function getProductById()
{
$sql = "SELECT * FROM oe_product WHERE productId = :productId";
$namedParameters = array();
$namedParameters[':productId'] = $_GET['productId'];
$record = fetchRecord($sql, $namedParameters);
return $record;
}
function createForm($strFunc, $strList, $strForm)
{
require "form_switch.php";
if (!sesAccessLevel($levelsAllowed) && !sesAdminAccess()) {
?>
<div class="form_container ui-widget-content">
<?php
echo $GLOBALS['locNoAccess'] . "\n";
?>
</div>
<?php
return;
}
$blnNew = getPostRequest('newact', FALSE);
$blnCopy = getPostRequest('copyact', FALSE) ? TRUE : FALSE;
$blnDelete = getPostRequest('deleteact', FALSE) ? TRUE : FALSE;
$intKeyValue = getPostRequest('id', FALSE);
if (!$intKeyValue) {
$blnNew = TRUE;
}
if (!sesWriteAccess() && ($blnNew || $blnCopy || $blnDelete)) {
?>
<div class="form_container ui-widget-content">
<?php
echo $GLOBALS['locNoAccess'] . "\n";
?>
</div>
<?php
return;
}
$strMessage = '';
if (isset($_SESSION['formMessage']) && $_SESSION['formMessage']) {
$strMessage = $GLOBALS['loc' . $_SESSION['formMessage']];
unset($_SESSION['formMessage']);
}
$strErrorMessage = '';
if (isset($_SESSION['formErrorMessage']) && $_SESSION['formErrorMessage']) {
$strErrorMessage = $GLOBALS['loc' . $_SESSION['formErrorMessage']];
unset($_SESSION['formErrorMessage']);
}
// if NEW is clicked clear existing form data
if ($blnNew) {
unset($intKeyValue);
unset($astrValues);
unset($_POST);
unset($_REQUEST);
$readOnlyForm = false;
}
$astrValues = getPostValues($astrFormElements, isset($intKeyValue) ? $intKeyValue : FALSE);
$redirect = getRequest('redirect', null);
if (isset($redirect)) {
// Redirect after save
foreach ($astrFormElements as $elem) {
if ($elem['name'] == $redirect) {
if ($elem['style'] == 'redirect') {
$newLocation = str_replace('_ID_', $intKeyValue, $elem['listquery']);
} elseif ($elem['style'] == 'openwindow') {
$openWindow = str_replace('_ID_', $intKeyValue, $elem['listquery']);
}
}
}
}
if ($blnDelete && $intKeyValue && !$readOnlyForm) {
deleteRecord($strTable, $intKeyValue);
unset($intKeyValue);
unset($astrValues);
$blnNew = TRUE;
if (getSetting('auto_close_after_delete')) {
$qs = preg_replace('/&form=\\w*/', '', $_SERVER['QUERY_STRING']);
$qs = preg_replace('/&id=\\w*/', '', $qs);
header("Location: " . _PROTOCOL_ . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?{$qs}");
return;
}
?>
<div class="form_container ui-widget-content">
<?php
echo $GLOBALS['locRecordDeleted'] . "\n";
?>
</div>
<?php
return;
}
if (isset($intKeyValue) && $intKeyValue) {
$res = fetchRecord($strTable, $intKeyValue, $astrFormElements, $astrValues);
if ($res === 'deleted') {
$strMessage .= $GLOBALS['locDeletedRecord'] . '<br>';
} elseif ($res === 'notfound') {
echo $GLOBALS['locEntryDeleted'];
die;
}
}
if ($blnCopy) {
unset($intKeyValue);
unset($_POST);
$blnNew = TRUE;
$readOnlyForm = false;
}
?>
<div id="popup_dlg" style="display: none; width: 900px; overflow: hidden">
<iframe id="popup_dlg_iframe" src="about:blank" style="width: 100%; height: 100%; overflow: hidden; border: 0"></iframe>
</div>
<?php
if (isset($popupHTML)) {
echo $popupHTML;
}
?>
<div class="form_container">
<?php
createFormButtons($blnNew, $copyLinkOverride, true, $readOnlyForm);
?>
<div class="form">
