Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- include('../session.php');
- if($_SERVER["REQUEST_METHOD"] == "POST") {
- // Job.php
- if($_POST['action'] == 'editjob') {
- $id = $db->real_escape_string($_POST['id']);
- $status = $db->real_escape_string($_POST['status']);
- $pr = $db->real_escape_string($_POST['pr']);
- $job = $db->real_escape_string($_POST['job']);
- $affix = $db->real_escape_string($_POST['affix']);
- $area = $db->real_escape_string($_POST['area']);
- $date = $db->real_escape_string($_POST['date']);
- $tech = $db->real_escape_string($_POST['tech']);
- $cname = $db->real_escape_string($_POST['cname']);
- $phone1 = $db->real_escape_string($_POST['phone1']);
- $p1type = $db->real_escape_string($_POST['p1type']);
- $phone2 = $db->real_escape_string($_POST['phone2']);
- $p2type = $db->real_escape_string($_POST['p2type']);
- $email = $db->real_escape_string($_POST['email']);
- $caddress = $db->real_escape_string($_POST['caddress']);
- $scheduled = $db->real_escape_string($_POST['scheduled']);
- $calledby = $db->real_escape_string($_POST['calledby']);
- $permitnum = $db->real_escape_string($_POST['permitnum']);
- $permitcost = $db->real_escape_string($_POST['permitcost']);
- $ref = $db->real_escape_string($_POST['ref']);
- $billto = $db->real_escape_string($_POST['billto']);
- $descript = $db->real_escape_string($_POST['descript']);
- $query = "UPDATE jobs SET affix='$affix', status='$status', pr='$pr', date='$date', area='$area', tech='$tech', cname='$cname', phone1='$phone1', p1type='$p1type', phone2='$phone2', p2type='$p2type', email='$email', caddress='$caddress', scheduled='$scheduled', calledby='$calledby', permitnum='$permitnum', permitcost='$permitcost', ref='$ref', billto='$billto', descript='$descript' WHERE id='$id'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- } else {
- $error = "Job Updated.";
- }
- }
- if($_POST['action'] == 'deletejob') {
- $djid = $_POST['id'];
- $deletecust = "DELETE FROM jobs WHERE id = '$djid' LIMIT 1";
- $deletecustgo = $db->query($deletecust);
- if ($db->connect_error) {
- die("Connection failed: " . $db->connect_error);
- }
- header("location: ../joblist");
- }
- if($_POST['action'] == 'job-newnote') {
- $jobid = $db->real_escape_string($_POST['jobid']);
- $custid = $db->real_escape_string($_POST['custid']);
- $dt = date('Y-m-d H:i:s');
- $poster = $db->real_escape_string($_POST['poster']);
- $post = $db->real_escape_string($_POST['post']);
- $query = "INSERT into notes (jobid, custid, date, poster, post) VALUES('" . $jobid . "','" . $custid . "','" . $dt . "','" . $poster . "','" . $post . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'job-delnote') {
- $noteid = $db->real_escape_string($_POST['noteid']);
- $deletenote = "DELETE FROM notes WHERE id = '$noteid' LIMIT 1";
- $deletenotego = $db->query($deletenote);
- if ($db->connect_error) {
- die("Connection failed: " . $db->connect_error);
- }
- }
- // new-job.php
- if($_POST['action'] == 'newjob') {
- $jidl = $db->query("SELECT max(id) AS uid FROM jobs");
- $jid = $jidl->fetch_assoc();
- $uid = ++$jid['uid'];
- $status = $db->real_escape_string($_POST['status']);
- $pr = $db->real_escape_string($_POST['pr']);
- $job = $db->real_escape_string($_POST['job']);
- $affix = $db->real_escape_string($_POST['affix']);
- $area = $db->real_escape_string($_POST['area']);
- $date = $db->real_escape_string($_POST['date']);
- $tech = $db->real_escape_string($_POST['tech']);
- $cname = $db->real_escape_string($_POST['cname']);
