Security line in all includes changed
[mailer.git] / inc / modules / admin / what-config_rallye_prices.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 07/03/2004 *
4  * ================                             Last change: 08/22/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-config_rallye_prices.php                    *
8  * -------------------------------------------------------------------- *
9  * Short description : Setup rallye prices                              *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Rallye-Preise einrichten                         *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Some security stuff...
35 if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
37         require($INC);
38 }
39
40 // Add description as navigation point
41 ADD_DESCR("admin", basename(__FILE__));
42
43 if (!empty($_GET['rallye']))
44 {
45         // Price submitted?
46         if (isset($_POST['add']))
47         {
48                 if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
49                 {
50                         // Submitted data is valid, but maybe we already have this price level?
51                         $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
52                          array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
53
54                         if (SQL_NUMROWS($result) == 0)
55                         {
56                                 // Ok, new price level entered!
57                                 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info)
58 VALUES ('%s', '%s', '%s', '%s')",
59  array(
60         bigintval($_GET['rallye']),
61         bigintval($_POST['level']),
62         $_POST['points'],
63         $_POST['info']
64 ), __FILE__, __LINE__);
65                                 LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
66                         }
67                          else
68                         {
69                                 // Free memory
70                                 SQL_FREERESULT($result);
71
72                                 // Price level found!
73                                 LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_ALREADY_FOUND);
74                         }
75                 }
76         }
77          elseif (isset($_POST['remove']))
78         {
79                 // Check if at last one line is selected
80                 $SEL = SELECTION_COUNT($_POST['sel']);
81                 if ($SEL > 0)
82                 {
83                         // Delete selected entries
84                         foreach ($_POST['sel'] as $id => $sel)
85                         {
86                                 $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
87                                  array(bigintval($id)), __FILE__, __LINE__);
88                         }
89
90                         // Output message
91                         LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_DELETED);
92                 }
93                  else
94                 {
95                         LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_NOT_DELETED);
96                 }
97         }
98          elseif (isset($_POST['change']))
99         {
100                 // Change entries
101                 foreach ($_POST['level'] as $id => $level)
102                 {
103                         // Secure ID
104                         $id = bigintval($id);
105
106                         // Update entry
107                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
108                          array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
109                 }
110
111                 // Output message
112                 LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_ENTRIES_CHANGED);
113         }
114
115         if (isset($_POST['edit']))
116         {
117                 // Check if at last one line is selected
118                 $SEL = SELECTION_COUNT($_POST['sel']);
119                 if ($SEL > 0)
120                 {
121                         // Make selected editable
122                         $SW = 2; $OUT = "";
123                         foreach ($_POST['sel'] as $id => $sel)
124                         {
125                                 // Load data to selected rallye
126                                 $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
127                                  array(bigintval($id)), __FILE__, __LINE__);
128                                 list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
129                                 SQL_FREERESULT($result);
130
131                                 // Prepare data for the row template
132                                 $content = array(
133                                         'sw'      => $SW,
134                                         'id'      => $id,
135                                         'rallyes' => ADD_OPTION_LINES("rallye_data", "id", "title", $rallye),
136                                         'level'   => $level,
137                                         'points'  => $points,
138                                         'infos'   => $infos,
139                                 );
140
141                                 // Load row template and switch color
142                                 $OUT .= LOAD_TEMPLATE("admin_config_rallye_edit_row", true, $content);
143                                 $SW = 3 - $SW;
144                         }
145                         define('__PRICE_ROWS', $OUT);
146
147                         // Prepare data for the main template
148                         define('__RALLYE_ID', $_GET['rallye']);
149
150                         // Load main template
151                         LOAD_TEMPLATE("admin_config_rallye_edit");
152                 }
153                  else
154                 {
155                         // Nothing selected
156                         $content = RALLYE_NO_PRICES_SELECTED_1."<A href=\"".URL."/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</A>".RALLYE_NO_PRICES_SELECTED_3;
157                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
158                 }
159         }
160          elseif (isset($_POST['del']))
161         {
162                 // Check if at last one line is selected
163                 $SEL = SELECTION_COUNT($_POST['sel']);
164                 if ($SEL > 0)
165                 {
166                         // List all prices
167                         $SW = 2; $OUT = "";
168                         foreach ($_POST['sel'] as $id => $sel)
169                         {
170                                 // Load data to selected rallye
171                                 $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
172                                  array(bigintval($id)), __FILE__, __LINE__);
173                                 list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
174                                 SQL_FREERESULT($result);
175
176                                 if (empty($infos)) $infos = "---";
177
178                                 // Prepare data for the row template
179                                 $content = array(
180                                         'sw'      => $SW,
181                                         'id'      => $id,
182                                         'level'   => $level,
183                                         'points'  => $points,
184                                         'infos'   => $infos,
185                                 );
186
187                                 // Load row template and switch color
188                                 $OUT .= LOAD_TEMPLATE("admin_config_rallye_del_row", true, $content);
189                                 $SW = 3 - $SW;
190                         }
191                         define('__PRICE_ROWS', $OUT);
192
193                         // Prepare data for the main template
194                         define('__RALLYE_ID', $_GET['rallye']);
195
196                         // Load main template
197                         LOAD_TEMPLATE("admin_config_rallye_del");
198                 }
199                  else
200                 {
201                         // Nothing selected
202                         $content = RALLYE_NO_PRICES_SELECTED_1."<A href=\"".URL."/modules.php?module=admin&amp;what=config_rallye_prices&amp;rallye=".$_GET['rallye']."\">".RALLYE_NO_PRICES_SELECTED_2."</A>".RALLYE_NO_PRICES_SELECTED_3;
203                         LOAD_TEMPLATE("admin_settings_saved", false, $content);
204                 }
205         }
206          else
207         {
208                 // A rallye was selected, so check if there are already prices assigned...
