ok
Mini Shell
<?php session_start();
//DB conncetion
include_once 'includes/config.php';
if (empty($_SESSION['token'])) {
$_SESSION['token'] = bin2hex(random_bytes(32));
$_SESSION["token-expire"] = time() + 3600; // 1 hour = 3600 secs
}
//validating Session
if (strlen($_SESSION['aid'] == 0)) {
header('location:logout.php');
} else {
if (isset($_POST['submit'])) {
if (hash_equals($_SESSION["token"], $_POST["token"])) {
$pname = strip_tags($_POST['dept']);
$description = strip_tags($_POST['content']);
$id = 1;
// $query = mysqli_query($con, "UPDATE tbl_college set princmsg='$description',principal='$pname' where id='1'");
$stmt = $mysqli->prepare("UPDATE tbl_college SET princmsg = ?,principal=? where id=?");
$stmt->bind_param("sss", $description, $pname, $id);
$stmt->execute();
if ($stmt) {
echo '<script>alert("Message Addedd Successfully.")</script>';
echo "<script>window.location.href ='dashboard.php'</script>";
unset($_SESSION['token']);
unset($_SESSION['token-expire']);
} else {
echo '<script>alert("Something Went Wrong. Please try again.")</script>';
}
} else {
echo '<script>alert("Malicious Data found & submitted. Please try again.")</script>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title> Principal's Message</title>
<!-- Custom fonts for this template-->
<link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet">
<!-- Custom styles for this template-->
<link href="css/sb-admin-2.min.css" rel="stylesheet">
<style type="text/css">
label {
font-size: 16px;
font-weight: bold;
color: #000;
}
</style>
</head>
<body id="page-top">
<!-- Page Wrapper -->
<div id="wrapper">
<?php include_once 'includes/sidebar.php'; ?>
<!-- Content Wrapper -->
<div id="content-wrapper" class="d-flex flex-column">
<!-- Main Content -->
<div id="content">
<!-- Topbar -->
<?php include_once 'includes/topbar.php'; ?>
<!-- End of Topbar -->
<!-- Begin Page Content -->
<div class="container-fluid">
<!-- Page Heading -->
<h1 class="h3 mb-4 text-gray-800">Manage Message form Principal</h1>
<form method="post" name="adminprofile" enctype="multipart/form-data">
<input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>">
<div class="row">
<div class="col-lg-12 col-sm-12 col-md-12">
<!-- Basic Card Example -->
<div class="card shadow mb-4">
<div class="card-body">
<!-- form starts -->
<div class="container py-2">
<div class="row">
<div class="col-md-12 mx-auto">
<div class="form-group row">
<div class="col-sm-12">
<label for="inputLastname">Principal's Name</label>
<select name="dept" class="form-control" id="dept" required>
<option value="">--Select--</option>
<?php
$query = mysqli_query($con, "select * from tbl_principal where status=1 ");
while ($category = mysqli_fetch_array($query)) {
?>
<option value="<?php echo $category["pname"]; ?>">
<?php echo $category["pname"]; ?></option>
<?php } ?>
</select>
</div>
</div>
<div class="form-group row">
<div class="col-sm-12">
<label for="inputCity">Message from the Principal (Max 2000
Characters)</label>
<textarea name="content" id="" cols="30" maxlength="2000" rows="10" class="form-control" required></textarea>
<!-- <input type="date" class="form-control" id="inputCity" name="cdate" placeholder="City"> -->
</div>
</div>
<button type="submit" class="btn btn-primary px-4 float-right" name="submit">Post Message</button>
</div>
</div>
</div>
<!-- form ends -->
</div>
</div>
</div>
</div>
</form>
</div>
<!-- /.container-fluid -->
</div>
<!-- End of Main Content -->
<?php include_once 'includes/footer.php'; ?>
</div>
<!-- End of Content Wrapper -->
</div>
<!-- End of Page Wrapper -->
<!-- Scroll to Top Button-->
<?php include_once 'includes/footer2.php'; ?>
<!-- Bootstrap core JavaScript-->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Core plugin JavaScript-->
<script src="vendor/jquery-easing/jquery.easing.min.js"></script>
<!-- Custom scripts for all pages-->
<script src="js/sb-admin-2.min.js"></script>
<script>
/* javascript function to validate file type */
function fileValidation() {
var inputElement = document.getElementById('file-upload');
var files = inputElement.files;
if (files.length == 0) {
alert("Please choose a file first...");
return false;
} else {
var filename = files[0].name;
/* getting file extenstion eg- .jpg,.png, etc */
var extension = filename.substr(filename.lastIndexOf("."));
/* define allowed file types */
var allowedExtensionsRegx = /(\.jpg|\.jpeg|\.png|\.gif|\.pdf)$/i;
/* testing extension with regular expression */
var isAllowed = allowedExtensionsRegx.test(extension);
if (isAllowed) {
alert("File type is valid for the upload");
/* file upload logic goes here... */
} else {
alert("Invalid File Type.Choose image/PDF file Only");
inputElement.value = '';
return false;
}
}
}
</script>
</body>
</html>
<?php } ?>
Zerion Mini Shell 1.0