<?php

print "<p class=\"heading_side\">Settings</p>";
if ($_GET[listtype] == "list") {
    $showlist = "list";
} elseif ($_GET[listtype] == "address") {
    $showlist = "address";
} elseif ($_COOKIE[listtype] == "list") {
    $showlist = "list";
} elseif ($_COOKIE[listtype] == "address") {
    $showlist = "address";
} else {
    $showlist = "address";
}
$currentpage = "http://" . $_SERVER[HTTP_HOST] . $_SERVER[REQUEST_URI];
$currentpage = CleanUp($currentpage);
if ($showlist == "list") {
    print "<p>Contacts per page</p>";
    print "<form action=\"{$currentpage}\" method=\"post\">";
    print "<select class=\"inputbox\" name=\"listmax\">";
    print "<option value=\"5\"";
    if ($listmax == 5) {
        print " selected";
    }
    print ">5</option>";
    print "<option value=\"10\"";
    if ($listmax == 10) {
        print " selected";
    }
    print ">10</option>";
    print "<option value=\"20\"";
    $drawing_number_4 = CleanUp($_POST[drawing_number_4]);
}
$drawing_project = CleanUp($_POST[drawing_project]);
$drawing_author = $_POST[drawing_author];
$drawing_scale = CleanNumber($_POST[drawing_scale]);
$drawing_paper = $_POST[drawing_paper];
$drawing_orientation = CleanUp($_POST[drawing_orientation]);
$drawing_title = CleanUp($_POST[drawing_title]);
$drawing_date_day = CleanNumber($_POST[drawing_date_day]);
$drawing_date_month = CleanNumber($_POST[drawing_date_month]);
$drawing_date_year = CleanNumber($_POST[drawing_date_year]);
$drawing_checked = CleanUp($_POST[drawing_checked]);
$drawing_package_list = $_POST[drawing_package_list];
$drawing_total_packages = $_POST[drawing_total_packages];
$drawing_targetdate = $_POST[drawing_targetdate];
$drawing_comment = CleanUp($_POST[drawing_comment]);
$counter = 0;
while ($counter < $drawing_total_packages) {
    if ($drawing_package_list[$counter] != NULL) {
        $drawing_packages = $drawing_package_list[$counter] . "," . $drawing_packages;
    }
    $counter++;
}
if ($drawing_number == NULL) {
    $drawing_number = $drawing_number_1 . "-" . $drawing_number_2;
    if ($drawing_number_3 != NULL) {
        $drawing_number = $drawing_number . "-" . $drawing_number_3;
    }
    $drawing_number = $drawing_number . "-" . $drawing_number_4;
}
// Check the date input
<?php

// Begin to clean up the $_POST submissions
$ts_expense_id = $_POST[ts_expense_id];
$ts_expense_project = $_POST[ts_expense_project];
$ts_expense_desc = CleanUp($_POST[ts_expense_desc]);
$ts_expense_date = $_POST[ts_expense_date];
$ts_expense_day = $_POST[ts_expense_day];
$ts_expense_month = $_POST[ts_expense_month];
$ts_expense_year = $_POST[ts_expense_year];
$ts_expense_vat = $ts_expense_value;
$ts_expense_user = $_COOKIE[user];
$ts_expense_verified = 0;
$ts_expense_invoiced = $_POST[ts_expense_invoiced];
$ts_expense_receipt = NULL;
// Check the date input
if (checkdate($ts_expense_month, $ts_expense_day, $ts_expense_year) != TRUE) {
    $alertmessage = "The date entered is invalid.";
    $page_redirect = "timesheet_expense_mileage_edit";
} elseif ($_POST[ts_expense_desc] == "") {
    $alertmessage = "The description was left empty.";
    $page_redirect = "timesheet_expense_edit";
} elseif ($_POST[ts_expense_value] == "") {
    $alertmessage = "The expenses value was left empty.";
    $page_redirect = "timesheet_expense_edit";
} else {
    // Convert the date to a time
    $ts_expense_date = mktime(12, 0, 0, $ts_expense_month, $ts_expense_day, $ts_expense_year);
    // Construct the MySQL instruction to add these entries to the database
    if ($ts_expense_id > 0) {
        $sql_edit = "UPDATE intranet_timesheet_expense SET\n\t\tts_expense_project = '{$ts_expense_project}',\n\t\tts_expense_value = '{$ts_expense_value}',\n\t\tts_expense_date = '{$ts_expense_date}',\n\t\tts_expense_desc = '{$ts_expense_desc}',\n\t\tts_expense_user = '******',\n\t\tts_expense_vat = '{$ts_expense_vat}',\n\t\tts_expense_receipt = '{$ts_expense_receipt}',\n\t\tts_expense_invoiced = '{$ts_expense_invoiced}'\n\t\tWHERE ts_expense_id = '{$ts_expense_id}' LIMIT 1";
}
// And now echo some debugging information if the option is selected within the global options page
if ($settings_showtech > 0 and $user_usertype_current > 3) {
    if ($sql_add != "") {
        echo "<p>Database entry:<br /><strong>{$sql_add}</strong></p>";
    }
    echo "<h1>Technical Information</h1>";
    echo "<p>Included file:<br /><strong>&nbsp;" . CleanUp($inc_file) . "</strong></p>";
    echo "<p>Last Updated:<br /><strong>&nbsp;" . date("r", filectime($inc_file)) . "</strong></p>";
    echo "<p>Server IP Address:<br /><strong>&nbsp;" . CleanUp($_SERVER["SERVER_ADDR"]) . "</strong></p>";
    echo "<p>Server Name:<br /><strong>&nbsp;" . CleanUp($_SERVER["SERVER_NAME"]) . "</strong></p>";
    echo "<p>Client IP Address:<br /><strong>&nbsp;" . CleanUp($_SERVER["REMOTE_ADDR"]) . "</strong></p>";
    echo "<p>Script Name:<br /><strong>&nbsp;" . CleanUp($_SERVER["SCRIPT_NAME"]) . "</strong></p>";
    echo "<p>Query String:<br /><strong>&nbsp;" . CleanUp($_SERVER["QUERY_STRING"]) . "</strong></p>";
    echo "<p>PHP Version:<br /><strong>&nbsp;" . phpversion() . "</strong></p>";
    echo "<p>Server Software:<br /><strong>&nbsp;" . CleanUp($_SERVER["SERVER_SOFTWARE"]) . "</strong></p>";
    if ($techmessage != NULL) {
        echo "<p>{$techmessage}</p>";
    }
}
echo "</div>";
echo "</div>";
echo $alertscript;
// Finish with the standard footer
FooterBar();
echo "</body>";
echo "</html>";
?>


<?php

// Begin to clean up the $_POST submissions
$message_id = CleanNumber($_POST[message_id]);
$message_from_id = CleanNumber($_POST[message_from_id]);
$message_from_name = CleanUpNames($_POST[message_from_name]);
$message_from_company = CleanUpNames($_POST[message_from_company]);
$message_from_number = CleanUp($_POST[message_from_number]);
$message_for_user = CleanNumber($_POST[message_for_user]);
$message_text = CleanUp($_POST[message_text]);
$message_viewed = CleanNumber($_POST[message_viewed]);
$message_date = time();
$message_project = CleanNumber($_POST[message_project]);
$message_taken = CleanNumber($_POST[message_taken]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($_POST[message_from_id] == "" and $_POST[message_from_name] == "") {
    $alertmessage = "You have not entered the name of the caller.";
    $page_redirect = "phonemessage_edit";
} elseif ($_POST[message_text] == "") {
    $alertmessage = "The message was left empty.";
    $page_redirect = "timesheet_expense_edit";
} else {
    // Construct the MySQL instruction to add these entries to the database
    if ($message_id > 0) {
