File: /home/rtbrisc/public_html/admin/api/newstaff.php
<?php
session_start();
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
$postdata = file_get_contents("php://input");
if (isset($postdata)) {
$request = json_decode($postdata);
$staffID = $request->StaffID;
$firstName = $request->Firstname;
$lastName = $request->Lastname;
$mobileNumber = $request->MobileNumber;
$address = $request->Address;
$staffCategory = $request->StaffCategory;
$picture = $request->Picture;
date_default_timezone_set("Africa/Lagos");
require_once('connect/staff.php');
// To protect MySQL injection for Security purpose
$StaffID = stripslashes($staffID);
$Firstname = stripslashes($firstName);
$Lastname = stripslashes($lastName);
$MobileNumber = stripslashes($mobileNumber);
$Address = stripslashes($address);
$StaffCategory = stripslashes($staffCategory);
$Picture = stripslashes($picture);
// $StaffID = "BGS-" . str_pad(mt_rand(1,9999),4,'0',STR_PAD_LEFT);
$StaffID = $db->real_escape_string($StaffID);
$Firstname = $db->real_escape_string($Firstname);
$Lastname = $db->real_escape_string($Lastname);
$MobileNumber = $db->real_escape_string($MobileNumber);
$Address = $db->real_escape_string($Address);
$StaffCategory = $db->real_escape_string($StaffCategory);
$Picture = $db->real_escape_string($Picture);
$check = "SELECT count(*) FROM tblstaff WHERE StaffID = '$StaffID' && Lastname ='$Lastname'";
$rs = mysqli_query($db, $check);
$data = mysqli_fetch_array($rs, MYSQLI_NUM);
//print_r($data);
if($data[0] > 0) {
$outp = '{"result":{"created": "0" , "exists": "1" } }';
}else{
$staff = "INSERT INTO tblstaff (StaffID, CategoryID, StaffStatus, Firstname, Lastname, MobileNumber, Address, Picture)
VALUES ('$StaffID', '$StaffCategory', 1, '$Firstname', '$Lastname', '$MobileNumber', '$Address', '$Picture')";
// $user = "INSERT INTO tbluser (StaffID, Password) VALUES ('$StaffID', )";
if ($db->query($staff) === TRUE) {
$outp = '{"result":{"created": "1" , "exists": "0" } }';
}else{
$outp = '{"result":{"created": "-1" , "exists": "0" } }';
}
}
echo $outp;
$db->close();
}
?>