<?php include('../config.php'); include('../functions.php'); include('../classes/transactioncollection.class.php'); include('../classes/clientcollection.class.php'); include('../classes/isincollection.class.php'); include('../classes/securitycollection.class.php'); include('../classes/custodycollection.class.php'); loginAdmin(); if(!loggedAdmin()) header('location: index.php'); $transaction = new TransactionCollection(); $clients = ClientCollection::getClients(); $isins = IsinCollection::getIsins(); $collection = new SecurityCollection(); $isinCollection = new IsinCollection; $accounts = CustodyCollection::getAccountsForClientByTransactionId(mysql_real_escape_string($_GET['id'])); if(exist($_POST['button'])) { $result = TransactionCollection::updateTransaction(); } else { TransactionCollection::loadTransaction(); $result = array(); } include("$templates/menu.php");
$sSex = isset($_REQUEST['sex']) ? $_REQUEST['sex'] : "M"; $sAge = isset($_REQUEST['age']) ? $_REQUEST['age'] : "25"; $sPhoto = $sSex == "F" ? $sWomanImageUrl : $sManImageUrl; getResult("REPLACE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `ID`='" . $sId . "', `Nick`='" . $sNick . "', `Sex`='" . $sSex . "', `Age`='" . $sAge . "', `Desc`='" . $sDesc . "', `Photo`='" . $sPhoto . "', `Profile`='" . $sProfileUrl . "', `Start`='" . $iCurrentTime . "', `When`='" . $iCurrentTime . "', `Status`='" . USER_STATUS_NEW . "'"); getResult("DELETE FROM `" . MODULE_DB_PREFIX . "RoomsUsers` WHERE `User`='" . $sId . "'"); $sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL); $sContents .= parseXml(array(2 => '<user photo="#1#" profile="#2#" />'), $sPhoto, $sProfileUrl); break; /** * Authorize user. */ /** * Authorize user. */ case 'userAuthorize': if (loginAdmin($sId, $sPassword) == TRUE_VAL) { $aUserInfo = getUserInfo($sId, true); $aUser = array('id' => $aUserInfo['id'], 'nick' => $aUserInfo['nick'], 'sex' => $aUserInfo['sex'], 'age' => $aUserInfo['age'], 'desc' => $aUserInfo['desc'], 'photo' => $aUserInfo['photo'], 'profile' => $aUserInfo['profile'], 'type' => CHAT_TYPE_ADMIN); } elseif (loginUser($sId, $sPassword) == TRUE_VAL && ($bBanned = doBan("check", $sId)) != TRUE) { $aUser = getUserInfo($sId); $aUser['id'] = $sId; $aUser['sex'] = $aUser['sex'] == 'female' ? "F" : "M"; $aUser['type'] = isUserAdmin($sId) ? CHAT_TYPE_ADMIN : CHAT_TYPE_FULL; } else { $sContents = parseXml($aXmlTemplates['result'], $bBanned ? "msgBanned" : "msgUserAuthenticationFailure", FAILED_VAL); break; } $aUser = initUser($aUser); $sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL); $sContents .= parseXml($aXmlTemplates['user'], $aUser['id'], USER_STATUS_NEW, $aUser['nick'], $aUser['sex'], $aUser['age'], $aUser['desc'], $aUser['photo'], $aUser['profile'], $aUser['type'], USER_STATUS_ONLINE); break;
$aFile = mysql_fetch_assoc($res); $bResult = deleteFile($aFile["ID"]); } if ($bResult) { $sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL); } break; /** * Delete files by admin */ /** * Delete files by admin */ case 'deleteByAdmin': $sContents = parseXml($aXmlTemplates['result'], "Error deleting files", FAILED_VAL); if (!loginAdmin($sNick, $sPassword)) { break; } $aFiles = empty($sFile) ? array() : explode(",", $sFile); $sIn = count($aFiles > 0) ? " IN('" . implode("','", $aFiles) . "')" : " IN('0')"; $sQuery = "SELECT `ID` FROM `" . MODULE_DB_PREFIX . "Files` WHERE `ID`" . $sIn; $sQuery1 = "DELETE FROM `" . MODULE_DB_PREFIX . "PlayLists` WHERE `FileId`" . $sIn; $res = getResult($sQuery); getResult($sQuery1); $bResult = true; for ($i = 0; $i < mysql_num_rows($res); $i++) { $aFile = mysql_fetch_assoc($res); $bResult = deleteFile($aFile["ID"]); } if ($bResult) { $sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL);
doBan($sParamValue == TRUE_VAL ? 'ban' : 'unban', $sId); $sContents = parseXml($aXmlTemplates['result'], TRUE_VAL); } else { $sContents = parseXml($aXmlTemplates['result'], FALSE_VAL); } break; /** * Changes user's type. */ /** * Changes user's type. */ case 'changeType': if (loginAdmin($sNick, $sPassword)) { getResult("UPDATE `" . MODULE_DB_PREFIX . "Profiles` SET `Type`='" . $sType . "' WHERE `ID`='" . $sId . "'"); //--- For XML version only ---// getResult("UPDATE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `Status`='" . USER_STATUS_TYPE . "', `When`=UNIX_TIMESTAMP() WHERE `ID`='" . $sId . "'"); $sContents .= parseXml($aXmlTemplates['result'], TRUE_VAL); } else { $sContents .= parseXml($aXmlTemplates['result'], FALSE_VAL); } break; case 'kickUser': if ($bAdmin && loginAdmin($sNick, $sPassword) || !$bAdmin && loginUser($sModeratorId, $sPassword) && getUserType($sModeratorId) == CHAT_TYPE_MODER) { getResult("UPDATE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `Status`='" . USER_STATUS_KICK . "', `When`=UNIX_TIMESTAMP() WHERE `ID`='" . $sId . "'"); $sContents .= parseXml($aXmlTemplates['result'], TRUE_VAL); } else { $sContents .= parseXml($aXmlTemplates['result'], FALSE_VAL); } break; }
if (loginAdmin($sNick, $sPassword) != TRUE_VAL) { $sContents = parseXml($aXmlTemplates['result'], "Admin Authorization Failed", FAILED_VAL); break; } $aEnabledFiles = explode(",", $sFile); $aResult = refreshExtraFile($sWidget, $sFolderName, true, $sDefaultFile, $aEnabledFiles); $sContents = parseXml($aXmlTemplates['result'], $aResult['value'], $aResult['status']); break; /** * Authorization. */ /** * Authorization. */ case 'adminAuthorize': $sContents .= parseXml($aXmlTemplates['result'], loginAdmin($sNick, $sPassword)); break; /** * Gets all available widgets with necessary information. */ /** * Gets all available widgets with necessary information. */ case 'getMyWidgets': $rDirHandler = opendir($sModulesPath); $aContents = array(); $aTitles = array(); while (($sInner = readdir($rDirHandler)) !== false) { if (is_dir($sModulesPath . $sInner) && substr($sInner, 0, 1) != '.' && $sInner != 'global') { if (isset($aModules)) { unset($aModules);
require_once 'functions.php'; function createSalt() { $text = md5(uniqid(rand(), TRUE)); return substr($text, 0, 3); } $salt = createSalt(); $password = hash('sha256', $salt . $hash); ?> <?php $errorMessage = ''; if (isset($_POST['login'])) { $errorMessage = ' '; $username = $_POST['name']; $password = $_POST['password']; $result = loginAdmin($username, $password); if ($result != '') { $errorMessage = $result; } //$qry="SELECT * FROM member WHERE username='******' AND password='******'"; } ob_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> <link href="/st_peters/tms.css" rel="stylesheet" type="text/css" />