shell bypass 403
<?php
namespace App\Http\Controllers\admin;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Response;
use Illuminate\Support\Str;
use App\Models\Cms;
class CmsController extends Controller
{
//
public function __construct()
{
$this->middleware('auth');
$this->middleware('isAdmin');
}
public function cms_home()
{
// $data['cmsdata'] = Cms::all();
$data['cmsdata'] = DB::select("SELECT * FROM `cms` LIMIT 16");
return view('admin/cms_home',$data);
}
public function cms_terms_and_conditions()
{
$data['cmsdata'] = DB::select("SELECT * FROM `cms` LIMIT 3 OFFSET 16");
return view('admin/cms_terms_and_conditions',$data);
}
public function cms_privacy_policy()
{
$data['cmsdata'] = DB::select("SELECT * FROM `cms` LIMIT 16 OFFSET 19");
return view('admin/cms_privacy_policy',$data);
}
public function cms_return_and_refund_policy()
{
$data['cmsdata'] = DB::select("SELECT * FROM `cms` LIMIT 16 OFFSET 35");
return view('admin/cms_return_and_refund_policy',$data);
}
public function cms_newsletter()
{
$data['cmsdata'] = DB::select("SELECT * FROM `cms` LIMIT 1 OFFSET 15");
return view('admin/cms_newsletter',$data);
}
public function cms_form()
{
return view('admin/add_cms');
}
public function add_cms(Request $req)
{
if($req->cmsStatus == true)
{
$status = 1;
}
else
{
$status = 0;
}
$validation = Validator::make($req->all(),[
'cmsTitle'=>'required|max:50',
'cmsImg'=>'image|mimes:jpg,png,jpeg|max:15000',
'cmsImg2'=>'image|mimes:jpg,png,jpeg|max:15000',
'cmsVideo'=>'mimes:mp4,ogx,oga,ogv,ogg,webm|max:102400',
],[
'cmsTitle.required'=>'Title Is Required',
'cmsImg.image'=>'Must In Image Formate',
'cmsImg.mimes'=>'Image Type In JPG, PNG & JPEG',
'cmsImg.max'=>'Image One Maximum Size Is 15000',
'cmsImg2.image'=>'Must In Image Formate',
'cmsImg2.mimes'=>'Image Type In JPG, PNG & JPEG',
'cmsImg2.max'=>'Image Two Maximum Size Is 15000',
'cmsVideo.max'=>'Video Maximum Size Is 102400'
]);
if(!$validation->passes())
{
return response()->json(['error'=>$validation->errors()]);
}
else
{
$AddCms = new Cms;
$AddCms->cms_title = $req->cmsTitle;
$AddCms->cms_heading = $req->cmsHeading;
$AddCms->cms_sub_heading = $req->cmsSubHeading;
$AddCms->cms_slug = Str::slug($req->cmsTitle);
$AddCms->cms_description = $req->cmsDesc;
$AddCms->cms_price = $req->cmsPrice;
if($req->hasFile('cmsImg'))
{
$file = $req->file('cmsImg');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->storeAs('public/images',$fileName);
$AddCms->cms_image = $fileName;
}
if($req->hasFile('cmsImg2'))
{
$file = $req->file('cmsImg2');
// $extension = $file->getClientOriginalExtension();
$fileName2 = $file->getClientOriginalName();
$file->storeAs('public/images',$fileName2);
$AddCms->cms_image2 = $fileName2;
}
if($req->hasFile('cmsVideo'))
{
$file = $req->file('cmsVideo');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->move('storage/images',$fileName);
$AddCms->cms_video = $fileName;
}
$AddCms->cms_status = $status;
$AddCms->save();
return response()->json(['success'=>'CMS Added Successfully...']);
}
}
public function edit_cms($id)
{
$data['edit'] = Cms::find($id);
return view('admin/edit_cms',$data);
}
public function update_cms(Request $req)
{
$validation = Validator::make($req->all(),[
'UpdtCmsTitle'=>'required|max:50',
'UpdtCmsImg'=>'image|mimes:jpg,png,jpeg|max:15000',
'UpdtCmsImg2'=>'image|mimes:jpg,png,jpeg|max:15000',
'UpdtCmsVideo'=>'mimes:mp4,ogx,oga,ogv,ogg,webm|max:102400',
],[
'UpdtCmsTitle.required'=>'Title Is Required',
'UpdtCmsImg.image'=>'Must In Image Formate',
'UpdtCmsImg.mimes'=>'Image Type In JPG, PNG & JPEG',
'UpdtCmsImg.max'=>'Image One Maximum Size Is 15000',
'UpdtCmsImg2.image'=>'Must In Image Formate',
'UpdtCmsImg2.mimes'=>'Image Type In JPG, PNG & JPEG',
'UpdtCmsImg2.max'=>'Image Two Maximum Size Is 15000',
'UpdtCmsVideo.max'=>'Video Maximum Size Is 102400'
]);
if(!$validation->passes())
{
return response()->json(['error'=>$validation->errors(), 'id'=>$req->cmsId]);
}
else
{
$id = $req->cmsId;
$UpdateCMS = Cms::find($id);
$UpdateCMS->cms_title = $req->UpdtCmsTitle;
$UpdateCMS->cms_heading = $req->UpdtCmsHeading;
$UpdateCMS->cms_sub_heading = $req->UpdtCmsSubHeading;
$UpdateCMS->cms_slug = Str::slug($req->UpdtCmsTitle);
$UpdateCMS->cms_description = $req->UpdtCmsDesc;
$UpdateCMS->cms_price = $req->UpdtCmsPrice;
if($req->hasFile('UpdtCmsImg'))
{
$file = $req->file('UpdtCmsImg');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->storeAs('public/images',$fileName);
$UpdateCMS->cms_image = $fileName;
}
else
{
$UpdateCMS->cms_image = $req->PrevCmsImg;
}
if($req->hasFile('UpdtCmsImg2'))
{
$file = $req->file('UpdtCmsImg2');
// $extension = $file->getClientOriginalExtension();
$fileName2 = $file->getClientOriginalName();
$file->storeAs('public/images',$fileName2);
$UpdateCMS->cms_image2 = $fileName2;
}
else
{
$UpdateCMS->cms_image2 = $req->PrevCmsImg2;
}
if($req->hasFile('UpdtCmsVideo'))
{
$file = $req->file('UpdtCmsVideo');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->move('storage/images',$fileName);
$UpdateCMS->cms_video = $fileName;
}
else
{
$UpdateCMS->cms_video = $req->PrevCmsVideo;
}
$UpdateCMS->cms_status = $req->UpdtCmsStatus;
$UpdateCMS->save();
return response()->json(['success'=>'CMS Updated Successfully']);
}
}
public function delete_cms(Request $req)
{
$id = $req->id;
$DeleteCMS = Cms::find($id);
$DeleteCMS->delete();
}
}