CasperSecurity

Current Path : /var/www/mvc360.ucnms.co.in/v.2.0/api/request/sales/employee_api/
Upload File :
Current File : /var/www/mvc360.ucnms.co.in/v.2.0/api/request/sales/employee_api/employee_edit_api.php

<?php
session_start();
include '../../../../web/connection/connection.php';	


$employee_id = $_REQUEST['employee_id'];

$employee_type = $_REQUEST['employee_type'];
//$emp_code = $_REQUEST['emp_code'];
$first_name = $_REQUEST['first_name'];
$last_name = $_REQUEST['last_name'];

$address = $_REQUEST['address'];
$mobile_no = $_REQUEST['mobile_no'];
$mail_id = $_REQUEST['mail_id'];
$father_name = $_REQUEST['father_name'];
$father_mobil_no = $_REQUEST['father_mobil_no'];
$dateofbirth = $_REQUEST['dateofbirth'];

$joining_date = $_REQUEST['joining_date'];
$pfno = $_REQUEST['pfno'];
$esi_no = $_REQUEST['esi_no'];

 $department_name = $_REQUEST['department_name'];
$designation_name = $_REQUEST['designation_name'];

$education = $_REQUEST['education'];
$institution = $_REQUEST['institution'];
$pass_year = $_REQUEST['pass_year'];

$marks = $_REQUEST['marks'];
$emp_is_active = $_REQUEST['status'];

if($emp_is_active == 'Active'){
								
    $status = 'yes';
 }else{
	 $status = 'no';
}

  $db_handle = new DBController();
  $khu=$db_handle-> runQuery("SELECT * FROM user WHERE employee_id = '$employee_id' ");
  foreach($khu as $vjk)  {
     $user_idut = $vjk['user_id'];
	}
	
$db_handle = new DBController();
$newUpdate = $db_handle->runMyUpdate("UPDATE user SET is_active = '$status', modified_on='$datet', modified_by='$userId' WHERE user_id = '$user_idut'");


$imgname = $_FILES['photo']['name'];
$photoPath = "../../../../web/uploads/imguploads/";
$imgtype = pathinfo($imgname,PATHINFOEXTENSION);
$maxsize = 2097152;
$tempname = $_FILES['photo']['tmp_name'];
$photoUpload = move_uploaded_file($tempname,$photoPath.$imgname);


$imgnamee = $_FILES['signature']['name'];
$photoPath = "../../../../web/uploads/imguploads/";
$imgtype = pathinfo($imgnamee,PATHINFOEXTENSION);
$maxsize = 2097152;
$tempname = $_FILES['signature']['tmp_name'];
$photoUpload = move_uploaded_file($tempname,$photoPath.$imgnamee);

$employee_id_from_date = $_REQUEST['employee_id_from_date'];
$employee_id_to_date = $_REQUEST['employee_id_to_date'];

$db_handle = new DBController();
$emp = $db_handle->runQuery("SELECT * FROM employee_type
 WHERE employee_type = '$employee_type'");
 
foreach($emp as $empresult){
 $employee_type_id = $empresult['employee_type_id'];
}

$db_handle = new DBController();
$dept = $db_handle->runQuery("SELECT * FROM department WHERE department_name = '$department_name'");
foreach($dept as $deptresult){
 $department_id = $deptresult['department_id'];
}


$db_handle = new DBController();
$design = $db_handle->runQuery("SELECT * FROM designation WHERE designation_name = '$designation_name'");
foreach($design as $designationresult){
 $designation_id = $designationresult['designation_id'];

}


$date = date("Y-m-d");
$datet = date("Y-m-d H:i:s");

 $userId   = $_SESSION['USER_ID'];
//$userId = '1';


   $db_handle = new DBController();
$denumrows = $db_handle->numRows("SELECT * FROM employee_type WHERE employee_type = '$employee_type'");
if($denumrows >= '1'){
	$newInsertt = $employee_type_id;
}else{
	    
	$db_handle = new DBController();
	    $newInsertt = $db_handle->tableinsert("INSERT INTO  employee_type(employee_type,created_on,created_by,is_active) 
		VALUES ('$employee_type','$datet','$userId','$active')");
}
	
		
$db_handle = new DBController();
$deptnumrows = $db_handle->numRows("SELECT * FROM department WHERE department_name = '$department_name'");
if($deptnumrows >= '1'){
	$newInserttt = $department_id;
}else{	
	$db_handle = new DBController();
	    $newInserttt = $db_handle->tableinsert("INSERT INTO  department(department_name,created_on,created_by,dep_is_active) 
		VALUES ('$department_name','$datet','$userId','$active')");
	
}
	
$db_handle = new DBController();
$designumrows = $db_handle->runQuery("SELECT * FROM designation WHERE designation_name = '$designation_name'");	
if($designumrows >= '1'){
	$newInserth = $designation_id;
}else{	
     $db_handle = new DBController();
	    $newInserth = $db_handle->tableinsert("INSERT INTO  designation(designation_name,created_on,created_by,is_active) 
		VALUES ('$designation_name','$datet','$userId','$active')");
}	
if(!empty($_FILES['photo']['name'])){
$db_handle = new DBController();
$newUpdate = $db_handle->runMyUpdate("UPDATE employee SET  employee_type_id = '$newInsertt',first_name ='$first_name',
 last_name = '$last_name',address = '$address', mobile_no = '$mobile_no',
 mail_id ='$mail_id', father_name = '$father_name', father_mobil_no = '$father_mobil_no', dateofbirth = '$dateofbirth', joining_date = '$joining_date', pfno = '$pfno', esi_no = '$esi_no', department_id= '$newInserttt',designation_id='$newInserth',education = '$education', institution ='$institution',
 pass_year ='$pass_year', marks = '$marks', photo='$imgname', employee_id_from_date ='$employee_id_from_date', employee_id_to_date = '$employee_id_to_date', emp_is_active = '$status',  
 modified_on='$datet', modified_by='$userId' WHERE employee_id  = '$employee_id'");
}elseif(!empty($_FILES['signature']['name'])){
$db_handle = new DBController();
$newUpdate = $db_handle->runMyUpdate("UPDATE employee SET  employee_type_id = '$newInsertt',first_name ='$first_name',
 last_name = '$last_name',address = '$address', mobile_no = '$mobile_no',
 mail_id ='$mail_id', father_name = '$father_name', father_mobil_no = '$father_mobil_no', dateofbirth = '$dateofbirth', joining_date = '$joining_date', pfno = '$pfno', esi_no = '$esi_no', department_id= '$newInserttt',designation_id='$newInserth',education = '$education', institution ='$institution',
 pass_year ='$pass_year', marks = '$marks', signature = '$imgnamee', employee_id_from_date ='$employee_id_from_date', employee_id_to_date = '$employee_id_to_date', emp_is_active = '$status',  
 modified_on='$datet', modified_by='$userId' WHERE employee_id  = '$employee_id'");	
}else{
	
	$db_handle = new DBController();
$newUpdate = $db_handle->runMyUpdate("UPDATE employee SET  employee_type_id = '$newInsertt',first_name ='$first_name',
 last_name = '$last_name',address = '$address', mobile_no = '$mobile_no',
 mail_id ='$mail_id', father_name = '$father_name', father_mobil_no = '$father_mobil_no', dateofbirth = '$dateofbirth', joining_date = '$joining_date', pfno = '$pfno', esi_no = '$esi_no', department_id= '$newInserttt',designation_id='$newInserth',education = '$education', institution ='$institution',
 pass_year ='$pass_year', marks = '$marks',  employee_id_from_date ='$employee_id_from_date', employee_id_to_date = '$employee_id_to_date', emp_is_active = '$status',  
 modified_on='$datet', modified_by='$userId' WHERE employee_id  = '$employee_id'");	
}	
 
 	
if($newUpdate === TRUE){ 
			
			$_SESSION['ERROR_MSG'] = "Success";
		  $_SESSION['MSG_ALRT'] = "TRUE";
	header('location:../../../../web/home/modules/sales/employee/employee_gridview.php');
		}else{
			 $_SESSION['ERROR_MSG'] = "Unsuccess";
		  $_SESSION['MSG_ALRT'] = "FALSE";
	header('location:../../../../web/home/modules/sales/employee/employee_gridview.php');
		}

?>
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY