|
Server IP : 103.191.208.50 / Your IP : 216.73.216.53 Web Server : LiteSpeed System : Linux orion.herosite.pro 4.18.0-553.53.1.lve.el8.x86_64 #1 SMP Wed May 28 17:01:02 UTC 2025 x86_64 User : celkcksm ( 1031) PHP Version : 7.4.33 Disable Function : show_source, system, shell_exec, passthru, popen, exec MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home/celkcksm/jcboseedu.org/admin/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
session_start();
include_once('include/config.inc.php');
include_once('include/function.php');
switch($_REQUEST['do']) {
case "Chairman" :
$name = mysqli_escape_string($con,$_REQUEST['name']);
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$qualification = mysqli_escape_string($con,$_REQUEST['qualification']);
$image="";
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
}
$q=mysqli_query($con,"insert into chairman (image,p1,p2,name,qualification) values ('".$image."','".$p1."','".$p2."','".$name."','".$qualification."')");
if($q){
$_SESSION['msg']="Chairman Information Added Successfully";
}else{
$_SESSION['msg']="Chairman Information Adding failed";
}
header("location:chairman.php");
break;
case "EditChairman" :
$name = mysqli_escape_string($con,$_REQUEST['name']);
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$qualification = mysqli_escape_string($con,$_REQUEST['qualification']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image=mysqli_fetch_array(mysqli_query("select image from chairman where id=".(int)$doid))['image'];
unlink("images/".$image);
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
mysqli_query($con,"update chairman set image='".$image."' where id='".$doid."'");
}
$q=mysqli_query($con,"update chairman set name='".$name."',qualification='".$qualification."',p1='".$p1."',p2='".$p2."' where id=".(int)$doid);
if($q){
$_SESSION['msg']="Chairman Information Updated Successfully";
}else{
$_SESSION['msg']="Chairman Information Update failed";
}
header("location:chairman.php");
break;
case "Principle" :
$name = mysqli_escape_string($con,$_REQUEST['name']);
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$qualification = mysqli_escape_string($con,$_REQUEST['qualification']);
$image="";
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
}
$q=mysqli_query($con,"insert into principle(image,p1,p2,name,qualification) values('".$image."','".$p1."','".$p2."','".$name."','".$qualification."')");
if($q){
$_SESSION['msg']="Principle Information Added Successfully";
}else{
$_SESSION['msg']="Principle Information Adding failed";
}
header("location:principle.php");
break;
case "EditPrinciple" :
$qualification = mysqli_escape_string($con,$_REQUEST['qualification']);
$name = mysqli_escape_string($con,$_REQUEST['name']);
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image=mysqli_fetch_array(mysqli_query("select image from principle where id=".(int)$doid))['image'];
unlink("images/".$image);
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
mysqli_query($con,"update principle set image='".$image."' where id='".$doid."'");
}
$q=mysqli_query($con,"update principle set name='".$name."',p1='".$p1."',p2='".$p2."',qualification='".$qualification."' where id=".(int)$doid);
if($q){
$_SESSION['msg']="Principle Information Updated Successfully";
}else{
$_SESSION['msg']="Principle Information Update failed";
}
header("location:principle.php");
break;
case "Gallery" :
$name=mysqli_escape_string($con,$_REQUEST['name']);
$allowed=true;
$allowedFileType = ['image/*'];
for($i=0;$i<count($_FILES['image']['name']);$i++){
if(in_array($_FILES["image"]["type"][$i],$allowedFileType)){
$allowed=false;echo $_FILES["image"]["type"][$i];
}
}
if($allowed){
$q=mysqli_query($con,"insert into gallery (name) values ('$name')");
$gallery_id=$con->insert_id;
for($i=0;$i<count($_FILES['image']['name']);$i++){
$image="";
if($_FILES['image']['name'][$i]!= NULL){
$image = time().'_'.$_FILES['image']['name'][$i];
move_uploaded_file($_FILES['image']['tmp_name'][$i],"images/gallery/".$image);
}
$q=mysqli_query($con,"insert into image_of_gallery (gallery_id,image) values ('$gallery_id','$image')");
}
if($q){
$_SESSION['msg']="Images Added Successfully";
