<?php print "<p class=\"heading_side\">Settings</p>"; if ($_GET[listtype] == "list") { $showlist = "list"; } elseif ($_GET[listtype] == "address") { $showlist = "address"; } elseif ($_COOKIE[listtype] == "list") { $showlist = "list"; } elseif ($_COOKIE[listtype] == "address") { $showlist = "address"; } else { $showlist = "address"; } $currentpage = "http://" . $_SERVER[HTTP_HOST] . $_SERVER[REQUEST_URI]; $currentpage = CleanUp($currentpage); if ($showlist == "list") { print "<p>Contacts per page</p>"; print "<form action=\"{$currentpage}\" method=\"post\">"; print "<select class=\"inputbox\" name=\"listmax\">"; print "<option value=\"5\""; if ($listmax == 5) { print " selected"; } print ">5</option>"; print "<option value=\"10\""; if ($listmax == 10) { print " selected"; } print ">10</option>"; print "<option value=\"20\"";
$drawing_number_4 = CleanUp($_POST[drawing_number_4]); } $drawing_project = CleanUp($_POST[drawing_project]); $drawing_author = $_POST[drawing_author]; $drawing_scale = CleanNumber($_POST[drawing_scale]); $drawing_paper = $_POST[drawing_paper]; $drawing_orientation = CleanUp($_POST[drawing_orientation]); $drawing_title = CleanUp($_POST[drawing_title]); $drawing_date_day = CleanNumber($_POST[drawing_date_day]); $drawing_date_month = CleanNumber($_POST[drawing_date_month]); $drawing_date_year = CleanNumber($_POST[drawing_date_year]); $drawing_checked = CleanUp($_POST[drawing_checked]); $drawing_package_list = $_POST[drawing_package_list]; $drawing_total_packages = $_POST[drawing_total_packages]; $drawing_targetdate = $_POST[drawing_targetdate]; $drawing_comment = CleanUp($_POST[drawing_comment]); $counter = 0; while ($counter < $drawing_total_packages) { if ($drawing_package_list[$counter] != NULL) { $drawing_packages = $drawing_package_list[$counter] . "," . $drawing_packages; } $counter++; } if ($drawing_number == NULL) { $drawing_number = $drawing_number_1 . "-" . $drawing_number_2; if ($drawing_number_3 != NULL) { $drawing_number = $drawing_number . "-" . $drawing_number_3; } $drawing_number = $drawing_number . "-" . $drawing_number_4; } // Check the date input
<?php // Begin to clean up the $_POST submissions $ts_expense_id = $_POST[ts_expense_id]; $ts_expense_project = $_POST[ts_expense_project]; $ts_expense_desc = CleanUp($_POST[ts_expense_desc]); $ts_expense_date = $_POST[ts_expense_date]; $ts_expense_day = $_POST[ts_expense_day]; $ts_expense_month = $_POST[ts_expense_month]; $ts_expense_year = $_POST[ts_expense_year]; $ts_expense_vat = $ts_expense_value; $ts_expense_user = $_COOKIE[user]; $ts_expense_verified = 0; $ts_expense_invoiced = $_POST[ts_expense_invoiced]; $ts_expense_receipt = NULL; // Check the date input if (checkdate($ts_expense_month, $ts_expense_day, $ts_expense_year) != TRUE) { $alertmessage = "The date entered is invalid."; $page_redirect = "timesheet_expense_mileage_edit"; } elseif ($_POST[ts_expense_desc] == "") { $alertmessage = "The description was left empty."; $page_redirect = "timesheet_expense_edit"; } elseif ($_POST[ts_expense_value] == "") { $alertmessage = "The expenses value was left empty."; $page_redirect = "timesheet_expense_edit"; } else { // Convert the date to a time $ts_expense_date = mktime(12, 0, 0, $ts_expense_month, $ts_expense_day, $ts_expense_year); // Construct the MySQL instruction to add these entries to the database if ($ts_expense_id > 0) { $sql_edit = "UPDATE intranet_timesheet_expense SET\n\t\tts_expense_project = '{$ts_expense_project}',\n\t\tts_expense_value = '{$ts_expense_value}',\n\t\tts_expense_date = '{$ts_expense_date}',\n\t\tts_expense_desc = '{$ts_expense_desc}',\n\t\tts_expense_user = '******',\n\t\tts_expense_vat = '{$ts_expense_vat}',\n\t\tts_expense_receipt = '{$ts_expense_receipt}',\n\t\tts_expense_invoiced = '{$ts_expense_invoiced}'\n\t\tWHERE ts_expense_id = '{$ts_expense_id}' LIMIT 1";
} // And now echo some debugging information if the option is selected within the global options page if ($settings_showtech > 0 and $user_usertype_current > 3) { if ($sql_add != "") { echo "<p>Database entry:<br /><strong>{$sql_add}</strong></p>"; } echo "<h1>Technical Information</h1>"; echo "<p>Included file:<br /><strong> " . CleanUp($inc_file) . "</strong></p>"; echo "<p>Last Updated:<br /><strong> " . date("r", filectime($inc_file)) . "</strong></p>"; echo "<p>Server IP Address:<br /><strong> " . CleanUp($_SERVER["SERVER_ADDR"]) . "</strong></p>"; echo "<p>Server Name:<br /><strong> " . CleanUp($_SERVER["SERVER_NAME"]) . "</strong></p>"; echo "<p>Client IP Address:<br /><strong> " . CleanUp($_SERVER["REMOTE_ADDR"]) . "</strong></p>"; echo "<p>Script Name:<br /><strong> " . CleanUp($_SERVER["SCRIPT_NAME"]) . "</strong></p>"; echo "<p>Query String:<br /><strong> " . CleanUp($_SERVER["QUERY_STRING"]) . "</strong></p>"; echo "<p>PHP Version:<br /><strong> " . phpversion() . "</strong></p>"; echo "<p>Server Software:<br /><strong> " . CleanUp($_SERVER["SERVER_SOFTWARE"]) . "</strong></p>"; if ($techmessage != NULL) { echo "<p>{$techmessage}</p>"; } } echo "</div>"; echo "</div>"; echo $alertscript; // Finish with the standard footer FooterBar(); echo "</body>"; echo "</html>"; ?>
<?php // Begin to clean up the $_POST submissions $message_id = CleanNumber($_POST[message_id]); $message_from_id = CleanNumber($_POST[message_from_id]); $message_from_name = CleanUpNames($_POST[message_from_name]); $message_from_company = CleanUpNames($_POST[message_from_company]); $message_from_number = CleanUp($_POST[message_from_number]); $message_for_user = CleanNumber($_POST[message_for_user]); $message_text = CleanUp($_POST[message_text]); $message_viewed = CleanNumber($_POST[message_viewed]); $message_date = time(); $message_project = CleanNumber($_POST[message_project]); $message_taken = CleanNumber($_POST[message_taken]); // Check that the required values have been entered, and alter the page to show if these values are invalid if ($_POST[message_from_id] == "" and $_POST[message_from_name] == "") { $alertmessage = "You have not entered the name of the caller."; $page_redirect = "phonemessage_edit"; } elseif ($_POST[message_text] == "") { $alertmessage = "The message was left empty."; $page_redirect = "timesheet_expense_edit"; } else { // Construct the MySQL instruction to add these entries to the database if ($message_id > 0) { $sql_edit = "UPDATE intranet_phonemessage SET\n\t\tmessage_from_id = '{$message_from_id}',\n\t\tmessage_from_name = '{$message_from_name}',\n\t\tmessage_from_company = '{$message_from_company}',\n\t\tmessage_from_number = '{$message_from_number}',\n\t\tmessage_for_user = '******',\n\t\tmessage_text = '{$message_text}',\n\t\tmessage_viewed = '{$message_viewed}',\n\t\tmessage_date = '{$message_date}',\n\t\tmessage_project = '{$message_project}',\n\t\tmessage_taken = '{$message_taken}'\n\t\tWHERE message_id = '{$message_id}'\n\t\tLIMIT 1"; $result = mysql_query($sql_edit, $conn) or die(mysql_error()); $actionmessage = "Telephone message updated successfully."; $techmessage = $sql_edit; } else { $sql_add = "INSERT INTO intranet_phonemessage (\n\t\tmessage_id,\n\t\tmessage_from_id,\n\t\tmessage_from_name,\n\t\tmessage_from_company,\n\t\tmessage_from_number,\n\t\tmessage_for_user,\n\t\tmessage_text,\n\t\tmessage_viewed,\n\t\tmessage_date,\n\t\tmessage_project,\n\t\tmessage_taken\n\t\t) values (\n\t\t'NULL',\n\t\t'{$message_from_id}',\n\t\t'{$message_from_name}',\n\t\t'{$message_from_company}',\n\t\t'{$message_from_number}',\n\t\t'{$message_for_user}',\n\t\t'{$message_text}',\n\t\t'{$message_viewed}',\n\t\t'{$message_date}',\n\t\t'{$message_project}',\n\t\t'{$message_taken}'\n\t\t)"; $result = mysql_query($sql_add, $conn) or die(mysql_error());
$contact_prefix = $_POST[contact_prefix]; $contact_namefirst = CleanUpNames($_POST[contact_namefirst]); $contact_namesecond = CleanUpNames($_POST[contact_namesecond]); $contact_title = $_POST[contact_title]; $contact_company = CleanUpNames($_POST[contact_company]); $contact_telephone = CleanUpPhone($_POST[contact_telephone]); $contact_telephone_home = CleanUpPhone($_POST[contact_telephone_home]); $contact_fax = CleanUpPhone($_POST[contact_fax]); $contact_mobile = CleanUpPhone($_POST[contact_mobile]); $contact_email = CleanUpEmail($_POST[contact_email]); $contact_sector = $_POST[contact_sector]; $contact_reference = CleanUp($_POST[contact_reference]); $contact_department = CleanUp($_POST[contact_department]); $contact_added = time(); $contact_relation = $_POST[contact_relation]; $contact_discipline = $_POST[contact_discipline]; $contact_include = $_POST[contact_include]; $contact_address = CleanUpAddress($_POST[contact_address]); $contact_city = CleanUp($_POST[contact_city]); $contact_county = CleanUp($_POST[contact_county]); $contact_postcode = CleanUpPostcode($_POST[contact_postcode]); $contact_country = $_POST[contact_country]; $contact_added_by = $_COOKIE[user]; // Construct the MySQL instruction to add these entries to the database $sql_add = "INSERT INTO contacts_contactlist (\ncontact_id,\ncontact_prefix,\ncontact_namefirst,\ncontact_namesecond,\ncontact_title,\ncontact_company,\ncontact_telephone,\ncontact_telephone_home,\ncontact_fax,\ncontact_mobile,\ncontact_email,\ncontact_sector,\ncontact_reference,\ncontact_department,\ncontact_added,\ncontact_relation,\ncontact_discipline,\ncontact_include,\ncontact_address,\ncontact_city,\ncontact_county,\ncontact_postcode,\ncontact_country,\ncontact_added_by\n) values (\n'NULL',\n'{$contact_prefix}',\n'{$contact_namefirst}',\n'{$contact_namesecond}',\n'{$contact_title}',\n'{$contact_company}',\n'{$contact_telephone}',\n'{$contact_telephone_home}',\n'{$contact_fax}',\n'{$contact_mobile}',\n'{$contact_email}',\n'{$contact_sector}',\n'{$contact_reference}',\n'{$contact_department}',\n'{$contact_added}',\n'{$contact_relation}',\n'{$contact_discipline}',\n'{$contact_include}',\n'{$contact_address}',\n'{$contact_city}',\n'{$contact_county}',\n'{$contact_postcode}',\n'{$contact_country}',\n'{$contact_added_by}'\n)"; $result = mysql_query($sql_add, $conn) or die(mysql_error()); $contact_id = mysql_insert_id(); $actionmessage = "The entry for contact <b>{$contact_namefirst} {$contact_namesecond}</b> was added successfully."; $techmessage = $sql_add; // $company_id = mysql_affected_rows($result); }
// echo "<p class=\"menu_bar\">Menu goes here</p>"; echo "<input type=\"hidden\" name=\"ts_fee_id\" value=\"{$ts_fee_id}\" />"; } else { $ts_fee_stage = CleanNumber($_POST[ts_fee_stage]); $ts_fee_text = CleanUp($_POST[ts_fee_text]); $ts_fee_value = CleanUp($_POST[ts_fee_value]); if ($_POST[ts_fee_project]) { $ts_fee_project = CleanUp($_POST[ts_fee_project]); } elseif ($_GET[proj_id]) { $ts_fee_project = CleanUp($_GET[proj_id]); } $ts_fee_percentage = CleanNumber($_POST[ts_fee_percentage]); $ts_fee_prospect = CleanNumber($_POST[ts_fee_prospect]); $ts_fee_target = CleanNumber($_POST[ts_fee_target]); $ts_fee_comment = CleanUp($_POST[ts_fee_comment]); $ts_fee_commence = CleanUp($_POST[ts_fee_commence]); if ($_GET[proj_id] != NULL) { $proj_id_page = $_GET[proj_id]; } echo "<h1>Add Fee Stage</h1>"; } echo "<form action=\"index2.php?page=project_fees\" method=\"post\">"; // Begin the invoice entry system $nowtime = time(); if ($ts_fee_time_begin_day > 0) { $nowtime_day = $ts_fee_time_begin_day; $thentime_day = $ts_fee_time_end_day; } else { $nowtime_day = date("d", $nowtime); $thentime_day = date("d", $nowtime); }
require 'fpdf/fpdi.php'; $pdf = new fpdi(); $pagecount = $pdf->setSourceFile("pdf/template.pdf"); $tplidx = $pdf->ImportPage(1); $pdf->addPage(); $pdf->useTemplate($tplidx, 0, 0, 210, 297); $format_font = "century"; $format_font_2 = "Century.php"; $pdf->AddFont($format_font, '', $format_font_2); $format_bg_r = "220"; $format_bg_g = "220"; $format_bg_b = "220"; $format_ln_r = "220"; $format_ln_g = "220"; $format_ln_b = "220"; $blog_id = CleanUp($_GET[blog_id]); // Begin creating the page //Page Title $sql_project = "SELECT * FROM intranet_projects_blog, intranet_user_details, intranet_projects WHERE blog_id = {$blog_id} AND blog_proj = proj_id AND blog_user = user_id LIMIT 1"; $result_project = mysql_query($sql_project, $conn) or die(mysql_error()); $array_project = mysql_fetch_array($result_project); $proj_num = $array_project['proj_num']; $proj_name = $array_project['proj_name']; $blog_title = $array_project['blog_title']; $blog_date = $array_project['blog_date']; $blog_type = $array_project['blog_type']; $blog_text = strip_tags(nl2br(RemoveShit($array_project['blog_text']))); $blog_text = str_replace(" ", " ", $blog_text); $user_name_first = $array_project['user_name_first']; $user_name_second = $array_project['user_name_second']; $blog_text = str_replace("\n", "\n\n", $blog_text);
$row_text = $row_text . "<br />cost_remaining_all = {$cost_remaining_all}"; $row_text = $row_text . "<br />ts_fee_value = {$ts_fee_value}"; $row_text = $row_text . "<br />user_percent = {$user_percent}"; $row_text = $row_text . "<br />user_cost = {$user_cost}"; $row_text = $row_text . "<br />hours_remaining_user = {$hours_remaining_user}"; $row_text = $row_text . "<br />proj_id = {$proj_id}"; $row_text = $row_text . "<br />ts_fee_id = {$ts_fee_id}"; $row_text = $row_text . "<br />ts_hours_total = {$ts_hours_total}"; } } return array($row_text, $row_color); } if ($_GET[listorder] != NULL) { $listorder = $_GET[listorder]; } $active = CleanUp($_GET[active]); if ($active == "0") { $project_active = " AND proj_active = 0"; } elseif ($active == "all") { unset($project_active); } else { $project_active = " AND proj_active = 1 "; } // Create an array which shows the recent projects worked on by the user $timesheet_period = 16; // weeks $timesheet_period = $timesheet_period * 604800; $timesheet_period = time() - $timesheet_period; $sql_timesheet_projects = "SELECT ts_project FROM intranet_timesheet WHERE ts_user = {$_COOKIE['user']} AND ts_datestamp > {$timesheet_period} GROUP BY ts_project"; $result_timesheet_projects = mysql_query($sql_timesheet_projects, $conn) or die(mysql_error()); $array_projects_recent = array();
<?php // Get the list of projects from the database $search = CleanUp($_GET[tender_keyword]); $sql = "SELECT * FROM intranet_tender_answers, intranet_tender WHERE tender_id = answer_tender_id AND answer_question LIKE '%{$search}%' ORDER BY tender_date DESC, answer_ref"; $result = mysql_query($sql, $conn) or die(mysql_error()); $counter = 0; while ($array = mysql_fetch_array($result)) { $answer_id = $array['answer_id']; $answer_ref = $array['answer_ref']; $answer_question = $array['answer_question']; $answer_response = nl2br($array['answer_response']); $answer_words = $array['answer_words']; $answer_weighting = $array['answer_weighting']; $answer_rating = $array['answer_rating']; $tender_id = $array['tender_id']; $tender_name = $array['tender_name']; $tender_date = $array['tender_date']; $tender_type = $array['tender_type']; if ($tender_date > time() and $_GET[edit_question] != $answer_id) { $answer_ref = $answer_ref . " <a href=\"index2.php?page=tender_view&tender_id={$tender_id}&edit_question={$answer_id}#{$answer_id}\"><img src=\"images/button_edit.png\" alt=\"Edit\" /></a>"; } if ($counter == 0) { echo "<h1>Searching: <i>{$search}</i></h1>"; print "<table summary=\"Lists of questions and responses\">"; if ($_GET[question] == "add") { EditForm('', '', '', '', '', $tender_id); echo "</th></tr>"; } } if ($answer_response == NULL) {
<?php // Check that the required values have been entered, and alter the page to show if these values are invalid if ($_POST[company_name] == "") { $alertmessage = "The company name was left empty."; $page = "company_edit"; $action = "add"; } else { // This determines the page to show once the form submission has been successful $page = "company_view"; // Begin to clean up the $_POST submissions $company_id = $_POST[company_id]; $company_name = CleanUpNames($_POST[company_name]); $company_phone = CleanUpPhone($_POST[company_phone]); $company_fax = CleanUpPhone($_POST[company_fax]); $company_address = CleanUpAddress($_POST[company_address]); $company_city = CleanUp($_POST[company_city]); $company_county = CleanUp($_POST[company_county]); $company_postcode = CleanUpPostcode($_POST[company_postcode]); $company_country = $_POST[company_country]; $company_web = str_replace("http://", "", $_POST[company_web]); $company_notes = $_POST[company_notes]; // Construct the MySQL instruction to add these entries to the database $sql_add = "UPDATE contacts_companylist SET\ncompany_name = '{$company_name}',\ncompany_phone = '{$company_phone}',\ncompany_fax = '{$company_fax}',\ncompany_address = '{$company_address}',\ncompany_city = '{$company_city}',\ncompany_county = '{$company_county}',\ncompany_postcode = '{$company_postcode}',\ncompany_country = '{$company_country}',\ncompany_web = '{$company_web}',\ncompany_notes = '{$company_notes}'\nWHERE company_id = '{$company_id}' LIMIT 1\n"; $result = mysql_query($sql_add, $conn) or die(mysql_error()); $actionmessage = "The entry for company <b>{$company_name}</b> was updated successfully."; $techmessage = $sql_add; $company_id = mysql_affected_rows($result); }
$tasklist_percentage_graph = "tasklist_percent_050.gif"; } elseif ($tasklist_percentage == 60) { $tasklist_percentage_graph = "tasklist_percent_060.gif"; } elseif ($tasklist_percentage == 70) { $tasklist_percentage_graph = "tasklist_percent_070.gif"; } elseif ($tasklist_percentage == 80) { $tasklist_percentage_graph = "tasklist_percent_080.gif"; } elseif ($tasklist_percentage == 90) { $tasklist_percentage_graph = "tasklist_percent_090.gif"; } elseif ($tasklist_percentage == 100) { $tasklist_percentage_graph = "tasklist_percent_100.gif"; } // echo the bar chart and make it clickable if it belongs to the current user if ($user_id == $_COOKIE[user]) { if ($_GET[subcat] != NULL) { $task_subcat = CleanUp($_GET[subcat]); } else { $task_subcat = "user"; } echo "\n\t\t\t\t\t\t\t<img src=\"images/{$tasklist_percentage_graph}\" width=\"225\" height=\"17\" border=\"0\" alt=\"\" usemap=\"#task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<map name=\"task_{$tasklist_id}\">\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"201,1,219,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=100&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"181,1,199,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=90&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"161,1,179,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=80&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"141,1,159,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=70&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"121,1,139,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=60&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"101,1,119,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=50&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"81,1,99,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=40&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"61,1,79,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=30&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"41,1,59,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=20&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"21,1,39,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=10&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t<area shape=\"rect\" alt=\"\" coords=\"1,1,19,9\" href=\"index2.php?page=tasklist_view&action=tasklist_change_percent&tasklist_id={$tasklist_id}&tasklist_percent=0&subcat={$task_subcat}#view_task_{$tasklist_id}\" />\n\t\t\t\t\t\t\t</map>\n\t\t\t\t\t\t\t"; } else { echo "<br />\n\t\t\t\t\t\t\t<img src=\"images/{$tasklist_percentage_graph}\" width=\"225\" height=\"17\" border=\"0\" alt=\"\" />"; } echo "</td></tr>"; if ($proj_id != $proj_id_repeat) { $counter = 1; unset($proj_id_repeat); } else { $counter++; } }
<?php // Check that the required values have been entered, and alter the page to show if these values are invalid if ($_POST[tasklist_notes] == "") { $alertmessage = "The task description was left empty."; $status = "tasklist_edit"; $action = "add"; } else { // Begin to clean up the $_POST submissions $tasklist_project = $_POST[tasklist_project]; $tasklist_status = $_POST[tasklist_status]; $tasklist_fee = $_POST[tasklist_fee]; $tasklist_notes = CleanUp($_POST[tasklist_notes]); $tasklist_comment = CleanUp($_POST[tasklist_comment]); $tasklist_updated = time(); $tasklist_added = time(); $tasklist_completed = ""; $tasklist_person = $_POST[tasklist_person]; $tasklist_due = $_POST[tasklist_due]; $tasklist_percentage = $_POST[tasklist_percentage]; if ($_POST[tasklist_id] != NULL) { $sql_edit = "UPDATE intranet_tasklist SET\n\t\ttasklist_project = '{$tasklist_project}',\n\t\ttasklist_contact = '{$tasklist_contact}',\n\t\ttasklist_fee = '{$tasklist_fee}',\n\t\ttasklist_notes = '{$tasklist_notes}',\n\t\ttasklist_updated = '{$tasklist_updated}',\n\t\ttasklist_person = '{$tasklist_person}',\n\t\ttasklist_comment = '{$tasklist_comment}',\n\t\ttasklist_percentage = '{$tasklist_percentage}',\n\t\ttasklist_due = '{$tasklist_due}'\n\t\tWHERE tasklist_id = '{$_POST['tasklist_id']}' LIMIT 1\n\t\t"; $result = mysql_query($sql_edit, $conn) or die(mysql_error()); $actionmessage = "Task updated successfully."; $techmessage = $sql_edit; } else { // Construct the MySQL instruction to add these entries to the database $sql_add = "INSERT INTO intranet_tasklist (\n\t\ttasklist_id,\n\t\ttasklist_project,\n\t\ttasklist_contact,\n\t\ttasklist_fee,\n\t\ttasklist_notes,\n\t\ttasklist_updated,\n\t\ttasklist_added,\n\t\ttasklist_completed,\n\t\ttasklist_person,\n\t\ttasklist_due,\n\t\ttasklist_comment,\n\t\ttasklist_percentage\n\t\t) values (\n\t\t'NULL',\n\t\t'{$tasklist_project}',\n\t\t'{$tasklist_contact}',\n\t\t'{$tasklist_fee}',\n\t\t'{$tasklist_notes}',\n\t\t'',\n\t\t'{$tasklist_added}',\n\t\t'{$tasklist_completed}',\n\t\t'{$tasklist_person}',\n\t\t'{$tasklist_due}',\n\t\t'{$tasklist_comment}',\n\t\t'{$tasklist_percentage}'\n\t\t)"; $result = mysql_query($sql_add, $conn) or die(mysql_error()); $actionmessage = "Task added successfully."; $techmessage = $sql_add;
$alertmessage = "You have entered an invalid number of hours. Please review your submission and try again."; $timesheet_add_date = CleanUp($_POST[timesheet_add_date]); $ts_entry = $timesheet_add_date; $timesheet_add_hours = (double) $_POST[timesheet_add_hours]; $ts_hours = $timesheet_add_hours; $timesheet_add_desc = CleanUp($_POST[timesheet_add_desc]); $ts_desc = $timesheet_add_desc; $timesheet_add_project = CleanUp($_POST[ts_project]); $ts_project = $timesheet_add_project; } else { $nowtime = time(); // Process the incoming data $timesheet_add_project = CleanUp($_POST[ts_project]); $timesheet_add_hours = (double) $_POST[timesheet_add_hours]; $timesheet_add_desc = CleanUp($_POST[timesheet_add_desc]); $timesheet_add_date = CleanUp($_POST[timesheet_add_date]); $timesheet_add_day = date("j", $timesheet_add_date); $timesheet_add_month = date("n", $timesheet_add_date); $timesheet_add_year = date("Y", $timesheet_add_date); // Establish the current overhead rate for the form submission $sql1 = "SELECT * FROM intranet_timesheet_overhead order by overhead_date DESC LIMIT 1"; $result1 = mysql_query($sql1, $conn) or die(mysql_error()); $array1 = mysql_fetch_array($result1); $overhead_rate_latest = $array1['overhead_rate']; // Establish the current hourly rate for the form submission $sql2 = "SELECT user_user_rate FROM intranet_user_details WHERE user_id = '{$viewuser}' LIMIT 1"; $result2 = mysql_query($sql2, $conn) or die(mysql_error()); $array2 = mysql_fetch_array($result2); $rate_value_user = $array2['user_user_rate']; // Calculate the total hourly rate $rate_value = $rate_value_user;
DUS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with DUS. If not, see <http://www.gnu.org/licenses/>. */ // DUS is Dynamic UUID System for Prims // W. Hager founder and project leader include "dus-lib.php"; if (file_exists($DbName)) { $DusArr = load_array_dump($DbName); } else { $DusArr = array(); } if ($Methode == "UPD") { CleanUp(); // remove old records TTL time out if (array_key_exists($objectkey, $DusArr)) { write_log("dus.log", "{$objectkey} Update"); } else { write_log("dus.log", "{$objectkey} Create"); } UpdateRecord($objectkey, $PrimUrl, $PrimTtl); save_array_dump($DbName, $DusArr); } if ($UUID != "") { write_log("dus.log", "{$UUID} Get url"); echo GetUrl($UUID); }
function ProcessFile($file, $region) { global $db; $sql_find = <<<SQL \t\t\tSELECT \t\t\t\tid, \t\t\t\tname \t\t\tFROM \t\t\t\tplaces \t\t\tWHERE \t\t\t\tABS(latitude - ?) < 0.00001 \t\t\t\tAND ABS(longitude - ?) < 0.00001 SQL; if ($stmt_search = $db->prepare($sql_find)) { /* bind parameters for markers */ $stmt_search->bind_param("dd", $latitude_search, $longitude_search); $stmt_search->bind_result($search_id, $search_name); } else { echo htmlspecialchars($db->error); } $sql_insert = <<<SQL \t\t\tINSERT INTO \t\t\t\tplaces \t\t\t\t( \t\t\t\t\tname, \t\t\t\t\tlatitude, \t\t\t\t\tlongitude, \t\t\t\t\tregion, \t\t\t\t\tcategory, \t\t\t\t\temail, \t\t\t\t\ttelephone, \t\t\t\t\taddress, \t\t\t\t\tpostcode, \t\t\t\t\twebsite, \t\t\t\t\tentry_rates, \t\t\t\t\topening_times, \t\t\t\t\trating, \t\t\t\t\tmore_info, \t\t\t\t\tfacilities, \t\t\t\t\tdisabled_facilities, \t\t\t\t\tgood_stuff, \t\t\t\t\tbad_stuff) \t\t\tVALUES \t\t\t\t( \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t?, \t\t\t\t\t? \t\t\t\t) SQL; if ($stmt_insert = $db->prepare($sql_insert)) { /* bind parameters for markers */ $stmt_insert->bind_param("sddsssssssssdsssss", $name, $latitude, $longitude, $region, $category, $email, $telephone, $address, $postcode, $website, $entry_rates, $opening_times, $rating, $more_info, $facilities, $disabled_facilities, $good_stuff, $bad_stuff); // echo 'New record inserted<br><br>'; } else { echo htmlspecialchars($db->error); } $sql_update = <<<SQL \t\t\tUPDATE \t\t\t\tplaces \t\t\tSET \t\t\t\tname = ?, \t\t\t\tlatitude = ?, \t\t\t\tlongitude = ?, \t\t\t\tregion = ?, \t\t\t\tcategory = ?, \t\t\t\temail = ?, \t\t\t\ttelephone = ?, \t\t\t\taddress = ?, \t\t\t\tpostcode = ?, \t\t\t\twebsite = ?, \t\t\t\tentry_rates = ?, \t\t\t\topening_times = ?, \t\t\t\trating = ?, \t\t\t\tmore_info = ?, \t\t\t\tfacilities = ?, \t\t\t\tdisabled_facilities = ?, \t\t\t\tgood_stuff = ?, \t\t\t\tbad_stuff = ? \t\t\tWHERE \t\t\t\tid = ? SQL; if ($stmt_update = $db->prepare($sql_update)) { $stmt_update->bind_param("sddsssssssssdsssssi", $name, $latitude, $longitude, $region, $category, $email, $telephone, $address, $postcode, $website, $entry_rates, $opening_times, $rating, $more_info, $facilities, $disabled_facilities, $good_stuff, $bad_stuff, $update_id); // echo 'New record inserted<br><br>'; } else { echo htmlspecialchars($db->error); } $handle = fopen($file, 'r'); $count = 0; $inserted = 0; $updated = 0; $skipped = 0; $header = fgetcsv($handle); foreach ($header as $index => $field_name) { $slug = str_replace('.', '', str_replace(' ', '_', strtolower($field_name))); $var_name = "csv_{$slug}"; ${$var_name} = $index; } // print_r(get_defined_vars()); // exit; while ($record = fgetcsv($handle)) { if ($count == 0) { $count++; continue; } $name = StripSpace($record[$csv_name]); $latitude = StripSpace($record[$csv_latitude]); $longitude = StripSpace($record[$csv_longitude]); if ($name == '' || $latitude == '' || $longitude == '') { if ($name != '') { echo "skipped: {$name},{$latitude},{$longitude}<br>"; $skipped++; } continue; } $email = Nullable(StripSpace($record[$csv_email]), true); $telephone = CleanUp($record[$csv_telephone]); $address = CleanUp($record[$csv_address]); $postcode = StripSpace($record[$csv_postcode]); $website = StripSpace($record[$csv_website]); $entry_rates = CleanUp($record[$csv_entry_rates]); $opening_times = Nullable(CleanUp($record[$csv_opening_times]), true); $rating = Nullable(StripSpace($record[$csv_rating])); $more_info = StripSpace($record[$csv_more_info]); $facilities = StripSpace($record[$csv_facilities]); $disabled_facilities = StripSpace($record[$csv_disabled_facilities]); $good_stuff = StripSpace($record[$csv_good_stuff]); $bad_stuff = StripSpace($record[$csv_bad_stuff]); $categories = array(); for ($index = $csv_indoor; $index <= $csv_free + 30; $index++) { if (isset($record[$index]) && $record[$index] != '') { $categories[] = $record[$index]; } } $category = CleanUp(implode(',', $categories)); // echo "latlong:$latitude $longitude<br><br>"; $latitude_search = (double) $latitude; $longitude_search = (double) $longitude; $stmt_search->execute(); $match_id = 0; $found_count = 0; while ($stmt_search->fetch()) { if ($search_name == $name) { if ($match_id == 0) { $match_id = $search_id; } } $found_count++; } if ($found_count == 0) { $inserted++; $stmt_insert->execute(); echo "inserted: {$name},{$latitude},{$longitude}<br>"; echo $stmt_insert->error; } elseif ($found_count == 1) { $updated++; if ($match_id != 0) { $update_id = $match_id; $stmt_update->execute(); } echo "updated (location match): {$update_id}, {$name}, {$latitude}, {$longitude}<br>"; } else { if ($match_id != 0) { $updated++; $update_id = $match_id; $stmt_update->execute(); echo "updated (name match): {$update_id}, {$name}, {$latitude}, {$longitude}<br>"; } else { echo "skipped: {$name},{$latitude},{$longitude}<br>"; $skipped++; } } $count++; } echo '<br><br>'; echo $inserted . ' records were inserted<br>'; echo $updated . ' records were updated<br>'; echo $skipped . ' records were skipped<br>'; }
<?php $ts_expense_verified = CleanUp($_GET[time]); if ($user_usertype_current <= 3) { print "<h1 class=\"heading_alert\">Permission Denied</h1><p>You do not have permission to view this page.</p>"; } else { print "<h1>View Verified Expenses</h1>"; // Determine the date a week ago $sql = "SELECT * FROM intranet_timesheet_expense, intranet_projects WHERE ts_expense_project = proj_id AND ts_expense_verified = '{$ts_expense_verified}' order by proj_num, ts_expense_date"; $result = mysql_query($sql, $conn) or die(mysql_error()); if (mysql_num_rows($result) > 0) { $counter = 1; $proj_id_current == NULL; $expense_total = 0; $p11d_total = 0; print "<table summary=\"List of expenses verified\">"; print "<tr><td colspan=\"2\"><strong>Project</strong></td><td><strong>Date</strong></td><td><strong>Description</strong></td><td><strong>User</strong></td><td><strong>Value</strong></td><td><strong>Verified</strong></td><td><strong>Invoiced</strong></td></tr>"; while ($array = mysql_fetch_array($result)) { $ts_expense_project = $array['ts_expense_project']; $ts_expense_value = $array['ts_expense_value']; $ts_expense_date = $array['ts_expense_date']; $ts_expense_desc = htmlspecialchars($array['ts_expense_desc']); $ts_expense_user = UserDetails($array['ts_expense_user']); $ts_expense_verified = $array['ts_expense_verified']; $ts_expense_vat = $array['ts_expense_vat']; $ts_expense_id = $array['ts_expense_id']; $ts_expense_invoiced = $array['ts_expense_invoiced']; $ts_expense_reimburse = $array['ts_expense_reimburse']; $ts_expense_p11d = $array['ts_expense_p11d']; $proj_id = $array['proj_id']; $proj_num = $array['proj_num'];
$category_js = ''; } elseif (isset($_POST['entry']) && $_POST['id'] != '0') { //echo '<pre>';print_r($_POST);echo '</pre>';exit; $id = $_POST['id']; $name = StripSpace($_POST['name']); $latitude = StripSpace($_POST['latitude']); $longitude = StripSpace($_POST['longitude']); $region = Nullable(StripSpace($_POST['region']), true); $category = $_POST['category_list']; $email = Nullable(StripSpace($_POST['email']), true); $telephone = CleanUp($_POST['telephone']); $address = CleanUp($_POST['address']); $postcode = StripSpace($_POST['postcode']); $website = StripSpace($_POST['website']); $entry_rates = CleanUp($_POST['entry_rates']); $opening_times = Nullable(CleanUp($_POST['opening_times']), true); $rating = Nullable(StripSpace($_POST['rating'])); $more_info = StripSpace($_POST['more_info']); $facilities = StripSpace($_POST['facilities']); $disabled_facilities = StripSpace($_POST['disabled_facilities']); $good_stuff = StripSpace($_POST['good_stuff']); $bad_stuff = StripSpace($_POST['bad_stuff']); $sql = <<<SQL \t\t\tUPDATE \t\t\t\tplaces \t\t\tSET \t\t\t\t`name` = ?, \t\t\t\t`latitude` = ?, \t\t\t\t`longitude` = ?, \t\t\t\t`region` = ?, \t\t\t\t`category` = ?,
$alertmessage = "The title was left empty."; $page = "blog_edit"; $action = "add"; $proj_id = $_POST[blog_proj]; } else { // This determines the page to show once the form submission has been successful $page = "blog_view"; // Begin to clean up the $_POST submissions $blog_id = CleanUp($_POST[blog_id]); $blog_user = CleanUp($_POST[blog_user]); $blog_date = CleanUp($_POST[blog_date]); $blog_proj = CleanUp($_POST[blog_proj]); $blog_text = addslashes($_POST[blog_text]); $blog_view = CleanUp($_POST[blog_view]); $blog_title = CleanUp($_POST[blog_title]); $blog_type = CleanUp($_POST[blog_type]); $blog_contact = CleanNumber($_POST[blog_contact]); $blog_link = CleanUp($_POST[blog_link]); $blog_task = CleanUp($_POST[blog_task]); $blog_date_minute = CleanNumber($_POST[blog_date_minute]); $blog_date_hour = CleanNumber($_POST[blog_date_hour]); $blog_date_day = CleanNumber($_POST[blog_date_day]); $blog_date_month = CleanNumber($_POST[blog_date_month]); $blog_date_year = CleanNumber($_POST[blog_date_year]); $blog_date = mktime($blog_date_hour, $blog_date_minute, 0, $blog_date_month, $blog_date_day, $blog_date_year); // Construct the MySQL instruction to add these entries to the database $sql_add = "UPDATE intranet_projects_blog SET\nblog_user = '******',\nblog_date = '{$blog_date}',\nblog_proj = '{$blog_proj}',\nblog_text = '{$blog_text}',\nblog_view = '{$blog_view}',\nblog_title = '{$blog_title}',\nblog_type = '{$blog_type}',\nblog_contact = '{$blog_contact}',\nblog_link = '{$blog_link}',\nblog_task = '{$blog_task}'\nWHERE blog_id = '{$blog_id}' LIMIT 1\n"; $result = mysql_query($sql_add, $conn) or die(mysql_error()); $actionmessage = "The blog entry was edited successfully."; $techmessage = $sql_add; }
<?php // Begin to clean up the $_POST submissions $revision_id = $_POST[revision_id]; $revision_letter = CleanUp($_POST[revision_letter]); $revision_desc = CleanUp($_POST[revision_desc]); $revision_date_value = $_POST[revision_date_value]; $revision_date_value = explode("-", $revision_date_value); $revision_date_day = intval($revision_date_value[2]); $revision_date_month = intval($revision_date_value[1]); $revision_date_year = intval($revision_date_value[0]); $revision_author = intval($_POST[revision_author]); $revision_drawing = intval($_POST[revision_drawing]); // Check that the required values have been entered, and alter the page to show if these values are invalid if ($revision_desc == "") { $alertmessage = "The drawing number was left empty."; $page_redirect = "drawings_revision_edit"; } else { // Convert the date to a time $revision_date = mktime(12, 0, 0, $revision_date_month, $revision_date_day, $revision_date_year); // Construct the MySQL instruction to add these entries to the database if ($revision_id > 0) { $sql_edit = "UPDATE intranet_drawings_revision SET\n\t\trevision_letter = '{$revision_letter}',\n\t\trevision_desc = '{$revision_desc}',\n\t\trevision_date = '{$revision_date}',\n\t\trevision_author = '{$revision_author}',\n\t\trevision_drawing = '{$revision_drawing}'\n\t\tWHERE revision_id = {$revision_id} LIMIT 1"; //echo "<p>" . $sql_edit . "</p>"; $result = mysql_query($sql_edit, $conn) or die(mysql_error()); $actionmessage = "Revision updated successfully."; $techmessage = $sql_edit; } else { $sql_add = "INSERT INTO intranet_drawings_revision (\n\t\trevision_id,\n\t\trevision_letter,\n\t\trevision_desc,\n\t\trevision_date,\n\t\trevision_author,\n\t\trevision_drawing\n\t\t) values (\n\t\t'NULL',\n\t\t'{$revision_letter}',\n\t\t'{$revision_desc}',\n\t\t'{$revision_date}',\n\t\t'{$revision_author}',\n\t\t'{$revision_drawing}'\n\t\t)"; //echo "<p>" . $sql_add . "</p>"; $result = mysql_query($sql_add, $conn) or die(mysql_error());
<?php print "<h1>Search</h1>"; // Construct search terms if ($_GET[keywords] != NULL) { $keywords = $_GET[keywords]; } elseif ($_POST[keywords] != NULL) { $keywords = CleanUp($_POST[keywords]); } if (strlen($keywords) > 2) { $keywords_array = explode(" ", $keywords); function SearchTerms($search_text, $search_field) { $counter = 0; $max_count = count($search_text); while ($counter < $max_count) { if ($counter > 0) { $searching_blog = $searching_blog . " AND {$search_field} LIKE "; } $searching_blog = $searching_blog . "'%" . $search_text[$counter] . "%'"; $counter++; } $searching_blog = "{$search_field} LIKE " . $searching_blog; return $searching_blog; } // Begin printing the results tables print "<h2>Searching: {$keywords}</h2>"; print "<table summary=\"List of results for search terms chosen\">"; $firstcol_width = " width=\"140\" "; // Journal Entries print "<tr><td colspan=\"2\"><strong>Journal Entries</strong></td></tr>";
$current_vat = $vat_value_included / 100 + 1; } else { $current_vat = $settings_vat / 100 + 1; } $ts_expense_vat = $ts_expense_value; $ts_expense_value = 1 / $current_vat * $ts_expense_value; } else { $ts_expense_vat = $ts_expense_value; } $ts_expense_vat = round($ts_expense_vat, 2); $ts_expense_desc = CleanUp($_POST[ts_expense_desc]); $ts_expense_verified = 0; $ts_expense_invoiced = $_POST[ts_expense_invoiced]; $ts_expense_receipt = $_POST[ts_expense_receipt]; $ts_expense_reimburse = $_POST[ts_expense_reimburse]; $ts_expense_notes = CleanUp($_POST[ts_expense_notes]); $ts_expense_category = CleanNumber($_POST[ts_expense_category]); // Check the date input if (checkdate($ts_expense_month, $ts_expense_day, $ts_expense_year) != TRUE) { $alertmessage = "The date entered is invalid."; $page_redirect = "timesheet_expense_edit"; } elseif ($_POST[ts_expense_desc] == "") { $alertmessage = "The description was left empty."; $page_redirect = "timesheet_expense_edit"; } elseif ($_POST[ts_expense_value] == "") { $alertmessage = "The expenses value was left empty."; $page_redirect = "timesheet_expense_edit"; } else { // Convert the date to a time $ts_expense_date = mktime(12, 0, 0, $ts_expense_month, $ts_expense_day, $ts_expense_year); // Construct the MySQL instruction to add these entries to the database
$format_font = $settings_pdffont; $format_font_2 = $settings_pdffont . ".php"; } else { $format_font = "franklingothicbook"; $format_font_2 = "franklingothicbook.php"; } if ($_GET[invoice_id] != NULL) { $invoice_id = CleanNumber($_GET[invoice_id]); $viewall = ""; } elseif ($_POST[viewall] != NULL) { $viewall = "yes"; } else { header("Location: ../index2.php"); } if ($_POST[order_by] != NULL) { $order_by = CleanUp($_POST[order_by]); } else { $order_by = "invoice_id"; } if ($_POST[account_id] != NULL) { $account_test = "AND invoice_account = " . CleanNumber($_POST[account_id]); } // Use FDPI to get the template define('FPDF_FONTPATH', 'fpdf/font/'); require 'fpdf/fpdi.php'; $pdf = new fpdi(); $pagecount = $pdf->setSourceFile("pdf/template.pdf"); $tplidx = $pdf->ImportPage(1); $pdf->AddFont($format_font, '', $format_font_2); $counter = 1; if ($viewall == "yes") {
<?php unset($alertmessage); // Begin to clean up the $_POST submissions $answer_id = CleanNumber($_POST[answer_id]); $answer_words = CleanNumber($_POST[answer_words]); $answer_question = addslashes($_POST[answer_question]); $answer_ref = CleanUp($_POST[answer_ref]); $answer_tender_id = CleanNumber($_POST[answer_tender_id]); $answer_weighting = CleanUp($_POST[answer_weighting]); // Check that the required values have been entered, and alter the page to show if these values are invalid if ($answer_ref == NULL or $answer_question == NULL) { $alertmessage = "Empty fields are not allowed"; $page_redirect = "index2.php?page=tender_view&tender_id=2&edit_question={$answer_id}"; } if ($alertmessage == NULL) { // Construct the MySQL instruction to add these entries to the database if ($answer_id > 0) { $sql_edit = "UPDATE intranet_tender_answers SET\n\t\tanswer_ref = '{$answer_ref}',\n\t\tanswer_words = '{$answer_words}',\n\t\tanswer_question = '{$answer_question}',\n\t\tanswer_weighting = '{$answer_weighting}'\n\t\tWHERE answer_id = '{$answer_id}' LIMIT 1"; $result = mysql_query($sql_edit, $conn) or die(mysql_error()); $actionmessage = "Response updated successfully."; $techmessage = $sql_edit; } else { $sql_add = "INSERT INTO intranet_tender_answers (\n\t\tanswer_id,\n\t\tanswer_ref,\n\t\tanswer_words,\n\t\tanswer_wordcount,\n\t\tanswer_question,\n\t\tanswer_weighting,\n\t\tanswer_complete,\n\t\tanswer_tender_id\n\t\t) values (\n\t\t'NULL',\n\t\t'{$answer_ref}',\n\t\t'{$answer_words}',\n\t\t'0',\n\t\t'{$answer_question}',\n\t\t'{$answer_weighting}',\n\t\t'',\n\t\t'{$answer_tender_id}'\n\t\t)"; $result = mysql_query($sql_add, $conn) or die(mysql_error()); $actionmessage = "Response added successfully."; $techmessage = $sql_add; } }
$pdf = new fpdi(); $pagecount = $pdf->setSourceFile("pdf/template.pdf"); $tplidx = $pdf->ImportPage(1); $pdf->addPage(); $pdf->useTemplate($tplidx, 0, 0, 210, 297); $format_font = "century"; $format_font_2 = "Century.php"; $pdf->AddFont($format_font, '', $format_font_2); $format_bg_r = "220"; $format_bg_g = "220"; $format_bg_b = "220"; $format_ln_r = "220"; $format_ln_g = "220"; $format_ln_b = "220"; $current_date = TimeFormat(time()); $proj_id = CleanUp($_GET[proj_id]); // Begin creating the page //Page Title $sql_proj = "SELECT * FROM intranet_projects WHERE proj_id = {$proj_id} LIMIT 1"; $result_proj = mysql_query($sql_proj, $conn) or die(mysql_error()); $array_proj = mysql_fetch_array($result_proj); $proj_num = $array_proj['proj_num']; $proj_name = $array_proj['proj_name']; $sheet_title = "Project Checklist"; $pdf->SetXY(10, 45); $pdf->SetFont($format_font, '', 24); $pdf->SetTextColor(0, 0, 0); $pdf->SetDrawColor(0, 0, 0); $pdf->Cell(0, 10, $sheet_title); $pdf->SetXY(10, 55); $pdf->SetFont($format_font, '', 14);
<?php if ($_POST[listmax] != "") { setcookie("listmax", CleanUp($_POST[listmax])); $listmax = CleanUp($_POST[listmax]); } elseif ($_COOKIE[listmax] != "") { $listmax = $_COOKIE[listmax]; } else { $listmax = 5; }
} else { // This determines the page to show once the form submission has been successful $status = "team_add"; // Begin to clean up the $_POST submissions $user_password = md5(CleanUp($_POST[user_password_1])); $user_username = CleanUp($_POST[user_username]); $user_address_1 = CleanUpAddress($_POST[user_address_1]); $user_address_2 = CleanUpAddress($_POST[user_address_2]); $user_address_3 = CleanUpAddress($_POST[user_address_3]); $user_address_town = CleanUpAddress($_POST[user_address_town]); $user_address_postcode = CleanUpPostcode($_POST[user_address_postcode]); $user_address_county = CleanUpAddress($_POST[user_address_county]); $user_name_first = CleanUpNames($_POST[user_name_first]); $user_name_second = CleanUpNames($_POST[user_name_second]); $user_num_extension = CleanUp($_POST[user_num_extension]); $user_num_home = CleanUpPhone($_POST[user_num_home]); $user_num_mob = CleanUpPhone($_POST[user_num_mob]); $user_email = CleanUpEmail($_POST[user_email]); $user_user_rate = CleanUp($_POST[user_user_rate]); $user_user_added = time(); $user_timesheet = CleanUp($_POST[user_timesheet]); $user_holidays = CleanUp($_POST[user_holidays]); $user_active = CleanUp($_POST[user_active]); $user_usertype = CleanUp($_POST[user_usertype]); // Construct the MySQL instruction to add these entries to the database $sql_add = "INSERT INTO intranet_user_details (\nuser_id,\nuser_password,\nuser_address_county,\nuser_address_postcode,\nuser_address_town,\nuser_address_3,\nuser_address_2,\nuser_address_1,\nuser_name_first,\nuser_name_second,\nuser_num_extension,\nuser_num_mob,\nuser_num_home,\nuser_email,\nuser_usertype,\nuser_active,\nuser_username,\nuser_user_rate,\nuser_user_added,\nuser_user_timesheet,\nuser_holidays\n) values (\n'NULL',\n'{$user_password}',\n'{$user_address_county}',\n'{$user_address_postcode}',\n'{$user_address_town}',\n'{$user_address_3}',\n'{$user_address_2}',\n'{$user_address_1}',\n'{$user_name_first}',\n'{$user_name_second}',\n'{$user_num_extension}',\n'{$user_num_mob}',\n'{$user_num_home}',\n'{$user_email}',\n'{$user_usertype}',\n'{$user_active}',\n'{$user_username}',\n'{$user_user_rate}',\n'{$user_user_added}',\n'{$user_user_timesheet}',\n'{$user_holidays}'\n)"; print $sql_add; $result = mysql_query($sql_add, $conn) or die(mysql_error()); $actionmessage = "User added successfully."; $techmessage = $sql_add; }
<?php // Begin to clean up the $_POST submissions $invoice_item_value_novat = CleanNumber($_POST[invoice_value_novat]); $invoice_item_invoice = CleanNumber($_POST[invoice_item_invoice]); $invoice_item_vat = CleanNumber($_POST[invoice_item_vat]); $invoice_item_novat = CleanUp($_POST[invoice_item_novat]); $invoice_item_stage = CleanNumber($_POST[invoice_item_stage]); $invoice_item_desc = CleanUp($_POST[invoice_item_desc]); $current_vat = $settings_vat / 100 + 1; if ($invoice_item_vat == 1) { $invoice_item_vat = $invoice_item_novat * $current_vat; } else { $invoice_item_vat = $invoice_item_novat; } // Check the date input if ($invoice_item_desc == NULL) { $alertmessage = "The description is empty."; $page = "timesheet_invoice_item_edit"; } else { // Convert the date to a time if ($_POST[invoice_item_id] != NULL) { $sql_edit = "UPDATE intranet_timesheet_invoice_item SET\n\t\t\t\t\t\tinvoice_item_invoice = '{$invoice_item_invoice}',\n\t\t\t\t\t\tinvoice_item_stage = '{$invoice_item_stage}',\n\t\t\t\t\t\tinvoice_item_desc = '{$invoice_item_desc}',\n\t\t\t\t\t\tinvoice_item_novat = '{$invoice_item_novat}',\n\t\t\t\t\t\tinvoice_item_vat = '{$invoice_item_vat}'\n\t\t\t\t\t\tWHERE invoice_item_id = '{$_POST['invoice_item_id']}' LIMIT 1"; $result = mysql_query($sql_edit, $conn) or die(mysql_error()); $actionmessage = "Invoice {$invoice_ref} updated successfully."; $techmessage = $sql_edit; } else { // Construct the MySQL instruction to add these entries to the database $sql_add = "INSERT INTO intranet_timesheet_invoice_item (\n\t\t\t\t\t\tinvoice_item_id,\n\t\t\t\t\t\tinvoice_item_invoice,\n\t\t\t\t\t\tinvoice_item_stage,\n\t\t\t\t\t\tinvoice_item_desc,\n\t\t\t\t\t\tinvoice_item_novat,\n\t\t\t\t\t\tinvoice_item_vat\n\t\t\t\t\t\t) values (\n\t\t\t\t\t\t'NULL',\n\t\t\t\t\t\t'{$invoice_item_invoice}',\n\t\t\t\t\t\t'{$invoice_item_stage}',\n\t\t\t\t\t\t'{$invoice_item_desc}',\n\t\t\t\t\t\t'{$invoice_item_novat}',\n\t\t\t\t\t\t'{$invoice_item_vat}'\n\t\t\t\t\t\t)"; $result = mysql_query($sql_add, $conn) or die(mysql_error()); $actionmessage = "Invoice {$invoice_ref} added successfully.";
<?php $contact_proj_id = $_POST[contact_proj_id]; $contact_proj_role = CleanNumber($_POST[contacts_discipline]); $contact_proj_contact = CleanNumber($_POST[contact_proj_contact]); $contact_proj_note = CleanUp($_POST[contact_proj_note]); $contact_proj_company = CleanNumber($_POST[contact_proj_company]); if ($contact_proj_id > 0) { $sql_edit = "UPDATE intranet_contacts_project SET\n\t\tcontact_proj_role = '{$contact_proj_role}',\n\t\tcontact_proj_contact = '{$contact_proj_contact}',\n\t\tcontact_proj_note = '{$contact_proj_note}',\n\t\tcontact_proj_company = '{$contact_proj_company}'\n\t\tWHERE contact_proj_id = '{$contact_proj_id}' LIMIT 1"; $result = mysql_query($sql_edit, $conn) or die(mysql_error()); $actionmessage = "Project contact updated successfully."; $techmessage = $sql_edit; }
$issue_set = time(); $total = 0; // Establish the two arrays from the submission page $array_contact_id = $_POST['contact_id']; $array_company_id = $_POST['company_id']; $array_issue_to = $_POST['issue_to']; $array_drawing = $_POST['drawing_id']; $array_revision = $_POST['revision_id']; $array_issued = $_POST['drawing_issued']; $issue_method = $_POST['issue_method']; $issue_format = $_POST['issue_format']; $issue_comment = $_POST['issue_comment']; $issue_project = $_POST['issue_project']; $issue_checked = $_POST['set_checked']; if ($_POST[issue_reason] == NULL) { $issue_reason = CleanUp($_POST[issue_revision_other]); } else { $issue_reason = $_POST[issue_reason]; } $issue_timestamp = time(); // First add the actual drawing set to the database $sql_set = "INSERT INTO intranet_drawings_issued_set (\n\t\t\t\t\tset_id,\n\t\t\t\t\tset_date,\n\t\t\t\t\tset_project,\n\t\t\t\t\tset_reason,\n\t\t\t\t\tset_user,\n\t\t\t\t\tset_comment,\n\t\t\t\t\tset_timestamp,\n\t\t\t\t\tset_method,\n\t\t\t\t\tset_format,\n\t\t\t\t\tset_checked\n\t\t\t\t\t) values (\n\t\t\t\t\t'NULL',\n\t\t\t\t\t'{$issue_date}',\n\t\t\t\t\t'{$issue_project}',\n\t\t\t\t\t'{$issue_reason}',\n\t\t\t\t\t'{$_COOKIE['user']}',\n\t\t\t\t\t'{$issue_comment}',\n\t\t\t\t\t'{$issue_timestamp}',\n\t\t\t\t\t'{$issue_method}',\n\t\t\t\t\t'{$issue_format}',\n\t\t\t\t\t'{$issue_checked}'\n\t\t\t\t\t)"; $result_set = mysql_query($sql_set, $conn) or die(mysql_error()); $issue_set = mysql_insert_id(); // Loop through each of the contacts selected $count = 0; while ($count < count($array_contact_id)) { $issue_contact = $array_contact_id[$count]; $issue_company = $array_company_id[$count]; $issue_to = $array_issue_to[$count]; //echo "<p>Contact: $issue_contact, Company: $issue_company</p>";