new file mode 100644

@@ -0,0 +1,106 @@

+<?php

+

+/**

+ * @copyright 2024 Double Bastion LLC <www.doublebastion.com>

+ *

+ * @author Double Bastion LLC

+ *

+ * @license GNU AGPL version 3 or any later version

+ *

+ * This program is free software; you can redistribute it and/or

+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE

+ * License as published by the Free Software Foundation; either

+ * version 3 of the License, or any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.

+ *

+ * You should have received a copy of the GNU Affero General Public

+ * License along with this program.  If not, see <http://www.gnu.org/licenses/>.

+ *

+ */

+

+session_start();

+

+define('ACCESSCONST', TRUE);

+

+if (($_SESSION['loggedtorspanel'] == true) && ($_SESSION['userrole'] == 'superadmin')) {

+

+   require('db-connect.php');

+

+   // Insert new button data into the database

+   if (isset($_POST['userrole']) && isset($_POST['username']) && isset($_POST['nameonbutton']) && isset($_POST['buttonurl'])) {

+

+      $ordno = $_POST['ordno'];

+      $dbid = $_POST['dbid'];

+      $userrole = $_POST['userrole'];

+      $username = $_POST['username'];

+      $nameonbutton = $_POST['nameonbutton'];

+      $buttonurl = $_POST['buttonurl'];

+      $imgname = $_POST['imgname'];

+

+      if (($userrole != '') && ($username != '') && ($nameonbutton != '') && ($buttonurl != '')) {

+

+         if ($dbid == '') {

+

+             try {

+                 $query1 = $mysqli->prepare("INSERT INTO buttons (orderno, userrole, username, nameonbutton, buttonurl, imgname) VALUES (?, ?, ?, ?, ?, ?)");

+                 $query1->bind_param("isssss", $ordno, $userrole, $username, $nameonbutton, $buttonurl, $imgname);

+                 $query1->execute();

+                 $query1->close();

+

+                 $messageonsave = "The button has been added successfully !";

+

+             } catch(mysqli_sql_exception $e) {

+

+                 $messageonsave = "An error occurred when adding the button. Please check your input data !!!";

+               }

+

+

+         } else {

+

+             try {

+                if ($imgname != '') {

+                    $query2 = $mysqli->prepare("UPDATE buttons SET orderno=?, nameonbutton=?, buttonurl=?, imgname=? WHERE id=?");

+                    $query2->bind_param("isssi", $ordno, $nameonbutton, $buttonurl, $imgname, $dbid);

+                    $query2->execute();

+                    $query2->close();

+

+                } else {

+                    $query3 = $mysqli->prepare("UPDATE buttons SET orderno=?, nameonbutton=?, buttonurl=? WHERE id=?");

+                    $query3->bind_param("issi", $ordno, $nameonbutton, $buttonurl, $dbid);

+                    $query3->execute();

+                    $query3->close();

+                  }

+

+                 $messageonsave = "The button has been updated successfully !";

+

+             } catch(mysqli_sql_exception $e) {

+

+                 $messageonsave = "An error occurred when updating button data. Please check your input data !";

+               }

+

+           }

+

+      } else { $messageonsave = "Error. Please check your input data !"; }

+   }

+

+   $result = array(

+        'messageonsave' => $messageonsave

+   );

+

+   echo json_encode($result);

+

+

+} elseif (empty($_SESSION['loggedtorspanel'])) {

+

+      header("Location: panel-login.php");

+

+} elseif (($_SESSION['loggedtorspanel'] == true) && ($_SESSION['userrole'] != 'superadmin'))  {

+

+      header("Location: index.php");

+}

+

+?>