        $sql_edit = "UPDATE intranet_phonemessage SET\n\t\tmessage_from_id = '{$message_from_id}',\n\t\tmessage_from_name = '{$message_from_name}',\n\t\tmessage_from_company = '{$message_from_company}',\n\t\tmessage_from_number = '{$message_from_number}',\n\t\tmessage_for_user = '******',\n\t\tmessage_text = '{$message_text}',\n\t\tmessage_viewed = '{$message_viewed}',\n\t\tmessage_date = '{$message_date}',\n\t\tmessage_project = '{$message_project}',\n\t\tmessage_taken = '{$message_taken}'\n\t\tWHERE message_id = '{$message_id}'\n\t\tLIMIT 1";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Telephone message updated successfully.";
        $techmessage = $sql_edit;
    } else {
        $sql_add = "INSERT INTO intranet_phonemessage (\n\t\tmessage_id,\n\t\tmessage_from_id,\n\t\tmessage_from_name,\n\t\tmessage_from_company,\n\t\tmessage_from_number,\n\t\tmessage_for_user,\n\t\tmessage_text,\n\t\tmessage_viewed,\n\t\tmessage_date,\n\t\tmessage_project,\n\t\tmessage_taken\n\t\t) values (\n\t\t'NULL',\n\t\t'{$message_from_id}',\n\t\t'{$message_from_name}',\n\t\t'{$message_from_company}',\n\t\t'{$message_from_number}',\n\t\t'{$message_for_user}',\n\t\t'{$message_text}',\n\t\t'{$message_viewed}',\n\t\t'{$message_date}',\n\t\t'{$message_project}',\n\t\t'{$message_taken}'\n\t\t)";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
    $contact_prefix = $_POST[contact_prefix];
    $contact_namefirst = CleanUpNames($_POST[contact_namefirst]);
    $contact_namesecond = CleanUpNames($_POST[contact_namesecond]);
    $contact_title = $_POST[contact_title];
    $contact_company = CleanUpNames($_POST[contact_company]);
    $contact_telephone = CleanUpPhone($_POST[contact_telephone]);
    $contact_telephone_home = CleanUpPhone($_POST[contact_telephone_home]);
    $contact_fax = CleanUpPhone($_POST[contact_fax]);
    $contact_mobile = CleanUpPhone($_POST[contact_mobile]);
    $contact_email = CleanUpEmail($_POST[contact_email]);
    $contact_sector = $_POST[contact_sector];
    $contact_reference = CleanUp($_POST[contact_reference]);
    $contact_department = CleanUp($_POST[contact_department]);
    $contact_added = time();
    $contact_relation = $_POST[contact_relation];
    $contact_discipline = $_POST[contact_discipline];
    $contact_include = $_POST[contact_include];
    $contact_address = CleanUpAddress($_POST[contact_address]);
    $contact_city = CleanUp($_POST[contact_city]);
    $contact_county = CleanUp($_POST[contact_county]);
    $contact_postcode = CleanUpPostcode($_POST[contact_postcode]);
    $contact_country = $_POST[contact_country];
    $contact_added_by = $_COOKIE[user];
    // Construct the MySQL instruction to add these entries to the database
    $sql_add = "INSERT INTO contacts_contactlist (\ncontact_id,\ncontact_prefix,\ncontact_namefirst,\ncontact_namesecond,\ncontact_title,\ncontact_company,\ncontact_telephone,\ncontact_telephone_home,\ncontact_fax,\ncontact_mobile,\ncontact_email,\ncontact_sector,\ncontact_reference,\ncontact_department,\ncontact_added,\ncontact_relation,\ncontact_discipline,\ncontact_include,\ncontact_address,\ncontact_city,\ncontact_county,\ncontact_postcode,\ncontact_country,\ncontact_added_by\n) values (\n'NULL',\n'{$contact_prefix}',\n'{$contact_namefirst}',\n'{$contact_namesecond}',\n'{$contact_title}',\n'{$contact_company}',\n'{$contact_telephone}',\n'{$contact_telephone_home}',\n'{$contact_fax}',\n'{$contact_mobile}',\n'{$contact_email}',\n'{$contact_sector}',\n'{$contact_reference}',\n'{$contact_department}',\n'{$contact_added}',\n'{$contact_relation}',\n'{$contact_discipline}',\n'{$contact_include}',\n'{$contact_address}',\n'{$contact_city}',\n'{$contact_county}',\n'{$contact_postcode}',\n'{$contact_country}',\n'{$contact_added_by}'\n)";
    $result = mysql_query($sql_add, $conn) or die(mysql_error());
    $contact_id = mysql_insert_id();
    $actionmessage = "The entry for contact <b>{$contact_namefirst} {$contact_namesecond}</b> was added successfully.";
    $techmessage = $sql_add;
    // $company_id = mysql_affected_rows($result);
}
    // echo "<p class=\"menu_bar\">Menu goes here</p>";
    echo "<input type=\"hidden\" name=\"ts_fee_id\" value=\"{$ts_fee_id}\" />";
} else {
    $ts_fee_stage = CleanNumber($_POST[ts_fee_stage]);
    $ts_fee_text = CleanUp($_POST[ts_fee_text]);
    $ts_fee_value = CleanUp($_POST[ts_fee_value]);
    if ($_POST[ts_fee_project]) {
        $ts_fee_project = CleanUp($_POST[ts_fee_project]);
    } elseif ($_GET[proj_id]) {
        $ts_fee_project = CleanUp($_GET[proj_id]);
    }
    $ts_fee_percentage = CleanNumber($_POST[ts_fee_percentage]);
    $ts_fee_prospect = CleanNumber($_POST[ts_fee_prospect]);
    $ts_fee_target = CleanNumber($_POST[ts_fee_target]);
    $ts_fee_comment = CleanUp($_POST[ts_fee_comment]);
    $ts_fee_commence = CleanUp($_POST[ts_fee_commence]);
    if ($_GET[proj_id] != NULL) {
        $proj_id_page = $_GET[proj_id];
    }
    echo "<h1>Add Fee Stage</h1>";
}
echo "<form action=\"index2.php?page=project_fees\" method=\"post\">";
// Begin the invoice entry system
$nowtime = time();
if ($ts_fee_time_begin_day > 0) {
    $nowtime_day = $ts_fee_time_begin_day;
    $thentime_day = $ts_fee_time_end_day;
} else {
    $nowtime_day = date("d", $nowtime);
    $thentime_day = date("d", $nowtime);
}
require 'fpdf/fpdi.php';
$pdf = new fpdi();
$pagecount = $pdf->setSourceFile("pdf/template.pdf");
$tplidx = $pdf->ImportPage(1);
$pdf->addPage();
$pdf->useTemplate($tplidx, 0, 0, 210, 297);
$format_font = "century";
$format_font_2 = "Century.php";
$pdf->AddFont($format_font, '', $format_font_2);
$format_bg_r = "220";
$format_bg_g = "220";
$format_bg_b = "220";
$format_ln_r = "220";
$format_ln_g = "220";
$format_ln_b = "220";
$blog_id = CleanUp($_GET[blog_id]);
// Begin creating the page
//Page Title
$sql_project = "SELECT * FROM intranet_projects_blog, intranet_user_details, intranet_projects WHERE blog_id = {$blog_id} AND blog_proj = proj_id AND blog_user = user_id LIMIT 1";
$result_project = mysql_query($sql_project, $conn) or die(mysql_error());
$array_project = mysql_fetch_array($result_project);
$proj_num = $array_project['proj_num'];
$proj_name = $array_project['proj_name'];
$blog_title = $array_project['blog_title'];
$blog_date = $array_project['blog_date'];
$blog_type = $array_project['blog_type'];
$blog_text = strip_tags(nl2br(RemoveShit($array_project['blog_text'])));
$blog_text = str_replace("&nbsp;", " ", $blog_text);
$user_name_first = $array_project['user_name_first'];
$user_name_second = $array_project['user_name_second'];
$blog_text = str_replace("\n", "\n\n", $blog_text);
            $row_text = $row_text . "<br />cost_remaining_all = {$cost_remaining_all}";
            $row_text = $row_text . "<br />ts_fee_value = {$ts_fee_value}";
