0){
$shop_id = $_GET['shop_id'];
} else {
$shop_id = current_shop_by_ip();
}
switch ($_GET['error']) {
case 'new_error_message': //this is a sample error message. insert error case here
$error_message = '';
break;
default:
$error_message = 'Enter or Update Contact Information -
Thank-you for supporting Positive Spin. ';
break;
}
$page_shop_log = PAGE_SHOP_LOG . "?shop_id=$shop_id";
if($_GET['contact_id'] == 'new_contact'){
/* Discover if previous contact creation attempt was abandoned
There should be at least a first and last name, if not we use
previous contact_id, update it and start fresh
*/
mysql_select_db($database_YBDB, $YBDB);
// Find previous contact_id
$sql = "SELECT MAX(contact_id) as previous_contact_id FROM contacts;";
$query = mysql_query($sql, $YBDB) or die(mysql_error());
$result = mysql_fetch_assoc($query);
$previous_contact_id = $result['previous_contact_id'];
// If full_name is empty we will use this contact_id
$sql = "SELECT CONCAT(first_name, ' ', last_name) as full_name FROM contacts WHERE contact_id=" . $previous_contact_id. ";";
$query = mysql_query($sql, $YBDB) or die(mysql_error());
$result = mysql_fetch_assoc($query);
$full_name = $result['full_name'];
//adds contact if new_contact is selected .. it's " " not ""
if ($full_name != " ") {
$new_contact_id = $previous_contact_id + 1;
$insertSQL = sprintf("INSERT INTO contacts (date_created) VALUES (%s)",
GetSQLValueString('current_time', "date"));
$Result1 = mysql_query($insertSQL, $YBDB) or die(mysql_error());
$contact_id = $new_contact_id;
$contact_id_entry = 'new_contact';
} else {
$insertSQL = sprintf("UPDATE contacts SET date_created=%s WHERE contact_id=" . $previous_contact_id,
GetSQLValueString('current_time', "date"));
$Result1 = mysql_query($insertSQL, $YBDB) or die(mysql_error());
$contact_id = $previous_contact_id;
$contact_id_entry = 'new_contact';
}
} elseif(isset($_GET['contact_id'])) {
//else contact_id is assigned from passed value
$contact_id = $_GET['contact_id'];
$contact_id_entry = $_GET['contact_id'];
} else {
$contact_id = -1;
$contact_id_entry = -1;
}
$editFormAction = "?contact_id={$contact_id}&shop_id={$shop_id}";
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$updateSQL = sprintf("UPDATE contacts SET first_name=%s, middle_initial=%s, last_name=%s, email=%s,
DOB=%s, phone=%s, address1=%s, address2=%s, city=%s,
`state`=%s, zip=%s, pass=ENCODE(%s,'yblcatx') WHERE contact_id=%s",
GetSQLValueString($_POST['first_name'], "text"),
GetSQLValueString($_POST['middle_initial'], "text"),
GetSQLValueString($_POST['last_name'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['DOB'], "date"),
GetSQLValueString($_POST['phone'], "text"),
GetSQLValueString($_POST['address1'], "text"),
GetSQLValueString($_POST['address2'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['state'], "text"),
GetSQLValueString($_POST['zip'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['contact_id'], "int"));
mysql_select_db($database_YBDB, $YBDB);
$Result1 = mysql_query($updateSQL, $YBDB) or die(mysql_error());
if ($_POST['contact_id_entry'] == 'new_contact'){
//navigate back to shop that it came from
$pagegoto = PAGE_SHOP_LOG . "?shop_id={$shop_id}&new_user_id={$contact_id}";
header(sprintf("Location: %s", $pagegoto));
}
}
mysql_select_db($database_YBDB, $YBDB);
$query_Recordset1 = "SELECT *, DECODE(pass,'yblcatx') AS passdecode FROM contacts WHERE contact_id = $contact_id";
$Recordset1 = mysql_query($query_Recordset1, $YBDB) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>