<?php
include "db_routines.reg";

$CurrentTime = time();
$ts = date("Y-m-d H:i:s", $CurrentTime);

$ip = $_SERVER["REMOTE_ADDR"];
$return_value = 'Init';

// Cannot Check for CSFR, remote called from owl

// Check GET variables

if ((isset($_GET['a']) == false) 		// Possible scam
||  (isset($_GET['ft']) == false) 
||  (isset($_GET['fn']) == false))  {
	$return_value = "Request Failed (21)";
	echo $return_value;
	exit();
}

// Read GET variables
$ver_code = $_GET['a'];
$dbf = trim($_GET['ft']);
$fnm = trim($_GET['fn']);

// Verify
if ($ver_code != '95b00d47-7b93-4480-a6ba-abcdf45e1b32') {
	$return_value = "Request Failed (22)";
	echo $return_value;
	exit();
}

if (($dbf != "bar_logo") 
&&  ($dbf != "banner") 
&&  ($dbf != "bkgd") 
&&  ($dbf != "foot_logo")) {
	$return_value = "Request Failed (23)";
	echo $return_value;
	exit();
}

// connect DB
$DB_id=connect_db();

// set filenames
$ffnm = str_replace(" ", "_", $fnm);
$file_fnm_org = 'setup/' . $ffnm;
$file_fnm_old = 'setup/' . $ffnm . '.old';

// check file exists
if (file_exists($file_fnm_org) == true) {

	// mv file
	rename($file_fnm_org, $file_fnm_old);

	// update db

	switch ($dbf) {

		case 'bar_logo':
			$bl = '';
			$vts_q = "update vts set (bar_logo) = ($1)";
			$vts_r = pg_query_params($DB_id, $vts_q, array($bl));
			$return_value = "File removed";
			break;

		case 'banner':
			$bl = '';
			$vts_q = "update vts set (banner) = ($1)";
			$vts_r = pg_query_params($DB_id, $vts_q, array($bl));
			$return_value = "File removed";
			break;

		case 'bkgd':
			$bl = '';
			$vts_q = "update vts set (bkgd_pic) = ($1)";
			$vts_r = pg_query_params($DB_id, $vts_q, array($bl));
			$return_value = "File removed";
			break;

		case 'foot_logo':
			$bl = '';
			$vts_q = "update vts set (foot_logo) = ($1)";
			$vts_r = pg_query_params($DB_id, $vts_q, array($bl));
			$return_value = "File removed";
			break;

		deault:
			$return_value = "Request Failed (43)";
			break;
	}

} else {		// does not exists
	$return_value = "Request Failed (nf)";		// file notfound
}

echo $return_value;
exit();
?>