Indtastede password er ikke korrekt."; } } if($_SESSION["jp2Admin"] == "adminLoggedInOK"){ $adminLoggedIn = '1'; } else { $adminLoggedIn = '0'; } $checkCounter = mysql_num_rows(mysql_query("SELECT * FROM `counter` WHERE `session` = '$JP2customerSession'")); if($checkCounter < 1 ) { mysql_query("INSERT INTO `counter` (`id`,`session`,`ip`,`timestamp`) VALUES (NULL,'$JP2customerSession','".$_SERVER['REMOTE_ADDR']."',CURRENT_TIMESTAMP)"); } //Sub page create if($_POST['createSubPageTitle']){ mysql_query("INSERT INTO `pages` (`id`,`sub`,`subTitle`) VALUES (NULL,'".$_POST['createSubPageMaster']."','".$_POST['createSubPageTitle']."')"); unset($_POST['createSubPageTitle']); $newSubPage = mysql_result(mysql_query("SELECT `id` FROM `pages` ORDER BY `id` DESC LIMIT 1"),0,0); header("Location:/?p=".$_POST['createSubPageMaster']."&sp=".$newSubPage); } //Sub page deactivate if($_GET['dp']) { mysql_query("UPDATE `pages` SET `active` = '0' WHERE `id` = '".$_GET['dp']."'"); header("Location:/?p=".$_GET['rp']); } //Sub page re-activate if($_GET['udp']) { if($adminLoggedIn == '1'){ mysql_query("UPDATE `pages` SET `active` = '1' WHERE `id` = '".$_GET['udp']."'"); } header("Location:/?p=".$_GET['rp']."&sp=".$_GET['udp']); } //Sub page delete if($_GET['udpp']) { if($adminLoggedIn == '1'){ mysql_query("DELETE FROM `pages` WHERE `active` = '0' AND `id` = '".$_GET['udpp']."'"); } header("Location:/?p=".$_GET['rp']); } //Product Create if($_POST['createProductAction'] == 1){ function scale($gfx,$b,$h,$type){ $uploadDir = "gfx/products/"; $dst_img=imagecreatetruecolor($b,$h); $src_img=ImageCreateFromJpeg($uploadDir.$gfx); ImageCopyResampled($dst_img,$src_img,0,0,0,0,$b,$h,ImageSX($src_img),ImageSY($src_img)); ImageJpeg($dst_img, $uploadDir.$type."_".$gfx); } foreach($_FILES as $files) { if ($files['size'] > 0 && substr($files['name'], -4) == '.jpg') { $ext = substr($files['name'], -4); $rand = rand(1, 9999); $md5 = md5($files['name'].$rand); $uploadDir = "gfx/products/"; $uploadName = $uploadDir.$md5.$ext; move_uploaded_file($files['tmp_name'],$uploadName); $imageInfoWidth = '350'; $imageThumbWidth = '120'; $imgsize = getimagesize($uploadName); $imageW = $imgsize[0]; //Image width $imageH = $imgsize[1]; //Image height $varInfo = $imageInfoWidth*100/$imageW; $varThumb = $imageThumbWidth*100/$imageW; $newHeightInfo = $imageH*$varInfo/100; $newHeightThumb = $imageH*$varThumb/100; if($imageW<$imageInfoWidth) { $imageInfoWidth = $imageW; $newHeightInfo = $imageH; } scale($md5.$ext,$imageInfoWidth,$newHeightInfo,'info'); scale($md5.$ext,$imageThumbWidth,$newHeightThumb,'thumb'); $gfxData = $md5.$ext; } } mysql_query("INSERT INTO `product` (`id`,`group`,`title`,`description`,`gfx`,`price`,`active`) VALUES (NULL,'".$_POST['createProductGroup']."','".