if ($_stmt->errno) {
onErrorInternal("editPinkieExpenses::editUpdate()", $_stmt->error);
}
$_stmt->close();
// Close up the database connection.
$_db->close();
echo "OKAY";
logGeneral($_POST['pinkieID'], $_SESSION['Username'], "Expense was edited by: " . getName());
return;
}
if (strcmp($_POST['mode'], "add") == 0) {
if (strlen($_POST['pinkieId']) == 0) {
// No pinkieId was set.
return;
}
$_db = getMysqli();
$_sql = "INSERT INTO Expenses (PinkieID, Amount, FundID) Values(?,?,?)";
$_stmt = $_db->prepare((string) $_sql);
$_stmt->bind_param('idi', $_POST['pinkieID'], $_POST['fundAmt'], $_POST['fundID']);
$_stmt->execute();
if ($_stmt->errno) {
onErrorInternal("editPinkieExpenses::editAdd()", $_stmt->error);
}
$_stmt->close();
// Close up the database connection.
$_db->close();
echo "OKAY";
logGeneral($_POST['pinkieID'], $_SESSION['Username'], "Expense was added by: " . getName());
return;
}
echo "ERROR. Invalid Mode!";
<?php
//----------------------------------------------------------------------------
// This script is responsible for checking if a given username and password is
// correct. Then it will generate the session variables necesary for logging
// in to and using the rest of ePinkies2.
//----------------------------------------------------------------------------
include_once 'includes/login_functions.php';
include_once 'includes/functions.php';
include_once 'includes/logger.php';
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
// Start the session.
secureSessionStart();
if (isset($_POST['username']) && isset($_POST['pwd'])) {
if (login($_POST['username'], $_POST['pwd'])) {
logGeneral(-1, "LOGIN-SYSTEM", "Successful login by " . $_POST['username']);
// Redirect to home page.
header("Location: home.php");
} else {
logDanger(-1, "LOGIN-SYSTEM", "Wrong login attempted by " . $_POST['username']);
//echo "wrong login.";
header("Location: ./");
}
} else {
//echo "not set.";
logError(-1, "LOGIN-SYSTEM", "Bad login attempt.");
header("Location: ./");
}
$_pinkie->s_AdminAprove = $_SESSION['Username'];
if (strcmp($_POST['status'], ApprovedByAdmin) == 0) {
$_pinkie->s_Submitter = $_SESSION['Username'];
$_pinkie->s_AdminAprove = $_SESSION['Username'];
$_pinkie->s_SubmittedFor = $_POST['submitTo'];
$_pinkie->s_Status = Dispatched;
$_pinkie->toDatabase();
logGeneral($_pinkie->i_PinkieID, $_SESSION['Username'], "Pinkie was approved by admin: " . getName());
} else {
if (strcmp($_POST['status'], RejectedByAdmin) == 0) {
$_tmp = $_pinkie->s_Submitter;
$_pinkie->s_Submitter = $_POST['submitTo'];
$_pinkie->s_SubmittedFor = $tmp;
$_pinkie->s_Status = $_POST['status'];
$_pinkie->toDatabase();
logGeneral($_pinkie->i_PinkieID, $_SESSION['Username'], "Pinkie was rejected by admin: " . getName());
} else {
if (strcmp($_POST['status'], Cancelled) == 0) {
$_pinkie->s_Status = $_POST['status'];
$_pinkie->toDatabase();
logGeneral($_pinkie->i_PinkieID, $_SESSION['Username'], "Pinkie was cancelled by: " . getName());
} else {
if (strcmp($_POST['status'], Archived) == 0) {
$_pinkie->s_Status = $_POST['status'];
$_pinkie->toDatabase();
logWarning($_pinkie->i_PinkieID, $_SESSION['Username'], "Pinkie was archived by: " . getName());
}
}
}
}
header("Location: ./home.php");
if ($_stmt->errno) {
onErrorInternal("editPinkiePurchaseObject::edit()", $_stmt->error);
}
$_stmt->close();
// Close up the database connection.
$_db->close();
echo "OKAY";
logGeneral($_POST['pinkieID'], $_SESSION['Username'], "Purchase Object was edited by: " . getName());
return;
}
if (strcmp($_POST['mode'], "add") == 0) {
if (strlen($_POST['pinkieID']) == 0) {
// No pinkieID was set.
return;
}
$_db = getMysqli();
$_sql = "INSERT INTO Expenses (PinkieID, Quantity, Description, UnitPrice) Values(?,?,?,?)";
$_stmt = $_db->prepare((string) $_sql);
$_stmt->bind_param('iisd', $_POST['pinkieID'], $_POST['quantity'], $_POST['description'], $_POST['unitPrice']);
$_stmt->execute();
if ($_stmt->errno) {
onErrorInternal("editPinkiePurchaseObject::add()", $_stmt->error);
}
$_stmt->close();
// Close up the database connection.
$_db->close();
echo "OKAY";
logGeneral($_POST['pinkieID'], $_SESSION['Username'], "Purcahse Object was added by: " . getName());
return;
}
echo "ERROR. Invalid Mode!";