$alertmessage = "The title was left empty.";
    $page = "blog_edit";
    $action = "add";
    $proj_id = $_POST[blog_proj];
} else {
    // This determines the page to show once the form submission has been successful
    $page = "blog_view";
    // Begin to clean up the $_POST submissions
    $blog_id = CleanUp($_POST[blog_id]);
    $blog_user = CleanUp($_POST[blog_user]);
    $blog_date = CleanUp($_POST[blog_date]);
    $blog_proj = CleanUp($_POST[blog_proj]);
    $blog_text = addslashes($_POST[blog_text]);
    $blog_view = CleanUp($_POST[blog_view]);
    $blog_title = CleanUp($_POST[blog_title]);
    $blog_type = CleanUp($_POST[blog_type]);
    $blog_contact = CleanNumber($_POST[blog_contact]);
    $blog_link = CleanUp($_POST[blog_link]);
    $blog_task = CleanUp($_POST[blog_task]);
    $blog_date_minute = CleanNumber($_POST[blog_date_minute]);
    $blog_date_hour = CleanNumber($_POST[blog_date_hour]);
    $blog_date_day = CleanNumber($_POST[blog_date_day]);
    $blog_date_month = CleanNumber($_POST[blog_date_month]);
    $blog_date_year = CleanNumber($_POST[blog_date_year]);
    $blog_date = mktime($blog_date_hour, $blog_date_minute, 0, $blog_date_month, $blog_date_day, $blog_date_year);
    // Construct the MySQL instruction to add these entries to the database
    $sql_add = "UPDATE intranet_projects_blog SET\nblog_user = '******',\nblog_date = '{$blog_date}',\nblog_proj = '{$blog_proj}',\nblog_text = '{$blog_text}',\nblog_view = '{$blog_view}',\nblog_title = '{$blog_title}',\nblog_type = '{$blog_type}',\nblog_contact = '{$blog_contact}',\nblog_link = '{$blog_link}',\nblog_task = '{$blog_task}'\nWHERE blog_id = '{$blog_id}' LIMIT 1\n";
    $result = mysql_query($sql_add, $conn) or die(mysql_error());
    $actionmessage = "The blog entry was edited successfully.";
    $techmessage = $sql_add;
}
    $ts_datum_length = $array['ts_datum_length'];
    echo "<h1>Edit Fee Stage</h1>";
    // echo "<p class=\"menu_bar\">Menu goes here</p>";
    echo "<input type=\"hidden\" name=\"ts_fee_id\" value=\"{$ts_fee_id}\" />";
} else {
    $ts_fee_stage = CleanNumber($_POST[ts_fee_stage]);
    $ts_fee_text = CleanUp($_POST[ts_fee_text]);
    $ts_fee_value = CleanUp($_POST[ts_fee_value]);
    if ($_POST[ts_fee_project]) {
        $ts_fee_project = CleanUp($_POST[ts_fee_project]);
    } elseif ($_GET[proj_id]) {
        $ts_fee_project = CleanUp($_GET[proj_id]);
    }
    $ts_fee_percentage = CleanNumber($_POST[ts_fee_percentage]);
    $ts_fee_prospect = CleanNumber($_POST[ts_fee_prospect]);
    $ts_fee_target = CleanNumber($_POST[ts_fee_target]);
    $ts_fee_comment = CleanUp($_POST[ts_fee_comment]);
    $ts_fee_commence = CleanUp($_POST[ts_fee_commence]);
    if ($_GET[proj_id] != NULL) {
        $proj_id_page = $_GET[proj_id];
    }
    echo "<h1>Add Fee Stage</h1>";
}
echo "<form action=\"index2.php?page=project_fees\" method=\"post\">";
// Begin the invoice entry system
$nowtime = time();
if ($ts_fee_time_begin_day > 0) {
    $nowtime_day = $ts_fee_time_begin_day;
    $thentime_day = $ts_fee_time_end_day;
} else {
    $nowtime_day = date("d", $nowtime);
$invoice_date_month = CleanNumber($_POST[invoice_date_month]);
$invoice_date_year = CleanNumber($_POST[invoice_date_year]);
$invoice_due_day = CleanNumber($_POST[invoice_due_day]);
$invoice_due_month = CleanNumber($_POST[invoice_due_month]);
$invoice_due_year = CleanNumber($_POST[invoice_due_year]);
$invoice_paid_day = CleanNumber($_POST[invoice_paid_day]);
$invoice_paid_month = CleanNumber($_POST[invoice_paid_month]);
$invoice_paid_year = CleanNumber($_POST[invoice_paid_year]);
$invoice_project = $_POST[invoice_project];
$invoice_ref = CleanUp($_POST[invoice_ref]);
$invoice_notes = CleanUp($_POST[invoice_notes]);
$invoice_text = CleanUp($_POST[invoice_text]);
$invoice_account = CleanNumber($_POST[invoice_account]);
$invoice_baddebt = CleanUp($_POST[invoice_baddebt]);
$invoice_client = CleanNumber($_POST[invoice_client]);
$invoice_purchase_order = CleanNumber($_POST[invoice_purchase_order]);
$proj_id = $invoice_project;
// Check the date input
if (checkdate($invoice_date_month, $invoice_date_day, $invoice_date_year) != TRUE) {
