connect_error) {
header('Content-Type: application/json');
echo json_encode(array('response' => "Database connection error (".$conn->connect_error.")"));
exit;
}
if(isset($_POST["selectedcompany"]) && $loggedin){
$_SESSION["selectedcompany"] = $_POST["selectedcompany"];
header("Location: http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
die();
}elseif(isset($_POST["selectedschool"]) && $loggedin){
$_SESSION["selectedschool"] = $_POST["selectedschool"];
header("Location: http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
die();
}
if((!isset($liteload) && $loggedin == false && $isadmin && $type != 1 && $type != 2 && $type != 3) || ($ischat && $loggedin == false)){
header("Location: ".$curdir."login.php");
die();
}else{
if($loggedin == true){
$id = $_SESSION["id"];
$sql = "SELECT * FROM `auth` WHERE `id` = '".$conn->real_escape_string($id)."'";
$result = $conn->query($sql);
if ($result == TRUE) {
if (!empty($result) && $result->num_rows > 0) {
$sqlvals = $result->fetch_assoc();
$username = $sqlvals["username"];
$userid = $sqlvals["id"];
$type = $sqlvals["type"];
if(isset($sqlvals["fullname"])){
$fullname = $sqlvals["fullname"];
}
if($type == 2){
$connctdcmps = explode(",", $sqlvals["connectedcompanyids"]);
}elseif($type == 1){
$connctdschids = array();
$viewsql = "SELECT * FROM `schools`";
$result2 = $conn->query($viewsql);
for($i = 0; $i < $result2->num_rows; $i++){
if ($result2 == TRUE) {
if (!empty($result2) && $result2->num_rows > 0) {
$vals = $result2->fetch_assoc();
$connctdschids[$i] = $vals["id"];
}
}
}
mysqli_free_result($result2);
}else{
$connctdschids = explode(",", $sqlvals["connectedschoolids"]);
}
mysqli_free_result($result);
$sql = "SELECT * FROM `acctypes` WHERE `id` = '".$type."'";
$result = $conn->query($sql);
$sqlvals = $result->fetch_assoc();
$fulltype = $sqlvals["name_hun"];
}
}
mysqli_free_result($result);
if(isset($data_upload)){
ini_set("file_uploads", 1);
if(isset($_POST["submit"])){
if($type == 2){
$modsql = "UPDATE `companies` SET `name` = '".$conn->real_escape_string($_POST['formname'])."', `type` = '".$conn->real_escape_string($_POST['formtype'])."', `postalcode` = '".$conn->real_escape_string($_POST['postcode'])."', `spec` = '".str_replace(', ', ',', preg_replace('/\s+/', ' ', trim($conn->real_escape_string($_POST['spec']))))."', `location` = '".$conn->real_escape_string($_POST['loc'])."', `locationspec` = '".$conn->real_escape_string($_POST['locspec'])."', `phonenumber` = '".$conn->real_escape_string($_POST['phnnum'])."', `emailaddress` = '".$conn->real_escape_string($_POST['email'])."' WHERE `companies`.`id` = ".substr($_SESSION["selectedcompany"], 1);
$filepath = $curdir."images/company/".substr($_SESSION["selectedcompany"], 1).".png";
}else{
$modsql = "UPDATE `schools` SET `name` = '".$conn->real_escape_string($_POST['formname'])."', `type` = '".$conn->real_escape_string($_POST['formtype'])."', `postalcode` = '".$conn->real_escape_string($_POST['postcode'])."', `spec` = '".str_replace(', ', ',', preg_replace('/\s+/', ' ', trim($conn->real_escape_string($_POST['spec']))))."', `location` = '".$conn->real_escape_string($_POST['loc'])."', `locationspec` = '".$conn->real_escape_string($_POST['locspec'])."', `phonenumber` = '".$conn->real_escape_string($_POST['phnnum'])."', `emailaddress` = '".$conn->real_escape_string($_POST['email'])."' WHERE `schools`.`id` = ".substr($_SESSION["selectedschool"], 1);
$filepath = $curdir."images/school/".substr($_SESSION["selectedschool"], 1).".png";
}
if(isset($_FILES["formfile"]) && $_FILES["formfile"]['error'] != UPLOAD_ERR_NO_FILE){
$check = getimagesize($_FILES["formfile"]["tmp_name"]);
if($check !== false) {
$filetype = $_FILES["formfile"]["type"];
if($filetype != "image/jpg" && $filetype != "image/png" && $filetype != "image/jpeg" && $filetype != "image/gif" ) {
$uploadProblem = 0;
}else{
if ($_FILES["formfile"]["size"] > 900000) {
$uploadProblem = 1;
}else{
//move_uploaded_file($_FILES["formfile"]["tmp_name"], $filepath);
copy($_FILES["formfile"]["tmp_name"], $filepath);
}
}
$conn->query($modsql);
if(isset($uploadProblem)){
header("Location: dataupload.php?imageuploaded=".$uploadProblem);
die();
}else{
header("Location: dataupload.php?imageuploaded=2");
die();
}
}
}else{
if ($conn->query($modsql) === TRUE) {
header("Location: dataupload.php?uploaded=1");
} else {
//echo "Error: " . $modsql . "
" . $conn->error;
//header("Location: dataupload.php?uploaded=0&error=".$conn->error);
header("Location: dataupload.php?uploaded=0");
}
die();
}
}elseif(isset($_POST["addfaculty"]) && $_POST['formtype'] == "uni"){
$modsql = "INSERT INTO `faculties` (`schoolid`, `facultyname`, `facultyspec`, `facultyphonenumber`, `facultyemail`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '')";
$conn->query($modsql);
if ($conn->query($modsql) === TRUE) {
header("Location: dataupload.php?addedfaculty=1");
} else {
//echo "Error: " . $modsql . "
" . $conn->error;
//header("Location: dataupload.php?uploaded=0&error=".$conn->error);
header("Location: dataupload.php?addedfaculty=0");
}
die();
}
}elseif(isset($eventupload)){
if(isset($_POST["submit"]) || isset($_POST["submituser"])){
if($type == 2){
$ownertype = 2;
$ownerid = substr($_SESSION["selectedcompany"], 1);
}else{
$ownertype = 1;
$ownerid = substr($_SESSION["selectedschool"], 1);
}
if(isset($_POST["submituser"])){
$submituser = $userid;
}else{
$submituser = "";
}
$modsql = "INSERT INTO `events` (`title`, `description`, `datetime`, `ownertype`, `ownerid`, `category`, `uploadedas_userid`) VALUES ('".$conn->real_escape_string($_POST['title'])."', '".$conn->real_escape_string($_POST['description'])."', '".date('Y-m-d H:i:s')."', '".$ownertype."', '".$ownerid."', 'none', '".$submituser."');";
if ($conn->query($modsql) === TRUE) {
header("Location: eventupload.php?eventadded=1");
} else {
header("Location: eventupload.php?eventadded=0");
}
die();
}
}
if($type == 2){
for($i = 0; $iquery($viewsql);
if ($result == TRUE) {
if(!isset($_SESSION["selectedcompany"])) {
$_SESSION["selectedcompany"] = "c".$connctdcmps[$i];
}
if (empty($result) || $result->num_rows == 0) {
$modsql = "INSERT INTO `companies` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`, `emailaddress`) VALUES ('".$connctdcmps[$i]."', '', '', '', '', '', '', '', '')";
$conn->query($modsql);
}
}
}
}else{
for($i = 0; $iquery($viewsql);
if ($result == TRUE) {
if(!isset($_SESSION["selectedschool"])) {
$_SESSION["selectedschool"] = "s".$connctdschids[$i];
}
if (empty($result) || $result->num_rows == 0) {
$modsql = "INSERT INTO `schools` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`, `emailaddress`) VALUES ('".$connctdschids[$i]."', '', '', '', '', '', '', '', '')";
$conn->query($modsql);
}
}
}
}
mysqli_free_result($result);
if($type == 2){
$viewsql = "SELECT * FROM `companies` WHERE `id` = ".substr($_SESSION["selectedcompany"], 1);
$result = $conn->query($viewsql);
if ($result == TRUE) {
if (!empty($result) && $result->num_rows > 0) {
$selschvals = $result->fetch_assoc();
}
//else{
//$modsql = "INSERT INTO `schools` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '', '', '', '')";
//$conn->query($modsql);
//header("Refresh:0");
//}
}
}else{
$viewsql = "SELECT * FROM `schools` WHERE `id` = ".substr($_SESSION["selectedschool"], 1);
$result = $conn->query($viewsql);
if ($result == TRUE) {
if (!empty($result) && $result->num_rows > 0) {
$selschvals = $result->fetch_assoc();
}
//else{
//$modsql = "INSERT INTO `schools` (`id`, `name`, `type`, `spec`, `postalcode`, `location`, `locationspec`, `phonenumber`) VALUES ('".substr($_SESSION["selectedschool"], 1)."', '', '', '', '', '', '', '')";
//$conn->query($modsql);
//header("Refresh:0");
//}
}
}
mysqli_free_result($result);
}else{
$username = "Vendég";
$type = "0";
$sql = "SELECT * FROM `acctypes` WHERE `id` = '".$type."'";
$result = $conn->query($sql);
$sqlvals = $result->fetch_assoc();
$fulltype = $sqlvals["name_hun"];
mysqli_free_result($result);
}
?>
ParEdu Adminisztráció
">
close(); } ?>