File: /home/mckernan/public_html/iJournal/includes/file/newclient.php
<?php
// open client
// init database name
$database = DB_PREFIX . 'system';
// process request
if ($sid != '')
{
// sid check
require "includes/session/sidck.php";
// init return value
$rv = '<root>' . PHP_EOL;
// fetch database name / open db
require "includes/db.php";
// fetch vars
$sortname = getvar($db, 'srt', 'string');
//$sortname = getvarRawString(urldecode('srt'));
$entity = getvar($db, 'typ', 'int');
$industry = getvar($db, 'ind', 'int');
$sysname = str_replace(' ', '', $sortname);
$sysname = str_replace(',', '', $sysname);
$sysname = str_replace('.', '', $sysname);
$sysname = str_replace('-', '', $sysname);
$sysname = str_replace('/', '', $sysname);
$sysname = str_replace("'", '', $sysname);
$sysname = str_replace('&', '', $sysname);
$sysname = strtolower($sysname);
// create db
require "createclient.inc.php";
/*
// create client folders
$clientfolder = clientPath() . $sysname;
mkdir($clientfolder);
$statementfolder = $clientfolder . '/statements';
mkdir($statementfolder);
*/
// update sys table
$query = "INSERT INTO clients (cln_sort, cln_dbname) VALUES ('" . $sortname . "', '" . $sysname . "')";
if ($result = $db->query($query))
{
$rv .= '<success>true</success>';
}
else
{
$rv .= '<success></success>';
}
// finish output
$rv .= '</root>' . PHP_EOL;
// return data
echo $rv;
die;
}
else
{
header('Server: ');
header('X-Powered-By: ');
header("HTTP/1.0 404 Not Found");
}
?>