X7ROOT File Manager
Current Path:
/home/u126090504/domains/shreeganeshacademy.in/public_html/admin
home
/
u126090504
/
domains
/
shreeganeshacademy.in
/
public_html
/
admin
/
📁
..
📄
achievers.php
(13.81 KB)
📄
admissions.php
(5.67 KB)
📄
banners.php
(7.18 KB)
📄
change_password.php
(3.54 KB)
📄
contacts.php
(3.83 KB)
📄
dashboard.php
(9.86 KB)
📄
downloads.php
(4.91 KB)
📄
export_franchise.php
(930 B)
📄
faculty.php
(13.27 KB)
📄
forgot_password.php
(6.52 KB)
📄
franchise.php
(7.28 KB)
📄
gallery.php
(3.08 KB)
📄
governing-body-manage.php
(9.12 KB)
📄
grievance-update.php
(1003 B)
📄
grievance-view.php
(5.32 KB)
📄
grievances.php
(5.79 KB)
📁
includes
📄
index.php
(82 B)
📄
login.php
(6.59 KB)
📄
logout.php
(102 B)
📄
manage_albums.php
(2.28 KB)
📄
manage_media.php
(3.02 KB)
📄
manage_photos.php
(5.66 KB)
📄
manage_videos.php
(3.62 KB)
📄
new_password.php
(3.9 KB)
📄
notice.php
(16.36 KB)
📄
notices.php
(8.24 KB)
📄
payments.php
(15.23 KB)
📁
phpmailer
📄
popup.php
(10.68 KB)
📄
reset_password.php
(2.27 KB)
📄
secure_session.php
(1000 B)
📄
settings.php
(5.21 KB)
📄
submit-grievance.php
(4.97 KB)
📄
testimonials.php
(10.25 KB)
📄
update_status.php
(1.29 KB)
📄
upi_settings.php
(1.52 KB)
Editing: submit-grievance.php
<?php require_once __DIR__ . '/config.php'; // Helper: safe string function s($v){ return trim((string)$v); } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); exit('Method not allowed'); } // CSRF check if (empty($_POST['csrf_token']) || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) { http_response_code(403); exit('Invalid CSRF token.'); } // Required fields $student_name = s($_POST['student_name'] ?? ''); $contact = s($_POST['contact'] ?? ''); $email = s($_POST['email'] ?? ''); $grievance_type = s($_POST['grievance_type'] ?? ''); $description = s($_POST['description'] ?? ''); if (!$student_name || !$contact || !$email || !$grievance_type || !$description) { exit('Required field missing.'); } // Optional fields $student_id = s($_POST['student_id'] ?? ''); $department = s($_POST['department'] ?? ''); $course = s($_POST['course'] ?? ''); $year_of_study= s($_POST['year_of_study'] ?? ''); $hostel_resident = s($_POST['hostel_resident'] ?? 'No'); $preferred_response = s($_POST['preferred_response'] ?? 'Email'); $confidential = isset($_POST['confidential']) ? (int)$_POST['confidential'] : 0; $grievance_subtype = s($_POST['grievance_subtype'] ?? ''); $date_of_incident = s($_POST['date_of_incident'] ?? ''); $time_of_incident = s($_POST['time_of_incident'] ?? ''); $location = s($_POST['location'] ?? ''); $persons_involved = s($_POST['persons_involved'] ?? ''); $impact_level = s($_POST['impact_level'] ?? 'Low'); $expected_resolution_time = s($_POST['expected_resolution_time'] ?? '2 weeks'); $previous_attempts = s($_POST['previous_attempts'] ?? ''); $desired_outcome = s($_POST['desired_outcome'] ?? ''); // Server-side validations if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { exit('Invalid email.'); } if (!preg_match('/^\d{10}$/', $contact)) { exit('Invalid contact number.'); } // Prepare files (max 3) $storedFiles = [null,null,null]; $allowedExts = $ALLOWED_EXTS ?? ['jpg','jpeg','png','pdf','doc','docx']; if (!empty($_FILES['files']) && is_array($_FILES['files']['name'])) { $files = $_FILES['files']; $count = min(count($files['name']), 3); for ($i=0; $i<$count; $i++){ if ($files['error'][$i] === UPLOAD_ERR_NO_FILE) continue; if ($files['error'][$i] !== UPLOAD_ERR_OK) { continue; } $name = $files['name'][$i]; $size = (int)$files['size'][$i]; $tmp = $files['tmp_name'][$i]; if ($size > MAX_FILE_BYTES) { continue; } $ext = strtolower(pathinfo($name, PATHINFO_EXTENSION)); if (!in_array($ext, $allowedExts, true)) { continue; } $uniq = bin2hex(random_bytes(6)); $safeBase = preg_replace('/[^a-zA-Z0-9_\-\.]/','_', pathinfo($name, PATHINFO_FILENAME)); $destName = date('Ymd_His') . "_{$uniq}_" . $safeBase . '.' . $ext; $destPath = rtrim(UPLOAD_DIR,'/') . '/' . $destName; if (move_uploaded_file($tmp, $destPath)) { $storedFiles[$i] = 'uploads/grievances/' . $destName; // relative path for web } } } // Insert (ticket generated after insert using ID) $stmt = $mysqli->prepare(" INSERT INTO grievances (student_name, student_id, department, course, year_of_study, contact, email, hostel_resident, preferred_response, grievance_type, grievance_subtype, date_of_incident, time_of_incident, location, persons_involved, confidential, impact_level, expected_resolution_time, description, previous_attempts, desired_outcome, file_1, file_2, file_3) VALUES (?,?,?,?,?,?,?,?,?, ?,?,?,?,?,?,?,?,?,?, ?,?,?,?) "); if (!$stmt) { http_response_code(500); exit('DB error (prepare).'); } $stmt->bind_param( 'sssssssssssssssssssssss', $student_name, $student_id, $department, $course, $year_of_study, $contact, $email, $hostel_resident, $preferred_response, $grievance_type, $grievance_subtype, $date_of_incident, $time_of_incident, $location, $persons_involved, $confidential, $impact_level, $expected_resolution_time, $description, $previous_attempts, $desired_outcome, $storedFiles[0], $storedFiles[1], $storedFiles[2] ); if (!$stmt->execute()) { http_response_code(500); exit('DB error (execute).'); } $insertId = $stmt->insert_id; $stmt->close(); // Build ticket: GVC-YYYY-00001 style $ticket = 'GVC-' . date('Y') . '-' . str_pad((string)$insertId, 5, '0', STR_PAD_LEFT); $upd = $mysqli->prepare("UPDATE grievances SET ticket = ? WHERE id = ?"); $upd->bind_param('si', $ticket, $insertId); $upd->execute(); $upd->close(); // OPTIONAL: email acknowledgment (configure server/mail() first) /* $subject = "Grievance Received – Ticket $ticket"; $body = "Dear $student_name,\n\nYour grievance has been received with Ticket ID: $ticket.\nWe will update you on the resolution.\n\nRegards,\nGrievance Cell"; $headers = "From: grievance@yourcollege.edu"; @mail($email, $subject, $body, $headers); */ // Redirect to thank-you header('Location: '. BASE_URL . '/thank-you.php?ticket=' . urlencode($ticket)); exit;
Upload File
Create Folder