            $row_text = $row_text . "<br />user_percent = {$user_percent}";
            $row_text = $row_text . "<br />user_cost = {$user_cost}";
            $row_text = $row_text . "<br />hours_remaining_user = {$hours_remaining_user}";
            $row_text = $row_text . "<br />proj_id = {$proj_id}";
            $row_text = $row_text . "<br />ts_fee_id = {$ts_fee_id}";
            $row_text = $row_text . "<br />ts_hours_total = {$ts_hours_total}";
        }
    }
    return array($row_text, $row_color);
}
if ($_GET[listorder] != NULL) {
    $listorder = $_GET[listorder];
}
$active = CleanUp($_GET[active]);
if ($active == "0") {
    $project_active = " AND proj_active = 0";
} elseif ($active == "all") {
    unset($project_active);
} else {
    $project_active = " AND proj_active = 1 ";
}
// Create an array which shows the recent projects worked on by the user
$timesheet_period = 16;
// weeks
$timesheet_period = $timesheet_period * 604800;
$timesheet_period = time() - $timesheet_period;
$sql_timesheet_projects = "SELECT ts_project FROM intranet_timesheet WHERE ts_user = {$_COOKIE['user']} AND ts_datestamp > {$timesheet_period} GROUP BY ts_project";
$result_timesheet_projects = mysql_query($sql_timesheet_projects, $conn) or die(mysql_error());
$array_projects_recent = array();
<?php

// Get the list of projects from the database
$search = CleanUp($_GET[tender_keyword]);
$sql = "SELECT * FROM intranet_tender_answers, intranet_tender WHERE tender_id = answer_tender_id AND answer_question LIKE '%{$search}%' ORDER BY tender_date DESC, answer_ref";
$result = mysql_query($sql, $conn) or die(mysql_error());
$counter = 0;
while ($array = mysql_fetch_array($result)) {
    $answer_id = $array['answer_id'];
    $answer_ref = $array['answer_ref'];
    $answer_question = $array['answer_question'];
    $answer_response = nl2br($array['answer_response']);
    $answer_words = $array['answer_words'];
    $answer_weighting = $array['answer_weighting'];
    $answer_rating = $array['answer_rating'];
    $tender_id = $array['tender_id'];
    $tender_name = $array['tender_name'];
    $tender_date = $array['tender_date'];
    $tender_type = $array['tender_type'];
    if ($tender_date > time() and $_GET[edit_question] != $answer_id) {
        $answer_ref = $answer_ref . "&nbsp;<a href=\"index2.php?page=tender_view&amp;tender_id={$tender_id}&amp;edit_question={$answer_id}#{$answer_id}\"><img src=\"images/button_edit.png\" alt=\"Edit\" /></a>";
    }
    if ($counter == 0) {
        echo "<h1>Searching: <i>{$search}</i></h1>";
        print "<table summary=\"Lists of questions and responses\">";
        if ($_GET[question] == "add") {
            EditForm('', '', '', '', '', $tender_id);
            echo "</th></tr>";
        }
    }
    if ($answer_response == NULL) {
<?php

// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($_POST[company_name] == "") {
    $alertmessage = "The company name was left empty.";
    $page = "company_edit";
    $action = "add";
} else {
    // This determines the page to show once the form submission has been successful
    $page = "company_view";
    // Begin to clean up the $_POST submissions
    $company_id = $_POST[company_id];
    $company_name = CleanUpNames($_POST[company_name]);
    $company_phone = CleanUpPhone($_POST[company_phone]);
    $company_fax = CleanUpPhone($_POST[company_fax]);
    $company_address = CleanUpAddress($_POST[company_address]);
    $company_city = CleanUp($_POST[company_city]);
    $company_county = CleanUp($_POST[company_county]);
    $company_postcode = CleanUpPostcode($_POST[company_postcode]);
    $company_country = $_POST[company_country];
    $company_web = str_replace("http://", "", $_POST[company_web]);
    $company_notes = $_POST[company_notes];
    // Construct the MySQL instruction to add these entries to the database
    $sql_add = "UPDATE contacts_companylist SET\ncompany_name = '{$company_name}',\ncompany_phone = '{$company_phone}',\ncompany_fax = '{$company_fax}',\ncompany_address = '{$company_address}',\ncompany_city = '{$company_city}',\ncompany_county = '{$company_county}',\ncompany_postcode = '{$company_postcode}',\ncompany_country = '{$company_country}',\ncompany_web = '{$company_web}',\ncompany_notes = '{$company_notes}'\nWHERE company_id = '{$company_id}' LIMIT 1\n";
    $result = mysql_query($sql_add, $conn) or die(mysql_error());
    $actionmessage = "The entry for company <b>{$company_name}</b> was updated successfully.";
    $techmessage = $sql_add;
    $company_id = mysql_affected_rows($result);
}
         $tasklist_percentage_graph = "tasklist_percent_050.gif";
     } elseif ($tasklist_percentage == 60) {
         $tasklist_percentage_graph = "tasklist_percent_060.gif";
     } elseif ($tasklist_percentage == 70) {
         $tasklist_percentage_graph = "tasklist_percent_070.gif";
     } elseif ($tasklist_percentage == 80) {
         $tasklist_percentage_graph = "tasklist_percent_080.gif";
     } elseif ($tasklist_percentage == 90) {
         $tasklist_percentage_graph = "tasklist_percent_090.gif";
     } elseif ($tasklist_percentage == 100) {
         $tasklist_percentage_graph = "tasklist_percent_100.gif";
     }
     // echo the bar chart and make it clickable if it belongs to the current user
     if ($user_id == $_COOKIE[user]) {
         if ($_GET[subcat] != NULL) {
             $task_subcat = CleanUp($_GET[subcat]);
         } else {
             $task_subcat = "user";
         }
         echo "\n\t\t\t\t\t\t\t<img src=\"images/{$tasklist_percentage_graph}\" width=\"225\" height=\"17\" border=\"0\" alt=\"\" usemap=\"#task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<map name=\"task_{$tasklist_id}\">\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"201,1,219,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=100&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"181,1,199,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=90&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"161,1,179,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=80&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"141,1,159,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=70&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"121,1,139,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=60&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"101,1,119,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=50&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"81,1,99,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=40&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"61,1,79,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=30&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"41,1,59,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=20&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"21,1,39,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=10&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"1,1,19,9\" href=\"index2.php?page=tasklist_view&amp;action=tasklist_change_percent&amp;tasklist_id={$tasklist_id}&amp;tasklist_percent=0&amp;subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t</map>\n\t\t\t\t\t\t\t";
