Your IP : 216.73.217.6
<?php
/**
* User: zaven
* Date: 13.11.2018
* Time: 17:34
* Project: acv
**/
$permission = bindec('110');
require_once('../includes/init.inc.php');
require_once(APPLICATION_BASE . 'includes/security.ajax.inc.php');
$resultArray = array(
'success' => 0,
'error' => 1,
'message' => TX_ERROR_UNKNOWN_ERROR
);
$data = array();
$data['action'] = '';
$data['id'] = '';
$data['member_firstname'] = '';
$data['member_inbelgiumsince'] = '';
$data['member_lastname'] = '';
$data['member_mail'] = '';
$data['member_phone'] = '';
$data['member_postalcode'] = '';
$data['member_address'] = '';
$data['member_city'] = '';
foreach ($data as $key => $val) {
if (isset($_POST[$key]) && $_POST[$key] != '') {
$data[$key] = $_POST[$key];
}
}
if ($_SESSION['ac']['USER_TYPE'] == UserType::SiteSuperUser) {
$userId = -$_SESSION['ac']['USER_ID'];
} else {
$userId = $_SESSION['ac']['USER_ID'];
}
switch ($data['action']) {
case 1: //delete member
if ((int)((int)$_SESSION['ac']["USER_TYPE"] & (int)bindec('100')) != (int)$_SESSION['ac']["USER_TYPE"]) {
ob_clean();
header('Content-type: application/json; charset=utf-8');
$resultArray['message'] = TX_ERROR_PERMISSION_DENIED;
echo json_encode($resultArray);
ob_end_flush();
die();
}
if ($data['id'] > 0) {
$sql = "DELETE FROM #__member WHERE member_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_DATA_WAS_DELETED;
} else {
$resultArray['message'] = TX_ERROR_UNABLE_TO_DELETE_DATA;
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
break;
case 2: //insert / update member
$mayContinue = true;
foreach ($data as $key => $val) {
if ($mayContinue && $val == '' && ($key != 'member_phone' && $key != 'member_mail'))
$mayContinue = false;
}
if ($mayContinue) {
if ($data['id'] > 0) {
$sql = "UPDATE #__member SET " .
"member_firstname = '" . db_real_escape_string($data['member_firstname']) . "', " .
"member_lastname = '" . db_real_escape_string($data['member_lastname']) . "', " .
"member_address = '" . db_real_escape_string($data['member_address']) . "', " .
"member_postalcode = '" . db_real_escape_string($data['member_postalcode']) . "', " .
"member_city = '" . db_real_escape_string($data['member_city']) . "', " .
"member_inbelgumesince = '" . db_real_escape_string($data['member_inbelgiumsince']) . "', " .
"member_mail = '" . db_real_escape_string($data['member_mail']) . "', " .
"modify_id = '" . db_real_escape_string($userId) . "', " .
" member_phone= '" . db_real_escape_string($data['member_phone']) . "' " .
"WHERE member_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
$resultArray['dbg'] = $sql;
if ($result !== false) {
$resultArray['message'] = TX_SUCCESS_DATA_WAS_UPDATED;
$resultArray['error'] = 0;
} else {
$resultArray['message'] = TX_ERROR_UNABLE_TO_UPDATE_DATA;
}
} else if ($data['id'] == -1) {
$sql = "INSERT INTO #__member (member_firstname, member_lastname, member_address, member_postalcode, member_city, member_inbelgumesince, member_mail, member_phone, insert_id) VALUES (" .
"'" . db_real_escape_string($data['member_firstname']) . "', " .
"'" . db_real_escape_string($data['member_lastname']) . "', " .
"'" . db_real_escape_string($data['member_address']) . "', " .
"'" . db_real_escape_string($data['member_postalcode']) . "', " .
"'" . db_real_escape_string($data['member_city']) . "', " .
"'" . db_real_escape_string($data['member_inbelgiumsince']) . "', " .
"'" . db_real_escape_string($data['member_mail']) . "', " .
"'" . db_real_escape_string($data['member_phone']) . "', " .
"'" . db_real_escape_string($userId) . "' " .
")";
$result = db_query($sql);
if ($result !== false && db_affected_rows() > 0) {
$data['id'] = db_insert_id();
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_DATA_WAS_INSERTED;
} else {
$resultArray['message'] = TX_ERROR_UNABLE_TO_INSERT_DATA;
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
if ($resultArray['error'] == 0) {
if (!isset($_SESSION['ac']['memberFilter']))
$_SESSION['ac']['memberFilter'] = array();
$_SESSION['ac']['memberFilter']['city'] = $data['member_city'];
$_SESSION['ac']['memberFilter']['firstname'] = $data['member_firstname'];
$_SESSION['ac']['memberFilter']['lastname'] = $data['member_lastname'];
$_SESSION['ac']['memberFilter']['postalcode'] = $data['member_postalcode'];
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
break;
case 3: //set voted
if ($data['id'] > 0) {
$voteData = getData('member', 'user_id', 'member_id', $data['id']);
if ($voteData !== false) {
if ($voteData == '0') {
$sql = "UPDATE #__member SET user_id='" . db_real_escape_string($_SESSION['ac']['USER_ID']) . "', member_votedon = NOW() WHERE member_id='" . db_real_escape_string($data['id']) . "' AND user_id=0";
$result = db_query($sql);
if ($result !== false && db_affected_rows() > 0) {
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_DATA_WAS_UPDATED;
} else {
$resultArray['message'] = TX_ERROR_UNABLE_TO_UPDATE_DATA;
}
} else {
$resultArray['message'] = TX_ERROR_APPROPRIATE_DATA_NOT_FOUND;
}
} else {
$resultArray['message'] = TX_ERROR_APPROPRIATE_DATA_NOT_FOUND;
}
}
break;
}
header('Content-type: application/json; charset=utf-8');
echo json_encode($resultArray);
die();