} else {
echo "ERROR: could not prepare SQL statement.";
}
//redirects the user once the record has been successfully updated into the database
header("Location: view.php");
}
} else {
echo "Error!";
}
} else {
// checks to see if the biz_id is valid
if (is_numeric($_GET['biz_id']) && $_GET['biz_id'] > 0) {
// gets biz_id from URL
$biz_id = $_GET['biz_id'];
// gets the data from the database
if ($stmt = $mysqli->prepare("SELECT * FROM businesses WHERE biz_id=?")) {
$stmt->bind_param("i", $biz_id);
$stmt->execute();
$stmt->bind_result($biz_id, $biz_name, $address, $address2, $city, $zipcode, $phone, $website, $hours, $category_id);
$stmt->fetch();
renderForm($biz_name, $address, $address2, $city, $zipcode, $phone, $website, $hours, $category_id, NULL, $biz_id);
$stmt->close();
} else {
echo "Error: could not prepare SQL statement";
}
} else {
header("Location: view.php");
}
}
// close the database connection
$mysqli->close();
function renderSortableNode($node)
{
if (!$node->hasParent()) {
return '
<li class="uk-nestable-item" data-id="' . $node->id . '" ">
<div class="uk-nestable-panel">
<i class="uk-nestable-handle uk-icon uk-icon-bars uk-margin-small-right"></i>
' . $node->name . '
</div>
</li>';
} else {
$html = '<li class="uk-nestable-item uk-parent" data-id="' . $node->id . '">
<div class="uk-nestable-panel">
<i class="uk-nestable-handle uk-icon uk-icon-bars uk-margin-small-right"></i>
' . $node->name . '' . renderForm($node) . '
</div>';
$html .= '<ul class="uk-nestable-list">';
foreach ($node->children as $child) {
$html .= renderSortableNode($child);
}
$html .= '</ul>';
$html .= '</li>';
}
return $html;
}
function getPostNewCommentForm($comment)
{
$css = '';
$handler = $comment['id'];
// is it???
if ($handler == NULL) {
$css = '-top';
$handler = 0;
}
$target = 'threaded-comment-wrapper-' . $handler;
$output = '<div id="reply-comment-form-' . $handler . '" class="reply-comment-form' . $css . ' threaded-comment-wrapper' . $css . '">';
$form = drupal_get_form("vals_soc_comment_form", $handler, $target, $this->entity_id, $this->entity_type);
$output .= renderForm($form, $target, true);
$output .= '</div>';
return $output;
}
$result = $conf_fondy['LOCALE_SUM'] . ': ' . $amount . ' ' . $conf_fondy['MERCHANT_CURRENCY'] . ' ';
$result .= '
<script src="https://api.fondy.eu/static_common/v1/checkout/oplata.js"></script>
<script>
var button = $ipsp.get(\'button\');
button.setMerchantId(' . $conf_fondy['MERCHANT_ID'] . ');
button.setAmount(' . $amount . ', \'' . $conf_fondy['FONDY_CURRENCY'] . '\', true);
button.setResponseUrl(\'' . $conf_fondy['RESPONSE_URL'] . '\');
button.addParam(\'server_callback_url\',\'' . $conf_fondy['FRONTEND_URL'] . '\');
button.setHost(\'api.fondy.eu\');
button.addField({
label: \'Payment ID\',
name: \'paymentid\',
value: \'' . $customer_id . '\',
readonly :true,
required: true
});
</script>
<button onclick="location.href=button.getUrl()">' . $conf_fondy['LOCALE_SUBMIT'] . '</button>
';
return $result;
}
if (isset($_POST['amount'])) {
// собираем форму для отправки ПС
$payment_form = renderForm($_POST['amount']);
} else {
//формочка выбора суммы платежа
$payment_form = renderAmountForm();
}
//показываем все что нужно в темплейт
include $template_file;
} else {
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM w_scav WHERE id={$id}") or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
// get data from db
$charname = $row['charname'];
$klasse = $row['klasse'];
$punkte = $row['punkte'];
$beschreibung = $row['beschreibung'];
// show form
renderForm($id, $charname, $klasse, $punkte, $beschreibung, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
?>
</div>
</div>
<div class="right_body">
<div class="box_title"><font color="#018DB8">MenÜ</font></div>
<div class="box_content">
<?php
require_once 'userlink.php';
function showOrganisationPage($show_action, $show_last = FALSE)
{
//Get my organisations
$my_id = Users::getMyId();
$organisations = Groups::getGroups(_ORGANISATION_GROUP, $my_id);
if (!$organisations->rowCount()) {
if (Users::isOrganisationAdmin() || user_access('vals admin register')) {
echo t('You have no organisation yet registered');
echo '<h2>' . t('Add your organisation') . '</h2>';
$tab_prefix = 'organisation_page-';
$target = "{$tab_prefix}1";
$form = drupal_get_form('vals_soc_organisation_form', '', $target);
$add_tab = renderForm($form, $target, true);
$data = array();
$data[] = array(1, 'Add', 'add', _ORGANISATION_GROUP, null, "target=admin_container&show_action={$show_action}", true, 'adding_to_the right');
echo renderTabs(1, null, $tab_prefix, _ORGANISATION_GROUP, $data, null, TRUE, $add_tab);
?>
<script type="text/javascript">
transform_into_rte();
activatetabs('tab_', ['<?php
echo $target;
?>
']);
</script><?php
} else {
echo t('You have not registered yourself to an organisation yet. ');
echo tt('Register yourself with your organisation at %1$s using the code you got from a colleague.', '<a href="' . _WEB_URL . "/user/{$my_id}/edit\">" . t('your account') . '</a>');
}
} else {
if ($show_action == 'administer') {
showOrganisationAdminPage($organisations, $show_action, $show_last);
} elseif ($show_action == 'view') {
showOrganisationAdminPage($organisations, $show_action, $show_last);
} elseif ($show_action == 'members') {
showOrganisationMembersPage($organisations);
} elseif ($show_action == 'overview') {
showOrganisationOverviewPage($organisations);
//showInstituteGroupsAdminPage($my_institute, $show_last);
} else {
echo tt('There is no such action possible %1$s', $show_action);
}
}
}
if (isset($_GET['definition_id']) && is_numeric($_GET['definition_id']) && $_GET['definition_id'] >= 0) {
// query db
$definition_id = $_GET['definition_id'];
$sql = "select w.word_id, w.english, w.kurdish_en, w.kurdish_ku, d.definition " . "from word_tbl w, definition_tbl d" . " where w.word_id = d.word_id and d.definition_id = {$definition_id}";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
/*
definition_id bigint unsigned not null auto_increment primary key,
word_id bigint unsigned, foreign key (word_id) references word_tbl(word_id) on delete cascade,
definition varchar(1000),
user_id int unsigned , foreign key (user_id) references user_tbl(user_id) on delete restrict
*
*/
// get data from db
$word_id = $row['word_id'];
$english = $row['english'];
$kurdish_en = $row['kurdish_en'];
$kurdish_ku = $row['kurdish_ku'];
$definition = $row['definition'];
// show form
//$defination_id, $word_id, $definition, $user_id, $error
renderForm($definition_id, $word_id, $english, $kurdish_en, $kurdish_ku, $definition, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
} else {
// save the data to the database
mysql_query("UPDATE modules SET name='{$username}', module_name='{$module_name}' WHERE module_id='{$id}'") or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
} else {
// if the 'id' isn't valid, display an error
echo 'Error!';
}
} else {
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM modules WHERE module_id={$id}") or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
// get data from db
$username = $row['name'];
$module_name = $row['module_name'];
// show form
renderForm($id, $username, $module_name, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
$expense_company = mysql_real_escape_string(htmlspecialchars($_POST['expense_company']));
$expense_category = mysql_real_escape_string(htmlspecialchars($_POST['expense_category']));
$expense_amount = mysql_real_escape_string(htmlspecialchars($_POST['expense_amount']));
$expense_notes = mysql_real_escape_string(htmlspecialchars($_POST['expense_notes']));
$expense_reff = mysql_real_escape_string(htmlspecialchars($_POST['expense_reff']));
$expense_gst = floatval($_POST['gst']);
// check to make sure both fields are entered
if ($expense_date == '' || $expense_company == '' || $expense_category == '' || $expense_amount == '' || $expense_notes == '') {
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm(date('d/m/Y', $expense_date), $expense_company, $expense_category, $expense_amount, $expense_notes, $expense_reff, $expense_gst, $error);
} else {
// save the data to the database
mysql_query("update expenses SET expense_date='{$expense_date}', expense_company='{$expense_company}', expense_category='{$expense_category}', expense_amount='{$expense_amount}', expense_notes='{$expense_notes}', expense_reff='{$expense_reff}', expense_gst='{$expense_gst}' WHERE id = " . intval($_GET['id']) . ";") or die(mysql_error());
// once saved, redirect back to the view page
echo 'Expense Record';
echo '<META HTTP-EQUIV="Refresh" Content="1; URL=expense-list.php">';
}
} else {
$result = mysql_query("SELECT * FROM expenses WHERE id = " . intval($_GET['id']) . ";") or die(mysql_error());
if (mysql_num_rows($result) == 0) {
die('The record was not foung');
}
$row = mysql_fetch_assoc($result);
renderForm(date('Y/m/d', $row['expense_date']), $row['expense_company'], $row['expense_category'], $row['expense_amount'], $row['expense_notes'], $row['expense_reff'], $row['expense_gst'], '');
}
?>
</div>
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT id,username,firstname,phonenumber,email,IsMentor from cc_users where id={$id}") or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
// get data from db
$username = $row['username'];
$firstname = $row['firstname'];
$phonenumber = $row['phonenumber'];
$email = $row['email'];
$IsMentor = $row['IsMentor'];
// show form
renderForm($id, $username, $firstname, $phonenumber, $email, $IsMentor, $error);
} else {
echo "No results!";
}
} else {
echo 'Error!2';
}
}
?>
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div><!-- PAGE CONTENT ENDS -->
</div><!-- /.col -->
</div><!-- /.row -->
</div><!-- /.page-content -->
</div>
echo "Could not be prepared sql statement";
}
header("Location:list.php");
}
} else {
echo "Error";
}
} else {
// make sure the 'id' value is valid
if (is_numeric($_GET['id']) && $_GET['id'] > 0) {
$id = $_GET['id'];
if ($stmt = $connection->prepare("select * from wordtable where id = ?")) {
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($id, $word, $synonyms, $sentence);
$stmt->fetch();
renderForm($word, $synonyms, $sentence, NULL, $id);
$stmt->close();
} else {
echo "Error: could not prepare SQL statement";
}
} else {
header("Location:list.php");
}
}
}
/*
NEW RECORD
*/
// if the 'id' variable is not set in the URL, we must be creating a new record
$connection->close();
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$supplier_name = $row['supplier_name'];
$supplier_address = $row['supplier_address'];
$supplier_phone = $row['supplier_phone'];
$supplier_email = $row['supplier_email'];
$supplier_website = $row['supplier_website'];
// show form
renderForm($id, $supplier_name, $supplier_address, $supplier_phone, $supplier_email, $supplier_website, $error, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
?>
echo 'Error!';
}
} else {
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM w_scav_chars WHERE id={$id}") or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
// get data from db
$main = $row['main'];
$twinks = $row['twinks'];
// show form
renderForm($id, $main, $twinks, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
?>
</div>
</div>
<div class="right_body">
<div class="box_title"><font color="#018DB8">Menü</font></div>
<div class="box_content">
<?php
require_once 'userlink.php';
} else {
//delete hfs template file
mysql_query("DELETE FROM i_hfs WHERE filename='{$filename}'") or die(mysql_error());
$repo_path = 'repo/';
unlink($repo_path . $filename);
header('Location: hfs.php');
}
} else {
include '../includes.php';
include '../settings.php';
if (isset($_GET['u'])) {
$filename = clean($_GET['u']);
if (!isset($_SESSION['userwd'])) {
header('Location: ../404.php');
} else {
$nick = $_SESSION['userwd'];
$data = mysql_query("SELECT (userwd) FROM i_users WHERE userwd='{$nick}'") or die(mysql_error());
if (mysql_num_rows($data) > 0 && in_array(strtolower($nick), $admin, true)) {
if (isset($_SESSION['xuidPJVE218'])) {
renderForm('', $filename);
} else {
header('Location: index.php');
}
} else {
header('Location: ../404.php');
}
}
} else {
header('Location: users.php');
}
}
// Logged higher up or log this here somehow? TODO
}
if (isset($is_final) && $is_final) {
echo json_encode(array('result' => 'OK', 'id' => $id, 'target' => $target, 'msg' => tt('You succesfully submitted your proposal for %1$s', $project['title']) . (_DEBUG ? showDrupalMessages() : '')));
} else {
$version = $properties['state'] == 'draft' ? t('draft') : t('public');
echo json_encode(array('result' => 'OK', 'id' => $id, 'msg' => ($new ? tt('You succesfully saved a %2$s version of your proposal for %1$s', $project['title'], $version) : tt('You succesfully changed the %2$s version of your proposal for %1$s', $project['title'], $version)) . (_DEBUG ? showDrupalMessages() : '')));
}
} else {
echo jsonBadResult();
}
}
break;
case 'reject_form':
$target = getRequestVar('target');
renderForm(drupal_get_form('vals_soc_reject_form', getRequestVar('id', 0), $target), $target);
break;
case 'reject':
$id = getRequestVar('id', 0, 'post');
$reason = getRequestVar('reason', '', 'post');
$rationale = getRequestVar('rationale', '', 'post');
try {
$good_result = t('You rejected this proposal') . '<script>hideOtherDivsAfterProposalReject(' . $id . ')</script>';
$result = Proposal::getInstance()->rejectProposal($id, $reason, $rationale);
if ($result) {
$props = Proposal::getInstance()->getProposalById($id, true);
module_load_include('inc', 'vals_soc', 'includes/module/vals_soc.mail');
notify_student_and_supervisor_of_proposal_rejection_by_mentor($props);
echo jsonGoodResult(true, $good_result);
} else {
echo jsonBadResult(t('You tried to reject this proposal, but it failed'));
} else {
header("Location: ../?admin=roster");
}
}
//add new
} else {
if (isset($_POST['submit'])) {
$unit = htmlentities($_POST['unit'], ENT_QUOTES);
$image = htmlentities($_POST['image'], ENT_QUOTES);
$about = htmlentities($_POST['about'], ENT_QUOTES);
$about_internal = htmlentities($_POST['about_internal'], ENT_QUOTES);
if ($unit == '' || $image == '') {
$error = 'ERROR: Please fill in all required fields!';
renderForm($unit, $image, $about, $about_internal, $error, $id);
} else {
if ($stmt = $conn->prepare("INSERT roster (unit, image, about, about_internal) VALUES (?, ?, ?, ?)")) {
$stmt->bind_param("ssss", $unit, $image, $about, $about_internal);
$stmt->execute();
$stmt->close();
} else {
echo "ERROR: Could not prepare SQL statement.";
}
header("Location: ../?admin=roster");
}
} else {
renderForm();
}
}
include '../footer.php';
}
}
if (isset($_POST['path'])) {
$originalPath = $_POST['path'];
}
unset($_POST);
$form = drupal_get_form("vals_soc_project_form", $obj, $target);
if ($originalPath) {
$form['#action'] = url($originalPath);
}
// Process the submit button which uses ajax
//$form['submit'] = ajax_pre_render_element($form['submit']);
// Build renderable array
// $build = array(
// 'form' => $form,
// '#attached' => $form['submit']['#attached'], // This will attach all needed JS behaviors onto the page
// );
renderForm($form, $target);
break;
case 'delete':
$type = altSubValue($_POST, 'type', '');
$id = altSubValue($_POST, 'id', '');
if (!isValidOrganisationType($type)) {
echo jsonBadResult(t('There is no such type we can delete'));
} elseif (count(Proposal::getProposalsPerProject($id))) {
echo jsonBadResult(t('You cannot delte the project; there are already students working on a proposal for this project. You can still edit it though.'));
} else {
$result = Groups::removeGroup($type, $id);
ThreadedComments::getInstance()->removethreadsForEntity($id, $type);
echo $result ? jsonGoodResult(true, '', array('extra' => $mine ? array('mine' => 1) : '')) : jsonBadResult();
}
break;
default:
}
if ($search == 1) {
header("Location: search.php?go&name={$name}");
} else {
header("Location: view.php?RowName={$row_select}");
}
} else {
// get the 'address' value from the URL (if it exists), making sure that it is valid
if (isset($_GET['address'])) {
// query db
$address = $_GET['address'];
$result = mysql_query("SELECT * FROM aqn_master_table WHERE address='{$address}' FOR UPDATE") or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'address' matches up with a row in the databse
if ($row) {
// get data from db
$address = $row['address'];
$hostname = $row['hostname'];
$model = $row['model'];
$cab = $row['cab'];
$unit = $row['unit'];
$comments = $row['comments'];
// show form
renderForm($address, $hostname, $model, $cab, $unit, $comments, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
$freenote = '';
}
if ($initUserData['fullname']) {
$fullname = $initUserData['fullname'];
} else {
$fullname = '';
}
if ($initUserData['tagline']) {
$tagline = stripslashes(rtrim($initUserData['tagline']));
} else {
$tagline = '';
}
if ($initSharerData) {
$sharername = $initSharerData['sharername'];
$sharerlink = $initSharerData['sharerlink'];
$sharerdesc = stripslashes(rtrim($initSharerData['sharerdesc']));
} else {
$sharername = '';
$sharerlink = '';
$sharerdesc = '';
}
renderForm($username, '', $email, $sharername, $sharerlink, $sharerdesc, $freenote, $fullname, $tagline);
}
}
} else {
header('Location: 404.php');
}
}
} else {
header('Location: 404.php');
}
<?php
}
/* GET THE FORM */
// make sure the 'id' value is valid
if (is_numeric($_GET['id']) && $_GET['id'] > 0) {
// get 'id' from URL
$id = $_GET['id'];
// get the record from the database
if ($stmt = $mysqli->prepare("SELECT * FROM points WHERE id=?")) {
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($id, $name, $nickname, $currPoints, $addPoints, $remPoints, $reason, $updateDate);
$stmt->fetch();
// show the form
renderForm($name, $nickname, $currPoints, $addPoints, $remPoints, $reason, $updateDate, NULL, $id);
} else {
echo "<p class='error'>Error: could not prepare SQL statement</p>";
}
} else {
echo "<p class='error'>Error: id value not valid</p>";
// header("Location: index.php");
}
/* EDIT RECORD */
if (!isset($_GET['id']) || !isset($_POST['submit'])) {
// echo "<p class='error'>No Data!</p>";
return;
}
if (!is_numeric($_POST['id'])) {
header("Location: index.php");
return;
$error = '<strong>ERROR:</strong> Invalid old password!';
renderForm($error, $username, $tagline);
} else {
if ($newpass1md5 !== $newpass2md5) {
$error = '<strong>ERROR:</strong> Your new password does not match!';
renderForm($error, $username, $tagline);
} else {
mysql_query("UPDATE i_users SET passwd='{$newpass1md5}' WHERE userwd='{$username}'") or die(mysql_error());
$_SESSION['profileUpdate'] = 'Success';
header('Location: edit.php?user='******'');
}
}
}
} else {
if (isset($_SESSION['userwd'])) {
include 'includes.php';
include 'settings.php';
$nickname = $_SESSION['userwd'];
$callUserData = mysql_query("SELECT * FROM i_users WHERE userwd='{$nickname}'") or die(mysql_error());
$initUserData = mysql_fetch_array($callUserData);
if ($initUserData) {
$username = $nickname;
$tagline = stripslashes(rtrim($initUserData['tagline']));
renderForm('', $username, $tagline);
} else {
header('Location 404.php');
}
} else {
header('Location 404.php');
}
}
} else {
// save the data to the database
mysql_query("UPDATE players SET firstname='{$firstname}', lastname='{$lastname}' WHERE id='{$id}'") or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
} else {
// if the 'id' isn't valid, display an error
echo 'Error!';
}
} else {
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM players WHERE id={$id}") or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
// get data from db
$firstname = $row['firstname'];
$lastname = $row['lastname'];
// show form
renderForm($id, $firstname, $lastname, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
if (mysql_num_rows($callShoutData) > 0) {
mysql_query("DELETE FROM i_shouts WHERE username='******'") or die(mysql_error());
}
//delete userdata
$deleteUserData = mysql_query("DELETE FROM i_users WHERE userwd='{$nickname}'") or die(mysql_error());
header('Location: users.php');
}
} else {
include '../includes.php';
include '../settings.php';
if (isset($_GET['u'])) {
$deleteUser = clean($_GET['u']);
if (!isset($_SESSION['userwd'])) {
header('Location: ../404.php');
} else {
$nick = $_SESSION['userwd'];
$data = mysql_query("SELECT (userwd) FROM i_users WHERE userwd='{$nick}'") or die(mysql_error());
if (mysql_num_rows($data) > 0 && in_array(strtolower($nick), $admin, true)) {
if (isset($_SESSION['xuidPJVE218'])) {
renderForm('', $deleteUser);
} else {
header('Location: index.php');
}
} else {
header('Location: ../404.php');
}
}
} else {
header('Location: users.php');
}
}
$cost = $_POST['cost'];
if ($pick == '' || $cost == '') {
$error = 'ERROR: Please fill in all required fields!';
renderForm($id, $pick, $cost, $error);
} else {
$sql1 = "UPDATE pick SET pick='{$pick}', pickcost='{$cost}' WHERE id='{$id}'";
$result = $link->query($sql1);
header("Location: viewlocation.php");
}
} else {
$error = 'ERROR!!!!!!!!';
echo 'Error!';
}
} else {
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
$id = $_GET['id'];
$sql = "SELECT * FROM pick WHERE id={$id}";
$result = $link->query($sql);
$i = $result->fetch_assoc();
if ($i) {
$pick = $i['pick'];
$cost = $i['pickcost'];
renderForm($id, $pick, $cost, '');
} else {
echo "No results!";
}
} else {
$error = "ERROR no id selected!!!!!";
echo $error;
}
}
unset($fyr_values['submitSendFax']);
}
// Display it
if ($on_page == "write") {
$options = cobrand_write_form_options($cobrand);
if (!isset($writeForm)){
$writeForm = buildWriteForm($options);
}
$writeForm->setDefaults(array('body' => default_body_text()));
$writeForm->setConstants($fyr_values);
renderForm($writeForm, "writeForm", $options);
} elseif ($on_page == "preview") {
$options = cobrand_preview_form_options($cobrand);
$previewForm = buildPreviewForm($options);
renderForm($previewForm, "previewForm", $options);
} elseif ($on_page == "sendfax") {
submitFaxes();
} else {
template_show_error(
'Sorry. An error has occurred: on_page "'
. htmlspecialchars($on_page) .
'". Please get in touch with us at
<a href="mailto:team@writetothem.com">team@writetothem.com</a>,
quoting this message. You can <a href="/">try again from the
beginning</a>.'
);
}
?>
<strong>Upload an Image: </strong> <input type="file"><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include 'connect-db.php';
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {
// get form data, making sure it is valid
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
$lastname = mysql_real_escape_string(htmlspecialchars($_POST['lastname']));
// check to make sure both fields are entered
if ($firstname == '' || $lastname == '') {
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($firstname, $lastname, $error);
} else {
// save the data to the database
mysql_query("INSERT players SET firstname='{$firstname}', lastname='{$lastname}'") or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
} else {
renderForm('', '', '');
}
$product_p3 = $row ? number_format(floatval($row['product_p3']), 2, ".", "") : "0.00";
$product_q4 = $row ? floatval($row['product_q4']) : "0";
$product_p4 = $row ? number_format(floatval($row['product_p4']), 2, ".", "") : "0.00";
$product_q5 = $row ? floatval($row['product_q5']) : "0";
$product_p5 = $row ? number_format(floatval($row['product_p5']), 2, ".", "") : "0.00";
$product_q6 = $row ? floatval($row['product_q6']) : "0";
$product_p6 = $row ? number_format(floatval($row['product_p6']), 2, ".", "") : "0.00";
$product_q7 = $row ? floatval($row['product_q7']) : "0";
$product_p7 = $row ? number_format(floatval($row['product_p7']), 2, ".", "") : "0.00";
$product_q8 = $row ? floatval($row['product_q8']) : "0";
$product_p8 = $row ? number_format(floatval($row['product_p8']), 2, ".", "") : "0.00";
$product_purchased = $row ? intval($row['product_purchased']) : "0";
$product_soh = $row ? intval($row['product_soh']) : "0";
$product_reorder = $row ? intval($row['product_reorder']) : "0";
$product_sold = $row ? intval($row['product_sold']) : "0";
$product_adjusted = $row ? intval($row['product_adjusted']) : "0";
$product_weight = $row ? number_format(floatval($row['product_weight']), 2, ".", "") : "0.00";
$quick_sale = $row ? $row['quick_sale'] : "N";
$quick_sale_price = $row ? number_format(floatval($row['quick_sale_price']), 2, ".", "") : "0.00";
$product_image = $row ? $row['product_image'] : "";
$product_type = $row ? $row['product_type'] : "P";
$product_cost = $row ? number_format(floatval($row['product_cost']), 2, ".", "") : "0.00";
$freight_cost = $row ? number_format(floatval($row['freight_cost']), 2, ".", "") : "0.00";
$member_disc = $row ? $row['member_disc'] : "Y";
$follow_up = $row ? $row['follow_up'] : "N";
$has_serial = $row ? $row['has_serial'] : "N";
$web_sale = $row ? $row['web_sale'] : "Y";
$web_special = $row ? $row['web_special'] : "N";
// show form
renderForm($id, $product_name, $product_code, $product_alias, $product_category, $product_subcategory, $product_desc, $product_supplier, $product_suppliercode, $product_active, $product_stocked, $product_pricebreak, $product_q1, $product_p1, $product_q2, $product_p2, $product_q3, $product_p3, $product_q4, $product_p4, $product_q5, $product_p5, $product_q6, $product_p6, $product_q7, $product_p7, $product_q8, $product_p8, $product_purchased, $product_soh, $product_reorder, $product_sold, $product_adjusted, $product_weight, $quick_sale, $quick_sale_price, $product_image, $product_type, $product_cost, $freight_cost, $web_sale, $web_special, $member_disc, $follow_up, $has_serial, $error);
}
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=category-list.php">';
}
} else {
// if the 'id' isn't valid, display an error
echo 'Error!';
}
} else {
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0) {
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM category WHERE id={$id}") or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
// get data from db
$category_name = $row['category_name'];
$category_type = $row['category_type'];
// show form
renderForm($id, $category_name, $category_type, $error, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
?>
</div>
function showProjectPage($show_last = FALSE, $owner_only = false)
{
global $base_url;
//TODO check for the role of current user
$role = getRole();
if (!Users::isMentor()) {
//true for both mentors and organisation admins. Also, they will see their own stuff only
echo t('You are not allowed to see the projects in this view.');
return;
}
//Get my groups
$my_organisations = Groups::getGroups(_ORGANISATION_GROUP);
if (!$my_organisations->rowCount()) {
//There are no organisations yet for this user
if ($role == _ORGADMIN_TYPE) {
echo t('You have no organisation yet.') . '<br/>';
echo "<a href='" . _WEB_URL . "/dashboard/organisation/administer'>" . t('Please go to the organisation register page') . "</a>";
} else {
echo t('You are not connected to any organisation yet.') . '<br/>';
echo "<a href='" . _WEB_URL . "/user/" . Users::getMyId() . "/edit'>" . t('Please edit your account to connect') . "</a>";
}
} else {
$show_all = !(bool) $owner_only;
$owner_id = $GLOBALS['user']->uid;
$orgs = array();
$orgids = array();
foreach ($my_organisations as $org) {
$orgs[] = $org;
$orgids[] = $org->org_id;
}
$projects = Project::getProjectsByUser($owner_id, $orgids, $show_all);
//$my_organisations->fetchCol());
if (!$projects) {
echo $owner_only ? t('You have no project yet registered') : t('There are no projects yet registered.');
echo $owner_only ? "<BR>" . '<a href="' . $base_url . '/dashboard/projects/administer" ' . 'title="Manage all my organisation\'s projects">Manage all my organisation\'s projects</a>' : '';
echo '<h2>' . t('Add a project') . '</h2>';
$tab_prefix = 'project_page-';
$target = "{$tab_prefix}1";
$form = drupal_get_form("vals_soc_project_form", '', 'project_page-1');
$form['submit'] = ajax_pre_render_element($form['submit']);
$add_tab = renderForm($form, $target, true);
$data = array();
$data[] = array(1, 'Add', 'add', _PROJECT_OBJ, '0', "target=admin_container", true, 'adding from the right');
echo renderTabs(1, null, 'project_page-', _PROJECT_OBJ, $data, null, TRUE, $add_tab, 1, _PROJECT_OBJ);
?>
<script type="text/javascript">
transform_into_rte();
activatetabs('tab_', ['project_page-1']);
</script><?php
} else {
echo "<a href='" . _WEB_URL . "/dashboard/projects/administer'>" . t('Show all') . "</a>";
echo " | ";
echo "<a href='" . _WEB_URL . "/dashboard/projects/administer/mine'>" . t('Show only mine') . "</a>";
$org = 1;
$show_org_title = $my_organisations->rowCount() > 1;
$org_key = AbstractEntity::keyField(_ORGANISATION_GROUP);
foreach ($orgs as $organisation) {
$projects = Project::getProjectsByUser($owner_id, array($organisation->{$org_key}), $show_all);
showOrganisationProjects($org, $projects, $organisation, $show_org_title, $show_last, TRUE, $owner_only);
$org++;
}
}
}
}
// query db
$user_id = $_GET['user_id'];
$sql = "select * from user_tbl where user_id = {$user_id}";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if ($row) {
// get data from db
$user_id = $row['user_id'];
$fname = $row['fname'];
$lname = $row['lname'];
$loc = $row['location'];
$uname = $row['username'];
// show form
//$defination_id, $word_id, $definition, $user_id, $error
renderForm($user_id, $fname, $lname, $loc, $uname, '');
} else {
echo "No results!";
}
} else {
echo 'Error!';
}
}
?>
<script type="text/javascript">
function autocomplet() {
var min_length = 0; // min caracters to display the autocomplete
var keyword = $('#loc').val();
if (keyword.length >= min_length) {
$.ajax({
