Skip to content
Permalink
Browse files
XSS Fixed
  • Loading branch information
imran300 committed Sep 4, 2021
1 parent db52f0b commit ff4f7c577802c6904cc3ed7bca250ec192bc47c6
Showing with 108 additions and 50 deletions.
  1. +108 −50 application/controllers/Employees.php
@@ -34,6 +34,10 @@ public function __construct()
// A view function for add new employee
public function add_employee()
{
$group_id = $this->session->userdata("group_id");
if ($group_id != 1) {
$Page = $this->General->check_url_permission_single();
}
$this->header();

$this->load->view('employee/add_employee');
@@ -44,6 +48,10 @@ public function add_employee()
// Adding new employees
public function insert_employee()
{
$group_id = $this->session->userdata("group_id");
if ($group_id != 1) {
$Page = $this->General->check_url_permission_single();
}
$uploaddir = "uploads/images/";
if ($_FILES['file_picture']['name'] != '') {

@@ -78,56 +86,85 @@ public function insert_employee()
}


$this->load->library('form_validation');
extract($_POST);
$this->form_validation->set_rules('EMP_NAME', 'Employee Name', 'trim|required|min_length[5]|max_length[12]');
if ($this->form_validation->run() == FALSE) {
$this->session->set_flashdata('error', 'Invalid Input');
redirect(base_url() . 'index.php/Employees/add_employee');
} else {
$this->load->model('Main_model');
$record = $this->Main_model->fetch_maxid("employee_profile");
foreach ($record as $record) {

$this->load->model('Main_model');
$record = $this->Main_model->fetch_maxid("employee_profile");
foreach ($record as $record) {
$Maxtype = $record->EMP_ID;
}
$EMP_ID = $Maxtype + 1;
$user_id = $this->session->userdata('user_id');
$data = array(
'EMP_ID' => $EMP_ID,
'EMP_NAME' => $this->security->xss_clean($emp_name),
'EMP_EMAIL' => $this->security->xss_clean($fname),
'EMP_ADDRESS' => $this->security->xss_clean($curr_address),
'EMP_GENDER' => $per_address,
'EMP_PHONE' => $this->security->xss_clean($contact_no),
'EMP_CELL' => $this->security->xss_clean($mobile_no),
'EMP_DATE' => date('Y-m-d'),
'CREATED_DATE' => date('Y-m-d'),
'CREATED_USERID' => $user_id

$Maxtype = $record->EMP_ID;
}
$EMP_ID = $Maxtype + 1;
$user_id = $this->session->userdata('user_id');
$data = array(
'EMP_ID' => $EMP_ID,
'EMP_NAME' => $emp_name,
'EMP_EMAIL' => $fname,
'EMP_ADDRESS' => $curr_address,
'EMP_GENDER' => $per_address,
'EMP_PHONE' => $contact_no,
'EMP_CELL' => $mobile_no,
'EMP_DATE' => date('Y-m-d'),
'CREATED_DATE' => date('Y-m-d'),
'CREATED_USERID' => $user_id

);
if ($picture != '') {

$data['EMP_PIC'] = $picture;
}
);
if ($picture != '') {

$this->db->insert('employee_profile', $data);
$this->session->set_flashdata('msg', '<div class="alert alert-success alert-dismissable">
$data['EMP_PIC'] = $picture;
}


$this->db->insert('employee_profile', $data);
$this->session->set_flashdata('msg', '<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert"
aria-hidden="true">
&times;
</button>
<span>Record added Successfully..!</span>
</div>');
redirect(base_url() . 'index.php/employees/employee_list');
redirect(base_url() . 'index.php/employees/employee_list');
}
}


// Updating employee information
public function update_employee()
{
$group_id = $this->session->userdata("group_id");
if ($group_id != 1) {
$Page = $this->General->check_url_permission_single();
}
extract($_POST);


$uploaddir = "uploads/images/";
if ($_FILES['file_picture']['name'] != '') {
$picture = '';
// exit;

$data_upload = $uploaddir . basename($_FILES['file_picture']['name']);
$imageFileType = strtolower(pathinfo($data_upload, PATHINFO_EXTENSION));
//exit;
// Allow certain file formats
if (
$imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif"
) {
$this->session->set_flashdata('msg', '<div class="alert alert-warning alert-dismissable">
<button type="button" class="close" data-dismiss="alert"
aria-hidden="true">
&times;
</button>
<span>Sorry, only JPG, JPEG, PNG & GIF files are allowed.</span>
</div>');
//echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
redirect(base_url() . 'index.php/employees/add_employee');
}
if (move_uploaded_file($_FILES['file_picture']['tmp_name'], $data_upload)) {

$picture = $data_upload;
@@ -138,40 +175,56 @@ public function update_employee()

$picture = '';
}
$user_id = $this->session->userdata('user_id');
$data = array(
'EMP_NAME' => $emp_name,
'EMP_EMAIL' => $emp_email,
'EMP_ADDRESS' => $caddress,
'EMP_GENDER' => $emp_gender,
'EMP_PHONE' => $emp_phone,
'EMP_CELL' => $emp_cell,
'EMP_DATE' => date('Y-m-d'),
'CREATED_DATE' => date('Y-m-d'),
'CREATED_USERID' => $user_id

);
if ($picture != '') {

$data['EMP_PIC'] = $picture;
}

$where = array('EMP_ID' => $emp_id);
$this->db->update('employee_profile', $data, $where);
$this->session->set_flashdata('msg', '<div class="alert alert-success alert-dismissable">
$this->load->library('form_validation');
extract($_POST);
$this->form_validation->set_rules('category_name', 'Category Name', 'trim|required|min_length[5]|max_length[12]');
if ($this->form_validation->run() == FALSE) {
$this->session->set_flashdata('error', 'Invalid Input');
redirect(base_url() . 'index.php/category/list_category');
} else {


$user_id = $this->session->userdata('user_id');
$data = array(
'EMP_ID' => $EMP_ID,
'EMP_NAME' => $this->security->xss_clean($emp_name),
'EMP_EMAIL' => $this->security->xss_clean($emp_email),
'EMP_ADDRESS' => $this->security->xss_clean($caddress),
'EMP_GENDER' => $emp_gender,
'EMP_PHONE' => $this->security->xss_clean($emp_phone),
'EMP_CELL' => $this->security->xss_clean($emp_cell),
'EMP_DATE' => date('Y-m-d'),
'CREATED_DATE' => date('Y-m-d'),
'CREATED_USERID' => $user_id

);
if ($picture != '') {

$data['EMP_PIC'] = $picture;
}

$where = array('EMP_ID' => $emp_id);
$this->db->update('employee_profile', $data, $where);
$this->session->set_flashdata('msg', '<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert"
aria-hidden="true">
&times;
</button>
<span>Record Updated Successfully..!</span>
</div>');

redirect(base_url() . 'index.php/employees/employee_list');
redirect(base_url() . 'index.php/employees/employee_list');
}
}

// List of all employees
public function employee_list()
{
$group_id = $this->session->userdata("group_id");
if ($group_id != 1) {
$Page = $this->General->check_url_permission_single();
}
$data['employees'] = $this->General->fetch_records("employee_profile");
$this->header($title = 'Employees List');
$this->load->view('employee/employee_list', $data);
@@ -180,6 +233,7 @@ public function employee_list()
// Employee details
public function employee_detail()
{

$id = $this->uri->segment(3);
$where = array('EMP_ID' => $id);
$this->header();
@@ -190,6 +244,10 @@ public function employee_detail()
// Edit employee form
public function edit_employee($id)
{
$group_id = $this->session->userdata("group_id");
if ($group_id != 1) {
$Page = $this->General->check_url_permission_single();
}
$data['record'] = $this->General->select_where('employee_profile', array('EMP_ID' => $id));
$this->header();
$this->load->view('employee/edit_employee', $data);

0 comments on commit ff4f7c5

Please sign in to comment.