D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
thread-self
/
root
/
home
/
shubmkcj
/
urbane.createerp.com
/
Filename :
insert-user-permission.php
back
Copy
<?php ob_start(); session_start(); include 'config.php'; $userId = addslashes(stripslashes($_POST['userid'])); $sourceId = $_SESSION["source_id"]; $contactView = isset($_POST["contactView"]) ? $_POST["contactView"] : ""; $contactAdd = isset($_POST["contactAdd"]) ? $_POST["contactAdd"] : ""; $contactEdit = isset($_POST["contactEdit"]) ? $_POST["contactEdit"] : ""; $contactDelete = isset($_POST["contactDelete"]) ? $_POST["contactDelete"] : ""; $inventoryView = isset($_POST["inventoryView"]) ? $_POST["inventoryView"] : ""; $inventoryAdd = isset($_POST["inventoryAdd"]) ? $_POST["inventoryAdd"] : ""; $inventoryEdit = isset($_POST["inventoryEdit"]) ? $_POST["inventoryEdit"] : ""; $inventoryDelete = isset($_POST["inventoryDelete"]) ? $_POST["inventoryDelete"] : ""; $financeView = isset($_POST["financeView"]) ? $_POST["financeView"] : ""; $financeAdd = isset($_POST["financeAdd"]) ? $_POST["financeAdd"] : ""; $financeEdit = isset($_POST["financeEdit"]) ? $_POST["financeEdit"] : ""; $financeDelete = isset($_POST["financeDelete"]) ? $_POST["financeDelete"] : ""; $generalView = isset($_POST["generalView"]) ? $_POST["generalView"] : ""; $generalAdd = isset($_POST["generalAdd"]) ? $_POST["generalAdd"] : ""; $generalEdit = isset($_POST["generalEdit"]) ? $_POST["generalEdit"] : ""; $generalDelete = isset($_POST["generalDelete"]) ? $_POST["generalDelete"] : ""; $userView = isset($_POST["userView"]) ? $_POST["userView"] : ""; $userAdd = isset($_POST["userAdd"]) ? $_POST["userAdd"] : ""; $userEdit = isset($_POST["userEdit"]) ? $_POST["userEdit"] : ""; $userDelete = isset($_POST["userDelete"]) ? $_POST["userDelete"] : ""; $sqlGetUser = "SELECT * FROM user_permission WHERE user_email = '$userId' AND source_id = '$sourceId'"; $result = mysqli_query($conn, $sqlGetUser); if(mysqli_num_rows($result) > 0){ $sqlInsertPermission = "UPDATE user_permission SET contact_view = '$contactView', contact_add = '$contactAdd', contact_edit = '$contactEdit', contact_delete = '$contactDelete', inventory_view = '$inventoryView', inventory_add = '$inventoryAdd', inventory_edit = '$inventoryEdit', inventory_delete = '$inventoryDelete', finance_view = '$financeView', finance_add = '$financeAdd', finance_edit = '$financeEdit', finance_delete = '$financeDelete', general_view = '$generalView', general_add = '$generalAdd', general_edit = '$generalEdit', general_delete = '$generalDelete', user_view = '$userView', user_add = '$userAdd', user_edit = '$userEdit', user_delete = '$userDelete' WHERE user_email = '$userId' AND source_id = '$sourceId'"; } else{ $sqlInsertPermission = "INSERT INTO user_permission(user_email, source_id, contact_view, contact_add, contact_edit, contact_delete, inventory_view, inventory_add, inventory_edit, inventory_delete, finance_view, finance_add, finance_edit, finance_delete, general_view, general_add, general_edit, general_delete, user_view, user_add, user_edit, user_delete) VALUES ('$userId','$sourceId', '$contactView', '$contactAdd', '$contactEdit', '$contactDelete', '$inventoryView', '$inventoryAdd', '$inventoryEdit', '$inventoryDelete', '$financeView', '$financeAdd', '$financeEdit', '$financeDelete', '$generalView', '$generalAdd', '$generalEdit', '$generalDelete', '$userView', '$userAdd', '$userEdit', '$userDelete')"; } if ($conn->query($sqlInsertPermission) === TRUE) { echo '<script>localStorage.setItem("PermissionGranted", "true");</script>'; echo '<script>location.replace("user.php")</script>'; } else { print_r(mysqli_error($conn)); } ?>