Location: PHPKode > scripts > rConfig > rconfig/www/lib/crud/vendors.crud.php
<?php
require_once("../../../classes/db.class.php");
require_once("../../../classes/ADLog.class.php");
require_once("../../../classes/imageResize.class.php");
require_once("../../../config/config.inc.php");

$db  = new db();
$log = ADLog::getInstance();

/* Add Vendors Here */
if (isset($_POST['add'])) {
    session_start();
    $errors = array();
    
    
    if (!empty($_POST['vendorName'])) {
        /* Validate Input from Form */
        if (!ctype_alnum($_POST['vendorName'])) {
            $errors['vendorName'] = "Input was not a valid string - alphaNumeric Characters only!";
            $log->Warn("Failure: categoryName Input was not a valid string! (File: " . $_SERVER['PHP_SELF'] . ")");
        }
        
        if (!empty($errors)) {
            $_SESSION['errors'] = $errors;
            session_write_close();
            header("Location: " . $config_basedir . "vendors.php?error");
            exit();
        } else {
            $vendorName = mysql_real_escape_string($_POST['vendorName']);
        }
        
        if (!empty($_FILES["vendorLogo"]["name"])) {
            if ((($_FILES["vendorLogo"]["type"] == "image/gif") || ($_FILES["vendorLogo"]["type"] == "image/jpeg") || ($_FILES["vendorLogo"]["type"] == "image/pjpeg")) && ($_FILES["vendorLogo"]["size"] < 20000)) {
                if ($_FILES["vendorLogo"]["error"] > 0) {
                    $errors['fileError'] = "File Error Return Code: " . $_FILES["vendorLogo"]["error"];
                    $log->Warn("File Error Return Code: " . $_FILES["vendorLogo"]["error"] . " (File: " . $_SERVER['PHP_SELF'] . ")");
                } else {
                    // echo "Upload: " . $_FILES["vendorLogo"]["name"] . "<br />";
                    // echo "Type: " . $_FILES["vendorLogo"]["type"] . "<br />";
                    // echo "Size: " . ($_FILES["vendorLogo"]["size"] / 1024) . " Kb<br />";
                    // echo "Temp file: " . $_FILES["vendorLogo"]["tmp_name"] . "<br />";
					$filename = $config_basedir . "images/vendor/" . $_FILES["vendorLogo"]["name"];
					$location = $config_web_basedir . "images/vendor/" . $_FILES["vendorLogo"]["name"];

                    if (file_exists($location)) {
                        $log->Warn("Failure: " . $_FILES["vendorLogo"]["name"] . " already exists (File: " . $_SERVER['PHP_SELF'] . ")");
                    } else {

						move_uploaded_file($_FILES['vendorLogo']['tmp_name'], $location);

							// *** 1) Initialize / load image  
							$resizeObj = new resize($location);  
							// *** 2) Resize image (options: exact, portrait, landscape, auto, crop)  
							$resizeObj -> resizeImage(16, 16, 'auto');  
							// *** 3) Save image  
							$resizeObj -> saveImage($location, 100);  
						
                    }
                }
            } else {
                $errors['fileInvalid'] = "Invalid File";
                $log->Warn("Failure: Invalid File(File: " . $_SERVER['PHP_SELF'] . ")");
                $_SESSION['errors'] = $errors;
                session_write_close();
                header("Location: " . $config_basedir . "vendors.php?error");
                exit();
            }
        } else {
            /* set location variable as defaultImg for later use in SQL statement, reason is user is not obliged to upload a file*/
            $filename = "images/logos/rconfig16.png";
        }
        /* end validate */
        
        /* Begin DB query. This will either be an Insert if $_POST editid is not set - or an edit/Update if editid is set in POST */
        if (empty($_POST['editid'])) { // do the add/ INSERT
            if (ctype_alnum($vendorName)) {
                $q = "INSERT INTO vendors
							(vendorName, 
							vendorLogo,
							status) 
							VALUES 
								('" . $vendorName . "', 
								' $filename ',				
								'1'
								)";
                if ($result = $db->q($q)) {
                    $errors['Success'] = "Added new vendor " . $vendorName . " to Database";
                    $log->Info("Success: Added new vendor, " . $vendorName . " to DB (File: " . $_SERVER['PHP_SELF'] . ")");
                    $_SESSION['errors'] = $errors;
                    session_write_close();
                    header("Location: " . $config_basedir . "vendors.php");
                } else {
                    $errors['Fail'] = "ERROR: " . mysql_error();
                    $log->Fatal("Fatal: " . mysql_error() . " (File: " . $_SERVER['PHP_SELF'] . ")");
                    $_SESSION['errors'] = $errors;
                    session_write_close();
                    header("Location: " . $config_basedir . "vendors.php?error");
                    exit();
                }
            } else {
                $errors['vendorName'] = "Vendor Name Field was not a string";
                $log->Warn("Failure: vendorName was not a string (File: " . $_SERVER['PHP_SELF'] . ")");
                $_SESSION['errors'] = $errors;
                session_write_close();
                header("Location: " . $config_basedir . "vendors.php?error");
                exit();
            }
        } else { // do the UPDATE/EDIT
            if (ctype_alnum($vendorName)) {
                $id = $_POST['editid'];
                $q  = "UPDATE vendors SET 
						vendorName = '" . $vendorName . "',
						vendorLogo = '" . $location . "'
						WHERE id = $id";
                echo $q;
                if ($result = $db->q($q)) {
                    $errors['Sucess'] = "Edited vendor " . $vendorName . " in Database";
                    $log->Info("Success: Edited vendor, " . $vendorName . " in DB (File: " . $_SERVER['PHP_SELF'] . ")");
                    $_SESSION['errors'] = $errors;
                    session_write_close();
                    header("Location: " . $config_basedir . "vendors.php");
                } else {
                    $errors['Fail'] = "ERROR: " . mysql_error();
                    $log->Fatal("Fatal: " . mysql_error() . " (File: " . $_SERVER['PHP_SELF'] . ")");
                    $_SESSION['errors'] = $errors;
                    session_write_close();
                    header("Location: " . $config_basedir . "vendors.php?error");
                    exit();
                }
            } else {
                $errors['vendorName'] = "Vendor Name Field was not a string";
                $log->Warn("Failure: vendorName was not a string (File: " . $_SERVER['PHP_SELF'] . ")");
                $_SESSION['errors'] = $errors;
                session_write_close();
                header("Location: " . $config_basedir . "vendors.php?error");
                exit();
            }
        }
        /* end 'id' post check*/
        
    } else {
        $errors['vendorName'] = "Vendor Name Field cannot be emtpy";
        $log->Warn("Failure: vendorName was emtpy(File: " . $_SERVER['PHP_SELF'] . ")");
        $_SESSION['errors'] = $errors;
        session_write_close();
        header("Location: " . $config_basedir . "vendors.php?error");
        exit();
    }
}
/* end 'add' if*/

/* begin delete check */
elseif (isset($_POST['del'])) {
    if (ctype_digit($_POST['id'])) {
        $id = $_POST['id'];
    } else {
        $errors['Fail'] = "Fatal: id not of type int for getRow";
        $log->Fatal("Fatal: id not of type int for getRow - " . $_SERVER['PHP_SELF'] . ")");
        $_SESSION['errors'] = $errors;
        session_write_close();
        header("Location: " . $config_basedir . "vendors.php?error");
        exit();
    }
    /* the query*/
    $q = "UPDATE vendors SET status = 2 WHERE id = " . $id . ";";
    if ($result = $db->q($q)) {
        $log->Info("Success: Deleted vendor in DB (File: " . $_SERVER['PHP_SELF'] . ")");
        $response = json_encode(array(
            'success' => true
        ));
    } else {
        $log->Warn("Failure: Unable to delete vendor in DB (File: " . $_SERVER['PHP_SELF'] . ")");
        $response = json_encode(array(
            'failure' => true
        ));
    }
    echo $response;
    
} /* end 'delete' if*/ /* Below is used for an ajax call from vendors update 
jquery function to get row information to present back to vendor edit form*/ 


elseif (isset($_GET['getRow']) && isset($_GET['id'])) {
    if (ctype_digit($_GET['id'])) {
        $id = $_GET['id'];
    } else {
        $errors['Fail'] = "Fatal: id not of type int for getRow";
        $log->Fatal("Fatal: id not of type int for getRow - " . $_SERVER['PHP_SELF'] . ")");
        $_SESSION['errors'] = $errors;
        session_write_close();
        header("Location: " . $config_basedir . "categories.php?error");
        exit();
    }
    $q     = $db->q("SELECT 
			id,
			vendorName,
			vendorLogo
		FROM vendors
		WHERE status = 1
		AND id = $id");
    $items = array();
    while ($row = mysql_fetch_assoc($q)) {
        array_push($items, $row);
    }
    $result["rows"] = $items;
    echo json_encode($result);
}
/* end GetId */
?>
Return current item: rConfig