    $alertmessage = "The date entered is invalid.";
    $page = "timesheet_invoice_edit";
} elseif (checkdate($invoice_due_month, $invoice_due_day, $invoice_due_year) != TRUE and $_POST[invoice_due_type] == "manual") {
    $alertmessage = "The date entered is invalid.";
    $page = "timesheet_invoice_edit";
} elseif ($invoice_paid < $invoice_date) {
    $alertmessage = "The paid date is before the issue date of the invoice.";
    $page = "timesheet_invoice_edit";
} elseif ($invoice_ref == "") {
    $alertmessage = "The invoice reference was left empty.";
    $page = "timesheet_invoice_edit";
} else {
 function GetProjectInfo($proj_id)
 {
     if ($proj_id != NULL) {
         global $conn;
         $sql = "SELECT proj_num, proj_name FROM intranet_projects WHERE proj_id = {$proj_id}";
         $result = mysql_query($sql, $conn) or die(mysql_error());
         $array = mysql_fetch_array($result);
         $proj_num = $array['proj_num'];
         $proj_name = $array['proj_name'];
         $proj_title = $proj_num . " " . $proj_name;
         echo "<a href=\"index2.php?page=project_view&amp;proj_id={$proj_id}\">" . $proj_title . "</a>";
     }
 }
 // Check if we're updating the current fee stage
 if ($_POST[fee_stage_current] > 0) {
     $fee_stage_current = CleanNumber($_POST[fee_stage_current]);
     $sql_update = "UPDATE intranet_projects SET proj_riba = '{$fee_stage_current}' WHERE proj_id = '{$proj_id}' LIMIT 1";
     $result_update = mysql_query($sql_update, $conn) or die(mysql_error());
 }
 // Item Sub Menu
 echo "<p class=\"submenu_bar\">";
 if ($user_usertype_current > 3 or $user_id_current == $proj_rep_black) {
     echo "<a href=\"index2.php?page=project_edit&amp;status=edit&amp;proj_id={$proj_id}\" class=\"submenu_bar\">Edit</a>";
 }
 if ($user_usertype_current > 2) {
     echo "<a href=\"index2.php?page=project_hourlyrates_view&amp;proj_id={$proj_id}\" class=\"submenu_bar\">Hourly Rates</a>";
     echo "<a href=\"index2.php?page=project_timesheet_view&amp;proj_id={$proj_id}\" class=\"submenu_bar\">Expenditure</a>";
     echo "<a href=\"index2.php?page=timesheet_fees_edit&amp;proj_id={$proj_id}\" class=\"submenu_bar\">Add Fee Stage</a>";
 }
 echo "</p>";
 echo "<h2>Fee Stages</h2>";
    }
}
if ($_POST[drawing_number_4] == NULL) {
    $drawing_number_4 = FindDrawing4($_POST, $drawing_number_3);
} else {
    $drawing_number_4 = CleanUp($_POST[drawing_number_4]);
}
$drawing_project = CleanUp($_POST[drawing_project]);
$drawing_author = $_POST[drawing_author];
$drawing_scale = CleanNumber($_POST[drawing_scale]);
$drawing_paper = $_POST[drawing_paper];
$drawing_orientation = CleanUp($_POST[drawing_orientation]);
$drawing_title = CleanUp($_POST[drawing_title]);
$drawing_date_day = CleanNumber($_POST[drawing_date_day]);
$drawing_date_month = CleanNumber($_POST[drawing_date_month]);
$drawing_date_year = CleanNumber($_POST[drawing_date_year]);
$drawing_checked = CleanUp($_POST[drawing_checked]);
$drawing_package_list = $_POST[drawing_package_list];
$drawing_total_packages = $_POST[drawing_total_packages];
$drawing_targetdate = $_POST[drawing_targetdate];
$drawing_comment = CleanUp($_POST[drawing_comment]);
$counter = 0;
while ($counter < $drawing_total_packages) {
    if ($drawing_package_list[$counter] != NULL) {
        $drawing_packages = $drawing_package_list[$counter] . "," . $drawing_packages;
    }
    $counter++;
}
if ($drawing_number == NULL) {
    $drawing_number = $drawing_number_1 . "-" . $drawing_number_2;
    if ($drawing_number_3 != NULL) {
<?php

if ($_GET[month] == NULL) {
    $month = date("n", time());
} else {
    $month = CleanNumber($_GET[month]);
}
if ($_GET[year] == NULL) {
    $year = date("Y", time());
} else {
    $year = CleanNumber($_GET[year]);
}
if ($_GET[type] != NULL) {
    $type = $_GET[type];
} else {
    $type = "date";
}
function DateTitle($month, $year)
{
    $input = mktime(12, 0, 0, $month, 15, $year);
    $input = date("F Y", $input);
    return $input;
}
$month_next = $month + 1;
if ($month_next > 12) {
    $month_next = 1;
    $year_next = $year + 1;
} else {
    $year_next = $year;
}
$year_before = $year - 1;
