<?php
echo $lang["Last modified:"];
?>
2007-08-22.
<a href="<?php
echo mergeGetUrlData($_GET, "?style=printer-friendly");
?>
"><?php
echo $lang["Printer-friendly version"];
?>
</a> <?php
echo $lang["of this page"];
?>
.
<a href="<?php
echo mergeGetUrlData($_GET, "?style=") != "" ? mergeGetUrlData($_GET, "?style=") : "?style=";
?>
"><?php
echo $lang["Default style version"];
?>
</a> <?php
echo $lang["of this page"];
?>
.
</div>
<div id="footer-text-right">
<!-- Nothing here -->
</div>
</div>
</div>
// Inclusion of configuration files
require_once "config.inc.php";
// Inclusion of libraries
require_once "db-connection.lib.php";
require_once "encode-decode.lib.php";
require_once "merge-get.lib.php";
require_once "session.lib.php";
// Override default language settings by session settings
if ($_SESSION["lang"]) {
include_once "lang/" . $_SESSION["lang"] . ".php";
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Checks if DB can be erased
if (!isset($_POST["security"]) || $_POST["security"] !== $_POST["hidden-security"]) {
header("Location: " . mergeGetUrlData($_GET, "error-database-clear.php"));
exit;
}
// The code is OK, erase the databases
$result = db_query($db, "DELETE FROM " . $config["ddDBPrefix"] . "sellers;");
$result = db_query($db, "DELETE FROM " . $config["ddDBPrefix"] . "books;");
// Redirects to confirmation page
header("Location: " . mergeGetUrlData($_GET, "database-cleared.php"));
exit;
// Checks if target seller ID exists in database
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (!is_null($result) && db_num_rows($result) > 0) {
// If yes, warns and redirects to this seller info page
header("Location: " . mergeGetUrlData($_GET, "error-duplicate-seller.php?key=" . $_POST["sellerid"]));
exit;
}
// Otherwise, delete previous table entry
$query_string = "DELETE FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper(db_encode($_POST["originalid"])) . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (is_null($result)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// And inserts new
$query_string = "INSERT INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';";
$result = db_query($db, $query_string);
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
} else {
// Replaces seller into database
$query_string = "REPLACE INTO " . $config["ddDBPrefix"] . "sellers SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "firstName = '" . db_encode($_POST["firstname"]) . "', " . "lastName = '" . db_encode($_POST["lastname"]) . "', " . "email = '" . db_encode($_POST["email"]) . "', " . "phone = '" . db_encode($_POST["phone"]) . "';";
$result = db_query($db, $query_string);
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
}
// Redirects to seller information page
header("Location: " . mergeGetUrlData($_GET, "seller-info.php?key=" . strtoupper($_POST["sellerid"])));
exit;
******************************************************************************/
// Inclusion of configuration files
require_once "config.inc.php";
// Inclusion of libraries
require_once "db-connection.lib.php";
require_once "encode-decode.lib.php";
require_once "merge-get.lib.php";
require_once "session.lib.php";
// Set language
include_once "lang.inc.php";
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
$flag = 0;
$whereclause = "";
foreach ($_POST as $key => $value) {
$flag++;
if ($value == "on") {
$whereclause .= "bookID = " . $key . " OR ";
}
}
$whereclause .= "1>2";
// Adds book into database
$timestamp = time();
$query_string = "UPDATE " . $config["ddDBPrefix"] . "books SET " . "status = 'returned', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' " . "WHERE " . $whereclause . " LIMIT " . $flag . ";";
$result = db_query($db, $query_string);
// Redirects to seller information page
header("Location: " . mergeGetUrlData($_GET, "seller-info.php?key=" . $_POST["key"]));
exit;
<?php
echo $lang["Last modified:"];
?>
2007-08-22.
<a href="<?php
echo mergeGetUrlData($_GET, "?style=printer-friendly");
?>
"><?php
echo $lang["Printer-friendly version"];
?>
</a> <?php
echo $lang["of this page"];
?>
.
<a href="<?php
echo mergeGetUrlData($_GET, "?style=") == "" ? "?style=" : mergeGetUrlData($_GET, "?style=");
?>
"><?php
echo $lang["Default style version"];
?>
</a> <?php
echo $lang["of this page"];
?>
.
</div>
<div id="footer-text-right">
<!-- Nothing here -->
</div>
</div>
</div>
MA 02110-1301, USA.
******************************************************************************/
// Inclusion of configuration files
require_once "config.inc.php";
// Inclusion of libraries
require_once "db-connection.lib.php";
require_once "encode-decode.lib.php";
require_once "merge-get.lib.php";
require_once "session.lib.php";
// Override default language settings by session settings
if ($_SESSION["lang"]) {
include_once "lang/" . $_SESSION["lang"] . ".php";
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Marks all the books as sold
for ($i = 1; $i <= 10; $i++) {
if ($_POST["bookid-" . $i] != "") {
$result = db_query($db, "UPDATE " . $config["ddDBPrefix"] . "books SET status = 'sold', lastUpdate = '" . date("Y-m-d H:i:s", time()) . "' WHERE bookID = " . db_encode($_POST["bookid-" . $i]) . " LIMIT 1;");
}
}
// Redirects to success page
header("Location: " . mergeGetUrlData($_GET, "book-sell-success.php"));
exit;
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Checks for valid data
if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") {
header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php"));
exit;
}
// Checks if seller exists in database (it must)
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . strtoupper($_POST["sellerid"]) . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (is_null($result) || db_num_rows($result) < 1) {
header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php"));
exit;
}
// Adds book into database
$timestamp = time();
$query_string = "INSERT INTO " . $config["ddDBPrefix"] . "books SET " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "', " . "title = '" . db_encode($_POST["title"]) . "', " . "author = '" . db_encode($_POST["author"]) . "', " . "bookYear = " . ($_POST["year"] == "" ? "NULL" : db_encode($_POST["year"])) . ", " . "price = " . db_encode(format_number($_POST["price"])) . ", " . "status = '" . db_encode($_POST["status"]) . "', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "';";
$result = db_query($db, $query_string);
// Gets book ID
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "books WHERE " . "sellerKey = '" . strtoupper(db_encode($_POST["sellerid"])) . "' AND " . "title = '" . db_encode($_POST["title"]) . "' AND " . "author = '" . db_encode($_POST["author"]) . "' AND " . "bookYear " . ($_POST["year"] == "" ? " IS NULL" : " = " . db_encode($_POST["year"])) . " AND " . "ABS(price - " . db_encode(format_number($_POST["price"])) . ") < 0.01 AND " . "status = '" . db_encode($_POST["status"]) . "' AND " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' LIMIT 1;";
$result = db_query($db, $query_string);
//echo $query_string;
$answer = db_fetch_assoc_array($result);
$bookid = $answer["bookID"];
// Sleeps for 1/2 second so that MySQL can add the record
usleep(500000);
// Redirects to book information page
header("Location: " . mergeGetUrlData($_GET, "book-info.php?bookid=" . db_decode($answer["bookID"])));
exit;
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, USA.
******************************************************************************/
// Inclusion of configuration files
require_once "config.inc.php";
// Inclusion of libraries
require_once "merge-get.lib.php";
// Override default language settings by session settings
if ($_SESSION["lang"]) {
include_once "lang/" . $_SESSION["lang"] . ".php";
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Checks username and password
if (isset($_POST["username"]) && isset($_POST["password"])) {
// Basic check; to be replaced later
if ($_POST["username"] == $config["adminlogin"] && $_POST["password"] == $config["adminpassword"]) {
// Login OK, starts session and puts session id
session_start();
$_SESSION["sessionid"] = "123";
// Bogus data
$_SESSION["lastclick"] = time();
// Redirects to main page
header("Location: " . mergeGetUrlData($_GET, "main.php"));
exit;
}
}
// Wrong identification
die("Bad login");
<a id="link-sellerbrowse" href="<?php
echo mergeGetUrlData($_GET, "seller-browse.php");
?>
"><?php
echo $lang["Browse sellers"];
?>
</a>
<a id="link-dbclear" href="<?php
echo mergeGetUrlData($_GET, "database-clear.php");
?>
"><?php
echo $lang["Clear database"];
?>
</a>
<a id="link-logout" href="<?php
echo mergeGetUrlData($_GET, "logout.php");
?>
"><?php
echo $lang["Logout"];
?>
</a>
</p>
</div>
</div>
</div>
<?php
include_once "footer.inc.php";
?>
if ($_SESSION["lang"]) {
include_once "lang/" . $_SESSION["lang"] . ".php";
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Connects to the database
$db = db_connect();
if (is_null($db)) {
die($lang["Error connecting to the database."] . $lang["MySQL says:"] . " " . db_error($db));
}
// Checks for valid data
if (!isset($_POST["sellerid"]) || trim($_POST["sellerid"]) == "") {
header("Location: " . mergeGetUrlData($_GET, "error-empty-seller.php"));
exit;
}
// Checks if seller exists in database (it must)
$query_string = "SELECT * FROM " . $config["ddDBPrefix"] . "sellers WHERE sellerKey = '" . $_POST["sellerid"] . "' LIMIT 1;";
$result = db_query($db, $query_string);
if (is_null($result) || db_num_rows($result) < 1) {
header("Location: " . mergeGetUrlData($_GET, "error-no-seller.php"));
exit;
}
// Adds book into database
$timestamp = time();
$query_string = "UPDATE " . $config["ddDBPrefix"] . "books SET " . "sellerKey = '" . db_encode($_POST["sellerid"]) . "', " . "title = '" . db_encode($_POST["title"]) . "', " . "author = '" . db_encode($_POST["author"]) . "', " . "bookYear = " . db_encode($_POST["year"]) . ", " . "price = " . db_encode(format_number($_POST["price"])) . ", " . "status = '" . db_encode($_POST["status"]) . "', " . "lastUpdate = '" . date("Y-m-d H:i:s", $timestamp) . "' " . "WHERE bookID = " . $_POST["bookid"] . " LIMIT 1;";
$result = db_query($db, $query_string);
// Redirects to book information page
header("Location: " . mergeGetUrlData($_GET, "book-info.php?bookid=" . $_POST["bookid"]));
exit;
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, USA.
******************************************************************************/
// Inclusion of configuration files
require_once "config.inc.php";
// Inclusion of libraries
require_once "merge-get.lib.php";
// Starts session
session_start();
// Override default language settings by session settings
if ($_SESSION["lang"]) {
include_once "lang/" . $_SESSION["lang"] . ".php";
}
// Override default language settings by URL settings
if ($_GET["lang"]) {
include_once "lang/" . $_GET["lang"] . ".php";
}
// Kills session
$_SESSION = array();
session_destroy();
// Redirects to login page
header("Location: " . mergeGetUrlData($_GET, "index.php"));
exit;
