Admin Tools

[insert_php]

#print_r($_COOKIE);

$com = ‘T’;

if (empty($_POST[“admid”])) {

if (empty($_POST[“username”])) { $username = ”; $com = ‘F’; }
else { $username = $_POST[“username”]; }

if (empty($_POST[“password”])) { $password = ”; $com = ‘F’; }
else { $password = $_POST[“password”]; }

/*echo “USER”.$username;
echo “PASS”.$password;
*/

$admname = ”;
$admid = 0;

if($com == ‘T’) {

$result = mysql_query(“SELECT `adm-id`, `adm-name`, `adm-password` FROM sc_admin where `adm-username` = ‘$username'”) or die(“admfind”.mysql_error());
if(!mysql_num_rows($result)) { $com = ‘F’; }
else { while($row = mysql_fetch_array($result)) {

if($row[‘adm-password’] == md5($password)) {
$admname = $row[‘adm-name’];
$admid = $row[‘adm-id’];
$hpass = $row[‘adm-password’];

}
else { $com = ‘F’; }

}}

}
}
else {

if (empty($_REQUEST[“admid”])) { $admid = 0; }
else { $admid = $_REQUEST[“admid”]; }
if (empty($_REQUEST[“hpass”])) { $hpass = ”; }
else { $hpass = $_REQUEST[“hpass”]; }

#echo “ADM”.$admid.”HPASS”.$hpass;

$result = mysql_query(“SELECT `adm-id`, `adm-name`, `adm-password` FROM sc_admin where `adm-id` = ‘$admid’ and `adm-password` = ‘$hpass'”) or die(“findadmid”.mysql_error());
if(!mysql_num_rows($result)) { $com = ‘F’; }
else { while($row = mysql_fetch_array($result)) {

$admname = $row[‘adm-name’];
$admid = $row[‘adm-id’];
$hpass = $row[‘adm-password’];
$com = ‘T’;

}}
}

/* if login or cusid pass true, then display admin tools */
if($com == ‘T’) {

echo “Welcome, “.$admname.”!“;

echo “

Search Orders

“;

$sql = “SELECT `cus-id`, `cus-company`, `cus-firstname`, `cus-lastname`, `cus-del-city` FROM sc_customer where `cus-active` = ‘NEW'”;

$result = mysql_query($sql) or die(“regcust”.mysql_error());
if(!mysql_num_rows($result)) {

$sql = “SELECT `order-id`, `order-cus-id`, `ordered-on`, `total`, `status` FROM sc_orders where `status` = ‘PENDING’ and `total` != 0 ORDER by `order-id` DESC”;
$result = mysql_query($sql) or die(“openorders”.mysql_error());
if(!mysql_num_rows($result)) {

echo “

No New Orders Waiting

“;
}
else {

echo “

New Orders

“;
echo “

“;

while($row = mysql_fetch_array($result)) {

echo “

“;
echo “

“;
echo “

“;
echo “

“;
echo “

“;
echo “

“;
echo “

“;
echo “

“;

}
echo “

Order ID # Customer Order Date Order Total Status
“.$row[‘order-id’].” “;
$sql2 = “SELECT `cus-company`, `cus-firstname`, `cus-lastname` from sc_customer WHERE `cus-id` = “.$row[‘order-cus-id’];
$result2 = mysql_query($sql2) or die(“custname”.mysql_error());
if(!mysql_num_rows($result2)) { }
else { while($row2 = mysql_fetch_array($result2)) {

if ($row2[‘cus-company’] != ”) { echo $row2[‘cus-company’]; }
else { echo $row2[‘cus-firstname’].” “.$row2[‘cus-lastname’]; }
}}
echo “

 “.substr($row[‘ordered-on’],5,2).”/”.substr($row[‘ordered-on’],8,2).”/”.substr($row[‘ordered-on’],2,2).” “.number_format($row[‘total’],2).” “.$row[‘status’].” View Order

“;
}

echo “

No New Registrations Waiting

“;
}
else {
echo “

New Registrations

“;
echo “

“;
while($row = mysql_fetch_array($result)) {

echo “

“;
echo “

“;
echo “

“;
echo “

“;

}
echo “

Customer Name Delivery City Status
“;
if ($row[‘cus-company’] != ”) { echo $row[‘cus-company’]; }
else { echo $row[‘cus-firstname’].” “.$row[‘cus-lastname’]; }
echo “		 “.$row[‘cus-del-city’].” “.$row[‘cus-active’].” View Customer

“;
}

$sql = “SELECT `cus-id`, `cus-company`, `cus-firstname`, `cus-lastname`, `cus-del-city` FROM sc_customer where `cus-active` = ‘PENDING'”;

$result = mysql_query($sql) or die(“regcust”.mysql_error());
if(!mysql_num_rows($result)) {

echo “

No Pending Registrations Waiting

“;
}
else {
echo “

Pending Registrations

“;
echo “

“;
while($row = mysql_fetch_array($result)) {

echo “

“;
echo “

“;
echo “

“;
echo “

“;

}
echo “

Customer Name Delivery City
“;
if ($row[‘cus-company’] != ”) { echo $row[‘cus-company’]; }
else { echo $row[‘cus-firstname’].” “.$row[‘cus-lastname’]; }
echo “		 “.$row[‘cus-del-city’].” “.$row[‘cus-active’].” View Customer

“;
}

$sql = “SELECT `cus-id`, `cus-company`, `cus-firstname`, `cus-lastname`, `cus-del-city` FROM sc_customer where `cus-active` = ‘NEED ACCT SETUP'”;

$result = mysql_query($sql) or die(“regcust”.mysql_error());
if(!mysql_num_rows($result)) {

echo “

No Customer Setups Waiting

“;
}
else {
echo “

Customer Setups Waiting

“;
echo “

“;
while($row = mysql_fetch_array($result)) {

echo “

“;
echo “

“;
echo “

“;
echo “

“;

}
echo “

Customer Name Delivery City
“;
if ($row[‘cus-company’] != ”) { echo $row[‘cus-company’]; }
else { echo $row[‘cus-firstname’].” “.$row[‘cus-lastname’]; }
echo “		 “.$row[‘cus-del-city’].” “.$row[‘cus-active’].” View Customer

“;
}

echo “

View All Orders

“;
echo “

View All Customers

“;

echo “

Update Product Prices

“;

}
else if ($com == ‘F’) {

echo “Administrator Login Failed. Please try again.”;
echo “

“;
echo “

“;

}

[/insert_php]