Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //NOT MEANT TO BE LOADED BY BROWSER. ONLY AJAX CALLS.
- header('Cache-Control: no-cache, must-revalidate');
- header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
- header('Content-type: application/json');
- require("../util/sql.php");
- require("../util/usercheck.php");
- require("../util/json.php");
- require("../util/undo.php");
- isset($_SESSION['user']) or dieWithError("Not Logged On!");
- assertSuperuser() or dieWithError("Unauthorised!");
- isset($_GET['tab']) or dieWithError("Invalid Request!");
- $user = $_SESSION['user'];
- function mustBeSet($obj){
- isset($obj) or dieWithError("Invalid Request");
- return $obj;
- }
- switch($_GET['tab']){
- case 'csc': //country state city..
- $add = mysql_real_escape_string(mustBeSet($_GET['type']));
- switch($add){
- case 'addCountry':
- $country = mysql_real_escape_string(mustBeSet($_POST['country']));
- $res = mysql_query("insert into `country`(`Name`) values('$country');") or dieWithError("Unable to insert!");
- $id = mysql_insert_id();
- $undoId = addMySQLUndo("delete from `country` where Id=$id;");
- dieWithGoodResult(array("id"=>$id,"undoID"=>$undoId));
- case 'addState':
- $countryId = mysql_real_escape_string(mustBeSet($_POST['country_id']));
- $state = mysql_real_escape_string(mustBeSet($_POST['state']));
- $res = mysql_query("insert into `state`(`Name`,`CountryId`) values('$state',$countryId);") or dieWithError("Unable to insert!");
- $id = mysql_insert_id();
- $undoId = addMySQLUndo("delete from `state` where Id=$id;");
- dieWithGoodResult(array("id"=>$id, "undoID"=>$undoId));
- case 'addCity':
- $stateId = mysql_real_escape_string(mustBeSet($_POST['state_id']));
- $city = mysql_real_escape_string(mustBeSet($_POST['city']));
- $res = mysql_query("insert into `city`(`Name`,`StateId`) values('$city',$stateId);")or dieWithError("Unable to insert");
- $id = mysql_insert_id();
- $undoId = addMySQLUndo("delete from `city` where Id=$id;");
- dieWithGoodResult(array("id"=>$id, "undoID"=>$undoId));
- case 'addZone':
- $priId = mysql_real_escape_string(mustBeSet($_POST['pri_id']));
- $zone = mysql_real_escape_string(mustBeSet($_POST['zone']));
- $res = mysql_query("insert into `zone`(`PrimaryOrganizationID`,`Name`) values($priId,'$zone');")or dieWithError("Unable to insert");
- $id = mysql_insert_id();
- $undoId = addMySQLUndo("delete from `city` where Id=$id;");
- dieWithGoodResult(array("id"=>$id, "undoID"=>$undoId));
- case 'getCountries':
- $res = mysql_query("select `Id`,`Name` from `country`;") or dieWithError("Unable to retrieve");
- $arr = getAllRecords($res);
- dieWithGoodResult(array("records"=>$arr));
- case 'getStates':
- $countryId = mysql_real_escape_string(mustBeSet($_POST['country_id']));
- $res = mysql_query("select `Id`,`Name` from `state` where CountryId=$countryId;") or dieWithError("Unable to retrieve");
- $arr = getAllRecords($res);
- dieWithGoodResult(array("records"=>$arr));
- case 'getCities':
- $stateId = mysql_real_escape_string(mustBeSet($_POST['state_id']));
- $res = mysql_query("select `Id`,`Name` from `city` where StateId=$stateId;") or dieWithError("Unable to retrieve");
- $arr = getAllRecords($res);
- dieWithGoodResult(array("records"=>$arr));
- case 'getZones':
