Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $attempts=$_COOKIE['attempts'];
- if($attempts<=5)
- {
- include("../inc/config.php");
- $con=mysqli_connect($address,$DB_user,$DB_password,$DB_name);
- $myusername=$_COOKIE['username'];
- $mypassword=$_COOKIE['password'];
- $groupid=$_COOKIE['groupid'];
- /*These next few lines caused me a bit of problems
- $myusername = stripslashes($myusername);
- $mypassword = stripslashes($mypassword);*/
- $sql="SELECT 'members' FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
- $result=mysqli_query($con,$sql);
- $count=mysql_num_rows($result);
- if($count!==1){
- $newattempt=$attempts+1;
- header("location:login.php");
- setcookie("attempts", $newattempt, time()+3600);
- }
- ?>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
- <!--Changelog: +=Added $=Removed *=Still to come &=Known Bugs #=Extra info on the item above !=Announcement
- 0.1 Alpha Dev | Initialization stage | Unknown - Unknown:
- -------------------------------------
- + - Database utilization
- + - PHP scripts
- + - Login system
- + - Install system
- # - Auto Sets up the database info in the config file, as well as creates the tables and all.
- * - Adding the items such as the events or links using a cp
- * - An Upload system that also adds the name of the image/video to a column
- * - A script that changes depending on the file extension of the upload
- # - I will use this to determine weather the event would be a picture or video.
- * - Two usergroups, Admin and Super Admin
- # - Admins would have regular access to editing the events and links where Super admins will be able to edit the pages, and the databases at will.
- * - Actually finish the if video script.
- & - Everything to do with SQL is broken
- # - Problem is most likely caused by a failed SQL query.
- 0.2 Alpha Dev | Functionality update | Unknown - Unknown:
- -------------------------------------
- + - Added the use of the default admin account specified in the config.php
- + - Article page that is dynamic and changes depending on the event that linked it.
- $ - Removed the sql selection in the login_check.php
- * - Adding the items such as the events or links using a cp
- * - An Upload system that also adds the name of the image/video to a column
- * - A script that changes depending on the file extension of the upload
- # - I will use this to determine weather the event would be a picture or video.
- * - Two usergroups, Admin and Super Admin
- # - Admins would have regular access to editing the events and links where Super admins will be able to edit the pages, and the databases at will.
- * - Actually finish the if video script.
- $ - All bugs that were known about have been removed.
- ! - Seems to be no bugs in this version
- # - Spoke to soon.
- 0.3 Alpha Dev | The Overhaul | Unknown - 6/10/2013:
- -----------------------------
- ! - The name has changed to OSI
- # - OSI meaning Open Source Intranet
- ! - This is expected to be the second last dev version before testing can begin.
- # - Only thing that is stopping it being now is the bugs.
- + - Added CSS.
- + - Added auto updating system
- + - Added an article page where it dynamically displays content depending on the URL(Known as get in php).
- + - Added Admin CP areas.
- + - Added NoSQL admin login.
- # - Just in case something happens with the connection.
- + - Added Event upload.
- + - Added time.php
- + - Added a method of updating the time.php table
- # - This doesn't require a sql connection as it simply rewrites the php file completely.
- + - Admin groups
- + - Adding and removing users
- + - Finished admin CP
- # - This is untill I get time to add some other non essential functions
- + - Super admin only function in admin CP
- + - Made the admin CP one page
- # - Nothing goes out of the page, all data is submitted in it. This MAY decrease security risks.
- + - Added 2 stage authentication
- + - Redid the changelog
- # - It looked pretty bad. Also added dates and made it easier to read.
- + - Overhauled the entire layout of the Admin CP
- $ - REMOVED MASSIVE SECURITY EXPLOIT.
- # - Missing one =, means anyone could log in, even with invalid credentials.
- * - A script that changes depending on the file extension of the upload.
- * - Actually finish the if video script.
- * - Encrypting cookies
- * - Masive security check
- # - Perhaps an overhaul of the security systems If I find exploits
- & - Sql statements are invalid
- # - Because of this you can't login to the Admin CP
- & - Cant login to Admin CP
- & - Files don't upload
- # - For now just use a URL of the item.