209                 $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
210                  array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
211
212                 if (SQL_NUMROWS($result) > 0)
213                 {
214                         // Load all prices for the selected rallye
215                         $SW = 2; $OUT = "";
216                         while(list($id, $level, $points, $infos) = SQL_FETCHROW($result))
217                         {
218                                 if (empty($infos)) $infos = "---";
219
220                                 // Prepare data for the row template
221                                 $content = array(
222                                         'sw'      => $SW,
223                                         'id'      => $id,
224                                         'level'   => $level,
225                                         'points'  => $points,
226                                         'infos'   => $infos,
227                                 );
228
229                                 // Load row template and switch color
230                                 $OUT .= LOAD_TEMPLATE("admin_config_rallye_prices_row", true, $content);
231                                 $SW = 3 - $SW;
232                         }
233
234                         // Free memory
235                         SQL_FREERESULT($result);
236                         define('__PRICE_ROWS', $OUT);
237
238                         // Prepare data for the main template
239                         define('__RALLYE_ID', $_GET['rallye']);
240
241                         // Load main template
242                         LOAD_TEMPLATE("admin_config_rallye_prices");
243                 }
244         }
245
246         // Add form for adding new price level
247         if (empty($_POST['edit']))
248         {
249                 LOAD_TEMPLATE("admin_add_rallye_prices", false, $_GET['rallye']);
250         }
251 }
252  else
253 {
254         // No rallye selected so display all available without prices
255         $result = SQL_QUERY("SELECT d.id, d.admin_id, d.start_time, d.end_time, d.title, a.login, d.is_active
256 FROM "._MYSQL_PREFIX."_rallye_data AS d, "._MYSQL_PREFIX."_admins AS a
257 WHERE d.admin_id=a.id ORDER BY start_time DESC", __FILE__, __LINE__);
258         if (SQL_NUMROWS($result) > 0)
259         {
260                 // List found rallyes
261                 $SW = 2; $OUT = "";
262                 while (list($id, $aid, $start, $end, $title, $alogin, $active) = SQL_FETCHROW($result))
263                 {
264                         $select = "<INPUT type=\"checkbox\" name=\"sel[".$id."]\" class=\"admin_normal\" value=\"1\">";
265                         if ($active == "Y") $select = "<STRONG class=\"big\">".$id."</STRONG>";
266
267                         // Prepare data for the row template
268                         $content = array(
269                                 'sw'         => $SW,
270                                 'id'         => $id,
271                                 'select'     => $select,
272                                 'title'      => $title,
273                                 'aid'        => $aid,
274                                 'email_link' => CREATE_EMAIL_LINK($aid),
275                                 'alogin'     => $alogin,
276                                 'start'      => MAKE_DATETIME($start, "3"),
277                                 'end'        => MAKE_DATETIME($end, "3"),
278                         );
279
280                         // Load row template and switch color
281                         $OUT .= LOAD_TEMPLATE("admin_list_rallye_prices_row", true, $content);
282                         $SW = 3 - $SW;
283                 }
284
285                 // Free memory
286                 SQL_FREERESULT($result);
287                 define('__RALLYE_ROWS', $OUT);
288
289                 // Load main template
290                 LOAD_TEMPLATE("admin_list_rallye_prices");
291         }
292          else
293         {
294                 // No rallyes setup so far
295                 LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_NO_RALLYES_SETUP);
296         }
297 }
298 //
299 ?>