- $phone1 = $db->real_escape_string($_POST['phone1']);
- $p1type = $db->real_escape_string($_POST['p1type']);
- $phone2 = $db->real_escape_string($_POST['phone2']);
- $p2type = $db->real_escape_string($_POST['p2type']);
- $email = $db->real_escape_string($_POST['email']);
- $caddress = $db->real_escape_string($_POST['caddress']);
- $descript = $db->real_escape_string($_POST['descript']);
- $scheduled = $db->real_escape_string($_POST['scheduled']);
- $calledby = $db->real_escape_string($_POST['calledby']);
- $permitnum = $db->real_escape_string($_POST['permitnum']);
- $permitcost = $db->real_escape_string($_POST['permitcost']);
- $ref = $db->real_escape_string($_POST['ref']);
- $billto = $db->real_escape_string($_POST['billto']);
- $query = "INSERT into jobs (id, status, pr, job, affix, area, date, tech, cname, phone1, p1type, phone2, p2type, email, caddress, descript, scheduled, calledby, permitnum, permitcost, ref, billto) VALUES('" . $uid . "','" . $status . "','" . $pr . "','" . $job . "','" . $affix . "','" . $area . "','" . $date . "','" . $tech . "','" . $cname . "','" . $phone1 . "','" . $p1type . "','" . $phone2 . "','" . $p2type . "','" . $email . "','" . $caddress . "','" . $descript . "','" . $scheduled . "','" . $calledby . "','" . $permitnum . "','" . $permitcost . "','" . $ref . "','" . $billto . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- } else {
- header("location: ../job?id=".$uid);
- }
- }
- // new-customer.php
- if($_POST['action'] == 'newcustomer') {
- $cidl = $db->query("SELECT max(id) AS nid FROM customer");
- $cid = $cidl->fetch_assoc();
- $nid = ++$cid['nid'];
- $customername = $db->real_escape_string($_POST['customername']);
- $billingaddress = $db->real_escape_string($_POST['billingaddress']);
- $city = $db->real_escape_string($_POST['city']);
- $province = $db->real_escape_string($_POST['province']);
- $postal = $db->real_escape_string($_POST['postal']);
- $phone1 = $db->real_escape_string($_POST['phone1']);
- $p1type = $db->real_escape_string($_POST['p1type']);
- $phone2 = $db->real_escape_string($_POST['phone2']);
- $p2type = $db->real_escape_string($_POST['p2type']);
- $email = $db->real_escape_string($_POST['email']);
- $query = "INSERT into customer (id, customername, billingaddress, city, province, postal, phone1, p1type, phone2, p2type, email) VALUES('" . $nid . "','" . $customername . "','" . $billingaddress . "','" . $city . "','" . $province . "','" . $postal . "','" . $phone1 . "','" . $p1type . "','" . $phone2 . "','" . $p2type . "','" . $email . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- } else {
- header("location: ../customer?id=".$nid);
- }
- }
- // customer.php
- if($_POST['action'] == 'editcustomer') {
- $id = $db->real_escape_string($_POST['id']);
- $customername = $db->real_escape_string($_POST['customername']);
- $billingaddress = $db->real_escape_string($_POST['billingaddress']);
- $city = $db->real_escape_string($_POST['city']);
- $province = $db->real_escape_string($_POST['province']);
- $postal = $db->real_escape_string($_POST['postal']);
- $phone1 = $db->real_escape_string($_POST['phone1']);
- $p1type = $db->real_escape_string($_POST['p1type']);
- $phone2 = $db->real_escape_string($_POST['phone2']);
- $p2type = $db->real_escape_string($_POST['p2type']);
- $email = $db->real_escape_string($_POST['email']);
- $standing = $db->real_escape_string($_POST['standing']);
