|
Server IP : 162.214.80.37 / Your IP : 216.73.216.83 Web Server : Apache System : Linux sh013.webhostingservices.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : imyrqtmy ( 2189) PHP Version : 8.2.18 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0750) : /home2/imyrqtmy/public_html/thesmarthands/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
include("inc/config.php");
if (isset($_POST['add_admin'])) {
$type = $_POST['type'];
$name = $_POST['name'];
$username = $_POST['username'];
$phone = $_POST['phone'];
$password = $_POST['password'];
$own_company = $_POST['own_company'];
$own_gst = $_POST['own_gst'];
$photo = $_FILES['photo'];
// Sanitize input data
$type = mysqli_real_escape_string($conn, $type);
$name = mysqli_real_escape_string($conn, $name);
$username = mysqli_real_escape_string($conn, $username);
$phone = mysqli_real_escape_string($conn, $phone);
$password = mysqli_real_escape_string($conn, $password);
$own_company = mysqli_real_escape_string($conn, $own_company);
$own_gst = mysqli_real_escape_string($conn, $own_gst);
// Handle the photo upload
$target_dir = "image-admin/";
$photo_name = basename($photo['name']);
$photo_tmp = $photo['tmp_name'];
$photo_ext = pathinfo($photo_name, PATHINFO_EXTENSION);
// Generate a unique filename
$new_photo_name = uniqid() . '.' . $photo_ext;
// Validate and move the uploaded file
$allowed_extensions = ['jpg', 'jpeg', 'png', 'gif'];
if (in_array(strtolower($photo_ext), $allowed_extensions)) {
if (move_uploaded_file($photo_tmp, $target_dir . $new_photo_name)) {
// Insert data into the database
$query = "INSERT INTO `admin` (`type`, `name`, `username`, `phone`, `own_company`, `own_gst`, `password`, `photo`) VALUES ('$type', '$name', '$username', '$phone', '$own_company', '$own_gst', '$password', '$new_photo_name')";
$query_run = mysqli_query($conn, $query);
if ($query_run) {
$_SESSION['status'] = "Employee Added Successfully";
header('Location: view-admin.php');
exit;
} else {
$_SESSION['status'] = "Error: Unable to add admin.";
header('Location: admin.php');
exit;
}
} else {
$_SESSION['status'] = "Error: Unable to upload photo.";
header('Location: admin.php');
exit;
}
} else {
$_SESSION['status'] = "Invalid file type. Only JPG, JPEG, PNG, and GIF are allowed.";
header('Location: admin.php');
exit;
}
}
if (isset($_POST['update_admin'])) {
$id = $_POST['id'];
$type = $_POST['type'];
$name = $_POST['name'];
$username = $_POST['username'];
$phone = $_POST['phone'];
$password = $_POST['password'];
$own_company = $_POST['own_company'];
$own_gst = $_POST['own_gst'];
$photo = $_FILES['photo'];
// Sanitize input data
$type = mysqli_real_escape_string($conn, $type);
$name = mysqli_real_escape_string($conn, $name);
$username = mysqli_real_escape_string($conn, $username);
$phone = mysqli_real_escape_string($conn, $phone);
$password = mysqli_real_escape_string($conn, $password);
$own_company = mysqli_real_escape_string($conn, $own_company);
$own_gst = mysqli_real_escape_string($conn, $own_gst);
// Handle photo upload
$target_dir = "image-admin/";
$new_photo_name = "";
if (!empty($photo['name'])) { // Check if a new photo is uploaded
$photo_name = basename($photo['name']);
$photo_tmp = $photo['tmp_name'];
$photo_ext = pathinfo($photo_name, PATHINFO_EXTENSION);
// Validate photo extension
$allowed_extensions = ['jpg', 'jpeg', 'png', 'gif'];
if (in_array(strtolower($photo_ext), $allowed_extensions)) {
$new_photo_name = uniqid() . '.' . $photo_ext;
// Move the uploaded photo to the target directory
if (move_uploaded_file($photo_tmp, $target_dir . $new_photo_name)) {
// Optional: Delete the old photo if exists
$get_old_photo = mysqli_query($conn, "SELECT photo FROM admin WHERE id = '$id'");
if ($get_old_photo && mysqli_num_rows($get_old_photo) > 0) {
$row = mysqli_fetch_assoc($get_old_photo);
$old_photo = $row['photo'];
if (!empty($old_photo) && file_exists($target_dir . $old_photo)) {
unlink($target_dir . $old_photo); // Delete the old photo
}
}
} else {
$_SESSION['status'] = "Error: Unable to upload new photo.";
header('Location: view-emp.php');
exit;
}
} else {
$_SESSION['status'] = "Invalid file type. Only JPG, JPEG, PNG, and GIF are allowed.";
header('Location: view-emp.php');
exit;
}
}
// Update the admin details
if (!empty($new_photo_name)) {
// If a new photo is uploaded, include it in the update query
$query = "UPDATE admin SET type='$type', name='$name', username='$username', phone='$phone', password='$password', photo='$new_photo_name' WHERE id='$id'";
} else {
// If no new photo is uploaded, keep the existing photo
$query = "UPDATE admin SET type='$type', name='$name', username='$username', phone='$phone', own_company='$own_company', own_gst='$own_gst', password='$password' WHERE id='$id'";
}
$query_run = mysqli_query($conn, $query);
if ($query_run) {
$_SESSION['status'] = "Updated Successfully";
header('Location: view-admin.php');
} else {
$_SESSION['status'] = "Error: Not Updated.";
header('Location: view-admin.php');
}
}
// delete
if(isset($_POST['delete_emp'])){
$id = $_POST['delete_id'];
$query = "DELETE FROM admin WHERE id = '$id'";
$query_run = mysqli_query($conn, $query);
if($query_run){
$_SESSION['status'] = "Deleted Successfully";
header('Location: view-emp.php');
} else {
$_SESSION['status'] = "Not Deleted Successfully";
header('Location: view-emp.php');
}
}
?>