function getLink($table = '', $linkField = '', $pk = '', $id = '', $path = '')
{
if (!$id || !$table || !$linkField || !$pk) {
// default link to return
exit;
}
if (preg_match('/^Lookup: (.*?)::(.*?)::(.*?)$/', $path, $m)) {
$linkID = makeSafe(sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'"));
$link = sqlValue("select `{$m[3]}` from `{$m[1]}` where `{$m[2]}`='{$linkID}'");
} else {
$link = sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'");
}
if (!$link) {
exit;
}
if (preg_match('/^(http|ftp)/i', $link)) {
// if the link points to an external url, don't prepend path
$path = '';
} elseif (!is_file(dirname(__FILE__) . "/{$path}{$link}")) {
// if the file doesn't exist in the given path, try to find it without the path
$path = '';
}
@header("Location: {$path}{$link}");
exit;
}
/**
* This hook function is called when send mail.
* @param $mail_info
* An array contains mail information : to,cc,bcc,subject,message
**/
function smtp_mail($mail_info)
{
/* include phpmailer library */
require dirname(__FILE__) . "/phpmailer/class.phpmailer.php";
require dirname(__FILE__) . "/phpmailer/class.smtp.php";
/* create mail_log table if it doesn't exist */
$database_tabels = str_split(sqlValue("SHOW TABLES"));
$exist = in_array('mail_log', $database_tabels) ? True : False;
if (!$exist) {
$sql = "CREATE TABLE IF NOT EXISTS `mail_log` (\r\n\t\t\t\t\t`mail_id` int(15) NOT NULL AUTO_INCREMENT,\r\n\t\t\t\t\t`to` varchar(225) NOT NULL,\r\n\t\t\t\t\t`cc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`bcc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`subject` varchar(225) NOT NULL,\r\n\t\t\t\t\t`body` text NOT NULL,\r\n\t\t\t\t\t`senttime` int(15) NOT NULL,\r\n\t\t\t\t\tPRIMARY KEY (`mail_id`)\r\n\t\t\t\t ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;\r\n\t\t\t\t ";
sql($sql, $eo);
}
/* SMTP configuration*/
$mail = new PHPMailer();
$mail->isSMTP();
// telling the class to use SMTP
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->isHTML(true);
// Set email format to HTML
$mail->SMTPDebug = 0;
// Enable verbose debug output
$mail->Username = SMTP_USER;
// SMTP username
$mail->Password = SMTP_PASSWORD;
// SMTP password
$mail->SMTPSecure = SMTP_SECURE;
// Enable TLS encryption, `ssl` also accepted
$mail->Port = SMTP_PORT;
// TCP port to connect to
$mail->FromName = SMTP_FROM_NAME;
$mail->From = SMTP_FROM;
$mail->Host = SMTP_SERVER;
// SMTP server
$mail->setFrom(SMTP_FROM, SMTP_FROM_NAME);
/* send to */
$mail->addAddress($mail_info['to']);
$mail->addCC($mail_info['cc']);
$mail->addBCC(SMTP_BCC);
$mail->Subject = $mail_info['subject'];
$mail->Body = $mail_info['message'];
if (!$mail->send()) {
return FALSE;
}
/* protect against malicious SQL injection attacks */
$to = makeSafe($mail_info['to']);
$cc = makeSafe($mail_info['cc']);
$bcc = makeSafe(SMTP_BCC);
$subject = makeSafe($mail_info['subject']);
$message = makeSafe($mail_info['message']);
sql("INSERT INTO `mail_log` (`to`,`cc`,`bcc`,`subject`,`body`,`senttime`) VALUES ('{$to}','{$cc}','{$bcc}','{$subject}','{$message}',unix_timestamp(NOW()))", $eo);
return TRUE;
}
function auth_user()
{
global $usr, $login;
$login->verify();
if ($login->userid != 0) {
//set up $usr array
$usr['userid'] = $login->userid;
$usr['email'] = sqlValue("SELECT `email` FROM `user` WHERE `user_id`='" . sql_escape($login->userid) . "'", '');
$usr['username'] = $login->username;
} else {
$usr = false;
}
return;
}
$statusCond = "(m.isApproved=1 and m.isBanned=0)";
break;
case 3:
$statusCond = "(m.isApproved=1 and m.isBanned=1)";
break;
default:
$statusCond = "";
}
if ($where != '' && $statusCond != '') {
$where .= " and {$statusCond}";
} else {
$where = "where {$statusCond}";
}
}
# NEXT: Add a dateAfter and dateBefore filter [??]
$numMembers = sqlValue("select count(1) from membership_users m left join membership_groups g on m.groupID=g.groupID {$where}");
if (!$numMembers) {
echo "<div class=\"status\">No matching results found.</div>";
$noResults = TRUE;
$page = 1;
} else {
$noResults = FALSE;
}
$page = intval($_GET['page']);
if ($page < 1) {
$page = 1;
} elseif ($page > ceil($numMembers / $adminConfig['membersPerPage']) && !$noResults) {
redirect("pageViewMembers.php?page=" . ceil($numMembers / $adminConfig['membersPerPage']));
}
$start = ($page - 1) * $adminConfig['membersPerPage'];
?>
}
if ($longitude == 0) {
tpl_set_var('lon_message', $error_long_not_ok);
$error = true;
$lon_min_not_ok = true;
}
} else {
tpl_set_var('lon_message', $error_long_not_ok);
$lon_h_not_ok = true;
$lon_min_not_ok = true;
}
$lon_not_ok = $lon_min_not_ok || $lon_h_not_ok;
$lat_not_ok = $lat_min_not_ok || $lat_h_not_ok;
// check for duplicate coords
if (!($lon_not_ok || $lat_not_ok)) {
$duplicate_wpoc = sqlValue("SELECT MIN(wp_oc) FROM `caches`\n\t\t\t\t\t\t WHERE `status`=1\n\t\t\t\t\t\t AND ROUND(`longitude`,6)=ROUND('" . sql_escape($longitude) . "',6)\n\t\t\t\t\t\t AND ROUND(`latitude`,6)=ROUND('" . sql_escape($latitude) . "',6)", null);
if ($duplicate_wpoc) {
tpl_set_var('lon_message', mb_ereg_replace('%1', $duplicate_wpoc, $error_duplicate_coords));
$lon_not_ok = true;
}
}
//check effort
$time_not_ok = true;
if (is_numeric($search_time) || $search_time == '') {
$time_not_ok = false;
}
if ($time_not_ok) {
tpl_set_var('effort_message', $time_not_ok_message);
$error = true;
}
$way_length_not_ok = true;
function is_allowed_username($username)
{
$username = trim(strtolower($username));
if (!preg_match('/^[a-z0-9][a-z0-9 _.@]{3,19}$/', $username) || preg_match('/(@@| |\\.\\.|___)/', $username)) {
return false;
}
if (sqlValue("select count(1) from membership_users where lcase(memberID)='{$username}'")) {
return false;
}
return $username;
}
?>
<div class="row">
<div class="col-sm-6 col-lg-8" id="login_splash">
<!-- customized splash content here -->
</div>
<div class="col-sm-6 col-lg-4">
<div class="panel panel-success">
<div class="panel-heading">
<h1 class="panel-title"><strong><?php
echo $Translation['sign in here'];
?>
</strong></h1>
<?php
if (sqlValue("select count(1) from membership_groups where allowSignup=1")) {
?>
<a class="btn btn-success pull-right" href="membership_signup.php"><?php
echo $Translation['sign up'];
?>
</a>
<?php
}
?>
<div class="clearfix"></div>
</div>
<div class="panel-body">
<form method="post" action="index.php">
<div class="form-group">
<label class="control-label" for="username"><?php
$permissionsWhere = $permissionsJoin = '';
if ($permChild[2] == 1) {
// user can view only his own records
$permissionsWhere = "`{$ChildTable}`.`{$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key']}`=`membership_userrecords`.`pkValue` AND `membership_userrecords`.`tableName`='{$ChildTable}' AND LCASE(`membership_userrecords`.`memberID`)='" . getLoggedMemberID() . "'";
} elseif ($permChild[2] == 2) {
// user can view only his group's records
$permissionsWhere = "`{$ChildTable}`.`{$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key']}`=`membership_userrecords`.`pkValue` AND `membership_userrecords`.`tableName`='{$ChildTable}' AND `membership_userrecords`.`groupID`='" . getLoggedGroupID() . "'";
} elseif ($permChild[2] == 3) {
// user can view all records
/* that's the only case remaining ... no need to modify the query in this case */
}
$permissionsJoin = $permissionsWhere ? ", `membership_userrecords`" : '';
// build the count query
$forcedWhere = $userPCConfig[$ChildTable][$ChildLookupField]['forced-where'];
$query = preg_replace('/^select .* from /i', 'SELECT count(1) FROM ', $userPCConfig[$ChildTable][$ChildLookupField]['query']) . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'";
$totalMatches = sqlValue($query);
// make sure $Page is <= max pages
$maxPage = ceil($totalMatches / $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']);
