CasperSecurity
<?php
include("../includes/connection.php");
if (!isset($_SESSION['id'])):
header("location:index.php");
endif;
$page1='department';
$heading=$connect->real_escape_string($_POST['heading']);
$des=$connect->real_escape_string($_POST['des']);
$icon=$connect->real_escape_string($_POST['icon']);
$stage = $connect->real_escape_string($_POST['stage']);
$allowed_extensions = array('gif', 'jpg','jpeg', 'png','bmp', 'GIF', 'JPG', 'PNG', 'JPEG','BMP');
if ($stage == 2) {
if ($_FILES['banner_image']['name'] != "") {
$filenamenew = $_FILES['banner_image']['name'];
$path_info = pathinfo($filenamenew);
$is_valid = in_array($path_info['extension'], $allowed_extensions);
if (empty($is_valid)) {
//die('File #'.$i.': Incorrent file extension.');
$msg = "Incorrent file extension, Please upload a valid image file";
setcookie("msg", $msg, time() + 3);
print "<script>";
print "self.location = 'mng_departments.php';";
print "</script>";
exit;
} else {
$path2 = "../uploads/department";
$s1 = rand();
$realname = removeSpchar($_FILES['banner_image']['name']);
$realname = $s1 . "_" . $realname;
$dest = $path2 . "/" . $realname;
copy($_FILES['banner_image']['tmp_name'], $dest);
$bannerimage = trim($realname);
$path3 = "../uploads/department";
$delpath1 = $path3 . "/" . $_POST['T2'];
@unlink($delpath1);
}
} else {
$bannerimage = $connect->real_escape_string(trim($_POST['T2']));
}
$sql="INSERT INTO `mng_department`(`heading`, `icon`, `image`,`des`) VALUES ('$heading','$icon ','$bannerimage','$des')";
$result3 = db_query($sql);
include('pagemanipulate.php');
$msg = "Department Added Successfully.";
setcookie("msg", $msg, time() + 3);
print "<script>";
print "self.location = 'mng_departments.php';";
print "</script>";
exit;
}
/* EDIT Template */
if ($_POST['stage'] == 3 && $_POST['rid'] != "") {
if ($_FILES['banner_image']['name'] != "") {
$filenamenew = $_FILES['banner_image']['name'];
$path_info = pathinfo($filenamenew);
$is_valid = in_array($path_info['extension'], $allowed_extensions);
if (empty($is_valid)) {
//die('File #'.$i.': Incorrent file extension.');
$msg = "Incorrent file extension, Please upload a valid image file";
setcookie("msg", $msg, time() + 3);
print "<script>";
print "self.location = 'mng_departments.php';";
print "</script>";
exit;
} else {
$path2 = "../uploads/department";
$s1 = rand();
$realname = removeSpchar($_FILES['banner_image']['name']);
$realname = $s1 . "_" . $realname;
$dest = $path2 . "/" . $realname;
copy($_FILES['banner_image']['tmp_name'], $dest);
$bannerimage = trim($realname);
$path3 = "../uploads/department";
$delpath1 = $path3 . "/" . $_POST['T2'];
@unlink($delpath1);
}
} else {
$bannerimage = $connect->real_escape_string(trim($_POST['T2']));
}
$sql="UPDATE `mng_department` SET `heading`='$heading',`icon`='$icon',`image`='$bannerimage',`des`='$des' WHERE id=" . $_POST['rid'] . "";
// print_r($sql);
// die();
$result3 = db_query($sql);
include('pagemanipulate.php');
$msg = "Department Updated Successfully.";
setcookie("msg", $msg, time() + 3);
print "<script>";
print "self.location = 'mng_departments.php';";
print "</script>";
exit;
}
/*Delete Template */
$delid = $connect->real_escape_string($_GET['delid']);
if ($delid != ""){
$upsql = "delete from mng_department where id={$delid}";
db_query($upsql);
$msg = "Record Deleted Successfully.";
setcookie("msg", $msg, time() + 3);
header("Location: mng_departments.php");
}
if ($_GET['id'] != "") {
$sql = "select * from mng_department where id=" . $_GET['id'] . "";
$row_service = mysqli_fetch_assoc(db_query($sql));
$eid = $row_service['id'];
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php include("css.php"); ?>
<script src="tinymce/tinymce.min.js" referrerpolicy="origin"></script>
<script>
tinymce.init({
selector: '#buyers,#sellers,#content',
height: 300,
plugins: 'print preview paste importcss searchreplace autolink autosave save directionality code visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists wordcount imagetools textpattern noneditable help charmap emoticons',
menubar: 'file edit view insert format tools table help',
toolbar: 'undo redo | bold italic underline strikethrough | fontselect fontsizeselect formatselect | alignleft aligncenter alignright alignjustify | outdent indent | numlist bullist | forecolor backcolor removeformat | pagebreak | charmap emoticons | fullscreen preview save print | insertfile image media template link anchor codesample | ltr rtl',
toolbar_sticky: false,
image_advtab: true,
external_filemanager_path:"filemanager/",