- $query = "UPDATE customer SET customername='$customername', billingaddress='$billingaddress', city='$city', province='$province', postal='$postal', phone1='$phone1', p1type='$p1type', phone2='$phone2', p2type='$p2type', email='$email', standing='$standing' WHERE id='$id'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'deletecustomer') {
- $custid = $db->real_escape_string($_POST['id']);
- $deletecust = "DELETE FROM customer WHERE id = '$custid' LIMIT 1";
- $deletecustgo = $db->query($deletecust);
- if ($db->connect_error) {
- die("Connection failed: " . $db->connect_error);
- }
- header("location: ../customers");
- }
- if($_POST['action'] == 'customer-newnote') {
- $jobid = $db->real_escape_string($_POST['jobid']);
- $custid = $db->real_escape_string($_POST['custid']);
- $dt = date('Y-m-d H:i:s');
- $poster = $db->real_escape_string($_POST['poster']);
- $post = $db->real_escape_string($_POST['post']);
- $query = "INSERT into notes (jobid, custid, date, poster, post) VALUES('" . $jobid . "','" . $custid . "','" . $dt . "','" . $poster . "','" . $post . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'customer-delnote') {
- $noteid = $db->real_escape_string($_POST['noteid']);
- $deletenote = "DELETE FROM notes WHERE id = '$noteid' LIMIT 1";
- $deletenotego = $db->query($deletenote);
- if ($db->connect_error) {
- die("Connection failed: " . $db->connect_error);
- }
- }
- // invoice.php
- if($_POST['action'] == 'editinvoice') {
- $invid = $db->real_escape_string($_POST['invid']);
- $c_name = $db->real_escape_string($_POST['c_name']);
- $c_p1 = $db->real_escape_string($_POST['c_p1']);
- $c_p1t = $db->real_escape_string($_POST['c_p1t']);
- $c_p2 = $db->real_escape_string($_POST['c_p2']);
- $c_p2t = $db->real_escape_string($_POST['c_p2t']);
- $c_email = $db->real_escape_string($_POST['c_email']);
- $c_billing = $db->real_escape_string($_POST['c_billing']);
- $c_city = $db->real_escape_string($_POST['c_city']);
- $c_prov = $db->real_escape_string($_POST['c_prov']);
- $c_post = $db->real_escape_string($_POST['c_post']);
- $j_name = $db->real_escape_string($_POST['j_name']);
- $j_p1 = $db->real_escape_string($_POST['j_p1']);
- $j_p1t = $db->real_escape_string($_POST['j_p1t']);
- $j_email = $db->real_escape_string($_POST['j_email']);
- $j_address = $db->real_escape_string($_POST['j_address']);
- $j_area = $db->real_escape_string($_POST['j_area']);
- $j_permitnum = $db->real_escape_string($_POST['j_permitnum']);
- $j_descript = $db->real_escape_string($_POST['j_descript']);
- $j_ref = $db->real_escape_string($_POST['j_ref']);
- $j_tech = $db->real_escape_string($_POST['j_tech']);
- $invoicedesc = $db->real_escape_string($_POST['invoicedesc']);
- $invoicedate = $db->real_escape_string($_POST['invoicedate']);
- $paid = $db->real_escape_string($_POST['paid']);
- $customerid = $db->real_escape_string($_POST['customerid']);
- $jobid = $db->real_escape_string($_POST['jobid']);
- $query = "UPDATE invoices SET c_name='$c_name', c_p1='$c_p1', c_p1t='$c_p1t', c_p2='$c_p2', c_p2t='$c_p2t', c_email='$c_email', c_billing='$c_billing', c_city='$c_city', c_prov='$c_prov', c_post='$c_post',
- j_name='$j_name', j_p1='$j_p1', j_p1t='$j_p1t', j_email='$j_email', j_address='$j_address', j_area='$j_area', j_permitnum='$j_permitnum', j_descript='$j_descript', j_ref='$j_ref', j_tech='$j_tech', invoicedesc='$invoicedesc', invoicedate='$invoicedate',
- paid='$paid', customerid='$customerid', jobid='$jobid' WHERE invid='$invid'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'delinvoice') {
