function reject() { global $message; $id = $_POST['pk1']; $messageid = $_POST['pk2']; $sql = "SELECT A.weeknumber, A.memberid, A.swapmemberid " . "FROM {$_SESSION['DB_PREFIX']}oncallswap A " . "WHERE A.id = {$id}"; $result = mysql_query($sql); if ($result) { /* Show children. */ while ($member = mysql_fetch_assoc($result)) { $qry = "UPDATE {$_SESSION['DB_PREFIX']}oncallswap " . "SET agreed = 'X', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$id}"; $itemresult = mysql_query($qry); if (!$itemresult) { logError($qry . " = " . mysql_error()); } $qry = "UPDATE {$_SESSION['DB_PREFIX']}messages " . "SET status = 'R', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$messageid}"; $itemresult = mysql_query($qry); if (!$itemresult) { logError($qry . " = " . mysql_error()); } sendInternalUserMessage($member['memberid'], "On Call Swap Request", "Your request for on call cover for week " . $member['weeknumber'] . " has been rejected by " . GetUserName($member['swapmemberid'])); $message = "Request has been rejected"; } } }
function showColumn() { $id = $_POST['gridid']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}applicationtablecolumns SET hidecolumn = 0, metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " WHERE id = {$id}"; $result = mysql_query($qry); if (!$result) { logError($qry . " - " . mysql_error()); } }
public function postAddScriptEvent() { ?> var myDate = new Date(); var prettyDate = padZero(myDate.getDate()) + '/' + padZero((myDate.getMonth() + 1)) + '/' + myDate.getFullYear(); $("#memberid").val("<?php echo getLoggedOnMemberID(); ?> ").trigger("change"); $("#requesteddate").val(prettyDate).trigger("change"); $("#startdate").val(prettyDate).trigger("change"); $("#enddate").val(prettyDate).trigger("change"); $("#startdate_half").attr("checked", true).trigger("change"); $("#enddate_half").attr("checked", true).trigger("change"); <?php }
public function preCommandEvent() { if (isset($_POST['rolecmd'])) { if (isset($_POST['roles'])) { $counter = count($_POST['roles']); } else { $counter = 0; } $memberid = $_POST['memberid']; $qry = "DELETE FROM {$_SESSION['DB_PREFIX']}userroles WHERE memberid = {$memberid}"; $result = mysql_query($qry); if (!$result) { logError(mysql_error()); } for ($i = 0; $i < $counter; $i++) { $roleid = $_POST['roles'][$i]; $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles (memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES ({$memberid}, '{$roleid}', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = mysql_query($qry); } } }
function logout() { start_db(); if (isAuthenticated()) { $qry = "UPDATE {$_SESSION['DB_PREFIX']}loginaudit SET " . "timeoff = NOW(), metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = " . $_SESSION['SESS_LOGIN_AUDIT'] . ""; $result = mysql_query($qry); } session_unset(); $_SESSION['ROLES'][] = 'PUBLIC'; }
require_once "tinymce.php"; ?> <!-- Start of content --> <?php if (isset($_POST['domainurl'])) { $runscheduledays = mysql_escape_string($_POST['runscheduledays']); $domainurl = mysql_escape_string($_POST['domainurl']); $emailfooter = mysql_escape_string($_POST['emailfooter']); $address = mysql_escape_string($_POST['address']); $bookingprefix = $_POST['bookingprefix']; $refereereportemail = $_POST['refereereportemail']; $invoiceprefix = $_POST['invoiceprefix']; $maintenancemode = $_POST['maintenancemode']; $vatrate = $_POST['vatrate']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}siteconfig SET " . "domainurl = '{$domainurl}', " . "vatrate = {$vatrate}, " . "address = '{$address}', " . "bookingprefix = '{$bookingprefix}', " . "refereereportemail = '{$refereereportemail}', " . "invoiceprefix = '{$invoiceprefix}', " . "maintenancemode = '{$maintenancemode}', " . "runscheduledays = '{$runscheduledays}', " . "emailfooter = '{$emailfooter}', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . ""; $result = mysql_query($qry); if (!$result) { logError("UPDATE {$_SESSION['DB_PREFIX']}siteconfig:" . $qry . " - " . mysql_error()); } unset($_SESSION['SITE_CONFIG']); } $qry = "SELECT *, DATE_FORMAT(lastschedulerun, '%d/%m/%Y') AS lastschedulerun FROM {$_SESSION['DB_PREFIX']}siteconfig"; $result = mysql_query($qry); if ($result) { while ($member = mysql_fetch_assoc($result)) { ?> <form id="contentForm" name="contentForm" method="post" class="entryform"> <label>Domain URL</label> <input required="true" type="text" class="textbox90" id="domainurl" name="domainurl" value="<?php echo $member['domainurl'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}team SET \n\t\t\t\t\tfirstname = '{$fname}', \n\t\t\t\t\tlastname = '{$lname}',\n\t\t\t\t\ttelephone = '{$landline}',\n\t\t\t\t\temail = '{$email}'\n\t\t\t\t\tWHERE id = {$clubid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE team failed ({$qry}):" . mysql_error()); } } mysql_query("COMMIT"); sendUserMessage(getLoggedOnMemberID(), "User Registration", "User " . $_POST['login'] . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome " . $_POST['fname'] . " " . $_POST['lname'] . ".