Gifari Industries - BD Cyber Security Team
Home
/
home
/
decohaslibrary
/
public_html
/
✏️
Editing: edit_group.php
<?php session_start(); $user = $_SESSION['username']; $log = $_SESSION['admin']; if ($log != "log"){ header ("Location: login.php"); }?> <html> <head> <title>edit_dep </title> <link rel = "stylesheet" type = "text/css" href = "css/style.css"/> </head> <body > <div id = "container"> <div id = "bg_container"> <div id="header" > </div> <div id = "bg_wrapper" > <h1 style="font-size:28px;">DECOHAS Online Library System<h1> </div> <div id "wrapper" style="margin-left:50px;"> <div class = "navbarr"> <ul> <li><a href = "admin.php">Home</a></li> <li></li> <li><a href ="#">Options</a> <ul> <li><a href ="manage_user.php">Manage User</a></li> <li><a href ="add_user.php">Add User</a></li> <li><a href ="add_dep.php">Add Departments</a></li> <li><a href ="view_dep.php">View Departments</a></li> <li><a href ="uploaded_books.php">Uploaded Books</a></li> </ul> </li> <li><a href = "changepass.php"><img src = "images/my_account.png" style="margin-right:3px;">Update password</img></a></li> <li><a href = "index.php"><img src = "images/logout.png" style="margin-right:3px;">Logout</img></a></li> </ul> </div> <?php function quote_smart($value, $handle) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value, $handle) . "'"; } return $value; } $msg = ""; if (isset($_POST['cancel'])) { print("<script>location.href = 'view_dep.php'</script>"); } if (isset($_POST['change'])) { include 'sql.php'; $grp = $_POST['groups']; $hv = $_POST['hide_val']; //unwanted HTML (scripting attacks) $grp = htmlspecialchars($grp); $hv = htmlspecialchars($hv); //function $grp = quote_smart($grp, $db_handle); $hv = quote_smart($hv, $db_handle); $SQL = "UPDATE group_title SET group_name = $grp WHERE group_name = $hv"; $result = mysql_query($SQL); if($result){ $SQL = "UPDATE info SET groups = $grp WHERE groups = $hv"; mysql_query($SQL); $msg = "Changes has been saved."; } else{ $msg = "department name already exist!"; } ?> <div id = "head"> <font face="Cooper Black" size = "5" color = "blue"><?php print $msg; ?></font> <?php mysql_close($db_handle); print("<div style=' margin-left:100px; margin-top:20px;'>"); print("<form name='ok_form' method='post' action='view_dep.php'>"); print("<input name = 'ok' type = 'submit' value = 'OK' style='width:60px; height:30px;'>"); print("</div>"); ?> </div> <?php } else{ $namekey = $_REQUEST['key']; include 'sql.php'; // $SQL = "SELECT * FROM info WHERE username = '$namekey'"; // $result = mysql_query($SQL); // while ($db_field = mysql_fetch_assoc($result)) { // $user = $db_field['username']; // $grp = $db_field['groups']; // $pos = $db_field['position']; // } print("<div id = 'head' '>"); print("<h2>Edit Departments:<h2>"); print("</div>"); print("<div id = 'table'>"); print("<form name='edit_form' method='post' action='edit_group.php'>"); print("<table border = '0' >"); print("<tr><td><b style='font-size:20px; margin-left:20px;'>Departments:</b></td>"); print("<td><input name = 'groups' type = 'text' value = $namekey style='border-radius:4px; padding:6px; width:400px; margin-bottom:15px;margin-top:35px;'></td>"); print("<td><input name = 'hide_val' type = 'hidden' value = $namekey></td>"); print("<tr>"); print("<td align = 'right'></td>"); print("<td align = 'right'><input name = 'cancel' type = 'submit' value = 'CANCEL' style='width:90px; background:#F6F4F0; padding:4px; border-radius:4px;'>"); print("<input name = 'change' type = 'submit' value = 'SAVE' style='width:90px; background:#F6F4F0; padding:4px; border-radius:4px;'></td>"); print("</tr>"); print("</table>"); print("</form>"); print("</div>"); } ?> </div> </div> <div id="footer" > <p>©2017 DECOHAS</p> </div> </div> </body> </html>
💾 Save
❌ Cancel