}else{
$_SESSION['msg']="Images Adding failed $gallery_id !";
}
}else{
$_SESSION['msg']="Invalid file, Upload a valid Image file";
}
header("location:gallery.php");
break;
case "Documents" :
$type=mysqli_escape_string($con,$_REQUEST['type']);
$image="";
$allowedFileType = ['application/pdf'];
if(in_array($_FILES["image"]["type"],$allowedFileType)){
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
}
$oldimage =mysqli_fetch_array(mysqli_query($con,"select $type from documents where id=1"))['$type'];
unlink("images/".$oldimage);
$q=mysqli_query($con,"update documents set $type='".$image."' where id=1");
if($q){
$_SESSION['msg']="Document Added Successfully";
}else{
$_SESSION['msg']="Document Adding failed";
}
}else{
$_SESSION['msg']="Invalid file, Upload a PDF file";
}
header("location:documents.php");
break;
case "News" :
$title = mysqli_escape_string($con,$_REQUEST['title']);
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$p3 = mysqli_escape_string($con,$_REQUEST['p3']);
$q=mysqli_query($con,"insert into news(title,p1,p2,p3) values('".$title."','".$p1."','".$p2."','".$p3."')");
if($q){
$_SESSION['msg']="News Information Added Successfully";
}else{
$_SESSION['msg']="News Information Adding failed";
}
header("location:news.php");
break;
case "EditNews" :
$title = mysqli_escape_string($con,$_REQUEST['title']);
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$p3 = mysqli_escape_string($con,$_REQUEST['p3']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
$q=mysqli_query($con,"update news set title='".$title."',p1='".$p1."',p2='".$p2."',p3='".$p3."' where id=".(int)$doid);
if($q){
$_SESSION['msg']="News Information Updated Successfully";
}else{
$_SESSION['msg']="News Information Update failed";
}
header("location:news.php");
break;
case "AboutUs" :
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$p3 = mysqli_escape_string($con,$_REQUEST['p3']);
$image="";
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
}
$q=mysqli_query($con,"insert into about_us(image,p1,p2,p3) values('".$image."','".$p1."','".$p2."','".$p3."')");
if($q){
$_SESSION['msg']="About Us Information Added Successfully";
}else{
$_SESSION['msg']="About Us Information Adding failed";
}
header("location:about_us.php");
break;
case "EditAboutUs" :
$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
$p3 = mysqli_escape_string($con,$_REQUEST['p3']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image=mysqli_fetch_array(mysqli_query("select image from about_us where id=".(int)$doid))['image'];
unlink("images/".$image);
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
mysqli_query($con,"update about_us set image='".$image."' where id='".$doid."'");
}
$q=mysqli_query($con,"update about_us set p1='".$p1."',p2='".$p2."',p3='".$p3."' where id=".(int)$doid);
if($q){
$_SESSION['msg']="About Us Information Updated Successfully";
}else{
$_SESSION['msg']="About Us Information Update failed";
}
header("location:about_us.php");
break;
case "StudentCorner" :
$coursename = mysqli_escape_string($con,$_REQUEST['coursename']);
$title = mysqli_escape_string($con,$_REQUEST['title']);
$year = mysqli_escape_string($con,$_REQUEST['year']);
$semester = mysqli_escape_string($con,$_REQUEST['semester']);
$papercode = mysqli_escape_string($con,$_REQUEST['papercode']);
$filename = mysqli_escape_string($con,$_REQUEST['filename']);
$image="";
$time=time();
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image = $time.'_'.preg_replace('/[^A-Za-z0-9\-.]/', '', $_FILES['image']['name']);
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
}
//print_r($_FILES);
//echo "insert into studentcorner (coursename,title, filename) values('".$coursename."','".$title."','".$image."')"; die;
$q=mysqli_query($con,"insert into studentcorner (coursename,title, filename,year,semester,papercode,filecode) values('".$coursename."','".$title."','".$image."','".$year."','".$semester."','".$papercode."','".$time."')");
if($q){
$_SESSION['msg']="Student Corner Information Added Successfully";
}else{
$_SESSION['msg']="Student Corner Information Adding failed";
}
header("location:studentcorner.php");
break;
case "EditStudentCorner" :
