OXIESEC PANEL

Name	Size	Modified	Perms
📄 --htpasswd	48 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 ..	-	10/11/2024 05:53:15 AM	rwxr-xr-x
📄 .htaccess	131 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_filemanager.php	8.17 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_footer.php	861 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_functions.php	2.15 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_header.php	10.52 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_login.php	3.59 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_new.php	39.63 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 admin_tools.php	9.4 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 assetmanager	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📁 bootstrap	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 dblib.php	4.59 KB	10/11/2024 05:51:49 AM	rw-rw-rw-
📁 docs	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📁 fontawesome-free	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 func_lib.php	19.88 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 genmodfile.php	4.61 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 images	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 index.php	909 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📄 interstitial.php	562 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 js	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 mailtest.php	627 bytes	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 photos	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 save_to_excel.php	4.1 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 scripts	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 setup_wizard.php	16.54 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 style	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📁 themes	-	10/11/2024 05:50:59 AM	rwxr-xr-x
📄 upgrade.php	11.67 KB	10/11/2024 05:50:59 AM	rw-rw-rw-
📁 vendor1	-	10/11/2024 05:50:59 AM	rwxr-xr-x

Editing: admin_new.php

<?php

session_start();

include('dblib.php');
include('func_lib.php');
include('admin_functions.php');

$getar = $_GET;
$getkeys = array_keys($getar);
for($i=0; $i<count($getkeys); $i++){
$k = $getkeys[$i];
$v = $getar[$k];
${$k}=cleanQuery($v,"yes");
}

$getar = $_POST;
$getkeys = array_keys($getar);
for($i=0; $i<count($getkeys); $i++){
$k = $getkeys[$i];
$v = $getar[$k];
${$k}=cleanQuery($v,"yes");
}

$admin_user = $_SESSION['admin_user'];

$current_url = basename(__FILE__);
if ($_SERVER['QUERY_STRING'] != "") { $current_url .= "?".$_SERVER['QUERY_STRING']; }

//echo $current_url;

if ($admin_user != "")
{

include('admin_header.php');

//------------------------------------------------------------------------------------------------
// Listing Home
//------------------------------------------------------------------------------------------------
if ($action == "")
{
	
	
	if ($zid != "")
	{
		
	$sql2 = "select field_name, field_label, field_type, filtername, keyfield, listed, editable, exportable, searchable, quick, quick_filtername, upload_folder, status from admin_tables where table_name = '".$zid."' and listed = '1' order by sr_no";
	$qid2 = db_query($sql2);
	$num2 = db_num_rows($qid2);
	
	if ($num2 > 0)
	{
	
	$table_array = array();
	
	for ($k=0;$k<=$num2-1;$k++)
	{
	$result2 = db_fetch_object($qid2);
	
		$table_array[$k]['field_name'] = $result2->field_name;
		$table_array[$k]['field_label'] = $result2->field_label;
		$table_array[$k]['field_type'] = $result2->field_type;
		$table_array[$k]['filtername'] = $result2->filtername;
		$table_array[$k]['keyfield'] = $result2->keyfield;
		
		if ($result2->keyfield == "1") { $key_field_name = $result2->field_name; }
		
		$table_array[$k]['listed'] = $result2->listed;
		$table_array[$k]['editable'] = $result2->editable;
		$table_array[$k]['searchable'] = $result2->searchable;
		$table_array[$k]['exportable'] = $result2->exportable;
		$table_array[$k]['quick'] = $result2->quick;
		$table_array[$k]['quick_filtername'] = $result2->quick_filtername;
		$table_array[$k]['upload_folder'] = $result2->upload_folder;
	
	}
	
	$num2 = sizeof($table_array);
	}
	else
	{
	echo "<script>\n";	
	echo "document.location = \"admin_new.php\"; \n";
	echo "</script>\n";
		
	}

for (var i=0;i < document.form5.elements.length;i++)
	{
		var e = document.form5.elements[i];
		if (e.type == "checkbox" && e.checked)
		{
 var flagh = 1 
		}
	}

document.form5.action = "save_to_excel.php?zid=<?php echo $zid; ?>&tablename=<?php echo $table_name; ?>&flagh="+flagh+"&<?php echo $back_query_string; ?>";   
document.form5.submit(); 
}

function change_pagenum()
{
document.location = 'admin_new.php?zid=<?php echo $zid; ?>&action=change_pagenum&pagenum=' + document.form5.pagenum.value + '&<?php echo $back_query_string; ?>'; 
}

function CheckAll(chk)
{
for (var i=0;i < document.form5.elements.length;i++)
	{
		var e = document.form5.elements[i];
		if (e.type == "checkbox")
		{
			e.checked = chk.checked;
		}
	}
}

function delete_confirm(id)
{
var answer = confirm ("Are you sure you want to delete this record?")
	if (answer)
	{ 
	document.location =  'admin_new.php?zid=<?php echo $zid; ?>&action=del_item&key_field_name=<?php echo $key_field_name; ?>&<?php echo $key_field_name; ?>='+id; 
	}
}

