function opendatabaseupdate()
{
// get user info from db.
$db = mysql_connect("localhost", "cobblest_markh", "jobs358");
mysql_select_db(getdbname(), $db);
return $db;
}
function opendatabaseupdate()
{
// get user info from db.
$db = mysql_connect($GLOBALS['dynamic_mysqlhost'], $GLOBALS['dynamic_mysqluser'], $GLOBALS['dynamic_mysqlpass']);
mysql_select_db(getdbname(), $db);
$myquery = "SET NAMES latin1";
if (!mysql_query($myquery)) {
DoError(1, "", mysql_error());
}
return $db;
}
exit;
} else {
//Make sure we have a match.
$thecatid = $thepage->gettablename() . "id";
$matchquery = "SELECT * FROM " . $thepage->gettablename() . " WHERE " . $thefield . "='" . $thefile . "' AND " . $thecatid . "='" . $indid . "'";
if ($validquery = mysql_query($matchquery)) {
if (mysql_num_rows($validquery) == 0) {
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/edit/index.php&message=nomatcherror" . $merror . "&indid=" . $indid;
header($headerloc);
unset($headerloc);
exit;
} else {
//Update the image file name to none.
$deletequery = "UPDATE " . $thepage->gettablename() . " SET " . $thefield . "='none' WHERE " . $thefield . "='" . $thefile . "' AND " . $thecatid . "='" . $indid . "'";
//Make sure the user deletion succeeded.
if (mysql_db_query(getdbname(), $deletequery, $db)) {
//Move on.
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/edit/index.php&message=dataerror&merror=" . $merror . $merror . "&indid=" . $indid;
header($headerloc);
unset($headerloc);
exit;
}
$thedeletefile = "../" . $thepage->getimagefolder() . $thefile;
//If we find the file, then we remove it.
if (is_file($thedeletefile)) {
unlink($thedeletefile);
}
//If we get this far, then we have succeeded, so let's go back to the appropriate view page...
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/edit/index.php&message=success" . $merror . "&indid=" . $indid;
$multicounter = 0;
for ($k = 0; $k < count($multiinstances); $k++) {
$multicounter++;
$tempinst = new multilink("", "", "", "", "", "", "");
$tempinst = $multiinstances[$k];
//If the user selected any, then go through them.
if (count($_POST['themultiples' . $multicounter]) > 0) {
//Go through the multiples.
for ($i = 0; $i < count($_POST['themultiples' . $multicounter]); $i++) {
$themultiple = $_POST['themultiples' . $multicounter][$i];
//First make sure there isn't already a record for this link.
if ($verifyquery = mysql_query("SELECT * FROM " . $tempinst->getmultilinktablename() . " WHERE " . $thepage->gettablename() . "id='{$theid}' && " . $tempinst->getmultitablename() . "id='{$themultiple}'")) {
if (mysql_num_rows($verifyquery) == 0) {
//Then add a rows to the table.
$multiaddquery = "INSERT INTO " . $tempinst->getmultilinktablename() . " (" . $tempinst->getmultilinktablename() . "id," . $thepage->gettablename() . "id, " . $tempinst->getmultitablename() . "id) VALUES ('0','{$theid}','{$themultiple}')";
if (mysql_db_query(getdbname(), $multiaddquery, $db)) {
//Success
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=dataerror&merror=" . $merror;
header($headerloc);
unset($headerloc);
exit;
}
}
} else {
DoError(1, "", mysql_error());
}
}
}
}
<?php
$qstr = getenv('QUERY_STRING');
parse_str($qstr);
include 'db.php';
$dbname = getdbname($season);
$max_pos = isset($team) ? null : 50;
$sql = <<<END
with
params as (select :lsel as league_select, :tsel as team_select, :max as max_pos),
innings_data as
(select b.player, b.balls, b.runs, b.wickets,
printf('%d%.15f%d/%d', b.wickets, 10 - (cast(b.runs as real) / b.balls), 999 - b.runs, b.runs) as sort_key
from bowling b, player p, team t, league l, params parms
where b.player = p.id
and p.team = t.id
and t.league = l.id
and (parms.league_select is null or instr(l.name, parms.league_select) <> 0)
and (parms.team_select is null or parms.team_select = t.id)
),
bowling_data as
(
select p.name as player_name, t.id as team_id, t.name as team_name,
sum(b.balls) as balls, sum(b.runs) as runs, sum(b.wickets) as wickets,
round(cast(sum(b.runs) as real) / sum(b.wickets), 2) as average, round(cast(sum(b.runs) * 6 as real) / sum(b.balls), 2) as economy, max(b.sort_key) as best,
printf('%d%.15f', sum(b.wickets) + 10, 10 - (cast(sum(b.runs) as real) / sum(b.balls))) as sort_key
from innings_data b, player p, team t
where b.player = p.id
and p.team = t.id
group by player)
select player_name, team_id, team_name, balls / 6 + 0.1 * (balls % 6) as overs,
$seclevel = 2;
}
if ($yesno != "full" || $seclevel != 1) {
header("Location: ../../index.php?page=files/index.php&message=loginerror");
exit;
} else {
//Now, we check for a proper match.
