<?php
include '../config.php';
include '../function.php';
$alert = array();
$isSuccess = true;
if (isset($_POST)) {
$fhref = 'cancel_debtpayment.php';
$flogin = $_SESSION['login'];
$privCheck = privilegeCheck($mysqli, $fhref, $flogin['user_id']);
if ($privCheck['result'] == 'success') {
$go = true;
$currpagedata = $privCheck['data'];
$fid = $mysqli->real_escape_string(strtoupper($_POST['input']['id']));
$fdescription = $mysqli->real_escape_string($_POST['input']['description']);
// Checking Validation
if (strlen($fid) < 10) {
$alert[] = array('type' => 'danger', 'message' => 'Panjang Kode Pembayaran Utang minimal 10 karakter!');
$go = false;
}
if (strlen($fdescription) < 4) {
$alert[] = array('type' => 'danger', 'message' => 'Panjang Keterangan minimal 4 karakter!');
$go = false;
}
if ($go == true) {
$sQuery = "SELECT debtpayment_id FROM tdebtpayment WHERE debtpayment_id='{$fid}' AND debtpayment_status = 'posted'";
if ($sResult = $mysqli->query($sQuery)) {
if ($sResult->num_rows > 0) {
// Update Debt Status
$uQuery = "UPDATE tdebtpayment SET debtpayment_status = 'pending' WHERE debtpayment_id = '{$fid}' AND debtpayment_status = 'posted'";
if (!($uResult = $mysqli->query($uQuery))) {
<?php
include 'config.php';
include 'function.php';
$pagename = strtolower(getPageName());
$pagedata = array();
if ($pagename != '404.php') {
if (isset($_SESSION["login"])) {
/* Privilege Check */
$fuser_id = $mysqli->real_escape_string($_SESSION['login']['user_id']);
$privCheck = privilegeCheck($mysqli, $pagename, $fuser_id);
if ($privCheck['result'] == 'success') {
$pagedata = $privCheck['data'];
$fpageid = $pagedata['id'];
$flogindate = date("Y-m-d H:i:s");
$query = "UPDATE tuser SET user_status = 'Online', module_id = '{$fpageid}', user_accessdate = '{$flogindate}' WHERE user_id='{$fuser_id}'";
if (!($result = $mysqli->query($query))) {
printf("Errormessage: %s\n", $mysqli->error);
}
} else {
if ($privCheck['result'] == '404') {
header("Location: 404.php");
} else {
echo $privCheck['message'];
}
}
} else {
header("Location: login.php?err=1");
}
} else {
$pagedata = array('category' => '404', 'name' => 'Error Page');
">
<?php
echo $_SESSION['first_name'] . " " . $_SESSION['last_name'];
?>
</a>
</li>
<li>
<a href="./<?php
echo $url;
?>
logout">
Log out
</a>
</li>
<?php
if (privilegeCheck($mysqli, $_SESSION["id"]) == 0) {
?>
<li>
<a href="./admin.php">Admin</a>
</li>
<?php
}
?>
<?php
if (isUserVerified($mysqli, $_SESSION["id"])) {
?>
<li>
<a href="./CreateAdventure.php">Create Adventure</a>
</li>
<?php
<?php
$meta = array("<meta charset=\"UTF-8\">", "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">", "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">");
$css = array("css/bootstrap.min.css", "css/theme.min.css", "css/main.css");
$js = array("https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js", "js/main.js");
renderHeader("Admin Tools", $meta, $css, $js);
?>
<body>
<?php
require_once "../resources/templates/menu.php";
?>
<div class="container">
<div class="row">
<?php
if ($login->isUserLoggedIn() and isset($_SESSION['id']) and privilegeCheck($mysqli, $_SESSION['id']) == 0) {
?>
<h1>Hello Boss xD</h1>
<div id="admId" class="hidden"><?php
echo $_SESSION['id'];
?>
</div>
<h2>Vew users</h2>
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading" role="tab">
<h4 class="panel-title">
<a class="collapsed" id="usersTitle" role="button" data-toggle="collapse"
href="#usersPanel"
aria-expanded="false" aria-controls="usersPanel">Not verified users</a>
</h4>
if ($stmt) {
$cov = 1;
$stmt->bind_param("iissi", $userID, $adventure_id, $ext, $dateNow, $cov);
if ($stmt->execute()) {
$id = $stmt->insert_id;
$success = TRUE;
}
}
// On this example, obtain safe unique name from its binary data.
if ($success) {
if (!move_uploaded_file($photoFile['tmp_name'], sprintf('./img/contents/%s.%s', $id, $ext))) {
throw new RuntimeException('Failed to move uploaded file.');
}
} else {
echo "nothing inserted into db";
}
echo 'File is uploaded successfully.';
} catch (RuntimeException $e) {
echo $e->getMessage();
}
}
if (privilegeCheck($mysqli, $userID) != 0) {
$stmt = new mysqli_stmt($mysqli, "UPDATE users SET privilege = ? WHERE id = ? ");
if ($stmt) {
$priv = 1;
$stmt->bind_param("ii", $priv, $userID);
$stmt->execute();
}
}
$str = 'Location: ./adventure.php?id=' . $adventure_id;
header($str);
<?php
}
?>
<?php
}
?>
<?php
}
?>
<?php
if ($login->isUserLoggedIn() == true) {
if (privilegeCheck($mysqli, $_SESSION['id']) == 0 || $adventureUserID == $_SESSION['id']) {
?>
<!-- Trigger the modal with a button -->
<button type="button" class="btn btn-info btn-lg" data-toggle="modal" data-target="#myModal">Edit Info
</button>
<form class="form" name="upload_file" method="post" action="./php/upload_photo.php"
enctype="multipart/form-data">
<label class="label">upload photo</label>
<input class="" type="hidden" name="user_id" value="<?php
echo $_SESSION['id'];
?>
">
<input class="" type="hidden" name="adv_id" value="<?php
echo $adv_id;
?>
">
* Created by PhpStorm.
* User: piotr
* Date: 14/12/2015
* Time: 14:26
*/
require_once "../../resources/config.php";
require_once "./db_connect.php";
require_once "../../resources/library/functions.php";
// prepare result array
$result = array("success" => FALSE, "errors" => NULL);
if ($_POST['adminId']) {
// get POST data (ids)
$adminId = $_POST['adminId'];
$userToVerifyId = $_POST['userToVerifyId'];
// check if the admin is really the admin
if (privilegeCheck($mysqli, $adminId) == 0) {
// prepare stmt
$stmt = new mysqli_stmt($mysqli, "UPDATE users SET verified=? WHERE id = ?");
if ($stmt) {
$verified = 1;
$stmt->bind_param("ii", $verified, $userToVerifyId);
if ($stmt->execute()) {
$result['success'] = TRUE;
} else {
$result["errors"] = "user is not an admin";
}
}
} else {
$result["errors"] = "user is not an admin";
}
} else {