//$p1 = mysqli_escape_string($con,$_REQUEST['p1']);
//$p2 = mysqli_escape_string($con,$_REQUEST['p2']);
//$p3 = mysqli_escape_string($con,$_REQUEST['p3']);
$heading = mysqli_escape_string($con,$_REQUEST['heading']);
$title = mysqli_escape_string($con,$_REQUEST['title']);
$year = mysqli_escape_string($con,$_REQUEST['year']);
$semester = mysqli_escape_string($con,$_REQUEST['semester']);
$papercode = mysqli_escape_string($con,$_REQUEST['papercode']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
$time=time();
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image=mysqli_fetch_array(mysqli_query("select filename from studentcorner where id=".(int)$doid))['filename'];
unlink("images/".$image);
// $image = time().'_'.preg_replace('/[^A-Za-z0-9\-]/', '', $_FILES['image']['name']);
$image = $time.'_'.preg_replace('/[^A-Za-z0-9\-.]/', '', $_FILES['image']['name']);
if(move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image))
mysqli_query($con,"update studentcorner set filename='".$image."',filecode='".$time."' where id='".$doid."'");
}
$q=mysqli_query($con,"update studentcorner set title='".$title."' where id=".(int)$doid);
if($q){
$_SESSION['msg']="Student Corner Information Updated Successfully";
}else{
$_SESSION['msg']="Student Corner Information Update failed";
}
header("location:studentcorner.php");
break;
case "ContactUs" :
$name = mysqli_escape_string($con,$_REQUEST['name']);
$address_line_1 = mysqli_escape_string($con,$_REQUEST['address_line_1']);
$address_line_2 = mysqli_escape_string($con,$_REQUEST['address_line_2']);
$map = mysqli_escape_string($con,$_REQUEST['map']);
$pincode = mysqli_escape_string($con,$_REQUEST['pincode']);
$mobile1 = mysqli_escape_string($con,$_REQUEST['mobile1']);
$mobile2 = mysqli_escape_string($con,$_REQUEST['mobile2']);
$email = mysqli_escape_string($con,$_REQUEST['email']);
$q=mysqli_query($con,"insert into contact_us(map,name,address_line_1,address_line_2,pincode,mobile1,mobile2,email) values('".$map."','".$name."','".$address_line_1."','".$address_line_2."','".$pincode."','".$mobile1."','".$mobile2."','".$email."')");
if($q){
$_SESSION['msg']="ContactUs Information Added Successfully";
}else{
$_SESSION['msg']="ContactUs Information Adding failed";
}
header("location:contact_us.php");
break;
case "EditContactUs" :
$name = mysqli_escape_string($con,$_REQUEST['name']);
$address_line_1 = mysqli_escape_string($con,$_REQUEST['address_line_1']);
$address_line_2 = mysqli_escape_string($con,$_REQUEST['address_line_2']);
$map = mysqli_escape_string($con,$_REQUEST['map']);
$pincode = mysqli_escape_string($con,$_REQUEST['pincode']);
$mobile1 = mysqli_escape_string($con,$_REQUEST['mobile1']);
$mobile2 = mysqli_escape_string($con,$_REQUEST['mobile2']);
$email = mysqli_escape_string($con,$_REQUEST['email']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
$q=mysqli_query($con,"update contact_us set map='".$map."',name='".$name."',address_line_1='".$address_line_1."',address_line_2='".$address_line_2."',pincode='".$pincode."',mobile1='".$mobile1."',mobile2='".$mobile2."',email='".$email."' where id='".$doid."'");
if($q){
$_SESSION['msg']="ContactUs Information Updated Successfully";
}else{
$_SESSION['msg']="ContactUs Information Update failed";
}
header("location:contact_us.php");
break;
case "HomeSlider" :
$image="";
if(($_FILES['image']['name']!= NULL)&&(strpos(strtolower($_FILES["image"]["name"]),'.php')==null)&&(strpos(strtolower($_FILES["image"]["name"]),'.js')==null )){
$image = time().'_'.$_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'],"images/".$image);
}
$q=mysqli_query($con,"insert into home_slider(image) values('".$image."')");
if($q){
$_SESSION['msg']="Slider Image Added Successfully";
}else{
$_SESSION['msg']="Header Image Adding failed";
}
header("location:home_slider.php");
break;
case "Header" :
$mobile1 = mysqli_escape_string($con,$_REQUEST['mobile1']);
$mobile2 = mysqli_escape_string($con,$_REQUEST['mobile2']);
$email = mysqli_escape_string($con,$_REQUEST['email']);
$logo="";
if($_FILES['logo']['name']!= NULL){
$logo = time().'_'.$_FILES['logo']['name'];
move_uploaded_file($_FILES['logo']['tmp_name'],"images/".$logo);
}
