$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Downloads','" . mysql_real_escape_string($_POST["id"]) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_DELETED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
} elseif ($_POST["postback"] == "DA") {
$var_list = "";
for ($i = 0; $i < count($_POST["chk"]); $i++) {
$var_list .= "'" . mysql_real_escape_string($_POST["chk"][$i]) . "',";
}
$var_list = substr($var_list, 0, -1);
if (validateDeletion($var_list) == true) {
$sql = "SELECT vURL FROM sptbl_downloads WHERE nDLId IN(" . $var_list . ")";
$rs_oldurl = executeSelect($sql, $conn);
while ($rowoldurl = mysql_fetch_array($rs_oldurl)) {
$oldurl = $rowoldurl['vURL'];
unlink("../" . $oldurl);
}
$sql = "delete from sptbl_downloads where nDLId IN(" . $var_list . ")";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
for ($i = 0; $i < count($_POST["chk"]); $i++) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Downloads','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())";
executeQuery($sql, $conn);
}
}
$var_id = "";
} else {
$var_message = "<font color=red>" . TEXT_LANGUAGE_FILE_MISSING . "<br>" . $var_message1 . "<br>" . $var_message2 . "<br>" . $var_message3 . "</font>";
$flag_msg = 'class="msg_error"';
}
} else {
$var_message = MESSAGE_RECORD_DUPLICATE;
$flag_msg = 'class="msg_error"';
}
} else {
$var_message = TEXT_INVALID_CODE;
$flag_msg = 'class="msg_error"';
}
}
} elseif ($_POST["postback"] == "D") {
if (validateDeletion($var_id) == true and $var_id != "en") {
$sql = "Delete from sptbl_lang where vLangCode='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Language','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_langCode = "";
$var_langDesc = "";
$var_id = "";
$var_message = MESSAGE_RECORD_DELETED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
$var_message = MESSAGE_RECORD_DELETED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
} elseif ($_POST["postback"] == "DA") {
$var_list = "";
for ($i = 0; $i < count($_POST["chk"]); $i++) {
if ($_POST["chk"][$i] != "en" and $_POST["chk"][$i] != $_SESSION["sess_defaultlang"]) {
$var_list .= "'" . mysql_real_escape_string($_POST["chk"][$i]) . "',";
}
}
$var_list = substr($var_list, 0, -1);
if (validateDeletion($var_list) == true and $var_list != "") {
$sql = "delete from sptbl_lang where vLangCode IN(" . $var_list . ")";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
for ($i = 0; $i < count($_POST["chk"]); $i++) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Language','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())";
executeQuery($sql, $conn);
}
}
$var_message = MESSAGE_RECORD_DELETED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
$var_refno = $var_row["vRefNo"];
$var_title = $var_row["vPNTitle"];
$var_notes = $var_row["tPNDesc"];
} else {
echo "<form name=\"frmRedirect\" action=\"\" method=\"\"> </form><script> document.frmRedirect.action=\"pernotes.php\" + \"?\" + \"mt=y&stylename=STYLEPERSONALNOTES&styleminus=minus4&styleplus=plus4&\"; document.frmRedirect.method=\"POST\"; document.frmRedirect.submit();</script>";
exit;
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = "class='msg_error'";
}
} elseif ($_POST["postback"] == "D") {
$var_title = trim($_POST["txtPerTitle"]);
$var_notes = trim($_POST["txtNotes"]);
$var_refno = trim($_POST["txtRefno"]);
$var_pdate = trim($_POST["txtDate"]);
$var_staff = trim($_POST["txtStaff"]);
if (validateDeletion() == true) {
$sql = "delete from sptbl_personalnotes where nPNId ='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Personal Notes','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_title = "";
$var_notes = "";
$var_refno = "";
$var_pdate = "";
$var_staff = "";
$var_message = MESSAGE_RECORD_DELETED;
$flag_msg = "class='msg_success'";
echo "<form name=\"frmRedirect\" action=\"\" method=\"\"> </form><script> document.frmRedirect.action=\"pernotes.php\" + \"?\" + \"mt=y&stylename=STYLEPERSONALNOTES&styleminus=minus4&styleplus=plus4&\"; document.frmRedirect.method=\"POST\"; document.frmRedirect.submit();</script>";
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
} elseif ($_POST["postback"] == "DA") {
$var_list = "'',";
for ($i = 0; $i < count($_POST["chk"]); $i++) {
if (mysql_real_escape_string($_POST["chk"][$i]) != "1") {
$var_list .= "'" . mysql_real_escape_string($_POST["chk"][$i]) . "',";
} else {
$var_new_flag = true;
}
}
$var_list = substr($var_list, 0, -1);
if ($var_list != "''" && validateDeletion($var_list) == true) {
$sql = "SELECT vCSSURL FROM sptbl_css WHERE nCSSId IN(" . $var_list . ")";
$rs_oldurl = executeSelect($sql, $conn);
while ($rowoldurl = mysql_fetch_array($rs_oldurl)) {
$oldurl = $rowoldurl['vCSSURL'];
//chmod("../".$oldurl,0777);
unlink("../" . $oldurl);
}
$sql = "delete from sptbl_css where nCSSId IN(" . $var_list . ")";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
for ($i = 0; $i < count($_POST["chk"]); $i++) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','CSS','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())";
executeQuery($sql, $conn);
}
$var_staffName = $_POST["txtStaffName"];
$var_staffLogin = $_POST["txtStaffLogin"];
$var_password = $_POST["txtPassword"];
$var_email = $_POST["txtEmail"];
$var_yim = $_POST["txtYim"];
$var_smsMail = $_POST["txtSmsMail"];
$var_mobile = $_POST["txtMobile"];
$var_cssId = $_POST["cmbCssId"];
$var_refreshRate = $_POST["cmbRefresh"];
$var_notifyAssign = $_POST["rdNotifyAssign"] == "1" ? $_POST["rdNotifyAssign"] : "0";
$var_notifyPvtMsg = $_POST["rdNotifyPvtMsg"] == "1" ? $_POST["rdNotifyPvtMsg"] : "0";
$var_notifyKB = $_POST["rdNotifyKB"] == "1" ? $_POST["rdNotifyKB"] : "0";
$var_watcher = $_POST["rdWatcher"] == "1" ? $_POST["rdWatcher"] : "0";
$var_notifyArrival = $_POST["rdNotifyArrival"] == "1" ? $_POST["rdNotifyArrival"] : "0";
$var_signature = $_POST["txtSignature"];
if (validateDeletion() == true and $var_id != "1") {
$sql = "Update sptbl_staffs set vDelStatus = '1' where nStaffId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Staff','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_staffName = "";
$var_staffLogin = "";
$var_password = "";
$var_email = "";
$var_yim = "";
$var_smsMail = "";
$var_mobile = "";
$var_cssId = "";
/* else {
$var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . "</font>";
}*/
} elseif ($_POST["postback"] == "D") {
$var_companyName = trim($_POST["txtCompanyName"]);
$var_address1 = trim($_POST["txtAddress1"]);
$var_address2 = trim($_POST["txtAddress2"]);
$var_city = trim($_POST["txtCity"]);
$var_state = trim($_POST["txtState"]);
$var_phone = trim($_POST["txtPhone"]);
$var_fax = trim($_POST["txtFax"]);
$var_email = trim($_POST["txtEmail"]);
$var_zip = trim($_POST["txtZip"]);
$var_contact = trim($_POST["txtContact"]);
$var_country = trim($_POST["cmbCountry"]);
if (validateDeletion($var_id) == true) {
$sql = "Update sptbl_companies set vDelStatus = '1' where nCompId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Company','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_companyName = "";
$var_address1 = "";
$var_address2 = "";
$var_city = "";
$var_state = "";
$var_phone = "";
$var_fax = "";
$var_email = "";