$_POST['createProductTitle']."','".$_POST['createProductDescr']."','".$gfxData."','".str_replace(',','.',$_POST['createProductPrice'])."','".$_POST['createProductStatus']."')"); unset($_POST['createProductAction']); header("Location:/?p=4"); } //Product edit if($_POST['editProductAction'] == 1){ function scale($gfx,$b,$h,$type){ $uploadDir = "gfx/products/"; $dst_img=imagecreatetruecolor($b,$h); $src_img=ImageCreateFromJpeg($uploadDir.$gfx); ImageCopyResampled($dst_img,$src_img,0,0,0,0,$b,$h,ImageSX($src_img),ImageSY($src_img)); ImageJpeg($dst_img, $uploadDir.$type."_".$gfx); } foreach($_FILES as $files) { if ($files['size'] > 0 && substr($files['name'], -4) == '.jpg') { @unlink($rootDirProductGfx."/".$_POST['editProductGfxCurrent']); @unlink($rootDirProductGfx."/info_".$_POST['editProductGfxCurrent']); @unlink($rootDirProductGfx."/thumb_".$_POST['editProductGfxCurrent']); $ext = substr($files['name'], -4); $rand = rand(1, 9999); $md5 = md5($files['name'].$rand); $uploadDir = "gfx/products/"; $uploadName = $uploadDir.$md5.$ext; move_uploaded_file($files['tmp_name'],$uploadName); $imageInfoWidth = '350'; $imageThumbWidth = '120'; $imgsize = getimagesize($uploadName); $imageW = $imgsize[0]; //Image width $imageH = $imgsize[1]; //Image height $varInfo = $imageInfoWidth*100/$imageW; $varThumb = $imageThumbWidth*100/$imageW; $newHeightInfo = $imageH*$varInfo/100; $newHeightThumb = $imageH*$varThumb/100; if($imageW<$imageInfoWidth) { $imageInfoWidth = $imageW; $newHeightInfo = $imageH; } scale($md5.$ext,$imageInfoWidth,$newHeightInfo,'info'); scale($md5.$ext,$imageThumbWidth,$newHeightThumb,'thumb'); $gfxData = $md5.$ext; } else { $gfxData = $_POST['editProductGfxCurrent']; } } mysql_query("UPDATE `product` SET `group` = '".$_POST['editProductGroup']."',`title` = '".$_POST['editProductTitle']."',`description` = '".$_POST['editProductDescr']."',`gfx` = '".$gfxData."',`price` = '".$_POST['editProductPrice']."',`active` = '".$_POST['editProductStatus']."' WHERE `id` = '".$_POST['editProductID']."'"); unset($_POST['editProductAction']); header("Location:/?p=4&pid=".$_POST['editProductID']); } //Product delete if(isset($_GET['dpid']) && !empty($_GET['dpid'])){ $gfxDelete = mysql_result(mysql_query("SELECT `gfx` FROM `product` WHERE `id` = '".$_GET['dpid']."'"),0,0); @unlink($rootDirProductGfx."/".$gfxDelete); @unlink($rootDirProductGfx."/info_".$gfxDelete); @unlink($rootDirProductGfx."/thumb_".$gfxDelete); mysql_query("DELETE FROM `product` WHERE `id` = '".