Location: PHPKode > projects > eCanteen > ecanteen/include/siteid.php
<? session_start();
	include("../include/constants.php");   mysql_free_result();
	$filter = "";
  $filterfield = "";
  $wholeonly = "";
  $order = "";
  $ordtype = "";

 ?>
<html>
<head>
<title>ecanteen -- siteid</title>
<meta name="generator" content="text/html">
<LINK REL="stylesheet" TYPE="text/css" HREF="maintain.css">
</head>
<body>
<table class="bd" width="100%"><tr><td class="hr"><h2>Site Manager</h2></td></tr></table>
<?
  if (!login()) exit;
?>
<div style="float: right"><a href="updatesupervisor.php?id=<?echo $_SESSION['supervisorid']; ?>"" target="_self">[Edit Account]</a> <a href="siteid.php?a=logout">[ Logout ]</a></div>
<br>
<?
  $conn = connect();
  $showrecs = 20;
  $pagerange = 10;

  $a = @$_GET["a"];
  $recid = @$_GET["recid"];
  if (isset($_GET["order"])) $order = @$_GET["order"];
  if (isset($_GET["type"])) $ordtype = @$_GET["type"];
  
  if (isset($_POST["order"])) $order = @$_POST["order"];
  if (isset($_POST["type"])) $ordtype = @$_POST["type"];

  if (isset($_POST["filter"])) $filter = @$_POST["filter"];
  if (isset($_POST["filter_field"])) $filterfield = @$_POST["filter_field"];
  $wholeonly = false;
  if (isset($_POST["wholeonly"])) $wholeonly = @$_POST["wholeonly"];

  if (!isset($order) && isset($_SESSION["order"])) $order = $_SESSION["order"];
  if (!isset($ordtype) && isset($_SESSION["type"])) $ordtype = $_SESSION["type"];
  if (!isset($filter) && isset($_SESSION["filter"])) $filter = $_SESSION["filter"];
  if (!isset($filterfield) && isset($_SESSION["filter_field"])) $filterfield = $_SESSION["filter_field"];

  $page = @$_GET["page"];
  if (!isset($page)) $page = 1;

  $sql = @$_POST["sql"];

  switch ($sql) {
    case "insert":
      sql_insert();
      break;
    case "update":
      sql_update();
      break;
  }

  switch ($a) {
    case "add":
      addrec();
      break;
    case "edit":
      editrec($recid);
      break;
    default:
      select();
      break;
  }

  if (isset($order)) $_SESSION["order"] = $order;
  if (isset($ordtype)) $_SESSION["type"] = $ordtype;
  if (isset($filter)) $_SESSION["filter"] = $filter;
  if (isset($filterfield)) $_SESSION["filter_field"] = $filterfield;
  if (isset($wholeonly)) $_SESSION["wholeonly"] = $wholeonly;

  mysql_close($conn);
?>
<table class="bd" width="100%"><tr><td class="hr"></td></tr></table>
</body>
</html>

<? function select()
  {
  global $a;
  global $showrecs;
  global $page;
  global $filter;
  global $filterfield;
  global $wholeonly;
  global $order;
  global $ordtype;


  if ($a == "reset") {
    $filter = "";
    $filterfield = "";
    $wholeonly = "";
    $order = "";
    $ordtype = "";
  }

  $checkstr = "";
  if ($wholeonly) $checkstr = " checked";
  if ($ordtype == "asc") { $ordtypestr = "desc"; } else { $ordtypestr = "asc"; }
  $res = sql_select();
  $count = sql_getrecordcount();
  if ($count % $showrecs != 0) {
    $pagecount = intval($count / $showrecs) + 1;
  }
  else {
    $pagecount = intval($count / $showrecs);
  }
  $startrec = $showrecs * ($page - 1);
  if ($startrec < $count) {mysql_data_seek($res, $startrec);}
  $reccount = min($showrecs * $page, $count);
  $fields = array(
    "SiteID" => "SiteID",
    "Site" => "Site",
    "Site Number" => "Site Number");
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">