    } else {
        $current_vat = $settings_vat / 100 + 1;
    }
    $ts_expense_vat = $ts_expense_value;
    $ts_expense_value = 1 / $current_vat * $ts_expense_value;
} else {
    $ts_expense_vat = $ts_expense_value;
}
$ts_expense_vat = round($ts_expense_vat, 2);
$ts_expense_desc = CleanUp($_POST[ts_expense_desc]);
$ts_expense_verified = 0;
$ts_expense_invoiced = $_POST[ts_expense_invoiced];
$ts_expense_receipt = $_POST[ts_expense_receipt];
$ts_expense_reimburse = $_POST[ts_expense_reimburse];
$ts_expense_notes = CleanUp($_POST[ts_expense_notes]);
$ts_expense_category = CleanNumber($_POST[ts_expense_category]);
// Check the date input
if (checkdate($ts_expense_month, $ts_expense_day, $ts_expense_year) != TRUE) {
    $alertmessage = "The date entered is invalid.";
    $page_redirect = "timesheet_expense_edit";
} elseif ($_POST[ts_expense_desc] == "") {
    $alertmessage = "The description was left empty.";
    $page_redirect = "timesheet_expense_edit";
} elseif ($_POST[ts_expense_value] == "") {
    $alertmessage = "The expenses value was left empty.";
    $page_redirect = "timesheet_expense_edit";
} else {
    // Convert the date to a time
    $ts_expense_date = mktime(12, 0, 0, $ts_expense_month, $ts_expense_day, $ts_expense_year);
    // Construct the MySQL instruction to add these entries to the database
    if ($ts_expense_id > 0) {
 echo "<p><strong>All Dates?</strong><br />Yes<input type=\"radio\" name=\"time_all\" value=\"yes\" checked=\"checked\" />&nbsp;Dates as follows:<input type=\"radio\" name=\"time_all\" value=\"no\" /></p>";
 print "<p>Date Begin<br />Day&nbsp;<input type=\"text\" name=\"then_day\" value=\"{$then_day}\" size=\"4\" />&nbsp;Month&nbsp;<input type=\"text\" name=\"then_month\" value=\"{$then_month}\" size=\"4\" />&nbsp;Year&nbsp;<input type=\"text\" name=\"then_year\" value=\"{$then_year}\" size=\"4\" /></p>";
 if ($_GET[now_day] == NULL) {
     $now_day = date("j", time());
 } else {
     $now_day = CleanNumber($_GET[now_day]);
 }
 if ($_GET[now_month] == NULL) {
     $now_month = date("n", time());
 } else {
     $now_month = CleanNumber($_GET[now_month]);
 }
 if ($_GET[now_year] == NULL) {
     $now_year = date("Y", time());
 } else {
     $now_year = CleanNumber($_GET[now_year]);
 }
 print "<p>Date End<br />Day&nbsp;<input type=\"text\" name=\"now_day\" value=\"{$now_day}\" size=\"4\" />&nbsp;Month&nbsp;<input type=\"text\" name=\"now_month\" value=\"{$now_month}\" size=\"4\" />&nbsp;Year&nbsp;<input type=\"text\" name=\"now_year\" value=\"{$now_year}\" size=\"4\" /></p>";
 echo "<p><strong>Include P11d Items?</strong><br />Yes<input type=\"radio\" name=\"include_p11d\" value=\"yes\" checked=\"checked\" />&nbsp;No<input type=\"radio\" name=\"include_p11d\" value=\"no\" />&nbsp;Both<input type=\"radio\" name=\"include_p11d\" value=\"both\" /></p>";
 print "<p><input type=\"submit\" /></p>";
 print "</form>";
 print "</fieldset>";
 print "<fieldset><legend>Verify or View P11d Items</legend>";
 function MonthRow($user)
 {
     $current_year = date("Y", time());
     $year_start = $current_year - 4;
     $year_now = $year_start;
     while ($year_now <= $current_year) {
         $year_next = $year_now + 1;
         echo "<td><a href=\"csv_expense_user.php?user={$user}&amp;year={$year_now}\">{$year_now} - {$year_next}</a></td>";
<?php

$ts_expense_id = CleanNumber($_GET[ts_expense_id]);
if ($ts_expense_id == NULL && $user_usertype_current < 3) {
    $page_redirect = "timesheet_expense_list";
    $alertmessage = "The expense item you tried to delete does not exist.";
} else {
    $nowtime = TimeFormat(time()) . " by user " . $_COOKIE[user];
    $sql_edit = "UPDATE intranet_timesheet_expense SET\n\t\tts_expense_project = NULL,\n\t\tts_expense_value = NULL,\n\t\tts_expense_date = '{$_POST['ts_expense_date']}',\n\t\tts_expense_desc = '- Deleted -',\n\t\tts_expense_user = '******'ts_expense_user']}',\n\t\tts_expense_vat = NULL,\n\t\tts_expense_receipt = NULL,\n\t\tts_expense_invoiced = NULL,\n\t\tts_expense_reimburse = NULL,\n\t\tts_expense_notes = 'Deleted {$nowtime}',\n\t\tts_expense_category = NULL,\n\t\tts_expense_disbursement = NULL,\n\t\tts_expense_p11d = NULL,\n\t\tts_expense_verified = NULL\n\t\tWHERE ts_expense_id = {$ts_expense_id} LIMIT 1";
