$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Downloads','" . mysql_real_escape_string($_POST["id"]) . "',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_DELETED; $flag_msg = 'class="msg_success"'; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; } } elseif ($_POST["postback"] == "DA") { $var_list = ""; for ($i = 0; $i < count($_POST["chk"]); $i++) { $var_list .= "'" . mysql_real_escape_string($_POST["chk"][$i]) . "',"; } $var_list = substr($var_list, 0, -1); if (validateDeletion($var_list) == true) { $sql = "SELECT vURL FROM sptbl_downloads WHERE nDLId IN(" . $var_list . ")"; $rs_oldurl = executeSelect($sql, $conn); while ($rowoldurl = mysql_fetch_array($rs_oldurl)) { $oldurl = $rowoldurl['vURL']; unlink("../" . $oldurl); } $sql = "delete from sptbl_downloads where nDLId IN(" . $var_list . ")"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { for ($i = 0; $i < count($_POST["chk"]); $i++) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Downloads','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())"; executeQuery($sql, $conn); } }
$var_id = ""; } else { $var_message = "<font color=red>" . TEXT_LANGUAGE_FILE_MISSING . "<br>" . $var_message1 . "<br>" . $var_message2 . "<br>" . $var_message3 . "</font>"; $flag_msg = 'class="msg_error"'; } } else { $var_message = MESSAGE_RECORD_DUPLICATE; $flag_msg = 'class="msg_error"'; } } else { $var_message = TEXT_INVALID_CODE; $flag_msg = 'class="msg_error"'; } } } elseif ($_POST["postback"] == "D") { if (validateDeletion($var_id) == true and $var_id != "en") { $sql = "Delete from sptbl_lang where vLangCode='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Language','" . mysql_real_escape_string($var_id) . "',now())"; executeQuery($sql, $conn); } $var_langCode = ""; $var_langDesc = ""; $var_id = ""; $var_message = MESSAGE_RECORD_DELETED; $flag_msg = 'class="msg_success"'; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"';
} $var_message = MESSAGE_RECORD_DELETED; $flag_msg = 'class="msg_success"'; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; } } elseif ($_POST["postback"] == "DA") { $var_list = ""; for ($i = 0; $i < count($_POST["chk"]); $i++) { if ($_POST["chk"][$i] != "en" and $_POST["chk"][$i] != $_SESSION["sess_defaultlang"]) { $var_list .= "'" . mysql_real_escape_string($_POST["chk"][$i]) . "',"; } } $var_list = substr($var_list, 0, -1); if (validateDeletion($var_list) == true and $var_list != "") { $sql = "delete from sptbl_lang where vLangCode IN(" . $var_list . ")"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { for ($i = 0; $i < count($_POST["chk"]); $i++) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Language','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())"; executeQuery($sql, $conn); } } $var_message = MESSAGE_RECORD_DELETED; $flag_msg = 'class="msg_success"'; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; }
$var_refno = $var_row["vRefNo"]; $var_title = $var_row["vPNTitle"]; $var_notes = $var_row["tPNDesc"]; } else { echo "<form name=\"frmRedirect\" action=\"\" method=\"\"> </form><script> document.frmRedirect.action=\"pernotes.php\" + \"?\" + \"mt=y&stylename=STYLEPERSONALNOTES&styleminus=minus4&styleplus=plus4&\"; document.frmRedirect.method=\"POST\"; document.frmRedirect.submit();</script>"; exit; $var_message = MESSAGE_RECORD_ERROR; $flag_msg = "class='msg_error'"; } } elseif ($_POST["postback"] == "D") { $var_title = trim($_POST["txtPerTitle"]); $var_notes = trim($_POST["txtNotes"]); $var_refno = trim($_POST["txtRefno"]); $var_pdate = trim($_POST["txtDate"]); $var_staff = trim($_POST["txtStaff"]); if (validateDeletion() == true) { $sql = "delete from sptbl_personalnotes where nPNId ='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Personal Notes','" . mysql_real_escape_string($var_id) . "',now())"; executeQuery($sql, $conn); } $var_title = ""; $var_notes = ""; $var_refno = ""; $var_pdate = ""; $var_staff = ""; $var_message = MESSAGE_RECORD_DELETED; $flag_msg = "class='msg_success'"; echo "<form name=\"frmRedirect\" action=\"\" method=\"\"> </form><script> document.frmRedirect.action=\"pernotes.php\" + \"?\" + \"mt=y&stylename=STYLEPERSONALNOTES&styleminus=minus4&styleplus=plus4&\"; document.frmRedirect.method=\"POST\"; document.frmRedirect.submit();</script>";
$flag_msg = 'class="msg_success"'; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; } } elseif ($_POST["postback"] == "DA") { $var_list = "'',"; for ($i = 0; $i < count($_POST["chk"]); $i++) { if (mysql_real_escape_string($_POST["chk"][$i]) != "1") { $var_list .= "'" . mysql_real_escape_string($_POST["chk"][$i]) . "',"; } else { $var_new_flag = true; } } $var_list = substr($var_list, 0, -1); if ($var_list != "''" && validateDeletion($var_list) == true) { $sql = "SELECT vCSSURL FROM sptbl_css WHERE nCSSId IN(" . $var_list . ")"; $rs_oldurl = executeSelect($sql, $conn); while ($rowoldurl = mysql_fetch_array($rs_oldurl)) { $oldurl = $rowoldurl['vCSSURL']; //chmod("../".$oldurl,0777); unlink("../" . $oldurl); } $sql = "delete from sptbl_css where nCSSId IN(" . $var_list . ")"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { for ($i = 0; $i < count($_POST["chk"]); $i++) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','CSS','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())"; executeQuery($sql, $conn); }
$var_staffName = $_POST["txtStaffName"]; $var_staffLogin = $_POST["txtStaffLogin"]; $var_password = $_POST["txtPassword"]; $var_email = $_POST["txtEmail"]; $var_yim = $_POST["txtYim"]; $var_smsMail = $_POST["txtSmsMail"]; $var_mobile = $_POST["txtMobile"]; $var_cssId = $_POST["cmbCssId"]; $var_refreshRate = $_POST["cmbRefresh"]; $var_notifyAssign = $_POST["rdNotifyAssign"] == "1" ? $_POST["rdNotifyAssign"] : "0"; $var_notifyPvtMsg = $_POST["rdNotifyPvtMsg"] == "1" ? $_POST["rdNotifyPvtMsg"] : "0"; $var_notifyKB = $_POST["rdNotifyKB"] == "1" ? $_POST["rdNotifyKB"] : "0"; $var_watcher = $_POST["rdWatcher"] == "1" ? $_POST["rdWatcher"] : "0"; $var_notifyArrival = $_POST["rdNotifyArrival"] == "1" ? $_POST["rdNotifyArrival"] : "0"; $var_signature = $_POST["txtSignature"]; if (validateDeletion() == true and $var_id != "1") { $sql = "Update sptbl_staffs set vDelStatus = '1' where nStaffId='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Staff','" . mysql_real_escape_string($var_id) . "',now())"; executeQuery($sql, $conn); } $var_staffName = ""; $var_staffLogin = ""; $var_password = ""; $var_email = ""; $var_yim = ""; $var_smsMail = ""; $var_mobile = ""; $var_cssId = "";
/* else { $var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . "</font>"; }*/ } elseif ($_POST["postback"] == "D") { $var_companyName = trim($_POST["txtCompanyName"]); $var_address1 = trim($_POST["txtAddress1"]); $var_address2 = trim($_POST["txtAddress2"]); $var_city = trim($_POST["txtCity"]); $var_state = trim($_POST["txtState"]); $var_phone = trim($_POST["txtPhone"]); $var_fax = trim($_POST["txtFax"]); $var_email = trim($_POST["txtEmail"]); $var_zip = trim($_POST["txtZip"]); $var_contact = trim($_POST["txtContact"]); $var_country = trim($_POST["cmbCountry"]); if (validateDeletion($var_id) == true) { $sql = "Update sptbl_companies set vDelStatus = '1' where nCompId='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Company','" . mysql_real_escape_string($var_id) . "',now())"; executeQuery($sql, $conn); } $var_companyName = ""; $var_address1 = ""; $var_address2 = ""; $var_city = ""; $var_state = ""; $var_phone = ""; $var_fax = ""; $var_email = "";