- ======================================================================================================================================================
- End of changelog-->
- <html lang="en">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <title>Kiama High School Intranet - Admin Page</title>
- <style type="text/css">
- a:link
- {
- text-decoration: none;
- position: relative;
- margin-left: 1em;
- }
- a:hover
- {
- text-decoration: underline;
- }
- a:before
- {
- position: absolute;
- right: 100%;
- top: 0;
- bottom: 0;
- width: 1em;
- }
- .header {
- color: #FFF;
- background-color: #06F;
- text-align: center;
- padding: 5px;
- font-family: Verdana, Geneva, sans-serif;
- font-size: xx-large;
- margin-top: 20px;
- margin-right: 20px;
- margin-bottom: 0px;
- margin-left: 20px;
- }
- .subheading {
- font-family: Tahoma, Geneva, sans-serif;
- font-size: 24px;
- background-color: #09F;
- text-align: center;
- }
- .Name {
- font-family: Tahoma, Geneva, sans-serif;
- text-align: left;
- }
- .login {
- font-family: Tahoma, Geneva, sans-serif;
- background-color: #06F;
- text-align: center;
- font-size: 18px;
- color: #FFF;
- }
- .menu {
- background-color: #06F;
- padding: 0px;
- font-family: Tahoma, Geneva, sans-serif;
- font-size: 18px;
- text-align: center;
- }
- .footer {
- font-family: Tahoma, Geneva, sans-serif;
- font-size: 14px;
- color: #FFF;
- background-color: #333;
- margin: 20px;
- padding: 10px;
- }
- .footer_top {
- background-color: #121212;
- }
- .menu_selected {
- background-color: #FFF;
- text-align: center;
- color:#000
- }
- </style>
- </head>
- <body link="#FFFFFF" vlink="#FFFFFF" alink="#FFFFFF">
- <div class="header">
- <div class="Name">
- <table width="100%" height="10%" align="center" class="name">
- <tr>
- <td width="66%">
- <span class="Name">Kiama High School</span>
- </td>
- <td width="33%">
- <p class="login"><a href="admin/login.php"><span >Admin Login</span></a></p>
- </td>
- </tr>
- </table>
- </div>
- <div class="subheading">
- Respect, Commitment to Personal Excellence, Responsibility
- </div>
- <div class="menu">
- <table align="center" width="100%" border="0">
- <tr>
- <td class="menu_selected" width="33%"><a href="home.php"><p class="login">Home</a></a></td>
- <td width="33%"><a href="links.php"><p class="login">Links</p></a></td>
- <td width="33%"><a href="time.php"><p class="login">Time Table</p></a></td>
- </tr>
- </table>
- </div>
- </div>
- <a href="logout.php">Logout</a>
- <br/>
- <center>
- <form action="admin.php" method="get" name="select">
- <select name=area onChange="document.forms['select'].submit()">
- <option>---Please Select an action---</option>
- <option value="event">Add/Remove Events</option>
- <option value="links">Add/Remove Links</option>
- <option value="time">Edit Time Table Times</option>
- <?php
- if($groupid=="0")
- {
- echo '<option value="users">Add/Remove Users</option>';
- //echo '<option value="page">Page edit</option>';
- //echo '<option value="database">Edit Database</option>';
- }
- ?>
- </select>
- </form>
- <?php
- $selection=$_GET['area'];
- if($selection=="users"){
- if (isset($_GET['action']))
- {
- if($_GET['action']=="edit")
- {
- echo '<table><form action="admin.php?area=users&action=edit_confirm" method="post"><tr>';
- $con=mysqli_connect($address,$DB_user,$DB_password,$DB_name);
- // Check connection
- if (mysqli_connect_errno($con))
- {
- echo "Failed to connect to MySQL: " . mysqli_connect_error();
- }
- $query = "SELECT `members`.*
- FROM members;";
- $result = mysqli_query($con,$query);
- $row = mysqli_fetch_array($result, MYSQLI_BOTH);
- echo '<td>';