    $result = mysql_query($sql_edit, $conn) or die(mysql_error());
    $actionmessage = "Expense <strong>{$ts_expense_id}</strong> deleted successfully.";
    //echo $sql_edit;
}
<?php

// First, identify if we're adding or editing
if ($_GET[contact_proj_id] > 0) {
    $contact_proj_id = CleanNumber($_GET[contact_proj_id]);
    $sql_check = "SELECT contact_proj_contact, contact_proj_role, contact_proj_note, contact_proj_company FROM intranet_contacts_project WHERE contact_proj_id = '{$contact_proj_id}' LIMIT 1 ";
    $result_check = mysql_query($sql_check, $conn) or die(mysql_error());
    $array_check = mysql_fetch_array($result_check);
    $contact_proj_contact = $array_check['contact_proj_contact'];
    $contact_proj_role = $array_check['contact_proj_role'];
    $contact_proj_note = $array_check['contact_proj_note'];
    $contact_proj_company = $array_check['contact_proj_company'];
    $contact_id = $array_check['contact_proj_contact'];
    // work out the CURRENT company to see if the contact has changed
    $sql_check_previous = "SELECT contact_company FROM contacts_contactlist WHERE contact_id = '{$contact_id}' LIMIT 1 ";
    $result_check_previous = mysql_query($sql_check_previous, $conn) or die(mysql_error());
    $array_check_previous = mysql_fetch_array($result_check_previous);
    $contact_company_previous = $array_check_previous['contact_company'];
    echo "<h2>Edit Project Contacts</h2>";
    echo "<form method=\"post\" action=\"index2.php?page=project_contacts&amp;proj_id={$_GET['proj_id']}\">";
} else {
    echo "<h2>Add Project Contacts</h2>";
    echo "<form method=\"post\" action=\"index2.php?page=project_view&amp;proj_id={$_GET['proj_id']}&amp;status=edit&amp;show=contacts\">";
}
echo "<table><tr><td colspan=\"2\">Contact Name</td></tr>";
$sql_contact = "SELECT contact_id, contact_namefirst, contact_namesecond, contact_company, company_name, company_postcode, company_id FROM contacts_contactlist LEFT JOIN contacts_companylist ON contacts_contactlist.contact_company = contacts_companylist.company_id ORDER BY contact_namesecond, contact_namefirst";
$result_contact = mysql_query($sql_contact, $conn) or die(mysql_error());
echo "<tr><td colspan=\"2\"><select name=\"contact_proj_contact\">";
while ($array_contact = mysql_fetch_array($result_contact)) {
    $contact_id = $array_contact['contact_id'];
    $company_id = $array_contact['company_id'];
$ts_fee_commence = $_POST[ts_fee_commence];
$ts_fee_prospect = $_POST[ts_fee_prospect];
$ts_fee_proj_change = $_POST[ts_fee_proj_change];
if ($ts_fee_commence == 0) {
    $ts_fee_commence = BeginWeek(time());
}
$choose = CleanNumber($_POST[choose]);
if ($choose == "value") {
    $ts_fee_value = CleanNumber($_POST[ts_fee_value]);
    $ts_fee_percentage = "";
} else {
    $ts_fee_percentage = CleanNumber($_POST[ts_fee_percentage]);
    $ts_fee_value = "";
}
$ts_fee_duration = CleanNumber($_POST[ts_fee_duration]);
$ts_fee_pre = CleanNumber($_POST[ts_fee_pre]);
$ts_fee_pre_lag = 604800 * $_POST[ts_fee_pre_lag];
$ts_fee_duration = $ts_fee_duration * 604800;
// Calculate the revised date of commencement if previous stage provided
if ($ts_fee_pre > 0) {
    $sql_pre = "SELECT ts_fee_commence, ts_fee_time_end FROM intranet_timesheet_fees WHERE ts_fee_id = {$ts_fee_pre} LIMIT 1";
    $result_pre = mysql_query($sql_pre, $conn) or die(mysql_error());
    $array_pre = mysql_fetch_array($result_pre);
    $stage_length = $array_pre['ts_fee_time_end'];
    $stage_start = AssessDays($array_pre['ts_fee_commence']);
    $delay = $ts_fee_pre_lag;
    $ts_fee_commence = $stage_start + $stage_length + $delay;
    $ts_fee_commence = date("Y-n-j", $ts_fee_commence);
}
// Now update any fee stages directly linked to this one
if ($ts_fee_id > 0) {
    }
    print "<h2>Edit Mileage Claim</h2>";
    print "<form action=\"index2.php?page=timesheet_expense_view&amp;ts_expense_id={$ts_expense_id}\" method=\"post\">";
} else {
    $ts_expense_project = CleanNumber($_POST[ts_expense_project]);