</h3><br>You have been invited to become a member of 'Harrow Youth Football League'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : " . $_POST['login'] . "<br>Password : "******"location: system-register-success.php"); } else { logError("1 Query failed:" . mysql_error()); } } else { $memberid = $_GET['id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}members \n\t\t\t\tSET email = '{$email}', \n\t\t\t\tlandline = '{$landline}', \n\t\t\t\tfirstname = '{$fname}', \n\t\t\t\tlastname = '{$lname}', \n\t\t\t\tlastaccessdate = NOW() "; if ($password != "") { $qry .= ", passwd = '" . md5($password) . "' "; } $qry .= "WHERE member_id = {$memberid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE members failed:" . mysql_error()); } $_SESSION['SESS_FIRST_NAME'] = $fname; $_SESSION['SESS_LAST_NAME'] = $lname; sendUserMessage(getLoggedOnMemberID(), "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended.<br>"); header("location: system-register-amend.php"); } //Check whether the query was successful or not
$fullname = $fname . " " . $lname; //Create INSERT query $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}members \n\t\t\t\t(\n\t\t\t\tfirstname, lastname, fullname, login, passwd, mobile,\n\t\t\t\temail, holidayentitlement, accepted, guid, status, \n\t\t\t\tmetacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid\n\t\t\t\t) \n\t\t\t\tVALUES\n\t\t\t\t(\n\t\t\t\t'{$fname}','{$lname}', '{$fullname}', '{$login}', '{$pwd}', '{$mobile}',\n\t\t\t\t'{$email}', {$entitlement}, 'Y', '{$guid}', 'Y', \n\t\t\t\tNOW(), {$loggedon}, NOW(), {$loggedon}\n\t\t\t\t)"; $result = @mysql_query($qry); $memberid = mysql_insert_id(); if (!$result) { logError("{$qry} - " . mysql_error()); } //Create INSERT query $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, 'PUBLIC', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = @mysql_query($qry); $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, 'USER', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = @mysql_query($qry); if (isset($_POST['accounttype'])) { $accountrole = $_POST['accounttype']; $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, '{$accountrole}', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = @mysql_query($qry); } sendRoleMessage("ADMIN", "User Registration", "User " . $login . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome {$fname} {$lname}.</h3><br>You have been invited to become a member of 'Schokolat'.<br><br><h4>Login details</h4>User ID : {$login}<br>Password : "******"location: system-register-success.php"); } else { logError("1 Query failed:" . mysql_error()); } } else { $memberid = $_GET['id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}members \n\t\t\t\tSET email = '{$email}', \n\t\t\t\tfirstname = '{$fname}', \n\t\t\t\tlastname = '{$lname}', \n\t\t\t\tmobile = '{$mobile}',\n\t\t\t\tlastaccessdate = NOW(),\n\t\t\t\tpasswd = '{$pwd}', \n\t\t\t\tmetamodifieddate = NOW(), \n\t\t\t\tmetamodifieduserid = {$loggedon}\n\t\t\t\tWHERE member_id = {$memberid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE members failed:" . mysql_error());
$("#frmpost").submit(); } </SCRIPT> <form method="POST" id="frmpost" name="frmpost"> <input type="hidden" name="mailcommand" id="mailcommand" /> <table width='100%' cellspacing=4> <?php if (!isset($_GET['mode']) || $_GET['mode'] == "I") { $qry = "SELECT A.id, A.replied, A.status, A.subject, A.message, A.from_member_id, A.to_member_id, " . "DATE_FORMAT(A.createddate, '%m/%d/%Y') AS createddate, A.action, " . "B.firstname AS fromfirstname, B.lastname AS fromlastname, B.imageid AS fromimageid, " . "C.firstname AS tofirstname, C.lastname AS tolastname, C.imageid AS toimageid " . "FROM {$_SESSION['DB_PREFIX']}messages A " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members C " . "ON C.member_id = A.to_member_id " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members B " . "ON B.member_id = A.from_member_id " . "WHERE A.to_member_id = " . getLoggedOnMemberID() . " " . "AND (A.deleted != 'Y' OR A.deleted IS NULL) " . "ORDER BY A.createddate DESC"; } else { if (isset($_GET['mode']) && $_GET['mode'] == "S") { $qry = "SELECT A.id, A.replied, A.status, A.subject, A.message, A.from_member_id, A.to_member_id, " . "DATE_FORMAT(A.createddate, '%m/%d/%Y') AS createddate, A.action, " . "B.firstname AS fromfirstname, B.lastname AS fromlastname, B.imageid AS fromimageid, " . "C.firstname AS tofirstname, C.lastname AS tolastname, C.imageid AS toimageid " . "FROM {$_SESSION['DB_PREFIX']}messages A " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members C " . "ON C.member_id = A.to_member_id " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members B " . "ON B.member_id = A.from_member_id " . "WHERE A.from_member_id = " . getLoggedOnMemberID() . " " . "AND (A.deleted != 'Y' OR A.deleted IS NULL) " . "ORDER BY A.createddate DESC"; } else { if (isset($_GET['mode']) && $_GET['mode'] == "D") { $qry = "SELECT A.id, A.replied, A.status, A.subject, A.message, A.from_member_id, A.to_member_id, " . "DATE_FORMAT(A.createddate, '%m/%d/%Y') AS createddate, A.action, " . "B.firstname AS fromfirstname, B.lastname AS fromlastname, B.imageid AS fromimageid, " . "C.firstname AS tofirstname, C.lastname AS tolastname, C.imageid AS toimageid " . "FROM {$_SESSION['DB_PREFIX']}messages A " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members C " . "ON C.member_id = A.to_member_id " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members B " . "ON B.member_id = A.from_member_id " . "WHERE A.to_member_id = " . getLoggedOnMemberID() . " " . "AND A.deleted = 'Y' " . "ORDER BY A.createddate DESC"; } } } $result = mysql_query($qry); if (!$result) { logError("Error: " . mysql_error()); } //Check whether the query was successful or not if ($result) { while ($member = mysql_fetch_assoc($result)) { ?> <tr class='mailtable' status='<?php echo $member['status']; ?> '>
