[ Avaa Bypassed ]

Upload:

Command:

hmhc3928@18.116.27.78: ~ $ 
<?php
	$page_title = "Edit Instructor | CES Admin";
	include_once($_SERVER['DOCUMENT_ROOT'] . "/php/common_functions.php"); //common functions in the course registartion system
	include_once($_SERVER['DOCUMENT_ROOT'] . "/php/config.php"); //holds global config variables
 	check_if_authenticated('admin');//check if user is logged in
	
	if(isset($_POST['cancel']) || isset($_POST['back'])){ //form has been canceled
		header('location:index.php');
		exit;
	}//if


	include_once($_SERVER['DOCUMENT_ROOT'] . "/admin/php/top-admin.php"); //get the HTML heading common to all pages in the CES admin module
	
?>

 <article class="ces-admin">
        <h2>CES Admin - Edit Instructor</h2>


<?php
	include_once($_SERVER['DOCUMENT_ROOT'] . "/admin/php/nav-admin.php");
 	//opens connection to database

	$db = mysqli_connect($mysql_server, $user, $pass, $database); 
	
	if(isset($_POST['submit'])){ //form has been submitted, update database with new values


		$first_name = htmlentities($_POST['first_name'], ENT_QUOTES);
		$last_name = htmlentities($_POST['last_name'], ENT_QUOTES);
	
		$sql = "UPDATE ces_instructors 
		SET first_name=\"$first_name\",
		last_name=\"$last_name\",
		active='$_POST[active]'
		WHERE instructor_id='$_POST[instructor_id]'";
		   
		if (mysqli_query($db, $sql)){ //updates the database
			echo "<p class='alert alert-block alert-success'>Record updated successfully</p>";
			echo "<form method='post' action='".$_SERVER['PHP_SELF']."''>";
			echo "<input type='submit' name='back' value='Back to Instructor List' class='btn btn-lg btn-block ces-green-btn'>";
			echo "</form>";
		}
		else
			print_sql_error('Error - could not update instructor when trying to do:', $sql);
	} //if	

	if(isset($_POST['delete'])){
		$delete_level_sql = "DELETE FROM ces_instructors WHERE instructor_id = '$_POST[instructor_id]'";
		if (mysqli_query($db, $delete_level_sql)) {
			
			echo "<p class='alert alert-block alert-success'>The Instructor was deleted successfully</p>\n";
			echo "<form method='post' action='".$_SERVER['PHP_SELF']."''>";
			echo "<input type='submit' name='back' value='Back to Instructor List' class='btn btn-lg btn-block ces-green-btn'>";
			echo "</form>";
						
		}
	}


	
	if(isset($_GET['instructor_id'])){ //we can identify the record, instructor_id is the primary key in the database, print out the record and allow updates
	
		$sql = mysqli_query($db, "SELECT first_name, last_name, active FROM ces_instructors WHERE instructor_id=$_GET[instructor_id]");
	
		while ($query = mysqli_fetch_array($sql)) {
	?>
		<form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
			<input type='hidden' name='instructor_id' value="<?php echo $_GET['instructor_id']?>">
			<div class="form-group ces-form-half">
				<label class="ces-form-title" for="first_name">First Name:</label>
				<input class="form-control" type='text' id='first_name' name='first_name' value="<?php echo $query["first_name"]?>" required autofocus placeholder="First Name" maxlength=50>
			</div>
			<div class="form-group ces-form-half">
				<label class="ces-form-title" for="last_name">Last Name:</label>
				<input class="form-control" type='text' id='last_name' name='last_name' value="<?php echo $query["last_name"]?>" required placeholder="Last Name" maxlength=50>
			</div>
			<div class="form-group">
				<label>Status:</label>
				<div class="radio">
				  <label><input type="radio" name='active' value='1' <?php echo (($query["active"] == 1)? " checked": "") ?> >Active</label>
				</div>
				<div class="radio">
				  <label><input type="radio" name='active' value='0' <?php echo (($query["active"] == 0)? " checked": "") ?>>Inactive</label>
				</div>

			</div>
			
			<input type='submit' name='submit' value="Update Instructor" class="btn btn-lg btn-block ces-green-btn">

			<input type='submit' name='cancel' value="Cancel" class="btn btn-lg btn-block ces-orange-btn">

			<?php
			
			$instructor_count = instructors_sessions($_GET['instructor_id']);
			if($instructor_count == 0){
				echo "\n<form  method='post' action='" . $_SERVER['PHP_SELF'] . "'>";
				echo '<input style="float:right;" class="btn btn-lg btn-block ces-grey-btn" type="submit" name="delete" value="Delete Unused Instructor" title="Delete Unused Instructor">';
				echo '<input type="hidden" name="instructor_id" value="'. $_GET['instructor_id'].'">';
				
			}

			?>
		
		</form>

	<?php
			
		} //while
	} //if

?>
  </article>
    


  </section><!-- #middle-->

</div><!-- #wrapper --> 
 
<?php require_once $_SERVER['DOCUMENT_ROOT'].'/require/footer.php';?>

Filemanager

DIR : / home/ hmhc3928/ public_html_community/ admin/ instructors/
Name Type Size Permission Actions
add.php File 3.42 KB 0644
edit.php File 4.46 KB 0644
index.php File 2.52 KB 0644