</script>
<?php

// Generate Query String
	$return_url = "admin_new.php?zid=".$zid;
	
	if ($action != "") { $return_url .= "&action=".$action; }
	if ($keyword != "") { $return_url .= "&keyword=".$keyword; }
	if ($filter_variables != "") { $return_url .= $filter_variables; $export_url .= $filter_variables; }
	$return_url_without_sortby = $return_url;
	if ($sortby != "") { $return_url .= "&sortby=".$sortby; }
	$return_url_without_start = $return_url;
	if ($start != "") { $return_url .= "&start=".$start; }
	
	// Add Filters to return url
	$sql_filters = "select field_name from admin_tables where table_name = '".$zid."' and quick = '1' and quick_filtername != ''";
	$qid_filters = db_query($sql_filters);
	$num_filters = db_num_rows($qid_filters);
	
	for ($k=0;$k<=$num_filters-1;$k++)
	{
	$result_filters = db_fetch_row($qid_filters);
	
		$temp = $result_filters[0];
		
		if ($$temp != "")
		{
		$return_url .= "&".$result_filters[0]."=".$$temp;
		}
	
	}
	
	
	
	$_SESSION['return_url'] = $return_url;
	
	$export_url = "";	
	if ($keyword != "") { $export_url .= "&keyword=".$keyword; }
	if ($filter_variables != "") { $export_url .= $filter_variables; $export_url .= $filter_variables; }
	if ($sortby != "") { $export_url .= "&sortby=".$sortby; }

if ($start == "") { $start = 0; }
	$num_records = $_SESSION["num_records"];
	if ($num_records == "") { $num_records = 50; }

echo "<div class=\"row margin0\">\n";
		echo "<div class=\"col-12 col-sm-12 col-md-12 padb20\">\n";
		echo "<h5>".str_replace("_"," ",strtoupper($zid));
		
		$_SESSION['return_title'] = str_replace("_"," ",strtoupper($zid));
		
		echo "<a href=\"admin_new.php?action=add_to_favorites\" class=\"btn btn-primary btn-sm float-right\"><i class=\"fas fa-star\"></i> &nbsp;Add to favorites</a>\n";
		
		echo "</h5>\n";
		echo "</div>\n";
	echo "</div>\n";

// Search Form
	echo "<form action=\"admin_new.php?zid=".$zid."\" method=\"post\" name=\"form1\" class=\"form-inline\">\n";
	echo "<div class=\"row margin0\">\n";
	echo "<div class=\"col-12 col-sm-12 col-md-12 padb20\">\n";
	
	echo "Search: <input type=\"text\" size=\"25\" name=\"keyword\" class=\"form-control form-control-sm\" value=\"".$keyword."\">\n";
	
	$sql_filters = "select field_name, quick, quick_filtername from admin_tables where table_name = '".$zid."' and quick = '1' and quick_filtername != ''";
	$qid_filters = db_query($sql_filters);
	$num_filters = db_num_rows($qid_filters);
	
	for ($k=0;$k<=$num_filters-1;$k++)
	{
	$result_filters = db_fetch_row($qid_filters);
	
	$temp = $result_filters[0];
	filter_drowndown($result_filters[2],$$temp,$result_filters[0]);
	
	
		if ($$temp != "")
		{
		$export_url .= "&".$temp."=".$$temp;
		$return_url .= "&".$temp."=".$$temp;
		$return_url_without_start .= "&".$temp."=".$$temp;
		$return_url_without_sortby .= "&".$temp."=".$$temp;		
		
		}
	
	}
	
	echo "<input type=\"submit\"  class=\"btn btn-primary btn-sm\" value=\"Go\">\n"; 
	echo "</div>\n";
	echo "</div>\n";
	echo "</form>\n";
	
	// Start Main Query
	$sql_main = "select ";
	
		for ($i=0;$i<=$num2-1;$i++)
		{
				$sql_main .= $table_array[$i]['field_name'].", ";
		}
	$sql_main = substr($sql_main, 0, -2);
	$sql_main .= " from ".$zid." where 1=1 ";
	
	// Add Keywords to query
	if ($keyword != "")
	{
	
		$key_array = explode(" ",$keyword);
	
		for ($k=0;$k<=sizeof($key_array)-1;$k++)
		{
	
			$sql_main .= " and ( ";
		
			$sql_searchable = "select field_name from admin_tables where table_name = '".$zid."' and searchable = '1'";
			$qid_searchable = db_query($sql_searchable);
			$num_searchable = db_num_rows($qid_searchable);
	
			for ($j=0;$j<=$num_searchable-1;$j++)
			{
			$result_searchable = db_fetch_row($qid_searchable);
			
			$sql_main .= $result_searchable[0]." like '%".$key_array[$k]."%' or ";
			
			}
	
			$sql_main =  substr($sql_main,0,-4);	
			$sql_main .= " ) ";
	
		}
	
	}
	
	// Add Filters to query
	$sql_filters = "select field_name from admin_tables where table_name = '".$zid."' and quick = '1' and quick_filtername != ''";
	$qid_filters = db_query($sql_filters);
	$num_filters = db_num_rows($qid_filters);
	
	for ($k=0;$k<=$num_filters-1;$k++)
	{
	$result_filters = db_fetch_row($qid_filters);
	
		$temp = $result_filters[0];
		
		if ($$temp != "")
		{
		$sql_main .= " and ".$result_filters[0]." = '".$$temp."' ";
		}
	
	}
	
	
	if ($sortby != "") { $sql_main .= " order by ".$sortby." "; }
	
	//echo $sql_main;

// Get max records
	$sql_pagination = $sql_main;
	$qid_pagination = db_query($sql_pagination);
	$num_pagination = db_num_rows($qid_pagination);
	
	$sql_main .= " limit ".$start.", ".$num_records;
	$qid_main = db_query($sql_main);
	$num_main = db_num_rows($qid_main);

// Main Form
	echo "<form name=\"form5\" method=\"post\" >\n";
	echo "<input type=\"hidden\" name=\"key_field_name\" id=\"key_field_name\" value=\"".$key_field_name."\">\n";
	echo "<div class=\"row margin0\">\n";

echo "<div class=\"col-12 col-sm-12 col-md-7\">\n";
	
	echo "<a href=\"admin_new.php?zid=".$zid."&action=add_item\"  class=\"btn btn-primary btn-sm\"><i class=\"fas fa-plus\"></i> &nbsp; Add an Item</a></span>\n";

echo "<a href=\"admin_new.php?zid=".$zid."&sortby=".$sortby."\" class=\"btn btn-primary btn-sm\"><i class=\"fas fa-list\"></i> &nbsp; View All</a>\n";

echo "<a href=\"save_to_excel.php?zid=".$zid.$export_url."\" class=\"btn btn-primary btn-sm\"> <i class=\"fas fa-file-excel\"></i> &nbsp; Export to Excel</a>\n";

// Total records for display and pagination
	echo " &nbsp; <span style=\"margin-left:20px;\">".$num_pagination." records found.</span>\n";
	echo "</div>\n";
	
	echo "<div class=\"col-4 col-sm-4 col-md-2 padb10 text-right\">\n";
	echo "Items per page\n";
	echo "</div>\n";
	echo "<div class=\"col-2 col-sm-2 col-md-1 padb10 text-left padl0\">\n";
	echo "<select name=\"pagenum\" onchange=\"javascript:change_pagenum();\"  class=\"form-control form-control-sm\">\n";
	echo "<option value=\"5\""; if ($num_records == 5) { echo " selected"; } echo ">5\n";
	echo "<option value=\"10\""; if ($num_records == 10) { echo " selected"; } echo ">10\n";
	echo "<option value=\"25\""; if ($num_records == 25) { echo " selected"; } echo ">25\n";
	echo "<option value=\"50\""; if ($num_records == 50) { echo " selected"; } echo ">50\n";
	echo "<option value=\"100\""; if ($num_records == 100) { echo " selected"; } echo ">100\n";
	echo "<option value=\"150\""; if ($num_records == 150) { echo " selected"; } echo ">150\n";
	echo "<option value=\"200\""; if ($num_records == 200) { echo " selected"; } echo ">200\n";
	echo "</select>\n";
	echo "</div>\n";
	echo "<div class=\"col-6 col-sm-6 col-md-2 text-right\">\n";
	echo "<a href=\"javascript:redirect_form(1)\" class=\"btn btn-primary btn-sm\"><i class=\"fas fa-trash\"></i> &nbsp; Delete Selected</a>\n";
	echo "</div>\n";

echo "</div>\n";

// Generate the pagination code
	$pagination_code = "";

$pagination_code .= "<div style=\"width:auto; margin-left:10px; height:auto; float:right;\">\n";
	$pagination_code .= "<select name=\"jump_to_1\" id=\"jump_to_1\" onchange=\"javascript:jumpto(1);\" class=\"form-control form-control-sm\">\n";

$ctr = 1;
	for ($i=0;$i<=$num_pagination-1;$i += $num_records)
	{

$pagination_code .= "<option value=\"".$i."\""; if ($start == $i) { $pagination_code .= " selected "; } $pagination_code .= ">".$ctr."</option>\n";

$ctr ++;
	}

$pagination_code .= "</select></div>\n";
	$pagination_code .= "<div style=\"width:auto; margin-left:10px; margin-top:5px; height:auto; float:right;\">\n";
	$pagination_code .= "&nbsp;&nbsp;Jump to &nbsp;&nbsp;";
	$pagination_code .= "</div>\n";

$pagination_code .= "<div style=\"float:right;\">\n";
	$pagination_code .= "<ul class=\"pagination\">\n";
	$ctr = 1;

for ($i=0;$i<=$num_pagination-1;$i += $num_records)
	{

if ($i >= ($start - ($num_records*5)) && $i <= ($start + ($num_records*5)) )
		{
	
		if ($start == $i)
		{
		$pagination_code .= "<li class=\"page-item active\"><a class=\"page-link\" href=\"#\">".$ctr."</a></li>";
		}
		else
		{
		$pagination_code .= "<li class=\"page-item\"><a class=\"page-link\" href=\"".$return_url_without_start."&start=".$i."\">".$ctr."</a></li>";
		}

}

$ctr ++;
	}

$pagination_code .= "</ul></div>\n";
	$pagination_code .= "<div style=\"float:right; padding-top:5px;\">Pages: &nbsp;</div>\n";
	
	$pagination_code .= "<script>\n";
	$pagination_code .= "function jumpto(num)\n";
	$pagination_code .= "{\n";
	$pagination_code .= "document.location = '".$return_url_without_start."&start=' + $('#jump_to_' + num).val(); \n";
	$pagination_code .= "} \n";
	$pagination_code .= "</script>\n";
	
	$colspan = 0;

for ($i=0;$i<=$num2-1;$i++)
		{
			if ($table_array[$i]['listed'] == "1")
			{
				$colspan++;
			}
		}

echo "<div class=\"row margin0\">\n";
	echo "<div class=\"col-12 col-sm-12 col-md-12 padb20\">\n";

echo "<table class=\"table table-striped table-hover\" style=\"font-size:14px; background:#fff;\"> \n";
	echo "<tr><td colspan=\"".($colspan+4)."\">\n";
	echo $pagination_code;
	echo "</td>\n";
	echo "</tr>\n";	
	
	echo "<tr>\n";
	echo "<td valign=\"center\" style=\"padding-top:25px;\"><input type=checkbox onclick=\"javascript:CheckAll(this);\" value=\"Check All\"></td>\n";

for ($i=0;$i<=$num2-1;$i++)
		{
				echo "<th>\n";
				echo "<a href=\"".$return_url_without_sortby."&sortby=".$table_array[$i]['field_name']."&start=".$start."\"><i class=\"fas fa-caret-up\" style=\"font-size:18px;\"></i></a><br />\n";
				echo $table_array[$i]['field_label']."<br />\n";
				echo "<a href=\"".$return_url_without_sortby."&sortby=".$table_array[$i]['field_name']."+desc&start=".$start."\"><i class=\"fas fa-caret-down\" style=\"font-size:18px;\"></i></a>\n";
				echo "</th>\n";
	
		}
	
	echo "<th valign=\"center\" style=\"padding-top:25px;\">View</th>\n";
	echo "<th valign=\"center\" style=\"padding-top:25px;\">Edit</th>\n";
	echo "<th valign=\"center\" style=\"padding-top:25px;\">Delete</th>\n";
	
	echo "</tr>\n";
	
	$max_value = 0;

for ($j=0;$j<=$num_main-1;$j++)
	{
	$result_main = db_fetch_row($qid_main);

if ($result_main[0] > $max_value) { $max_value = $result_main[0]; }

echo "<tr>\n";
	echo "<td><input type=\"checkbox\" name=\"item[]\"  value=\"".$result_main[0]."\"></td>\n";
	
	
		for ($i=0;$i<=sizeof($result_main)-1;$i++)
		{
			echo "<td>".$result_main[$i]."</td>\n";
			
				if ($table_array[$i]['keyfield'] == "1")
				{
				$key_field_name = $table_array[$i]['field_name'];
				$key_field_num = $i;
				}
			
		}

echo "<td align=\"center\"><a href=\"admin_new.php?zid=".$zid."&action=view_item&".$key_field_name."=".$result_main[$key_field_num]."\" title=\"View\"><i class=\"fas fa-eye\"></i></a></td>\n";
	echo "<td align=\"center\"><a href=\"admin_new.php?zid=".$zid."&action=edit_item&".$key_field_name."=".$result_main[$key_field_num]."\" title=\"Edit\" rel=\"Edit\"><i class=\"fas fa-edit\"></i></a></td>\n";
	echo "<td align=\"center\"><a href=\"javascript:delete_confirm(".$result_main[$key_field_num].")\" title=\"Delete\"><i class=\"fas fa-trash-alt\"></i></a></td>\n";
	echo "</tr>\n";	
	}

// Pagination Starts
	echo "<tr><td colspan=\"".($colspan+4)."\" align=\"right\">\n";

$pagination_code = str_replace("jump_to_1","jump_to_2",$pagination_code);
	$pagination_code = str_replace("jumpto(1)","jumpto(2)",$pagination_code);

echo $pagination_code;

echo "</td>\n";
	echo "</tr>\n";

echo "</table>\n";
	
	
	
	echo "</div>\n";
	
	echo "</div>\n";	
	echo "<input type=\"hidden\" value=\"".$max_value."\" name=\"max_value\">\n";
	echo "</form>\n";

}
	else //  Admin Dashboard
	{
		
		echo "<div class=\"row margin0\">\n";
		echo "<div class=\"col-12 col-sm-12 col-md-12 padb10\">\n";
		echo "<h5>DASHBOARD > FAVORITES</h5>\n";
		echo "</div>\n";
		echo "</div>\n";
		
		$sql_favorites = "select sr_no, title, url from admin_favorites where username = '".$admin_user."' and status = 'active'";
		$qid_favorites = db_query($sql_favorites);
		$num_favorites = db_num_rows($qid_favorites);
		
		echo "<div class=\"row margin0\">\n";
		echo "<div class=\"col-12 col-sm-12 col-md-12 padb20\">\n";
		echo "<table class=\"table\">\n";
		
		if ($num_favorites > 0)
		{
			for ($k=0;$k<=$num_favorites-1;$k++)
			{
			
			$result_favorites = db_fetch_object($qid_favorites);
		
			echo "<tr>\n";
			echo "<td><i class=\"fas fa-star\"></i> &nbsp; <a href=\"".$result_favorites->url."\">".$result_favorites->title."</a></td>\n";
			echo "<td class=\"text-right\"><a href=\"admin_new.php?action=remove_favorites&sr_no=".$result_favorites->sr_no."\" class=\"btn btn-primary btn-sm float-right\"><i class=\"fas fa-trash-alt\"></i> &nbsp; Remove</a></td>\n";
			echo "</tr>\n";
		
			}
		}

echo "</table>\n";
		echo "</div>\n";
		echo "</div>\n";
		
		
	}

}

//----------------------------------------------------------------------------------------------------------------
// View Item
//----------------------------------------------------------------------------------------------------------------
if ($action == "view_item")
{

echo "<div class=\"row margin0\">\n";
		echo "<div class=\"col-12 col-sm-12 col-md-12 padb20\">\n";
		echo "<h5>".$_SESSION['return_title']." > View Item";
		echo "<a href=\"".$_SESSION['return_url']."\" class=\"btn btn-primary btn-sm float-right\">< Back</a>\n";
		echo "</h5>\n";	
		echo "</div>\n";
	echo "</div>\n";

$sql2 = "select field_name, field_label, field_type, filtername, keyfield, listed, editable, searchable, quick, quick_filtername, upload_folder, status from admin_tables where table_name = '".$zid."' and editable = '1'  order by sr_no";
	$qid2 = db_query($sql2);
	$num2 = db_num_rows($qid2);
	
	$table_array = array();
	
	for ($k=0;$k<=$num2-1;$k++)
	{
	$result2 = db_fetch_object($qid2);
	
		$table_array[$k]['field_name'] = $result2->field_name;
		$table_array[$k]['field_label'] = $result2->field_label;
		$table_array[$k]['field_type'] = $result2->field_type;
		$table_array[$k]['filtername'] = $result2->filtername;
		$table_array[$k]['keyfield'] = $result2->keyfield;
		$table_array[$k]['listed'] = $result2->listed;
		$table_array[$k]['editable'] = $result2->editable;
		$table_array[$k]['searchable'] = $result2->searchable;
		$table_array[$k]['quick'] = $result2->quick;
		$table_array[$k]['quick_filtername'] = $result2->quick_filtername;
		$table_array[$k]['upload_folder'] = $result2->upload_folder;
	
	}

$num2 = sizeof($table_array);

$sql1 = "select ";
		
		for ($i=0;$i<=$num2-1;$i++)
		{
				
				$sql1 .= $table_array[$i]['field_name'].", ";
			
				
				if ($table_array[$i]['keyfield'] == "1")
				{
				$key_field_name = $table_array[$i]['field_name'];
				$key_field_num = $i;
				}
				
	
		}

$sql1 = substr($sql1,0,-2);
	$sql1 .= " from ".$zid." ";
	$sql1 .= " where ".$key_field_name." = '".$$key_field_name."'";

//echo $sql1;

$qid1 = db_query($sql1);
	$result1 = db_fetch_object($qid1);

for ($k=0;$k<=sizeof($table_array)-1;$k++)
	{
			$temp = $table_array[$k]['field_name'];
				
			echo "<div class=\"row margin0\" style=\"border-bottom:1px solid #dedede; padding-top:10px; padding-bottom:10px;\">\n";
			
				echo "<div class=\"col-md-2\">\n";
				echo "<b>".$table_array[$k]['field_label']."</b>";
				echo "</div>\n";
				echo "<div class=\"col-md-10\">\n";
				
				
					if ($table_array[$k]['field_type'] == "upload")
					{
						
							$ext = substr($result1->$temp, strrpos($result1->$temp, ".") + 1);
							$images_array = array("jpg","jpeg","gif","png");
							$doc_array = array("doc","docx","xls","xlsx","pdf");
							
							if (in_array(strtolower($ext),$images_array))
							{
							echo "<img src=\"".$table_array[$k]['upload_folder'].$result1->$temp."\" class=\"img-fluid\" />\n";
							}
							
							if (in_array(strtolower($ext),$doc_array))
							{
							echo "<a href=\"".$table_array[$k]['upload_folder'].$result1->$temp."\" target=\"_blank\">Download - ".$result1->$temp."</a>\n";
							}
							
	
					}
					else
					{
					echo $result1->$temp;	
						
					}
				echo "</div>\n";
			
			
		echo "</div>\n";	
	} // Rows

}

//----------------------------------------------------------------------------------------------------------------
// Edit Item
//----------------------------------------------------------------------------------------------------------------
if ($action == "edit_item" || $action == "add_item")
{

echo "<div class=\"row margin0\">\n";
		echo "<div class=\"col-12 col-sm-12 col-md-12 padb20\">\n";
		
		if ($action == "edit_item")
		{	
		echo "<h5>".$_SESSION['return_title']." > Edit Item";
		}
		if ($action == "add_item")		
		{
		echo "<h5>".$_SESSION['return_title']." > Add New Item";
		}
		
		echo "<a href=\"".$_SESSION['return_url']."\" class=\"btn btn-primary btn-sm float-right\">< Back</a>\n";
		echo "</h5>\n";	
		echo "</div>\n";
	echo "</div>\n";

$num2 = sizeof($table_array);

$sql1 = substr($sql1,0,-2);
	$sql1 .= " from ".$zid." ";
	$sql1 .= " where ".$key_field_name." = '".$$key_field_name."'";

//echo $sql1;

$qid1 = db_query($sql1);
	$result1 = db_fetch_object($qid1);

if ($action == "edit_item")
	{
	echo "<form method=\"post\" action=\"admin_new.php?action=save_item\" name=\"edit_form\" id=\"edit_form\" enctype=\"multipart/form-data\">\n";
	echo "<input type=\"hidden\" name=\"key_field_name\" value=\"".$key_field_name."\" />\n";
	echo "<input type=\"hidden\" name=\"key_field_value\" value=\"".$result1->$key_field_name."\" />\n";
	echo "<input type=\"hidden\" name=\"zid\" value=\"".$zid."\" />\n";
	}

if ($action == "add_item")
	{
	echo "<form method=\"post\" action=\"admin_new.php?action=append_item\" name=\"edit_form\" id=\"edit_form\" enctype=\"multipart/form-data\">\n";
	echo "<input type=\"hidden\" name=\"zid\" value=\"".$zid."\" />\n";
	}

// Text				
				if ($table_array[$k]['field_type'] == "text")
				{
				echo "<input type=\"text\" name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" value=\"".$result1->$temp."\" class=\"form-control\" />";
				}
				
				// Status				
				if ($table_array[$k]['field_type'] == "status")
				{
			echo "<input type=\"radio\" name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" value=\"active\""; if ($result1->$temp == "active" || $action == "add_item") { echo " checked ";} echo "> Active &nbsp;&nbsp;";
				echo "<input type=\"radio\" name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" value=\"inactive\""; if ($result1->$temp == "inactive") { echo " checked ";} echo "> Inactive";
				}

// Onoff				
				if ($table_array[$k]['field_type'] == "onoff")
				{
				echo "<input type=\"radio\" name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" value=\"1\""; if ($result1->$temp == "1") { echo " checked ";} echo "> On &nbsp;&nbsp;";
				echo "<input type=\"radio\" name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" value=\"0\""; if ($result1->$temp == "0") { echo " checked ";} echo "> Off";
				}

// Textarea
				if ($table_array[$k]['field_type'] == "textarea")
				{

echo "<textarea name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" class=\"form-control\" >".$result1->$temp."</textarea>";
				}
				
				// Textarea Big
				if ($table_array[$k]['field_type'] == "textareabig")
				{

echo "<textarea name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" class=\"form-control\" style=\"height:200px;\" >".$result1->$temp."</textarea>";
				}

// HTML
				if ($table_array[$k]['field_type'] == "html")
				{

echo "<textarea id=\"".$table_array[$k]['field_name']."\" name=\"".$table_array[$k]['field_name']."\" class=\"form-control\">\n";
				
				$sContent=stripslashes($result1->$temp); //Remove slashes
				echo encodeHTML($sContent);
				echo "</textarea>\n";

echo "<input type=\"text\" name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" value=\""; if ($result1->$temp != "") { echo $result1->$temp; } elseif ($action == "add_item") { echo date("Y-m-d"); } echo "\" class=\"form-control\" />";			
					
?>
<script type="text/javascript">
    $(document).ready(function () {
 
	$('#<?php echo $table_array[$k]['field_name']; ?>').datepicker({
      changeMonth: true,
      changeYear: true,
	  yearRange: "c-90:c+90",
	  dateFormat: "yy-mm-dd"
    });
 
	});
</script>
<?php

}
				
				// Upload
				if ($table_array[$k]['field_type'] == "upload")
				{		
				echo "<input type=\"text\" name=\"".$table_array[$k]['field_name']."\" id=\"".$table_array[$k]['field_name']."\" value=\"".$result1->$temp."\" class=\"form-control form-control-sm\" /><br />";

echo "<input type=\"file\" id=\"file".$k."\" name=\"file".$k."\" class=\"form-control\" placeholder=\"Upload file\" >\n";
			
			
				echo "<div style=\"padding-top:10px;\">\n";

if ($result1->$temp != "") 
					{

$ext = substr($result1->$temp, strrpos($result1->$temp, ".") + 1);
							$images_array = array("jpg","jpeg","gif","png");
							$doc_array = array("doc","docx","xls","xlsx","pdf");
							
							if (in_array(strtolower($ext),$images_array))
							{
							echo "<img src=\"".$table_array[$k]['upload_folder'].$result1->$temp."\" class=\"img-fluid\" />\n";
							}
							
							if (in_array(strtolower($ext),$doc_array))
							{
							echo "<a href=\"".$table_array[$k]['upload_folder'].$result1->$temp."\" target=\"_blank\">Download - ".$result1->$temp."</a>\n";
							}
				
					
				
					
					}	
					else
					{
					echo "No document / image uploaded.\n";	
						
					}
				echo "</div>\n";
				}

// Filter
				if ($table_array[$k]['field_type'] == "filter")
				{		
				filter_drowndown($table_array[$k]['filtername'],$result1->$temp,$table_array[$k]['field_name']);
			
				}	
			
			}
			else
			{

echo $result1->$temp;
				
			}
			echo "</div>\n";
			
		echo "</div>\n";	
	} // Rows

echo "<div class=\"row margin0\" style=\"padding-top:10px; padding-bottom:40px;\">\n";
			echo "<div class=\"col-md-2\"></div>\n";
			echo "<div class=\"col-md-10\">\n";
			
				if ($action == "edit_item")
				{
				echo "<input type=\"submit\" value=\"Save Changes\" class=\"btn btn-primary bt-sm\" />\n";
				
				echo "&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"checkbox\" name=\"re_edit\" value=\"yes\""; if ($_SESSION['re_edit'] == "yes") { echo " checked "; } echo "> <span style=\"line-height:16px;\">Save & Edit this record?</span> \n";
				}
				
				if ($action == "add_item")
				{
				echo "<input type=\"submit\" value=\"Add Record\" class=\"btn btn-primary bt-sm\" />\n";
				echo "&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"checkbox\" name=\"re_edit\" value=\"yes\""; if ($_SESSION['re_edit'] == "yes") { echo " checked "; } echo "> <span style=\"line-height:16px;\">Save & Edit this record?</span> \n";
				echo "&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"checkbox\" name=\"add_another\" value=\"yes\""; if ($_SESSION['add_another'] == "yes") { echo " checked "; } echo "> <span style=\"line-height:16px;\">Add another?</span> \n";
				}
				
				
				echo "</div>\n";
	
		echo "</div>\n";

echo "</form>\n";

}

//--------------------------------------------------------------------------------------------------
// Save Item
//--------------------------------------------------------------------------------------------------
if ($action == "save_item")
{

$num2 = sizeof($table_array);

// Build Sql Query

$sql1 = "update ".$zid." set ";
	
	
		for ($k=0;$k<=$num2-1;$k++)
		{
	
			if ($table_array[$k]['keyfield'] != "1")
			{
				
				// Not Upload
				if ($table_array[$k]['field_type'] != "upload")
				{
				$temp = $table_array[$k]['field_name'];
				$sql1 .= $table_array[$k]['field_name']." = '".$$temp."', ";
				}
				
				// Upload
				if ($table_array[$k]['field_type'] == "upload")
				{
					// If a file has been uploaded
					if ($_FILES['file'.$k]['name'] != "")
					{
					
						$path = $table_array[$k]['upload_folder'].$_FILES['file'.$k]['name'];
						move_uploaded_file($_FILES['file'.$k]['tmp_name'], $path);
						$sql1 .= $table_array[$k]['field_name']." = '".$_FILES['file'.$k]['name']."', ";
				
					}
					else
					{
						
					$temp = $table_array[$k]['field_name'];
					$sql1 .= $table_array[$k]['field_name']." = '".$$temp."', ";
						
					}
				
				}
				
			}
	
		}
	
	$sql1 = substr($sql1,0,-2);
	$sql1 .= " where ".$key_field_name." = '".$key_field_value."'";
	
	//echo $sql1;
	
	$qid1 = db_query($sql1);

if ($active_log_status == "1")
	{
	log_url($admin_user, $zid, $action, $key_field_value);
	}

echo "<script>\n";
	
	$_SESSION['re_edit'] = $re_edit;
	$_SESSION['interstitial'] = "Changes Saved!";
	if ($re_edit == "yes")
	{
	echo "document.location = \"admin_new.php?zid=".$zid."&action=edit_item&".$key_field_name."=".$key_field_value."\"; \n";
	}
	else
	{
	echo "document.location = \"".$_SESSION['return_url']."\"; \n";	
	}
	echo "</script>\n";

}

$key_field_name = "";

$sql2 = "select field_name, field_label, field_type, filtername, keyfield, listed, editable, searchable, quick, quick_filtername, upload_folder, status from admin_tables where table_name = '".$zid."' and editable = '1'  order by sr_no";
	$qid2 = db_query($sql2);
	$num2 = db_num_rows($qid2);
	
	$table_array = array();
	
	for ($k=0;$k<=$num2-1;$k++)
	{
	$result2 = db_fetch_object($qid2);
	
		$table_array[$k]['field_name'] = $result2->field_name;
		$table_array[$k]['field_label'] = $result2->field_label;
		$table_array[$k]['field_type'] = $result2->field_type;
		$table_array[$k]['filtername'] = $result2->filtername;
		$table_array[$k]['keyfield'] = $result2->keyfield;
		
		// Identify Key field
		if ($result2->keyfield == "1") { $key_field_name = $result2->field_name; }
		
		$table_array[$k]['listed'] = $result2->listed;
		$table_array[$k]['editable'] = $result2->editable;
		$table_array[$k]['searchable'] = $result2->searchable;
		$table_array[$k]['quick'] = $result2->quick;
		$table_array[$k]['quick_filtername'] = $result2->quick_filtername;
		$table_array[$k]['upload_folder'] = $result2->upload_folder;
	
	}

$num2 = sizeof($table_array);

// Build Sql Query

$sql1 = "insert into ".$zid." ";

$temp1 = ""; // Query part 1
			$temp2 = ""; // Query part 2
	
		for ($k=0;$k<=$num2-1;$k++)
		{
	
			// If not key field add to array
			if ($table_array[$k]['keyfield'] != "1")
			{

// Upload
				if ($table_array[$k]['field_type'] == "upload")
				{
					// If a file has been uploaded
					if ($_FILES['file'.$k]['name'] != "")
					{
					
						$path = $table_array[$k]['upload_folder'].$_FILES['file'.$k]['name'];
						move_uploaded_file($_FILES['file'.$k]['tmp_name'], $path);
						
					$temp1 .= $table_array[$k]['field_name'].", ";
					$temp = $table_array[$k]['field_name'];
					$temp2 .= "'".$_FILES['file'.$k]['name']."',";

}
					else
					{
					$temp1 .= $table_array[$k]['field_name'].", ";
					$temp = $table_array[$k]['field_name'];
					$temp2 .= "'".$$temp."',";
					}

}	
				else
				{

$temp1 .= $table_array[$k]['field_name'].", ";
					$temp = $table_array[$k]['field_name'];
					$temp2 .= "'".$$temp."',";

}
			}
			else
			{
			$temp1 .= $key_field_name.", ";
			$key_field_value = get_max($zid,$key_field_name);	
			$temp2 .= "'".$key_field_value."',";	
				
			}

}

$sql1 .= "(".substr($temp1,0,-2).") values (".substr($temp2,0,-1).")";
	//echo $sql1;
	$qid1 = db_query($sql1);

$_SESSION['re_edit'] = $re_edit;
	$_SESSION['add_another'] = $add_another;
	$_SESSION['interstitial'] = "Record Added!";
	
	if ($add_another == "yes")
	{
	echo "<script>\n";		
	echo "document.location = \"admin_new.php?zid=".$zid."&action=add_item\"; \n";
	echo "</script>\n";	
	}
	
	echo "<script>\n";
	if ($re_edit == "yes")
	{
	echo "document.location = \"admin_new.php?zid=".$zid."&action=edit_item&".$key_field_name."=".$key_field_value."\"; \n";
	}
	else
	{
	echo "document.location = \"".$_SESSION['return_url']."\"; \n";	
	}

echo "</script>\n";

}

//--------------------------------------------------------------------------------------------
// DELETE  ITEM
//--------------------------------------------------------------------------------------------
if ($action == "del_item")
{
$sql = "delete from ".$zid." where ".$key_field_name." = '".$$key_field_name."'";
$qid = db_query($sql);

$_SESSION['interstitial'] = "Record deleted!";

echo "<script>\n";
echo "document.location = \"".$_SESSION['return_url']."\"; \n";
echo "</script>\n";
}

//--------------------------------------------------------------------------------------------
// CHANGE NUMBER OF ITEMS DISPLAYED PER PAGE
//--------------------------------------------------------------------------------------------
if ($action == "change_pagenum")
{

$_SESSION["num_records"]=$pagenum;

$_SESSION['interstitial'] = "Items per page changed!";

echo "<script>\n";
echo "document.location = \"".$_SESSION['return_url']."\"; \n";
echo "</script>\n";
}

//--------------------------------------------------------------------------------------------
// NEW DELETE  ITEM
//--------------------------------------------------------------------------------------------
if ($action == "new_del")
{

for($i=0;$i<=$max_value;$i++)
{
eval("\$curr=\"\$item[$i]\";");

if ($curr != "")
	{
	$sql = "delete from ".$zid." where ".$key_field_name." = ".$curr;
	$qid = db_query($sql);
	}
}

$_SESSION['interstitial'] = "Records deleted!";

echo "<script>\n";
echo "document.location = \"".$_SESSION['return_url']."\"; \n";
echo "</script>\n";

}

//--------------------------------------------------------------------------------------------
// Add To Favorites
//--------------------------------------------------------------------------------------------
if ($action == "add_to_favorites")
{
	
$sql_temp = "select count(*) as counter from admin_favorites where url = '".$_SESSION['return_url']."' and username = '".$admin_user."'";
$qid_temp = db_query($sql_temp);
$result_temp = db_fetch_object($qid_temp);

if ($result_temp->counter <= 0)
	{

$sql1 = "insert into admin_favorites (username, title, url, post_date, status) values ('".$admin_user."','".$_SESSION['return_title']."','".$_SESSION['return_url']."','".date("Y-m-d")."','active')";
	$qid1 = db_query($sql1);
	$_SESSION['interstitial'] = "Added to favorites";
	}
	else
	{
	$_SESSION['interstitial'] = "Page already in favorites";
	}

echo "<script>\n";
echo "document.location = \"".$_SESSION['return_url']."\"; \n";
echo "</script>\n";

}

//--------------------------------------------------------------------------------------------
// Remove From Favorites
//--------------------------------------------------------------------------------------------
if ($action == "remove_favorites")
{

$sql1 = "delete from admin_favorites where username = '".$admin_user."' and sr_no = '".$sr_no."'";
	$qid1 = db_query($sql1);
	$_SESSION['interstitial'] = "Removed from favorites";

echo "<script>\n";
echo "document.location = \"admin_new.php\"; \n";
echo "</script>\n";

}

include('admin_footer.php');

}
else
{
	echo "<script>\n";
	echo "document.location = \"admin_login.php\"; \n";
	echo "</script>\n";
	
}