<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 cellPadding=0 width=1014 align=left > <TR> <TD style="BACKGROUND: url(images/shadow_lft.png)" width=17> </TD> <TD> <div class="tail-top"> <!-- header --> <?php if (isAuthenticated()) { ?> <div id="header" class='header1'> <?php $qry = "UPDATE {$_SESSION['DB_PREFIX']}members SET " . "lastaccessdate = NOW(), metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = " . $_SESSION['SESS_MEMBER_ID'] . ""; $result = mysql_query($qry); $qry = "UPDATE {$_SESSION['DB_PREFIX']}loginaudit SET " . "timeoff = NOW(), metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = " . $_SESSION['SESS_LOGIN_AUDIT'] . ""; $result = mysql_query($qry); ?> <div id="toppanel"> <label class="prefix">logged on: </label> <label> <a href='profile.php'> <?php echo getUserName(); ?> </a> <span> | <a href='system-logout.php'>logout</a> </span> </label> </div>
public function insert() { try { $qry = "INSERT INTO " . $this->table . " ("; $first = true; foreach ($this->columns as $col) { if ($col['bind']) { if ($first) { $first = false; } else { $qry = $qry . ", "; } $qry = $qry . $col['name']; } } $qry = $qry . ", metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES ("; $first = true; foreach ($this->columns as $col) { if ($col['bind']) { if ($first) { $first = false; } else { $qry = $qry . ", "; } if ($col['type'] == "IMAGE") { $qry = $qry . "'" . getImageData($col['name']) . "'"; } else { if ($col['type'] == "FILE") { $qry = $qry . "'" . getFileData($col['name']) . "'"; } else { if ($col['type'] == "PASSWORD") { $qry = $qry . "'" . md5($_POST[$col['name']]) . "'"; } else { if ($col['type'] == "CHECKBOX") { $qry = $qry . (isset($_POST[$col['name']]) ? $_POST[$col['name']] == "on" ? 1 : 0 : 0); } else { if (isset($_POST[$col['name']])) { if ($col['datatype'] == "timestamp" || $col['datatype'] == "") { $mysql_date = convertStringToDate($_POST[$col['name']]); $mysql_time = $_POST[$col['name'] . "_time"]; $qry = $qry . "'" . mysql_escape_string($mysql_date) . " {$mysql_time}'"; } else { if ($col['datatype'] == "date") { $mysql_date = convertStringToDate($_POST[$col['name']]); $qry = $qry . "'" . mysql_escape_string($mysql_date) . "'"; } else { $qry = $qry . "'" . mysql_escape_string($_POST[$col['name']]) . "'"; } } } else { if ($col['default'] == "TODAY") { $qry = $qry . "NOW()"; } else { if ($col['default'] == "USER") { $qry = $qry . getLoggedOnMemberID(); } else { $qry = $qry . "'" . mysql_escape_string($col['default']) . "'"; } } } } } } } } } $memberid = getLoggedOnMemberID(); $qry = $qry . ", NOW(), {$memberid}, NOW(), {$memberid})"; $result = mysql_query($qry); if (!$result) { logError($qry . " = " . mysql_error()); } $this->postInsertEvent(); } catch (Exception $e) { $this->errorDescriptions[] = $e->getMessage(); } }
$("#notes").val(node.notes); $("#detaildialog").dialog("open"); } } ); } }, dayClick: function(date, element, view) { <?php ?> $("#eventid").val(""); $("#userid").val("<?php echo getLoggedOnMemberID(); ?> "); $("#startdate").val(formatDate(date)); $("#enddate").val(formatDate(date)); tinyMCE.get("notes").setContent(""); $("#detaildialog").dialog("open"); <?php ?> }, events: function(start, end, callback) { var startYear = start.getYear(); var endYear = end.getYear();
<?php require_once "system-db.php"; start_db(); sendRoleMessage("ALERT", "Daily alert task schedule", "Information: Alerts task schedule run at " . date("d/m/Y")); /********************************************************************* END OF SCHEDULE **************************************/ $qry = "UPDATE {$_SESSION['DB_PREFIX']}siteconfig SET lastschedulerun = CURDATE(), metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . ""; $result = mysql_query($qry); if (!$result) { logError("Error: " . mysql_error(), false); }