    $ts_expense_value = NumberFormat($_POST[ts_expense_value]);
    $ts_expense_date = CleanNumber($_POST[ts_expense_date]);
    $ts_expense_desc = CleanUp($_POST[ts_expense_desc]);
    $ts_expense_user = CleanNumber($_POST[ts_expense_user]);
    $ts_expense_verified = $_POST[ts_expense_verified];
    $ts_expense_vat = $_POST[ts_expense_vat];
    $ts_expense_invoiced = $_POST[ts_expense_invoiced];
    $ts_expense_receipt = $_POST[ts_expense_receipt];
    $expense_date_day = CleanNumber($_POST[ts_expense_day]);
    $expense_date_month = CleanNumber($_POST[ts_expense_month]);
    $expense_date_year = CleanNumber($_POST[ts_expense_year]);
    if ($_GET[proj_id] != NULL) {
        $proj_id_page = $_GET[proj_id];
    }
    print "<h2>Add Mileage Claim</h2>";
    print "<form action=\"index2.php?page=timesheet_expense_view\" method=\"post\">";
}
print "<input type=\"hidden\" name=\"ts_expense_id\" value=\"{$ts_expense_id}\" />";
// Begin the invoice entry system
$nowtime = time();
if ($expense_date_day > 0) {
    $nowtime_day = $expense_date_day;
} else {
    $nowtime_day = date("d", $nowtime);
}
if ($expense_date_month > 0) {
<?php

if ($_GET[company_id] > 0) {
    $company_id = CleanNumber($_GET[company_id]);
} elseif ($company_id_added > 0) {
    $company_id = $company_id_added;
} else {
    $company_id = 0;
}
if ($company_id == NULL) {
    header("location:index2.php");
}
$sql_company = "SELECT * FROM contacts_companylist WHERE company_id = '{$company_id}' LIMIT 1";
$result_company = mysql_query($sql_company, $conn) or die(mysql_error());
$array_company = mysql_fetch_array($result_company);
$company_id = $array_company['company_id'];
$company_name = $array_company['company_name'];
$company_address = $array_company['company_address'];
$company_city = $array_company['company_city'];
$company_county = $array_company['company_county'];
$company_country = $array_company['company_country'];
$company_postcode = $array_company['company_postcode'];
$company_phone = $array_company['company_phone'];
$company_fax = $array_company['company_fax'];
$company_web = $array_company['company_web'];
$company_notes = $array_company['company_notes'];
// Determine the country
$sql_country = "SELECT country_printable_name FROM intranet_contacts_countrylist where country_id = '{$company_country}' LIMIT 1";
$result_country = mysql_query($sql_country, $conn);
$array_country = mysql_fetch_array($result_country);
$country_printable_name = $array_country['country_printable_name'];
}
if ($_GET[invoice_id] != NULL) {
    $invoice_id = CleanNumber($_GET[invoice_id]);
    $viewall = "";
} elseif ($_POST[viewall] != NULL) {
    $viewall = "yes";
} else {
    header("Location: ../index2.php");
}
if ($_POST[order_by] != NULL) {
    $order_by = CleanUp($_POST[order_by]);
} else {
    $order_by = "invoice_id";
}
if ($_POST[account_id] != NULL) {
    $account_test = "AND invoice_account = " . CleanNumber($_POST[account_id]);
}
//  Use FDPI to get the template
define('FPDF_FONTPATH', 'fpdf/font/');
require 'fpdf/fpdi.php';
$pdf = new fpdi();
$pagecount = $pdf->setSourceFile("pdf/template.pdf");
$tplidx = $pdf->ImportPage(1);
$pdf->AddFont($format_font, '', $format_font_2);
$counter = 1;
if ($viewall == "yes") {
    $nowtime = time();
    $sql_complete = "SELECT invoice_id FROM intranet_timesheet_invoice WHERE invoice_date < {$nowtime} {$account_test} ORDER BY {$order_by}";
    $result_complete = mysql_query($sql_complete, $conn) or die(mysql_error());
} else {
    $nowtime = time();
<?php

require_once 'secure/rollbar.php';
$config = array('access_token' => '79f4496bab774563862a8da48e15cf19', 'environment' => 'production', 'root' => '/Users/brian/www/myapp');
Rollbar::init($config);
// installs global error and exception handlers
Rollbar::init(array('access_token' => '79f4496bab774563862a8da48e15cf19'));
date_default_timezone_set('Europe/London ');
include "inc_action_functions.php";
if ($_GET[time] != NULL) {
    $time = CleanNumber($_GET[time]);
    setcookie("lastdayview", $time);
} else {
    $time = time();
}
$ip_current = getenv("REMOTE_ADDR");
// get the ip number of the user