<form method="post" name="admin_form" id="admin_form">
<input type="hidden" name="copyact" value="0">
<input type="hidden" name="newact" value="<?php
echo $blnNew ? 1 : 0;
?>
">
<input type="hidden" name="deleteact" value="0">
<input type="hidden" name="redirect" id="redirect" value="">
<input type="hidden" id="record_id" name="id" value="<?php
echo isset($intKeyValue) && $intKeyValue ? $intKeyValue : '';
?>
">
<table>
<?php
$haveChildForm = false;
$prevPosition = false;
$prevColSpan = 1;
$rowOpen = false;
$formFieldMode = sesWriteAccess() && !$readOnlyForm ? 'MODIFY' : 'READONLY';
foreach ($astrFormElements as $elem) {
if ($elem['type'] === false) {
continue;
}
$fieldMode = isset($elem['read_only']) && $elem['read_only'] ? 'READONLY' : $formFieldMode;
if ($elem['type'] == "LABEL") {
if ($rowOpen) {
echo " </tr>\n";
}
$rowOpen = false;
?>
<tr>
<td class="sublabel ui-widget-header ui-state-default" colspan="4">
<?php
echo $elem['label'];
?>
</td>
</tr>
<?php
continue;
}
if ($elem['position'] == 0 || $elem['position'] <= $prevPosition) {
$prevPosition = 0;
$prevColSpan = 1;
echo " </tr>\n";
$rowOpen = false;
}
if ($elem['type'] != "IFORM") {
if (!$rowOpen) {
$rowOpen = true;
echo " <tr>\n";
}
if ($prevPosition !== FALSE && $elem['position'] > 0) {
for ($i = $prevPosition + $prevColSpan; $i < $elem['position']; $i++) {
echo " <td class=\"label\"> </td>\n";
}
}
if ($elem['position'] == 0 && !strstr($elem['type'], "HID_")) {
$strColspan = "colspan=\"3\"";
$intColspan = 3;
} elseif ($elem['position'] == 1 && !strstr($elem['type'], "HID_")) {
$strColspan = '';
$intColspan = 2;
} else {
$intColspan = 2;
}
}
if ($blnNew && ($elem['type'] == 'BUTTON' || $elem['type'] == 'JSBUTTON' || $elem['type'] == 'IMAGE')) {
echo " <td class=\"label\"> </td>";
} elseif ($elem['type'] == "BUTTON" || $elem['type'] == "JSBUTTON") {
$intColspan = 1;
?>
<td class="button">
<?php
echo htmlFormElement($elem['name'], $elem['type'], $astrValues[$elem['name']], $elem['style'], $elem['listquery'], $fieldMode, $elem['parent_key'], $elem['label'], array(), isset($elem['elem_attributes']) ? $elem['elem_attributes'] : '', isset($elem['options']) ? $elem['options'] : null);
?>
</td>
<?php
} elseif ($elem['type'] == "FILLER") {
$intColspan = 1;
?>
<td>
</td>
<?php
} elseif ($elem['type'] == "HID_INT" || strstr($elem['type'], "HID_")) {
?>
<?php
echo htmlFormElement($elem['name'], $elem['type'], $astrValues[$elem['name']], $elem['style'], $elem['listquery'], $fieldMode, $elem['parent_key'], $elem['label']);
} elseif ($elem['type'] == "IMAGE") {
?>
<td class="image" colspan="<?php
echo $intColspan;
?>
">
<?php
echo htmlFormElement($elem['name'], $elem['type'], $astrValues[$elem['name']], $elem['style'], $elem['listquery'], $fieldMode, $elem['parent_key'], $elem['label'], array(), isset($elem['elem_attributes']) ? $elem['elem_attributes'] : '', isset($elem['options']) ? $elem['options'] : null);
?>
</td>
<?php
} elseif ($elem['type'] == "IFORM") {
if ($rowOpen) {
echo " </tr>\n";
}
echo " </table>\n </form>\n";
$haveChildForm = true;
createIForm($astrFormElements, $elem, isset($intKeyValue) ? $intKeyValue : 0, $blnNew, $strForm);
break;
} else {
$value = $astrValues[$elem['name']];
if ($elem['style'] == 'measurement') {
$value = $value ? miscRound2Decim($value, 2) : '';