} } if ($clubid != 0) { $qry = "UPDATE {$_SESSION['DB_PREFIX']}team SET \n\t\t\t\t\tfirstname = '{$fname}', \n\t\t\t\t\tlastname = '{$lname}',\n\t\t\t\t\ttelephone = '{$landline}',\n\t\t\t\t\temail = '{$email}'\n\t\t\t\t\tWHERE id = {$clubid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE team failed ({$qry}):" . mysql_error()); } } mysql_query("COMMIT"); sendUserMessage(getLoggedOnMemberID(), "User Registration", "User " . $_POST['login'] . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome " . $_POST['fname'] . " " . $_POST['lname'] . ".</h3><br>You have been invited to become a member of 'Harrow Youth Football League'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : " . $_POST['login'] . "<br>Password : "******"location: system-register-success.php"); } else { logError("1 Query failed:" . mysql_error()); } } else { $memberid = $_GET['id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}members \n\t\t\t\tSET email = '{$email}', \n\t\t\t\tfirstname = '{$fname}', \n\t\t\t\tlastname = '{$lname}', \n\t\t\t\tlastaccessdate = NOW(),\n\t\t\t\tpasswd = '" . md5($password) . "'\n\t\t\t\tWHERE member_id = {$memberid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE members failed:" . mysql_error()); } $_SESSION['SESS_FIRST_NAME'] = $fname; $_SESSION['SESS_LAST_NAME'] = $lname; sendUserMessage(getLoggedOnMemberID(), "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>."); sendUserMessage($memberid, "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>."); header("location: system-register-amend.php"); } //Check whether the query was successful or not
function showCalendar($currentRota) { ?> <script> var rotaid = 0; $(document).ready(function() { $("#detaildialog").dialog({ modal: true, width: 400, autoOpen: false, title: "Details", buttons: { Ok: function() { callAjax( "saverotadata.php", { rotaid: rotaid, eventid: $("#eventid").val(), userid: $("#userid").val(), notes: "", startdate: $("#startdate").val(), enddate: $("#enddate").val(), watch: $("#watch").val() }, function(items) { $("#calendar").fullCalendar('refetchEvents'); }, false ); $(this).dialog("close"); }, "Remove": function() { callAjax( "removerotadata.php", { eventid: $("#eventid").val() }, function(items) { $("#calendar").fullCalendar('refetchEvents'); }, false ); $(this).dialog("close"); }, Cancel: function() { $(this).dialog("close"); } } }); $("#bidbutton").click( function() { callAjax( "savebid.php", { bid: $("#bid").val() }, function(data) { } ); } ); $('#calendar').fullCalendar({ editable: true, aspectRatio: 2.1, allDayDefault: false, header: { left: 'prev,next today', center: 'title', right: '' }, eventRender: function(event, element) { element.attr('title', "Click to view " + event.title); }, eventClick: function(calEvent, jsEvent, view) { if (calEvent.id != 0) { callAjax( "finddata.php", { sql: "SELECT A.id, A.userid, A.watch, " + "DATE_FORMAT(A.startdate, '%d/%m/%Y') AS startdate, " + "DATE_FORMAT(A.enddate, '%d/%m/%Y') AS enddate " + "FROM <?php echo $_SESSION['DB_PREFIX']; ?> rotaitem A " + "WHERE A.id = " + calEvent.id }, function(data) { if (data.length > 0) { var node = data[0]; $("#eventid").val(node.id); $("#userid").val(node.userid); $("#startdate").val(node.startdate); $("#enddate").val(node.enddate); $("#watch").val(node.watch); $("#detaildialog").dialog("open"); } } ); } }, dayClick: function(date, element, view) { <?php ?> $("#eventid").val(""); $("#userid").val("<?php echo getLoggedOnMemberID(); ?> "); $("#startdate").val(formatDate(date)); $("#enddate").val(formatDate(date)); $("#watch").val("B"); $("#detaildialog").dialog("open"); <?php ?> }, events: function(start, end, callback) { var startYear = start.getYear(); var endYear = end.getYear(); if (startYear < 2000) { startYear += 1900; } if (endYear < 2000) { endYear += 1900; } var startDate = startYear + "-" + padZero(start.getMonth() + 1) + "-" + padZero(start.getDate()); var endDate = endYear + "-" + padZero(end.getMonth() + 1) + "-" + padZero(end.getDate()); callAjax( "findrotaid.php", { startdate: startDate, enddate: endDate }, function(data) { if (data.length > 0) { rotaid = data[0].id; } }, false ); $.ajax({ type: 'POST', url: 'currentrotadata.php', async: false, dataType:'json', data: { rotaid: rotaid }, error: function(error) { alert('there was an error while fetching events'); }, success: function(msg) { var events = []; for(var c = 0; c < msg.length; c++){ var item = msg[c]; events.push({ id: item.id, title: item.title, allDay: item.allDay == "true" ? true : false, start: item.start, end: item.end, editable: true, className: item.className }); } callback(events); var found = false; var days = 0; $(".fc-widget-content").each(function() { var dayn = $(this).find(".fc-day-number").html(); if (! found && dayn == 6) { found = true; } if (found && dayn == 6 && days > 1) { found = false; } if (found) { $(this).css("background-color", "yellow"); } else { $(this).css("background-color", "red"); } if (found) { days++; } }); } }); } }); }); </script> <?php }