$uid = finduserid($cookie_id);
if ($checkquery = mysql_query("SELECT touserfileid FROM touserfile WHERE touserfileid='{$indid}' AND fromuser='******'")) {
$numcheck = mysql_num_rows($checkquery);
if ($numcheck == 0) {
header("Location: ../../index.php?page=files/index.php&message=nomatcherror");
exit;
} else {
//Finally we are ready for the archival.
$arcquery = "UPDATE touserfile SET archive='1' WHERE touserfileid='{$indid}' AND fromuser='******'";
//Make sure the user deletion succeeded.
if (mysql_db_query(getdbname(), $arcquery, $db)) {
//Move on.
} else {
header("Location: ../../index.php?page=files/index.php&message=dataerror");
exit;
}
header("Location: ../../index.php?page=files/index.php&message=archivesuccess");
}
} else {
header("Location: ../../index.php?page=files/index.php&message=dataerror");
exit;
}
}
mysql_close($db);
unset($headerloc);
exit;
}
//Now, we need to go through and clean out any files there were.
for ($i = 0; $i < count($imgarr); $i++) {
$thedeletefile = "../" . $thepage->getimagefolder() . $imgarr[$i];
//If we find the file, then we remove it.
if (is_file($thedeletefile)) {
unlink($thedeletefile);
}
unset($thedeletefile);
}
//And lastly, if there are any linked tables, we must take care of them.
if ($thepage->getallowmultilink()) {
$remquery = "DELETE FROM " . $thepage->getmultilinktablename() . " WHERE " . $thepage->gettablename() . "id='{$indid}'";
if (mysql_db_query(getdbname(), $remquery, $db)) {
//Move on.
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/index.php&message=dataerror&merror=" . $merror;
header($headerloc);
unset($headerloc);
exit;
}
}
//If we get this far, then we have succeeded, so let's go back to the appropriate view page...
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/index.php&message=success";
header($headerloc);
unset($headerloc);
}
} else {
$city = trim(addslashes($_POST['city']));
$postal = trim(addslashes($_POST['postal']));
$email = trim(addslashes($_POST['email']));
$province = $_POST['province'];
$password = trim($_POST['password']);
//Now edit the client.
$editquery = "UPDATE useraccount SET name='{$clientname}', address='{$address}', phone='{$phone}', city='{$city}', province='{$province}', postal='{$postal}', email='{$email}' WHERE useraccountid='{$indid}' AND whosclient='{$uid}'";
if (mysql_db_query(getdbname(), $editquery, $db)) {
//Move on.
} else {
header("Location: ../../index.php?page=clients/edit/index.php&message=dataerror&indid={$indid}");
exit;
}
//Then edit the client's login.
$editloginquery = "UPDATE userlogin SET username='******', password='******' WHERE useraccountid='{$indid}'";
if (mysql_db_query(getdbname(), $editloginquery, $db)) {
//Move on.
} else {
header("Location: ../../index.php?page=clients/edit/index.php&message=dataerror&indid={$indid}");
exit;
}
//If we get this far, then we have succeeded, so let's go back to the clients page...
header("Location: ../../index.php?page=clients/index.php&message=editsuccess");
}
} else {
header("Location: ../../index.php?page=clients/edit/index.php&message=dataerror&indid={$indid}");
exit;
}
}
//Close the database.
mysql_close($db);
$loginrow = mysql_fetch_array($validloginquery);
if (strcmp($username, $loginrow['username']) == 0 && strcmp($password, $loginrow['password']) == 0) {
session_start();
$cookie_id = $loginrow['staffloginid'];
$cookie_user = $loginrow['username'];
$cookie_pass = crypt($loginrow['password'], 'xx');
$_SESSION['cookie_id'] = $cookie_id;
$_SESSION['cookie_user'] = $cookie_user;
$_SESSION['cookie_pass'] = $cookie_pass;
//Now we grab the current time and IP Address.