- $iid = $db->real_escape_string($_POST['id']);
- $deletecust = "DELETE FROM invoices WHERE invid = '$iid' LIMIT 1";
- $deletecustgo = $db->query($deletecust);
- if ($db->connect_error) {
- die("Connection failed: " . $db->connect_error);
- }
- header("location: ../invoices");
- }
- if($_POST['action'] == 'reloadcustomer') {
- $id = $db->real_escape_string($_POST['id']);
- $invid = $db->real_escape_string($_POST['invid']);
- $get_i = "UPDATE invoices t1 JOIN customer t2 ON t1.customerid = t2.id SET t1.c_name = t2.customername, t1.c_billing = t2.billingaddress, t1.c_city = t2.city, t1.c_prov = t2.province, t1.c_post = t2.postal, t1.c_p1 = t2.phone1, t1.c_p1t = t2.p1type, t1.c_p2 = t2.phone2, t1.c_p2t = t2.p2type, t1.c_email = t2.email WHERE t1.customerid='$id' AND t1.invid = '$invid'";
- $get_r = $db->query($get_i);
- }
- if($_POST['action'] == 'reloadjob') {
- $id = $db->real_escape_string($_POST['id']);
- $invid = $db->real_escape_string($_POST['invid']);
- $get_j = "UPDATE invoices t1 JOIN jobs t2 ON t1.jobid = t2.job SET t1.j_descript = t2.descript, t1.j_area = t2.area, t1.j_tech = t2.tech, t1.j_name = t2.cname, t1.j_address = t2.caddress, t1.j_permitnum = t2.permitnum, t1.j_ref = t2.ref, t1.j_email = t2.email, t1.j_p1 = t2.phone1, t1.j_p1t = t2.p1type WHERE t1.jobid='$id' AND t1.invid = '$invid'";
- $get_jr = $db->query($get_j);
- }
- if($_POST['action'] == 'newlabour') {
- $invid = $db->real_escape_string($_POST['invid']);
- $descript = $db->real_escape_string($_POST['descript']);
- $hours = $db->real_escape_string($_POST['hours']);
- $rate = $db->real_escape_string($_POST['rate']);
- $l_tax = $db->real_escape_string($_POST['l_tax']);
- $pretax = $hours * $rate;
- $taxrate = $l_tax / 100;
- $total = $pretax + ($pretax * $taxrate);
- $query = "INSERT into labour (invid, descript, hours, rate, l_tax, subtotal, total) VALUES('" . $invid . "','" . $descript . "','" . $hours . "','" . $rate . "','" . $l_tax . "','" . $pretax . "','" . $total . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'editlabour') {
- $lid = $db->real_escape_string($_POST['lid']);
- $descript = $db->real_escape_string($_POST['descript']);
- $hours = $db->real_escape_string($_POST['hours']);
- $rate = $db->real_escape_string($_POST['rate']);
- $l_tax = $db->real_escape_string($_POST['l_tax']);
- $pretax = $hours * $rate;
- $taxrate = $l_tax / 100;
- $total = $pretax + ($pretax * $taxrate);
- $query = "UPDATE labour SET descript='$descript', hours='$hours', rate='$rate', l_tax='$l_tax', subtotal='$pretax', total='$total' WHERE lid='$lid'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'dellabour') {
- $lid = $db->real_escape_string($_POST['lid']);
- $deletecust = "DELETE FROM labour WHERE lid = '$lid' LIMIT 1";
- $deletecustgo = $db->query($deletecust);
- if (!$deletecustgo) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'newpart') {
- $invid = $db->real_escape_string($_POST['invid']);
- $descript = $db->real_escape_string($_POST['descript']);
- $qty = $db->real_escape_string($_POST['qty']);
- $cost = $db->real_escape_string($_POST['cost']);
- $p_tax = $db->real_escape_string($_POST['p_tax']);
- $pretax = $qty * $cost;
- $taxrate = $p_tax / 100;
- $total = $pretax + ($pretax * $taxrate);
- $query = "INSERT into part (invid, descript, qty, cost, p_tax, subtotal, total) VALUES('" . $invid . "','" . $descript . "','" . $qty . "','" . $cost . "','" . $p_tax . "','" . $pretax . "','" . $total . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'editpart') {