function getFilteredData($sql) { if (!isset($_SESSION['SITE_CONFIG'])) { return $sql; } $parser = new PHPSQLParser($sql); $tablealias = null; $data = getSiteConfigData(); foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_members") { if ($table['alias'] != "") { $tablealias = $table['alias']['name']; } else { $tablealias = $table['table']; } } } // echo $sql . "\n"; // print_r($parser->parsed); if (!isset($parser->parsed['WHERE'])) { /* Create where clause. */ $parser->parsed['WHERE'] = array(); } else { /* Add to the where clause. */ $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "AND", "sub_tree" => ""); } if (isUserInRole($data->adminrole) || isUserInRole($data->managementrole)) { /* Do nothing, access rights to all. */ return $sql; } if (isUserInRole($data->trainingmanagementrole)) { /* Not restricted by anything training related. * Page roles will prevent access to parts of the system * that are not appropriate to training management. */ return $sql; } if (isUserInRole($data->officeadminrole)) { /* Restricted to. * Personal details for APPRAISALS only. */ foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] != "horizon_appraisal") { $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""); } } } if (isUserInRole($data->compliancerole)) { foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_holiday") { /* Compliance don't restrict holidays */ return $sql; } } /* Restricted to. * All technicians and team leaders. */ $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); } else { if (isUserInRole($data->regionalservicemanagerrole)) { /* Restricted to. * All personnel and team leaders. */ $parser->parsed['OPTIONS'][] = "DISTINCT"; $parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userteams", "alias" => array("as" => "", "name" => "horizon_userteams", "base_expr" => "horizon_userteams"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.teamid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""))); } else { if (isUserInRole($data->officerole)) { $appraisal = false; foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_appraisal") { /* Compliance don't restrict holidays */ $appraisal = true; } } if (!$appraisal) { return $sql; } /* Restricted to. * All technicians and team leaders. */ $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); } else { if (isUserInRole($data->officemanagerrole)) { /* Restricted to. * All personnel and team leaders. */ $parser->parsed['OPTIONS'][] = "DISTINCT"; $parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userroles", "alias" => array("as" => "", "name" => "horizon_userroles", "base_expr" => "horizon_userroles"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""))); $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.roleid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->officepersonnelrole . "'", "sub_tree" => ""))); } else { if (isUserInRole($data->teamleaderrole)) { /* Restricted to. * Team personnel and themselves. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => ""); } else { if (isUserInRole($data->areacoordinatorrole)) { /* Restricted to. * Team personnel and themselves. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => ""); } else { /* Restricted to. * Technician Level 1 – Personal details. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""); } } } } } } $creator = new PHPSQLCreator($parser->parsed); $created = $creator->created; return $created; }
<?php include "system-header.php"; if (isset($_POST['user'])) { $guid = $_GET['key']; $login = $_POST['user']; $passwd = md5($_POST['password']); $qry = "SELECT * " . "FROM {$_SESSION['DB_PREFIX']}members " . "WHERE accepted = 'N' " . "AND login = '******' " . "AND passwd = '{$passwd}' " . "AND guid = '{$guid}'"; $result = mysql_query($qry); if ($result) { while ($member = mysql_fetch_assoc($result)) { $memberid = $member['member_id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET accepted = 'Y', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = {$memberid}"; $itemresult = mysql_query($qry); if (!$itemresult) { logError($qry . " = " . mysql_error()); } sendUserMessage($memberid, "User Registration", "Welcome to Oracle logs.<br>Your user registration has been accepted."); echo "<h4>Welcome to Oracle logs.<br>Your user registration has been accepted.</h4>"; } } } else { ?> <form method="POST" id="activateform" name="activateform" class="entryform"> <table> <tr> <td>Login</td> <td> <input required="true" type="text" id="user" name="user" /> </td> </tr>
$result = mysql_query($qry); //Check whether the query was successful or not if ($result) { if (mysql_num_rows($result) == 1) { $member = mysql_fetch_assoc($result); $memberid = $member['member_id']; srand(time()); for ($i = 0; $i < 10; $i++) { $random = rand() % 52; if ($random > 26) { $random = $random - 26; $random = $random + 32; } $word = $word . chr($random + 65); } $qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET passwd = '" . md5($word) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = {$memberid}"; $result = mysql_query($qry); if (!$result) { logError("Error RESET PASSWORD:"******" - " . mysql_error()); } $errmsg_arr[] = "An email has been sent with a reset password."; sendUserMessage($memberid, "Password reset", "Your password has been reset to {$word}.<br>Please contact your system administrator if you have any problems."); sendRoleMessage("ADMIN", "Password reset", "User {$login} has had the password reset to {$word}."); } else { $errmsg_arr[] = "Invalid user."; } } else { $errmsg_arr[] = "Invalid user."; } } $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