$now = time();
$ip = $REMOTE_ADDR;
$updateid = $loginrow['staffloginid'];
$updateloginquery = "UPDATE stafflogin SET lastlogin='******', lastip='{$ip}' WHERE staffloginid='{$updateid}'";
//Make sure the update succeeded.
if (mysql_db_query(getdbname(), $updateloginquery, $db)) {
//Keep moving.
} else {
$theerror = mysql_error();
header("Location: index.php?message=dataerror&merror={$theerror}");
exit;
}
//Then we clear out.
header("Location: index.php");
} else {
header("Location: index.php?message=loginerror");
exit;
}
}
} else {
$theerror = mysql_error();
DoError(1, "", mysql_error());
}
}
}
//Now, we have to go through all the link records for this item. If there is one that was
//not selected this time, then the user must want to remove it. So it shall be.
//Run through all the instances.
if ($rquery = mysql_query("SELECT * FROM " . $tempinst->getmultilinktablename() . " WHERE " . $thepage->gettablename() . "id='{$indid}'")) {
if (mysql_num_rows($rquery) > 0) {
while ($rdata = mysql_fetch_array($rquery)) {
$tempid = $tempinst->getmultitablename() . "id";
if (!in_array($rdata[$tempid], $multitracker)) {
//Then remove the record.
$thedel = $rdata[$tempid];
$multiremovequery = "DELETE FROM " . $tempinst->getmultilinktablename() . " WHERE " . $tempinst->getmultitablename() . "id='{$thedel}' AND " . $thepage->gettablename() . "id='{$indid}'";
if (mysql_db_query(getdbname(), $multiremovequery, $db)) {
//Success
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=dataerror&merror=" . $merror;
header($headerloc);
unset($headerloc);
exit;
}
}
}
}
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=dataerror&merror=" . $merror;
header($headerloc);
$clientname = trim(addslashes($_POST['clientname']));
$address = trim(addslashes($_POST['address']));
$phone = trim(addslashes($_POST['phone']));
$city = trim(addslashes($_POST['city']));
$postal = trim(addslashes($_POST['postal']));
$email = trim(addslashes($_POST['email']));
$province = $_POST['province'];
$password = trim($_POST['password']);
$uid = finduserid($cookie_id);
//Now add the client.
$addquery = "INSERT INTO useraccount (useraccountid, name, address, phone, city, province, postal, email, whosclient) VALUES ('0','{$clientname}','{$address}','{$phone}','{$city}','{$province}','{$postal}','{$email}','{$uid}')";
if (mysql_db_query(getdbname(), $addquery, $db)) {
//Move on.
} else {
header("Location: ../../index.php?page=clients/add/index.php&message=dataerror");
exit;
}
$newid = mysql_insert_id();
//Now, insert the login information.
$addloginquery = "INSERT INTO userlogin (userloginid, useraccountid, username, password, lastlogin, lastip, seclevel) VALUES ('0','{$newid}','{$username}','{$password}','never','none','2')";
if (mysql_db_query(getdbname(), $addloginquery, $db)) {
//Move on.
} else {
header("Location: ../../index.php?page=clients/add/index.php&message=dataerror");
exit;
}
//If we get this far, then we have succeeded, so let's go back to the clients page...
header("Location: ../../index.php?page=clients/index.php&message=success");
}
//Close the database.
mysql_close($db);
//Now, we simply move the category to the new position and take the category in that position to the other position.
$updatequery = "UPDATE " . $thepage->gettablename() . " SET displayorder='{$towhat}' WHERE " . $thecatid . "='{$indid}'";
if (mysql_db_query(getdbname(), $updatequery, $db)) {
//Move on.
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/index.php&indid={$indid}&message=dataerror&merror=" . $merror;
header($headerloc);
unset($headerloc);
exit;
}
$old = $catdata['displayorder'];
$oldid = $olddata[$thecatid];
//Then change the other one.
$updateoldquery = "UPDATE " . $thepage->gettablename() . " SET displayorder='{$old}' WHERE " . $thecatid . "='{$oldid}'";
if (mysql_db_query(getdbname(), $updateoldquery, $db)) {
//Move on.
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/index.php&indid={$indid}&message=dataerror&merror=" . $merror;
header($headerloc);
unset($headerloc);
exit;
}
header("Location: ../../index.php?page=" . $thepage->getfoldername() . "/index.php&message=Record position successfully altered.");
}
} else {
$merror = mysql_error();
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/index.php&indid={$indid}&message=dataerror&merror=" . $merror;
header($headerloc);
unset($headerloc);