function writeLog($log, $errorMessage = null) { $conn = sqlConnectDefault(); if (is_null($conn)) { 1; // make error somewhere return; } if ($log['type'] == "0") { $insQ = new insertSQL($conn); $insQ->tableName = "visit_logs"; $insQ->cols = array("date", "url", "catid", "prodid", "ip", "userid"); $insQ->insertData = array(time(), $log['page'], $log['catid'], $log['prodid'], ip2long($_SERVER['REMOTE_ADDR']), $log['user']); if ($errorMessage) { $insQ->cols[] = "error"; $insQ->cols[] = "message"; $insQ->insertData[] = "1"; $insQ->insertData[] = $errorMessage; } if (!$insQ->executeQuery()) { 1; } // make error somewhere return; } }
// $statusMessage = makeStatusMessage(12,"error", "Already logged in."); // mysqli_close($conn); // return; // } $user = $conn->real_escape_string($_POST["email"]); $pass = $conn->real_escape_string($_POST["pass"]); $pass = md5($pass); $selQ = new selectSQL($conn); $selQ->select = array("id"); $selQ->tableNames = array("users"); $selQ->where = "user='******'"; if (!$selQ->executeQuery()) { $statusMessage = $selQ->status; mysqli_close($conn); return; } if ($selQ->getNumberOfResults() > 0) { $statusMessage = makeStatusMessage(13, "error"); mysqli_close($conn); return; } $insSQL = new insertSQL($conn); $insSQL->insertData = array($user, $pass, "0"); $insSQL->cols = array("user", "password", "access"); $insSQL->tableName = "users"; if (!$insSQL->executeQuery()) { $statusMessage = $insSQL->status; mysqli_close($conn); return; } include_once 'signin.php';
$statusMessage = makeStatusMessage(26, "succes"); } else { if (isset($_POST['discountid'])) { $delQ = new deleteSQL($conn); $delQ->tableName = "discounts"; $updQ = new updateSQL($conn); $updQ->update = "userid='" . $conn->real_escape_string($_POST['userid']) . "',categoryid='" . $conn->real_escape_string($_POST['catid']) . "',productid='" . $conn->real_escape_string($_POST['prodid']) . "',flat='" . $conn->real_escape_string($_POST['flat']) . "',percent='" . $conn->real_escape_string($_POST['percent']) . "',minprice='" . $conn->real_escape_string($_POST['minprice']) . "'"; $updQ->where = "id = " . $conn->real_escape_string($_POST['discountid']); if ($updQ->executeQuery()) { $statusMessage = makeStatusMessage(46, "success"); } else { $statusMessage = $updQ->status; } } else { if (isset($_POST['userid'])) { $insQ = new insertSQL($conn); $insQ->tableName = "discounts"; $insQ->insertData = array($conn->real_escape_string($_POST['userid'])); $insQ->cols = array("userid"); if (!empty($_POST['catid'])) { $insQ->insertData[] = $conn->real_escape_string($_POST['catid']); $insQ->cols[] = "categoryid"; } if (!empty($_POST['flat'])) { $insQ->insertData[] = $conn->real_escape_string($_POST['flat']); $insQ->cols[] = "flat"; } if (!empty($_POST['percent'])) { $insQ->insertData[] = $conn->real_escape_string($_POST['percent']); $insQ->cols[] = "percent"; }
$selQ->joinTypes = array("RIGHT OUTER JOIN"); $selQ->joins = array("u.id = i.userid"); $selQ->where = "u.id='" . $id . "'"; if (!$selQ->executeQuery()) { $statusMessage = $selQ->status; mysqli_close($conn); return; } if ($selQ->getNumberOfResults() > 1) { $statusMessage = $selQ->status; mysql_close($conn); return; } $row = $selQ->result->fetch_assoc(); if (is_null($row['iid'])) { $insQ = new insertSQL($conn); $insQ->insertData = array(); $insQ->cols = array("fname", "lname", "firm", "address", "city", "country", "email", "phone"); foreach ($insQ->cols as $c) { if (isset($_POST[$c]) && !empty($_POST[$c])) { $insQ->insertData[] = $conn->real_escape_string($_POST[$c]); } else { $insQ->insertData[] = ""; } } $insQ->cols[] = "userid"; $insQ->insertData[] = $id; $insQ->tableName = "user_info"; if ($insQ->executeQuery()) { $statusMessage = makeStatusMessage(10, "success"); } else {
