($postData['dt_home_style']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['dt_home_style']))))) : null;
			$dt_default_background = isset($postData['dt_default_background']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['dt_default_background']))))) : null;
			$dt_default_background_color = isset($postData['dt_default_background_color']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['dt_default_background_color']))))) : null;
			$dt_backgrownd_style = isset($postData['dt_backgrownd_style']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['dt_backgrownd_style']))))) : null;
			$yt_link = isset($postData['yt_link']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['yt_link']))))) : null;
			$yt_auto_play = isset($postData['yt_auto_play']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['yt_auto_play']))))) : null;
			$yt_loop = isset($postData['yt_loop']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['yt_loop']))))) : null;
			$yt_mute = isset($postData['yt_mute']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['yt_mute']))))) : null;

			if ("bg-img" == $dt_default_background) {

				// Background Images Upload
				$target_dir = "uploads/";
				// Default Background
				$dt_default_background_img = !empty($_FILES["dt_default_background_img"]["name"]) ? mysqli_escape_string($this->conn, trim($_FILES["dt_default_background_img"]["name"])) : null;
				if ($dt_default_background_img) {
					$target_file = $target_dir . basename($_FILES["dt_default_background_img"]["name"]);

					// Select file type
					$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

					// Valid file extensions
					$allowTypes = array("jpg","jpeg","png","gif");

					// Check extension
					if( in_array($imageFileType, $allowTypes) ){
						$dt_default_background_img = 'default_background_img.'.$imageFileType;

					  // Insert record
					  $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$dt_default_background_img' WHERE flag_type = '".$this->section."' AND flag_name = 'dt_default_background_img';";

					  // Upload file
					  move_uploaded_file($_FILES["dt_default_background_img"]["tmp_name"],$target_dir.$dt_default_background_img);

					}
				}
			} else {
				$this->query_string .= "UPDATE ".$this->table." SET flag_value = 'body-bg.jpg' WHERE flag_type = '".$this->section."' AND flag_name = 'dt_default_background_img';";
			}

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$dt_home_style' WHERE flag_type = '".$this->section."' AND flag_name = 'dt_home_style';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$dt_default_background' WHERE flag_type = '".$this->section."' AND flag_name = 'dt_default_background';";
			// $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$dt_default_background_img' WHERE flag_type = '".$this->section."' AND flag_name = 'dt_default_background_img';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$dt_default_background_color' WHERE flag_type = '".$this->section."' AND flag_name = 'dt_default_background_color';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$dt_backgrownd_style' WHERE flag_type = '".$this->section."' AND flag_name = 'dt_backgrownd_style';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$yt_link' WHERE flag_type = '".$this->section."' AND flag_name = 'yt_link';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$yt_auto_play' WHERE flag_type = '".$this->section."' AND flag_name = 'yt_auto_play';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$yt_loop' WHERE flag_type = '".$this->section."' AND flag_name = 'yt_loop';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$yt_mute' WHERE flag_type = '".$this->section."' AND flag_name = 'yt_mute';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('siteseo' == $this->section) {

			// Input Sanitizations
			$title_tag = isset($postData['title_tag']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['title_tag']))))) : null;
			$meta_title = isset($postData['meta_title']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['meta_title']))))) : null;
			$meta_description = isset($postData['meta_description']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['meta_description']))))) : null;
			$meta_keywords = isset($postData['meta_keywords']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['meta_keywords']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$title_tag' WHERE flag_type = '".$this->section."' AND flag_name = 'title_tag';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$meta_title' WHERE flag_type = '".$this->section."' AND flag_name = 'meta_title';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$meta_description' WHERE flag_type = '".$this->section."' AND flag_name = 'meta_description';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$meta_keywords' WHERE flag_type = '".$this->section."' AND flag_name = 'meta_keywords';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('smtp_settings' == $this->section) {

			// Input Sanitizations
			$enable_smtp = isset($postData['enable_smtp']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['enable_smtp']))))) : null;
			$smtp_host = isset($postData['smtp_host']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['smtp_host']))))) : null;
			$smtp_username = isset($postData['smtp_username']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['smtp_username']))))) : null;
			$smtp_password = isset($postData['smtp_password']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['smtp_password']))))) : null;
			$smtp_secure = isset($postData['smtp_secure']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['smtp_secure']))))) : null;
			$smtp_port = isset($postData['smtp_port']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['smtp_port']))))) : null;
			$noreply_email = isset($postData['noreply_email']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['noreply_email']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$enable_smtp' WHERE flag_type = '".$this->section."' AND flag_name = 'enable_smtp';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$smtp_host' WHERE flag_type = '".$this->section."' AND flag_name = 'smtp_host';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$smtp_username' WHERE flag_type = '".$this->section."' AND flag_name = 'smtp_username';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$smtp_password' WHERE flag_type = '".$this->section."' AND flag_name = 'smtp_password';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$smtp_secure' WHERE flag_type = '".$this->section."' AND flag_name = 'smtp_secure';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$smtp_port' WHERE flag_type = '".$this->section."' AND flag_name = 'smtp_port';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$noreply_email' WHERE flag_type = '".$this->section."' AND flag_name = 'noreply_email';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('aboutpage' == $this->section) {

