ok
Mini Shell
<?php session_start();
//DB conncetion
if (empty($_SESSION['token'])) {
echo $_SESSION['token'] = bin2hex(random_bytes(32));
$_SESSION["token-expire"] = time() + 3600; // 1 hour = 3600 secs
}
error_reporting(E_ERROR | E_WARNING | E_PARSE);
include_once 'includes/config.php';
//validating Session
if (strlen($_SESSION['aid'] == 0)) {
header('location:logout.php');
} else {
function imageResize($imageResourceId, $width, $height)
{
$targetWidth = 550;
$targetHeight = 315;
$targetLayer = imagecreatetruecolor($targetWidth, $targetHeight);
imagecopyresampled($targetLayer, $imageResourceId, 0, 0, 0, 0, $targetWidth, $targetHeight, $width, $height);
return $targetLayer;
}
if (isset($_POST['submit'])) {
if (hash_equals($_SESSION["token"], $_POST["token"])) {
$pname = strtoupper($_POST['pname']);
$doj = $_POST['doj'];
$qual = strtoupper($_POST['psa']);
$mobile = $_POST['pcont'];
$add = $_POST['paddress'];
$check = mysqli_query($con, "select * from tbl_principal where status='1'");
$checkrows = mysqli_num_rows($check);
if ($checkrows > 0) {
echo '<script>alert("Principal is still active in the College. Exit first!!!!.")</script>';
} else {
// image resize script
if (is_array($_FILES)) {
$file = $_FILES['cdate']['tmp_name'];
$sourceProperties = getimagesize($file);
$fileNewName = time() . $_FILES['cdate']['name'];
$folderPath = "../upload/teacher/";
$ext = pathinfo($_FILES['cdate']['name'], PATHINFO_EXTENSION);
$imageType = $sourceProperties[2];
switch ($imageType) {
case IMAGETYPE_PNG:
$imageResourceId = imagecreatefrompng($file);
$targetLayer = imageResize($imageResourceId, $sourceProperties[0], $sourceProperties[1]);
// imagepng($targetLayer,$folderPath. $fileNewName. "_thump.". $ext);
imagepng($targetLayer, $folderPath . $fileNewName);
break;
case IMAGETYPE_GIF:
$imageResourceId = imagecreatefromgif($file);
$targetLayer = imageResize($imageResourceId, $sourceProperties[0], $sourceProperties[1]);
// imagegif($targetLayer,$folderPath. $fileNewName. "_thump.". $ext);
imagepng($targetLayer, $folderPath . $fileNewName);
break;
case IMAGETYPE_JPEG:
$imageResourceId = imagecreatefromjpeg($file);
$targetLayer = imageResize($imageResourceId, $sourceProperties[0], $sourceProperties[1]);
// imagejpeg($targetLayer,$folderPath. $fileNewName. "_thump.". $ext);
imagepng($targetLayer, $folderPath . $fileNewName);
break;
default:
echo "Invalid Image type.";
exit;
break;
}
// move_uploaded_file($file, $folderPath.$fileNewName. ".". $ext);
// unlink($folderPath.$fileNewName. ".". $ext);
// echo "Image Resize Successfully.";
}
// image resize
if (move_uploaded_file($file, $folderPath . $fileNewName . "." . $ext)) {
unlink($folderPath . $fileNewName . "." . $ext);
// $query = mysqli_query($con, "insert into tbl_principal(pname,joiningdate,qualification,mobno,address,photopath) values('$pname','$doj','$qual','$mobile','$add','$fileNewName')");
$stmt = $mysqli->prepare("insert into tbl_principal(pname,joiningdate,qualification,mobno,address,photopath) values(?,?,?,?,?,?)");
$stmt->bind_param("ssssss", $pname,$doj,$qual,$mobile,$add,$fileNewName);
$stmt->execute();
if ($stmt) {
// if ($query) {
echo '<script>alert("Princiapl Joined Successfully.")</script>';
unset($_SESSION['token']);
unset($_SESSION['token-expire']);
echo "<script>window.location.href ='manage-principal.php'</script>";
} else {
echo '<script>alert("Something Went Wrong. Please try again.")</script>';
}
} else {
echo "Failed to upload file.";
}
}
} else {
echo '<script>alert("Malicious Data found & submitted. Please try again.")</script>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title> Principal Incumbancy</title>
<!-- Custom fonts for this template-->
<link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link
href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"
rel="stylesheet">