$selQ->where = "userid = '" . $userid . "'"; if (!$selQ->executeQuery()) { $statusMessage = $selQ->status; mysqli_close($conn); return; } if ($selQ->getNumberOfResults() > 0) { $disQ = new updateSQL($conn); $disQ->tableName = "delivery_discounts"; $disQ->where = "userid = '" . $userid . "'"; $disQ->update = "type = '" . $type . "'"; if (isset($min)) { $disQ->update = " AND minprice = '" . $min . "'"; } } else { $disQ = new insertSQL($conn); $disQ->tableName = "delivery_discounts"; $disQ->cols = array("type", "userid"); $disQ->insertData = array($type, $userid); if (isset($mmin)) { $disQ->cols[] = "minprice"; $disQ->insertData[] = $min; } } if (!$disQ->executeQuery()) { $statusMessage = $disQ->status; mysqli_close($conn); return; } $statusMessage = makeStatusMessage(14, "success"); }
function insCat($conn) { require_once 'languageConfig.php'; $insQ = new insertSQL($conn); $insQ->insertData = array(); $insQ->cols = array(); foreach ($langArr as $l) { if (isset($_POST['names'][$l])) { $insQ->insertData[] = $conn->real_escape_string($_POST['names'][$l]); $insQ->cols[] = "name" . $l; } if (isset($_POST['desc'][$l])) { $insQ->insertData[] = $conn->real_escape_string($_POST['desc'][$l]); $insQ->cols[] = "desc" . $l; } } if (isset($_POST['imgUrl'])) { $insQ->insertData[] = $conn->real_escape_string($_POST['imgUrl']); $insQ->cols[] = "imgurl"; } if (isset($_POST['parentid'])) { $insQ->insertData[] = $conn->real_escape_string($_POST['parentid']); $insQ->cols[] = "parentid"; } $insQ->tableName = "categories"; if (!$insQ->executeQuery()) { $statusMessage = $insQ->status; } else { $selQid = new selectSQL($conn); $selQid->where = ""; foreach ($langArr as $l) { if (isset($_POST['names'][$l])) { $selQid->where = "name" . $l . " = '" . $conn->real_escape_string($_POST['names'][$l]) . "' OR "; } } $selQid->where = substr($selQid->where, 0, -4); $selQid->order = "id DESC"; $selQid->tableNames = array("categories"); $selQid->select = array("id"); if (!$selQid->executeQuery()) { $statusMessage = $selQid->status; } else { $row = $selQid->result->fetch_assoc(); $catid = $row['id']; $selQ = new selectSQL($conn); $selQ->select = array("name", "langDependant"); $selQ->tableNames = array("properties"); $tmp = array(); foreach ($_POST['fid'] as $f) { $tmp[] = $conn->real_escape_string($f); } $selQ->where = "id IN (" . arrToQueryString($tmp, null) . ")"; if (!$selQ->executeQuery() or $selQ->getNumberOfResults() == 0) { $statusMessage = makeStatusMessage(53, "error"); } else { $propsDef = array(); $propsLang = array(); while ($row = $selQ->result->fetch_assoc()) { if ($row['langDependant']) { $propsLang[] = $row['name']; } else { $propsDef[] = $row['name']; } } $ctQ = new createTableSQL($conn); $ctQ->cols = array(); $ctQ->cols[] = "infoid"; $ctQ->colTypes = array(); $ctQ->colTypes[] = "int(11) NOT NULL"; $ctQ->name = "products_" . $catid; if (count($propsDef)) { foreach ($propsDef as $pr) { $ctQ->cols[] = $pr; $ctQ->colTypes[] = "varchar(40) COLLATE utf8_unicode_ci DEFAULT NULL"; } if (!