print "<br>{$table}";
// clean up and reprint screen
$_REQUEST['switch'] = '1';
printform();
break;
case '6':
// revert to baseline db
createTables();
$_REQUEST['switch'] = '1';
print "<h5>The database has been restored to its default.</h5>";
printform();
break;
default:
createTables();
$_REQUEST['switch'] = '1';
printform();
}
}
function getSelect($name, $listVals)
{
include "variables.php";
include "db_connection_info.php";
$sel = "";
$sel = "<select name=\"{$name}\" >\n";
while ($row = mysql_fetch_assoc($listVals)) {
$first = 1;
foreach ($row as $index => $value) {
if ($first) {
$sel .= " <option value= \"{$value}\">";
} else {
$sel .= "{$value}</option> \n";
echo '<textarea cols=120 rows=40 name="text">' . $text . '</textarea><br><br>';
echo '<input type="submit" value="Сохранить">';
echo '</form>';
}
$list = true;
if (isset($_GET["theme"])) {
if ($_GET["theme"] == 'new') {
printform();
$list = false;
}
$theme = Filter::sql_string($_GET["theme"]);
$res = $pdo->query("SELECT * FROM travel WHERE sname = '" . $theme . "' LIMIT 1") or die(mysql_error());
if ($res->rowCount() > 0) {
foreach ($res as $row) {
if (intval($_GET["edit"]) == 1 && intval($_SESSION["uid"]) > 0) {
printform('edit', $row['id'], $row['sname'], $row['name'], $row['bdate'], $row['edate'], $row['visible'], $row['text']);
} else {
$bdate = strtotime($row['bdate']);
$edate = strtotime($row['edate']);
echo '<div class="pole">';
echo '<h1 class="main_title">' . $row['name'] . '</h1>';
echo '<p class="body_smaller">';
if ($bdate != $edate && $edate != strtotime("0000-00-00 00:00:00")) {
if (date('Y', $bdate) != date('Y', $edate)) {
echo date('j', $bdate) . ' ' . $month_r[date('n', $bdate) - 1] . ' ' . date('Y', $bdate);
echo ' ... ' . date('j', $edate) . ' ' . $month_r[date('n', $edate) - 1] . ' ' . date('Y', $edate);
} elseif (date('n', $bdate) != date('n', $edate)) {
echo date('j', $bdate) . ' ' . $month_r[date('n', $bdate) - 1];
echo ' ... ' . date('j', $edate) . ' ' . $month_r[date('n', $edate) - 1] . ' ' . date('Y', $edate);
} else {
echo date('j', $bdate) . '–' . date('j', $edate) . ' ' . $month_r[date('n', $edate) - 1] . ' ' . date('Y', $edate);
break;
case "LOGOUT":
session_name("login");
session_start();
session_unset();
session_destroy();
header("Location: IPBanner.php?ipbanmode=admin");
break;
case "DELETE":
session_name("login");
session_start();
if (!isvalid($_SESSION["Login"])){
if ($_SESSION["disp"]==0){ printform();$_SESSION["disp"]=1;}else{$_SESSION["disp"]=0;}
exit;
}
if ($_SESSION["disp"]==0){
$bannedIps = readips();
$bannedIps = RemoveArrayItem($bannedIps,$delindex);
rewritefile($bannedIps);
$_SESSION["disp"]=1;
}
else{
$_SESSION["disp"]=0;
actionpage();
}
break;
print "<h2>Database Error</h2><p>\n The system was unable to process your submission. The database returned the following error:<p>\n";
print mysql_error();
include 'footer.php';
exit;
}
# success! print the page (after the switch)
break;
case 'Edit':
if (empty($Complete)) {
$ValuesLookup = mysql_query("SELECT *\n FROM bulletins\n WHERE BulletinID = '{$BulletinID}'");
$Values = mysql_fetch_array($ValuesLookup);
$Text = eregi_replace("<BR>", "\n", $Values["Text"]);
$title = "Edit Bulletin";
include 'header.php';
print "Please change the values where appropriate. When complete, click <strong>Submit</strong>.<p>";
printform("{$BulletinID}", "{$Values['Priority']}", "{$Values['BeginDate']}", "{$Values['EndDate']}", "{$Values['Title']}", "{$Text}");
include 'footer.php';
exit;
}
$Text = nl2br($Text);
if (!mysql_query("UPDATE bulletins\n SET Priority='{$Priority}',\n BeginDate='{$BeginDate}',\n EndDate='{$EndDate}',\n Title='{$Title}',\n Text='{$Text}'\n WHERE BulletinID = '{$BulletinID}'")) {
$title = 'Database Error';
include 'header.php';
print "<h2>Database Error</h2>\n The system was unable to process your request. The database returned the following error:<p>\n";
print mysql_error();
include 'footer.php';
exit;