     } else {
         echo "<br />\n\t\t\t\t\t\t\t<img src=\"images/{$tasklist_percentage_graph}\" width=\"225\" height=\"17\" border=\"0\" alt=\"\" />";
     }
     echo "</td></tr>";
     if ($proj_id != $proj_id_repeat) {
         $counter = 1;
         unset($proj_id_repeat);
     } else {
         $counter++;
     }
 }
<?php

// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($_POST[tasklist_notes] == "") {
    $alertmessage = "The task description was left empty.";
    $status = "tasklist_edit";
    $action = "add";
} else {
    // Begin to clean up the $_POST submissions
    $tasklist_project = $_POST[tasklist_project];
    $tasklist_status = $_POST[tasklist_status];
    $tasklist_fee = $_POST[tasklist_fee];
    $tasklist_notes = CleanUp($_POST[tasklist_notes]);
    $tasklist_comment = CleanUp($_POST[tasklist_comment]);
    $tasklist_updated = time();
    $tasklist_added = time();
    $tasklist_completed = "";
    $tasklist_person = $_POST[tasklist_person];
    $tasklist_due = $_POST[tasklist_due];
    $tasklist_percentage = $_POST[tasklist_percentage];
    if ($_POST[tasklist_id] != NULL) {
        $sql_edit = "UPDATE intranet_tasklist SET\n\t\ttasklist_project = '{$tasklist_project}',\n\t\ttasklist_contact = '{$tasklist_contact}',\n\t\ttasklist_fee = '{$tasklist_fee}',\n\t\ttasklist_notes = '{$tasklist_notes}',\n\t\ttasklist_updated = '{$tasklist_updated}',\n\t\ttasklist_person = '{$tasklist_person}',\n\t\ttasklist_comment = '{$tasklist_comment}',\n\t\ttasklist_percentage = '{$tasklist_percentage}',\n\t\ttasklist_due = '{$tasklist_due}'\n\t\tWHERE tasklist_id = '{$_POST['tasklist_id']}' LIMIT 1\n\t\t";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Task updated successfully.";
        $techmessage = $sql_edit;
    } else {
        // Construct the MySQL instruction to add these entries to the database
        $sql_add = "INSERT INTO intranet_tasklist (\n\t\ttasklist_id,\n\t\ttasklist_project,\n\t\ttasklist_contact,\n\t\ttasklist_fee,\n\t\ttasklist_notes,\n\t\ttasklist_updated,\n\t\ttasklist_added,\n\t\ttasklist_completed,\n\t\ttasklist_person,\n\t\ttasklist_due,\n\t\ttasklist_comment,\n\t\ttasklist_percentage\n\t\t) values (\n\t\t'NULL',\n\t\t'{$tasklist_project}',\n\t\t'{$tasklist_contact}',\n\t\t'{$tasklist_fee}',\n\t\t'{$tasklist_notes}',\n\t\t'',\n\t\t'{$tasklist_added}',\n\t\t'{$tasklist_completed}',\n\t\t'{$tasklist_person}',\n\t\t'{$tasklist_due}',\n\t\t'{$tasklist_comment}',\n\t\t'{$tasklist_percentage}'\n\t\t)";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
        $actionmessage = "Task added successfully.";
        $techmessage = $sql_add;
    $alertmessage = "You have entered an invalid number of hours. Please review your submission and try again.";
    $timesheet_add_date = CleanUp($_POST[timesheet_add_date]);
    $ts_entry = $timesheet_add_date;
    $timesheet_add_hours = (double) $_POST[timesheet_add_hours];
    $ts_hours = $timesheet_add_hours;
    $timesheet_add_desc = CleanUp($_POST[timesheet_add_desc]);
    $ts_desc = $timesheet_add_desc;
    $timesheet_add_project = CleanUp($_POST[ts_project]);
    $ts_project = $timesheet_add_project;
} else {
    $nowtime = time();
    // Process the incoming data
    $timesheet_add_project = CleanUp($_POST[ts_project]);
    $timesheet_add_hours = (double) $_POST[timesheet_add_hours];
    $timesheet_add_desc = CleanUp($_POST[timesheet_add_desc]);
    $timesheet_add_date = CleanUp($_POST[timesheet_add_date]);
    $timesheet_add_day = date("j", $timesheet_add_date);
    $timesheet_add_month = date("n", $timesheet_add_date);
    $timesheet_add_year = date("Y", $timesheet_add_date);
    // Establish the current overhead rate for the form submission
    $sql1 = "SELECT * FROM intranet_timesheet_overhead order by overhead_date DESC LIMIT 1";
    $result1 = mysql_query($sql1, $conn) or die(mysql_error());
    $array1 = mysql_fetch_array($result1);
    $overhead_rate_latest = $array1['overhead_rate'];
    // Establish the current hourly rate for the form submission
    $sql2 = "SELECT user_user_rate FROM intranet_user_details WHERE user_id = '{$viewuser}' LIMIT 1";
    $result2 = mysql_query($sql2, $conn) or die(mysql_error());
    $array2 = mysql_fetch_array($result2);
    $rate_value_user = $array2['user_user_rate'];
    // Calculate the total hourly rate
    $rate_value = $rate_value_user;
Beispiel #15
0
    DUS is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with DUS.  If not, see <http://www.gnu.org/licenses/>.
*/
//    DUS is Dynamic UUID System for Prims
//    W. Hager founder and project leader
include "dus-lib.php";
if (file_exists($DbName)) {
    $DusArr = load_array_dump($DbName);
} else {
    $DusArr = array();
}
if ($Methode == "UPD") {
    CleanUp();
    // remove old records TTL time out
    if (array_key_exists($objectkey, $DusArr)) {
        write_log("dus.log", "{$objectkey} Update");
    } else {
        write_log("dus.log", "{$objectkey} Create");
    }
    UpdateRecord($objectkey, $PrimUrl, $PrimTtl);
    save_array_dump($DbName, $DusArr);
}
if ($UUID != "") {
    write_log("dus.log", "{$UUID} Get url");
    echo GetUrl($UUID);
}
function ProcessFile($file, $region)
{
    global $db;
    $sql_find = <<<SQL
\t\t\tSELECT
\t\t\t\tid,
\t\t\t\tname
\t\t\tFROM
\t\t\t\tplaces
\t\t\tWHERE
\t\t\t\tABS(latitude - ?) < 0.00001
\t\t\t\tAND ABS(longitude - ?) < 0.00001
SQL;
    if ($stmt_search = $db->prepare($sql_find)) {
        /* bind parameters for markers */
        $stmt_search->bind_param("dd", $latitude_search, $longitude_search);
        $stmt_search->bind_result($search_id, $search_name);
    } else {
        echo htmlspecialchars($db->error);
    }
    $sql_insert = <<<SQL
\t\t\tINSERT INTO
\t\t\t\tplaces
\t\t\t\t(
\t\t\t\t\tname,
\t\t\t\t\tlatitude,
\t\t\t\t\tlongitude,
\t\t\t\t\tregion,
\t\t\t\t\tcategory,
\t\t\t\t\temail,
\t\t\t\t\ttelephone,
\t\t\t\t\taddress,
\t\t\t\t\tpostcode,
\t\t\t\t\twebsite,
\t\t\t\t\tentry_rates,
\t\t\t\t\topening_times,
\t\t\t\t\trating,
\t\t\t\t\tmore_info,
\t\t\t\t\tfacilities,
\t\t\t\t\tdisabled_facilities,
\t\t\t\t\tgood_stuff,
\t\t\t\t\tbad_stuff)
\t\t\tVALUES
\t\t\t\t(
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?,
\t\t\t\t\t?
