Mini Shell

Direktori : /home/mhcadmin/www/Portal/
Upload File :
Current File : /home/mhcadmin/www/Portal/Add_Update_Delete_Subject.php

<?php
session_start();
$rootPath = realpath(dirname(__FILE__) . '/..');
require_once $rootPath . '/Portal/config/config.php';
require_once $rootPath . '/Portal/include/auth_validate.php';



    /////// Code for new access control on header menu /////////////////////////
    $User = $_SESSION['id'];
    $UserAccessName = $query3 = $result3 = $Status = "";

    $result = mysqli_query($conn, "SELECT * FROM admin_accounts WHERE id = '$User'");
    $num = mysqli_num_rows($result);

    if ($num > 0) {
        $rows = mysqli_fetch_array($result);
        $UserAccessName = $rows['Access_Level'];
    }

//Code for adding a new subject
    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['Add_Subject'])) {
        // Sanitize and validate input
        $Full_Name = mysqli_real_escape_string($conn, $_POST['Full_Name']);
        $Remarks = mysqli_real_escape_string($conn, $_POST['Remarks']);
        

        // Check if username already exists
        $check_sql = "SELECT * FROM offered_subjects WHERE Name = '$Full_Name'";
        $check_result = mysqli_query($conn, $check_sql);
        
        if (mysqli_num_rows($check_result) > 0) {
            $_SESSION['failure'] = "Subject already exists!";
        } else {
            $sql = mysqli_query($conn, "INSERT INTO  offered_subjects (Name, Remarks) 
                VALUES ('$Full_Name','$Remarks')");
         
		 $_SESSION['success'] = "Subject Added Successfully!";
		 
		
        }
       header('location: MAnageSubjects.php');
				 //}
     exit();  
    }
	
	//Code for updating a subject
	if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['Update_Subject'])) {
        // Sanitize and validate input
        $Full_Name = mysqli_real_escape_string($conn, $_POST['Full_Name']);
        $Remarks = mysqli_real_escape_string($conn, $_POST['Remarks']);
        $SubjectID = mysqli_real_escape_string($conn, $_POST['SubjectID']);
        
         
		 $sql = mysqli_query($conn,"UPDATE  offered_subjects SET  Name = '$Full_Name', Remarks = '$Remarks' WHERE id = '$SubjectID'"); 
	
		 $_SESSION['success'] = "Subject Updated Successfully!";
        
        header('location: MAnageSubjects.php');
        exit();
    }

 $db = getDbInstance();
// Code to delete a subject record

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['Delete_Subject'])) {
 
 $SubjectID = mysqli_real_escape_string($conn, $_POST['SubjectID']);    
    $db->where('id', $SubjectID);
    $stat = $db->delete('offered_subjects');
    
	if($stat){
		
		//Event Trail
			   date_default_timezone_set('Africa/Blantyre');
				$EventTime = date('d-m-Y H:i', time());
						 
				$Action = $RecordType = $Details = $Date = $User = '';
				$Action = 'Delete Record'; 
				$RecordType = 'Delete Subject';
				$Details = "with User ID Number $SubjectID";
				$Date = "$EventTime";
				$User = $_SESSION['Full_Name'];
						 
				 $sql = mysqli_query($conn,"INSERT INTO eventtrail (Action,RecordType,Details,Date,User) 
							VALUES ('$Action','$RecordType','$Details','$Date','$User')");
		
        $_SESSION['info'] = "Subject deleted successfully!";
        header('location: MAnageSubjects.php');
        exit;
	}  
}

?>