X7ROOT File Manager
Current Path:
/home/u126090504/domains/oca.org.in/public_html/admin
home
/
u126090504
/
domains
/
oca.org.in
/
public_html
/
admin
/
📁
..
📄
achievers.php
(13.81 KB)
📄
admissions.php
(5.67 KB)
📄
banners.php
(7.18 KB)
📄
change_password.php
(3.54 KB)
📄
contacts.php
(3.83 KB)
📄
dashboard.php
(9.73 KB)
📄
downloads.php
(4.91 KB)
📄
export_franchise.php
(930 B)
📄
faculty.php
(13.27 KB)
📄
forgot_password.php
(6.52 KB)
📄
franchise.php
(7.28 KB)
📄
gallery.php
(3.08 KB)
📄
governing-body-manage.php
(9.12 KB)
📄
grievance-update.php
(1003 B)
📄
grievance-view.php
(5.32 KB)
📄
grievances.php
(5.79 KB)
📁
includes
📄
index.php
(82 B)
📄
login.php
(6.59 KB)
📄
logout.php
(102 B)
📄
manage_albums.php
(2.28 KB)
📄
manage_media.php
(3.02 KB)
📄
manage_photos.php
(5.66 KB)
📄
manage_videos.php
(3.62 KB)
📄
new_password.php
(3.9 KB)
📄
notice.php
(16.36 KB)
📄
notices.php
(8.24 KB)
📄
payments.php
(15.23 KB)
📁
phpmailer
📄
popup.php
(10.68 KB)
📄
reset_password.php
(2.27 KB)
📄
secure_session.php
(1000 B)
📄
settings.php
(5.21 KB)
📄
submit-grievance.php
(4.97 KB)
📄
testimonials.php
(10.25 KB)
📄
update_status.php
(1.29 KB)
📄
upi_settings.php
(1.52 KB)
Editing: settings.php
<?php // admin/settings.php session_start(); require_once __DIR__ . '/../config.php'; // ---------- Auth guard ---------- if (empty($_SESSION['admin_id'])) { header('Location: login.php'); exit; } // ---------- Helpers ---------- function h(?string $s): string { return htmlspecialchars((string)$s, ENT_QUOTES, 'UTF-8'); } function load_settings(mysqli $conn): array { $settings = []; if ($res = $conn->query("SELECT `field`, `value` FROM `settings`")) { while ($row = $res->fetch_assoc()) $settings[$row['field']] = $row['value']; $res->free(); } return $settings; } // ---------- CSRF ---------- if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(16)); } $csrf_token = $_SESSION['csrf_token']; // ---------- Allowed fields ---------- $allowed_fields = ['institute_name','upi_id','min_admission_amount','min_installment_amount']; $messages = []; $errors = []; // ---------- Handle POST ---------- if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (empty($_POST['csrf_token']) || !hash_equals($_SESSION['csrf_token'], (string)$_POST['csrf_token'])) { $errors[] = 'Invalid request. Please try again.'; } $save_map = [ 'institute_name' => trim((string)($_POST['institute_name'] ?? '')), 'upi_id' => trim((string)($_POST['upi_id'] ?? '')), 'min_admission_amount' => trim((string)($_POST['min_admission_amount'] ?? '')), 'min_installment_amount' => trim((string)($_POST['min_installment_amount'] ?? '')), ]; if (!$errors) { $stmt = $conn->prepare(" INSERT INTO `settings` (`field`, `value`) VALUES (?, ?) ON DUPLICATE KEY UPDATE `value` = VALUES(`value`) "); if (!$stmt) { $errors[] = 'DB error: failed to prepare statement.'; } else { foreach ($save_map as $field => $value) { if (!in_array($field, $allowed_fields, true)) continue; $stmt->bind_param('ss', $field, $value); if (!$stmt->execute()) { $errors[] = 'DB error while saving.'; break; } } $stmt->close(); } if (!$errors) { $messages[] = 'Settings updated successfully!'; // rotate CSRF $_SESSION['csrf_token'] = bin2hex(random_bytes(16)); $csrf_token = $_SESSION['csrf_token']; } } } // reload fresh $current = load_settings($conn); function getv(array $a, string $k, string $def=''): string { return isset($a[$k]) ? (string)$a[$k] : $def; } // ---------- Includes (correct paths with fallback) ---------- $adminHeader = __DIR__ . '/includes/header.php'; $rootHeader = __DIR__ . '/../header.php'; $adminFooter = __DIR__ . '/includes/footer.php'; $rootFooter = __DIR__ . '/../footer.php'; if (file_exists($adminHeader)) { include $adminHeader; } elseif (file_exists($rootHeader)) { include $rootHeader; } ?> <div class="container mt-4"> <h3 class="mb-3">Manage Institute Settings</h3> <?php if ($messages): ?> <div class="alert alert-success"><?php echo h(implode(' ', $messages)); ?></div> <?php endif; ?> <?php if ($errors): ?> <div class="alert alert-danger"> <?php foreach ($errors as $e) echo '<div>'.h($e).'</div>'; ?> </div> <?php endif; ?> <form method="post" action=""> <input type="hidden" name="csrf_token" value="<?php echo h($csrf_token); ?>"> <div class="mb-3"> <label class="form-label">Institute Name</label> <input type="text" class="form-control" name="institute_name" value="<?php echo h(getv($current,'institute_name')); ?>"> </div> <div class="mb-3"> <label class="form-label">UPI ID</label> <input type="text" class="form-control" name="upi_id" value="<?php echo h(getv($current,'upi_id')); ?>" placeholder="e.g. 7381426778@ybl"> <div class="form-text">This UPI ID is used to generate the QR & UPI deeplink.</div> </div> <div class="card mb-4"> <div class="card-header"><strong>Payment Rules</strong></div> <div class="card-body"> <div class="row g-3"> <div class="col-md-6"> <label class="form-label">Minimum Admission Amount (₹)</label> <input type="text" class="form-control" name="min_admission_amount" value="<?php echo h(getv($current,'min_admission_amount','1000')); ?>"> </div> <div class="col-md-6"> <label class="form-label">Minimum Installment Amount (₹)</label> <input type="text" class="form-control" name="min_installment_amount" value="<?php echo h(getv($current,'min_installment_amount','1')); ?>"> </div> </div> </div> </div> <div class="d-flex gap-2"> <button type="submit" class="btn btn-primary">Save Changes</button> <a href="index.php" class="btn btn-secondary">Back</a> </div> </form> </div> <?php if (file_exists($adminFooter)) { include $adminFooter; } elseif (file_exists($rootFooter)) { include $rootFooter; } ?>
Upload File
Create Folder