- $priId = mysql_real_escape_string(mustBeSet($_POST['pri_id']));
- $res = mysql_query("select * from `zone` where PrimaryOrganizationID=$priId;") or dieWithError("Unable to retrieve");
- $arr = getAllRecords($res);
- dieWithGoodResult(array("records"=>$arr));
- case 'getSecOrg':
- $priId = mysql_real_escape_string(mustBeSet($_POST['pri_id']));
- $res = mysql_query("select * from `secondaryorganizationmaster` where PrimaryOrganizationID=$priId and current=1;") or dieWithError("Unable to retrieve");
- $arr = getAllRecords($res);
- dieWithGoodResult(array("records"=>$arr));
- default:
- mustBeSet(null);
- }
- case 'pri':
- $name = mysql_real_escape_string(mustBeSet($_POST['pri_name']));
- if (isset($_POST['pri_id'])){
- $id = mysql_real_escape_string($_POST['pri_id']);
- if (!is_numeric($id))
- dieWithError("Id should be numeric!");
- $res = mysql_query("select * from `primaryorganizationmaster` where Id=$id;") or dieWithError("No such Id exists.");
- $row = mysql_fetch_array($res);
- $name = $row['Name'];
- }else{
- $res=mysql_query("insert into `primaryorganizationmaster`(`Name`,`CreatedBy`,`CreatedOn`,`Current`) values('$name','$user',NOW(),1);") or dieWithError("Unable to insert: " .mysql_error());
- $id = mysql_insert_id();
- $undoId = addMySQLUndo("delete from `primaryorganizationmaster` where Id=$id;");
- dieWithGoodResult(array("id"=>$id,"undoID"=>$undoId));
- }
- break;
- case 'SecOrg':
- switch(mustBeSet($_GET['type'])){
- case "update":
- $id = mysql_real_escape_string(mustBeSet($_POST['sec_id']));
- $newval = mysql_real_escape_string(mustBeSet($_POST['name']));
- if (!is_numeric($id))
- dieWithError("Id should be numeric!");
- $res = mysql_query("update secondaryorganizationmaster set Current=0 where Id=$id;") or dieWithError("No such Id exists.");
- $row = mysql_fetch_assoc(mysql_query("select * from secondaryorganizationmaster where Id=$id;"));
- $query = "insert into `secondaryorganizationmaster`(`PrimaryOrganizationID`, `Name`, `Country`, `State`, `City`, `Zone`, `Address`, `PostalCode`, `BoardLineNo`, `EmailAddress`, `CreatedBy`,`CreatedOn`,`Current`,`OriginalPK`) values({$row['PrimaryOrganizationID']}, '$newval', {$row['Country']}, {$row['State']}, {$row['City']}, {$row['Zone']}, '{$row['Address']}', '{$row['PostalCode']}', '{$row['BoardLineNo']}', '{$row['EmailAddress']}','{$user}',NOW(),1,{$row['OriginalPK']});";
- $res = mysql_query($query) or dieWithError("ERRRORORO!!");
- dieWithGoodResult(array());
- }
- case 'usr':
- $usrFname = mysql_real_escape_string(mustBeSet($_POST['usr_Fname']));
- $superuser= mustbeSet($_POST['usr_Su'])=="true"? "1":"0";
- $usrLname = mysql_real_escape_string(mustBeSet($_POST['usr_Lname']));
- $usrID = mysql_real_escape_string(mustBeSet($_POST['usr_Id']));
- $usrPassword = mysql_real_escape_string(mustBeSet($_POST['usr_Password']));
- $str = "insert into `usermaster`(`UserID`,`Password`,`Fname`,`Lname`,`Validity`,`SuperUser`,`CreatedBy`,`CreatedOn`)
- values ('$usrID','$usrPassword','$usrFname','$usrLname',365,$superuser,'$user',NOW());";
- //echo $str;
- $res = mysql_query($str); //validity,superuser missing
- mustBeSet($res,"Unable to insert!");
- dieWithGoodResult(array("id"=>$usrID));
- break;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement