File: /home/mckernan/public_html/iJournal/includes/fixed/upd.php
<?php
// update fixed asset
// init database name
$database = DB_PREFIX;
// process request
if ($sid != '')
{
// sid check
require "includes/session/sidck.php";
// init return value
$rv = '<root>' . PHP_EOL;
// fetch database name / open db
$dbname = '';
if ( isset($_POST['db']) ) $dbname = $_POST['db'];
if ( isset($_GET['db']) ) $dbname = $_GET['db'];
if ($dbname == '') die();
$database .= $dbname;
require "includes/db.php";
// fetch / validate params
$valid = true;
$per = 0;
if ( isset($_POST['per']) ) $per = $_POST['per'];
if ( isset($_GET['per']) ) $per = $_GET['per'];
$per = intval($per);
if ($per == 0) $valid = false;
$id = 0;
if ( isset($_POST['id']) ) $id = $_POST['id'];
if ( isset($_GET['id']) ) $id = $_GET['id'];
$id = intval($id);
$caption = '';
if ( isset($_POST['caption']) ) $caption = $_POST['caption'];
if ( isset($_GET['caption']) ) $caption = $_GET['caption'];
$caption = $db->real_escape_string($caption);
if (strlen($caption) < 1) $valid = false;
$date = '';
if ( isset($_POST['date']) ) $date = $_POST['date'];
if ( isset($_GET['date']) ) $date = $_GET['date'];
$date = $db->real_escape_string($date);
if (strlen($date) != 10)
{
$valid = false;
}
else
{
$date = flipdate($date);
}
$cost = 0;
if ( isset($_POST['cost']) ) $cost = floatval($_POST['cost']);
if ( isset($_GET['cost']) ) $cost = floatval($_GET['cost']);
$cost = abs(floatval($cost));
if ($cost == 0) $valid = false;
$financed = 0;
if ( isset($_POST['fin']) ) $financed = floatval($_POST['fin']);
if ( isset($_GET['fin']) ) $financed = floatval($_GET['fin']);
$financed = abs(floatval($financed));
$mos = 0;
if ( isset($_POST['mos']) ) $mos = $_POST['mos'];
if ( isset($_GET['mos']) ) $mos = $_GET['mos'];
$mos = intval($mos);
if ($mos < 36 || $mos > 474) $valid = false;
if ($valid)
{
$monthly = round($cost / $mos, 2);
$query = "UPDATE fixed_assets SET fa_per = " . $per . ", fa_date = '" . $date . "', fa_caption = '" . $caption . "', fa_mos = " .
$mos . ", fa_cost = " . $cost . ", fa_financed = " . $financed . ", fa_monthly = " . $monthly . " WHERE fa_id = " . $id;
if ($result = $db->query($query))
{
if ($db->affected_rows == 1)
{
$rv .= "<success>true</success>" . PHP_EOL;
}
else
{
$rv .= "<success></success>" . PHP_EOL;
}
}
else
{
$rv .= "<success></success>" . PHP_EOL;
}
}
else
{
$rv .= "<success></success>" . PHP_EOL;
}
// finish output
$rv .= '</root>' . PHP_EOL;
// return data
echo $rv;
die;
}
else
{
header('Server: ');
header('X-Powered-By: ');
header("HTTP/1.0 404 Not Found");
}
?>