if ($_COOKIE[password] == NULL or $_COOKIE[user] == NULL) {
    header("Location: login.php");
} else {
    // Get the database variables from file
    $database_read = file_get_contents("secure/database.inc");
    $database_read_array = explode("\n", $database_read);
    $settings_companyaddress = file_get_contents("secure/address.inc");
    $database_location = $database_read_array[0];
    $database_username = $database_read_array[1];
    $database_password = $database_read_array[2];
    $database_name = $database_read_array[3];
    $settings_popup_login = $database_read_array[4];
    $settings_popup_newmessage = $database_read_array[5];
    $settings_style = $database_read_array[6];
<?php

// Begin to clean up the $_POST submissions
$message_id = CleanNumber($_POST[message_id]);
$message_from_id = CleanNumber($_POST[message_from_id]);
$message_from_name = CleanUpNames($_POST[message_from_name]);
$message_from_company = CleanUpNames($_POST[message_from_company]);
$message_from_number = CleanUp($_POST[message_from_number]);
$message_for_user = CleanNumber($_POST[message_for_user]);
$message_text = CleanUp($_POST[message_text]);
$message_viewed = CleanNumber($_POST[message_viewed]);
$message_date = time();
$message_project = CleanNumber($_POST[message_project]);
$message_taken = CleanNumber($_POST[message_taken]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($_POST[message_from_id] == "" and $_POST[message_from_name] == "") {
    $alertmessage = "You have not entered the name of the caller.";
    $page_redirect = "phonemessage_edit";
} elseif ($_POST[message_text] == "") {
    $alertmessage = "The message was left empty.";
    $page_redirect = "timesheet_expense_edit";
} else {
    // Construct the MySQL instruction to add these entries to the database
    if ($message_id > 0) {
        $sql_edit = "UPDATE intranet_phonemessage SET\n\t\tmessage_from_id = '{$message_from_id}',\n\t\tmessage_from_name = '{$message_from_name}',\n\t\tmessage_from_company = '{$message_from_company}',\n\t\tmessage_from_number = '{$message_from_number}',\n\t\tmessage_for_user = '******',\n\t\tmessage_text = '{$message_text}',\n\t\tmessage_viewed = '{$message_viewed}',\n\t\tmessage_date = '{$message_date}',\n\t\tmessage_project = '{$message_project}',\n\t\tmessage_taken = '{$message_taken}'\n\t\tWHERE message_id = '{$message_id}'\n\t\tLIMIT 1";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Telephone message updated successfully.";
        $techmessage = $sql_edit;
    } else {
        $sql_add = "INSERT INTO intranet_phonemessage (\n\t\tmessage_id,\n\t\tmessage_from_id,\n\t\tmessage_from_name,\n\t\tmessage_from_company,\n\t\tmessage_from_number,\n\t\tmessage_for_user,\n\t\tmessage_text,\n\t\tmessage_viewed,\n\t\tmessage_date,\n\t\tmessage_project,\n\t\tmessage_taken\n\t\t) values (\n\t\t'NULL',\n\t\t'{$message_from_id}',\n\t\t'{$message_from_name}',\n\t\t'{$message_from_company}',\n\t\t'{$message_from_number}',\n\t\t'{$message_for_user}',\n\t\t'{$message_text}',\n\t\t'{$message_viewed}',\n\t\t'{$message_date}',\n\t\t'{$message_project}',\n\t\t'{$message_taken}'\n\t\t)";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
<?php

unset($alertmessage);
// Begin to clean up the $_POST submissions
$answer_id = CleanNumber($_POST[answer_id]);
$answer_words = CleanNumber($_POST[answer_words]);
$answer_question = addslashes($_POST[answer_question]);
$answer_ref = CleanUp($_POST[answer_ref]);
$answer_tender_id = CleanNumber($_POST[answer_tender_id]);
$answer_weighting = CleanUp($_POST[answer_weighting]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($answer_ref == NULL or $answer_question == NULL) {
    $alertmessage = "Empty fields are not allowed";
    $page_redirect = "index2.php?page=tender_view&amp;tender_id=2&amp;edit_question={$answer_id}";
}
if ($alertmessage == NULL) {
    // Construct the MySQL instruction to add these entries to the database
    if ($answer_id > 0) {
        $sql_edit = "UPDATE intranet_tender_answers SET\n\t\tanswer_ref = '{$answer_ref}',\n\t\tanswer_words = '{$answer_words}',\n\t\tanswer_question = '{$answer_question}',\n\t\tanswer_weighting = '{$answer_weighting}'\n\t\tWHERE answer_id = '{$answer_id}' LIMIT 1";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Response updated successfully.";