\t\t\t\t)
SQL;
    if ($stmt_insert = $db->prepare($sql_insert)) {
        /* bind parameters for markers */
        $stmt_insert->bind_param("sddsssssssssdsssss", $name, $latitude, $longitude, $region, $category, $email, $telephone, $address, $postcode, $website, $entry_rates, $opening_times, $rating, $more_info, $facilities, $disabled_facilities, $good_stuff, $bad_stuff);
        // echo 'New record inserted<br><br>';
    } else {
        echo htmlspecialchars($db->error);
    }
    $sql_update = <<<SQL
\t\t\tUPDATE
\t\t\t\tplaces
\t\t\tSET
\t\t\t\tname = ?,
\t\t\t\tlatitude = ?,
\t\t\t\tlongitude = ?,
\t\t\t\tregion = ?,
\t\t\t\tcategory = ?,
\t\t\t\temail = ?,
\t\t\t\ttelephone = ?,
\t\t\t\taddress = ?,
\t\t\t\tpostcode = ?,
\t\t\t\twebsite = ?,
\t\t\t\tentry_rates = ?,
\t\t\t\topening_times = ?,
\t\t\t\trating = ?,
\t\t\t\tmore_info = ?,
\t\t\t\tfacilities = ?,
\t\t\t\tdisabled_facilities = ?,
\t\t\t\tgood_stuff = ?,
\t\t\t\tbad_stuff = ?
\t\t\tWHERE
\t\t\t\tid = ?
SQL;
    if ($stmt_update = $db->prepare($sql_update)) {
        $stmt_update->bind_param("sddsssssssssdsssssi", $name, $latitude, $longitude, $region, $category, $email, $telephone, $address, $postcode, $website, $entry_rates, $opening_times, $rating, $more_info, $facilities, $disabled_facilities, $good_stuff, $bad_stuff, $update_id);
        // echo 'New record inserted<br><br>';
    } else {
        echo htmlspecialchars($db->error);
    }
    $handle = fopen($file, 'r');
    $count = 0;
    $inserted = 0;
    $updated = 0;
    $skipped = 0;
    $header = fgetcsv($handle);
    foreach ($header as $index => $field_name) {
        $slug = str_replace('.', '', str_replace(' ', '_', strtolower($field_name)));
        $var_name = "csv_{$slug}";
        ${$var_name} = $index;
    }
    // print_r(get_defined_vars());
    // exit;
    while ($record = fgetcsv($handle)) {
        if ($count == 0) {
            $count++;
            continue;
        }
        $name = StripSpace($record[$csv_name]);
        $latitude = StripSpace($record[$csv_latitude]);
        $longitude = StripSpace($record[$csv_longitude]);
        if ($name == '' || $latitude == '' || $longitude == '') {
            if ($name != '') {
                echo "skipped: {$name},{$latitude},{$longitude}<br>";
                $skipped++;
            }
            continue;
        }
        $email = Nullable(StripSpace($record[$csv_email]), true);
        $telephone = CleanUp($record[$csv_telephone]);
        $address = CleanUp($record[$csv_address]);
        $postcode = StripSpace($record[$csv_postcode]);
        $website = StripSpace($record[$csv_website]);
        $entry_rates = CleanUp($record[$csv_entry_rates]);
        $opening_times = Nullable(CleanUp($record[$csv_opening_times]), true);
        $rating = Nullable(StripSpace($record[$csv_rating]));
        $more_info = StripSpace($record[$csv_more_info]);
        $facilities = StripSpace($record[$csv_facilities]);
        $disabled_facilities = StripSpace($record[$csv_disabled_facilities]);
        $good_stuff = StripSpace($record[$csv_good_stuff]);
        $bad_stuff = StripSpace($record[$csv_bad_stuff]);
        $categories = array();
        for ($index = $csv_indoor; $index <= $csv_free + 30; $index++) {
            if (isset($record[$index]) && $record[$index] != '') {
                $categories[] = $record[$index];
            }
        }
        $category = CleanUp(implode(',', $categories));
        // echo "latlong:$latitude $longitude<br><br>";
        $latitude_search = (double) $latitude;
        $longitude_search = (double) $longitude;
        $stmt_search->execute();
        $match_id = 0;
        $found_count = 0;
        while ($stmt_search->fetch()) {
            if ($search_name == $name) {
                if ($match_id == 0) {
                    $match_id = $search_id;
                }
            }
            $found_count++;
        }
        if ($found_count == 0) {
            $inserted++;
            $stmt_insert->execute();
            echo "inserted: {$name},{$latitude},{$longitude}<br>";
            echo $stmt_insert->error;
        } elseif ($found_count == 1) {
            $updated++;
            if ($match_id != 0) {
                $update_id = $match_id;
                $stmt_update->execute();
            }
            echo "updated (location match): {$update_id}, {$name}, {$latitude}, {$longitude}<br>";
        } else {
            if ($match_id != 0) {
                $updated++;
                $update_id = $match_id;
                $stmt_update->execute();
                echo "updated (name match): {$update_id}, {$name}, {$latitude}, {$longitude}<br>";
            } else {
                echo "skipped: {$name},{$latitude},{$longitude}<br>";
                $skipped++;
            }
        }
        $count++;
    }
    echo '<br><br>';
    echo $inserted . ' records were inserted<br>';
    echo $updated . ' records were updated<br>';
    echo $skipped . ' records were skipped<br>';
}
<?php

$ts_expense_verified = CleanUp($_GET[time]);
if ($user_usertype_current <= 3) {
    print "<h1 class=\"heading_alert\">Permission Denied</h1><p>You do not have permission to view this page.</p>";
} else {
    print "<h1>View Verified Expenses</h1>";
    // Determine the date a week ago
    $sql = "SELECT * FROM intranet_timesheet_expense, intranet_projects WHERE ts_expense_project = proj_id AND ts_expense_verified = '{$ts_expense_verified}' order by proj_num, ts_expense_date";
    $result = mysql_query($sql, $conn) or die(mysql_error());
    if (mysql_num_rows($result) > 0) {
        $counter = 1;
        $proj_id_current == NULL;
        $expense_total = 0;
        $p11d_total = 0;
        print "<table summary=\"List of expenses verified\">";
        print "<tr><td colspan=\"2\"><strong>Project</strong></td><td><strong>Date</strong></td><td><strong>Description</strong></td><td><strong>User</strong></td><td><strong>Value</strong></td><td><strong>Verified</strong></td><td><strong>Invoiced</strong></td></tr>";
        while ($array = mysql_fetch_array($result)) {
            $ts_expense_project = $array['ts_expense_project'];
            $ts_expense_value = $array['ts_expense_value'];
            $ts_expense_date = $array['ts_expense_date'];
            $ts_expense_desc = htmlspecialchars($array['ts_expense_desc']);
            $ts_expense_user = UserDetails($array['ts_expense_user']);
