shell bypass 403
<?php
namespace App\Http\Controllers\Admin;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Response;
use Illuminate\Support\Str;
use App\Models\PostCategory;
use App\Models\Post;
use Auth;
class PostController extends Controller
{
//
public function __construct()
{
$this->middleware('auth');
$this->middleware('isAdmin');
}
public function index()
{
// $data['posts'] = Post::all();
$data['posts'] = DB::select("SELECT p.`post_id`, p.`user_id`, p.`postcategory_id`, p.`post_heading`, p.`post_sub_heading`, p.`post_slug`, p.`post_short_descruption`, p.`post_long_descruption`, p.`post_thumbnail`, p.`post_image`, p.`post_status`, c.`category_title` as catName from `posts` as p left join `postcategories` c on c.category_id = p.postcategory_id order by `post_id` desc");
return view('admin/post',$data);
}
public function add()
{
$data['categories'] = PostCategory::all();
return view('admin/add_post',$data);
}
public function insert(Request $req)
{
if($req->postStatus == true)
{
$status = 1;
}
else
{
$status = 0;
}
$validation = Validator::make($req->all(),[
'postHeading' => 'required|max:100',
'postThumb' => 'image|mimes:jpg,png,jpeg|max:2048',
'postImg' => 'image|mimes:jpg,png,jpeg|max:2048',
],[
'postHeading.required' => 'Post Heading Is Required',
'postHeading.max' => 'Post Heading Max Limit 100',
'postThumb.image' => 'Must In Image Formate',
'postThumb.mimes' => 'Image Type In JPG, PNG & JPEG',
'postThumb.max' => 'Image One Maximum Size Is 2048',
'postImg.image' => 'Must In Image Formate',
'postImg.mimes' => 'Image Type In JPG, PNG & JPEG',
'postImg.max' => 'Image One Maximum Size Is 2048',
]);
if (!$validation->passes())
{
return response()->json(['error'=>$validation->errors()]);
}
else
{
$AddPost = new Post;
$AddPost->user_id = Auth::user()->id;
$AddPost->postcategory_id = $req->ParentCat;
$AddPost->post_heading = $req->postHeading;
$AddPost->post_sub_heading = $req->postSubHeading;
$AddPost->post_slug = Str::slug($req->postHeading);
$AddPost->post_short_descruption = $req->postDesc;
$AddPost->post_long_descruption = $req->postLongDesc;
if($req->hasFile('postThumb'))
{
$file = $req->file('postThumb');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->storeAs('public/images',$fileName);
$AddPost->post_thumbnail = $fileName;
}
if($req->hasFile('postImg'))
{
$file = $req->file('postImg');
$fileName2 = $file->getClientOriginalName();
$file->storeAs('public/images',$fileName2);
$AddPost->post_image = $fileName2;
}
$AddPost->post_status = $status;
$AddPost->save();
return response()->json(['success'=>'Post Added Successfully']);
}
}
public function edit($id)
{
$data['edit'] = Post::find($id);
$data['categories'] = PostCategory::all();
return view('admin/edit_post',$data);
}
public function update(Request $req)
{
if($req->EditPostStatus == true)
{
$status = 1;
}
else
{
$status = 0;
}
$validation = Validator::make($req->all(),[
'EditPostHeading' => 'required|max:100',
'EditPostThumb' => 'image|mimes:jpg,png,jpeg|max:2048',
'EditPostImg' => 'image|mimes:jpg,png,jpeg|max:2048',
],[
'EditPostHeading.required' => 'Post Heading Is Required',
'EditPostHeading.max' => 'Post Heading Max Limit 100',
'EditPostThumb.image' => 'Must In Image Formate',
'EditPostThumb.mimes' => 'Image Type In JPG, PNG & JPEG',
'EditPostThumb.max' => 'Image One Maximum Size Is 2048',
'EditPostImg.image' => 'Must In Image Formate',
'EditPostImg.mimes' => 'Image Type In JPG, PNG & JPEG',
'EditPostImg.max' => 'Image One Maximum Size Is 2048',
]);
if (!$validation->passes())
{
return response()->json(['error'=>$validation->errors()]);
}
else
{
$id = $req->EditPostId;
$UpdtPost = Post::find($id);
$UpdtPost->user_id = Auth::user()->id;
$UpdtPost->postcategory_id = $req->EditParentCat;
$UpdtPost->post_heading = $req->EditPostHeading;
$UpdtPost->post_sub_heading = $req->EditPostSubHeading;
$UpdtPost->post_slug = Str::slug($req->EditPostHeading);
$UpdtPost->post_short_descruption = $req->EditPostDesc;
$UpdtPost->post_long_descruption = $req->EditPostLongDesc;
}
if($req->hasFile('EditPostThumb'))
{
$file = $req->file('EditPostThumb');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->storeAs('public/images',$fileName);
$UpdtPost->post_thumbnail = $fileName;
}
elseif($req->RemoveThumbImg == true)
{
$UpdtPost->post_thumbnail = null;
}
else
{
$UpdtPost->post_thumbnail = $req->PrevThumbImage;
}
if($req->hasFile('EditPostImg'))
{
$file = $req->file('EditPostImg');
$fileName2 = $file->getClientOriginalName();
$file->storeAs('public/images',$fileName2);
$UpdtPost->post_image = $fileName2;
}
elseif($req->RemovePostImg == true)
{
$UpdtPost->post_image = null;
}
else
{
$UpdtPost->post_image = $req->PrevPostImage;
}
$UpdtPost->post_status = $status;
$UpdtPost->save();
return response()->json(['success'=>'Post Updated Successfully']);
}
public function delete(Request $req)
{
$id = $req->id;
$DeletePost = Post::find($id);
$DeletePost->delete();
}
}