";
//$row = mysqli_fetch_assoc($result);
while($row = mysqli_fetch_assoc($result)) {
if($row['password'] == bcrypt_hash($password, $row['password'])) {
$xml.="- ".$row['ID']."";
$xml.="".$row['email']."";
//$xml.="".$password."";
$xml.="".$row['affiliate_ID']."";
$xml.="
";
}
}
$xml.="";
echo $xml;
}else if($ui=="get_users"){
//$password = $_POST['password'];
$password = $_POST['password'] ? $_POST['password'] : $_GET['password'];
//$email = $_POST['email'];
$email = $_POST['email'] ? $_POST['email'] : $_GET['email'];
//
$account = $account_model->get($email);
if($account && $account['password'] == bcrypt_hash($password, $account['password'])) {
$account_model->updateLoginTime($account['id']);
}
//
$usql = "SELECT * FROM `Users` WHERE `email` = '$email' ORDER BY `last_login` DESC";
$result = mysqli_query($hookup, $usql);
$cnt = 0;
$xml="";
//
if (mysqli_num_rows($result) == 0) {
if ($account_model->isValid($email, $password)) {
$xml.="new";
}else{
$xml.= "none";
}
}else{
while ($row = mysqli_fetch_assoc($result)) {
if ($row['password'] == bcrypt_hash($password, $row['password'])) {
$cnt++;
$xml.="- ".$row['ID']."";
$xml.="".$row['first_name']."";
$xml.="".$row['middle_name']."";
$xml.="".$row['last_name']."";
$xml.="".$row['cfirst_name']."";
$xml.="".$row['cmiddle_name']."";
$xml.="".$row['clast_name']."";
$xml.="".$row['dob']."";
$xml.="".$row['gender']."";
$xml.="".$row['uid']."";
$xml.="".$row['subscribed']."";
$xml.="".$row['sub_date']."";
$xml.="".$row['user_name']."";
$xml.= "".$row['last_login']."";
$xml.="".$row['init']."";
$xml.="".$row['public_id']."";
$xml.="
";
}
}
if($cnt>0){
$xml.= "";
}else {
$xml.= "incorrect";
}
}
echo $xml;
}else if($ui=="deleteuser"){
$id = intval($_POST['id']);
$sql = "DELETE FROM `Users` WHERE `ID` = '$id'";
$result=mysqli_query($hookup, $sql);
$used_id = "".mysqli_insert_id($hookup)."";
if($result){
$return = "success";
echo $return;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="inituser"){
$id = intval($_POST['id']);
$sql = "UPDATE `Users` SET `init` = 1 WHERE `ID` = '$id'";
$result=mysqli_query($hookup, $sql);
if($result){
$return = "success";
echo $return;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="add_user"){
$first = mysqli_real_escape_string($hookup, $_POST['first_name']);
$middle = mysqli_real_escape_string($hookup, $_POST['middle_name']);
$last = mysqli_real_escape_string($hookup, $_POST['last_name']);
$cfirst = mysqli_real_escape_string($hookup, $_POST['cfirst_name']);
$cmiddle = mysqli_real_escape_string($hookup, $_POST['cmiddle_name']);
$clast = mysqli_real_escape_string($hookup, $_POST['clast_name']);
$dob = mysqli_real_escape_string($hookup, $_POST['dob']);
//not sure what this is, be sure to escape this if it's ever used
$aid = $_POST['aid'];
$email = mysqli_real_escape_string($hookup, $_POST['email']);
$gender = intval($_POST['gender']);
$vendor = intval($_POST['vendor']);
//$password = $_POST['password'];
$password = $_POST['password'] ? $_POST['password'] : $_GET['password'];
$hashed_pass = mysqli_real_escape_string($hookup, bcrypt_hash($password, BCRYPT_COST));
//$user = $_POST['user_name'];
$user = mysqli_real_escape_string($hookup, $_POST['user_name'] ? $_POST['user_name'] : $_GET['user_name']);
$join = mysqli_real_escape_string($hookup, date("Y-m-d H:i:s"));
$uid = intval(uniqid());
$public_id = mysqli_real_escape_string($hookup, \pc\sha1_token());