public function postAddScriptEvent() { ?> $("#customerid").val("").trigger("change"); $("#clientid").val("").trigger("change"); $("#crudaddbutton").show(); $("#revision").val("1"); $("#deliverycharge").val("0.00"); $("#discount").val("0.00"); $("#total").val("0.00"); $("#orderdate").val("<?php echo date("d/m/Y"); ?> "); $("#takenbyid").val("<?php echo getLoggedOnMemberID(); ?> "); $("#invoiceitemdialog input, #invoiceitemdialog select").removeAttr("disabled"); itemArray = []; populateTable(); <?php }
$j33number = ""; $casenumber = ""; $parties = ""; if (!$result) { logError("Error: " . mysql_error()); } //Check whether the query was successful or not while ($member = mysql_fetch_assoc($result)) { $j33number = $member['j33number']; $casenumber = $member['casenumber']; $parties = $member['plaintiff']; } for ($ix = 0; $ix < count($_POST["notificationid"]); $ix++) { $description = "<h3>Typist Invoice Upload.</h3><table>"; $description .= "<tr><td><b>J33 Number : </b></td><td>{$j33number}</td></tr>"; $description .= "<tr><td><b>Case Number : </b></td><td>{$casenumber}</td></tr>"; $description .= "<tr><td><b>Parties : </b></td><td>{$parties}</td></tr>"; $description .= "<tr><td><b>Pages : </b></td><td>{$page}</td></tr>"; $description .= "</table><h4>Invoice has been uploaded by " . GetUserName() . "</h4>"; sendInternalUserMessage($_POST["notificationid"][$ix], "Typist Invoice", $description); } } else { $qry = "UPDATE {$_SESSION['DB_PREFIX']}typistinvoices SET " . "pages = {$page}, metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$pageid}"; $result = mysql_query($qry); if (!$result) { logError($qry); } } } array_push($json, array("pages" => $totalpage)); echo json_encode($json);
$ratepitchcondition = $_POST['ratepitchcondition']; $rategoalsize = $_POST['rategoalsize']; $ratechangingrooms = $_POST['ratechangingrooms']; $complycodes = isset($_POST['complycodes']) && $_POST['complycodes'] == "on" ? 1 : 0; $pitchsize = isset($_POST['pitchsize']) && $_POST['pitchsize'] == "on" ? 1 : 0; $requiredbarriers = isset($_POST['requiredbarriers']) && $_POST['requiredbarriers'] == "on" ? 1 : 0; $opponentids = isset($_POST['opponentids']) && $_POST['opponentids'] == "on" ? 1 : 0; $refappointedbyleague = $_POST['refappointedbyleague']; $refereeid = $_POST['refereeid']; $referee = mysql_escape_string($_POST['refereeid_lazy']); $division = mysql_escape_string($_POST['division']); $refereescore = $_POST['refereescore']; $remarks = mysql_escape_string($_POST['remarks']); $refereeremarks = mysql_escape_string($_POST['refereeremarks']); $teamid = getLoggedOnTeamID(); $memberid = getLoggedOnMemberID(); if ($refereeid == "") { $refereeid = 0; } if ($division == "") { $division = "X"; } if ($oppositionid == "") { $oppositionid = 0; } if ($hometeamid == "") { $hometeamid = 0; } if ($leaguecup == "") { $leaguecup = "L"; }
$quoteid = $_POST['quoteid']; $id = $_POST['id']; $qty = $_POST['qty']; $unitprice = $_POST['unitprice']; $vatrate = $_POST['vatrate']; $vat = $_POST['vat']; $total = $_POST['total']; $productid = $_POST['productid']; if ($id == "") { $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}quoteitem " . "(quoteid, quantity, priceeach, vatrate, vat, linetotal, " . "productid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) " . "VALUES " . "({$quoteid}, '{$qty}', '{$unitprice}', {$vatrate}, '{$vat}', {$total}, " . "'{$productid}', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = mysql_query($qry); if (!$result) { logError($qry . " - " . mysql_error()); } } else { $qry = "UPDATE {$_SESSION['DB_PREFIX']}quoteitems SET " . "quantity = '{$qty}', " . "priceeach = '{$unitprice}', " . "vatrate = '{$vatrate}', " . "vat = '{$vat}', " . "linetotal = {$total}, " . "productid = '{$productid}', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$id}"; $result = mysql_query($qry); if (!$result) { logError($qry . " - " . mysql_error()); } } // $qry = "UPDATE {$_SESSION['DB_PREFIX']}quotes SET " . // "total = (SELECT SUM(B.total) FROM {$_SESSION['DB_PREFIX']}quoteitems B WHERE B.quoteid = $quoteid), " . // "depositrequired = ((SELECT SUM(B.total) FROM {$_SESSION['DB_PREFIX']}quoteitems B WHERE B.quoteid = $quoteid)), metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . // "WHERE id = $quoteid"; // $result = mysql_query($qry); // // if (! $result) { // logError($qry . " - " . mysql_error()); // } $qry = "SELECT A.*, B.description " . "FROM {$_SESSION['DB_PREFIX']}quoteitems A " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}product B " . "ON B.id = A.productid " . "WHERE A.quoteid = {$quoteid} " . "ORDER BY A.id";
