/
updatecars.php
executable file
·113 lines (83 loc) · 4.16 KB
/
updatecars.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
if(IS_AJAX) {
//Request identified as ajax request
include('functions.php');
sqlconnect();
$username = mysql_real_escape_string($_GET[username]);
$id=mysql_real_escape_string($_GET[id]);
$action = mysql_real_escape_string($_GET[action]);
$closedate = mysql_real_escape_string($_GET[closedate]);
$opendate = mysql_real_escape_string($_GET[opendate]);
$msg = mysql_real_escape_string($_GET[msg]);
$locale = mysql_real_escape_string($_GET[locale]);
if ($action == "makeactive"){
$result = mysql_query("UPDATE autox_classifications SET `active` = '' WHERE `username` = '$username' AND `active` = 'Y'");
$result = mysql_query("UPDATE autox_classifications SET `active` = 'Y' WHERE `username` = '$username' AND `pk` = '$id'");
writelog($username, "Set car id $id active");
}
if ($action == "delcar"){
$result = mysql_query("UPDATE autox_classifications SET `active` = 'H' WHERE `username` = '$username' AND `pk` = '$id'");
$result = mysql_query("SELECT * from autox_classifications WHERE `username` = '$username' AND `active` != 'H'");
if (mysql_num_rows($result) == "1"){
$result = mysql_query("UPDATE autox_classifications SET `active` = 'Y' WHERE `username` = '$username' AND `active` != 'H'");
}
writelog($username, "Deleted car id $id");
}
if ($action == "renumber"){
$result = mysql_query("SELECT * from autox_numbers where `drivernumber` = '$id'");
while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
$assigned = $row[1];
}
if ($assigned == ""){
$result = mysql_query("UPDATE autox_numbers SET `username` = '' WHERE `username` = '$username'");
$result = mysql_query("UPDATE autox_numbers SET `username` = '$username' WHERE `drivernumber` = '$id'");
}
writelog($username, "Chose new number - $id");
}
if ($action == "copycar"){
$result = mysql_query("UPDATE autox_classifications SET `active` = '' WHERE `username` = '$username' AND `active` = 'Y'");
$result = mysql_query("SELECT * from autox_classifications where `pk` = '$id'") or die("Error: " . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
//$row = mysql_real_escape_string($row);
$car = mysql_real_escape_string($row[6]);
$mods = mysql_real_escape_string($row[7]);
$engine = mysql_real_escape_string($row[8]);
$bob = mysql_query("INSERT INTO autox_classifications VALUES('', '$username','$row[2]', '$row[3]','$row[4]','$row[5]','$car','$mods','$engine','$row[9]','$row[10]','Y','$row[12]')") or die("Error: " . mysql_error());
}
writelog($username, "Copied classification - duplicated car id $id");
}
if ($action == "adddate"){
$result = mysql_query("INSERT INTO autox_dates VALUES('', '$id', '$locale')") or die("Error: " . mysql_error());
writelog($username, "Admin added autox date $id @ $locale");
}
if ($action == "deldate"){
$result = mysql_query("DELETE FROM autox_dates WHERE `pk` = '$id'") or die("Error: " . mysql_error());
writelog($username, "Admin deleted autox date with id $id");
}
if ($action == "updatetimes"){
//echo"UPDATE autox_close SET `close` = '$closedate',`open` = '$opendate',`message` = '$msg' WHERE `pk` = '$id'";
$result = mysql_query("UPDATE autox_close SET `close` = '$closedate',`open` = '$opendate',`message` = '$msg' WHERE `pk` = '$id'") or die("Error: " . mysql_error());
}
if ($action == 'closesystem'){
$result = mysql_query("SELECT * from autox_closeoverride") or die("Error: " . mysql_error());
if (mysql_num_rows($result) > 0){
$bob = mysql_query("TRUNCATE TABLE autox_closeoverride") or die("Error: " . mysql_error());
} else {
$bob = mysql_query("INSERT INTO autox_closeoverride VALUES('close', '$id')") or die("Error: " . mysql_error());
}
writelog($username, "Admin closed the system");
}
if ($action == 'opensystem'){
$result = mysql_query("SELECT * from autox_closeoverride");
if (mysql_num_rows($result) > 0){
$bob = mysql_query("TRUNCATE TABLE autox_closeoverride");
} else {
$bob = mysql_query("INSERT INTO `autox_closeoverride` VALUES('open', '')") or die("Error: " . mysql_error());
}
writelog($username, "Admin opened the system");
}
} else {
echo"direct access prohibited";
}
?>