@ -1,6 +1,6 @@
<?php
// error_reporting(E_ALL);
// ini_set('display_errors', 1);
error_reporting(E_ALL);
ini_set('display_errors', 1);
//session_cache_limiter('private');session_cache_expire(0);
session_start();
@ -38,7 +38,7 @@ if(isset($_POST["selectedcompany"]) && $loggedin){
$_SESSION["selectedschool"] = $_POST["selectedschool"];
}
if(!isset($liteload) & & ! $loggedin & & $isadmin & & ($type == 1 || $type == 2) ){
if(!isset($liteload) & & $loggedin == false & & $isadmin & & $type != 1 & & $type != 2 & & $type != 3 ){
header("Location: ".$curdir."login.php");
die();
}else{
@ -53,11 +53,24 @@ if(!isset($liteload) && !$loggedin && $isadmin && ($type == 1 || $type == 2)){
$type = $sqlvals["type"];
if($type == 2){
$connctdcmps = explode(",", $sqlvals["connectedcompanyids"]);
}elseif($type == 1){
$connctdschids = array();
$viewsql = "SELECT * FROM `schools`";
$result2 = $conn->query($viewsql);
for($i = 0; $i < $result2->num_rows; $i++){
if ($result2 == TRUE) {
if (!empty($result2) & & $result2->num_rows > 0) {
$vals = $result2->fetch_assoc();
$connctdschids[$i] = $vals["id"];
}
}
}
mysqli_free_result($result2);
}else{
$connctdschids = explode(",", $sqlvals["connectedschoolids"]);
}
$sql = "SELECT * FROM `acctypes` WHERE `id` = '".$type."'";
mysqli_free_result($result);
$sql = "SELECT * FROM `acctypes` WHERE `id` = '".$type."'";
$result = $conn->query($sql);
$sqlvals = $result->fetch_assoc();
$fulltype = $sqlvals["name_hun"];
@ -66,19 +79,57 @@ if(!isset($liteload) && !$loggedin && $isadmin && ($type == 1 || $type == 2)){
mysqli_free_result($result);
if(isset($data_upload)){
ini_set("file_uploads", 1);
if(isset($_POST["submit"])){
$modsql = "UPDATE `schools` SET `name` = '".$conn->real_escape_string($_POST['schoolname'])."', `type` = '".$conn->real_escape_string($_POST['schooltype'])."', `postalcode` = '".$conn->real_escape_string($_POST['postcode'])."', `spec` = '".str_replace(', ', ',', preg_replace('/\s+/', ' ', trim($conn->real_escape_string($_POST['spec']))))."', `location` = '".$conn->real_escape_string($_POST['loc'])."', `locationspec` = '".$conn->real_escape_string($_POST['locspec'])."', `phonenumber` = '".$conn->real_escape_string($_POST['phnnum'])."', `emailaddress` = '".$conn->real_escape_string($_POST['email'])."' WHERE `schools`.`id` = ".substr($_SESSION["selectedschool"], 1);
if($type == 2){
$modsql = "UPDATE `companies` SET `name` = '".$conn->real_escape_string($_POST['formname'])."', `type` = '".$conn->real_escape_string($_POST['formtype'])."', `postalcode` = '".$conn->real_escape_string($_POST['postcode'])."', `spec` = '".str_replace(', ', ',', preg_replace('/\s+/', ' ', trim($conn->real_escape_string($_POST['spec']))))."', `location` = '".$conn->real_escape_string($_POST['loc'])."', `locationspec` = '".$conn->real_escape_string($_POST['locspec'])."', `phonenumber` = '".$conn->real_escape_string($_POST['phnnum'])."', `emailaddress` = '".$conn->real_escape_string($_POST['email'])."' WHERE `companies`.`id` = ".substr($_SESSION["selectedcompany"], 1);
$filepath = $curdir."images/company/".substr($_SESSION["selectedcompany"], 1).".png";
}else{
$modsql = "UPDATE `schools` SET `name` = '".$conn->real_escape_string($_POST['formname'])."', `type` = '".$conn->real_escape_string($_POST['formtype'])."', `postalcode` = '".$conn->real_escape_string($_POST['postcode'])."', `spec` = '".str_replace(', ', ',', preg_replace('/\s+/', ' ', trim($conn->real_escape_string($_POST['spec']))))."', `location` = '".$conn->real_escape_string($_POST['loc'])."', `locationspec` = '".$conn->real_escape_string($_POST['locspec'])."', `phonenumber` = '".$conn->real_escape_string($_POST['phnnum'])."', `emailaddress` = '".$conn->real_escape_string($_POST['email'])."' WHERE `schools`.`id` = ".substr($_SESSION["selectedschool"], 1);
$filepath = $curdir."images/school/".substr($_SESSION["selectedschool"], 1).".png";
}
if(isset($_FILES["formfile"]) & & $_FILES["formfile"]['error'] != UPLOAD_ERR_NO_FILE){
$check = getimagesize($_FILES["formfile"]["tmp_name"]);
if($check !== false) {
$filetype = $_FILES["formfile"]["type"];
if($filetype != "image/jpg" & & $filetype != "image/png" & & $filetype != "image/jpeg" & & $filetype != "image/gif" ) {
$uploadProblem = 0;
}else{
if ($_FILES["formfile"]["size"] > 900000) {
$uploadProblem = 1;
}else{
//move_uploaded_file($_FILES["formfile"]["tmp_name"], $filepath);
copy($_FILES["formfile"]["tmp_name"], $filepath);
}
}
if(isset($uploadProblem)){
header("Location: dataupload.php?imageuploaded=".$uploadProblem);
die();
}else{
header("Location: dataupload.php?imageuploaded=2");
die();
}
}
}else{
if ($conn->query($modsql) === TRUE) {
header("Location: dataupload.php?uploaded=1");
} else {
//echo "Error: " . $modsql . "< br > " . $conn->error;
//header("Location: dataupload.php?uploaded=0&error=".$conn->error);
header("Location: dataupload.php?uploaded=0");
}
die();
}elseif(isset($_POST["addfaculty"]) & & $_POST['schooltype'] == "uni"){
$modsql = "INSERT INTO `faculties` (`schoolid`, `facultyname`, `facultyspec`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '')";
}
}elseif(isset($_POST["addfaculty"]) & & $_POST['formtype'] == "uni"){
$modsql = "INSERT INTO `faculties` (`schoolid`, `facultyname`, `facultyspec`, `facultyphonenumber`, `facultyemail`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '')";
$conn->query($modsql);
header("Location: dataupload.php");
if ($conn->query($modsql) === TRUE) {
header("Location: dataupload.php?addedfaculty=1");
} else {
//echo "Error: " . $modsql . "< br > " . $conn->error;
//header("Location: dataupload.php?uploaded=0&error=".$conn->error);
header("Location: dataupload.php?addedfaculty=0");
}
die();
}
}
@ -119,7 +170,7 @@ if(!isset($liteload) && !$loggedin && $isadmin && ($type == 1 || $type == 2)){
$result = $conn->query($viewsql);
if ($result == TRUE) {
if (!empty($result) & & $result->num_rows > 0) {
$selcom vals = $result->fetch_assoc();
$selsch vals = $result->fetch_assoc();
}
//else{
//$modsql = "INSERT INTO `schools` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '', '', '', '')";
@ -427,7 +478,7 @@ if(!isset($liteload) && !$loggedin && $isadmin && ($type == 1 || $type == 2)){
< div class = "menu" >
< ul class = "list" >
<?php if ( ! $isadmin ){
if($type == 1 || $type == 2){ #School admin and partner ?>
if($type == 1 || $type == 2 || $type == 3 ){ #School admin and partner ?>
< li class = "header" > ADMINISZTRÁTOR< / li >
< li >
< a href = "admin" >