-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSubmit.php
More file actions
170 lines (135 loc) · 5.17 KB
/
Submit.php
File metadata and controls
170 lines (135 loc) · 5.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<?php
// Getting form data into variables
$department = $_POST["OrgName"];
$faculty = $_POST["OrgFacName"];
$topic = $_POST["Topic"];
$guests = $_POST["Guest"];
$participants = $_POST["Participants"];
$academicyear = $_POST["academicyear"];
$event_type = $_POST["Type"];
$event_type_text = $_POST["OType"];
$is_online = $_POST["isOnline"];
$datetime = new DateTime($_POST["Datetime"]);
$days = $_POST["Days"];
$days_text = $_POST["ODays"];
$aegis_iqac = (!empty($_POST["IQAC"]) ? $_POST["IQAC"] : "No");
$aegis_dbtstar = (!empty($_POST["DBTStar"]) ? $_POST["DBTStar"] : "No");
$About = $_POST['About'];
$poster = $_FILES["File"];
$maxSize = 25600; // Maximum File size in Kilo Bytes
//Processsing Data
if ($event_type == "Other") {
$event_type = $event_type_text;
}
if ($days == "Other") {
$days = $days_text;
}
$days = (int)$days;
$aegis = $aegis_iqac == "on" ? ($aegis_dbtstar == "on" ? "IQAC, DBT*" : "IQAC") : ($aegis_dbtstar == "on" ? "DBT*" : "None");
// Error Checking
function SendMessage($message) { // Function to send message back to the form
header("Location: ./EventDetailsForm.php?message=$message");
die();
}
function CheckName($name) {
return preg_match('/^[A-Za-z0-9\s\.]+$/', $name); //Regex Test
}
function CheckNames($names) {
return preg_match('/^[A-Za-z0-9\s\.\,]+$/', $names);
}
function CheckEvent($event) {
return preg_match('/^[a-zA-Z0-9\,\.\s\/\\\]+$/', $event);
}
function ValidateDate($date) {
return $date > new DateTime(date('Y-m-d H:i:s'));
}
$file_split = explode(".", $poster['name']); // Dividing the string using `.`
$ext = strtolower($file_split[count($file_split)-1]); // Extracting the extension
$check = in_array($ext, ["pdf", "png", "jpeg", "jpg", "bmp"]);
if(!$check) {
SendMessage("File is not an image or pdf");
}
$check = $poster['size'] > $maxSize;
if(!$check) {
SendMessage("File Size should be less then 25mb");
}
$check1 = CheckName($department);
if(!$check1) {
SendMessage("Enter a valid departement name");
}
$check2 = CheckName($faculty);
if(!$check2) {
SendMessage("Enter a valid faculty name");
}
$check3 = CheckName($topic);
if(!$check3) {
SendMessage("Enter a valid topic name");
}
if($guests < 0) {
SendMessage("Enter a valid number of guests name");
}
if($participants < 0) {
SendMessage("Enter a valid number of participants name");
}
$check5 = CheckEvent($event_type);
if(!$check5) {
SendMessage("Enter a valid event type");
}
$check6 = ValidateDate($datetime);
if(!$check6) {
SendMessage("Enter a valid date type");
}
if($days < 1) {
SendMessage("Enter a valid number of days");
}
$check7 = str_word_count($About);
if(!$check7) {
SendMessage("Word Count for the about section needs to be between 50 and 100");
}
//Including DataBaseFile
require "./Database.php";
//Checking if an event with same name and same date exists
$dt = $datetime->format("Y-m-d H:i:s");
$sql = "SELECT `EventID` FROM $TableName Where `Topic`=\"$topic\" AND `DateTime`=\"$dt\"";
$res = mysqli_query($conn, $sql);
if($res->fetch_assoc() != null) {
SendMessage("Same event already exists");
}
$t = time();
$poster_name = mysqli_real_escape_string($conn, "$t" . "_" . $poster['name']);
$About = mysqli_real_escape_string($conn, $About);
$sql = "INSERT INTO $TableName VALUES (DEFAULT, \"$topic\", \"$event_type\", \"$academicyear\", \"$dt\", \"$days\", \"$is_online\", \"$department\", \"$guests\", \"$participants\", \"$faculty\", \"$aegis\", \"$poster_name\", \"$About\")";
mysqli_query($conn, $sql);
move_uploaded_file($poster['tmp_name'], "./POSTERS/$poster_name");
$EventID = mysqli_insert_id($conn);
?>
<!-- Form Completion -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<title>Event Details</title>
<!-- Style -->
<link rel="stylesheet" href="CSS/EventForm.css">
</head>
<body>
<div class="form">
<!-- Head -->
<div class = "form__item form__top"></div>
<div class="form__item form__head">
<h1 class="form__title">Thanks for filling the form</h1>
<div class="form__desc">
You have sumbitted the form correctly we will contact you shortly, <br>
your form id: <?php echo $EventID; ?><br>
<a href="./index.php">Fill another form?</a>
</div>
</div>
<!-- Footer(ish) -->
<div class="form__end">
<span class="EndText"> <b>Deshbandhu</b> College </span>
</div>
</div>
</body>
</html>
<?php exit();?>