}
if ($elem['type'] == 'AREA') {
?>
<td class="toplabel"><?php
echo $elem['label'];
?>
</td>
<?php
} else {
?>
<td id="<?php
echo htmlentities($elem['name']) . '_label';
?>
" class="label"<?php
if (isset($elem['title'])) {
echo ' title="' . $elem['title'] . '"';
}
?>
><?php
echo $elem['label'];
?>
</td>
<?php
}
?>
<td class="field"<?php
echo $strColspan ? " {$strColspan}" : '';
?>
>
<?php
echo htmlFormElement($elem['name'], $elem['type'], $value, $elem['style'], $elem['listquery'], $fieldMode, isset($elem['parent_key']) ? $elem['parent_key'] : '', '', array(), isset($elem['elem_attributes']) ? $elem['elem_attributes'] : '', isset($elem['options']) ? $elem['options'] : null);
if (isset($elem['attached_elem'])) {
echo ' ' . $elem['attached_elem'] . "\n";
}
?>
</td>
<?php
}
$prevPosition = is_int($elem['position']) ? $elem['position'] : 0;
if ($prevPosition == 0) {
$prevPosition = 255;
}
$prevColSpan = $intColspan;
}
if (!$haveChildForm) {
if ($rowOpen) {
echo " </tr>\n";
}
echo " </table>\n </form>\n";
}
if ($strForm == 'product') {
// Special case for product: show stock balance change log
?>
<div class="iform ui-corner-tl ui-corner-bl ui-corner-br ui-corner-tr ui-helper-clearfix" id="stock_balance_log">
<div class="ui-corner-tl ui-corner-tr fg-toolbar ui-toolbar ui-widget-header"><?php
echo $GLOBALS['locStockBalanceUpdates'];
?>
</div>
<table id="stock_balance_change_log">
<tr>
<th class="medium"><?php
echo $GLOBALS['locHeaderChangeLogDateTime'];
?>
</th>
<th class="medium"><?php
echo $GLOBALS['locHeaderChangeLogUser'];
?>
</th>
<th class="small"><?php
echo $GLOBALS['locHeaderChangeLogAmount'];
?>
</th>
<th class="long"><?php
echo $GLOBALS['locHeaderChangeLogDescription'];
?>
</th>
</tr>
</table>
</div>
</div>
<?php
}
?>
</div>
<script type="text/javascript">
/* <![CDATA[ */
var globals = {};
$(window).bind('beforeunload', function(e) {
if ($('.save_button').hasClass('ui-state-highlight') || $('.add_row_button').hasClass('ui-state-highlight'))
{
e.returnValue = "<?php
echo $GLOBALS['locUnsavedData'];
?>
";
return "<?php
echo $GLOBALS['locUnsavedData'];
?>
";
}
});
function showmsg(msg, timeout)
{
$.floatingMessage("<span>" + msg + "</span>", {
position: "top-right",
className: "ui-widget ui-state-highlight",
show: "show",
hide: "fade",
stuffEaseTime: 200,
moveEaseTime: 0,
time: typeof(timeout) != 'undefined' ? timeout : 5000
});
}
function errormsg(msg, timeout)
{
$.floatingMessage("<span>" + msg + "</span>", {
position: "top-right",
className: "ui-widget ui-state-error",
show: "show",
hide: "fade",
stuffEaseTime: 200,
moveEaseTime: 0,
time: typeof(timeout) != 'undefined' ? timeout : 5000
});
}
$(document).ready(function() {
<?php
if ($strMessage) {
?>
showmsg("<?php
echo $strMessage;
?>
");
<?php
}
if ($strErrorMessage) {
?>
errormsg("<?php
echo $strErrorMessage;
?>
");
<?php
}
if ($strForm == 'product') {
?>
update_stock_balance_log();
<?php
}
if (sesWriteAccess()) {
?>
$('input[class~="hasCalendar"]').datepicker();
<?php
}
?>
$('#message').ajaxStart(function() {
$('#spinner').css('visibility', 'visible');
});
$('#message').ajaxStop(function() {
$('#spinner').css('visibility', 'hidden');
});
$('#errormsg').ajaxError(function(event, request, settings) {
errormsg('Server request failed: ' + request.status + ' - ' + request.statusText);
$('#spinner').css('visibility', 'hidden');
});
$('#admin_form').find('input[type="text"],input[type="hidden"],input[type="checkbox"],select,textarea').change(function() { $('.save_button').addClass('ui-state-highlight'); });
<?php
if ($haveChildForm && !$blnNew) {
?>
init_rows();
$('#iform').find('input[type="text"],input[type="hidden"],input[type="checkbox"],select,textarea').change(function() { $('.add_row_button').addClass('ui-state-highlight'); });
<?php
} elseif (isset($newLocation)) {
echo "window.location='{$newLocation}';";
}
if (isset($openWindow)) {
echo "window.open('{$openWindow}');";
}
?>
});
<?php
if ($haveChildForm && !$blnNew) {
?>
function init_rows_done()
{
<?php
if (isset($newLocation)) {
echo "window.location='{$newLocation}';";
}
?>
}
<?php
}
?>
function save_record(redirect_url, redir_style)
{
var form = document.getElementById('admin_form');
var obj = new Object();
<?php
foreach ($astrFormElements as $elem) {
if ($elem['name'] && !in_array($elem['type'], array('HID_INT', 'SECHID_INT', 'BUTTON', 'JSBUTTON', 'LABEL', 'IMAGE', 'NEWLINE', 'ROWSUM', 'CHECK', 'IFORM'))) {
?>
obj.<?php
echo $elem['name'];
?>
= form.<?php
echo $elem['name'];
?>
.value;
<?php
} elseif ($elem['type'] == 'CHECK') {
?>
obj.<?php
echo $elem['name'];
?>
= form.<?php
echo $elem['name'];
?>
.checked ? 1 : 0;
<?php
}
}
?>
obj.id = form.id.value;
$.ajax({
'url': "json.php?func=put_<?php
echo $strJSONType;
?>
",
'type': 'POST',
'dataType': 'json',
'data': $.toJSON(obj),
'contentType': 'application/json; charset=utf-8',
'success': function(data) {
if (data.warnings)
alert(data.warnings);
if (data.missing_fields)
{
errormsg('<?php
echo $GLOBALS['locErrValueMissing'];
?>
: ' + data.missing_fields);
}
else
{
$('.save_button').removeClass('ui-state-highlight');
showmsg('<?php
echo $GLOBALS['locRecordSaved'];
?>
', 2000);
if (redirect_url)
{
if (redir_style == 'openwindow')
window.open(redirect_url);
else
window.location = redirect_url;
}
if (!obj.id)
{
obj.id = data.id;
form.id.value = obj.id;
if (!redirect_url || redir_style == 'openwindow')
{
var newloc = new String(window.location).split('#', 1)[0];
window.location = newloc + '&id=' + obj.id;
}
}
}
},
'error': function(XMLHTTPReq, textStatus, errorThrown) {
if (XMLHTTPReq.status == 409) {
errormsg(jQuery.parseJSON(XMLHTTPReq.responseText).warnings);
}
else if (textStatus == 'timeout')
errormsg('Timeout trying to save data');
else
errormsg('Error trying to save data: ' + XMLHTTPReq.status + ' - ' + XMLHTTPReq.statusText);
return false;
}
});
}
function popup_dialog(url, on_close, dialog_title, event, width, height)
{
$("#popup_dlg").dialog({ modal: true, width: width, height: height, resizable: true,
position: [50, 50],
buttons: {
"<?php
echo $GLOBALS['locClose'];
?>
": function() { $("#popup_dlg").dialog('close'); }
},
title: dialog_title,
close: function(event, ui) { eval(on_close); }
}).find("#popup_dlg_iframe").attr("src", url);
return true;
}
/* ]]> */
</script>
<?php
createFormButtons($blnNew, $copyLinkOverride, false, $readOnlyForm);
echo " </div>\n";
if ($addressAutocomplete && getSetting('address_autocomplete')) {
?>
<script type="text/javascript">
$(document).ready(function() {
var s = document.createElement("script");
s.type = "text/javascript";
s.src = "https://maps.googleapis.com/maps/api/js?sensor=false&libraries=places&callback=gmapsready";
window.gmapsready = function(){
initAddressAutocomplete("");
initAddressAutocomplete("quick_");
};
$("head").append(s);
});
</script>
<?php
}
}
function getGrossSalesToDate()
{
$sql = "SELECT SUM(Sales) AS 'GSTD' FROM (\n" . "SELECT SUM(qty * p.price) AS 'Sales'\n" . "FROM `oe_orderProduct` op\n" . "RIGHT JOIN `oe_product` p\n" . "ON op.productId = p.productId\n" . "GROUP BY op.`productId`) salesTable";
$record = fetchRecord($sql);
return $record['GSTD'];
}
<?php
/**
* @Author: Alexander
* @Date: 2016-03-12 21:15:05
* @Last Modified by: Alexander
* @Last Modified time: 2016-03-20 13:17:19
*/
$root = '../';
$title = 'Section Editor';
$subTitle = 'You edit position details here.';
require_once $root . 'logincheck.php';
require_once $root . 'functions.php';
require_once $root . 'header.php';
if (isset($_GET['position_id'])) {
$position = fetchRecord('`position`', 'position_id', $_GET['position_id']);
?>
<div class="container">
<div class="row">
<div class="col m12">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo json_encode($_POST, JSON_PRETTY_PRINT);
}
?>
<form class="col s12 m12" action="" method="POST">
<h4 class="header red-text">You are currently editing: <i><?php
echo $position['position_name'];
?>
</i></h4>
<?php
/**
* @Author: Alexander
* @Date: 2016-03-12 21:15:05
* @Last Modified by: Alexander
* @Last Modified time: 2016-03-20 13:50:09
*/
$root = '../';
$title = 'Section Editor';
$subTitle = 'You edit work_status details here.';
require_once $root . 'logincheck.php';
require_once $root . 'functions.php';
require_once $root . 'header.php';
if (isset($_GET['work_status_id'])) {
$work_status = fetchRecord('`work_status`', 'work_status_id', $_GET['work_status_id']);
?>
<div class="container">
<div class="row">
<div class="col m12">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo json_encode($_POST, JSON_PRETTY_PRINT);
}
?>
<form class="col s12 m12" action="" method="POST">
<h4 class="header red-text">You are currently editing: <i><?php
echo $work_status['work_status_name'];
?>
</i></h4>
<?php
/**
* @Author: Alexander
* @Date: 2016-03-12 21:15:05
* @Last Modified by: Alexander
* @Last Modified time: 2016-03-20 13:17:36
*/
$root = '../';
$title = 'Section Editor';
$subTitle = 'You edit section details here.';
require_once $root . 'logincheck.php';
require_once $root . 'functions.php';
require_once $root . 'header.php';
if (isset($_GET['section_id'])) {
$section = fetchRecord('`section`', 'section_id', $_GET['section_id']);
$departments = queryDatabase('SELECT `department_id`, `department_name` FROM `department`');
?>
<div class="container">
<div class="row">
<div class="col m12">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo json_encode($_POST, JSON_PRETTY_PRINT);
}
?>
<form class="col s12 m12" action="" method="POST">
<h4 class="header red-text">You are currently editing: <i><?php
echo $section['section_name'];
?>
<?php
$root = '../';
require_once $root . 'logincheck.php';
require_once $root . 'functions.php';
if (isset($_GET['id'])) {
$employee = queryDatabase("SELECT * " . "FROM employee INNER JOIN emp_position ON employee.employee_id = emp_position.emp_position_employee_id INNER JOIN position ON emp_position.emp_position_position_id = position.position_id " . "WHERE employee.employee_id = " . $conn->quote($_GET['id']) . " LIMIT 1");
$employee = count($employee) > 0 ? $employee = $employee[0] : ($employee = fetchRecord('employee', 'employee_id', $_GET['id']));
$employee['employee_name'] = $employee['employee_fname'] . ' ' . $employee['employee_mname'] . ' ' . $employee['employee_lname'];
}
?>
<form action="updateEmployee.php" method="POST">
<div class="card blue-grey darken-1">
<div class="card-content white-text">
<div class="row">
<div class="col s12 center-align">
<img src="<?php
echo $root;
?>
res/guest.png" class="circle" width="183px" height="183px">
</div>
</div>
<div class="row">
<div class="col s12 center-align">
<span class="card-title" style="line-height: normal;">
<?php
echo $employee['employee_name'];
?>
</br>
<small><i><?php
<?php
/**
* @Author: Alexander
* @Date: 2016-03-12 21:15:05
* @Last Modified by: Alexander
* @Last Modified time: 2016-03-20 13:16:58
*/
$root = '../';
$title = 'Factory Editor';
$subTitle = 'You edit factory details here.';
require_once $root . 'logincheck.php';
require_once $root . 'functions.php';
require_once $root . 'header.php';
if (isset($_GET['factory_id'])) {
$factory = fetchRecord('`factory`', 'factory_id', $_GET['factory_id']);
?>
<div class="container">
<div class="row">
<div class="col m12">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo json_encode($_POST, JSON_PRETTY_PRINT);
}
?>
<form class="col s12 m12" action="" method="POST">
<h4 class="header red-text">You are currently editing: <i><?php
echo $factory['factory_name'];
?>
</i></h4>
<?php
/**
* @Author: Alexander
* @Date: 2016-03-12 21:15:05
* @Last Modified by: Alexander
* @Last Modified time: 2016-03-20 13:18:00
*/
$root = '../';
$title = 'Department Editor';
$subTitle = 'You edit department details here.';
require_once $root . 'logincheck.php';
require_once $root . 'functions.php';
require_once $root . 'header.php';
if (isset($_GET['department_id'])) {
$department = fetchRecord('`department`', 'department_id', $_GET['department_id']);
$factories = queryDatabase('SELECT `factory_id`, `factory_name` FROM `factory`');
?>
<div class="container">
<div class="row">
<div class="col m12">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo json_encode($_POST, JSON_PRETTY_PRINT);
}
?>
<form class="col s12 m12" action="" method="POST">
<h4 class="header red-text">You are currently editing: <i><?php
echo $department['department_name'];
?>
<?php
include_once './includes/genericDataAccess.inc.php';
session_start();
if (isset($_POST['loginForm'])) {
//checks whether user submitted the form
$username = $_POST['username'];
$password = sha1($_POST['password']);
$sql = "SELECT * \r\n FROM oe_admin\r\n WHERE username = :username\r\n AND password = :password";
$namedParameters = array();
$namedParameters[':username'] = $username;
$namedParameters[':password'] = $password;
$auth = fetchRecord($sql, $namedParameters);
if (empty($auth)) {
//wrong username or password
echo "Wrong username or password!";
} else {
$_SESSION['username'] = $record['username'];
$_SESSION['adminName'] = $record['firstName'] . " " . $record['lastName'];
header("Location: products.php");
}
}
