HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/360.naniguide.com/backend/ajax/add_virtual_tour.php
<?php
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED);
ob_start();
session_start();
if((($_SERVER['SERVER_ADDR']==$_SESSION['demo_server_ip']) && ($_SERVER['REMOTE_ADDR']!=$_SESSION['demo_developer_ip']) && ($_SESSION['id_user']==$_SESSION['demo_user_id'])) || ($_SESSION['svt_si']!=session_id())) {
    die();
}
require_once("../../db/connection.php");
require_once("../functions.php");
$insert_id = null;
$id_user = $_SESSION['id_user'];
$name = strip_tags($_POST['name']);
$author = strip_tags($_POST['author']);
$vt_type = strip_tags($_POST['vt_type']);
$external=0;
$ar_simulator=0;
switch ($vt_type) {
    case 0:
        $external=0;
        $ar_simulator=0;
        break;
    case 1:
        $external=1;
        $ar_simulator=0;
        break;
    case 2:
        $external=0;
        $ar_simulator=1;
        break;
}
$settings = get_settings();
$id_vt_template = $settings['id_vt_template'];
if(!$external && !$ar_simulator && !empty($id_vt_template)) {
    $mysqli->query("CREATE TEMPORARY TABLE svt_virtualtour_tmp SELECT * FROM svt_virtualtours WHERE id = $id_vt_template;");
    $query="UPDATE svt_virtualtour_tmp SET id=(SELECT MAX(id)+1 as id FROM svt_virtualtours),active=1,code=NULL,list_alt=NULL,start_date=NULL,end_date=NULL,snipcart_api_key=NULL,woocommerce_store_url=NULL,woocommerce_customer_key=NULL,woocommerce_customer_secret=NULL,password=NULL,note=NULL,html_landing=NULL,description=NULL,dollhouse=NULL,ga_tracking_id=NULL,fb_page_id=NULL,friendly_url=NULL,id_user=?,name=?,author=?,date_created=NOW();";
    if($smt = $mysqli->prepare($query)) {
        $smt->bind_param('iss', $id_user,$name,$author);
        $smt->execute();
    }
    $result = $mysqli->query("INSERT INTO svt_virtualtours SELECT * FROM svt_virtualtour_tmp;");
    $insert_id = $mysqli->insert_id;
    $mysqli->query("DROP TEMPORARY TABLE IF EXISTS svt_virtualtours_tmp;");
    $array_icons = array();
    $result = $mysqli->query("SELECT id FROM svt_icons WHERE id_virtualtour=$id_vt_template;");
    if($result) {
        if($result->num_rows>0) {
            while($row = $result->fetch_array(MYSQLI_ASSOC)) {
                $id_icon = $row['id'];
                $mysqli->query("CREATE TEMPORARY TABLE svt_icon_tmp SELECT * FROM svt_icons WHERE id=$id_icon;");
                $mysqli->query("UPDATE svt_icon_tmp SET id=(SELECT MAX(id)+1 as id FROM svt_icons),id_virtualtour=$insert_id;");
                $mysqli->query("INSERT INTO svt_icons SELECT * FROM svt_icon_tmp;");
                $id_icon_new = $mysqli->insert_id;
                $array_icons[$id_icon] = $id_icon_new;
                $mysqli->query("DROP TEMPORARY TABLE IF EXISTS svt_icon_tmp;");
            }
        }
    }
    $query = "SELECT ui_style FROM svt_virtualtours WHERE id=$insert_id LIMIT 1;";
    $result = $mysqli->query($query);
    if($result) {
        if ($result->num_rows == 1) {
            $row = $result->fetch_array(MYSQLI_ASSOC);
            $ui_style = $row['ui_style'];
            if (!empty($ui_style)) {
                $ui_style_array = json_decode($ui_style, true);
                foreach ($ui_style_array['controls'] as $key => $item) {
                    if(!empty($item['icon_library']) && $item['icon_library']!=0) {
                        if(array_key_exists($item['icon_library'],$array_icons)) {
                            $ui_style_array['controls'][$key]['icon_library'] = $array_icons[$item['icon_library']];
                        }
                    }
                }
                $ui_style = str_replace("'","\'",json_encode($ui_style_array));
                $mysqli->query("UPDATE svt_virtualtours SET ui_style='$ui_style' WHERE id=$insert_id;");
            }
        }
    }
} else {
    if($ar_simulator==1) {
        $query = "INSERT INTO svt_virtualtours(id_user,date_created,name,author,hfov,min_hfov,max_hfov,external,ar_simulator,show_device_orientation,show_webvr,auto_show_slider,arrows_nav,show_autorotation_toggle,show_presentation,keyboard_mode)
            VALUES(?,NOW(),?,?,70,70,70,?,?,0,0,2,0,0,0,0);";
    } else {
        $query = "INSERT INTO svt_virtualtours(id_user,date_created,name,author,hfov,min_hfov,max_hfov,external,ar_simulator)
            VALUES(?,NOW(),?,?,100,50,100,?,?);";
    }
    if($smt = $mysqli->prepare($query)) {
        $smt->bind_param('issii',  $id_user,$name,$author,$external,$ar_simulator);
        $result = $smt->execute();
        if($result) {
            $insert_id = $mysqli->insert_id;
        }
    } else {
        ob_end_clean();
        echo json_encode(array("status"=>"error"));
        exit;
    }
}
if($insert_id!=null) {
    $_SESSION['id_virtualtour_sel'] = $insert_id;
    $_SESSION['name_virtualtour_sel'] = $name;
    session_write_close();
    $code = md5($insert_id);
    $mysqli->query("UPDATE svt_virtualtours SET code='$code' WHERE id=$insert_id;");
    if($settings['aws_s3_enabled']==1 && $settings['aws_s3_vt_auto']==1) {
        $mysqli->query("UPDATE svt_virtualtours SET aws_s3=1 WHERE id=$insert_id;");
    }
    $query = "SELECT id FROM svt_advertisements WHERE auto_assign=1 LIMIT 1;";
    $result = $mysqli->query($query);
    if($result) {
        if($result->num_rows==1) {
            $row=$result->fetch_array(MYSQLI_ASSOC);
            $id_ads=$row['id'];
            $mysqli->query("INSERT INTO svt_assign_advertisements(id_advertisement,id_virtualtour) VALUES($id_ads,$insert_id);");
        }
    }
    set_user_log($id_user,'add_virtual_tour',json_encode(array("id"=>$insert_id,"name"=>$name)),date('Y-m-d H:i:s', time()));
    ob_end_clean();
    echo json_encode(array("status"=>"ok","id"=>$insert_id));
} else {
    ob_end_clean();
    echo json_encode(array("status"=>"error","msg"=>$mysqli->error));
}