filemanager_title:"Filemanager" ,
external_plugins: { "filemanager" : "../filemanager/plugin.min.js"},
content_css: [
'//fonts.googleapis.com/css?family=Lato:300,300i,400,400i',
'//www.tiny.cloud/css/codepen.min.css'
],
extended_valid_elements: 'span[class=]',
importcss_append: false,
});
function chnageLang(val){
self.location = 'mng_departments.php';
}
</script>
</head>
<body class="sidebar-pinned">
<?php include("left.php") ?>
<main class="admin-main">
<!--site header begins-->
<?php include("admin_header.php");?>
<!--site header ends -->
<section class="admin-content ">
<div class="bg-dark">
<div class="container m-b-30">
<div class="row">
<div class="col-12 text-white p-t-40 p-b-90">
<h4 class="">Manage Department</h4>
<p class="opacity-75 "></p>
</div>
</div>
</div>
</div>
<div class="container pull-up">
<div class="row" style="margin: 0 auto; width:100%; align-items: center;
justify-content: center;">
<!--message-->
<?php if ($_COOKIE['msg']) { ?>
<div class="clearfix"></div>
<div class="col-lg-8">
<div class="alert alert-success">
<a href="#" class="close" data-dismiss="alert" onClick="$('.alert').hide('slow');">×</a>
<?php print str_replace("+", " ", $_COOKIE['msg']); ?>
</div>
</div>
<?php } ?>
<!--message-->
<div class="col-lg-12">
<div class="card m-b-30">
<div class="card-header">
<h5 class="m-b-0">
</h5>
<p class="m-b-0 text-muted">
</p>
</div>
<form name="pwd" method="POST" action="mng_departments.php" enctype="multipart/form-data" >
<input type="hidden" name="recaptchaResponse" id="recaptchaResponse">
<?php if ($eid == "") { ?>
<input type="hidden" name="stage" value="2">
<?php } else { ?>
<input type="hidden" name="stage" value="3">
<input type="hidden" name="rid" value="<?php print $eid; ?>">
<?php } ?>
<div class="card-body">
<div class="form-row m-b-20">
<label for="heading" >Heading</label>
<input type="text" class="form-control" id="heading" name="heading" value="<?php echo $row_service['heading'];?>" required >
</div>
<div class="form-row form-group">
<label for="category">Icon</label>
<textarea class="form-control" id="icon" name="icon" ><?php echo $row_service['icon'];?></textarea>
</div>
<div class="form-row form-group">
<label for="category">Images</label>
<input type="file" class="form-control" id="bannerimage" name="banner_image" placeholder="Banner">
<b><font color="red"> Size : (370px X 320px)</font></b>
</div>
<?php if ($row_service['image'] != "") { ?>
<div class="clearfix"></div>
<div class="form-row">
<img src="../uploads/department/<?php print $row_service['image']; ?>" style="width: 200px;height:200px; " class="img-responsive" />
</div>
<?php } ?>
<input type="hidden" name="T2" value="<?php print $row_service['image']; ?>">
<div class="form-row m-b-20">
<label for="buyers">Description</label>
<textarea class="form-control" id="content" name="des" ><?php print $row_service['des'];?></textarea>
</div>
<div class="form-group">
<div class="buttoncls">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</div>
</form>
<div class="col-lg-12">
<div class="card m-b-30">
<div class="card-header">
<h5 class="m-b-0">
Deapartment Details
</h5>
</div>
<div class="card-body">
<div class="table-responsive">
<table class="table table-hover">
<thead>
<tr>
<th>#</th>
<th>Heading</th>
<th>Image</th>
<th class="text-center" style="width:240px;">Action</th>
</tr>
</thead>
<tbody>
<?php
$sqlfetch = "SELECT * FROM mng_department";
$sqlfetch = db_query($sqlfetch);
$i = 1;
while ($row = mysqli_fetch_array($sqlfetch))
{
?>
<tr>
<td><?php echo $i; ?></td>
<td><?php echo $row[1]; ?></td>
<td><img src="../uploads/department/<?php echo $row[3];?>" style="max-width: 150px"></td>
<td class="text-center">
<a href="mng_departments.php?id=<?php print $row['id']; ?>"><i class="mdi mdi-square-edit-outline"></i></a> |
<a href="?delid=<?php print $row['id']; ?>" onclick ="return confirm('Are you sure to delete ?')"><i class="mdi mdi-delete-forever"></i></a></td>
</td>
</tr>
<?php
$i++;
} ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</main>
<?php include("js.php"); ?>
<!--Additional Page includes-->
<script src="assets/vendor/apexchart/apexcharts.min.js"></script>
<!--chart data for current dashboard-->
<script src="assets/js/dashboard-01.js" type="text/javascript"></script>
<script>
grecaptcha.ready(function () {
grecaptcha.execute('<?php print $sitekey; ?>',{action:'login'}).then(function(token){
var recaptchaResponse = document.getElementById('recaptchaResponse');
recaptchaResponse.value = token;
});
});
</script>
</body>
</html>