        $techmessage = $sql_edit;
    } else {
        $sql_add = "INSERT INTO intranet_tender_answers (\n\t\tanswer_id,\n\t\tanswer_ref,\n\t\tanswer_words,\n\t\tanswer_wordcount,\n\t\tanswer_question,\n\t\tanswer_weighting,\n\t\tanswer_complete,\n\t\tanswer_tender_id\n\t\t) values (\n\t\t'NULL',\n\t\t'{$answer_ref}',\n\t\t'{$answer_words}',\n\t\t'0',\n\t\t'{$answer_question}',\n\t\t'{$answer_weighting}',\n\t\t'',\n\t\t'{$answer_tender_id}'\n\t\t)";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
        $actionmessage = "Response added successfully.";
        $techmessage = $sql_add;
    }
}
<?php

if ($_GET[message_id] != NULL) {
    $message_id = CleanNumber($_GET[message_id]);
}
if ($message_id > 0) {
    $sql = "SELECT * FROM intranet_phonemessage where message_id = '{$message_id}'";
    $result = mysql_query($sql, $conn);
    $array = mysql_fetch_array($result);
    $message_id = $array['message_id'];
    $message_from_id = $array['message_from_id'];
    $message_from_name = $array['message_from_name'];
    $message_from_company = $array['message_from_company'];
    $message_from_number = $array['message_from_number'];
    $message_for_user = $array['message_for_user'];
    $message_text = $array['message_text'];
    $message_viewed = $array['message_viewed'];
    $message_date = $array['message_date'];
    $message_project = $array['message_project'];
    $message_action = $array['message_action'];
    print "<h1>Edit Existing Telephone Message</h1>";
    print "<form method=\"post\" action=\"index2.php?page=project_view&amp;message_id={$message_id}&amp;project_id={$message_project}\">";
    print "<input type=\"hidden\" name=\"message_id\" value=\"{$message_id}\" />";
} else {
    $message_id = $_POST[message_id];
    $message_from_id = $_POST[message_from_id];
    $message_from_name = $_POST[message_from_name];
    $message_from_company = $_POST[message_from_company];
    $message_from_number = $_POST[message_from_number];
    $message_for_user = $_POST[message_for_user];
    $message_text = $_POST[message_text];
<?php

if ($_GET[proj_id] != NULL) {
    $proj_id = CleanNumber($_GET[proj_id]);
} elseif ($_POST[blog_proj] != NULL) {
    $proj_id = CleanNumber($_POST[blog_proj]);
} else {
    $proj_id = NULL;
}
print "<h2>Journal Entries</h2>";
$sql = "SELECT * FROM intranet_projects_blog, intranet_projects, intranet_user_details WHERE blog_proj = proj_id AND proj_id = '{$proj_id}' AND blog_user = user_id order by blog_date DESC";
$result = mysql_query($sql, $conn) or die(mysql_error());
$result_project = mysql_query($sql, $conn) or die(mysql_error());
$array_project = mysql_fetch_array($result_project);
$proj_num = $array_project['proj_num'];
$proj_name = $array_project['proj_name'];
$user_name_first = $array_project['user_name_first'];
$user_name_second = $array_project['user_name_second'];
$user_id = $array_project['user_id'];
// Include a bar to navigate through the pages
print "<p class=\"submenu_bar\">";
$items_to_view = 10;
if ($_GET[limit] == NULL) {
    $limit = 0;
} else {
    $limit = $_GET[limit];
}
$total_items = mysql_num_rows($result);
$page_prev = $limit - $items_to_view;
$page_next = $limit + $items_to_view;
if ($limit > 0) {
<?php

$contact_proj_id = $_POST[contact_proj_id];
$contact_proj_role = CleanNumber($_POST[contacts_discipline]);
$contact_proj_contact = CleanNumber($_POST[contact_proj_contact]);
$contact_proj_note = CleanUp($_POST[contact_proj_note]);
$contact_proj_company = CleanNumber($_POST[contact_proj_company]);
if ($contact_proj_id > 0) {
    $sql_edit = "UPDATE intranet_contacts_project SET\n\t\tcontact_proj_role = '{$contact_proj_role}',\n\t\tcontact_proj_contact = '{$contact_proj_contact}',\n\t\tcontact_proj_note = '{$contact_proj_note}',\n\t\tcontact_proj_company = '{$contact_proj_company}'\n\t\tWHERE contact_proj_id = '{$contact_proj_id}' LIMIT 1";
    $result = mysql_query($sql_edit, $conn) or die(mysql_error());
    $actionmessage = "Project contact updated successfully.";
    $techmessage = $sql_edit;
}
<?php

// Begin to clean up the $_POST submissions
$invoice_item_value_novat = CleanNumber($_POST[invoice_value_novat]);
$invoice_item_invoice = CleanNumber($_POST[invoice_item_invoice]);
$invoice_item_vat = CleanNumber($_POST[invoice_item_vat]);
$invoice_item_novat = CleanUp($_POST[invoice_item_novat]);
$invoice_item_stage = CleanNumber($_POST[invoice_item_stage]);
$invoice_item_desc = CleanUp($_POST[invoice_item_desc]);
$current_vat = $settings_vat / 100 + 1;
if ($invoice_item_vat == 1) {
    $invoice_item_vat = $invoice_item_novat * $current_vat;
} else {
    $invoice_item_vat = $invoice_item_novat;
}
// Check the date input
if ($invoice_item_desc == NULL) {
    $alertmessage = "The description is empty.";
    $page = "timesheet_invoice_item_edit";
} else {
    // Convert the date to a time
    if ($_POST[invoice_item_id] != NULL) {
        $sql_edit = "UPDATE intranet_timesheet_invoice_item SET\n\t\t\t\t\t\tinvoice_item_invoice = '{$invoice_item_invoice}',\n\t\t\t\t\t\tinvoice_item_stage = '{$invoice_item_stage}',\n\t\t\t\t\t\tinvoice_item_desc = '{$invoice_item_desc}',\n\t\t\t\t\t\tinvoice_item_novat = '{$invoice_item_novat}',\n\t\t\t\t\t\tinvoice_item_vat = '{$invoice_item_vat}'\n\t\t\t\t\t\tWHERE invoice_item_id = '{$_POST['invoice_item_id']}' LIMIT 1";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Invoice {$invoice_ref} updated successfully.";
        $techmessage = $sql_edit;
    } else {
        // Construct the MySQL instruction to add these entries to the database
        $sql_add = "INSERT INTO intranet_timesheet_invoice_item (\n\t\t\t\t\t\tinvoice_item_id,\n\t\t\t\t\t\tinvoice_item_invoice,\n\t\t\t\t\t\tinvoice_item_stage,\n\t\t\t\t\t\tinvoice_item_desc,\n\t\t\t\t\t\tinvoice_item_novat,\n\t\t\t\t\t\tinvoice_item_vat\n\t\t\t\t\t\t) values (\n\t\t\t\t\t\t'NULL',\n\t\t\t\t\t\t'{$invoice_item_invoice}',\n\t\t\t\t\t\t'{$invoice_item_stage}',\n\t\t\t\t\t\t'{$invoice_item_desc}',\n\t\t\t\t\t\t'{$invoice_item_novat}',\n\t\t\t\t\t\t'{$invoice_item_vat}'\n\t\t\t\t\t\t)";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
        $actionmessage = "Invoice {$invoice_ref} added successfully.";
<?php

include "inc_files/inc_checkcookie.php";
$then_day = CleanNumber($_POST[then_day]);
$then_month = CleanNumber($_POST[then_month]);
$then_year = CleanNumber($_POST[then_year]);
$now_day = CleanNumber($_POST[now_day]);
$now_month = CleanNumber($_POST[now_month]);
$now_year = CleanNumber($_POST[now_year]);
$date_begin = mktime(0, 0, 0, $then_month, $then_day, $then_year);
$date_end = mktime(24, 0, 0, $now_month, $now_day, $now_year);
if ($date_end <= $date_begin or checkdate($then_month, $then_day, $then_year) != "TRUE" or checkdate($now_month, $now_day, $now_year) != "TRUE") {
    $redirect = "Location:index2.php?page=timesheet_expense_analysis&then_day={$then_day}&then_month={$then_month}&then_year={$then_year}&now_day={$now_day}&now_month={$now_month}&now_year={$now_year}";
    header($redirect);
}
if ($_POST[sorted_by] == "project") {
    $expense_sortorder = "proj_num";
} elseif ($_POST[sorted_by] == "id") {
    $expense_sortorder = "ts_expense_id";
} elseif ($_POST[sorted_by] == "ts_expense_vat") {
    $expense_sortorder = "ts_expense_vat";
} else {
    $expense_sortorder = "ts_expense_date";
}
if ($user_usertype_current <= 3) {
    header("Location: index2.php");
}
// Begin creating the page
echo "<table><tr><td>ID</td><td>Date</td><td>Project</td><td>Description</td><td>Category</td><td>User</td><td>Date Verified</td><td>Invoice (ID) / Personal</td><td>Net.</td><td>VAT</td><td>Gross</td></tr>";
$expense_invoice_net = 0;
$expense_noinvoice_net = 0;
<?php

// Begin to clean up the $_GET submissions
$invoice_id = CleanNumber($_GET[invoice_id]);
$invoice_ref = CleanNumber($_GET[invoice_ref]);
if ($invoice_id != NULL) {
    $sql_edit = "DELETE from intranet_timesheet_invoice\n\t\t\t\t\t\tWHERE invoice_id = '{$invoice_id}' LIMIT 1";
    $result = mysql_query($sql_edit, $conn) or die(mysql_error());
    $actionmessage = "Invoice <strong>{$invoice_ref}</strong> deleted successfully.";
    $techmessage = $sql_edit;
}