ok
Direktori : /home/ngwcolle/www/admin/ |
Current File : /home/ngwcolle/www/admin/add-profile.php |
<?php session_start(); //DB conncetion include_once 'includes/config.php'; if (empty($_SESSION['token'])) { $_SESSION['token'] = bin2hex(random_bytes(32)); $_SESSION["token-expire"] = time() + 3600; // 1 hour = 3600 secs } //validating Session if (strlen($_SESSION['aid'] == 0)) { header('location:logout.php'); } else { // echo bin2hex(random_bytes(32)); if (isset($_POST['submit'])) { /* $sql="UPDATE tbl_college set estayear='{$_POST['yoe']}',samscode='{$_POST['samscode']}', type='{$_POST['dept']}',aishecode={$_POST['aishe']},address='{$_POST['address']}',govtorder='{$_POST['govtorder']}',mission='{$_POST['mission']}',vision='$vision', about='{$_POST['about']}',staff_sanctioned='{$_POST['sstaff']}',staff_vacancy='{$_POST['vacancy']}', classroomtot='{$_POST['classroomtot']}',booktot='{$_POST['booktot']}', teachertot='{$_POST['teachertot']}',studentstot='{$_POST['studentstot']}'"; */ // $pname=strtoupper($_POST['pname']); // $dept=$_POST['dept']; // $psa=strtoupper($_POST['psa']); // $ptype=$_POST['ptype']; ##### // if(hash_equals($_SESSION["token"], $_POST["token"])) { // echo "match"; // } // else{ // echo "mismatch"; // } if (hash_equals($_SESSION["token"], $_POST["token"])) { // if (isset($_POST["token"]) && isset($_SESSION["token"]) && isset($_SESSION["token-expire"]) && $_SESSION["token"] == $_POST["token"]) { // (B1) EXPIRED // if (time() >= $_SESSION["token-expire"]) { // exit("Token expired. Please reload form."); // } // (B2) OK - DO YOUR PROCESSING // echo "OK"; $vision = strip_tags($_POST["vision"]); // $filteredString = filter_var($string, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // $sql = "UPDATE tbl_college set estayear='{$_POST['yoe']}',samscode='{$_POST['samscode']}', // type='{$_POST['dept']}',aishecode={$_POST['aishe']},address='{$_POST['address']}',govtorder='{$_POST['govtorder']}',mission='{$_POST['mission']}',vision='$vision', // about='{$_POST['about']}',staff_sanctioned='{$_POST['sstaff']}',staff_vacancy='{$_POST['vacancy']}', // classroomtot='{$_POST['classroomtot']}',booktot='{$_POST['booktot']}', // teachertot='{$_POST['teachertot']}',studentstot='{$_POST['studentstot']}'"; // $query = mysqli_query($con, $sql); // pdo $query = "UPDATE tbl_college SET estayear = :estayear,samscode=:samscode,type=:type,aishecode=:aishecode,address=:address, govtorder=:govtorder,mission=:mission,vision=:vision,about=:about,staff_sanctioned=:staff_sanctioned,staff_vacancy=:staff_vacancy, classroomtot=:classroomtot,booktot=:booktot,teachertot=:teachertot,studentstot=:studentstot,quotation=:quotation"; $query_run = $pdo->prepare($query); $data = [ ':estayear' => $_POST['yoe'], ':samscode' => $_POST['samscode'], ':type' => $_POST['dept'], ':aishecode' => $_POST['aishe'], ':address' => $_POST['address'], ':govtorder' => $_POST['govtorder'], ':mission' => strip_tags($_POST['mission']), ':vision' => $vision, ':about' => strip_tags($_POST['about']), ':staff_sanctioned' => $_POST['sstaff'], ':staff_vacancy' => $_POST['vacancy'], ':classroomtot' => $_POST['classroomtot'], ':booktot' => $_POST['booktot'], ':teachertot' => $_POST['teachertot'], ':studentstot' => $_POST['studentstot'], ':quotation' => $_POST['quotation'], ]; $query_execute = $query_run->execute($data); //pdo if ($query_execute) { echo '<script>alert("Profile Updated Successfully.")</script>'; unset($_SESSION['token']); unset($_SESSION['token-expire']); echo "<script>window.location.href ='add-profile.php'</script>"; } else { echo '<script>alert("Something Went Wrong. Please try again.")</script>'; } } // (C) INVALID TOKEN else { echo '<script>alert("Malicious Data found & submitted. Please try again.")</script>'; } ##### } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content=""> <meta name="author" content=""> <title> Manage College Profile</title> <!-- Custom fonts for this template--> <link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css"> <link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet"> <!-- Custom styles for this template--> <link href="css/sb-admin-2.min.css" rel="stylesheet"> <style type="text/css"> label { font-size: 16px; font-weight: bold; color: #000; } </style> </head> <body id="page-top"> <!-- Page Wrapper --> <div id="wrapper"> <?php include_once 'includes/sidebar.php'; ?> <!-- Content Wrapper --> <div id="content-wrapper" class="d-flex flex-column"> <!-- Main Content --> <div id="content"> <!-- Topbar --> <?php include_once 'includes/topbar.php'; ?> <!-- End of Topbar --> <!-- Begin Page Content --> <div class="container-fluid"> <!-- Page Heading --> <h1 class="h3 mb-4 text-gray-800">College Profile</h1> <form method="post" name="adminprofile"> <input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>"> <div class="row"> <div class="col-lg-12 col-sm-12 col-md-12"> <!-- Basic Card Example --> <div class="card shadow mb-4"> <div class="card-body"> <!-- form starts --> <div class="container py-2"> <div class="row"> <div class="col-md-12 mx-auto"> <?php $query = mysqli_query($con, "SELECT * from tbl_college"); $singleRow = mysqli_fetch_row($query); ?> <div class="form-group row"> <div class="col-sm-6"> <label for="inputFirstname">SAMS Code</label> <input type="text" class="form-control" id="inputFirstname" value="<?php echo $singleRow['2']; ?>" name="samscode" placeholder="SAMS CODE"> </div> <div class="col-sm-6"> <label for="inputLastname">Type of College</label> <select name="dept" class="form-control" id="dept" required> <option value="">--Select Type--</option> <option value="Govt." selected>Govt.</option> <option value="Semi Aided">Semi Aided</option> </select> </div> </div> <div class="form-group row"> <div class="col-sm-6"> <label for="inputAddressLine1">Date of Establishment</label> <input type="date" value="<?php echo $singleRow['1']; ?>" class="form-control" name="yoe" id="inputAddressLine1" placeholder="Govt. Departments"> </div> <div class="col-sm-6"> <label for="inputAddressLine2">AISHE Code</label> <input type="text" class="form-control" name="aishe" value="<?php echo $singleRow['4']; ?>" id="inputAddressLine1" placeholder="Govt. Departments"> </div> </div> <div class="form-group row"> <div class="col-sm-6"> <label for="inputCity">Address</label> <input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['5']; ?>" name="address" placeholder="AISHE Code"> </div> <div class="col-sm-6"> <label for="inputState">Govt Order No.</label> <input type="number" class="form-control" value="<?php echo $singleRow['6']; ?>" name="govtorder" id="inputAddressLine1" placeholder="Govt. Order no."> </div> </div> <div class="form-group row"> <div class="col-sm-6"> <label for="inputCity">Sanctioned Staff(Teaching/Non-Teaching)</label> <input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['11']; ?>" name="sstaff" placeholder="AISHE Code"> </div> <div class="col-sm-6"> <label for="inputState">Vacancy Staff(Teaching/Non-Teaching)</label> <input type="text" class="form-control" value="<?php echo $singleRow['12']; ?>" name="vacancy" id="inputAddressLine1" placeholder="Govt. Order no."> </div> </div> <div class="form-group row"> <div class="col-sm-6"> <label for="inputCity">No.of Teachers</label> <input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['17']; ?>" name="teachertot" placeholder="AISHE Code"> </div> <div class="col-sm-6"> <label for="inputState">No. of Students</label> <input type="text" class="form-control" value="<?php echo $singleRow['19']; ?>" name="studentstot" id="inputAddressLine1" placeholder="Govt. Order no."> </div> </div> <div class="form-group row"> <div class="col-sm-6"> <label for="inputCity">No.of Classrooms</label> <input type="text" class="form-control" id="inputCity" value="<?php echo $singleRow['16']; ?>" name="classroomtot" placeholder="AISHE Code"> </div> <div class="col-sm-6"> <label for="inputState">No. of Books in Library</label> <input type="text" class="form-control" value="<?php echo $singleRow['18']; ?>" name="booktot" id="inputAddressLine1" placeholder="Govt. Order no."> </div> </div> <div class="form-group row"> <div class="col-sm-6"> <label for="inputCity">Mission</label> <textarea name="mission" id="" cols="30" rows="4" class="form-control"><?php echo $singleRow['7']; ?></textarea> </div> <div class="col-sm-6"> <label for="inputState">Vission</label> <textarea name="vision" id="" cols="30" rows="4" class="form-control"><?php echo $singleRow['8']; ?></textarea> </div> </div> <div class="form-group row"> <div class="col-sm-12"> <label for="inputCity">Quotation by Principal</label> <textarea name="quotation" id="" cols="30" rows="3" class="form-control"><?php echo $singleRow['20']; ?></textarea> </div> </div> <div class="form-group row"> <div class="col-sm-12"> <label for="inputCity">About History</label> <textarea name="about" id="" cols="30" rows="10" class="form-control"><?php echo $singleRow['10']; ?></textarea> </div> </div> <button type="submit" class="btn btn-primary px-4 float-right" name="submit">Save</button> </div> </div> </div> <!-- form ends --> </div> </div> </div> </div> </form> </div> <!-- /.container-fluid --> </div> <!-- End of Main Content --> <?php include_once 'includes/footer.php'; ?> </div> <!-- End of Content Wrapper --> </div> <!-- End of Page Wrapper --> <!-- Scroll to Top Button--> <?php include_once 'includes/footer2.php'; ?> <!-- Bootstrap core JavaScript--> <script src="vendor/jquery/jquery.min.js"></script> <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script> <!-- Core plugin JavaScript--> <script src="vendor/jquery-easing/jquery.easing.min.js"></script> <!-- Custom scripts for all pages--> <script src="js/sb-admin-2.min.js"></script> </body> </html> <?php } ?>