$ctQ->executeQuery()) { $statusMessage = $ctQ->status; mysqli_close($conn); return; } } if (count($propsLang)) { foreach ($langArr as $l) { unset($ctQ->cols); $ctQ->cols[] = "infoid"; unset($ctQ->colTypes); $ctQ->colTypes[] = "int(11) NOT NULL"; $ctQ->name = "products_" . $catid . "_" . $l; foreach ($propsLang as $pr) { $ctQ->cols[] = $pr . $l; $ctQ->colTypes[] = "varchar(40) COLLATE utf8_unicode_ci DEFAULT NULL"; } if (!$ctQ->executeQuery()) { $GLOBALS['statusMessage'] = $ctQ->status; mysqli_close($conn); return; } } } $insQ = new insertSQL($conn); $insQ->cols = array("catid", "propid"); $insQ->tableName = "props_to_prods"; foreach ($_POST['fid'] as $f) { $insQ->insertData = array($catid, $conn->real_escape_string($f)); if (!$insQ->executeQuery()) { $resultAddProps = true; } } if (isset($resultAddProps)) { $statusMessage = makeStatusMessage(103, "error"); } else { $statusMessage = makeStatusMessage(11, "success"); } } } } $GLOBALS['statusMessage'] = $statusMessage; }
function insProd($conn) { $catid = $conn->real_escape_string($_POST['catid']); require_once 'languageConfig.php'; $arr = getPropsForCat($conn, $catid, null, $langArr); if (!$arr) { return; } $propNamesDef = $arr['propNamesDef']; $propNamesDefld = $arr['propNamesDefld']; $propNames = $arr['propNames']; $propNamesld = $arr['propNamesld']; $insQdef = new insertSQL($conn); $insQdef->tableName = "products"; $insQdef->cols = array(); $insQdef->insertData = array(); foreach ($propNamesDef as $p) { if (isset($_POST[$p])) { $insQdef->cols[] = $p; $insQdef->insertData[] = $conn->real_escape_string($_POST[$p]); } } foreach ($propNamesDefld as $p) { foreach ($langArr as $l) { if (isset($_POST[$p][$l])) { $insQdef->cols[] = $p . $l; $insQdef->insertData[] = $conn->real_escape_string($_POST[$p][$l]); } } } if (!$insQdef->executeQuery()) { $GLOBALS['statusMessage'] = $insQdef->status; return; } $selQProp = new selectSQL($conn); $selQProp->tableNames = array("products"); $selQProp->select = array("id"); $selQProp->order = "id DESC"; if (!$selQProp->executeQuery()) { $GLOBALS['statusMessage'] = $selQProp->status; return; } $tmp = $selQProp->result->fetch_assoc(); $infoID = $tmp['id']; if (count($propNames)) { $insQ = new insertSQL($conn); $insQ->tableName = "products_" . $catid; $insQ->cols = array(); $insQ->cols[] = "infoid"; $insQ->insertData = array(); $insQ->insertData[] = $infoID; foreach ($propNames as $pn) { $tmpArr = explode(" as ", $pn); } //0 is what to insert, 1 is what to listen for $tmpArr[1] = str_replace(" ", "_", trim($tmpArr[1], "`")); if (isset($_POST[$tmpArr[1]])) { $insQ->cols[] = $tmpArr[0]; $insQ->insertData[] = $conn->real_escape_string($_POST[$tmpArr[1]]); } if (!$insQ->executeQuery()) { $GLOBALS['statusMessage'] = $insQ->status; return; } } if (count($propNamesld)) { foreach ($langArr as $l) { $insQld = new insertSQL($conn); $insQld->tableName = "products_" . $catid . "_" . $l; $insQld->cols = array("infoid"); $insQld->insertData = array($infoID); foreach ($propNamesld as $p) { $tmpArr = explode(" as ", $p); } //0 is what to insert, 1 is what to listen for $tmpArr[1] = str_replace(" ", "_", trim($tmpArr[1], "`")); if (isset($_POST[$tmpArr[1]][$l])) { $insQld->cols[] = $tmpArr[0] . $l; $insQld->insertData[] = $conn->real_escape_string($_POST[$tmpArr[1]][$l]); } if (!$insQld->executeQuery()) { $GLOBALS['statusMessage'] = $insQld->status; return; } } } $GLOBALS['statusMessage'] = makeStatusMessage(12, "success"); }