<tr><td>Records shown <? echo $startrec + 1 ?> - <? echo $reccount ?> of <? echo $count ?></td></tr>
</table>
<hr size="1" noshade>
<form action="siteid.php" method="post">
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><b>Custom Filter</b>&nbsp;</td>
<td><input type="text" name="filter" value="<? echo $filter ?>"></td>
<td><select name="filter_field">
<option value="">All Fields</option>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
    if ($val == $filterfield) {$selstr = " selected"; } else {$selstr = ""; }
?>
<option value="<? echo $val ?>"<? echo $selstr ?>><? echo htmlspecialchars($caption) ?></option>
<? } ?>
</select></td>
<td><input type="checkbox" name="wholeonly"<? echo $checkstr ?>>Whole words only</td>
</td></tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="action" value="Apply Filter"></td>
<td><a href="siteid.php?a=reset">Reset Filter</a></td>
</tr>
</table>
</form>
<hr size="1" noshade>
<? showpagenav($page, $pagecount,$order,$ordtype); ?>
<br>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="100%">
<tr>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
?>
<td class="hr"><a class="hr" href="siteid.php?order=<? echo $val ?>&type=<? echo $ordtypestr ?>"><? echo htmlspecialchars($caption) ?></a></td>
<? } ?>
<td class="hr">&nbsp;</td>
</tr>
<?
  for ($i = $startrec; $i < $reccount; $i++)
  {
    $row = mysql_fetch_assoc($res);
    $style = "dr";
    if ($i % 2 != 0) {
      $style = "sr";
    }
?>
<tr>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
?>
<td class="<? echo $style ?>"><? echo htmlspecialchars($row[$val]) ?></td>
<? } ?>
<td class="<? echo $style ?>"><a href="siteid.php?a=edit&recid=<? echo $i ?>&order=<? echo $order ?>&type=<? echo $ordtype ?>">Edit</a></td>
</tr>
<?
  }
  mysql_free_result($res);
?>
</table>
<br>
<? showpagenav($page, $pagecount,$order,$ordtype); ?>
<? } ?>

<? function login()
{
  global $_POST;
  global $_SESSION;

  global $_GET;
  if (isset($_GET["a"]) && ($_GET["a"] == 'logout')) $_SESSION["logged_in"] = false;
  if (!isset($_SESSION["logged_in"])) $_SESSION["logged_in"] = false;
  if (!$_SESSION["logged_in"]) {
    $login = "";
    $password = "";
    if (isset($_POST["login"])) $login = @$_POST["login"];
    if (isset($_POST["password"])) $password = @$_POST["password"];

    if (($login != "") && ($password != "")) {
      $conn = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
      mysql_select_db(DB_NAME);
      $sql = "select `supervisorid`, `supervisorname`, `password`, `siteadminname`, `siteadminpw` from `supervisor` where `supervisorname`= '".$login."'";

      $res = mysql_query($sql, $conn) or die(mysql_error());
      $row = mysql_fetch_assoc($res) or $row = array(0 => "");;
      if (isset($row)) reset($row);
      
      $password=md5($password);

      if (isset($password) && ($password == mysql_result($res,0,"password"))) {
        $_SESSION["logged_in"] = true;
        $_SESSION["supervisorid"]=$row["supervisorid"];
        $_SESSION["siteadminname"]=$row["siteadminname"];
        $_SESSION["siteadminpw"]=$row["siteadminpw"];
    }
    else {
?>
<p><b><font color="-1">Sorry, the login/password combination you've entered is invalid</font></b></p>
<? } } }if (isset($_SESSION["logged_in"]) && (!$_SESSION["logged_in"])) { ?>
<form action="siteid.php" method="post">
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td>Login</td>
<td><input type="text" name="login" value="<? echo $login ?>"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" value="<? echo $password ?>"></td>
</tr>
<tr>
<td><input type="submit" name="action" value="Login"></td>
</tr>
</table>
</form>
<?
  }
  if (!isset($_SESSION["logged_in"])) $_SESSION["logged_in"] = false;
  return $_SESSION["logged_in"];
} ?>

<? function showroweditor($row)
  {
  global $conn;
?>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="50%">
<tr>
<td class="hr"><? echo htmlspecialchars("SiteID")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="SiteID" value="<? echo str_replace('"', '&quot;', trim($row["SiteID"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Site")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Site" maxlength="50" value="<? echo str_replace('"', '&quot;', trim($row["Site"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Site Number")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Site_Number" maxlength="50" value="<? echo str_replace('"', '&quot;', trim($row["Site Number"])) ?>"></td>
</tr>

</table>
<input type="hidden" name="order" value="<? echo $_GET["order"] ?>">
<input type="hidden" name="type" value="<? echo $_GET["type"] ?>">


<? } ?>

<? function showpagenav($page, $pagecount)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="siteid.php?a=add">Add Record</a>&nbsp;</td>
<? if ($page > 1) { ?>
<td><a href="siteid.php?page=<? echo $page - 1 ?>">&lt;&lt;&nbsp;Prev</a>&nbsp;</td>
<? } ?>
<?
  global $pagerange;

  if ($pagecount > 1) {

  if ($pagecount % $pagerange != 0) {
    $rangecount = intval($pagecount / $pagerange) + 1;
  }
  else {
    $rangecount = intval($pagecount / $pagerange);
  }
  for ($i = 1; $i < $rangecount + 1; $i++) {
    $startpage = (($i - 1) * $pagerange) + 1;
    $count = min($i * $pagerange, $pagecount);

    if ((($page >= $startpage) && ($page <= ($i * $pagerange)))) {
      for ($j = $startpage; $j < $count + 1; $j++) {
        if ($j == $page) {
?>
<td><b><? echo $j ?></b></td>
<? } else { ?>
<td><a href="siteid.php?page=<? echo $j ?>"><? echo $j ?></a></td>
<? } } } else { ?>
<td><a href="siteid.php?page=<? echo $startpage ?>"><? echo $startpage ."..." .$count ?></a></td>
<? } } } ?>
<? if ($page < $pagecount) { ?>
<td>&nbsp;<a href="siteid.php?page=<? echo $page + 1 ?>">Next&nbsp;&gt;&gt;</a>&nbsp;</td>
<? } ?>
</tr>
</table>
<? } ?>

<? function showrecnav($a, $recid, $count)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="siteid.php?order=<? echo $_GET["order"] ?>&type=<? echo $_GET["type"] ?>">Index Page</a></td>
<? if ($recid > 0) { ?>
<td><a href="siteid.php?a=<? echo $a ?>&recid=<? echo $recid - 1 ?>&order=<? echo $_GET["order"] ?>&type=<? echo $_GET["type"] ?>">Prior Record</a></td>
<? } if ($recid < $count) { ?>
<td><a href="siteid.php?a=<? echo $a ?>&recid=<? echo $recid + 1 ?>&order=<? echo $_GET["order"] ?>&type=<? echo $_GET["type"] ?>">Next Record</a></td>
<? } ?>
</tr>
</table>
<hr size="1" noshade>
<? } ?>

<? function addrec()
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="siteid.php">Index Page</a></td>
</tr>
</table>
<hr size="1" noshade>
<form action="siteid.php" method="post">
<p><input type="hidden" name="sql" value="insert"></p>
<?
$row = array(
  "SiteID" => "",
  "Site" => "",
  "Site Number" => "");
showroweditor($row)
?>
<p><input type="submit" name="action" value="Post"></p>
</form>
<? } ?>
<? function editrec($recid)
{

  $res = sql_select();
  $count = sql_getrecordcount();
  mysql_data_seek($res, $recid);
  $row = mysql_fetch_assoc($res);
  showrecnav("edit", $recid, $count);
?>
<br>
<form action="siteid.php" method="post">
<input type="hidden" name="sql" value="update">
<input type="hidden" name="xSiteID" value="<? echo $row["SiteID"] ?>">
<? showroweditor($row) ?>
<p><input type="submit" name="action" value="Post"></p>
</form>
<?
  mysql_free_result($res);
} ?>