}
# Success. Now return to the admin menu...
break;
case 'Delete':
$CheckID = mysql_query("SELECT * FROM account WHERE AccountID = '{$AccountID}' AND AccountRenewalDate > CURDATE()");
print mysql_error();
if (mysql_num_rows($CheckID) == 0) {
print "The submitted Account Number is not active.";
include 'footer.php';
exit;
}
print "<h2> Advertisments for Account #{$AccountID}</h2>";
switch ($Function) {
case 'Add':
printform("{$AccountID}", '', '', '', '', '', '', '', '', '');
break;
case 'Edit':
$AdDetailLookup = mysql_query("SELECT * FROM advertisements WHERE AdID = '{$AdID}'");
$Ad = mysql_fetch_array($AdDetailLookup);
printform("{$AccountID}", "{$Ad['AdID']}", "{$Ad['CategoryID']}", "{$Ad['CategoryID2']}", "{$Ad['CategoryID3']}", "{$Ad['TradeType']}", "{$Ad['AdBeginDate']}", "{$Ad['AdExpiryDate']}", "{$Ad['AdName']}", "{$Ad['AdDescription']}");
break;
case 'Delete':
$AdLookup = mysql_query("SELECT AdName FROM advertisements WHERE AdID = '{$AdID}'");
$Ad = mysql_fetch_array($AdLookup);
print "Do you really want to delete the advertisement titled \"{$Ad['AdName']}\"?<p>\n\t\t\t\t\t\t<form action=admin_adentry.php method=POST>\n\t\t\t\t\t\t<input type=hidden name=AccountID value={$AccountID}>\n\t\t\t\t\t\t<input type=hidden name=Function value=ConfirmDelete>\n\t\t\t\t\t\t<input type=hidden name=AdID value='{$AdID}'>\n\t\t\t\t\t\t<input type=submit value='Yes'></form>\n\t\t\t\t\t\t<form action=admin_adentry.php method=POST>\n\t\t\t\t\t\t<input type=hidden name=AccountID value={$AccountID}>\n\t\t\t\t\t\t<input type=submit value='No'>\n";
include 'footer.php';
exit;
case 'ConfirmDelete':
mysql_query("DELETE FROM advertisements WHERE AdID = '{$AdID}'");
break;
case 'Process':
$AdName = addslashes("{$AdName}");
$AdDescription = addslashes("{$AdDescription}");
if (!empty($AdID)) {
$query = "UPDATE advertisements ";
$tool_content .= "<div class='alert alert-danger'>$langTheUser " . q($username) . " $langNotFound.</div>";
}
} else if (isset($_GET['delete'])) { // delete admin users
$aid = intval(getDirectReference($_GET['aid']));
if ($aid != 1) { // admin user (with id = 1) cannot be deleted
if (Database::get()->query("DELETE FROM admin WHERE admin.user_id = ?d", $aid)->affectedRows > 0) {
$tool_content .= "<div class='alert alert-success'>$langNotAdmin</div>";
} else {
$tool_content .= "<div class='alert alert-danger'>$langDeleteAdmin" . q($aid) . " $langNotFeasible</p>";
}
} else {
$tool_content .= "<div class='alert alert-danger'>$langCannotDeleteAdmin</div>";
}
}
$tool_content .= printform($langUsername);
$tool_content .= "<table class='table-default'>
<tr>
<th class='center'>ID</th>
<th>$langSurnameName</th>
<th>$langUsername</th>
<th class='center'>$langRole</th>
<th class='text-center'>" . icon('fa-gears') . "</th>
</tr>";
// Display the list of admins
Database::get()->queryFunc("SELECT id, givenname, surname, username, admin.privilege as privilege
FROM user, admin
WHERE user.id = admin.user_id
ORDER BY id", function ($row) use (&$tool_content, $langAdministrator, $langPowerUser, $langManageUser, $langManageDepartment, $themeimg, $langDelete) {