- $pid = $db->real_escape_string($_POST['pid']);
- $descript = $db->real_escape_string($_POST['descript']);
- $qty = $db->real_escape_string($_POST['qty']);
- $cost = $db->real_escape_string($_POST['cost']);
- $p_tax = $db->real_escape_string($_POST['p_tax']);
- $pretax = $qty * $cost;
- $taxrate = $p_tax / 100;
- $total = $pretax + ($pretax * $taxrate);
- $query = "UPDATE part SET descript='$descript', qty='$qty', cost='$cost', p_tax='$p_tax', subtotal='$pretax', total='$total' WHERE pid='$pid'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'delpart') {
- $pid = $db->real_escape_string($_POST['pid']);
- $deletecust = "DELETE FROM part WHERE pid = '$pid' LIMIT 1";
- $deletecustgo = $db->query($deletecust);
- if (!$deletecustgo) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'newpayment') {
- $invid = $db->real_escape_string($_POST['invid']);
- $descript = $db->real_escape_string($_POST['descript']);
- $date = $db->real_escape_string($_POST['date']);
- $method = $db->real_escape_string($_POST['method']);
- $amount = $db->real_escape_string($_POST['amount']);
- $query = "INSERT into payments (invid, descript, date, method, amount) VALUES('" . $invid . "','" . $descript . "','" . $date . "','" . $method . "','" . $amount . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'editpayment') {
- $pa_id = $db->real_escape_string($_POST['pa_id']);
- $descript = $db->real_escape_string($_POST['descript']);
- $date = $db->real_escape_string($_POST['date']);
- $method = $db->real_escape_string($_POST['method']);
- $amount = $db->real_escape_string($_POST['amount']);
- $query = "UPDATE payments SET descript='$descript', date='$date', method='$method', amount='$amount' WHERE pa_id='$pa_id'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'delpayment') {
- $pa_id = $db->real_escape_string($_POST['pa_id']);
- $deletepayment = "DELETE FROM payments WHERE pa_id = '$pa_id' LIMIT 1";
- $deletepaymentgo = $db->query($deletepayment);
- if (!$deletepaymentgo) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'invoice-newnote') {
- $invid = $db->real_escape_string($_POST['invid']);
- $visible = $db->real_escape_string($_POST['visible']);
- $dt = date('Y-m-d H:i:s');
- $poster = $db->real_escape_string($_POST['poster']);
- $post = $db->real_escape_string($_POST['post']);
- $query = "INSERT into notes (invid, visible, date, poster, post) VALUES('" . $invid . "','" . $visible . "','" . $dt . "','" . $poster . "','" . $post . "')";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- }
- if($_POST['action'] == 'invoice-delnote') {
- $noteid = $db->real_escape_string($_POST['noteid']);
- $deletenote = "DELETE FROM notes WHERE id = '$noteid' LIMIT 1";
- $deletenotego = $db->query($deletenote);
- if ($db->connect_error) {
- die("Connection failed: " . $db->connect_error);
- }
- }
- // new-invoice.php
- if($_POST['action'] == 'newinvoice') {
- $c_name = $db->real_escape_string($_POST['c_name']);
- $c_p1 = $db->real_escape_string($_POST['c_p1']);
- $c_p1t = $db->real_escape_string($_POST['c_p1t']);
- $c_p2 = $db->real_escape_string($_POST['c_p2']);
- $c_p2t = $db->real_escape_string($_POST['c_p2t']);
- $c_email = $db->real_escape_string($_POST['c_email']);
- $c_billing = $db->real_escape_string($_POST['c_billing']);
- $c_city = $db->real_escape_string($_POST['c_city']);
- $c_prov = $db->real_escape_string($_POST['c_prov']);
- $c_post = $db->real_escape_string($_POST['c_post']);
- $j_name = $db->real_escape_string($_POST['j_name']);
- $j_p1 = $db->real_escape_string($_POST['j_p1']);
- $j_p1t = $db->real_escape_string($_POST['j_p1t']);
- $j_email = $db->real_escape_string($_POST['j_email']);
- $j_address = $db->real_escape_string($_POST['j_address']);
- $j_area = $db->real_escape_string($_POST['j_area']);
- $j_permitnum = $db->real_escape_string($_POST['j_permitnum']);
- $j_descript = $db->real_escape_string($_POST['j_descript']);
- $j_ref = $db->real_escape_string($_POST['j_ref']);
- $j_tech = $db->real_escape_string($_POST['j_tech']);
- $invoicedesc = $db->real_escape_string($_POST['invoicedesc']);
- $invoicedate = $db->real_escape_string($_POST['invoicedate']);
- $paid = $db->real_escape_string($_POST['paid']);
- $customerid = $db->real_escape_string($_POST['customerid']);
- $jobid = $db->real_escape_string($_POST['jobid']);
- $invoicenum = $db->real_escape_string($_POST['invoicenum']);
- $query = "INSERT INTO invoices SET c_name='$c_name', c_p1='$c_p1', c_p1t='$c_p1t', c_p2='$c_p2', c_p2t='$c_p2t', c_email='$c_email', c_billing='$c_billing', c_city='$c_city', c_prov='$c_prov', c_post='$c_post',
- j_name='$j_name', j_p1='$j_p1', j_p1t='$j_p1t', j_email='$j_email', j_address='$j_address', j_area='$j_area', j_permitnum='$j_permitnum', j_descript='$j_descript', j_ref='$j_ref', j_tech='$j_tech', invoicedesc='$invoicedesc', invoicedate='$invoicedate',
- paid='$paid', customerid='$customerid', jobid='$jobid', invoicenum='$invoicenum'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- $countinv = $db->query("SELECT max(invid) AS newinvid FROM invoices");
- $cjr = $countinv->fetch_assoc();
- header("location: ../invoice?id=".$cjr["newinvid"]);
- }
- // suser.php
- if($_POST['action'] == 'edit-auser') {
- $ID = $db->real_escape_string($_POST['ID']);
- $Username = $db->real_escape_string($_POST['Username']);
- $rawpass = $db->real_escape_string($_POST['Password']);
- if (!empty($rawpass)){
- $Password = hash('sha256', $rawpass);
- } else {
- $Password = "";
- }
- $Email = $db->real_escape_string(strtolower($_POST['Email']));
- $FirstName = $db->real_escape_string($_POST['FirstName']);
- $LastName = $db->real_escape_string($_POST['LastName']);
- $AddressCountry = $db->real_escape_string($_POST['AddressCountry']);
- $AddressLine1 = $db->real_escape_string($_POST['AddressLine1']);
- $AddressLine2 = $db->real_escape_string($_POST['AddressLine2']);
- $AddressCity = $db->real_escape_string($_POST['AddressCity']);
- $AddressRegion = $db->real_escape_string($_POST['AddressRegion']);
- $AddressPostal = $db->real_escape_string($_POST['AddressPostal']);
- $PhoneNumber = $db->real_escape_string($_POST['PhoneNumber']);
- $SecurityQuestion = $db->real_escape_string($_POST['SecurityQuestion']);
- $SecurityAnswer = $db->real_escape_string($_POST['SecurityAnswer']);
- $DOB = $db->real_escape_string($_POST['DOB']);
- $Permission = $db->real_escape_string($_POST['Permission']);
- $ListC = $db->real_escape_string($_POST['ListC']);
- $Banned = $db->real_escape_string($_POST['Banned']);
- if (!empty($Password)){
- $query = "UPDATE SPAccounts SET Password='$Password', Email='$Email', FirstName='$FirstName', LastName='$LastName', AddressCountry='$AddressCountry', AddressLine1='$AddressLine1', AddressLine2='$AddressLine2', AddressCity='$AddressCity', AddressRegion='$AddressRegion', AddressPostal='$AddressPostal', PhoneNumber='$PhoneNumber', SecurityQuestion='$SecurityQuestion', SecurityAnswer='$SecurityAnswer', DOB='$DOB', permission='$Permission', list='$ListC', Banned='$Banned' WHERE ID='$ID'";