            $ts_expense_verified = $array['ts_expense_verified'];
            $ts_expense_vat = $array['ts_expense_vat'];
            $ts_expense_id = $array['ts_expense_id'];
            $ts_expense_invoiced = $array['ts_expense_invoiced'];
            $ts_expense_reimburse = $array['ts_expense_reimburse'];
            $ts_expense_p11d = $array['ts_expense_p11d'];
            $proj_id = $array['proj_id'];
            $proj_num = $array['proj_num'];
Beispiel #18
0
    $category_js = '';
} elseif (isset($_POST['entry']) && $_POST['id'] != '0') {
    //echo '<pre>';print_r($_POST);echo '</pre>';exit;
    $id = $_POST['id'];
    $name = StripSpace($_POST['name']);
    $latitude = StripSpace($_POST['latitude']);
    $longitude = StripSpace($_POST['longitude']);
    $region = Nullable(StripSpace($_POST['region']), true);
    $category = $_POST['category_list'];
    $email = Nullable(StripSpace($_POST['email']), true);
    $telephone = CleanUp($_POST['telephone']);
    $address = CleanUp($_POST['address']);
    $postcode = StripSpace($_POST['postcode']);
    $website = StripSpace($_POST['website']);
    $entry_rates = CleanUp($_POST['entry_rates']);
    $opening_times = Nullable(CleanUp($_POST['opening_times']), true);
    $rating = Nullable(StripSpace($_POST['rating']));
    $more_info = StripSpace($_POST['more_info']);
    $facilities = StripSpace($_POST['facilities']);
    $disabled_facilities = StripSpace($_POST['disabled_facilities']);
    $good_stuff = StripSpace($_POST['good_stuff']);
    $bad_stuff = StripSpace($_POST['bad_stuff']);
    $sql = <<<SQL
\t\t\tUPDATE
\t\t\t\tplaces
\t\t\tSET
\t\t\t\t`name` = ?,
\t\t\t\t`latitude` = ?,
\t\t\t\t`longitude` = ?,
\t\t\t\t`region` = ?,
\t\t\t\t`category` = ?,
    $alertmessage = "The title was left empty.";
    $page = "blog_edit";
    $action = "add";
    $proj_id = $_POST[blog_proj];
} else {
    // This determines the page to show once the form submission has been successful
    $page = "blog_view";
    // Begin to clean up the $_POST submissions
    $blog_id = CleanUp($_POST[blog_id]);
    $blog_user = CleanUp($_POST[blog_user]);
    $blog_date = CleanUp($_POST[blog_date]);
    $blog_proj = CleanUp($_POST[blog_proj]);
    $blog_text = addslashes($_POST[blog_text]);
    $blog_view = CleanUp($_POST[blog_view]);
    $blog_title = CleanUp($_POST[blog_title]);
    $blog_type = CleanUp($_POST[blog_type]);
    $blog_contact = CleanNumber($_POST[blog_contact]);
    $blog_link = CleanUp($_POST[blog_link]);
    $blog_task = CleanUp($_POST[blog_task]);
    $blog_date_minute = CleanNumber($_POST[blog_date_minute]);
    $blog_date_hour = CleanNumber($_POST[blog_date_hour]);
    $blog_date_day = CleanNumber($_POST[blog_date_day]);
    $blog_date_month = CleanNumber($_POST[blog_date_month]);
    $blog_date_year = CleanNumber($_POST[blog_date_year]);
    $blog_date = mktime($blog_date_hour, $blog_date_minute, 0, $blog_date_month, $blog_date_day, $blog_date_year);
    // Construct the MySQL instruction to add these entries to the database
    $sql_add = "UPDATE intranet_projects_blog SET\nblog_user = '******',\nblog_date = '{$blog_date}',\nblog_proj = '{$blog_proj}',\nblog_text = '{$blog_text}',\nblog_view = '{$blog_view}',\nblog_title = '{$blog_title}',\nblog_type = '{$blog_type}',\nblog_contact = '{$blog_contact}',\nblog_link = '{$blog_link}',\nblog_task = '{$blog_task}'\nWHERE blog_id = '{$blog_id}' LIMIT 1\n";
    $result = mysql_query($sql_add, $conn) or die(mysql_error());
    $actionmessage = "The blog entry was edited successfully.";
    $techmessage = $sql_add;
}
<?php

// Begin to clean up the $_POST submissions
$revision_id = $_POST[revision_id];
$revision_letter = CleanUp($_POST[revision_letter]);
$revision_desc = CleanUp($_POST[revision_desc]);
$revision_date_value = $_POST[revision_date_value];
$revision_date_value = explode("-", $revision_date_value);
$revision_date_day = intval($revision_date_value[2]);
$revision_date_month = intval($revision_date_value[1]);
$revision_date_year = intval($revision_date_value[0]);
$revision_author = intval($_POST[revision_author]);
$revision_drawing = intval($_POST[revision_drawing]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($revision_desc == "") {
    $alertmessage = "The drawing number was left empty.";
    $page_redirect = "drawings_revision_edit";
} else {
    // Convert the date to a time
    $revision_date = mktime(12, 0, 0, $revision_date_month, $revision_date_day, $revision_date_year);
    // Construct the MySQL instruction to add these entries to the database
    if ($revision_id > 0) {
        $sql_edit = "UPDATE intranet_drawings_revision SET\n\t\trevision_letter = '{$revision_letter}',\n\t\trevision_desc = '{$revision_desc}',\n\t\trevision_date = '{$revision_date}',\n\t\trevision_author = '{$revision_author}',\n\t\trevision_drawing = '{$revision_drawing}'\n\t\tWHERE revision_id = {$revision_id} LIMIT 1";
        //echo "<p>" . $sql_edit . "</p>";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Revision updated successfully.";
        $techmessage = $sql_edit;
    } else {
        $sql_add = "INSERT INTO intranet_drawings_revision (\n\t\trevision_id,\n\t\trevision_letter,\n\t\trevision_desc,\n\t\trevision_date,\n\t\trevision_author,\n\t\trevision_drawing\n\t\t) values (\n\t\t'NULL',\n\t\t'{$revision_letter}',\n\t\t'{$revision_desc}',\n\t\t'{$revision_date}',\n\t\t'{$revision_author}',\n\t\t'{$revision_drawing}'\n\t\t)";
        //echo "<p>" . $sql_add . "</p>";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
<?php

print "<h1>Search</h1>";
// Construct search terms
if ($_GET[keywords] != NULL) {
    $keywords = $_GET[keywords];
} elseif ($_POST[keywords] != NULL) {
    $keywords = CleanUp($_POST[keywords]);
}
if (strlen($keywords) > 2) {
    $keywords_array = explode(" ", $keywords);
    function SearchTerms($search_text, $search_field)
    {
        $counter = 0;
        $max_count = count($search_text);
        while ($counter < $max_count) {
            if ($counter > 0) {
                $searching_blog = $searching_blog . " AND {$search_field} LIKE ";
            }
            $searching_blog = $searching_blog . "'%" . $search_text[$counter] . "%'";
            $counter++;
        }
        $searching_blog = "{$search_field} LIKE " . $searching_blog;
        return $searching_blog;
    }
    // Begin printing the results tables
    print "<h2>Searching: {$keywords}</h2>";
    print "<table summary=\"List of results for search terms chosen\">";
    $firstcol_width = " width=\"140\" ";
    // Journal Entries
    print "<tr><td colspan=\"2\"><strong>Journal Entries</strong></td></tr>";
        $current_vat = $vat_value_included / 100 + 1;
    } else {
        $current_vat = $settings_vat / 100 + 1;
    }
    $ts_expense_vat = $ts_expense_value;
    $ts_expense_value = 1 / $current_vat * $ts_expense_value;
} else {
    $ts_expense_vat = $ts_expense_value;
}
$ts_expense_vat = round($ts_expense_vat, 2);
$ts_expense_desc = CleanUp($_POST[ts_expense_desc]);
$ts_expense_verified = 0;
$ts_expense_invoiced = $_POST[ts_expense_invoiced];
$ts_expense_receipt = $_POST[ts_expense_receipt];
$ts_expense_reimburse = $_POST[ts_expense_reimburse];
$ts_expense_notes = CleanUp($_POST[ts_expense_notes]);
$ts_expense_category = CleanNumber($_POST[ts_expense_category]);
// Check the date input
if (checkdate($ts_expense_month, $ts_expense_day, $ts_expense_year) != TRUE) {
    $alertmessage = "The date entered is invalid.";
    $page_redirect = "timesheet_expense_edit";
} elseif ($_POST[ts_expense_desc] == "") {
    $alertmessage = "The description was left empty.";
    $page_redirect = "timesheet_expense_edit";
} elseif ($_POST[ts_expense_value] == "") {
    $alertmessage = "The expenses value was left empty.";
    $page_redirect = "timesheet_expense_edit";
} else {
    // Convert the date to a time
    $ts_expense_date = mktime(12, 0, 0, $ts_expense_month, $ts_expense_day, $ts_expense_year);
    // Construct the MySQL instruction to add these entries to the database
    $format_font = $settings_pdffont;
    $format_font_2 = $settings_pdffont . ".php";
} else {
    $format_font = "franklingothicbook";
    $format_font_2 = "franklingothicbook.php";
}
if ($_GET[invoice_id] != NULL) {
    $invoice_id = CleanNumber($_GET[invoice_id]);
    $viewall = "";
} elseif ($_POST[viewall] != NULL) {
    $viewall = "yes";
} else {
    header("Location: ../index2.php");
}
if ($_POST[order_by] != NULL) {
    $order_by = CleanUp($_POST[order_by]);
} else {
    $order_by = "invoice_id";
}
if ($_POST[account_id] != NULL) {
    $account_test = "AND invoice_account = " . CleanNumber($_POST[account_id]);
}
//  Use FDPI to get the template
define('FPDF_FONTPATH', 'fpdf/font/');
require 'fpdf/fpdi.php';
$pdf = new fpdi();
$pagecount = $pdf->setSourceFile("pdf/template.pdf");
$tplidx = $pdf->ImportPage(1);
$pdf->AddFont($format_font, '', $format_font_2);
$counter = 1;
if ($viewall == "yes") {
<?php

unset($alertmessage);
// Begin to clean up the $_POST submissions
$answer_id = CleanNumber($_POST[answer_id]);
$answer_words = CleanNumber($_POST[answer_words]);
$answer_question = addslashes($_POST[answer_question]);
$answer_ref = CleanUp($_POST[answer_ref]);
$answer_tender_id = CleanNumber($_POST[answer_tender_id]);
$answer_weighting = CleanUp($_POST[answer_weighting]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($answer_ref == NULL or $answer_question == NULL) {
    $alertmessage = "Empty fields are not allowed";
    $page_redirect = "index2.php?page=tender_view&amp;tender_id=2&amp;edit_question={$answer_id}";
}
if ($alertmessage == NULL) {
    // Construct the MySQL instruction to add these entries to the database
    if ($answer_id > 0) {
        $sql_edit = "UPDATE intranet_tender_answers SET\n\t\tanswer_ref = '{$answer_ref}',\n\t\tanswer_words = '{$answer_words}',\n\t\tanswer_question = '{$answer_question}',\n\t\tanswer_weighting = '{$answer_weighting}'\n\t\tWHERE answer_id = '{$answer_id}' LIMIT 1";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Response updated successfully.";
        $techmessage = $sql_edit;
    } else {
        $sql_add = "INSERT INTO intranet_tender_answers (\n\t\tanswer_id,\n\t\tanswer_ref,\n\t\tanswer_words,\n\t\tanswer_wordcount,\n\t\tanswer_question,\n\t\tanswer_weighting,\n\t\tanswer_complete,\n\t\tanswer_tender_id\n\t\t) values (\n\t\t'NULL',\n\t\t'{$answer_ref}',\n\t\t'{$answer_words}',\n\t\t'0',\n\t\t'{$answer_question}',\n\t\t'{$answer_weighting}',\n\t\t'',\n\t\t'{$answer_tender_id}'\n\t\t)";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
        $actionmessage = "Response added successfully.";
        $techmessage = $sql_add;
    }
}
$pdf = new fpdi();
$pagecount = $pdf->setSourceFile("pdf/template.pdf");
$tplidx = $pdf->ImportPage(1);
$pdf->addPage();
$pdf->useTemplate($tplidx, 0, 0, 210, 297);
$format_font = "century";
$format_font_2 = "Century.php";
$pdf->AddFont($format_font, '', $format_font_2);
$format_bg_r = "220";
$format_bg_g = "220";
$format_bg_b = "220";
$format_ln_r = "220";
$format_ln_g = "220";
$format_ln_b = "220";
$current_date = TimeFormat(time());
$proj_id = CleanUp($_GET[proj_id]);
// Begin creating the page
//Page Title
$sql_proj = "SELECT * FROM intranet_projects WHERE proj_id = {$proj_id} LIMIT 1";
$result_proj = mysql_query($sql_proj, $conn) or die(mysql_error());
$array_proj = mysql_fetch_array($result_proj);
$proj_num = $array_proj['proj_num'];
$proj_name = $array_proj['proj_name'];
$sheet_title = "Project Checklist";
$pdf->SetXY(10, 45);
$pdf->SetFont($format_font, '', 24);
$pdf->SetTextColor(0, 0, 0);
$pdf->SetDrawColor(0, 0, 0);
$pdf->Cell(0, 10, $sheet_title);
$pdf->SetXY(10, 55);
$pdf->SetFont($format_font, '', 14);
<?php

if ($_POST[listmax] != "") {
    setcookie("listmax", CleanUp($_POST[listmax]));
    $listmax = CleanUp($_POST[listmax]);
} elseif ($_COOKIE[listmax] != "") {
    $listmax = $_COOKIE[listmax];
} else {
    $listmax = 5;
}
} else {
    // This determines the page to show once the form submission has been successful
    $status = "team_add";
    // Begin to clean up the $_POST submissions
    $user_password = md5(CleanUp($_POST[user_password_1]));
    $user_username = CleanUp($_POST[user_username]);
    $user_address_1 = CleanUpAddress($_POST[user_address_1]);
    $user_address_2 = CleanUpAddress($_POST[user_address_2]);
    $user_address_3 = CleanUpAddress($_POST[user_address_3]);
    $user_address_town = CleanUpAddress($_POST[user_address_town]);
    $user_address_postcode = CleanUpPostcode($_POST[user_address_postcode]);
    $user_address_county = CleanUpAddress($_POST[user_address_county]);
    $user_name_first = CleanUpNames($_POST[user_name_first]);
    $user_name_second = CleanUpNames($_POST[user_name_second]);
    $user_num_extension = CleanUp($_POST[user_num_extension]);
    $user_num_home = CleanUpPhone($_POST[user_num_home]);
    $user_num_mob = CleanUpPhone($_POST[user_num_mob]);
    $user_email = CleanUpEmail($_POST[user_email]);
    $user_user_rate = CleanUp($_POST[user_user_rate]);
    $user_user_added = time();
    $user_timesheet = CleanUp($_POST[user_timesheet]);
    $user_holidays = CleanUp($_POST[user_holidays]);
    $user_active = CleanUp($_POST[user_active]);
    $user_usertype = CleanUp($_POST[user_usertype]);
    // Construct the MySQL instruction to add these entries to the database
    $sql_add = "INSERT INTO intranet_user_details (\nuser_id,\nuser_password,\nuser_address_county,\nuser_address_postcode,\nuser_address_town,\nuser_address_3,\nuser_address_2,\nuser_address_1,\nuser_name_first,\nuser_name_second,\nuser_num_extension,\nuser_num_mob,\nuser_num_home,\nuser_email,\nuser_usertype,\nuser_active,\nuser_username,\nuser_user_rate,\nuser_user_added,\nuser_user_timesheet,\nuser_holidays\n) values (\n'NULL',\n'{$user_password}',\n'{$user_address_county}',\n'{$user_address_postcode}',\n'{$user_address_town}',\n'{$user_address_3}',\n'{$user_address_2}',\n'{$user_address_1}',\n'{$user_name_first}',\n'{$user_name_second}',\n'{$user_num_extension}',\n'{$user_num_mob}',\n'{$user_num_home}',\n'{$user_email}',\n'{$user_usertype}',\n'{$user_active}',\n'{$user_username}',\n'{$user_user_rate}',\n'{$user_user_added}',\n'{$user_user_timesheet}',\n'{$user_holidays}'\n)";
    print $sql_add;
    $result = mysql_query($sql_add, $conn) or die(mysql_error());
    $actionmessage = "User added successfully.";
    $techmessage = $sql_add;
}
<?php

// Begin to clean up the $_POST submissions
$invoice_item_value_novat = CleanNumber($_POST[invoice_value_novat]);
$invoice_item_invoice = CleanNumber($_POST[invoice_item_invoice]);
$invoice_item_vat = CleanNumber($_POST[invoice_item_vat]);
$invoice_item_novat = CleanUp($_POST[invoice_item_novat]);
$invoice_item_stage = CleanNumber($_POST[invoice_item_stage]);
$invoice_item_desc = CleanUp($_POST[invoice_item_desc]);
$current_vat = $settings_vat / 100 + 1;
if ($invoice_item_vat == 1) {
    $invoice_item_vat = $invoice_item_novat * $current_vat;
} else {
    $invoice_item_vat = $invoice_item_novat;
}
// Check the date input
if ($invoice_item_desc == NULL) {
    $alertmessage = "The description is empty.";
    $page = "timesheet_invoice_item_edit";
} else {
    // Convert the date to a time
    if ($_POST[invoice_item_id] != NULL) {
        $sql_edit = "UPDATE intranet_timesheet_invoice_item SET\n\t\t\t\t\t\tinvoice_item_invoice = '{$invoice_item_invoice}',\n\t\t\t\t\t\tinvoice_item_stage = '{$invoice_item_stage}',\n\t\t\t\t\t\tinvoice_item_desc = '{$invoice_item_desc}',\n\t\t\t\t\t\tinvoice_item_novat = '{$invoice_item_novat}',\n\t\t\t\t\t\tinvoice_item_vat = '{$invoice_item_vat}'\n\t\t\t\t\t\tWHERE invoice_item_id = '{$_POST['invoice_item_id']}' LIMIT 1";
        $result = mysql_query($sql_edit, $conn) or die(mysql_error());
        $actionmessage = "Invoice {$invoice_ref} updated successfully.";
        $techmessage = $sql_edit;
    } else {
        // Construct the MySQL instruction to add these entries to the database
        $sql_add = "INSERT INTO intranet_timesheet_invoice_item (\n\t\t\t\t\t\tinvoice_item_id,\n\t\t\t\t\t\tinvoice_item_invoice,\n\t\t\t\t\t\tinvoice_item_stage,\n\t\t\t\t\t\tinvoice_item_desc,\n\t\t\t\t\t\tinvoice_item_novat,\n\t\t\t\t\t\tinvoice_item_vat\n\t\t\t\t\t\t) values (\n\t\t\t\t\t\t'NULL',\n\t\t\t\t\t\t'{$invoice_item_invoice}',\n\t\t\t\t\t\t'{$invoice_item_stage}',\n\t\t\t\t\t\t'{$invoice_item_desc}',\n\t\t\t\t\t\t'{$invoice_item_novat}',\n\t\t\t\t\t\t'{$invoice_item_vat}'\n\t\t\t\t\t\t)";
        $result = mysql_query($sql_add, $conn) or die(mysql_error());
        $actionmessage = "Invoice {$invoice_ref} added successfully.";
<?php

$contact_proj_id = $_POST[contact_proj_id];
$contact_proj_role = CleanNumber($_POST[contacts_discipline]);
$contact_proj_contact = CleanNumber($_POST[contact_proj_contact]);
$contact_proj_note = CleanUp($_POST[contact_proj_note]);
$contact_proj_company = CleanNumber($_POST[contact_proj_company]);
if ($contact_proj_id > 0) {
    $sql_edit = "UPDATE intranet_contacts_project SET\n\t\tcontact_proj_role = '{$contact_proj_role}',\n\t\tcontact_proj_contact = '{$contact_proj_contact}',\n\t\tcontact_proj_note = '{$contact_proj_note}',\n\t\tcontact_proj_company = '{$contact_proj_company}'\n\t\tWHERE contact_proj_id = '{$contact_proj_id}' LIMIT 1";
    $result = mysql_query($sql_edit, $conn) or die(mysql_error());
    $actionmessage = "Project contact updated successfully.";
    $techmessage = $sql_edit;
}
$issue_set = time();
$total = 0;
// Establish the two arrays from the submission page
$array_contact_id = $_POST['contact_id'];
$array_company_id = $_POST['company_id'];
$array_issue_to = $_POST['issue_to'];
$array_drawing = $_POST['drawing_id'];
$array_revision = $_POST['revision_id'];
$array_issued = $_POST['drawing_issued'];
$issue_method = $_POST['issue_method'];
$issue_format = $_POST['issue_format'];
$issue_comment = $_POST['issue_comment'];
$issue_project = $_POST['issue_project'];
$issue_checked = $_POST['set_checked'];
if ($_POST[issue_reason] == NULL) {
    $issue_reason = CleanUp($_POST[issue_revision_other]);
} else {
    $issue_reason = $_POST[issue_reason];
}
$issue_timestamp = time();
// First add the actual drawing set to the database
$sql_set = "INSERT INTO intranet_drawings_issued_set (\n\t\t\t\t\tset_id,\n\t\t\t\t\tset_date,\n\t\t\t\t\tset_project,\n\t\t\t\t\tset_reason,\n\t\t\t\t\tset_user,\n\t\t\t\t\tset_comment,\n\t\t\t\t\tset_timestamp,\n\t\t\t\t\tset_method,\n\t\t\t\t\tset_format,\n\t\t\t\t\tset_checked\n\t\t\t\t\t) values (\n\t\t\t\t\t'NULL',\n\t\t\t\t\t'{$issue_date}',\n\t\t\t\t\t'{$issue_project}',\n\t\t\t\t\t'{$issue_reason}',\n\t\t\t\t\t'{$_COOKIE['user']}',\n\t\t\t\t\t'{$issue_comment}',\n\t\t\t\t\t'{$issue_timestamp}',\n\t\t\t\t\t'{$issue_method}',\n\t\t\t\t\t'{$issue_format}',\n\t\t\t\t\t'{$issue_checked}'\n\t\t\t\t\t)";
$result_set = mysql_query($sql_set, $conn) or die(mysql_error());
$issue_set = mysql_insert_id();
// Loop through each of the contacts selected
$count = 0;
while ($count < count($array_contact_id)) {
    $issue_contact = $array_contact_id[$count];
    $issue_company = $array_company_id[$count];
    $issue_to = $array_issue_to[$count];
    //echo "<p>Contact: $issue_contact, Company: $issue_company</p>";