<?php
include('../config.php');
include('../functions.php');
include('../classes/transactioncollection.class.php');
include('../classes/clientcollection.class.php');
include('../classes/isincollection.class.php');
include('../classes/securitycollection.class.php');
include('../classes/custodycollection.class.php');
loginAdmin();
if(!loggedAdmin())
header('location: index.php');
$transaction = new TransactionCollection();
$clients = ClientCollection::getClients();
$isins = IsinCollection::getIsins();
$collection = new SecurityCollection();
$isinCollection = new IsinCollection;
$accounts = CustodyCollection::getAccountsForClientByTransactionId(mysql_real_escape_string($_GET['id']));
if(exist($_POST['button']))
{
$result = TransactionCollection::updateTransaction();
}
else
{
TransactionCollection::loadTransaction();
$result = array();
}
include("$templates/menu.php");
$sSex = isset($_REQUEST['sex']) ? $_REQUEST['sex'] : "M";
$sAge = isset($_REQUEST['age']) ? $_REQUEST['age'] : "25";
$sPhoto = $sSex == "F" ? $sWomanImageUrl : $sManImageUrl;
getResult("REPLACE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `ID`='" . $sId . "', `Nick`='" . $sNick . "', `Sex`='" . $sSex . "', `Age`='" . $sAge . "', `Desc`='" . $sDesc . "', `Photo`='" . $sPhoto . "', `Profile`='" . $sProfileUrl . "', `Start`='" . $iCurrentTime . "', `When`='" . $iCurrentTime . "', `Status`='" . USER_STATUS_NEW . "'");
getResult("DELETE FROM `" . MODULE_DB_PREFIX . "RoomsUsers` WHERE `User`='" . $sId . "'");
$sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL);
$sContents .= parseXml(array(2 => '<user photo="#1#" profile="#2#" />'), $sPhoto, $sProfileUrl);
break;
/**
* Authorize user.
*/
/**
* Authorize user.
*/
case 'userAuthorize':
if (loginAdmin($sId, $sPassword) == TRUE_VAL) {
$aUserInfo = getUserInfo($sId, true);
$aUser = array('id' => $aUserInfo['id'], 'nick' => $aUserInfo['nick'], 'sex' => $aUserInfo['sex'], 'age' => $aUserInfo['age'], 'desc' => $aUserInfo['desc'], 'photo' => $aUserInfo['photo'], 'profile' => $aUserInfo['profile'], 'type' => CHAT_TYPE_ADMIN);
} elseif (loginUser($sId, $sPassword) == TRUE_VAL && ($bBanned = doBan("check", $sId)) != TRUE) {
$aUser = getUserInfo($sId);
$aUser['id'] = $sId;
$aUser['sex'] = $aUser['sex'] == 'female' ? "F" : "M";
$aUser['type'] = isUserAdmin($sId) ? CHAT_TYPE_ADMIN : CHAT_TYPE_FULL;
} else {
$sContents = parseXml($aXmlTemplates['result'], $bBanned ? "msgBanned" : "msgUserAuthenticationFailure", FAILED_VAL);
break;
}
$aUser = initUser($aUser);
$sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL);
$sContents .= parseXml($aXmlTemplates['user'], $aUser['id'], USER_STATUS_NEW, $aUser['nick'], $aUser['sex'], $aUser['age'], $aUser['desc'], $aUser['photo'], $aUser['profile'], $aUser['type'], USER_STATUS_ONLINE);
break;
$aFile = mysql_fetch_assoc($res);
$bResult = deleteFile($aFile["ID"]);
}
if ($bResult) {
$sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL);
}
break;
/**
* Delete files by admin
*/
/**
* Delete files by admin
*/
case 'deleteByAdmin':
$sContents = parseXml($aXmlTemplates['result'], "Error deleting files", FAILED_VAL);
if (!loginAdmin($sNick, $sPassword)) {
break;
}
$aFiles = empty($sFile) ? array() : explode(",", $sFile);
$sIn = count($aFiles > 0) ? " IN('" . implode("','", $aFiles) . "')" : " IN('0')";
$sQuery = "SELECT `ID` FROM `" . MODULE_DB_PREFIX . "Files` WHERE `ID`" . $sIn;
$sQuery1 = "DELETE FROM `" . MODULE_DB_PREFIX . "PlayLists` WHERE `FileId`" . $sIn;
$res = getResult($sQuery);
getResult($sQuery1);
$bResult = true;
for ($i = 0; $i < mysql_num_rows($res); $i++) {
$aFile = mysql_fetch_assoc($res);
$bResult = deleteFile($aFile["ID"]);
}
if ($bResult) {
$sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL);
doBan($sParamValue == TRUE_VAL ? 'ban' : 'unban', $sId);
$sContents = parseXml($aXmlTemplates['result'], TRUE_VAL);
} else {
$sContents = parseXml($aXmlTemplates['result'], FALSE_VAL);
}
break;
/**
* Changes user's type.
*/
/**
* Changes user's type.
*/
case 'changeType':
if (loginAdmin($sNick, $sPassword)) {
getResult("UPDATE `" . MODULE_DB_PREFIX . "Profiles` SET `Type`='" . $sType . "' WHERE `ID`='" . $sId . "'");
//--- For XML version only ---//
getResult("UPDATE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `Status`='" . USER_STATUS_TYPE . "', `When`=UNIX_TIMESTAMP() WHERE `ID`='" . $sId . "'");
$sContents .= parseXml($aXmlTemplates['result'], TRUE_VAL);
} else {
$sContents .= parseXml($aXmlTemplates['result'], FALSE_VAL);
}
break;
case 'kickUser':
if ($bAdmin && loginAdmin($sNick, $sPassword) || !$bAdmin && loginUser($sModeratorId, $sPassword) && getUserType($sModeratorId) == CHAT_TYPE_MODER) {
getResult("UPDATE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `Status`='" . USER_STATUS_KICK . "', `When`=UNIX_TIMESTAMP() WHERE `ID`='" . $sId . "'");
$sContents .= parseXml($aXmlTemplates['result'], TRUE_VAL);
} else {
$sContents .= parseXml($aXmlTemplates['result'], FALSE_VAL);
}
break;
}
if (loginAdmin($sNick, $sPassword) != TRUE_VAL) {
$sContents = parseXml($aXmlTemplates['result'], "Admin Authorization Failed", FAILED_VAL);
break;
}
$aEnabledFiles = explode(",", $sFile);
$aResult = refreshExtraFile($sWidget, $sFolderName, true, $sDefaultFile, $aEnabledFiles);
$sContents = parseXml($aXmlTemplates['result'], $aResult['value'], $aResult['status']);
break;
/**
* Authorization.
*/
/**
* Authorization.
*/
case 'adminAuthorize':
$sContents .= parseXml($aXmlTemplates['result'], loginAdmin($sNick, $sPassword));
break;
/**
* Gets all available widgets with necessary information.
*/
/**
* Gets all available widgets with necessary information.
*/
case 'getMyWidgets':
$rDirHandler = opendir($sModulesPath);
$aContents = array();
$aTitles = array();
while (($sInner = readdir($rDirHandler)) !== false) {
if (is_dir($sModulesPath . $sInner) && substr($sInner, 0, 1) != '.' && $sInner != 'global') {
if (isset($aModules)) {
unset($aModules);
require_once 'functions.php';
function createSalt()
{
$text = md5(uniqid(rand(), TRUE));
return substr($text, 0, 3);
}
$salt = createSalt();
$password = hash('sha256', $salt . $hash);
?>
<?php
$errorMessage = '';
if (isset($_POST['login'])) {
$errorMessage = ' ';
$username = $_POST['name'];
$password = $_POST['password'];
$result = loginAdmin($username, $password);
if ($result != '') {
$errorMessage = $result;
}
//$qry="SELECT * FROM member WHERE username='******' AND password='******'";
}
ob_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<link href="/st_peters/tms.css" rel="stylesheet" type="text/css" />