- echo '<input type="hidden" name="id" value="'.$row['id'].'"';
- echo '<input type="text" name="username" placeholder="'.$row['username'].'"';
- echo '</td>';
- echo '<td>';
- echo '<input type="password" name="password" placeholder="'.$row['username'].'"';
- echo '</td>';
- echo '<td>';
- echo '<select name="groupid">';
- if ($row['groupid']==1)
- {
- echo '<option value=1>Normal Admin</option';
- echo '<option value=0>Super Admin</option>';
- }
- else{
- echo '<option value=0>Super Admin</option>';
- echo '<option value=1>Normal Admin</option';
- }
- echo '</select>';
- echo '</tr></form></table>';
- }
- else{
- echo '<table>';
- echo '<tr>';
- echo '<td>';
- echo 'ID';
- echo '</td>';
- echo '<td>';
- echo 'Username';
- echo '</td>';
- echo '<td>';
- echo 'Password';
- echo '</td>';
- echo '<td>';
- echo 'Group ID';
- echo '</td>';
- echo '</tr>';
- $con=mysqli_connect($address,$DB_user,$DB_password,$DB_name);
- if (mysqli_connect_errno($con))
- {
- echo "Failed to connect to MySQL: " . mysqli_connect_error();
- }
- $query = "SELECT `members`.*
- FROM members;";
- $result = mysqli_query($con,$query);
- while($row = mysqli_fetch_array($result, MYSQLI_BOTH))
- {
- echo '<tr>';
- echo '<td>';
- echo $row['id'];
- echo '</td>';
- echo '<td>';
- echo $row['username'];
- echo '</td>';
- echo '<td>';
- echo $row['password'];
- echo '</td>';
- echo '<td>';
- echo $row['groupid'];
- echo '</td>';
- echo '<td>';
- echo '<form action="admin.php?area=users&action=edit" method="post">';
- echo '<input type="hidden" name="id" value="' .$row['id'] .'"';
- echo '<input type="image" src="../resources/images/postbit/edit.png" alt="Edit">';
- echo '</form>';
- echo '<form action="admin.php?area=users&action=delete" method="post">';
- echo '<input type="hidden" name="id" value="' .$row['id'] .'"';
- echo '<input type="image" src="../resources/images/postbit/delete.png" alt="Delete">';
- echo '</form>';
- echo '</td>';
- echo '</tr>';
- }
- echo '<form action="admin.php?area=users&action=add" method="post">';
- echo '<tr>';
- echo '<td>';
- echo '<input type="image" src="../resources/images/postbit/add.png" alt="Add">';
- echo '</td>';
- echo '<td>';
- echo '<input type="text" name="username" id="username">';
- echo '</td>';
- echo '<td>';
- echo '<input type="password" name="password" id="password">';
- echo '</td>';
- echo '<td>';
- echo '<select name="groupid">';
- echo '<option value="1">Normal Admin</option>';
- echo '<option value="0">Super Admin</option>';
- echo '</select>';
- echo '</td>';
- echo '</tr>';
- echo '</form>';
- echo '</table>';
- mysqli_close($con);
- }
- if ($selection=="time"){
- echo '<form action="admin.php?area=time" method="post"><br />
- <table width="100%" border="0">
- <tr>
- <th scope="col"> </th>
- <th scope="col">Monday</th>
- <th scope="col">Tuesday</th>
- <th scope="col">Wednesday</th>
- <th scope="col">Thrusday</th>
- <th scope="col">Friday</th>
- </tr>
- <tr>
- <th scope="row">0</th>
- <td><input type="text" name="mo0"></td>
- <td><input type="text" name="tu0"></td>
- <td><input type="text" name="we0"></td>
- <td><input type="text" name="th0"></td>
- <td><input type="text" name="fr0"></td>
- </tr>
- <tr>
- <th scope="row">1</th>
- <td><input type="text" name="mo1"></td>
- <td><input type="text" name="tu1"></td>
- <td><input type="text" name="we1"></td>
- <td><input type="text" name="th1"></td>
- <td><input type="text" name="fr1"></td>
- </tr>
- <tr>
- <th scope="row">2</th>
- <td><input type="text" name="mo2"></td>
- <td><input type="text" name="tu2"></td>
- <td><input type="text" name="we2"></td>
- <td><input type="text" name="th2"></td>
