OverLord Shell
<?php session_start();
if(!isset($_SESSION['company_id']) || !isset($_SESSION['company_name'])){session_destroy();echo "login.php";exit;}
if(!in_array(2,$_SESSION['role'])){echo "404.php";exit;}
if($_SERVER['REQUEST_METHOD']!='POST' || empty($_POST)){echo "404.php";exit;}
require_once("../db/conn.php");
$uid=$_POST['uid'];
$username=trim(preg_replace('/[^a-zA-Z0-9]+/','',$_POST['username']));
$fullname=trim($_POST['fullname']);
$email=filter_var(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL), FILTER_VALIDATE_EMAIL);
$phone=trim(preg_replace('/[^0-9]+/','',$_POST['phone']));
$role="";
foreach($_POST['section'] as $secval){
if($secval%2==0)$role.=($secval-1).",";
$role.=$secval.",";
}
$role=rtrim($role,',');
$selr=$connection->query("SELECT usersrno FROM busdir_mst_users WHERE usersrno!=".$uid." AND (username='".$username."' OR email='".$email."')");
if($selr->num_rows!=0)echo "Duplicate Username or Email";
else{
$updateq="UPDATE busdir_mst_users SET username='$username',name='$fullname',email='$email',phone='$phone',";
if(!empty($role))$updateq.="role='$role',";else $updateq.="role=NULL,";
$updateq.="modifiedby='".$_SESSION['company_id']."' WHERE usersrno=".$uid;
$updater=$connection->query($updateq);
if($updater)echo "success";
else echo "An unknown error occured. Please try again.";
}
$selr->free();
$connection->close();
?>
xRyukZ - Copyright 2k19