ACC SHELL
<?php
$make = select( "make", "view" );
if ( $make == "view" ) {
$query = "SELECT * FROM `hotels` ORDER BY `name` ASC";
$result = mysql_query( $query, $dbc );
$table = array();
$i = -1;
if ( mysql_num_rows( $result ) > 0 )
{
while ( $row = mysql_fetch_row( $result ) )
{
$i++;
$table[ $i ][ 'id' ] = $row[ 0 ];
$table[ $i ][ 'title' ] = $row[ 3 ];
}
$smarty->assign( 'table', $table );
}
$smarty->display( 'admin/hotels.tpl' );
}
elseif ( $make == "add" )
{
if ( isset( $_POST[ "submit" ] ) )
{
$correct = TRUE;
$message = "";
if ( empty( $_POST[ "name" ] ) ) {
$correct = FALSE;
$message .= "<p>Nebylo zadáno přihlašovací jméno!</p>\n";
}
if ( empty( $_POST[ "pass" ] ) ) {
$correct = FALSE;
$message .= "<p>Nebylo zadáno přihlašovací heslo!</p>\n";
}
if ( empty( $_POST[ "hotel" ] ) ) {
$correct = FALSE;
$message .= "<p>Nebyl zadán název hotelu!</p>\n";
}
if ( $correct ) {
$name = htmlspecialchars( $_POST[ "name" ] );
$pass = sha1( htmlspecialchars( $_POST[ "pass" ] ) );
$hotel = htmlspecialchars( $_POST[ "hotel" ] );
$query = "INSERT INTO `users` (username, pass, admin) VALUES ('$name', '$pass', '0')";
$result = @mysql_query( $query, $dbc );
if ( $result) {
$res = @mysql_query( "SELECT ID FROM `users` ORDER BY ID DESC LIMIT 0,1", $dbc );
$row = mysql_fetch_array( $res );
$ID = $row[ 0 ];
$res = @mysql_query( "SELECT MAX(`order`) FROM `hotels`", $dbc );
$row = mysql_fetch_array( $res );
$order = $row[ 0 ]+1;
$query = "INSERT INTO `hotels` (ID_user,autorized,name,`order`) VALUES ('$ID','0','$hotel','$order')";
$result = @mysql_query( $query, $dbc );
if ( $result) {
$res = @mysql_query( "SELECT ID FROM `users` ORDER BY ID DESC LIMIT 0,1", $dbc);
$row = mysql_fetch_array( $res );
$ID = $row[ 0 ];
header ( "Location: index.php?action=hotels&make=view&do=saved&id=$row[0]" );
} else {
echo "chyba:". mysql_error();
}
} else {
echo "chyba:". mysql_error();
}
} else {
echo "\n". $message. "<p>Zkuste to znovu..</p>\n";
}
}
$smarty->assign( "name", $_POST[ "name" ] );
$smarty->assign( "pass", $_POST[ "pass" ] );
$smarty->assign( "hotel", $_POST[ "hotel" ] );
$smarty->display( "admin/hotels_add.tpl" );
}
elseif ( $make == "viewhtl" )
{
$query = "SELECT * FROM `hotels` WHERE `ID` = '". $_GET[ 'id' ]. "'";
$result = mysql_query( $query, $dbc );
if ( mysql_num_rows( $result ) > 0 )
{
$row = mysql_fetch_row( $result );
$smarty->assign( 'name', $row[ 3 ] );
$smarty->assign( 'address_street', $row[ 5 ] );
$smarty->assign( 'address_city', $row[ 6 ] );
if ( !empty( $row[ 7 ] ) ) {
$email = $row[ 7 ];
} else {
$email = "-";
}
$smarty->assign( 'email', $email );
if ( !empty( $row[ 8 ] ) ) {
$phone = $row[ 8 ];
} else {
$phone = "-";
}
$smarty->assign( 'phone', $phone );
if ( !empty( $row[ 9 ] ) ) {
$gsm = $row[ 9 ];
} else {
$gsm = "-";
}
$smarty->assign( 'gsm', $gsm );
if ( !empty( $row[ 10 ] ) ) {
$fax = $row[ 10 ];
} else {
$fax = "-";
}
if ( !empty( $_GET[ 'from' ]) ) {
$smarty->assign( 'from', $_GET[ 'from' ] );
} else {
$smarty->assign( 'from', 'false' );
}
$smarty->assign( 'fax', $fax );
$smarty->display( 'admin/hotels_view.tpl' );
} else {
message( "Hotel není regitrovaný v databázi.<br />Informujte o tom prosím systémového administrátora." );
}
}
else
{
message( "action_not_exist", TRUE );
}
?>
ACC SHELL 2018