$_GET['dpid']."'"); header("Location:/?p=16"); } //Update order quantity if($_GET['sf'] == "updateOrderQuantity"){ $arrayRows = count($_POST); foreach ($_POST as $pid => $quantity) { $pid = str_replace('productOrderQuantity', '', $pid); if($quantity == 0) { mysql_query("DELETE FROM `orders` WHERE `pid` = '$pid' AND `sid` = '$JP2customerSession'"); } else { mysql_query("UPDATE `orders` SET `quantity` = '$quantity' WHERE `pid` = '$pid' AND `sid` = '$JP2customerSession'"); } } header("Location:/?p=6"); } //order details if($_POST['customerGivenName']){ $orderId = mysql_result(mysql_query("SELECT distinct(`oid`) FROM `orders` WHERE `sid` = '$JP2customerSession'"),0,0); $orderCount = mysql_result(mysql_query("SELECT count(`id`) FROM `orderDetails` WHERE `id` = '$orderId'"),0,0); if($_POST['customerGivenName'] == "Fornavn(e)") { $_POST['customerGivenName'] = ""; } if($_POST['customerSurName'] == "Efternavn") { $_POST['customerSurName'] = ""; } if($_POST['customerAddress'] == "Adresse") { $_POST['customerAddress'] = ""; } if($_POST['customerPostal'] == "Postnr") { $_POST['customerPostal'] = ""; } if($_POST['customerCity'] == "By") { $_POST['customerCity'] = ""; } if($_POST['customerEmail'] == "E-mail adresse") { $_POST['customerEmail'] = ""; } if($_POST['customerPhone'] == "Telefon") { $_POST['customerPhone'] = ""; } if($_POST['customerEan'] == "EAN Nummer") { $_POST['customerEan'] = ""; } if($orderCount>0) { mysql_query("UPDATE `orderDetails` SET `givenName`='".$_POST['customerGivenName']."', `surName`='".$_POST['customerSurName']."', `address`='".$_POST['customerAddress']."', `postal`='".$_POST['customerPostal']."', `city`='".$_POST['customerCity']."', `email`='".$_POST['customerEmail']."', `phone`='".$_POST['customerPhone']."', `ean`='".$_POST['customerEan']."', `comment`='".$_POST['customerComments']."' WHERE `id`=$orderId"); } else { mysql_query("INSERT INTO `orderDetails` (`id`,`givenName`,`surName`,`address`,`postal`,`city`,`email`,`phone`,`ean`,`comment`) VALUES ('$orderId','".$_POST['customerGivenName']."','".$_POST['customerSurName']."','".$_POST['customerAddress']."','".$_POST['customerPostal']."','".$_POST['customerCity']."','".$_POST['customerEmail']."','".$_POST['customerPhone']."', '".$_POST['customerEan']."','".$_POST['customerComments']."')"); } header("Location:/?p=6&os=2"); } //order sender if($_POST['orderSendOK']){ //MailToJP2 $orderId = mysql_result(mysql_query("SELECT distinct(`oid`) FROM `orders` WHERE `sid` = '$JP2customerSession'"),0,0); $orderDetailInfo = mysql_fetch_array(mysql_query("SELECT * FROM `orderDetails` WHERE `id` = '$orderId'")); $tekst = ""; $tekst .= "Ordre afsendt fra JP2 website:

"; $tekst .= "Kontaktinfo:
"; $tekst .= $orderDetailInfo['givenName']." ".$orderDetailInfo['surName']."
"; $tekst .= $orderDetailInfo['address']."
"; $tekst .= $orderDetailInfo['postal']." ".$orderDetailInfo['city']."
"; $tekst .= "
"; $tekst .= "Email: ".$orderDetailInfo['email']."
"; $tekst .= "Telefon: ".$orderDetailInfo['phone']."
"; $tekst .= "EAN nummer: ".$orderDetailInfo['ean']."