$q=mysqli_query($con,"insert into header(logo,mobile1,mobile2,email) values('".$logo."','".$mobile1."','".$mobile2."','".$email."')");
if($q){
$_SESSION['msg']="Header Information Added Successfully";
}else{
$_SESSION['msg']="Header Information Adding failed";
}
header("location:header.php");
break;
case "EditHeader" :
$mobile1 = mysqli_escape_string($con,$_REQUEST['mobile1']);
$mobile2 = mysqli_escape_string($con,$_REQUEST['mobile2']);
$email = mysqli_escape_string($con,$_REQUEST['email']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
if($_FILES['logo']['name']!= NULL){
$logo=mysqli_fetch_array(mysqli_query("select logo from header where id=".(int)$doid))['logo'];
unlink("images/".$logo);
$logo = time().'_'.$_FILES['logo']['name'];
move_uploaded_file($_FILES['logo']['tmp_name'],"images/".$logo);
mysqli_query($con,"update header set logo='".$logo."' where id='".$doid."'");
}
$q=mysqli_query($con,"update header set mobile1='".$mobile1."',mobile2='".$mobile2."',email='".$email."' where id='".$doid."'");
if($q){
$_SESSION['msg']="Header Information Updated Successfully";
}else{
$_SESSION['msg']="Header Information Update failed";
}
header("location:header.php");
break;
case "AddStudentAttendance" :
$date_from = mysqli_escape_string($con,$_REQUEST['date_from']);
$date_to = mysqli_escape_string($con,$_REQUEST['date_to']);
$pdf="";
if($_FILES['pdf']['name']!= NULL){
$pdf = time().'_'.$_FILES['pdf']['name'];
move_uploaded_file($_FILES['pdf']['tmp_name'],"attendance/".$pdf);
}
$q=mysqli_query($con,"insert into student_attendance(pdf,date_from,date_to) values('".$pdf."','".$date_from."','".$date_to."')");
if($q){
$_SESSION['msg']="Attendance Added Successfully";
}else{
$_SESSION['msg']="Attedance Adding failed";
}
header("location:student_attendance.php");
break;
case "EditStudentAttendance" :
$date_from = mysqli_escape_string($con,$_REQUEST['date_from']);
$date_to= mysqli_escape_string($con,$_REQUEST['date_to']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
if($_FILES['pdf']['name']!= NULL){
$pdf=mysqli_fetch_array(mysqli_query("select pdf from student_attendance where id=".(int)$doid))['pdf'];
if(!empty($pdf)){
unlink("attendance/".$pdf);}
$pdf = time().'_'.$_FILES['pdf']['name'];
move_uploaded_file($_FILES['pdf']['tmp_name'],"attendance/".$pdf);
mysqli_query($con,"update student_attendance set pdf='".$pdf."' where id='".$doid."'");
}
$q=mysqli_query($con,"update student_attendance set date_from='".$date_from."',date_to='".$date_to."' where id='".$doid."'");
if($q){
$_SESSION['msg']="Attendance Updated Successfully";
}else{
$_SESSION['msg']="Attendance Update failed";
}
header("location:student_attendance.php");
break;
case "AddTeacherAttendance" :
$date_from = mysqli_escape_string($con,$_REQUEST['date_from']);
$date_to = mysqli_escape_string($con,$_REQUEST['date_to']);
$pdf="";
if($_FILES['pdf']['name']!= NULL){
$pdf = time().'_'.$_FILES['pdf']['name'];
move_uploaded_file($_FILES['pdf']['tmp_name'],"attendance/".$pdf);
}
$q=mysqli_query($con,"insert into teacher_attendance(pdf,date_from,date_to) values('".$pdf."','".$date_from."','".$date_to."')");
if($q){
$_SESSION['msg']="Attendance Added Successfully";
}else{
$_SESSION['msg']="Attedance Adding failed";
}
header("location:teacher_attendance.php");
break;
case "EditTeacherAttendance" :
$date_from = mysqli_escape_string($con,$_REQUEST['date_from']);
$date_to= mysqli_escape_string($con,$_REQUEST['date_to']);
$doid = mysqli_escape_string($con,$_REQUEST['doid']);
if($_FILES['pdf']['name']!= NULL){
$pdf=mysqli_fetch_array(mysqli_query("select pdf from teacher_attendance where id=".(int)$doid))['pdf'];
if(!empty($pdf)){
unlink("attendance/".$pdf);}
$pdf = time().'_'.$_FILES['pdf']['name'];
move_uploaded_file($_FILES['pdf']['tmp_name'],"attendance/".$pdf);
mysqli_query($con,"update teacher_attendance set pdf='".$pdf."' where id='".$doid."'");
}
$q=mysqli_query($con,"update teacher_attendance set date_from='".$date_from."',date_to='".$date_to."' where id='".$doid."'");
if($q){
$_SESSION['msg']="Attendance Updated Successfully";
}else{
$_SESSION['msg']="Attendance Update failed";
}
header("location:teacher_attendance.php");
break;
}
?>