-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathheader.php
127 lines (112 loc) · 4.3 KB
/
header.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
session_start();
// Create connection
$con = new mysqli('localhost', 'root', '', 'adminpanel');
// Check connection
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
$username = '';
$pwd = '';
// $flag = '';
$data = '';
$del_id='';
$edit_id='';
$msg = '';
if(isset($_POST['flag'])){
echo $_POST['flag'];
$username = $_POST['username'];
$pwd = $_POST['pwd'];
$flag = $_POST['flag'];
//user login & validate
switch($flag){
case 'signin': {// validate user account
$sql = "SELECT * FROM users WHERE username='$username' AND password=md5('$pwd')";
$result = $con->query($sql);
if($result->num_rows > 0){
$row = mysqli_fetch_row($result);
echo "<script text='javascript'>console.log('aaa');</script>";
$_SESSION['username'] = $row['1'];
$_SESSION['authority'] = $row['3'];
$msg = 'Login Complete! Thanks';
header("Location: dashboard.php");
exit();
}else{
$msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.';
header("Location: index.php");
exit();
}
break;
}
case 'create': {// creating new user
$sql = "INSERT INTO users (username, password, path) VALUES ('$username', md5('$pwd'), '')";
if ($con->query($sql) === TRUE) {
$msg = "New user created successfully";
header("Location: dashboard.php");
} else {
echo $flag;
$msg = "Error: " . $sql . "<br>" . $con->error;
}
break;
}
default: break;
}
}
// delete the user data
else if(isset($_POST['del_id'])){
$del_id = $_POST['del_id'];
$sql = "DELETE FROM users WHERE id='$del_id'";
if ($con->query($sql) === TRUE) {
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . $con->error;
}
}
// when clicked the edit button
else if(isset($_POST['edit_id'])){
$edit_id = $_POST['edit_id'];
$sql = "SELECT * FROM users WHERE id='$edit_id'";
$result = $con->query($sql);
$row = mysqli_fetch_assoc($result);
$edit_data = array();
array_push($edit_data, $row['id'], $row['username'], $row['password']);
echo json_encode($edit_data);
}
// modified user data saving
else if(isset($_POST["editid"])) {
$editid = $_POST['editid'];
$username = $_POST['username'];
$pwd = $_POST['pwd'];
// echo $editid;
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileupload"]["name"]);
$uploadOk = 1;
// Check if file already exists
if (file_exists($target_file)) {
$msg = "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileupload"]["size"] > 2000000) {
$msg = "Sorry, your file is too large.";
$uploadOk = 0;
}
if ($uploadOk == 0) {
$msg = "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileupload"]["tmp_name"], $target_file)) {
$msg = "The file ". basename( $_FILES["fileupload"]["name"]). " has been uploaded.";
} else {
$msg = "Sorry, there was an error uploading your file.";
}
}
$sql = "UPDATE users SET username='$username', password=md5('$pwd'), path='$target_file' WHERE id='$editid'";
// $sql = "UPDATE users SET username=$username, pwd=md5($pwd) WHERE id='$editid'";
if ($con->query($sql) === TRUE) {
$msg = "User data updated successfully";
} else {
$msg = "Error updating data: " . $con->error;
}
}
?>