<!-- Custom styles for this template-->
<link href="css/sb-admin-2.min.css" rel="stylesheet">
<style type="text/css">
label {
font-size: 16px;
font-weight: bold;
color: #000;
}
</style>
</head>
<body id="page-top">
<!-- Page Wrapper -->
<div id="wrapper">
<?php include_once 'includes/sidebar.php';?>
<!-- Content Wrapper -->
<div id="content-wrapper" class="d-flex flex-column">
<!-- Main Content -->
<div id="content">
<!-- Topbar -->
<?php include_once 'includes/topbar.php';?>
<!-- End of Topbar -->
<!-- Begin Page Content -->
<div class="container-fluid">
<!-- Page Heading -->
<h1 class="h3 mb-4 text-gray-800">New Principal Joining</h1>
<form method="post" name="adminprofile" enctype="multipart/form-data">
<input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>">
<div class="row">
<div class="col-lg-12 col-sm-12 col-md-12">
<!-- Basic Card Example -->
<div class="card shadow mb-4">
<div class="card-body">
<!-- form starts -->
<div class="container py-2">
<div class="row">
<div class="col-md-12 mx-auto">
<div class="form-group row">
<div class="col-sm-6">
<label for="inputFirstname">Name of the Principal</label>
<input type="text" class="form-control" id="inputFirstname"
name="pname" required
placeholder="Name of the Principal">
</div>
<div class="col-sm-6">
<label for="inputLastname">Date of joining</label>
<input type="date" class="form-control" name="doj"
id="inputAddressLine1" required>
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputAddressLine1">Highest Qualification</label>
<input type="text" class="form-control" required name="psa"
id="inputAddressLine1" placeholder="Qualification">
</div>
<div class="col-sm-6">
<label for="inputAddressLine2">Contact No.</label>
<input type="number" class="form-control" required
name="pcont" id="inputAddressLine1"
placeholder="Contact Details">
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputAddressLine2">Upload Photograph</label>
<input type="file" class="form-control" id="file-upload"
required name="cdate" onchange="return fileValidation()"
placeholder="Years of Experience">
</div>
<div class="col-sm-6">
<label for="inputCity">Address</label>
<textarea name="paddress" id="" cols="30" rows="4" required
class="form-control"></textarea>
</div>
</div>
<button type="submit" class="btn btn-primary px-4 float-right"
name="submit">Save</button>
</div>
</div>
</div>
<!-- form ends -->
</div>
</div>
</div>
</div>
</form>
</div>
<!-- /.container-fluid -->
</div>
<!-- End of Main Content -->
<?php include_once 'includes/footer.php';?>
</div>
<!-- End of Content Wrapper -->
</div>
<!-- End of Page Wrapper -->
<!-- Scroll to Top Button-->
<?php include_once 'includes/footer2.php';?>
<!-- Bootstrap core JavaScript-->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Core plugin JavaScript-->
<script src="vendor/jquery-easing/jquery.easing.min.js"></script>
<!-- Custom scripts for all pages-->
<script src="js/sb-admin-2.min.js"></script>
<script>
/* javascript function to validate file type */
function fileValidation() {
var inputElement = document.getElementById('file-upload');
var files = inputElement.files;
if (files.length == 0) {
alert("Please choose a file first...");
return false;
} else {
var filename = files[0].name;
/* getting file extenstion eg- .jpg,.png, etc */
var extension = filename.substr(filename.lastIndexOf("."));
/* define allowed file types */
var allowedExtensionsRegx = /(\.jpg|\.jpeg|\.png|\.gif)$/i;
/* testing extension with regular expression */
var isAllowed = allowedExtensionsRegx.test(extension);
if (isAllowed) {
alert("File type is valid for the upload");
/* file upload logic goes here... */
} else {
alert("Invalid File Type.Choose image/Photo file Only");
inputElement.value = '';
return false;
}
}
}
</script>
</body>
</html>
<?php }?>
Zerion Mini Shell 1.0