$total = $_POST['total']; $paid = $_POST['paid']; $toaddress = mysql_escape_string($_POST['toaddress']); $deladdress = mysql_escape_string($_POST['deladdress']); $ourref = mysql_escape_string($_POST['ourref']); $yourref = mysql_escape_string($_POST['yourref']); $termsid = $_POST['termsid']; $contactid = $_POST['contactid']; $officeid = $_POST['officeid']; $depositamount = $_POST['depositamount']; $na = $_POST['na']; $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}quotes " . "(caseid, quotenumber, paymentnumber, paid, shippinghandling, paymentdate, total, " . "toaddress, deladdress, termsid, contactid, createddate, officeid, ourref, yourref, depositrequired," . "description, na, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) " . "VALUES " . "({$caseid}, '{$quotenumber}', '{$paymentnumber}', '{$paid}', {$shippinghandling}, '{$paymentdate}', {$total}, " . "'{$toaddress}', '{$deladdress}', '{$termsid}', {$contactid}, '{$quotedate}', {$officeid}, '{$ourref}', '{$yourref}', {$depositamount}," . "'{$description}', '{$na}', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = mysql_query($qry); if (!$result) { if (mysql_errno() == 1062) { $qry = "UPDATE {$_SESSION['DB_PREFIX']}quotes SET " . "quotenumber = '{$quotenumber}', " . "paymentnumber = '{$paymentnumber}', " . "ourref = '{$ourref}', " . "yourref = '{$yourref}', " . "shippinghandling = '{$shippinghandling}', " . "paymentdate = '{$paymentdate}', " . "depositrequired = {$depositamount}, " . "createddate = '{$quotedate}', " . "paid = '{$paid}', " . "total = {$total}, " . "toaddress = '{$toaddress}', " . "description = '{$description}', " . "deladdress = '{$deladdress}', " . "na = '{$na}', " . "termsid = {$termsid}, " . "contactid = {$contactid}, " . "officeid = {$officeid}, metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE caseid = {$caseid}"; $result = mysql_query($qry); if (!$result) { logError($qry . " - " . mysql_error()); } addAuditLog("Q", "U", $caseid); } else { logError($qry . " - " . mysql_error()); } } else { $id = mysql_insert_id(); addAuditLog("Q", "I", $caseid); } $qry = "SELECT id " . "FROM {$_SESSION['DB_PREFIX']}quotes " . "WHERE caseid = {$caseid}"; $json = new SQLProcessToArray(); echo json_encode($json->fetch($qry));
$result = mysql_query($qry); if ($result) { while ($member = mysql_fetch_assoc($result)) { $headerid = $member['id']; } } if ($headerid == 0) { $result = mysql_query("INSERT INTO {$_SESSION['DB_PREFIX']}applicationtables " . "(pageid, memberid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) " . "VALUES " . "({$pageid}, {$memberid}, NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"); $headerid = mysql_insert_id(); if (!$result) { logError("insert applicationtables:" . mysql_error()); } } $qry = "SELECT A.id " . "FROM {$_SESSION['DB_PREFIX']}applicationtablecolumns A " . "WHERE A.headerid = {$headerid} " . "AND A.columnindex = {$column} "; $result = mysql_query($qry); if ($result) { while ($member = mysql_fetch_assoc($result)) { $itemid = $member['id']; } } if ($itemid == 0) { $result = mysql_query("INSERT INTO {$_SESSION['DB_PREFIX']}applicationtablecolumns " . "(headerid, columnindex, width, label, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) " . "VALUES " . "({$headerid}, {$column}, {$width}, '{$label}', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"); if (!$result) { logError("insert applicationtablecolumns:" . mysql_error()); } } else { $result = mysql_query("UPDATE {$_SESSION['DB_PREFIX']}applicationtablecolumns " . "SET width = {$width}, " . "label = '{$label}', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$itemid}"); if (!$result) { logError("insert applicationtablecolumns:" . mysql_error()); } }
<?php //Include database connection details require_once 'system-db.php'; start_db(); initialise_db(); $quotationid = $_GET['id']; $memberid = getLoggedOnMemberID(); $qry = "SELECT A.id FROM {$_SESSION['DB_PREFIX']}documents A " . "WHERE A.sessionid = '" . session_id() . "' " . "AND A.id NOT IN (SELECT documentid FROM {$_SESSION['DB_PREFIX']}quotationdocs WHERE documentid = A.id) " . "ORDER BY A.id"; $result = mysql_query($qry); if (!$result) { logError($qry . " = " . mysql_error()); } while ($member = mysql_fetch_assoc($result)) { $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}quotationdocs " . "(quoteid, documentid, createddate, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) " . "VALUES " . "({$quotationid}, " . $member['id'] . ", NOW(), NOW(), {$memberid}, NOW(), {$memberid})"; $itemresult = mysql_query($qry); if (!$itemresult) { logError($qry . " = " . mysql_error()); } } $qry = "UPDATE {$_SESSION['DB_PREFIX']}documents " . "SET sessionid = NULL, metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE sessionid = '" . session_id() . "'"; $result = mysql_query($qry); if (!$result) { logError($qry . " = " . mysql_error()); } if (isset($_GET['refer'])) { header("location: " . base64_decode($_GET['refer'])); } else { header("location: " . $_SERVER['HTTP_REFERER']); }
<?php //Include database connection details require_once 'system-db.php'; require_once "sqlprocesstoarray.php"; start_db(); $quoteid = $_POST['quoteid']; $id = $_POST['id']; $qry = "SELECT caseid " . "FROM {$_SESSION['DB_PREFIX']}quotes B " . "WHERE B.id = {$quoteid}"; $result = mysql_query($qry); if ($result) { while ($member = mysql_fetch_assoc($result)) { $caseid = $member['caseid']; addAuditLog("Q", "U", $caseid); } } $qry = "DELETE FROM {$_SESSION['DB_PREFIX']}quoteitems " . "WHERE id = {$id}"; $result = mysql_query($qry); if (!$result) { logError($qry . " - " . mysql_error()); } $qry = "UPDATE {$_SESSION['DB_PREFIX']}quotes SET " . "total = (SELECT SUM(B.total) FROM {$_SESSION['DB_PREFIX']}quoteitems B WHERE B.quoteid = {$quoteid}), metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$quoteid}"; $result = mysql_query($qry); if (!$result) { logError($qry . " - " . mysql_error()); } $qry = "SELECT A.*, C.total AS headertotal, B.name " . "FROM {$_SESSION['DB_PREFIX']}quoteitems A " . "INNER JOIN {$_SESSION['DB_PREFIX']}quotes C " . "ON C.id = A.quoteid " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}invoiceitemtemplates B " . "ON B.id = A.templateid " . "WHERE A.quoteid = {$quoteid} " . "ORDER BY A.id"; $json = new SQLProcessToArray(); echo json_encode($json->fetch($qry));