- <td><input type="text" name="fr2"></td>
- </tr>
- <tr>
- <th scope="row">3</th>
- <td><input type="text" name="mo3"></td>
- <td><input type="text" name="tu3"></td>
- <td><input type="text" name="we3"></td>
- <td><input type="text" name="th3"></td>
- <td><input type="text" name="fr3"></td>
- </tr>
- <tr>
- <th scope="row">4</th>
- <td><input type="text" name="mo4"></td>
- <td><input type="text" name="tu4"></td>
- <td><input type="text" name="we4"></td>
- <td><input type="text" name="th4"></td>
- <td><input type="text" name="fr4"></td>
- </tr>
- <tr>
- <th scope="row">5</th>
- <td><input type="text" name="mo5"></td>
- <td><input type="text" name="tu5"></td>
- <td><input type="text" name="we5"></td>
- <td><input type="text" name="th5"></td>
- <td><input type="text" name="fr5"></td>
- </tr>
- <tr>
- <th scope="row">6</th>
- <td><input type="text" name="mo6"></td>
- <td><input type="text" name="tu6"></td>
- <td><input type="text" name="we6"></td>
- <td><input type="text" name="th6"></td>
- <td><input type="text" name="fr6"></td>
- </tr>
- <tr>
- <th scope="row">7</th>
- <td><input type="text" name="mo7"></td>
- <td><input type="text" name="tu7"></td>
- <td><input type="text" name="we7"></td>
- <td><input type="text" name="th7"></td>
- <td><input type="text" name="fr7"></td>
- </tr>
- </table>
- <input type="submit" name="time_submit" value="Change Time Tables">
- </form>';
- }
- elseif($selection=="event"){
- echo'<form action="admin.php?area=event&" method="get"
- enctype="multipart/form-data">
- Title
- <input type="text" name="title">
- <br/>
- Information about the event
- <input type="text" name="info">
- <label for="file">Image</label>
- <input type="file" name="file" id="file"><br>
- <input type="submit" name="'.$row['id'].'" value="Submit">
- </form>';
- include ('inc/config.php');
- // Create connection
- $con=mysqli_connect($address,$DB_user,$DB_password,$DB_name);
- // Check connection
- if (mysqli_connect_errno($con))
- {
- echo "Failed to connect to MySQL: " . mysqli_connect_error();
- }
- $result = mysqli_query($con,"SELECT * FROM Event");
- while($row = mysqli_fetch_array($result))
- {
- echo "<a href=" . $row['Link'] . ">";
- echo '<span class="heading">' . $row['Title'] . '</span>';
- echo '<span class="paragraph"'.$row['Information']."";
- echo '<form action="admin.php" method="post">
- <input type="button" name='.$row['id'].'>
- </form>';
- echo "<br\>";
- echo "<hr>";
- echo "<br\>";
- }
- }
- elseif($selection=="link"){
- include ('inc/config.php');
- // Create connection
- $con=mysqli_connect($address,$DB_user,$DB_password,$DB_name);
- // Check connection
- if (mysqli_connect_errno($con))
- {
- echo "Failed to connect to MySQL: " . mysqli_connect_error();
- }
- $result = mysqli_query($con,"SELECT * FROM Links");
- while($row = mysqli_fetch_array($result))
- {
- echo '<span class="heading">' . $row['Title'] . '</span>';
- echo "<br>";
- echo '<span class="paragraph"'.$row['Information']."";
- echo '<form action="admin.php" method="post">
- <input type="button" name='.$row['id'].'>
- </form>';
- echo "<br\>";
- echo "<hr>";
- echo "<br\>";
- }
- }
- if($_POST['mo0'] !== "" AND $_POST['tu0'] !== "" AND $_POST['we0'] !== "" AND $_POST['th0'] !== "" AND $_POST['fr0'] !== "" AND $_POST['mo1'] !== "" AND $_POST['tu1'] !== "" AND $_POST['we1'] !== "" AND $_POST['th1'] !== "" AND $_POST['fr1'] !== "" AND $_POST['mo2'] !== "" AND $_POST['tu2'] !== "" AND $_POST['we2'] !== "" AND $_POST['th2'] !== "" AND $_POST['fr2'] !== "" AND $_POST['mo3'] !== "" AND $_POST['tu3'] !== "" AND $_POST['we3'] !== "" AND $_POST['th3'] !== "" AND $_POST['fr3'] !== "" AND $_POST['mo4'] !== "" AND $_POST['tu4'] !== "" AND $_POST['we4'] !== "" AND $_POST['th4'] !== "" AND $_POST['fr4'] !== "" AND $_POST['mo5'] !== "" AND $_POST['tu5'] !== "" AND $_POST['we5'] !== "" AND $_POST['th5'] !== "" AND $_POST['fr5'] !== "" AND $_POST['mo6'] !== "" AND $_POST['tu6'] !== "" AND $_POST['we6'] !== "" AND $_POST['th6'] !== "" AND $_POST['fr6'] !== "" AND $_POST['mo7'] !== "" AND $_POST['tu7'] !== "" AND $_POST['we7'] !== "" AND $_POST['th7'] !== "" AND $_POST['fr7'] !== "")
- {
- $file = '../time.php';
- $contents='<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Kiama High School Intranet -</title>
- <style type="text/css">
- a:link {
- text-decoration: none;
- position: relative;
- margin-left: 1em;
- }
- a:hover {
- text-decoration: underline;
- }
- a:before {
- position: absolute;
- right: 100%;
- top: 0;
- bottom: 0;
- width: 1em;
- }
- .heading {
- font-family: Tahoma, Geneva, sans-serif;
- font-size: x-large;
- }
- .header {
- color: #FFF;
- background-color: #06F;
- text-align: center;
- padding: 5px;
- font-family: Verdana, Geneva, sans-serif;
- font-size: xx-large;
- margin-top: 20px;
- margin-right: 20px;
- margin-bottom: 0px;
- margin-left: 20px;
- }
- .subheading {
- font-family: Tahoma, Geneva, sans-serif;
- font-size: 24px;
- background-color: #09F;
- text-align: center;
- }
- .Name {
- font-family: Tahoma, Geneva, sans-serif;
- text-align: left;
- }
- .login {
- font-family: Tahoma, Geneva, sans-serif;
- background-color: #06F;
- text-align: center;
- font-size: 18px;
- color: #FFF;
- }
- .menu {
- background-color: #06F;
- padding: 0px;
- font-family: Tahoma, Geneva, sans-serif;
- font-size: 18px;
- text-align: center;
- }
- .footer {
- font-family: Tahoma, Geneva, sans-serif;
- font-size: 14px;
- color: #FFF;
- background-color: #333;
- margin: 20px;
- padding: 10px;
- }
- .footer_top {
- background-color: #121212;
- }
- .menu_selected {
- background-color: #FFF;
- text-align: center;
- color: #000
- }
- </style>
- </head>
- <body link="#FFFFFF" vlink="#FFFFFF" alink="#FFFFFF">
- <div class="header">
- <div class="Name">
- <table width="100%" height="10%" align="center" class="name">
- <tr>
- <td width="406"> Kiama High School </td>
- <td width="198"><p class="login"><a href="admin/login.php"><span >Admin Login</span></a></p></td>
- </tr>
- </table>
- </div>
- <div class="subheading"> Respect, Commitment to Personal Excellence, Responsibility </div>
- <div class="menu">
- <table align="center" width="100%" border="0">
- <tr>
- <td width="200"><a href="index.php">Home</a></td>
- <td width="200"><a href="links.php">
- <p class="login">Links</p>
- </a></td>
- <td class="menu_selected" width="200"><a href="#">
- <span class="menu_selected" style="color:#000">Time Table</span>
- </a></td>
- </tr>
- </table>
- </div>
- </div>
- <center>
- <br />
- <span class="heading">
- Time Table
- </span>
- <hr />
- <table width="100%" border="0">
- <tr>
- <th scope="col">Monday</th>
- <th scope="col">Tuesday</th>
- <th scope="col">Wednesday</th>
- <th scope="col">Thursday</th>
- <th scope="col">Friday</th>
- </tr>
- <tr>
- <td>'.$_POST['mo0'].'</td>
- <td>'.$_POST['tu0'].'</td>
- <td>'.$_POST['we0'].'</td>
- <td>'.$_POST['th0'].'</td>
- <td>'.$_POST['fr0'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo1'].'</td>
- <td>'.$_POST['tu1'].'</td>
- <td>'.$_POST['we1'].'</td>
- <td>'.$_POST['th1'].'</td>
- <td>'.$_POST['fr1'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo2'].'</td>
- <td>'.$_POST['tu2'].'</td>
- <td>'.$_POST['we2'].'</td>
- <td>'.$_POST['th2'].'</td>
- <td>'.$_POST['fr2'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo3'].'</td>
- <td>'.$_POST['tu3'].'</td>
- <td>'.$_POST['we3'].'</td>
- <td>'.$_POST['th3'].'</td>
- <td>'.$_POST['fr3'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo4'].'</td>
- <td>'.$_POST['tu4'].'</td>
- <td>'.$_POST['we4'].'</td>
- <td>'.$_POST['th4'].'</td>
- <td>'.$_POST['fr4'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo5'].'</td>
- <td>'.$_POST['tu5'].'</td>
- <td>'.$_POST['we5'].'</td>
- <td>'.$_POST['th5'].'</td>
- <td>'.$_POST['fr5'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo5'].'</td>
- <td>'.$_POST['tu5'].'</td>
- <td>'.$_POST['we5'].'</td>
- <td>'.$_POST['th5'].'</td>
- <td>'.$_POST['fr5'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo6'].'</td>
- <td>'.$_POST['tu6'].'</td>
- <td>'.$_POST['we6'].'</td>
- <td>'.$_POST['th6'].'</td>
- <td>'.$_POST['fr6'].'</td>
- </tr>
- <tr>
- <td>'.$_POST['mo7'].'</td>
- <td>'.$_POST['tu7'].'</td>
- <td>'.$_POST['we7'].'</td>
- <td>'.$_POST['th7'].'</td>
- <td>'.$_POST['fr7'].'</td>
- </tr>
- </table>
- </center>
- </body>
- </html>';
- }
- elseif($_POST['mo0'] == "" AND $_POST['tu0'] == "" AND $_POST['we0'] == "" AND $_POST['th0'] == "" AND $_POST['fr0'] == "" AND $_POST['mo1'] == "" AND $_POST['tu1'] == "" AND $_POST['we1'] == "" AND $_POST['th1'] == "" AND $_POST['fr1'] == "" AND $_POST['mo2'] == "" AND $_POST['tu2'] == "" AND $_POST['we2'] == "" AND $_POST['th2'] == "" AND $_POST['fr2'] == "" AND $_POST['mo3'] == "" AND $_POST['tu3'] == "" AND $_POST['we3'] == "" AND $_POST['th3'] == "" AND $_POST['fr3'] == "" AND $_POST['mo4'] == "" AND $_POST['tu4'] == "" AND $_POST['we4'] == "" AND $_POST['th4'] !== "" AND $_POST['fr4'] == "" AND $_POST['mo5'] == "" AND $_POST['tu5'] == "" AND $_POST['we5'] == "" AND $_POST['th5'] == "" AND $_POST['fr5'] == "" AND $_POST['mo6'] == "" AND $_POST['tu6'] == "" AND $_POST['we6'] == "" AND $_POST['th6'] == "" AND $_POST['fr6'] == "" AND $_POST['mo7'] == "" AND $_POST['tu7'] == "" AND $_POST['we7'] == "" AND $_POST['th7'] == "" AND $_POST['fr7'] == "")
- {
- echo 'please fill in all the period times';
- }
- /*$allowedExts = array("gif", "jpeg", "jpg", "png");
- $temp = explode(".", $_FILES["file"]["name"]);
- $extension = end($temp);
- if ((($_FILES["file"]["type"] == "image/gif")
- || ($_FILES["file"]["type"] == "image/jpeg")
- || ($_FILES["file"]["type"] == "image/jpg")
- || ($_FILES["file"]["type"] == "image/pjpeg")
- || ($_FILES["file"]["type"] == "image/x-png")
- || ($_FILES["file"]["type"] == "image/png"))
- && ($_FILES["file"]["size"] < 20000)
- && in_array($extension, $allowedExts))
- {
- if ($_FILES["file"]["error"] > 0)
- {
- echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
- }
- else
- {
- echo "Upload: " . $_FILES["file"]["name"] . "<br>";
- echo "Type: " . $_FILES["file"]["type"] . "<br>";
- echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
- echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
- if (file_exists("upload/" . $_FILES["file"]["name"]))
- {
- echo $_FILES["file"]["name"] . " already exists. ";
- }
- else
- {
- include('../inc/config.php');
- // Create connection
- $title=$_POST['title'];
- $info=$_POST['info'];
- $con=mysqli_connect($address,$DB_user,$DB_password,$DB_name);
- $query = "INSERT INTO `Event` (`id`, `Title`, `Info`, `Image`) VALUES (NULL, '$title', '$info', '" .$_FILES['file']['name']."');";
- $result = mysqli_query($con,$query);
- move_uploaded_file($_FILES["file"]["tmp_name"], "images/" . $_FILES["file"]["name"]);
- echo "Stored in: " . "images/" . $_FILES["file"]["name"];
- }
- }
- }*/
- }
- else{
- header("location:login.php");
- }
- ?></center>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement