File: /home/mckernan/public_html/iJournal/includes/client/setper.php
<?php
// set current period
// init database name
$database = DB_PREFIX;
// process request
if ($sid != '')
{
// sid check
require "includes/session/sidck.php";
// init return value
$rv = '<root>' . PHP_EOL;
// fetch database name / open db
$db = '';
if ( isset($_POST['db']) ) $db = $_POST['db'];
if ( isset($_GET['db']) ) $db = $_GET['db'];
if ($db == '') die();
$database .= $db;
require "includes/db.php";
// fetch input data
$per = getvar($db, 'per', 'string');
$yr = getvar($db, 'yr', 'string');
$mos = getvar($db, 'mos', 'int');
// verify period is not in db
$query = "SELECT per_id FROM periods WHERE per_per = '" . $per . "' AND per_yr = '" . $yr . "'";
if ($result = $db->query($query))
{
if ($db->affected_rows == 0)
{
// reset current period
$query = "UPDATE periods SET per_current = 0 WHERE 1";
$db->query($query);
$query = "INSERT INTO periods (per_per, per_yr, per_mos, per_created) VALUES " .
"('" . $per . "', '" . $yr . "', " . $mos . ", NOW())";
if ($db->query($query))
{
$period_id = $db->insert_id;
$query = "INSERT INTO journal (jrnl_per) VALUES (" . $period_id . ")";
if ($db->query($query))
{
$rv .= '<pid>' . $period_id . '</pid>' . PHP_EOL;
$rv .= '<period>' . $per . '</period>' . PHP_EOL;
}
else
{
$rv .= '<pid>-1</pid>' . PHP_EOL;
$rv .= '<period></period>' . PHP_EOL;
}
}
else
{
$rv .= '<pid>-1</pid>' . PHP_EOL;
$rv .= '<period></period>' . PHP_EOL;
}
}
else
{
$rv .= '<pid>0</pid>' . PHP_EOL;
$rv .= '<period></period>' . PHP_EOL;
}
}
else
{
$rv .= '<pid>-2</pid>' . PHP_EOL;
$rv .= '<period></period>' . PHP_EOL;
}
// finish output
$rv .= '</root>' . PHP_EOL;
// return data
echo $rv;
die;
}
else
{
header('Server: ');
header('X-Powered-By: ');
header("HTTP/1.0 404 Not Found");
}
?>