$sql = "INSERT INTO `Users` (`ID`, `first_name`, `middle_name`, `last_name`, `cfirst_name`, `cmiddle_name`, `clast_name`, `dob`, `gender`, `uid`, `email`, `password`, `user_name`, `join_date`, `account_ID`, public_id, `affiliateID`) VALUES ('', '$first', '$middle', '$last', '$cfirst', '$cmiddle', '$clast', '$dob', '$gender', '$uid', '$email', '$hashed_pass', '$user', '$join', '$uid', '$public_id', '$vendor')";
file_put_contents("test2.txt",$sql,FILE_APPEND);
$result=mysqli_query($hookup, $sql);
$used_id = "".mysqli_insert_id($hookup)."";
if($result){
$return = $used_id;
echo $return;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="edit_usernames"){
//$id = $_POST['id'];
$id = intval($_POST['id'] ? $_POST['id'] : $_GET['id']);
$first = mysqli_real_escape_string($hookup, $_POST['first_name']);
$middle = mysqli_real_escape_string($hookup, $_POST['middle_name']);
$last = mysqli_real_escape_string($hookup, $_POST['last_name']);
$cfirst = mysqli_real_escape_string($hookup, $_POST['cfirst_name']);
$cmiddle = mysqli_real_escape_string($hookup, $_POST['cmiddle_name']);
$clast = mysqli_real_escape_string($hookup, $_POST['clast_name']);
//$sql = "UPDATE `Users` SET `email` = '$email', `password` = '$pass' WHERE `ID` = '$id'";
$sql = "UPDATE `Users` SET `middle_name` = '$middle', `last_name` = '$last', `cfirst_name` = '$cfirst', `cmiddle_name` = '$cmiddle', `clast_name` = '$clast' WHERE `ID` = '$id'";
$result=mysqli_query($hookup, $sql);
if($result) {
$return = "success";
echo $return;
}
else {
$return = "error=" . $type. " / ". mysqli_error($hookup)."";
echo $return;
}
}else if($ui=="edituserlogin"){
//$id = $_POST['id'];
$id = intval($_POST['id'] ? $_POST['id'] : $_GET['id']);
//$pass = $_POST['pass'];
$pass = $_POST['pass'] ? $_POST['pass'] : $_GET['pass'];
$hashed_pass = mysqli_real_escape_string($hookup, bcrypt_hash($pass, BCRYPT_COST));
//$email = $_POST['email'];
$email = $_POST['email'] ? $_POST['email'] : $_GET['email'];
$esc_email = mysqli_real_escape_string($hookup, $email);
//$sql = "UPDATE `Users` SET `email` = '$email', `password` = '$pass' WHERE `ID` = '$id'";
$sql = "UPDATE `Users` SET `email` = '$esc_email', `password` = '$hashed_pass' WHERE `ID` = '$id'";
$result=mysqli_query($hookup, $sql);
if($result) {
$account_model->create($email, $pass);
//
$return = "success";
echo $return;
}
else {
$return = "error=" . $type. " / ". mysqli_error($hookup)."";
echo $return;
}
}else if($ui=="editalluserslogin"){
//$pass = $_POST['pass'];
$pass = $_POST['pass'] ? $_POST['pass'] : $_GET['pass'];
$hashed_pass = mysqli_real_escape_string($hookup, bcrypt_hash($pass, BCRYPT_COST));
//$email = $_POST['email'];
$email = $_POST['email'] ? $_POST['email'] : $_GET['email'];
$esc_email = mysqli_real_escape_string($hookup, $email);
//
$oldemail = $_POST['oldemail'] ? $_POST['oldemail'] : $_GET['oldemail'];
$esc_oldemail = mysqli_real_escape_string($hookup, $oldemail);
//$sql = "UPDATE `Users` SET `email` = '$email', `password` = '$pass' WHERE `ID` = '$id'";
$sql = "UPDATE `Users` SET `email` = '$esc_email', `password` = '$hashed_pass' WHERE `email` = '$esc_oldemail'";
$result=mysqli_query($hookup, $sql);
if($result) {
$account_model->update($email, $oldemail, $pass);
//
$return = "success";
echo $return;
}
else {
$return = "error=" . $type. " / ". mysqli_error($hookup)."";
echo $return;
}
}else if($ui=="get_subscription"){
$id = $_POST['id'];
$usql = "SELECT * FROM `Users` WHERE `ID` = '$id'";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
$row = mysqli_fetch_assoc($result);
$xml.="".$row['subscribed']."";
$xml.="".$row['sub_date']."";
$xml.="";
echo $xml;
}else if($ui=="reset_subscription"){
$id = $_POST['id'];
$usql = "UPDATE `Users` SET `subscribed` = 0 WHERE `ID` = '$id'";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
if($result){
$xml.="success";
}else {
$xml.="failure";
}
$xml.="";
echo $xml;
}else if($ui=="set_subscription"){
$id = $_POST['id'];
$sub = $_POST['sub'];
$sub_date = $_POST['sub_date'];
$usql = "UPDATE `Users` SET `subscribed` = '$sub', `sub_date` = '$sub_date' WHERE `ID` = '$id'";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
if($result){
$xml.="success";
}else {
$xml.="failure";
}
$xml.="";
echo $xml;
}else if ($ui == "forecast") {
$num = intval($_POST["num"]);
$id = intval($_POST["id"]);
$month = intval($_POST["month"]);
$day = intval($_POST["day"]);
//$date = mysqli_real_escape_string($hookup, $idate[2]."-".$idate[0]."-".$idate[1]);
$last = mysqli_real_escape_string($hookup, date("Y-m-d H:i:s"));
$daily = $_POST["daily"];
if($daily=="1"){
$dsql = "INSERT INTO `Daily_Hits` (`ID`, `user_ID`, `login_date`) VALUES ('', '$id', '$last')";
mysqli_query($hookup, $dsql);
$sql = "UPDATE `Users` SET `last_login` = '$last', `daily_hits` = `daily_hits`+1 WHERE `ID`= '$id'";
}else {
$sql = "UPDATE `Users` SET `last_login` = '$last' WHERE `ID`= '$id'";
}
if(mysqli_query($hookup, $sql)){
$usql = "SELECT * FROM `DailyForecast` WHERE `month` = '$month' AND `day` = '$day' AND `num` = '$num' ";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['num']."";
$xml.="<![CDATA[".$row['title']."]]>";
$xml.="";
$xml.="
";
}
$xml.="";
echo $xml;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="get_compatabilities"){
$one = intval($_POST["one"]);
$two = intval($_POST["two"]);
$usql = "SELECT * FROM `RelationshipCompatability` WHERE `num_one` = '$one' AND `num_two` = '$two' ";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['title']."";
$xml.="",$row['desc'])."]]>";
$xml.="".$row['num_one']."";
$xml.="".$row['num_two']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if($ui=="get_relationship_forecast"){
$one = intval($_POST["one"]);
$two = intval($_POST["two"]);
$usql = "SELECT * FROM `RelationshipForecast` WHERE `num_one` = '$one' AND `num_two` = '$two' ";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['title']."";
$xml.="",$row['desc'])."]]>";
$xml.="".$row['num_one']."";
$xml.="".$row['num_two']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if($ui=="get_name_reports"){
$uid = intval($_POST["uid"]);
$usql = "SELECT * FROM `Name_Reports` WHERE `userID` = '$uid' ORDER BY `ID` DESC";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['purchase_date']."";
$xml.="".$row['uname']."";
$xml.="".$row['report_type']."";
$xml.="".$row['gender']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if ($ui == "add_name_reports") {
$uname = mysqli_real_escape_string($hookup, $_POST['uname']);
$uid = intval($_POST['userID']);
$gen = intval($_POST['gender']);
$rtype = intval($_POST['report_type']);
$date = mysqli_real_escape_string($hookup, $_POST['sub_date']);
$sql = "INSERT INTO `Name_Reports` (`ID`, `userID`, `purchase_date`, `uname`, `report_type`, `gender`) VALUES ('', '$uid', '$date','$uname', '$rtype', '$gen')";
$result=mysqli_query($hookup, $sql);
$used_id = "".mysqli_insert_id($hookup)."";
if($result){
$return = $used_id;
echo "success";
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="get_reflection_reports"){
$uid = intval($_POST["uid"]);
$usql = "SELECT * FROM `reflection_reports` WHERE `uid` = '$uid' ORDER BY `ID` DESC";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.= "".$row['subdate']."";
$xml.="".$row['rep_date']."";
$xml.="".$row['numbers']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if ($ui == "add_reflection_reports") {
$num = $_POST['num'];
$uid = intval($_POST['userID']);
$repDate = mysqli_real_escape_string($hookup, $_POST['repDate']);
$date = mysqli_real_escape_string($hookup, $_POST['sub_date']);
$sql = "INSERT INTO `reflection_reports` (`ID`, `uid`, `subdate`, `numbers`, `rep_date`) VALUES ('', '$uid', '$date','$num', '$repDate')";
$result=mysqli_query($hookup, $sql);
$used_id = "".mysqli_insert_id($hookup)."";
if($result){
$return = $used_id;
echo "success";
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="get_relationships"){
$uid = intval($_POST["uid"]);
$usql = "SELECT * FROM `RelationshipPurchases` WHERE `userID` = '$uid' ";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['report_type']."";
$xml.="".$row['purchase_date']."";
$xml.="".$row['first_name']."";
$xml.="".$row['middle_name']."";
$xml.="".$row['last_name']."";
$xml.="".$row['cfirst_name']."";
$xml.="".$row['cmiddle_name']."";
$xml.="".$row['clast_name']."";
$xml.="".$row['dob']."";
$xml.="".$row['gender']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if ($ui == "add_relationship") {
$first = mysqli_real_escape_string($hookup, $_POST['first_name']);
$middle = mysqli_real_escape_string($hookup, $_POST['middle_name']);
$last = mysqli_real_escape_string($hookup, $_POST['last_name']);
$cfirst = mysqli_real_escape_string($hookup, $_POST['cfirst_name']);
$cmiddle = mysqli_real_escape_string($hookup, $_POST['cmiddle_name']);
$clast = mysqli_real_escape_string($hookup, $_POST['clast_name']);
$dob = mysqli_real_escape_string($hookup, $_POST['dob']);
$gender = intval($_POST['gender']);
$uid = intval($_POST['userID']);
$date = mysqli_real_escape_string($hookup, $_POST['sub_date']);
$report_type = intval($_POST['report_type']);
$sql = "INSERT INTO `RelationshipPurchases` (`ID`, `userID`, `purchase_date`, `first_name`, `middle_name`, `last_name`, `cfirst_name`, `cmiddle_name`, `clast_name`, `dob`, `gender`, `report_type`) VALUES ('', '$uid', '$date','$first', '$middle', '$last', '$cfirst', '$cmiddle', '$clast', '$dob', '$gender', '$report_type')";
$result=mysqli_query($hookup, $sql);
$used_id = "".mysqli_insert_id($hookup)."";
if($result){
$return = $used_id;
echo $return;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="get_challenges"){
$usql = "SELECT * FROM `Challenges`";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['title']."";
$xml.="",$row['desc'])."]]>";
$xml.="".$row['num']."";
$xml.="".$row['phase']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if ($ui == "coreprofile") {
$core1 = intval($_POST['core1']);
$core2 = intval($_POST['core2']);
$core3 = intval($_POST['core3']);
$usql = "SELECT * FROM `CoreProfile` WHERE `core1` = '$core1' AND `core2` = '$core2' AND `core3` = '$core3'";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="";
$xml.="";
$xml.="
";
}
$xml.="";
echo $xml;
}else if ($ui == "dualities") {
$year = intval($_POST['year']);
$essence = intval($_POST['essence']);
$usql = "SELECT * FROM `Dualities` WHERE `year` = '$year' AND `essence` = '$essence'";
$result = mysqli_query($hookup, $usql);
$xml="";
//$row = mysqli_fetch_assoc($result);
while($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="<![CDATA[".$row['title']."]]>";
$xml.="",$row['desc'])."]]>";
$xml.="
";
}
$xml.="";
echo $xml;
}else if ($ui == "personalmonths") {
$year = intval($_POST['year']);
$usql = "SELECT * FROM `PersonalMonths` WHERE `year` = '$year'";
$result = mysqli_query($hookup, $usql);
$xml="";
//$row = mysqli_fetch_assoc($result);
while($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="<![CDATA[".$row['title']."]]>";
$xml.="";
$xml.="
";
}
$xml.="";
echo $xml;
}else if ($ui == "singlemonths") {
$year = intval($_POST['year']);
$month = intval($_POST['month']);
$usql = "SELECT * FROM `PersonalMonths` WHERE `year` = '$year' AND `month` = '$month'";
$result = mysqli_query($hookup, $usql);
$xml="";
//$row = mysqli_fetch_assoc($result);
while($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="<![CDATA[".$row['title']."]]>";
$xml.="";
$xml.="
";
}
$xml.="";
echo $xml;
}else if($ui=="update"){
$core1 = intval($_POST['core1']);
$core2 = intval($_POST['core2']);
$core3 = intval($_POST['core3']);
$title = mysqli_real_escape_string($hookup, $_POST['title']);
$desc = mysqli_real_escape_string($hookup, $_POST['desc']);
$short = mysqli_real_escape_string($hookup, $_POST['short']);
$sql = "UPDATE `CoreProfile` SET `short` = '$short', `desc` = '$desc' WHERE `core1` = '$core1' AND `core2` = '$core2' AND `core3` = '$core3'";
if(mysqli_query($hookup, $sql)){
$return = "success";
echo $return;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="add_account"){
//$email = $_POST['email'];
$email = mysqli_real_escape_string($hookup, $_POST['email'] ? $_POST['email'] : $_GET['email']);
//$password = $_POST['password'];
$password = $_POST['password'] ? $_POST['password'] : $_GET['password'];
$hashed_pass = mysqli_real_escape_string($hookup, bcrypt_hash($password, BCRYPT_COST));
//$affiliate = $_POST['affiliate'];
$affiliate = intval($_POST['affiliate'] ? $_POST['affiliate'] : $_GET['affiliate']);
$join = mysqli_real_escape_string($hookup, date("Y-m-d H:i:s"));
$sql = "SELECT COUNT(*) AS total FROM Accounts WHERE `email` = '$email' ;";
$query = mysqli_query($hookup,$sql);
$row = mysqli_fetch_assoc($query);
$total = $row['total'];
if($total>0) {
$return = "duplicate";
echo $return;
}else{
//$sql = "INSERT INTO `Accounts` (`ID`, `email`, `password`, `register_date`, `login_date`, `affiliate_ID`) VALUES ('', '$email', '$password', '$join', '$join', '$affiliate')";
$sql = "INSERT INTO `Accounts` (`ID`, `email`, `password`, `register_date`, `login_date`, `affiliate_ID`) VALUES ('', '$email', '$hashed_pass', '$join', '$join', '$affiliate')";
$result=mysqli_query($hookup, $sql);
$used_id = "".mysqli_insert_id($hookup)."";
if($result){
$return = $used_id;
echo $return;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}
}else if($ui=="delete"){
$id = intval($_POST['id']);
$sql = "DELETE FROM `CoreProfile` WHERE `ID` = '$id'";
$result=mysqli_query($hookup, $sql);
$used_id = "".mysqli_insert_id($hookup)."";
if($result){
$return = "success";
echo $return;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="get_blogs"){
$usql = "SELECT * FROM `Blogs` ORDER BY `date` DESC LIMIT 20";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['title']."";
$xml.="".$row['subtitle']."";
$xml.="",$row['desc'])."]]>";
$xml.="".$row['image']."";
$xml.="".$row['date']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if($ui=="get_news_mage"){
$usql = "SELECT * FROM `News_Image` ORDER BY `date` DESC LIMIT 20";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['path']."";
$xml.="";
$xml.="".$row['date']."";
$xml.="".$row['AID']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if($ui=="get_news"){
$usql = "SELECT * FROM `News` ORDER BY `date` DESC LIMIT 20";
$result = mysqli_query($hookup, $usql);
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['ID']."";
$xml.="".$row['title']."";
$xml.="",$row['desc'])."]]>";
$xml.="".$row['date']."";
$xml.="
";
}
$xml.="";
echo $xml;
}else if($ui=="get_ad"){
$result=mysqli_query($hookup, "SELECT * FROM `Ads` ORDER by `date` DESC LIMIT 1");
$cnt=0;
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.=$row["image"];
}
$xml.="";
echo $xml;
}else if($ui=="getupdates"){
$result=mysqli_query($hookup, "SELECT * FROM `App` WHERE `AID` = 0");
if($result){
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="".$row['version']."";
$xml.= "".$row['pc_link']."";
$xml.="".$row['mac_link']."";
$xml.="",$row['message'])."]]>";
$xml.="".$row['date']."";
$xml.="".$row['AID']."";
}
$xml.="";
echo $xml;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="getvendorupdates"){
$result=mysqli_query($hookup, "SELECT * FROM `App`");
if($result){
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['version']."";
$xml.= "".$row['pc_link']."";
$xml.="".$row['mac_link']."";
$xml.="",$row['message'])."]]>";
$xml.= "".$row['date']."";
$xml.="".$row['share_link']."";
$xml.="".$row['AID']."
";
}
$xml.="";
echo $xml;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}else if($ui=="getlimits"){
$id = intval($_POST['id']);
$mod = intval($_POST['mod']);
$result=mysqli_query($hookup, "SELECT * FROM `Limits` WHERE `uid`= '$id' AND `module` = '$mod'");
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.=$row["count"];
}
$xml.="";
echo $xml;
}else if($ui=="updatelimits"){
$id = intval($_POST['id']);
$mod = intval($_POST['mod']);
$date = mysqli_real_escape_string($hookup, $_POST['sub_date']);
//Check if the row already exists
$sql = "SELECT COUNT(*) AS total FROM Limits WHERE `uid` = '$id' AND `module` = '$mod';";
$query = mysqli_query($hookup,$sql);
$row = mysqli_fetch_assoc($query);
$total = $row['total'];
if($total>0){
$result=mysqli_query($hookup, "UPDATE `Limits` SET `count` = `count`+1 WHERE `uid`= '$id' AND `module` = '$mod'");
}else {
$usql = "INSERT INTO `Limits` (`ID`, `uid`, `module`, `sub_date`, `count`) VALUES ('', '$id', '$mod', '$date', '1')";
$result = mysqli_query($hookup,$usql);
}
$xml="";
//$row = mysqli_fetch_assoc($result);
if($result){
$xml.= "success";
}else {
$xml.= "failure";
}
$xml.="";
echo $xml;
}else if ($ui = "checkaccount"){
$email = mysqli_real_escape_string($hookup, $_POST['email']);
$sql = "SELECT COUNT(*) AS total FROM `Accounts` WHERE `email` = '$email';";
$query = mysqli_query($hookup,$sql);
$row = mysqli_fetch_assoc($query);
$total = $row['total'];
if ($total > 0){
echo "".$total."";
}else{
echo "success";
}
}else if ($ui = "getinappimages"){
$device = intval($_POST['device']);;
$sql = "SELECT * FROM `Purchase_Images` WHERE `device` = '$device';";
$result = mysqli_query($hookup,$sql);
if($result){
$xml="";
//$row = mysqli_fetch_assoc($result);
while ($row = mysqli_fetch_assoc($result)) {
$xml.="- ".$row['full_title']."";
$xml.= "".$row['limited_title']."";
$xml.="".$row['upgrade_title']."";
$xml.= "".$row['full_path']."";
$xml.= "".$row['limited_path']."";
$xml.="".$row['upgrade_path']."
";
}
$xml.="";
echo $xml;
}else{
$return = "error=" . $type. " / ". mysqli_error($hookup);
echo $return;
}
}
?>