- $success = $db->query($query);
- } else {
- $query = "UPDATE SPAccounts SET Email='$Email', FirstName='$FirstName', LastName='$LastName', AddressCountry='$AddressCountry', AddressLine1='$AddressLine1', AddressLine2='$AddressLine2', AddressCity='$AddressCity', AddressRegion='$AddressRegion', AddressPostal='$AddressPostal', PhoneNumber='$PhoneNumber', SecurityQuestion='$SecurityQuestion', SecurityAnswer='$SecurityAnswer', DOB='$DOB', permission='$Permission', list='$ListC', Banned='$Banned' WHERE ID='$ID'";
- $success = $db->query($query);
- }
- }
- if($_POST['action'] == 'del-auser') {
- $username = $db->real_escape_string($_POST['username']);
- if (!empty($username) && $username != SITE_ADMIN) {
- $query = "DELETE FROM SPAccounts WHERE Username='$username'";
- $success = $db->query($query);
- }
- header("location: ../edit-users");
- }
- // account.php
- if($_POST['action'] == 'edit-user') {
- $ID = $db->real_escape_string($_POST['ID']);
- $Username = $db->real_escape_string($_POST['Username']);
- $rawpass = $db->real_escape_string($_POST['Password']);
- if (!empty($rawpass)){
- $Password = hash('sha256', $rawpass);
- } else {
- $Password = "";
- }
- $Email = $db->real_escape_string(strtolower($_POST['Email']));
- $FirstName = $db->real_escape_string($_POST['FirstName']);
- $LastName = $db->real_escape_string($_POST['LastName']);
- $AddressCountry = $db->real_escape_string($_POST['AddressCountry']);
- $AddressLine1 = $db->real_escape_string($_POST['AddressLine1']);
- $AddressLine2 = $db->real_escape_string($_POST['AddressLine2']);
- $AddressCity = $db->real_escape_string($_POST['AddressCity']);
- $AddressRegion = $db->real_escape_string($_POST['AddressRegion']);
- $AddressPostal = $db->real_escape_string($_POST['AddressPostal']);
- $PhoneNumber = $db->real_escape_string($_POST['PhoneNumber']);
- $SecurityQuestion = $db->real_escape_string($_POST['SecurityQuestion']);
- $SecurityAnswer = $db->real_escape_string($_POST['SecurityAnswer']);
- $DOB = $db->real_escape_string($_POST['DOB']);
- if (!empty($Password)){
- $query = "UPDATE SPAccounts SET Password='$Password', Email='$Email', FirstName='$FirstName', LastName='$LastName', AddressCountry='$AddressCountry', AddressLine1='$AddressLine1', AddressLine2='$AddressLine2', AddressCity='$AddressCity', AddressRegion='$AddressRegion', AddressPostal='$AddressPostal', PhoneNumber='$PhoneNumber', SecurityQuestion='$SecurityQuestion', SecurityAnswer='$SecurityAnswer', DOB='$DOB' WHERE ID='$ID'";
- $success = $db->query($query);
- } else {
- $query = "UPDATE SPAccounts SET Email='$Email', FirstName='$FirstName', LastName='$LastName', AddressCountry='$AddressCountry', AddressLine1='$AddressLine1', AddressLine2='$AddressLine2', AddressCity='$AddressCity', AddressRegion='$AddressRegion', AddressPostal='$AddressPostal', PhoneNumber='$PhoneNumber', SecurityQuestion='$SecurityQuestion', SecurityAnswer='$SecurityAnswer', DOB='$DOB' WHERE ID='$ID'";
- $success = $db->query($query);
- }
- }
- // support.php
- if($_POST['action'] == 'new-ticket') {
- echo "New Ticket Invoked";
- $tid = $db->real_escape_string($_POST['tid']);
- $dt = date('Y-m-d H:i:s');
- $issue = $db->real_escape_string($_POST['issue']);
- $subject = $db->real_escape_string($_POST['subject']);
- $accountname = $db->real_escape_string($_POST['accountname']);
- $author = $db->real_escape_string($_POST['author']);