			// Input Sanitizations
			$show_aboutpage = isset($postData['show_aboutpage']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_aboutpage']))))) : null;
			$about_subtitle = isset($postData['about_subtitle']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_subtitle']))))) : null;
			$about_title = isset($postData['about_title']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_title']))))) : null;

			$about_content = isset($postData['about_content']) ? mysqli_escape_string($this->conn, trim($postData['about_content'])) : null;
			$about_content = strip_tags($about_content, '<p><a><img><table><tbody><tfoot><tr><th><td><hr><blockquote><strong><em><ul><ol><li><h1><h2><h3><h4><h5><h6><div><small><span><big><code><samp><var><del><ins><tt><cite><q><pre>');

			$show_about_button_1 = isset($postData['show_about_button_1']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_about_button_1']))))) : null;
			$about_button_1_txt = isset($postData['about_button_1_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_button_1_txt']))))) : null;
			$about_button_1_link = isset($postData['about_button_1_link']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_button_1_link']))))) : null;
			$show_about_button_2 = isset($postData['show_about_button_2']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_about_button_2']))))) : null;
			$about_button_2_txt = isset($postData['about_button_2_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_button_2_txt']))))) : null;
			$about_button_2_link = isset($postData['about_button_2_link']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_button_2_link']))))) : null;
			$about_img_1_atl = isset($postData['about_img_1_atl']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_img_1_atl']))))) : null;
			$about_img_2_atl = isset($postData['about_img_2_atl']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_img_2_atl']))))) : null;
			$about_img_3_atl = isset($postData['about_img_3_atl']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_img_3_atl']))))) : null;
			$about_img_4_atl = isset($postData['about_img_4_atl']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['about_img_4_atl']))))) : null;
			$show_about_images = isset($postData['show_about_images']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_about_images']))))) : null;

			// About Images Upload
			$target_dir = "uploads/";
			// Image 1
			$about_img_1 = !empty($_FILES["about_img_1"]["name"]) ? mysqli_escape_string($this->conn, trim($_FILES["about_img_1"]["name"])) : null;
			if ($about_img_1) {
				$target_file = $target_dir . basename($_FILES["about_img_1"]["name"]);

				// Select file type
				$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

				// Valid file extensions
				$allowTypes = array("jpg","jpeg","png","gif");

				// Check extension
				if( in_array($imageFileType, $allowTypes) ){
					$about_img_1 = 'about_img_1.'.$imageFileType;

				  // Insert record
				  $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_1' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_1';";

				  // Upload file
				  move_uploaded_file($_FILES["about_img_1"]["tmp_name"],$target_dir.$about_img_1);

				}
			}
			// Image 2
			$about_img_2 = !empty($_FILES["about_img_2"]["name"]) ? mysqli_escape_string($this->conn, trim($_FILES["about_img_2"]["name"])) : null;
			if ($about_img_2) {
				$target_file = $target_dir . basename($_FILES["about_img_2"]["name"]);

				// Select file type
				$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

				// Valid file extensions
				$allowTypes = array("jpg","jpeg","png","gif");

				// Check extension
				if( in_array($imageFileType, $allowTypes) ){
					$about_img_2 = 'about_img_2.'.$imageFileType;

				  // Insert record
				  $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_2' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_2';";

				  // Upload file
				  move_uploaded_file($_FILES["about_img_2"]["tmp_name"],$target_dir.$about_img_2);

				}
			}
			// Image 3
			$about_img_3 = !empty($_FILES["about_img_3"]["name"]) ? mysqli_escape_string($this->conn, trim($_FILES["about_img_3"]["name"])) : null;
			if ($about_img_3) {
				$target_file = $target_dir . basename($_FILES["about_img_3"]["name"]);

				// Select file type
				$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

				// Valid file extensions
				$allowTypes = array("jpg","jpeg","png","gif");

				// Check extension
				if( in_array($imageFileType, $allowTypes) ){
					$about_img_3 = 'about_img_3.'.$imageFileType;

				  // Insert record
				  $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_3' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_3';";

				  // Upload file
				  move_uploaded_file($_FILES["about_img_3"]["tmp_name"],$target_dir.$about_img_3);

				}
			}
			// Image 4
			$about_img_4 = !empty($_FILES["about_img_4"]["name"]) ? mysqli_escape_string($this->conn, trim($_FILES["about_img_4"]["name"])) : null;
			if ($about_img_4) {
				$target_file = $target_dir . basename($_FILES["about_img_4"]["name"]);

				// Select file type
				$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

				// Valid file extensions
				$allowTypes = array("jpg","jpeg","png","gif");

				// Check extension
				if( in_array($imageFileType, $allowTypes) ){
					$about_img_4 = 'about_img_4.'.$imageFileType;

				  // Insert record
				  $this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_4' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_4';";

				  // Upload file
				  move_uploaded_file($_FILES["about_img_4"]["tmp_name"],$target_dir.$about_img_4);

				}
			}

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_aboutpage' WHERE flag_type = '".$this->section."' AND flag_name = 'show_aboutpage';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_subtitle' WHERE flag_type = '".$this->section."' AND flag_name = 'about_subtitle';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_title' WHERE flag_type = '".$this->section."' AND flag_name = 'about_title';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_content' WHERE flag_type = '".$this->section."' AND flag_name = 'about_content';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_about_button_1' WHERE flag_type = '".$this->section."' AND flag_name = 'show_about_button_1';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_button_1_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'about_button_1_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_button_1_link' WHERE flag_type = '".$this->section."' AND flag_name = 'about_button_1_link';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_about_button_2' WHERE flag_type = '".$this->section."' AND flag_name = 'show_about_button_2';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_button_2_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'about_button_2_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_button_2_link' WHERE flag_type = '".$this->section."' AND flag_name = 'about_button_2_link';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_1_atl' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_1_atl';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_2_atl' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_2_atl';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_3_atl' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_3_atl';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$about_img_4_atl' WHERE flag_type = '".$this->section."' AND flag_name = 'about_img_4_atl';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_about_images' WHERE flag_type = '".$this->section."' AND flag_name = 'show_about_images';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('contactpage' == $this->section) {

			// Input Sanitizations
			$show_contactpage = isset($postData['show_contactpage']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_contactpage']))))) : null;
			$contact_subtitle = isset($postData['contact_subtitle']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['contact_subtitle']))))) : null;
			$contact_title = isset($postData['contact_title']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['contact_title']))))) : null;
			$fullname_field_txt = isset($postData['fullname_field_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['fullname_field_txt']))))) : null;
			$phone_field_txt = isset($postData['phone_field_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['phone_field_txt']))))) : null;
			$email_field_txt = isset($postData['email_field_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['email_field_txt']))))) : null;
			$msg_field_txt = isset($postData['msg_field_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['msg_field_txt']))))) : null;
			$send_btn_txt = isset($postData['send_btn_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['send_btn_txt']))))) : null;
			$contact_success_msg = isset($postData['contact_success_msg']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['contact_success_msg']))))) : null;
			$contact_error_msg = isset($postData['contact_error_msg']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['contact_error_msg']))))) : null;
			$map_iframe = isset($postData['map_iframe']) ? mysqli_escape_string($this->conn, trim($postData['map_iframe'])) : null;
			$map_iframe = strip_tags($map_iframe, '<iframe>');

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_contactpage' WHERE flag_type = '".$this->section."' AND flag_name = 'show_contactpage';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$contact_subtitle' WHERE flag_type = '".$this->section."' AND flag_name = 'contact_subtitle';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$contact_title' WHERE flag_type = '".$this->section."' AND flag_name = 'contact_title';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$fullname_field_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'fullname_field_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$phone_field_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'phone_field_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$email_field_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'email_field_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$msg_field_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'msg_field_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$send_btn_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'send_btn_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$contact_success_msg' WHERE flag_type = '".$this->section."' AND flag_name = 'contact_success_msg';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$contact_error_msg' WHERE flag_type = '".$this->section."' AND flag_name = 'contact_error_msg';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$map_iframe' WHERE flag_type = '".$this->section."' AND flag_name = 'map_iframe';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} elseif ('subscribers' == $this->section) {

			// Input Sanitizations
			$show_subscriber = isset($postData['show_subscriber']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['show_subscriber']))))) : null;
			$subs_btn_txt = isset($postData['subs_btn_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['subs_btn_txt']))))) : null;
			$subs_placeholder_txt = isset($postData['subs_placeholder_txt']) ? mysqli_escape_string($this->conn, trim(addslashes(htmlspecialchars(strip_tags($postData['subs_placeholder_txt']))))) : null;

			# Query String
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$show_subscriber' WHERE flag_type = '".$this->section."' AND flag_name = 'show_subscriber';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$subs_btn_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'subs_btn_txt';";
			$this->query_string .= "UPDATE ".$this->table." SET flag_value = '$subs_placeholder_txt' WHERE flag_type = '".$this->section."' AND flag_name = 'subs_placeholder_txt';";

	        // Query execution
			$this->query_exe = mysqli_multi_query($this->conn, $this->query_string) or die(mysqli_error($this->conn));

			// Return response
			$this->resMsg = ($this->query_exe) ? 'success' : 'error';

		} else {
			$this->resMsg = 'error';
		}

		$this->conn->close();
		return $this->resMsg;
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit