-
Notifications
You must be signed in to change notification settings - Fork 0
/
list.php
executable file
·108 lines (93 loc) · 2.58 KB
/
list.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?php
include("connect.php");
if(isset($_SESSION['ID']))
{
if(htmlspecialchars($_SESSION['ID'],ENT_QUOTES)!="admin")
{
echo location(0, "login.php");
}
else
{
$department= array("Data Processing","Public Relations","Sales Responsible","Technical Support","R & D (Research-Development)");
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<div class="body"></div>
<div class="grad"></div>
<div class="welcome"><div>Welcome <span><?php echo htmlspecialchars($username,ENT_QUOTES);?></span> </div></div>
<div class="container">
<form action="list.php" method="POST">
<select name="department">
<option value="all">< All ></option>
<?php
foreach($department as $dep)
{
echo '<option value="'.$dep.'">'.$dep.'</option>';
}
?>
</select>
<input type="submit" value="Filter" name="filter">
<input type="submit" value="Back" name="back">
</form>
<div class="table">
<table >
<thead>
<tr>
<th><h1>Identity Number</h1></th>
<th><h1>Name&Surname</h1></th>
<th><h1>Phone Number</h1></th>
<th><h1>Department</h1></th>
<th><h1>Permission Day</h1></th>
<th><h1>Permission Status</h1></th>
<th><h1>Permission Start</h1></th>
<th><h1>Permission End</h1></th>
</tr>
</thead>
<tbody>
<?php
$stmt=$db->prepare("select * from systemTable");
if(isset($_POST['back']))
{
echo location(0, "admin.php");
}
else if(isset($_POST['filter']))
{
if($_POST['department']!="all")
{
$stmt=$db->prepare("select * from systemTable where DEPARTMENT=?");
$stmt->bindParam(1,$_POST['department']);
}
}
$stmt->execute();
if($stmt->rowCount()>0)
{
while($fetch=$stmt->fetch(PDO::FETCH_ASSOC))
{
##htmlspecialchars(..) for avoiding xss##
echo '<tr>
<td>'. htmlspecialchars($fetch['IDENTITY_NO']).'</td>
<td>'. htmlspecialchars($fetch['NAME'].' '.$fetch['SURNAME']).'</td>
<td>'. htmlspecialchars($fetch['PHONE_NO']).' </td>
<td>'. htmlspecialchars($fetch['DEPARTMENT']).'</td>
<td>'. htmlspecialchars($fetch['PERMISSION_DAY']).'</td>
<td>'. htmlspecialchars($fetch['PERMISSION_STATUS']).'</td>
<td>'. htmlspecialchars($fetch['PERMISSION_START']).'</td>
<td>'. htmlspecialchars($fetch['PERMISSION_END']).'</td></tr>';
}
}
}
}
else
{
echo location(0, "index.php");
}
?>
</tbody>
</table>
</div>
</div>
</body>
</html>