MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/api/newstaff.php
<?php
session_start();

	if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
	}
	
    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
        exit(0);
    }

   $postdata = file_get_contents("php://input");

if (isset($postdata)) {

	$request = json_decode($postdata);

	$staffID = $request->StaffID;
	$firstName = $request->Firstname;
	$lastName = $request->Lastname;
	$mobileNumber = $request->MobileNumber;
	$address = $request->Address;
	$staffCategory = $request->StaffCategory;
	$picture = $request->Picture;

	date_default_timezone_set("Africa/Lagos");
	require_once('connect/staff.php');

	// To protect MySQL injection for Security purpose
	$StaffID = stripslashes($staffID);
	$Firstname = stripslashes($firstName);
	$Lastname = stripslashes($lastName);
	$MobileNumber = stripslashes($mobileNumber);
	$Address = stripslashes($address);
	$StaffCategory = stripslashes($staffCategory);
	$Picture = stripslashes($picture);


	// $StaffID = "BGS-" . str_pad(mt_rand(1,9999),4,'0',STR_PAD_LEFT);
	$StaffID = $db->real_escape_string($StaffID);
	$Firstname = $db->real_escape_string($Firstname);
	$Lastname = $db->real_escape_string($Lastname);
	$MobileNumber = $db->real_escape_string($MobileNumber);
	$Address = $db->real_escape_string($Address);
	$StaffCategory = $db->real_escape_string($StaffCategory);
	$Picture = $db->real_escape_string($Picture);

	$check = "SELECT count(*) FROM tblstaff WHERE StaffID = '$StaffID' && Lastname ='$Lastname'";
	$rs = mysqli_query($db, $check);
	$data = mysqli_fetch_array($rs, MYSQLI_NUM);
	//print_r($data);
	if($data[0] > 0) {
			$outp = '{"result":{"created": "0" , "exists": "1" } }';
	}else{
		$staff = "INSERT INTO tblstaff (StaffID, CategoryID, StaffStatus, Firstname, Lastname, MobileNumber, Address, Picture)
					VALUES ('$StaffID', '$StaffCategory', 1, '$Firstname', '$Lastname', '$MobileNumber', '$Address', '$Picture')";

		// $user = "INSERT INTO tbluser (StaffID, Password) VALUES ('$StaffID', )";
		
		if ($db->query($staff) === TRUE) {
			$outp = '{"result":{"created": "1" , "exists": "0" } }';
		}else{
			$outp = '{"result":{"created": "-1" , "exists": "0" } }';
		}
	}
	echo $outp;
	$db->close();
}
?>