Gifari Industries - BD Cyber Security Team
Home
/
home
/
decohaslibrary
/
public_html
/
✏️
Editing: edit_user.php.bak
<?php session_start(); $user = $_SESSION['username']; $log = $_SESSION['admin']; if ($log != "log"){ header ("Location: login.php"); } ?> <html> <head> <title>edit_user </title> <link rel = "stylesheet" type ="text/css" href = "css/style.css"/> </head> <body > <div id = "container"> <div id = "bg_container"> <div id="header" > </div> <div id ="bg_wrapper"> <h1 style="font-size:28px;">DECOHAS Online Library System<h1> </div> <div id = "wrapper"> <div class = "navbarr"> <ul> <li><a href = "admin.php">Home</a></li> <li></li> <li><a href ="#">Options</a> <ul> <li><a href ="manage_user.php">Manage User</a></li> <li><a href ="add_user.php">Add User</a></li> <li><a href ="add_dep.php">Add Departments</a></li> <li><a href ="view_dep.php">View Departments</a></li> <li><a href ="uploaded_books.php">Uploaded Books</a></li> </ul> </li> <li><a href = "changepass.php"><img src = "images/my_account.png" style="margin-right:3px;">Update password</img></a></li> <li><a href = "index.php"><img src = "images/logout.png" style="margin-right:3px;">Logout</img></a></li> </ul> </div> <?php function quote_smart($value, $handle) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value, $handle) . "'"; } return $value; } $msg = ""; $timailhan = false; if (isset($_POST['cancel'])) { print("<script>location.href = 'manage_user.php'</script>"); } if (isset($_POST['change'])) { include 'sql.php'; $user = $_POST['uname']; $grp = $_POST['groups']; $pos = $_POST['position']; $SQL = "SELECT * FROM info WHERE groups = '$grp' AND position = 'HOD'"; $result = mysql_query($SQL); while($db_field = mysql_fetch_assoc($result)){ $led = $db_field['username']; if($led != ""){ $timailhan = true; } } if($pos == "leader"){ if($timailhan){ die("<SCRIPT LANGUAGE='JavaScript'>alert('Department has already a leader.')</script><script>location.href = 'edit_user.php'</script>"); } } //unwanted HTML (scripting attacks) $user = htmlspecialchars($user); $grp = htmlspecialchars($grp); $pos = htmlspecialchars($pos); //function $user = quote_smart($user, $db_handle); $grp = quote_smart($grp, $db_handle); $pos = quote_smart($pos, $db_handle); $SQL = "UPDATE group_title SET group_leader = '' WHERE group_leader = $user"; $result = mysql_query($SQL); $SQL = "UPDATE info SET groups = $grp, position = $pos WHERE username = $user"; $result = mysql_query($SQL); $SQL = "SELECT * FROM info WHERE username = $user"; $result = mysql_query($SQL); while ($db_field = mysql_fetch_assoc($result)) { $pos = $db_field['position']; } if($pos == "HOD"){ $SQL = "UPDATE group_title SET group_leader = $user WHERE group_name = $grp"; mysql_query($SQL); } else{ $SQL = "UPDATE info SET group_task = '' WHERE username = $user"; mysql_query($SQL); $SQL = "UPDATE group_title SET group_leader = '' WHERE group_leader = $user"; mysql_query($SQL); } $SQL = "UPDATE info SET task_status_indi = '', individ_task = '' WHERE username = $user"; mysql_query($SQL); mysql_close($db_handle); ?> <p><?php $msg = "Changes has been saved Successfully!.";?><p> <?php //print("<div style=' margin-left:50%; margin-top:50%; '>"); //print("<form name='ok_form' method='post' action='manage_user.php'>"); //print("<input name = 'ok' type = 'submit' value = 'OK'>"); //print("</div>"); } else{ $namekey = $_REQUEST['key']; include 'sql.php'; $SQL = "SELECT * FROM info WHERE username = '$namekey'"; $result = mysqli_query($con,$SQL); while ($db_field = mysqli_fetch_assoc($result)) { $user = $db_field['username']; $grp = $db_field['groups']; $pos = $db_field['position']; } print("<div id = 'head'>"); print("<h2>Edit user:</h2>"); print("</div>"); print("<div id = 'table'>"); print("<form name='edit_form' method='post' action='edit_user.php'>"); print("<table border = '0' >"); print("<tr><td><b style='font-size:20px; margin-left:20px;'>User name:</b></td>"); print("<td><input name = 'uname' type = 'text' value = '$user' style='border-radius:4px; padding:6px; width:400px; margin-bottom:15px; margin-top:20px;'></td>"); print("</tr>"); print("<tr><td><b style='font-size:20px; margin-left:20px;'>Department:</b></td>"); print("<td><select name = 'groups' style='width:100%;height:100%; border-radius:4px; padding:6px; margin-bottom:15px;'>"); $SQL = "SELECT * FROM group_title ORDER BY group_name ASC"; $result = mysqli_query($con,$SQL); while ($db_field = mysqli_fetch_assoc($result)){ $list = $db_field['group_name']; if($list != "admin"){ print("<option>$list"); } } mysql_close($db_handle); print("</td>"); print("</tr>"); print("<tr><td><b style='font-size:20px;margin-left:20px;'>Position:</b></td>"); print("<td><select name = 'position' style='width:100%;height:100%; border-radius:4px; padding:6px; margin-bottom:15px;'>"); print("<option>HOD</option>"); print("<option>Students</option>"); print("<option>admin</option>"); print("</select></td>"); print("</tr>"); print("<tr>"); print("<td align = 'right'></td>"); print("<td align = 'right'><input name = 'cancel' type = 'submit' value = 'CANCEL' style='width:60px; background:#F6F4F0; padding:4px; border-radius:4px;width:70px;'>"); print("<input name = 'change' type = 'submit' value = 'SAVE'' style='width:60px; background:#F6F4F0; padding:4px; border-radius:4px; width:70px'></td>"); print("</tr>"); print("</table>"); print("</form>"); print("</div>"); } ?> <div style ="margin-left:50px; margin-top:20px; float:left;"> <div style="margin-top:10px; margin-left:50px; "> <font face="Cooper Black" size = "5" color = "blue"><?php print $msg; ?></font> </div> </div> </div> </div> <div id="footer" > <p>©2017 DECOHAS</p> </div> </div> </body> </html>
💾 Save
❌ Cancel
