<?php error_reporting(E_ERROR | E_PARSE); //ini_set('display_errors',2); include $_SERVER['DOCUMENT_ROOT'] . "/inc/session.php"; //Define Page Values //$strThisPage = PAGE_SETTINGS; //check to see if user is logged in and an admin include __ROOT__ . PATH_ADMIN . "checklogin.php"; //$intUserID = DETECT_USERID; //Get QueryString Values $strDO = trim($_GET["do"]); //need a do case for authorizing here if ($strDO == "authorizeque") { $intQueID = funct_ScrubVars($_GET['queid']); //Get all post values, ckeck & clean them //get que info first $query = "SELECT * FROM " . TBL_TRANSACTIONS_QUE . " WHERE id = '" . $intQueID . "' "; //echo "SQL STMNT = " . $query . "<br>"; $rs = mysqli_query($DB_LINK, $query) or die(mysqli_error()); if (mysqli_num_rows($rs) > 0) { $row = mysqli_fetch_array($rs); $intTransactionID = $row["transaction_id"]; } //get transaction info $query = "SELECT * FROM " . TBL_TRANSACTIONS . " WHERE transaction_id = '" . $intTransactionID . "' "; //echo "SQL STMNT = " . $query . "<br>"; $rs = mysqli_query($DB_LINK, $query) or die(mysqli_error()); if (mysqli_num_rows($rs) > 0) { $row = mysqli_fetch_array($rs); //records found so get details so we can recreate the send
<?php $strDo = $_GET['do']; if ($strDo == "searchhud") { include $_SERVER['DOCUMENT_ROOT'] . "/inc/session.php"; //Get Form Post Data $strSearchText = funct_ScrubVars($_GET['searchtxt']); $strSearchText = mysqli_real_escape_string($DB_LINK, $strSearchText); $strSearchType = funct_ScrubVars($_GET['searchtype']); $strSearchType = mysqli_real_escape_string($DB_LINK, $strSearchType); if ($strSearchType == "name") { header('Location: ' . PATH_ADMIN . 'members.php?searchtype=' . $strSearchType . '&searchtxt=' . $strSearchText); die; } if ($strSearchType == "userid") { header('Location: ' . PATH_ADMIN . 'members.php?searchtype=' . $strSearchType . '&searchtxt=' . $strSearchText); die; } if ($strSearchType == "orderid") { header('Location: ' . PATH_ADMIN . 'orders.php?searchtype=' . $strSearchType . '&searchtxt=' . $strSearchText); die; } if ($strSearchType == "depositamt") { header('Location: ' . PATH_ADMIN . 'orders.php?searchtype=' . $strSearchType . '&searchtxt=' . $strSearchText); die; } } ?> <!--TOP NAVIGATION BAR--> <nav class="top-bar" data-topbar data-options="is_hover: false" style="background-color:#666666;">
if ($intUserID) { $query = "UPDATE " . TBL_USERS . " SET verification_id= verification_id + 1 WHERE id=" . $intUserID; //echo "SQL STMNT = " . $query . "<br>"; mysqli_query($DB_LINK, $query); } } echo "ok"; break; //!CASE $strDo "setstatus1" //!CASE $strDo "setstatus1" case "setstatus1": //we need user id, filename, file extension, orderid opt, from page $intUserID = funct_ScrubVars($_GET["userid"]); $intOrderID = funct_ScrubVars($_GET["orderid"]); $uploaded_file = __ROOT__ . PATH_UPLOADS . funct_ScrubVars($_GET["filename"]); $strFromPage = funct_ScrubVars($_GET["frompage"]); $intTime = time(); if (!$strFromPage) { $strFromPage = "receipts"; } if (!$intUserID) { $intUserID = DETECT_USERID; } if ($intUserID) { //Get User Data from DataBase $query = "SELECT * FROM " . TBL_USERS . " WHERE id = " . $intUserID; //echo "SQL STMNT = " . $query . "<br>"; $rs = mysqli_query($DB_LINK, $query) or die(mysqli_error()); $row = mysqli_fetch_array($rs); $Email = $row["email"]; $strFirstName = $row["first_name"];