"; $tekst .= "

"; $tekst .= "Evt. kommentarer:
"; $tekst .= $orderDetailInfo['comment']; $tekst .= "

"; $tekst .= "Ordren:
"; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $selectOrderItems = mysql_query("SELECT distinct(t2.title),t2.price,t1.pid,t1.quantity FROM `orders` AS t1 LEFT OUTER JOIN `product` AS t2 ON t1.`pid` = t2.`id` WHERE t1.`sid` = '$JP2customerSession'"); while($dataOrderItems = mysql_fetch_array($selectOrderItems)) { $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; } $tekst .= ""; $tekst .= ""; $tekst .= "
VareStk. prisAntalTotal pris

".$dataOrderItems['title']."".number_format($dataOrderItems['price'], 2, '.', ',')." kr".$dataOrderItems['quantity']."".number_format($dataOrderItems['quantity']*$dataOrderItems['price'], 2, '.', ',')." kr

Subtotal: ".number_format($_POST['productTotalPrice'], 2, '.', ',')." kr
"; $tekst .= ""; $email_data['til'] = mysql_result(mysql_query("SELECT `value` FROM `misc` WHERE `id` = 'orgEmail'"),0,0); $email_data['emne'] = "Mail fra JP2 - ordre #".$orderDetailInfo['id']; $email_data['besked'] = $tekst; $email_data['fra'] = $orderDetailInfo['email']; $email_data['html'] = 1; $headers = ''; if($email_data['fra']) $headers .= "From: ".$email_data['fra']."\n"; if($email_data['html']) $headers .= "Content-type: text/html\n"; mail($email_data['til'], $email_data['emne'], $email_data['besked'], $headers); //MailToCustomer $orderId = mysql_result(mysql_query("SELECT distinct(`oid`) FROM `orders` WHERE `sid` = '$JP2customerSession'"),0,0); $orderDetailInfo = mysql_fetch_array(mysql_query("SELECT * FROM `orderDetails` WHERE `id` = '$orderId'")); $tekst = ""; $tekst .= "Ordrebekræftelse fra JP2talservice:

"; $tekst .= "Din bestilling har fået ordre ID ".$orderDetailInfo['id'].". Ved evt. henvendelse bedes du oplyse dette.

"; $tekst .= "Vi har modtaget følgende fra dig:

"; $tekst .= "Kontaktinfo:
"; $tekst .= $orderDetailInfo['givenName']." ".$orderDetailInfo['surName']."
"; $tekst .= $orderDetailInfo['address']."
"; $tekst .= $orderDetailInfo['postal']." ".$orderDetailInfo['city']."
"; $tekst .= "
"; $tekst .= "Email: ".$orderDetailInfo['email']."
"; $tekst .= "Telefon: ".$orderDetailInfo['phone']."
"; $tekst .= "EAN nummer: ".$orderDetailInfo['ean']."
"; $tekst .= "

"; $tekst .= "Evt. kommentarer:
"; $tekst .= $orderDetailInfo['comment']; $tekst .= "

"; $tekst .= "Ordren:
"; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $selectOrderItems = mysql_query("SELECT distinct(t2.title),t2.price,t1.pid,t1.quantity FROM `orders` AS t1 LEFT OUTER JOIN `product` AS t2 ON t1.`pid` = t2.`id` WHERE t1.`sid` = '$JP2customerSession'"); while($dataOrderItems = mysql_fetch_array($selectOrderItems)) { $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; $tekst .= ""; } $tekst .= ""; $tekst .= ""; $tekst .= "
VareStk. prisAntalTotal pris

".$dataOrderItems['title']."".number_format($dataOrderItems['price'], 2, '.', ',')." kr".$dataOrderItems['quantity']."".number_format($dataOrderItems['quantity']*$dataOrderItems['price'], 2, '.', ',')." kr

Subtotal: ".number_format($_POST['productTotalPrice'], 2, '.', ',')." kr
"; $tekst .= ""; $email_data['til'] = $orderDetailInfo['email']; $email_data['emne'] = "Ordrebekræftelse JP2talservice - ordre #".$orderDetailInfo['id']; $email_data['besked'] = $tekst; $email_data['fra'] = mysql_result(mysql_query("SELECT `value` FROM `misc` WHERE `id` = 'orgEmail'"),0,0); $email_data['html'] = 1; $headers = ''; if($email_data['fra']) $headers .= "From: ".$email_data['fra']."\n"; if($email_data['html']) $headers .= "Content-type: text/html\n"; mail($email_data['til'], $email_data['emne'], $email_data['besked'], $headers); mysql_query("UPDATE `orderDetails` SET `orderSent` = 1 WHERE `id` = '".$orderDetailInfo['id']."'"); mysql_query("UPDATE `orders` SET `sent` = 1 WHERE `oid` = '".$orderDetailInfo['id']."'"); header("Location:/?p=6&os=3&oid=".$orderDetailInfo['id']); } //Add product to order if($_POST['addpid2order']){ $oidRows = mysql_num_rows(mysql_query("SELECT `id` FROM `orders` WHERE `sid` = '$JP2customerSession'")); if($oidRows == 0) { $oid = mysql_result(mysql_query("SELECT `oid` FROM `orders` ORDER BY `oid` desc LIMIT 1"),0,0)+1; } else { $oid = mysql_result(mysql_query("SELECT distinct(oid) FROM `orders` WHERE `sid` = '$JP2customerSession'"),0,0); } //Check if product is already in basket and update row if it is - else insert new row if(mysql_num_rows(mysql_query("SELECT `id` FROM `orders` WHERE `pid` = '".$_POST['addpid2order']."' AND `sid` = '$JP2customerSession'")) > 0) { mysql_query("UPDATE `orders` SET `quantity` = `quantity`+".$_POST['addQuantity2order']." WHERE `pid` = '".$_POST['addpid2order']."' AND `sid` = '$JP2customerSession'"); } else { mysql_query("INSERT INTO `orders` (`id`,`sid`,`pid`,`sent`,`oid`,`quantity`) VALUES (NULL,'$JP2customerSession','".$_POST['addpid2order']."','0',$oid,'".$_POST['addQuantity2order']."')"); } unset($_POST['addpid2order']); header("Location:".$_POST['returnPath']); } //Deactivate product if($_POST['removeProductPid']){ mysql_query("UPDATE `product` set `active` = 0 WHERE `id` = '".$_POST['removeProductPid']."'"); unset($_POST['removeProductPid']); header("Location:".$_POST['returnPath']); } //Activate product if($_POST['inactiveProductId']){ mysql_query("UPDATE `product` set `active` = 1 WHERE `id` = '".$_POST['inactiveProductId']."'"); unset($_POST['inactiveProductId']); header("Location:".$_POST['returnPath']); } //Group Create if($_POST['createGroupTitle']){ mysql_query("INSERT INTO `productGroup` (`id`,`name`,`descr`,`parent`) VALUES (NULL,'".$_POST['createGroupTitle']."','".$_POST['createGroupDescr']."',NULL)"); $newGroup = mysql_result(mysql_query("SELECT `id` FROM `productGroup` ORDER BY ID DESC LIMIT 1"),0,0); unset($_POST['createGroupTitle']); header("Location:/?p=4&g=".$newGroup); } //Group edit if($_POST['editGroupTitle']){ mysql_query("UPDATE productGroup SET `name` = '".$_POST['editGroupTitle']."',`descr` = '".$_POST['editGroupDescr']."' WHERE `id` = '".$_POST['groupRef']."'"); unset($_POST['editGroupTitle']); header("Location:/?p=4&g=".$_POST['groupRef']); } //Group delete if(isset($_GET['dpgid']) && !empty($_GET['dpgid'])) { $productsInGroup = mysql_num_rows(mysql_query("SELECT `id` FROM `product` WHERE `group` = '".$_GET['dpgid']."'")); if($productsInGroup>0) {} else { mysql_query("DELETE FROM `productGroup` WHERE `id` = '".$_GET['dpgid']."'"); header("Location:?p=19"); } } //Information edit if($_POST['editOrgName']){ mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgName']."' WHERE `id` = 'orgName'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgAddress']."' WHERE `id` = 'orgAddress'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgPostal']."' WHERE `id` = 'orgPostal'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgCity']."' WHERE `id` = 'orgCity'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgCVR']."' WHERE `id` = 'orgCVR'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgPhone1']."' WHERE `id` = 'orgPhone1'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgPhone2']."' WHERE `id` = 'orgPhone2'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgFax']."' WHERE `id` = 'orgFax'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgEmail']."' WHERE `id` = 'orgEmail'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgBankName']."' WHERE `id` = 'orgBankName'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgBankReg']."' WHERE `id` = 'orgBankReg'"); mysql_query("UPDATE `misc` SET `value` = '".$_POST['editOrgBankAccount']."' WHERE `id` = 'orgBankAccount'"); unset($_POST['editOrgName']); header("Location:/?p=13&msg=1"); } //contactFormMailer if(isset($_POST['submitContactForm'])) { mysql_query("INSERT INTO `contactFormMsg` (`id` ,`name` ,`email` ,`phone` ,`message` ,`ip`,`date` )VALUES (NULL,'".$_POST['contactFormName']."','".$_POST['contactFormEmail']."','".$_POST['contactFormPhone']."','".$_POST['contactFormMsg']."','".$_SERVER['REMOTE_ADDR']."',NULL)"); $sender = $_POST['contactFormEmail']; $email = mysql_result(mysql_query("SELECT `value` FROM `misc` WHERE `id` = 'orgEmail'"),0,0); $sub = "Mail fra kontaktformular på jp2talservice.dk"; $besked = "Navn: ".$_POST['contactFormName']."\n\nTelefon ".$_POST['contactFormPhone']."\n\nBesked:\n".$_POST['contactFormMsg']; $header = "From: ".$sender."\n"; $header .= "Reply-To: ".$sender."\n"; mail($email, $sub, $besked, $header); unset($_POST['submitContactForm']); header("Location:/?p=5&sent=1"); } //UpdatePageContent if($_POST['page2update']) { mysql_query("UPDATE `pages` SET `content` = '".$_POST['text']."' WHERE `id` = '".$_POST['page2update']."'"); header("Location:".$_POST['returnPath']."&u=1"); } //Create Reference if($_POST['refCreate'] == 1) { function scale($gfx,$b,$h,$type){ $uploadDir = "gfx/ref/"; $dst_img=imagecreatetruecolor($b,$h); $src_img=ImageCreateFromJpeg($uploadDir.$gfx); ImageCopyResampled($dst_img,$src_img,0,0,0,0,$b,$h,ImageSX($src_img),ImageSY($src_img)); ImageJpeg($dst_img, $uploadDir.$type."_".$gfx); } foreach($_FILES as $files) { if ($files['size'] > 0 && substr($files['name'], -4) == '.jpg') { $ext = substr($files['name'], -4); $rand = rand(1, 9999); $md5 = md5($files['name'].$rand); $uploadDir = "gfx/ref/"; $uploadName = $uploadDir.$md5.$ext; move_uploaded_file($files['tmp_name'],$uploadName); $imageRefWidth = '200'; $imgsize = getimagesize($uploadName); $imageW = $imgsize[0]; //Image width $imageH = $imgsize[1]; //Image height $varRef = $imageRefWidth*100/$imageW; $newHeightRef = $imageH*$varRef/100; if($imageW<$imageRefWidth) { $imageRefWidth = $imageW; $newHeightRef = $imageH; } scale($md5.$ext,$imageRefWidth,$newHeightRef,'ref'); $gfxData = $md5.$ext; } } $maxCustomOrder = mysql_result(mysql_query("select `customOrder` from `references` order by `customOrder` desc limit 1"),0,0)+1; mysql_query("INSERT INTO `references` (`id`,`name`,`www`,`descr`,`gfx`,`customOrder`) VALUES (NULL,'".$_POST['refName']."','".$_POST['refWWW']."','".$_POST['refDescr']."','".$gfxData."','".$maxCustomOrder."')"); unset($_POST['refCreate']); header("Location:/?p=18"); } //Update Reference if($_POST['refUpdate'] == 1) { if(strlen($_FILES['refGfx']['name']) > 1) { $gfxDelete = mysql_result(mysql_query("SELECT `gfx` FROM `references` WHERE `id` = '".$_POST['refID']."'"),0,0); @unlink($rootDirRefGfx."/".$gfxDelete); @unlink($rootDirRefGfx."/ref_".$gfxDelete); function scale($gfx,$b,$h,$type){ $uploadDir = "gfx/ref/"; $dst_img=imagecreatetruecolor($b,$h); $src_img=ImageCreateFromJpeg($uploadDir.$gfx); ImageCopyResampled($dst_img,$src_img,0,0,0,0,$b,$h,ImageSX($src_img),ImageSY($src_img)); ImageJpeg($dst_img, $uploadDir.$type."_".$gfx); } foreach($_FILES as $files) { if ($files['size'] > 0 && substr($files['name'], -4) == '.jpg') { $ext = substr($files['name'], -4); $rand = rand(1, 9999); $md5 = md5($files['name'].$rand); $uploadDir = "gfx/ref/"; $uploadName = $uploadDir.$md5.$ext; move_uploaded_file($files['tmp_name'],$uploadName); $imageRefWidth = '200'; $imgsize = getimagesize($uploadName); $imageW = $imgsize[0]; //Image width $imageH = $imgsize[1]; //Image height $varRef = $imageRefWidth*100/$imageW; $newHeightRef = $imageH*$varRef/100; if($imageW<$imageRefWidth) { $imageRefWidth = $imageW; $newHeightRef = $imageH; } scale($md5.$ext,$imageRefWidth,$newHeightRef,'ref'); $gfxData = $md5.$ext; } } mysql_query("UPDATE `references` SET `name` = '".$_POST['refName']."', `www` = '".$_POST['refWWW']."', `descr` = '".$_POST['refDescr']."', `gfx` = '".$gfxData."' WHERE `id` = '".$_POST['refID']."'"); } else { mysql_query("UPDATE `references` SET `name` = '".$_POST['refName']."', `www` = '".$_POST['refWWW']."', `descr` = '".$_POST['refDescr']."' WHERE `id` = '".$_POST['refID']."'"); } unset($_POST['refUpdate']); header("Location:/?p=18"); } //Move reference if($_GET['p'] == 18 && $_GET['id'] && $_GET['move'] && $adminLoggedIn == '1') { $currentOrder = mysql_result(mysql_query("select `customOrder` from `references` where `id` = '".$_GET['id']."'"),0,0); if($_GET['move'] == "as") { $currentOrderNew = ($currentOrder-1); } else if($_GET['move'] == "de") { $currentOrderNew = ($currentOrder+1); } $swapId = mysql_result(mysql_query("select `id` from `references` where `customOrder` = '".$currentOrderNew."'"),0,0); mysql_query("update `references` set `customOrder` = '".$currentOrder."' where `id` = '".$swapId."'"); mysql_query("update `references` set `customOrder` = '".$currentOrderNew."' where `id` = '".$_GET['id']."'"); header("Location:/?p=18"); } //Delete Reference if($_GET['delRef'] == '1' && $adminLoggedIn == '1') { $gfxDelete = mysql_result(mysql_query("SELECT `gfx` FROM `references` WHERE `id` = '".$_GET['rid']."'"),0,0); @unlink($rootDirRefGfx."/".$gfxDelete); @unlink($rootDirRefGfx."/ref_".$gfxDelete); mysql_query("DELETE FROM `references` WHERE `id` = '".$_GET['rid']."'"); header("Location:/?p=18"); } //Change password if($_POST['oldPassword']) { $realOldPassword = mysql_result(mysql_query("SELECT `value` FROM `misc` WHERE `id` = 'adminPassword'"),0,0); if($realOldPassword == md5($_POST['oldPassword'])) { if($_POST['newPassword'] <> '') { if(md5($_POST['newPassword']) == md5($_POST['newPasswordConfirm'])) { mysql_query("UPDATE `misc` SET `value` = '".md5($_POST['newPassword'])."' WHERE `id` = 'adminPassword'"); header("Location:/?p=23&e=3"); } else { header("Location:/?p=23&e=2"); } } else { header("Location:/?p=23&e=1"); } } else { header("Location:/?p=23&e=4"); } } ?>