ok
Mini Shell
<?php session_start();
//DB conncetion
include_once 'includes/config.php';
if (empty($_SESSION['token'])) {
$_SESSION['token'] = bin2hex(random_bytes(32));
$_SESSION["token-expire"] = time() + 3600; // 1 hour = 3600 secs
}
//validating Session
if (strlen($_SESSION['aid'] == 0)) {
header('location:logout.php');
} else {
// echo bin2hex(random_bytes(32));
if (isset($_POST['submit'])) {
/* $sql="UPDATE tbl_college set estayear='{$_POST['yoe']}',samscode='{$_POST['samscode']}',
type='{$_POST['dept']}',aishecode={$_POST['aishe']},address='{$_POST['address']}',govtorder='{$_POST['govtorder']}',mission='{$_POST['mission']}',vision='$vision',
about='{$_POST['about']}',staff_sanctioned='{$_POST['sstaff']}',staff_vacancy='{$_POST['vacancy']}',
classroomtot='{$_POST['classroomtot']}',booktot='{$_POST['booktot']}',
teachertot='{$_POST['teachertot']}',studentstot='{$_POST['studentstot']}'"; */
// $pname=strtoupper($_POST['pname']);
// $dept=$_POST['dept'];
// $psa=strtoupper($_POST['psa']);
// $ptype=$_POST['ptype'];
#####
// if(hash_equals($_SESSION["token"], $_POST["token"])) {
// echo "match";
// }
// else{
// echo "mismatch";
// }
if (hash_equals($_SESSION["token"], $_POST["token"])) {
// if (isset($_POST["token"]) && isset($_SESSION["token"]) && isset($_SESSION["token-expire"]) && $_SESSION["token"] == $_POST["token"]) {
// (B1) EXPIRED
// if (time() >= $_SESSION["token-expire"]) {
// exit("Token expired. Please reload form.");
// }
// (B2) OK - DO YOUR PROCESSING
// echo "OK";
$vision = strip_tags($_POST["vision"]);
// $filteredString = filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
// $sql = "UPDATE tbl_college set estayear='{$_POST['yoe']}',samscode='{$_POST['samscode']}',
// type='{$_POST['dept']}',aishecode={$_POST['aishe']},address='{$_POST['address']}',govtorder='{$_POST['govtorder']}',mission='{$_POST['mission']}',vision='$vision',
// about='{$_POST['about']}',staff_sanctioned='{$_POST['sstaff']}',staff_vacancy='{$_POST['vacancy']}',
// classroomtot='{$_POST['classroomtot']}',booktot='{$_POST['booktot']}',
// teachertot='{$_POST['teachertot']}',studentstot='{$_POST['studentstot']}'";
// $query = mysqli_query($con, $sql);
// pdo
$query = "UPDATE tbl_college SET estayear = :estayear,samscode=:samscode,type=:type,aishecode=:aishecode,address=:address,
govtorder=:govtorder,mission=:mission,vision=:vision,about=:about,staff_sanctioned=:staff_sanctioned,staff_vacancy=:staff_vacancy,
classroomtot=:classroomtot,booktot=:booktot,teachertot=:teachertot,studentstot=:studentstot,quotation=:quotation";
$query_run = $pdo->prepare($query);
$data = [
':estayear' => $_POST['yoe'],
':samscode' => $_POST['samscode'],
':type' => $_POST['dept'],
':aishecode' => $_POST['aishe'],
':address' => $_POST['address'],
':govtorder' => $_POST['govtorder'],
':mission' => strip_tags($_POST['mission']),
':vision' => $vision,
':about' => strip_tags($_POST['about']),
':staff_sanctioned' => $_POST['sstaff'],
':staff_vacancy' => $_POST['vacancy'],
':classroomtot' => $_POST['classroomtot'],
':booktot' => $_POST['booktot'],
':teachertot' => $_POST['teachertot'],
':studentstot' => $_POST['studentstot'],
':quotation' => $_POST['quotation'],
];
$query_execute = $query_run->execute($data);
//pdo
if ($query_execute) {
echo '<script>alert("Profile Updated Successfully.")</script>';
unset($_SESSION['token']);
unset($_SESSION['token-expire']);
echo "<script>window.location.href ='add-profile.php'</script>";
} else {
echo '<script>alert("Something Went Wrong. Please try again.")</script>';
}
}
// (C) INVALID TOKEN
else {
echo '<script>alert("Malicious Data found & submitted. Please try again.")</script>';
}
#####
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title> Manage College Profile</title>
<!-- Custom fonts for this template-->
<link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet">
<!-- Custom styles for this template-->
<link href="css/sb-admin-2.min.css" rel="stylesheet">
<style type="text/css">
label {
font-size: 16px;
font-weight: bold;
color: #000;
}
</style>
</head>
<body id="page-top">
<!-- Page Wrapper -->
<div id="wrapper">
<?php include_once 'includes/sidebar.php'; ?>
<!-- Content Wrapper -->
<div id="content-wrapper" class="d-flex flex-column">
<!-- Main Content -->
<div id="content">
<!-- Topbar -->
<?php include_once 'includes/topbar.php'; ?>
<!-- End of Topbar -->
<!-- Begin Page Content -->
<div class="container-fluid">
<!-- Page Heading -->
<h1 class="h3 mb-4 text-gray-800">College Profile</h1>
<form method="post" name="adminprofile">
<input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>">
<div class="row">
<div class="col-lg-12 col-sm-12 col-md-12">
<!-- Basic Card Example -->
<div class="card shadow mb-4">
<div class="card-body">
<!-- form starts -->
<div class="container py-2">
<div class="row">
<div class="col-md-12 mx-auto">
<?php
$query = mysqli_query($con, "SELECT * from tbl_college");
$singleRow = mysqli_fetch_row($query);
?>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputFirstname">SAMS Code</label>
<input type="text" class="form-control" id="inputFirstname" value="<?php echo $singleRow['2']; ?>" name="samscode" placeholder="SAMS CODE">
</div>
<div class="col-sm-6">
<label for="inputLastname">Type of College</label>
<select name="dept" class="form-control" id="dept" required>
<option value="">--Select Type--</option>
<option value="Govt." selected>Govt.</option>
<option value="Semi Aided">Semi Aided</option>
</select>
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputAddressLine1">Date of Establishment</label>
<input type="date" value="<?php echo $singleRow['1']; ?>" class="form-control" name="yoe" id="inputAddressLine1" placeholder="Govt. Departments">
</div>
<div class="col-sm-6">
<label for="inputAddressLine2">AISHE Code</label>
<input type="text" class="form-control" name="aishe" value="<?php echo $singleRow['4']; ?>" id="inputAddressLine1" placeholder="Govt. Departments">
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputCity">Address</label>
<input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['5']; ?>" name="address" placeholder="AISHE Code">
</div>
<div class="col-sm-6">
<label for="inputState">Govt Order No.</label>
<input type="number" class="form-control" value="<?php echo $singleRow['6']; ?>" name="govtorder" id="inputAddressLine1" placeholder="Govt. Order no.">
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputCity">Sanctioned
Staff(Teaching/Non-Teaching)</label>
<input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['11']; ?>" name="sstaff" placeholder="AISHE Code">
</div>
<div class="col-sm-6">
<label for="inputState">Vacancy
Staff(Teaching/Non-Teaching)</label>
<input type="text" class="form-control" value="<?php echo $singleRow['12']; ?>" name="vacancy" id="inputAddressLine1" placeholder="Govt. Order no.">
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputCity">No.of Teachers</label>
<input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['17']; ?>" name="teachertot" placeholder="AISHE Code">
</div>
<div class="col-sm-6">
<label for="inputState">No. of Students</label>
<input type="text" class="form-control" value="<?php echo $singleRow['19']; ?>" name="studentstot" id="inputAddressLine1" placeholder="Govt. Order no.">
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputCity">No.of Classrooms</label>
<input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['16']; ?>" name="classroomtot" placeholder="AISHE Code">
</div>
<div class="col-sm-6">
<label for="inputState">No. of Books in Library</label>
<input type="text" class="form-control" value="<?php echo $singleRow['18']; ?>" name="booktot" id="inputAddressLine1" placeholder="Govt. Order no.">
</div>
</div>
<div class="form-group row">
<div class="col-sm-6">
<label for="inputCity">Mission</label>
<textarea name="mission" id="" cols="30" rows="4" class="form-control"><?php echo $singleRow['7']; ?></textarea>
</div>
<div class="col-sm-6">
<label for="inputState">Vission</label>
<textarea name="vision" id="" cols="30" rows="4" class="form-control"><?php echo $singleRow['8']; ?></textarea>
</div>
</div>
<div class="form-group row">
<div class="col-sm-12">
<label for="inputCity">Quotation by Principal</label>
<textarea name="quotation" id="" cols="30" rows="3" class="form-control"><?php echo $singleRow['20']; ?></textarea>
</div>
</div>
<div class="form-group row">
<div class="col-sm-12">
<label for="inputCity">About History</label>
<textarea name="about" id="" cols="30" rows="10" class="form-control"><?php echo $singleRow['10']; ?></textarea>
</div>
</div>
<button type="submit" class="btn btn-primary px-4 float-right" name="submit">Save</button>
</div>
</div>
</div>
<!-- form ends -->
</div>
</div>
</div>
</div>
</form>
</div>
<!-- /.container-fluid -->
</div>
<!-- End of Main Content -->
<?php include_once 'includes/footer.php'; ?>
</div>
<!-- End of Content Wrapper -->
</div>
<!-- End of Page Wrapper -->
<!-- Scroll to Top Button-->
<?php include_once 'includes/footer2.php'; ?>
<!-- Bootstrap core JavaScript-->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Core plugin JavaScript-->
<script src="vendor/jquery-easing/jquery.easing.min.js"></script>
<!-- Custom scripts for all pages-->
<script src="js/sb-admin-2.min.js"></script>
</body>
</html>
<?php } ?>
Zerion Mini Shell 1.0