<?php include "system-db.php"; start_db(); $siteid = getLoggedOnSiteID(); $takenbyid = getLoggedOnMemberID(); $sql = "INSERT INTO {$_SESSION['DB_PREFIX']}order \n\t\t\t(\n\t\t\t\tsiteid, orderdate, status, revision, takenbyid\n\t\t\t)\n\t\t\tVALUES\n\t\t\t(\n\t\t\t\t{$siteid}, CURDATE(), 0, 1, {$takenbyid}\n\t\t\t)"; $result = mysql_query($sql); if (!$result) { logError($sql . " = " . mysql_error()); } $orderid = mysql_insert_id(); for ($row = 0; $row < count($_POST['productid']); $row++) { $productid = $_POST['productid'][$row]; $qty = $_POST['qty'][$row]; if ($qty <= 0 || $productid == "" || $productid == "0") { continue; } $sql = "INSERT INTO {$_SESSION['DB_PREFIX']}frequentproducts \n\t\t\t\t(\n\t\t\t\t\tsiteid, productid, frequency\n\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t(\n\t\t\t\t\t{$siteid}, {$productid}, {$qty}\n\t\t\t\t)"; $result = mysql_query($sql); if (mysql_errno() == 1062) { $sql = "UPDATE {$_SESSION['DB_PREFIX']}frequentproducts SET\n\t\t\t\t\tfrequency = frequency + {$qty}\n\t\t\t\t\tWHERE siteid = {$siteid}\n\t\t\t\t\tAND productid = {$productid}"; $result = mysql_query($sql); if (!$result) { logError($sql . " = " . mysql_error()); } } else { if (!$result) { logError($sql . " = " . mysql_error()); } }
$tmpName = $_FILES['image']['tmp_name']; // Read the file $fp = fopen($tmpName, 'r'); $image = fread($fp, filesize($tmpName)); fclose($fp); // get the width and height $size = getimagesize($_FILES['image']['tmp_name']); $width = $size[0]; $height = $size[1]; $binimage = file_get_contents($_FILES['image']['tmp_name']); $image = mysql_real_escape_string($binimage); $filename = $_FILES['image']['name']; $description = $_POST['description']; $callback = $_POST['callback']; // mysql_real_escape_string $stmt = mysqli_prepare($link, "INSERT INTO {$_SESSION['DB_PREFIX']}images " . "(description, name, mimetype, image, imgwidth, imgheight, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) " . "VALUES " . "(?, ?, ?, ?, ?, ?, NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"); if (!$stmt) { logError('mysqli error: ' . mysqli_error($link)); } mysqli_stmt_bind_param($stmt, "ssssss", $description, $filename, $mimetype, $binimage, $width, $height); mysqli_stmt_execute($stmt); $imageid = $link->insert_id; header("location: " . $callback . "?imageid=" . $imageid); break; case 3: case 6: case 7: case 8: $result = "Error uploading {$filename}. Please try again."; break; case 4:
} $_SESSION['SESS_FIRST_NAME'] = $fname; $_SESSION['SESS_LAST_NAME'] = $lname; $_SESSION['SESS_IMAGE_ID'] = $imageid; $_SESSION['SESS_CUSTOMER_ID'] = $customerid; sendRoleMessage("ADMIN", "User Registration", "User " . $login . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome {$fname} {$lname}.</h3><br>You have been invited to become a member of 'iAfrica Database'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : {$login}<br>Password : "******"location: system-register-success.php"); } else { logError("1 Query failed:" . mysql_error()); } } else { $memberid = $_GET['id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET email = '{$email}', " . "firstname = '{$fname}', " . "lastname = '{$lname}', " . "customerid = {$customerid}, " . "imageid = {$imageid}, " . "lastaccessdate = NOW(), "; if (isset($_POST['postcode'])) { $qry .= "postcode = '{$postcode}', "; } $qry .= "passwd = '" . md5($password) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = " . $_GET['id']; $result = mysql_query($qry); if (!$result) { logError("UPDATE members failed:" . mysql_error()); } $_SESSION['SESS_FIRST_NAME'] = $fname; $_SESSION['SESS_LAST_NAME'] = $lname; $_SESSION['SESS_IMAGE_ID'] = $imageid; sendRoleMessage("ADMIN", "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>."); sendUserMessage($memberid, "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>."); header("location: system-register-amend.php"); } //Check whether the query was successful or not
<?php //Include database connection details require_once "sqlprocesstoarray.php"; $json = new SQLProcessToArray(); $id = $_POST['id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}messages SET status = 'R', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " WHERE id = {$id}"; $result = mysql_query($qry); $qry = "SELECT COUNT(*) AS messages " . "FROM {$_SESSION['DB_PREFIX']}messages A " . "WHERE A.to_member_id = " . getLoggedOnMemberID() . " " . "AND status = 'N'"; echo json_encode($json->fetch($qry));