ok
Direktori : /proc/self/root/proc/thread-self/root/home/ngwcolle/public_html/admin/ |
Current File : //proc/self/root/proc/thread-self/root/home/ngwcolle/public_html/admin/add-notice.php |
<?php session_start(); //DB conncetion include_once 'includes/config.php'; if (empty($_SESSION['token'])) { $_SESSION['token'] = bin2hex(random_bytes(32)); $_SESSION["token-expire"] = time() + 3600; // 1 hour = 3600 secs } //validating Session if (strlen($_SESSION['aid'] == 0)) { header('location:logout.php'); } else { if (isset($_POST['submit'])) { if (hash_equals($_SESSION["token"], $_POST["token"])) { $noticedate = $_POST['psa']; $orderno = $_POST['pname']; $subject = $_POST['subject']; $noticetype = $_POST['dept']; $description = $_POST['content']; $postedby = $_POST['ptype']; $filename = $_FILES['cdate']['name']; $filename = uniqid(rand()) . $filename; // destination of the file on the server $destination = '../upload/notice/' . $filename; // get the file extension $extension = pathinfo($filename, PATHINFO_EXTENSION); // the physical file on a temporary uploads directory on the server $file = $_FILES['cdate']['tmp_name']; if (move_uploaded_file($file, $destination)) { $stmt = $mysqli->prepare("insert into tbl_notice(noticedate,orderno,subject,noticetype,description,docpath,postedby) values(?,?,?,?,?,?,?)"); $stmt->bind_param("sssssss", $noticedate, $orderno, $subject, $noticetype, $description, $filename, $postedby); $stmt->execute(); // $query = mysqli_query($con, "insert into tbl_notice(noticedate,orderno,subject,noticetype,description,docpath,postedby) // values('$noticedate','$orderno','$subject','$noticetype','$description','$filename','$postedby')"); if ($stmt) { echo '<script>alert("Order/Notice Created Successfully.")</script>'; unset($_SESSION['token']); unset($_SESSION['token-expire']); echo "<script>window.location.href ='manage-notice.php'</script>"; } else { echo '<script>alert("Something Went Wrong. Please try again.")</script>'; } } else { echo "Failed to upload file."; } } else { echo '<script>alert("Malicious Data found & submitted. Please try again.")</script>'; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content=""> <meta name="author" content=""> <title> Notice/Order Creation</title> <!-- Custom fonts for this template--> <link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css"> <link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet"> <!-- Custom styles for this template--> <link href="css/sb-admin-2.min.css" rel="stylesheet"> <style type="text/css"> label { font-size: 16px; font-weight: bold; color: #000; } </style> </head> <body id="page-top"> <!-- Page Wrapper --> <div id="wrapper"> <?php include_once 'includes/sidebar.php'; ?> <!-- Content Wrapper --> <div id="content-wrapper" class="d-flex flex-column"> <!-- Main Content --> <div id="content"> <!-- Topbar --> <?php include_once 'includes/topbar.php'; ?> <!-- End of Topbar --> <!-- Begin Page Content --> <div class="container-fluid"> <!-- Page Heading --> <h1 class="h3 mb-4 text-gray-800">New Notice Creation</h1> <form method="post" name="adminprofile" enctype="multipart/form-data"> <input type="hidden" class="form-control" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>"> <div class="row"> <div class="col-lg-12 col-sm-12 col-md-12"> <!-- Basic Card Example --> <div class="card shadow mb-4"> <div class="card-body"> <!-- form starts --> <div class="container py-2"> <div class="row"> <div class="col-md-12 mx-auto"> <div class="form-group row"> <div class="col-sm-6"> <label for="inputFirstname">Notification No</label> <input type="text" required class="form-control" id="inputFirstname" name="pname" placeholder="Office Order No"> </div> <div class="col-sm-6"> <label for="inputLastname">Type of Notice</label> <select name="dept" class="form-control" id="dept" required> <option value="">--Select--</option> <option value="Notice">Notice</option> <option value="Office Order">Office Order</option> <option value="Memo">Memo</option> <option value="Advertisement">Advertisement</option> <option value="Recruitment">Recruitment</option> </select> </div> </div> <div class="form-group row"> <div class="col-sm-6"> <label for="inputAddressLine1">Date of order</label> <input type="date" required class="form-control" name="psa" id="inputAddressLine1" placeholder="Govt. Departments"> </div> <div class="col-sm-6"> <label for="inputAddressLine2">Order Department</label> <select name="ptype" id="ptype" class="form-control" required> <option value="">--Select--</option> <!-- <option value="Principal">Principal</option> <option value="Admin">Admin</option> <option value="Committee">Committee</option> <option value="Department">Department</option> <option value="Library">Library</option> --> <?php $query = mysqli_query($con, "select * from tbl_dept where status=1 "); while ($category = mysqli_fetch_array($query)) { ?> <option value="<?php echo $category["id"]; ?>"> <?php echo $category["dept_name"]; ?></option> <?php } ?> </select> </div> </div> <div class="form-group row"> <div class="col-sm-12"> <label for="inputCity">Subject of the Order (Max 70 Characters)</label> <textarea name="subject" id="" cols="30" maxlength="100" rows="3" class="form-control" required></textarea> <!-- <input type="date" class="form-control" id="inputCity" name="cdate" placeholder="City"> --> </div> </div> <div class="form-group row"> <div class="col-sm-12"> <label for="inputCity">Contents of the Order (Max 500 Characters)</label> <textarea name="content" id="" cols="30" maxlength="500" rows="10" class="form-control" required></textarea> <!-- <input type="date" class="form-control" id="inputCity" name="cdate" placeholder="City"> --> </div> </div> <div class="form-group row"> <div class="col-sm-12"> <label for="inputCity">Upload the Document Scan (Only Pdf/Images Allowed)</label> <!-- <textarea name="content" id="" cols="30" rows="10" class="form-control"></textarea> --> <input type="file" class="form-control" id="file-upload" name="cdate" required onchange="return fileValidation()"> </div> </div> <button type="submit" class="btn btn-primary px-4 float-right" name="submit">Publish</button> </div> </div> </div> <!-- form ends --> </div> </div> </div> </div> </form> </div> <!-- /.container-fluid --> </div> <!-- End of Main Content --> <?php include_once 'includes/footer.php'; ?> </div> <!-- End of Content Wrapper --> </div> <!-- End of Page Wrapper --> <!-- Scroll to Top Button--> <?php include_once 'includes/footer2.php'; ?> <!-- Bootstrap core JavaScript--> <script src="vendor/jquery/jquery.min.js"></script> <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script> <!-- Core plugin JavaScript--> <script src="vendor/jquery-easing/jquery.easing.min.js"></script> <!-- Custom scripts for all pages--> <script src="js/sb-admin-2.min.js"></script> <script> /* javascript function to validate file type */ function fileValidation() { var inputElement = document.getElementById('file-upload'); var files = inputElement.files; if (files.length == 0) { alert("Please choose a file first..."); return false; } else { var filename = files[0].name; /* getting file extenstion eg- .jpg,.png, etc */ var extension = filename.substr(filename.lastIndexOf(".")); /* define allowed file types */ var allowedExtensionsRegx = /(\.jpg|\.jpeg|\.png|\.gif|\.pdf)$/i; /* testing extension with regular expression */ var isAllowed = allowedExtensionsRegx.test(extension); if (isAllowed) { alert("File type is valid for the upload"); /* file upload logic goes here... */ } else { alert("Invalid File Type.Choose image/PDF file Only"); inputElement.value = ''; return false; } } } </script> </body> </html> <?php } ?>