shell bypass 403
<?php
namespace App\Http\Controllers\admin;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use App\Models\Testimonial;
class TestimonialController extends Controller
{
//
public function __construct()
{
$this->middleware('auth');
$this->middleware('isAdmin');
}
public function index()
{
$data['testimonials'] = Testimonial::all();
return view('admin/testimonial',$data);
}
public function add()
{
return view('admin/add_testimonial');
}
public function insert(Request $req)
{
if ($req->testiStatus == true)
{
$status = 1;
}
else
{
$status = 0;
}
$validation = Validator::make($req->all(),[
'testiText' => 'required',
'clientRating' => 'required',
'clientImg'=>'image|mimes:jpg,png,jpeg|max:2048',
],[
'testiText.required' => 'Testimonial Text Is Required',
'clientRating.required' => 'Rating Is Required',
'clientImg.image'=>'Must In Image Formate',
'clientImg.mimes'=>'Image Type In JPG, PNG & JPEG',
'clientImg.max'=>'Image Maximum Size Is 2048',
]);
if(!$validation->passes())
{
return response()->json(['error'=>$validation->errors()]);
}
else
{
$AddTesti = new Testimonial;
$AddTesti->client_name = $req->clientName;
$AddTesti->client_position = $req->clientPosition;
$AddTesti->testimonial_text = $req->testiText;
$AddTesti->testimonial_rating = $req->clientRating;
$AddTesti->testimonial_status = $status;
if($req->hasFile('clientImg'))
{
$file = $req->file('clientImg');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->storeAs('public/images/',$fileName);
$AddTesti->client_image = $fileName;
}
$AddTesti->save();
return response()->json(['success'=>'Testimonial Add Successfully...']);
}
}
public function update(Request $req)
{
if ($req->TestimonialStatus == true)
{
$status = 1;
}
else
{
$status = 0;
}
$validation = Validator::make($req->all(),[
'TestiText' => 'required',
'ClientRating' => 'required',
'UpdtClientImg'=>'image|mimes:jpg,png,jpeg|max:2048',
],[
'TestiText.required' => 'Testimonial Text Is Required',
'ClientRating.required' => 'Rating Is Required',
'UpdtClientImg.image'=>'Must In Image Formate',
'UpdtClientImg.mimes'=>'Image Type In JPG, PNG & JPEG',
'UpdtClientImg.max'=>'Image Maximum Size Is 2048',
]);
if(!$validation->passes())
{
return response()->json(['error'=>$validation->errors()]);
}
else
{
$id = $req->TestiId;
$UpdateTesti = Testimonial::find($id);
$UpdateTesti->client_name = $req->ClientName;
$UpdateTesti->client_position = $req->ClientPosition;
$UpdateTesti->testimonial_text = $req->TestiText;
$UpdateTesti->testimonial_rating = $req->ClientRating;
$UpdateTesti->testimonial_status = $status;
if($req->hasFile('UpdtClientImg'))
{
$file = $req->file('UpdtClientImg');
$extension = $file->getClientOriginalExtension();
$fileName = time().'.'.$extension;
$file->storeAs('public/images/',$fileName);
$UpdateTesti->client_image = $fileName;
}
elseif($req->removeImg == true)
{
$UpdateTesti->client_image = null;
}
else
{
$UpdateTesti->client_image = $req->PrevClientImg;
}
$UpdateTesti->save();
return response()->json(['success'=>'Testimonial Update Successfully']);
}
}
public function delete(Request $req)
{
$id = $req->id;
$DeleteTesti = Testimonial::find($id);
$DeleteTesti->delete();
}
}