<?php die(md5(SHA1("nits_123_rec"))); require_once "db/connection.php"; attempt_connection("nits_recruitment_admin"); function text($data) { $data = trim($data); $data = htmlspecialchars($data); $data = mysql_real_escape_string($data); return $data; } function attempt_login($username, $password) { $username = text($username); $password = md5(SHA1(text($password))); $query = "SELECT * FROM admin WHERE username='******' AND password='******' "; $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result)) { return 1; } else { return 0; } } if (isset($_POST['a']) && isset($_POST['e'])) { if (attempt_login($_POST['a'], $_POST['e'])) { session_start(); $_SESSION['nits_rec_admin'] = 'nits_rec_admin'; die("Login successful"); } else { die("Invalid Username and Password combination");
<!DOCTYPE html> <?php session_start(); require_once "db/connection.php"; attempt_connection('nits_recruitment'); if (isset($_GET['id']) && $_GET['id'] != '' && isset($_SESSION['nits_rec_admin'])) { $id = mysql_real_escape_string($_GET['id']); $q1 = "SELECT * FROM user_info WHERE id='" . $id . "'"; $q2 = "SELECT * FROM user_exams WHERE id='" . $id . "'"; $q3 = "SELECT * FROM user_earlier_posts WHERE id='" . $id . "'"; $q4 = "SELECT * FROM user_other_details WHERE id='" . $id . "'"; $q5 = "SELECT * FROM user_phd_details WHERE id='" . $id . "'"; $r1 = mysql_query($q1) or die(mysql_error()); $r2 = mysql_query($q2) or die(mysql_error()); $r3 = mysql_query($q3) or die(mysql_error()); $r4 = mysql_query($q4) or die(mysql_error()); $r5 = mysql_query($q5) or die(mysql_error()); $d1 = mysql_fetch_array($r1); $d2 = mysql_fetch_array($r2); $d3 = mysql_fetch_array($r3); $d4 = mysql_fetch_array($r4); $d5 = mysql_fetch_array($r5); ?> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>National Institute Of Technology Silchar, Assam</title> <link href="http://www.nits.ac.in/css/style.css" rel="stylesheet" type="text/css"/> <link href="http://recruitment.nits.ac.in/css/recruitment_form.css" rel="stylesheet" type="text/css"/>
function queryNFaculty($p, $s) { $p = getNFPositionName($p); // $p = text($p); attempt_connection('nits_recruitment_nf'); if ($p == "") { $query = "SELECT * FROM `user_info` JOIN user_other_details ON user_info.id=user_other_details.id WHERE user_other_details.submitted='" . $s . "'"; $result = mysql_query($query) or die(mysql_error()); } elseif ($p != "") { $query = "SELECT * FROM `user_info` JOIN user_other_details ON user_info.id=user_other_details.id WHERE position='" . $p . "' AND user_other_details.submitted='" . $s . "'"; $result = mysql_query($query) or die(mysql_error()); } ?> <b>Total No. of Applications : <u><?php echo mysql_num_rows($result); ?> </u></b><br/> <table border=1> <tr> <th>ID</th><th>Reg ID</th><th>Applicant Name</th><th>Position</th><th>View Form</th><th>Certificates (Only Uploaded files)</th> </tr> <?php while ($val = mysql_fetch_array($result)) { ?> <tr> <td><?php echo $val['id']; ?> </td><td><?php echo $val['reg_id']; ?> </td><td><?php echo $val['name_applicant']; ?> </td><td><?php echo $val['position']; ?> </td><td><a href="view_nonfaculty.php?id=<?php echo $val['id']; ?> ">Click Here</a></td><td><a href="cert_nonfaculty.php?rid=<?php echo $val['reg_id']; ?> ">CLICK HERE</a></td> </tr> <?php } }