<? function connect()
{
  $conn = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
      mysql_select_db(DB_NAME);
  return $conn;
}

function sqlvalue($val, $quote)
{
  if ($quote)
    $tmp = sqlstr($val);
  else
    $tmp = $val;
  if ($tmp == "")
    $tmp = "NULL";
  elseif ($quote)
    $tmp = "'".$tmp."'";
  return $tmp;
}

function sqlstr($val)
{
  return str_replace("'", "''", $val);
}

function sql_select()
{
  global $conn;
  global $order;
  global $ordtype;
  global $filter;
  global $filterfield;
  global $wholeonly;

  $filterstr = sqlstr($filter);
  if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
  $sql = "select `SiteID`, `Site`, `Site Number` from `siteid`";
  if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
    $sql .= " where " .sqlstr($filterfield) ." like '" .$filterstr ."'";
  } elseif (isset($filterstr) && $filterstr!='') {
    $sql .= " where (`SiteID` like '" .$filterstr ."') or (`Site` like '" .$filterstr ."') or (`Site Number` like '" .$filterstr ."')";
  }
  if (isset($order) && $order!='') $sql .= " order by \"" .sqlstr($order) ."\"";
  if (isset($ordtype) && $ordtype!='') $sql .= " " .sqlstr($ordtype);
  $res = mysql_query($sql, $conn) or die(mysql_error());

  return $res;
}

function sql_getrecordcount()
{
  global $conn;
  global $order;
  global $ordtype;
  global $filter;
  global $filterfield;
  global $wholeonly;

  $filterstr = sqlstr($filter);
  if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
  $sql = "select count(*) from `siteid`";
  if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
    $sql .= " where " .sqlstr($filterfield) ." like '" .$filterstr ."'";
  } elseif (isset($filterstr) && $filterstr!='') {
    $sql .= " where (`SiteID` like '" .$filterstr ."') or (`Site` like '" .$filterstr ."') or (`Site Number` like '" .$filterstr ."')";
  }
  $res = mysql_query($sql, $conn) or die(mysql_error());
  $row = mysql_fetch_assoc($res);
  reset($row);
  return current($row);
}

function sql_insert()
{
  global $conn;
  global $_POST;

  $sql = "insert into `siteid` (`SiteID`, `Site`, `Site Number`) values (" .sqlvalue(@$_POST["SiteID"], false) .", " .sqlvalue(@$_POST["Site"], true) .", " .sqlvalue(@$_POST["Site_Number"], true) .")";
  mysql_query($sql, $conn) or die(mysql_error());
  
  $sql = "select `SiteID`, `Site`, `Site Number` from `siteid` where `Site`=" .sqlvalue(@$_POST["Site"], true);

  $res = mysql_query($sql, $conn) or die(mysql_error());
  $row = mysql_fetch_assoc($res);
  $sql = "insert into `majorcustomer` ( `UserName_L2`, `FirstName`, `LastName`, `MobileNumber`, `EmailAddress`, `Password`, `UserLevel_L3`, `Credit_L2`, `Active_L2`, `~SiteID\$`) values ('".$_SESSION["siteadminname"]."', 'admin','admin', '', '', '". md5($_SESSION["siteadminpw"])."', 3, 0, 1,".$row["SiteID"].")";
  
  mysql_query($sql, $conn) or die(mysql_error());
  
}

function sql_update()
{
  global $conn;
  global $_POST;

  $sql = "update `siteid` set `Site`=" .sqlvalue(@$_POST["Site"], true) .", `Site Number`=" .sqlvalue(@$_POST["Site_Number"], true)." where `SiteID`=" .sqlvalue(@$_POST["SiteID"], false);
  
  mysql_query($sql, $conn) or die(mysql_error());
} ?>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: eCanteen