die(""); } $name = ""; if ($pageid == "finishaddequip") { $name = $_POST['name']; $type = $_POST['type']; $serial = $_POST['serial']; $description = $_POST['description']; $max = $_POST['max']; $minuserlevel = $_POST['minuserlevel']; $checkoutfrom = $_POST['checkoutfrom']; } $message = ""; if ($name != "" && $serial != "" && $description != "" && $max != "" && $minuserlevel != "") { $target_path = "./pics/"; $new_name = $serial . "_" . basename($_FILES['image']['name']); $target_path = $target_path . $new_name; if (move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $message = "<font color=\"#005500\"><b>Successfully added new equipment!</b><br><br></font>"; require 'adminfunctions.php'; addEquipment($name, $type, $serial, $description, $max, $new_name, $minuserlevel, $checkoutfrom); } else { $message = "There was an error creating the equipment. (" + handleFileError($_FILES['image']['error']) + ")"; } } $users = "<select name=\"checkoutfrom\"><option value=\"-1\">None</option>"; $userresult = getAllUsersOrderByName(); while ($row = mysql_fetch_assoc($userresult)) { $users = $users . "<option value=\"" . $row['user_id'] . "\">" . $row['name'] . "</option>"; } echo "\r\n\t<center><h3>Add New Equipment</h3>" . $message . "</center>\r\n\r\n\t<form enctype=\"multipart/form-data\" action=\"./index.php?pageid=finishaddequip\" method=\"post\">\r\n\t<table class=\"newequip\">\r\n\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Information</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Name</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"name\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Type</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\">" . getEquipmentTypesDropDown("type", 1) . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Primary Serial Number</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"serial\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Checkout From</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\">" . $users . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Max Length (days)</td>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" size=4 name=\"max\"></td>\r\n\t\t\t<td class=\"centeredcell\"><b>Minimum User Level</b></td>\r\n\t\t\t<td class=\"centeredcell\">" . getUserLevelDropDown("minuserlevel") . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Image (250x250px)</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"15000000\">\r\n<input type=\"file\" name=\"image\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Description</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcell\"><textarea cols=50 rows=10 name=\"description\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\"><input type=\"submit\" value=\"Add\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\r\n\t</table>\r\n\t\r\n\t</form>";
<?php $timeStart = microtime(true); session_start(); ob_start(); if (empty($_SESSION)) { exit(header("Location: ../../index.php")); } require_once $_SESSION['File_Root'] . '/Kernel/Include.php'; require_once $_SESSION['File_Root'] . '/HTML/Header.php'; require_once 'Functions/SQL.php'; redirectToLogin($accountID, $linkRoot); redirectToBattle($verifyBattle, $linkRoot); $equipmentID = htmlspecialchars(addslashes($_POST['EquipmentID'])); $canBePurchased = canBePurchased($bdd, $equipmentID, $characterTownID); if ($canBePurchased == 1) { $number = verifyEquipment($bdd, $equipmentID, $characterID); if ($number <= 0) { $equipment = newEquipment($bdd, $equipmentID); addEquipment($bdd, $equipmentID, $characterID); $gold = $character->getGold() - $equipment->getPurchase(); updateCharacterGold($bdd, $gold, $characterID); } else { updateEquipment($bdd, $characterID, $equipmentID); } } else { echo "An error has surved"; } require_once $_SESSION['File_Root'] . '/HTML/Footer.php';
if (issetSessionVariable('user_level')) { if (getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) { } else { echo "Error: You don't have permissions to access this page!"; die(""); } } else { echo "Error: You don't have permissions to access this page!"; die(""); } $name = ""; if ($pageid == "finishaddequip") { $name = $_POST['name']; $serial = $_POST['serial']; $description = $_POST['description']; $max = $_POST['max']; $minuserlevel = $_POST['minuserlevel']; } $message = ""; if ($name != "" && $serial != "" && $description != "" && $max != "" && $minuserlevel != "") { $target_path = "./pics/"; $new_name = $serial . "_" . basename($_FILES['image']['name']); $target_path = $target_path . $new_name; if (move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $message = "<font color=\"#005500\"><b>Successfully added new equipment!</b><br><br></font>"; addEquipment($name, $serial, $description, $max, $new_name, $minuserlevel); } else { $message = "There was an error creating the equipment. (" + handleFileError($_FILES['image']['error']) + ")"; } } echo "\r\n\t<center><h3>Add New Equipment</h3>" . $message . "</center>\r\n\r\n\t<form enctype=\"multipart/form-data\" action=\"./index.php?pageid=finishaddequip\" method=\"post\">\r\n\t<table class=\"newequip\">\r\n\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Information</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Name</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"name\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Primary Serial Number</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"text\" size=30 name=\"serial\"></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Max Length (days)</td>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" size=4 name=\"max\"></td>\r\n\t\t\t<td class=\"centeredcell\"><b>Minimum User Level</b></td>\r\n\t\t\t<td class=\"centeredcell\">" . getUserLevelDropDown("minuserlevel") . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Image (250x250px)</td>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"15000000\">\r\n<input type=\"file\" name=\"image\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Description</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcell\"><textarea cols=50 rows=10 name=\"description\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\"><input type=\"submit\" value=\"Add\"></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\r\n\t</table>\r\n\t\r\n\t</form>";
echo '{"result": 0, "message": "Unknown command"}'; return; } $cmd = $_REQUEST['cmd']; switch ($cmd) { case 1: login(); break; case 2: userSignUp(); break; case 3: logout(); break; case 4: addEquipment(); break; case 5: getEquipments(); break; case 6: editEquipment(); break; case 7: deleteEquipment(); break; case 8: addLab(); break; case 9: getLabs();