Mini Shell

Direktori : /home/mhcadmin/public_html/Portal/
Upload File :
Current File : /home/mhcadmin/public_html/Portal/Add_Update_Delete_SChool_Calendar.php

<?php
session_start();
$rootPath = realpath(dirname(__FILE__) . '/..');
require_once $rootPath . '/Portal/config/config.php';

require_once $rootPath . '/Portal/include/auth_validate.php';



    /////// Code for new access control on header menu /////////////////////////
    $User = $_SESSION['id'];
    $UserAccessName = $query3 = $result3 = $Status = "";

    $result = mysqli_query($conn, "SELECT * FROM admin_accounts WHERE id = '$User'");
    $num = mysqli_num_rows($result);

    if ($num > 0) {
        $rows = mysqli_fetch_array($result);
        $UserAccessName = $rows['Access_Level'];
    }

//Code for adding a new subject
    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['Add_Calendar'])) {
        // Sanitize and validate input
        $Calendar_Name = mysqli_real_escape_string($conn, $_POST['Calendar_Name']);
        $Term = mysqli_real_escape_string($conn, $_POST['Term']);
        $Description = mysqli_real_escape_string($conn, $_POST['Description']);
        

        // Check if username already exists
        $sql = mysqli_query($conn, "SELECT * FROM school_year WHERE Calendar_Name = '$Calendar_Name'");
        
        if (mysqli_num_rows($sql) > 0) {
            $_SESSION['failure'] = "Calendar name already exists!";
        } else {
			$sql = mysqli_query($conn,"UPDATE  school_year SET  Status = 'Inactive' WHERE Status = 'Active'");
            $sql = mysqli_query($conn, "INSERT INTO  school_year (Calendar_Name, Term, Description) 
                VALUES ('$Calendar_Name','$Term','$Description')");
         
		 $_SESSION['success'] = "School Calendar Added Successfully!";
		 
		                                               
        }
       header('location: Manager_School_Calendar.php');
				 //}
     exit();  
    }    
	
	//Code for updating a subject
	if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['Update_Calendar'])) {
        // Sanitize and validate input
        $Calendar_Name = mysqli_real_escape_string($conn, $_POST['Calendar_Name']);
        $Term = mysqli_real_escape_string($conn, $_POST['Term']);
        $Description = mysqli_real_escape_string($conn, $_POST['Description']);
        $Calendar_ID = mysqli_real_escape_string($conn, $_POST['Calendar_ID']);
         
		 $sql = mysqli_query($conn,"UPDATE  school_year SET  Calendar_Name = '$Calendar_Name', Term = '$Term', Description = '$Description' WHERE id = '$Calendar_ID'"); 
	
		 $_SESSION['success'] = "School Calendar Updated Successfully!";
        
        header('location: Manager_School_Calendar.php');
        exit();
    }

?>