die("");
}
$name = "";
if ($pageid == "finishaddequip") {
$name = $_POST['name'];
$type = $_POST['type'];
$serial = $_POST['serial'];
$description = $_POST['description'];
$max = $_POST['max'];
$minuserlevel = $_POST['minuserlevel'];
$checkoutfrom = $_POST['checkoutfrom'];
}
$message = "";
if ($name != "" && $serial != "" && $description != "" && $max != "" && $minuserlevel != "") {
$target_path = "./pics/";
$new_name = $serial . "_" . basename($_FILES['image']['name']);
$target_path = $target_path . $new_name;
if (move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
$message = "<font color=\"#005500\"><b>Successfully added new equipment!</b><br><br></font>";
require 'adminfunctions.php';
addEquipment($name, $type, $serial, $description, $max, $new_name, $minuserlevel, $checkoutfrom);
} else {
$message = "There was an error creating the equipment. (" + handleFileError($_FILES['image']['error']) + ")";
}
}
$users = "<select name=\"checkoutfrom\"><option value=\"-1\">None</option>";
$userresult = getAllUsersOrderByName();
while ($row = mysql_fetch_assoc($userresult)) {
$users = $users . "<option value=\"" . $row['user_id'] . "\">" . $row['name'] . "</option>";
}
echo "\r\n\t<center><h3>Add New Equipment</h3>" . $message . "</center>\r\n\r\n\t<form enctype=\"multipart/form-data\" action=\"./index.php?pageid=finishaddequip\" method=\"post\">\r\n\t<table class=\"newequip\">\r\n\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Information</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Name</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"name\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Type</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\">" . getEquipmentTypesDropDown("type", 1) . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Primary Serial Number</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"serial\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Checkout From</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\">" . $users . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Max Length (days)</td>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" size=4 name=\"max\"></td>\r\n\t\t\t<td class=\"centeredcell\"><b>Minimum User Level</b></td>\r\n\t\t\t<td class=\"centeredcell\">" . getUserLevelDropDown("minuserlevel") . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Image (250x250px)</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"15000000\">\r\n<input type=\"file\" name=\"image\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Description</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcell\"><textarea cols=50 rows=10 name=\"description\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\"><input type=\"submit\" value=\"Add\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\r\n\t</table>\r\n\t\r\n\t</form>";
<?php
$timeStart = microtime(true);
session_start();
ob_start();
if (empty($_SESSION)) {
exit(header("Location: ../../index.php"));
}
require_once $_SESSION['File_Root'] . '/Kernel/Include.php';
require_once $_SESSION['File_Root'] . '/HTML/Header.php';
require_once 'Functions/SQL.php';
redirectToLogin($accountID, $linkRoot);
redirectToBattle($verifyBattle, $linkRoot);
$equipmentID = htmlspecialchars(addslashes($_POST['EquipmentID']));
$canBePurchased = canBePurchased($bdd, $equipmentID, $characterTownID);
if ($canBePurchased == 1) {
$number = verifyEquipment($bdd, $equipmentID, $characterID);
if ($number <= 0) {
$equipment = newEquipment($bdd, $equipmentID);
addEquipment($bdd, $equipmentID, $characterID);
$gold = $character->getGold() - $equipment->getPurchase();
updateCharacterGold($bdd, $gold, $characterID);
} else {
updateEquipment($bdd, $characterID, $equipmentID);
}
} else {
echo "An error has surved";
}
require_once $_SESSION['File_Root'] . '/HTML/Footer.php';
if (issetSessionVariable('user_level')) {
if (getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) {
} else {
echo "Error: You don't have permissions to access this page!";
die("");
}
} else {
echo "Error: You don't have permissions to access this page!";
die("");
}
$name = "";
if ($pageid == "finishaddequip") {
$name = $_POST['name'];
$serial = $_POST['serial'];
$description = $_POST['description'];
$max = $_POST['max'];
$minuserlevel = $_POST['minuserlevel'];
}
$message = "";
if ($name != "" && $serial != "" && $description != "" && $max != "" && $minuserlevel != "") {
$target_path = "./pics/";
$new_name = $serial . "_" . basename($_FILES['image']['name']);
$target_path = $target_path . $new_name;
if (move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) {
$message = "<font color=\"#005500\"><b>Successfully added new equipment!</b><br><br></font>";
addEquipment($name, $serial, $description, $max, $new_name, $minuserlevel);
} else {
$message = "There was an error creating the equipment. (" + handleFileError($_FILES['image']['error']) + ")";
}
}
echo "\r\n\t<center><h3>Add New Equipment</h3>" . $message . "</center>\r\n\r\n\t<form enctype=\"multipart/form-data\" action=\"./index.php?pageid=finishaddequip\" method=\"post\">\r\n\t<table class=\"newequip\">\r\n\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Information</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Name</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"name\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Primary Serial Number</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"serial\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Max Length (days)</td>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" size=4 name=\"max\"></td>\r\n\t\t\t<td class=\"centeredcell\"><b>Minimum User Level</b></td>\r\n\t\t\t<td class=\"centeredcell\">" . getUserLevelDropDown("minuserlevel") . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Image (250x250px)</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"15000000\">\r\n<input type=\"file\" name=\"image\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Description</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcell\"><textarea cols=50 rows=10 name=\"description\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\"><input type=\"submit\" value=\"Add\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\r\n\t</table>\r\n\t\r\n\t</form>";
echo '{"result": 0, "message": "Unknown command"}';
return;
}
$cmd = $_REQUEST['cmd'];
switch ($cmd) {
case 1:
login();
break;
case 2:
userSignUp();
break;
case 3:
logout();
break;
case 4:
addEquipment();
break;
case 5:
getEquipments();
break;
case 6:
editEquipment();
break;
case 7:
deleteEquipment();
break;
case 8:
addLab();
break;
case 9:
getLabs();