- $message = $db->real_escape_string($_POST['message']);
- $status = $db->real_escape_string($_POST['status']);
- if (!empty($message)) {
- $query = "INSERT INTO SPTickets SET tid='$tid', dt='$dt', issue='$issue', subject='$subject', accountname='$accountname', author='$author', message='$message', status='$status'";
- $success = $db->query($query);
- }
- if (!empty($status) && !empty($subject)) {
- $update = "UPDATE SPTickets SET status='$status', subject='$subject' WHERE tid='$tid'";
- $result = $db->query($update);
- }
- header('Location: ../view-ticket-'.$tid);
- }
- // stickets.php
- if($_POST['action'] == 'del-ticket') {
- $id = $db->real_escape_string($_POST['id']);
- $tid = $db->real_escape_string($_POST['tid']);
- if (!empty($id)) {
- $query = "DELETE FROM SPTickets WHERE id='$id'";
- $success = $db->query($query);
- if (!empty($_SERVER['HTTP_REFERER'])) {
- header("Location: ".$_SERVER['HTTP_REFERER']);
- } else {
- echo "No referrer.";
- }
- }
- if (!empty($tid)) {
- $query = "DELETE FROM SPTickets WHERE tid='$tid'";
- $success = $db->query($query);
- header("location: ../support");
- }
- }
- //signup.php
- if($_POST['action'] == 'new-user') {
- $Username = $db->real_escape_string($_POST['Username']);
- $rawpass = $db->real_escape_string($_POST['Password']);
- $Password = hash('sha256', $rawpass);
- $Email = $db->real_escape_string(strtolower($_POST['Email']));
- $FirstName = $db->real_escape_string($_POST['FirstName']);
- $LastName = $db->real_escape_string($_POST['LastName']);
- $AddressLine1 = $db->real_escape_string($_POST['AddressLine1']);
- $AddressLine2 = $db->real_escape_string($_POST['AddressLine2']);
- $AddressCity = $db->real_escape_string($_POST['AddressCity']);
- $AddressRegion = $db->real_escape_string($_POST['AddressRegion']);
- $AddressCountry = $db->real_escape_string($_POST['AddressCountry']);
- $AddressPostal = $db->real_escape_string($_POST['AddressPostal']);
- $PhoneNumber = $db->real_escape_string($_POST['PhoneNumber']);
- $SecurityQuestion = $db->real_escape_string($_POST['SecurityQuestion']);
- $SecurityAnswer = $db->real_escape_string($_POST['SecurityAnswer']);
- $DOB = $db->real_escape_string($_POST['DOB']);
- $hash = md5( rand(0,1000) );
- $dt = date('Y-m-d H:i:s');
- $query = "INSERT INTO SPAccounts SET Username='$Username', Password='$Password', Email='$Email', FirstName='$FirstName', LastName='$LastName', AddressCountry='$AddressCountry', AddressLine1='$AddressLine1', AddressLine2='$AddressLine2', AddressCity='$AddressCity', AddressRegion='$AddressRegion', AddressPostal='$AddressPostal', PhoneNumber='$PhoneNumber', SecurityQuestion='$SecurityQuestion', SecurityAnswer='$SecurityAnswer', DOB='$DOB', hash='$hash', CreationDate='$dt'";
- $success = $db->query($query);
- if (!$success) {
- die("Couldn't enter data: ".$db->error);
- }
- $message = '
- Thanks for signing up for '.SITE_TITLE.'.<br />
- Your account has been created, you can login to the game with the following credentials after you have activated your account by pressing the url below.<br />
- ----------------------------<br />
- Username: '.$Username.'<br />
- Password: '.$rawpass.'<br />
- ----------------------------<br />
- <br />
- Please click this link to activate your account:<br />
- '.SITE_URL.'verify.php?email='.$Email.'&hash='.$hash.'<br />
- <br />
- ';
- sendEmail($Email, $message, WELCOME_TOPIC.SITE_TITLE);
- header('Location: ../');
- }
- }
- echo "END OF HANDLER";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement