0byt3m1n1
Path:
/
var
/
lib
/
vz
/
www
/
clients
/
client6
/
web11
/
web
/
wp-content
/
plugins
/
slider-image
/
[
Home
]
File: sliders.php
<?php if(function_exists('current_user_can')) //if(!current_user_can('manage_options')) { if(!current_user_can('delete_pages')) { die('Access Denied'); } if(!function_exists('current_user_can')){ die('Access Denied'); } function showslider() { global $wpdb; session_start(); if(isset($_REQUEST['csrf_token_hugeit_1752'])){ $_REQUEST['csrf_token_hugeit_1752'] = esc_html($_REQUEST['csrf_token_hugeit_1752']); if($_SESSION['csrf_token_hugeit_1752'] == $_REQUEST['csrf_token_hugeit_1752']){ if(isset($_POST['search_events_by_title'])){ $_POST['search_events_by_title']=esc_html(stripslashes($_POST['search_events_by_title'])); } } } if(isset($_POST['asc_or_desc'])){ $_POST['asc_or_desc'] = esc_html($_POST['asc_or_desc']); $_POST['asc_or_desc']=esc_js($_POST['asc_or_desc']); } if(isset($_POST['order_by'])){ $_POST['order_by'] = esc_html($_POST['order_by']); $_POST['order_by']=esc_js($_POST['order_by']); } $where=''; $sort["custom_style"] ="manage-column column-autor sortable desc"; $sort["default_style"]="manage-column column-autor sortable desc"; $sort["sortid_by"]='id'; $sort["1_or_2"]=1; $order=''; if(isset($_POST['page_number'])) { $_POST['page_number'] = esc_html($_POST['page_number']); if($_POST['asc_or_desc']) { $sort["sortid_by"]=$_POST['order_by']; if($_POST['asc_or_desc']==1) { $sort["custom_style"]="manage-column column-title sorted asc"; $sort["1_or_2"]="2"; $order="ORDER BY ".$sort["sortid_by"]." ASC"; } else { $sort["custom_style"]="manage-column column-title sorted desc"; $sort["1_or_2"]="1"; $order="ORDER BY ".$sort["sortid_by"]." DESC"; } } if($_POST['page_number']) { $limit=($_POST['page_number']-1)*20; } else { $limit=0; } } else { $limit=0; } if(isset($_POST['search_events_by_title'])){ $_POST['search_events_by_title'] = esc_html($_POST['search_events_by_title']); $search_tag=esc_html(stripslashes($_POST['search_events_by_title'])); } else { $search_tag=""; } if(isset($_GET["catid"])){ $cat_id=esc_html($_GET["catid"]); } else { if(isset($_POST['cat_search'])){ $_POST['cat_search'] = esc_html($_POST['cat_search']); $cat_id=$_POST['cat_search']; }else{ $cat_id=0;} } if ( $search_tag ) { $where= " WHERE name LIKE '%".$search_tag."%' "; } if($where){ if($cat_id){ $where.=" AND sl_width=" .$cat_id; } } else{ if($cat_id){ $where.=" WHERE sl_width=" .$cat_id; } } $cat_row_query="SELECT id,name FROM ".$wpdb->prefix."huge_itslider_sliders WHERE sl_width=0"; $cat_row=$wpdb->get_results($cat_row_query); $query = "SELECT COUNT(*) FROM ".$wpdb->prefix."huge_itslider_sliders". $where; $total = $wpdb->get_var($query); $pageNav['total'] =$total; $pageNav['limit'] = $limit/20+1; if($cat_id){ $query ="SELECT a.* , COUNT(b.id) AS count, g.par_name AS par_name FROM ".$wpdb->prefix."huge_itslider_sliders AS a LEFT JOIN ".$wpdb->prefix."huge_itslider_sliders AS b ON a.id = b.sl_width LEFT JOIN (SELECT ".$wpdb->prefix."huge_itslider_sliders.ordering as ordering,".$wpdb->prefix."huge_itslider_sliders.id AS id, COUNT( ".$wpdb->prefix."huge_itslider_images.slider_id ) AS prod_count FROM ".$wpdb->prefix."huge_itslider_images, ".$wpdb->prefix."huge_itslider_sliders WHERE ".$wpdb->prefix."huge_itslider_images.slider_id = ".$wpdb->prefix."huge_itslider_sliders.id GROUP BY ".$wpdb->prefix."huge_itslider_images.slider_id) AS c ON c.id = a.id LEFT JOIN (SELECT ".$wpdb->prefix."huge_itslider_sliders.name AS par_name,".$wpdb->prefix."huge_itslider_sliders.id FROM ".$wpdb->prefix."huge_itslider_sliders) AS g ON a.sl_width=g.id WHERE a.name LIKE '%".$search_tag."%' group by a.id ". $order ." "." LIMIT ".$limit.",20" ; } else{ $query ="SELECT a.* , COUNT(b.id) AS count, g.par_name AS par_name FROM ".$wpdb->prefix."huge_itslider_sliders AS a LEFT JOIN ".$wpdb->prefix."huge_itslider_sliders AS b ON a.id = b.sl_width LEFT JOIN (SELECT ".$wpdb->prefix."huge_itslider_sliders.ordering as ordering,".$wpdb->prefix."huge_itslider_sliders.id AS id, COUNT( ".$wpdb->prefix."huge_itslider_images.slider_id ) AS prod_count FROM ".$wpdb->prefix."huge_itslider_images, ".$wpdb->prefix."huge_itslider_sliders WHERE ".$wpdb->prefix."huge_itslider_images.slider_id = ".$wpdb->prefix."huge_itslider_sliders.id GROUP BY ".$wpdb->prefix."huge_itslider_images.slider_id) AS c ON c.id = a.id LEFT JOIN (SELECT ".$wpdb->prefix."huge_itslider_sliders.name AS par_name,".$wpdb->prefix."huge_itslider_sliders.id FROM ".$wpdb->prefix."huge_itslider_sliders) AS g ON a.sl_width=g.id WHERE a.name LIKE '%".$search_tag."%' group by a.id ". $order ." "." LIMIT ".$limit.",20" ; } $rows = $wpdb->get_results($query); global $glob_ordering_in_cat; if(isset($sort["sortid_by"])) { $sort["sortid_by"] = esc_html($sort["sortid_by"]); if($sort["sortid_by"]=='ordering'){ if($_POST['asc_or_desc']==1){ $glob_ordering_in_cat=" ORDER BY ordering ASC"; } else{ $glob_ordering_in_cat=" ORDER BY ordering DESC"; } } } $rows=open_cat_in_tree($rows); $query ="SELECT ".$wpdb->prefix."huge_itslider_sliders.ordering,".$wpdb->prefix."huge_itslider_sliders.id, COUNT( ".$wpdb->prefix."huge_itslider_images.slider_id ) AS prod_count FROM ".$wpdb->prefix."huge_itslider_images, ".$wpdb->prefix."huge_itslider_sliders WHERE ".$wpdb->prefix."huge_itslider_images.slider_id = ".$wpdb->prefix."huge_itslider_sliders.id GROUP BY ".$wpdb->prefix."huge_itslider_images.slider_id " ; $prod_rows = $wpdb->get_results($query); foreach($rows as $row) { foreach($prod_rows as $row_1) { if ($row->id == $row_1->id) { $row->ordering = $row_1->ordering; $row->prod_count = $row_1->prod_count; } } } $cat_row=open_cat_in_tree($cat_row); html_showsliders( $rows, $pageNav,$sort,$cat_row); } function open_cat_in_tree($catt,$tree_problem='',$hihiih=1){ global $wpdb; global $glob_ordering_in_cat; static $trr_cat=array(); if(!isset($search_tag)) $search_tag=''; if($hihiih) $trr_cat=array(); foreach($catt as $local_cat){ $local_cat->name=$tree_problem.$local_cat->name; array_push($trr_cat,$local_cat); $new_cat_query= "SELECT a.* , COUNT(b.id) AS count, g.par_name AS par_name FROM ".$wpdb->prefix."huge_itslider_sliders AS a LEFT JOIN ".$wpdb->prefix."huge_itslider_sliders AS b ON a.id = b.sl_width LEFT JOIN (SELECT ".$wpdb->prefix."huge_itslider_sliders.ordering as ordering,".$wpdb->prefix."huge_itslider_sliders.id AS id, COUNT( ".$wpdb->prefix."huge_itslider_images.slider_id ) AS prod_count FROM ".$wpdb->prefix."huge_itslider_images, ".$wpdb->prefix."huge_itslider_sliders WHERE ".$wpdb->prefix."huge_itslider_images.slider_id = ".$wpdb->prefix."huge_itslider_sliders.id GROUP BY ".$wpdb->prefix."huge_itslider_images.slider_id) AS c ON c.id = a.id LEFT JOIN (SELECT ".$wpdb->prefix."huge_itslider_sliders.name AS par_name,".$wpdb->prefix."huge_itslider_sliders.id FROM ".$wpdb->prefix."huge_itslider_sliders) AS g ON a.sl_width=g.id WHERE a.name LIKE '%".$search_tag."%' AND a.sl_width=".$local_cat->id." group by a.id ".$glob_ordering_in_cat; $new_cat=$wpdb->get_results($new_cat_query); open_cat_in_tree($new_cat,$tree_problem. "— ",0); } return $trr_cat; } function editslider($id) { global $wpdb; if(isset($_GET["removeslide"])){ $getremoveslide = intval($_GET["removeslide"]); if($getremoveslide != 0){ $wpdb->query($wpdb->prepare("DELETE FROM ".$wpdb->prefix."huge_itslider_images WHERE id = %d ",$getremoveslide)); // $wpdb->query("DELETE FROM ".$wpdb->prefix."huge_itslider_images WHERE id = ".$_GET["removeslide"]." "); } } $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id= %d",$id); $row=$wpdb->get_row($query); if(!isset($row->slider_list_effects_s)) return 'id not found'; $images=explode(";;;",$row->slider_list_effects_s); $par=explode(' ',$row->param); $count_ord=count($images); $cat_row=$wpdb->get_results("SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id!=" .$id." and sl_width=0"); $cat_row=open_cat_in_tree($cat_row); $query=$wpdb->prepare("SELECT name,ordering FROM ".$wpdb->prefix."huge_itslider_sliders WHERE sl_width=%d ORDER BY `ordering` ",$row->sl_width); $ord_elem=$wpdb->get_results($query); $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_images where slider_id = %d order by ordering ASC ",$row->id); $rowim=$wpdb->get_results($query); if(isset($_GET["addslide"])){ $getaddslide = $_GET["addslide"]; if( $getaddslide == 1){ $table_name = $wpdb->prefix . "huge_itslider_images"; // $sql_2 = " //INSERT INTO // //`" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `ordering`, `published`, `published_in_sl_width`) VALUES //( '', '".$row->id."', '', '', '', 'par_TV', 2, '1' )"; $wpdb->query($sql_huge_itslider_images); // $wpdb->query($sql_2); } } $query="SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders order by id ASC"; $rowsld=$wpdb->get_results($query); $query = "SELECT * from " . $wpdb->prefix . "huge_itslider_params "; $rowspar = $wpdb->get_results($query); $paramssld = array(); foreach ($rowspar as $rowpar) { $key = $rowpar->name; $value = $rowpar->value; $paramssld[$key] = $value; } $query="SELECT * FROM ".$wpdb->prefix."posts where post_type = 'post' and post_status = 'publish' order by id ASC"; $rowsposts=$wpdb->get_results($query); $rowsposts8 = ''; $postsbycat = ''; if(isset($_POST["iframecatid"])){ $iframecatid = esc_html($_POST["iframecatid"]); $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."term_relationships where term_taxonomy_id = %d order by object_id ASC",$iframecatid); $rowsposts8=$wpdb->get_results($query); foreach($rowsposts8 as $rowsposts13){ $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."posts where post_type = 'post' and post_status = 'publish' and ID = %d order by ID ASC",$rowsposts13->object_id); $rowsposts1=$wpdb->get_results($query); $postsbycat = $rowsposts1; } } Html_editslider($ord_elem, $count_ord, $images, $row, $cat_row, $rowim, $rowsld, $paramssld, $rowsposts, $rowsposts8, $postsbycat); } function add_slider() { global $wpdb; $table_name = $wpdb->prefix . "huge_itslider_sliders"; $sql_2 = " INSERT INTO `" . $table_name . "` ( `name`, `sl_height`, `sl_width`, `pause_on_hover`, `slider_list_effects_s`, `description`, `param`, `sl_position`, `ordering`, `published`,`sl_loading_icon`) VALUES ( 'New slider', '375', '600', 'on', 'cubeH', '4000', '1000', 'center', '1', '300','off')"; $wpdb->query($sql_2); $query="SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders order by id ASC"; $rowsldcc=$wpdb->get_results($query); $last_key = key( array_slice( $rowsldcc, -1, 1, TRUE ) ); foreach($rowsldcc as $key=>$rowsldccs){ if($last_key == $key){ header('Location: admin.php?page=sliders_huge_it_slider&id='.$rowsldccs->id.'&task=apply'); } } } function popup_posts($id) { global $wpdb; if(isset($_GET["removeslide"])){ $getremove = intval($_GET["removeslide"]); if($getremove != 0){ $wpdb->query($wpdb->prepare("DELETE FROM ".$wpdb->prefix."huge_itslider_images WHERE id = %d ", $getremove)); // $wpdb->query("DELETE FROM ".$wpdb->prefix."huge_itslider_images WHERE id = ".$_GET["removeslide"]." "); } } $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id= %d",$id); $row=$wpdb->get_row($query); if(!isset($row->slider_list_effects_s)) return 'id not found'; $images=explode(";;;",$row->slider_list_effects_s); $par=explode(' ',$row->param); $count_ord=count($images); $cat_row=$wpdb->get_results("SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id!=" .$id." and sl_width=0"); $cat_row=open_cat_in_tree($cat_row); $query=$wpdb->prepare("SELECT name,ordering FROM ".$wpdb->prefix."huge_itslider_sliders WHERE sl_width=%d ORDER BY `ordering` ",$row->sl_width); $ord_elem=$wpdb->get_results($query); $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_images where slider_id = %d order by id ASC ",$row->id); $rowim=$wpdb->get_results($query); if(isset($_GET["addslide"])){ $getaddslide = intval($_GET["addslide"]); if($getaddslide == 1){ $table_name = $wpdb->prefix . "huge_itslider_images"; // $sql_2 = " //INSERT INTO // //`" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `ordering`, `published`, `published_in_sl_width`) VALUES //( '', '".$row->id."', '', '', '', 'par_TV', 2, '1' )"; $wpdb->query($sql_huge_itslider_images); // $wpdb->query($sql_2); } } $query="SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders order by id ASC"; $rowsld=$wpdb->get_results($query); $query = "SELECT * from " . $wpdb->prefix . "huge_itslider_params "; $rowspar = $wpdb->get_results($query); $paramssld = array(); foreach ($rowspar as $rowpar) { $key = $rowpar->name; $value = $rowpar->value; $paramssld[$key] = $value; } $query="SELECT * FROM ".$wpdb->prefix."posts where post_type = 'post' and post_status = 'publish' order by id ASC"; $rowsposts=$wpdb->get_results($query); $categories = get_categories( ); if(isset($_POST["iframecatid"])){ $iframecatid = esc_html($_POST["iframecatid"]); } else { if(isset($categories[0]->cat_ID)) $iframecatid = $categories[0]->cat_ID; else $iframecatid=''; } $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."term_relationships where term_taxonomy_id = %d order by object_id ASC",$iframecatid); $rowsposts8=$wpdb->get_results($query); foreach($rowsposts8 as $rowsposts13){ $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."posts where post_type = 'post' and post_status = 'publish' and ID = %d order by ID ASC",$rowsposts13->object_id); $rowsposts1=$wpdb->get_results($query); $postsbycat = $rowsposts1; } global $wpdb; if(isset($_GET["closepop"])){ $getclosepopup = intval($_GET["closepop"]); if($getclosepopup == 1){ if(isset($_POST["popupposts"])) { $postpopupposts = esc_html($_POST["popupposts"]); if($postpopupposts != 'none' and $postpopupposts != ''){ $popuppostsposts = explode(";", $_POST["popupposts"]); array_pop($popuppostsposts); foreach($popuppostsposts as $popuppostsposts1){ $my_id = $popuppostsposts1; $post_id_1 = get_post($my_id); $post_image = wp_get_attachment_url( get_post_thumbnail_id($popuppostsposts1) ); $posturl=get_permalink($popuppostsposts1); $table_name = $wpdb->prefix . "huge_itslider_images"; $descnohtmlnoq=strip_tags($post_id_1->post_content); $descnohtmlnoq1 = html_entity_decode($descnohtmlnoq); $descnohtmlnoq1 = htmlentities($descnohtmlnoq1, ENT_QUOTES, "UTF-8"); $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_images where slider_id = %d order by id ASC", $row->id); $rowplusorder=$wpdb->get_results($query); foreach ($rowplusorder as $key=>$rowplusorders){ $rowplusorderspl=$rowplusorders->ordering+1; $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET ordering = '".$rowplusorderspl."' WHERE id = %d ", $rowplusorders->id)); } } } } if(!isset($_POST["lastposts"])){ if(isset($_POST["posthuge-it-description-length"])) { $POST_hugeit_description_length = intval($_POST["posthuge-it-description-length"]); $table_name = $wpdb->prefix . "huge_itslider_sliders"; $wpdb->query($wpdb->prepare("UPDATE %s huge_itslider_sliders SET published = %d WHERE id = ",$table_name,intval($_GET['id']))); } } } } if(isset($_POST["lastposts"])){ $_POST["lastposts"] = esc_html($_POST["lastposts"]); $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."posts where post_type = 'post' and post_status = 'publish' order by id DESC LIMIT 0, ".$_POST["lastposts"].""); $rowspostslast=$wpdb->get_results($query); foreach($rowspostslast as $rowspostslastfor){ $my_id = $rowspostslastfor; $post_id_1 = get_post($my_id); $post_image = wp_get_attachment_url( get_post_thumbnail_id($rowspostslastfor) ); $posturl=get_permalink($rowspostslastfor); $table_name = $wpdb->prefix . "huge_itslider_images"; $descnohtmlno=strip_tags($post_id_1->post_content); $descnohtmlno1 = html_entity_decode($descnohtmlno); $lengthtextpost = '300'; $descnohtmlno2 = substr_replace($descnohtmlno1, "", $lengthtextpost); $descnohtmlno3 = htmlentities($descnohtmlno2, ENT_QUOTES, "UTF-8"); $posttitle = htmlentities($post_id_1->post_title, ENT_QUOTES, "UTF-8"); $posturl2 = htmlentities($posturl, ENT_QUOTES, "UTF-8"); $wpdb->query($wpdb->prepare("INSERT INTO `" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `ordering`, `published`, `published_in_sl_width` ) VALUES ( '%s', '%s', '%s', '%s', '%s', '0', 2, '1' )", $posttitle, $row->id, $descnohtmlno3, $post_image, $posturl )); // $sql_lastposts = "INSERT INTO //`" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `ordering`, `published`, `published_in_sl_width`) VALUES //( '".$posttitle."', '".$row->id."', '".$descnohtmlno3."', '".$post_image ."', '".$posturl."', '0', 2, '1' )"; $wpdb->query($sql_huge_itslider_images); // $wpdb->query($sql_lastposts); } } if(isset($_POST["addlastposts"])){ $_POST["addlastposts"] = esc_html($_POST["addlastposts"]); if($_POST["addlastposts"]=='addlastposts'){ $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_images where slider_id = %d order by id ASC", $row->id); $rowplusorder=$wpdb->get_results($query); foreach ($rowplusorder as $key=>$rowplusorders){ $rowplusorderspl=$rowplusorders->ordering+1; $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET ordering = '".$rowplusorderspl."' WHERE id = %d ", $rowplusorders->id)); } $table_name = $wpdb->prefix . "huge_itslider_images"; $sql_addlastposts = $wpdb->query($wpdb->prepare("INSERT INTO `" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `sl_type`, `link_target`, `sl_stitle`, `sl_sdesc`, `sl_postlink`, `ordering`, `published`, `published_in_sl_width` ) VALUES" . "( '%s', '%s', '%s', '', '%s', 'last_posts', '%s', '%s', '%s', '%s', '0', '2', '1' )", $_POST["titleimage"], $row->id, $_POST["im_description"], $_POST["sl_url"], $_POST["sl_link_target"], $_POST["sl_stitle"], $_POST["sl_sdesc"], $_POST["sl_postlink"] )); //$sql_addlastposts = " INSERT INTO //`" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `sl_type`, `link_target`, `sl_stitle`, `sl_sdesc`, `sl_postlink`, `ordering`, `published`, `published_in_sl_width`) VALUES //( '".$_POST["titleimage"]."', '".$row->id."', '".$_POST["im_description"]."', '', '".$_POST["sl_url"]."', 'last_posts', '".$_POST["sl_link_target"]."', '".$_POST["sl_stitle"]."', '".$_POST["sl_sdesc"]."', '".$_POST["sl_postlink"]."', '0', '2', '1' )"; //$wpdb->query($sql_addlastposts); } } if(!isset($postsbycat)) $postsbycat = ''; Html_popup_posts($ord_elem, $count_ord, $images, $row, $cat_row, $rowim, $rowsld, $paramssld, $rowsposts, $rowsposts8, $postsbycat); } function last_posts($id) { global $wpdb; $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id= %d",$id); $row=$wpdb->get_row($query); $test = 'test'; if(isset($_POST['sel_categ'])){ $_POST['sel_categ'] = esc_html($_POST['sel_categ']); $table_name = $wpdb->prefix . "huge_itslider_images"; $sql_lastposts = $wpdb->query($wpdb->prepare("INSERT INTO `" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `sl_type`, `link_target`, `ordering`, `published`, `published_in_sl_width` )" . "VALUES ( '%s', '%s', '300', '', '%s', 'last_posts', 'on', '0', 1, '0' )", $_POST['sel_categ'], $row->id, $_POST['count_posts'] )); // $sql_lastposts = " // INSERT INTO // `" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `sl_type`, `link_target`, `ordering`, `published`, `published_in_sl_width`) VALUES // ( '".$_POST['sel_categ']."', '".$row->id."', '300', '', '".$_POST['count_posts']."', 'last_posts', 'on', '0', 1, '0' )"; // $wpdb->query($sql_lastposts); } Html_last_posts($test); } function popup_video($id) { Html_popup_video(); } function removeslider($id) { global $wpdb; $sql_remov_tag=$wpdb->prepare("DELETE FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id = %d", $id); if(!$wpdb->query($sql_remov_tag)) { ?> <div id="message" class="error"><p>slider Not Deleted</p></div> <?php } else{ ?> <div class="updated"><p><strong><?php _e('Item Deleted.' ); ?></strong></p></div> <?php } } function apply_cat($id) { global $wpdb; session_start(); if(isset($_REQUEST['csrf_token_hugeit_1752'])){ $_REQUEST['csrf_token_hugeit_1752'] = esc_html($_REQUEST['csrf_token_hugeit_1752']); if($_SESSION['csrf_token_hugeit_1752'] == $_REQUEST['csrf_token_hugeit_1752']){ if(!is_numeric($id)){ echo 'insert numerc id'; return ''; } if(!(isset($_POST['sl_width']) && isset($_POST["name"]) )) { return ''; } $cat_row=$wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id!= %d ", $id)); $corent_ord=$wpdb->get_var($wpdb->prepare('SELECT `ordering` FROM '.$wpdb->prefix.'huge_itslider_sliders WHERE id = %d AND sl_width=%d',$id,$_POST['sl_width'])); $max_ord=$wpdb->get_var('SELECT MAX(ordering) FROM '.$wpdb->prefix.'huge_itslider_sliders'); $query=$wpdb->prepare("SELECT sl_width FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id = %d", $id); $id_bef=$wpdb->get_var($query); if(isset($_POST["content"])){ $_POST["content"] = esc_html($_POST["content"]); $script_cat = preg_replace('#<script(.*?)>(.*?)</script>#is', '', stripslashes($_POST["content"])); } $post_slname = esc_html($_POST["name"]); $post_sl_width = esc_html($_POST["sl_width"]); $post_sl_height = esc_html($_POST["sl_height"]); $post_pause_on_hover = esc_html($_POST["pause_on_hover"]); $post_slider_effects_list = esc_html($_POST["slider_effects_list"]); $post_sl_pausetime = esc_html($_POST["sl_pausetime"]); $post_sl_changespeed = esc_html($_POST["sl_changespeed"]); $post_sl_position = esc_html($_POST["sl_position"]); $post_sl_loading_icon = esc_html($_POST["sl_loading_icon"]); $post_show_thumb = esc_html($_POST["show_thumb"]); $post_show_video_autoplay = esc_html($_POST["video_autoplay"]); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET name = '%s' WHERE ID = %d ", $post_slname, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET sl_width = '%s' WHERE ID = %d ", $post_sl_width, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET sl_height = '%s' WHERE ID = %d ", $post_sl_height, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET pause_on_hover = '%s' WHERE ID = %d ", $post_pause_on_hover, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET slider_list_effects_s = '%s' WHERE ID = %d ", $post_slider_effects_list, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET description = '%s' WHERE ID = %d ", $post_sl_pausetime, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET param = '%s' WHERE ID = %d ", $post_sl_changespeed, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET ordering = '1' WHERE ID = %d ", $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET sl_position = '%s' WHERE ID = %d ", $post_sl_position, $id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET sl_loading_icon = '%s' WHERE ID = %d", $post_sl_loading_icon, $id )); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET show_thumb = '%s' WHERE ID = %d", $post_show_thumb, $id)); /*add*/ $wpdb->query("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET video_autoplay = 'off'"); /*dobavka*/ $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET video_autoplay = '%s' WHERE ID = %d", $post_show_video_autoplay , $id)); /*dobavka*/ $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET random_images = '%s' WHERE ID = %d", $_POST["random_images"], $id)); /*dobavka*/ $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_sliders WHERE id = %d", $id); $row=$wpdb->get_row($query); $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_images where slider_id = %d order by id ASC", $row->id); $rowim=$wpdb->get_results($query); foreach ($rowim as $key=>$rowimages){ $imgDescription = str_replace("%","%%",$_POST["im_description".$rowimages->id.""]); $imgTitle = str_replace("%","%%",$_POST["titleimage".$rowimages->id.""]); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET ordering = '".$_POST["order_by_".$rowimages->id.""]."' WHERE ID = %d ", $rowimages->id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET link_target = '".$_POST["sl_link_target".$rowimages->id.""]."' WHERE ID = %d ", $rowimages->id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET sl_url = '".$_POST["sl_url".$rowimages->id.""]."' WHERE ID = %d ", $rowimages->id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET name = '".$imgTitle."' WHERE ID = %d ", $rowimages->id)); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET description = '".$imgDescription."' WHERE ID = %d ", $rowimages->id)); if(isset($_POST["imagess".$rowimages->id.""])) $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET image_url = '".$_POST["imagess".$rowimages->id.""]."' WHERE ID = %d ", $rowimages->id)); /////////////////update/////////////////////////// if(isset($_POST["sl_stitle".$rowimages->id.""])) $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET sl_stitle = '".$_POST["sl_stitle".$rowimages->id.""]."' WHERE ID = %d ", $rowimages->id)); if(isset($_POST["sl_sdesc".$rowimages->id.""])) $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET sl_sdesc = '".$_POST["sl_sdesc".$rowimages->id.""]."' WHERE ID = %d ", $rowimages->id)); if(isset($_POST["sl_postlink".$rowimages->id.""])) $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET sl_postlink = '".$_POST["sl_postlink".$rowimages->id.""]."' WHERE ID = %d ", $rowimages->id)); ////////////////update/////////////////////////// } if (isset($_POST['params'])) { $params = $_POST['params']; foreach ($params as $key => $value) { $wpdb->update($wpdb->prefix . 'huge_itslider_params', array('value' => $value), array('name' => $key), array('%s') ); } } if($_POST["imagess"] != ''){ $query=$wpdb->prepare("SELECT * FROM ".$wpdb->prefix."huge_itslider_images where slider_id = %d order by id ASC", $row->id); $rowim=$wpdb->get_results($query); foreach ($rowim as $key=>$rowimages){ $orderingplus = $rowimages->ordering+1; $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_images SET ordering = %d WHERE ID = %d ", $orderingplus, $rowimages->id)); } $table_name = $wpdb->prefix . "huge_itslider_images"; $imagesnewuploader = explode(";;;", $_POST["imagess"]); array_pop($imagesnewuploader); foreach($imagesnewuploader as $imagesnewupload){ $sql_2 = $wpdb->query($wpdb->prepare("INSERT INTO `" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `ordering`, `published`, `published_in_sl_width` )" . "VALUES ( '', '%s', '', '%s', '', 'par_TV', '2', '1' )", $row->id, $imagesnewupload )); // $sql_2 = " //INSERT INTO // //`" . $table_name . "` ( `name`, `slider_id`, `description`, `image_url`, `sl_url`, `ordering`, `published`, `published_in_sl_width`) VALUES //( '', '".$row->id."', '', '".$imagesnewupload."', '', 'par_TV', 2, '1' )"; // // $wpdb->query($sql_2); } } if(isset($_POST["posthuge-it-description-length"])){ $post_huge_it_description = intval($_POST["posthuge-it-description-length"]); $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_itslider_sliders SET published = %d WHERE id = %d ", $post_huge_it_description, intval($_GET['id']))); } ?> <div class="updated"><p><strong><?php _e('Item Saved'); ?></strong></p></div> <?php return true; } } } ?>