if ($Page > $maxPage) {
$Page = $maxPage;
}
// initiate output data array
$data = array('config' => $userPCConfig[$ChildTable][$ChildLookupField], 'parameters' => array('ChildTable' => $ChildTable, 'ChildLookupField' => $ChildLookupField, 'SelectedID' => $SelectedID, 'Page' => $Page, 'SortBy' => $SortBy, 'SortDirection' => $SortDirection, 'Operation' => 'get-records'), 'records' => array(), 'totalMatches' => $totalMatches);
// build the data query
if ($totalMatches) {
// if we have at least one record, proceed with fetching data
$startRecord = $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page'] * ($Page - 1);
$data['query'] = $userPCConfig[$ChildTable][$ChildLookupField]['query'] . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'" . ($SortBy !== false && $userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy] ? " ORDER BY {$userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy]} {$SortDirection}" : '') . " LIMIT {$startRecord}, {$userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']}";
$res = sql($data['query'], $eo);
while ($row = db_fetch_row($res)) {
$data['records'][$row[$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key-index']]] = $row;
}
$cache_uuid = create_uuid();
mysql_query("SET NAMES 'utf8'");
//add record to caches table
sql("INSERT INTO `caches` (\n `cache_id`,\n `user_id`,\n `name`,\n `longitude`,\n `latitude`,\n `last_modified`,\n `date_created`,\n `type` ,\n `status` ,\n `country` ,\n `date_hidden` ,\n `date_activate` ,\n `founds` ,\n `notfounds` ,\n `notes` ,\n `last_found` ,\n `size` ,\n `difficulty` ,\n `terrain`,\n `uuid`,\n `logpw`,\n `search_time`,\n `way_length`,\n `wp_gc`,\n `wp_nc`,\n `wp_ge`,\n `wp_tc`,\n `node`\n ) VALUES (\n '', '&1', '&2', '&3', '&4', NOW(), NOW(), '&5', '&6', '&7', '&8', {$activation_date}, '0', '0', '0', NULL ,\n '&9', '&10', '&11', '&12', '&13', '&14', '&15', '&16', '&17', '&18','&19','&20')", $usr['userid'], $name, $longitude, $latitude, $sel_type, $sel_status, $sel_country, date('Y-m-d', $hidden_date), $sel_size, $difficulty, $terrain, $cache_uuid, $log_pw, $search_time, $way_length, $wp_gc, $wp_nc, $wp_ge, $wp_tc, $oc_nodeid);
$cache_id = mysql_insert_id($dblink);
// insert cache_location
$code1 = $sel_country;
$adm1 = sqlvalue("SELECT `countries`.{$lang}\n FROM `countries`\n WHERE `countries`.`short`='{$code1}'", 0);
// check if selected country has no districts, then use $default_region
if ($sel_region == -1) {
$sel_region = $default_region;
}
if ($sel_region != "0") {
$code3 = $sel_region;
$adm3 = sqlValue("SELECT `name` FROM `nuts_codes` WHERE `code`='" . sql_escape($sel_region) . "'", 0);
} else {
$code3 = null;
$adm3 = null;
}
sql("INSERT INTO `cache_location` (cache_id,adm1,adm3,code1,code3) VALUES ('&1','&2','&3','&4','&5')", $cache_id, $adm1, $adm3, $code1, $code3);
// update cache last modified, it is for work of cache_locations update information
sql("UPDATE `caches` SET `last_modified`=NOW() WHERE `cache_id`='&1'", $cache_id);
// waypoint erstellen
setCacheWaypoint($cache_id, $oc_waypoint);
$desc_uuid = create_uuid();
//add record to cache_desc table
$desc = userInputFilter::purifyHtmlString($desc);
$query = "INSERT INTO `cache_desc` (\n `cache_id`,\n `language`,\n `desc`,\n `hint`,\n `short_desc`,\n `last_modified`,\n `uuid`,\n `node`\n ) VALUES (:1, :2, :3, :4, :5, NOW(), :6, :7)";
$db->multiVariableQuery($query, $cache_id, $sel_lang, $desc, nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), $short_desc, $desc_uuid, $oc_nodeid);
setCacheDefaultDescLang($cache_id);
@mail($adminConfig['senderEmail'], '[real estate] New member signup', "A new member has signed up for real estate.\n\nMember name: {$memberID}\nMember group: " . sqlValue("select name from membership_groups where groupID='{$groupID}'") . "\nMember email: {$email}\nIP address: {$_SERVER['REMOTE_ADDR']}\nCustom fields:\n" . ($adminConfig['custom1'] ? "{$adminConfig['custom1']}: {$custom1}\n" : '') . ($adminConfig['custom2'] ? "{$adminConfig['custom2']}: {$custom2}\n" : '') . ($adminConfig['custom3'] ? "{$adminConfig['custom3']}: {$custom3}\n" : '') . ($adminConfig['custom4'] ? "{$adminConfig['custom4']}: {$custom4}\n" : ''), "From: {$adminConfig['senderEmail']}\r\n\r\n");
} elseif ($adminConfig['notifyAdminNewMembers'] >= 1 && $needsApproval) {
@mail($adminConfig['senderEmail'], '[real estate] New member awaiting approval', "A new member has signed up for real estate.\n\nMember name: {$memberID}\nMember group: " . sqlValue("select name from membership_groups where groupID='{$groupID}'") . "\nMember email: {$email}\nIP address: {$_SERVER['REMOTE_ADDR']}\nCustom fields:\n" . ($adminConfig['custom1'] ? "{$adminConfig['custom1']}: {$custom1}\n" : '') . ($adminConfig['custom2'] ? "{$adminConfig['custom2']}: {$custom2}\n" : '') . ($adminConfig['custom3'] ? "{$adminConfig['custom3']}: {$custom3}\n" : '') . ($adminConfig['custom4'] ? "{$adminConfig['custom4']}: {$custom4}\n" : ''), "From: {$adminConfig['senderEmail']}\r\n\r\n");
}
// hook: member_activity
if (function_exists('member_activity')) {
$args = array();
member_activity(getMemberInfo($memberID), $needsApproval ? 'pending' : 'automatic', $args);
}
// redirect to thanks page
$redirect = $needsApproval ? '' : '?redir=1';
redirect("membership_thankyou.php{$redirect}");
exit;
}
// drop-down of groups allowing self-signup
$groupsDropDown = preg_replace('/<option.*?value="".*?><\\/option>/i', '', htmlSQLSelect('groupID', "select groupID, concat(name, if(needsApproval=1, ' *', ' ')) from membership_groups where allowSignup=1 order by name", $cg == 1 ? sqlValue("select groupID from membership_groups where allowSignup=1 order by name limit 1") : 0));
$groupsDropDown = str_replace('<select ', '<select class="form-control" ', $groupsDropDown);
?>
<?php
if (!$noSignup) {
?>
<div class="row">
<div class="hidden-xs col-sm-4 col-md-6 col-lg-8" id="signup_splash">
<!-- customized splash content here -->
</div>
<div class="col-sm-8 col-md-6 col-lg-4">
<div class="panel panel-success">
<div class="panel-heading">
<?php
global $lang, $rootpath;
if (!isset($rootpath)) {
$rootpath = './';
}
//include template handling
require_once $rootpath . 'lib/common.inc.php';
setlocale(LC_TIME, 'pl_PL.UTF-8');
$userscount = sqlValue('SELECT COUNT(DISTINCT user_id) FROM caches WHERE (status=1 OR `status`=2 OR `status`=3)', 0);
$cachescount = sqlValue('SELECT COUNT(*) FROM `caches` WHERE (`status`=1 OR `status`=2 OR `status`=3) AND `caches`.`type`<>6', 0);
echo '<table width="97%"><tr><td align="center"><center><b> ' . tr('ranking_by_number_of_created_caches') . '</b><br><br /> ' . tr('users_who_created_caches') . ':';
echo $userscount;
echo ' .::. ' . tr('number_of_caches') . ': ';
echo $cachescount;
echo '</center><br /></td></tr></table><table border="1" bgcolor="white" width="97%">' . "\n";
$r = sql("SELECT COUNT(*) `count`, `user`.`username` `username`, `user`.`user_id` `user_id` FROM `caches` INNER JOIN `user` ON `caches`.`user_id`=`user`.`user_id` WHERE (`caches`.`status`=1 OR `caches`.`status`=2 OR `caches`.`status`=3 ) AND `caches`.`type`<>6 AND user.stat_ban = 0 GROUP BY `user`.`user_id` ORDER BY `count` DESC, `user`.`username` ASC");
echo '<tr class="bgcolor2"><td align="right"> <b>' . tr('ranking') . '</b> </td><td align="center"> <b>' . tr('number_of_caches') . '</b> </td><td align="center"> <b>' . tr('username') . '</b> </td></tr>';
echo '<tr><td height="2">';
$l2 = "";
$licznik = 0;
while ($line = sql_fetch_array($r)) {
$l1 = $line[count];
$licznik++;
if ($l2 != $l1) {
echo '</td></tr>';
echo '<tr class="bgcolor2"><td align="right"> <b>' . $licznik . '</b> </td><td align="right"> <b>' . $l1 . '</b> </td><td><a href="viewprofile.php?userid=' . $line[user_id] . '">' . htmlspecialchars($line[username]) . '</a>';
$l2 = $l1;
} else {
echo ', <a href="viewprofile.php?userid=' . $line[user_id] . '">' . htmlspecialchars($line[username]) . '</a>';
}
}
// add group
sql("insert into membership_groups set name='{$name}', description='{$description}', allowSignup='{$allowSignup}', needsApproval='{$needsApproval}'", $eo);
// get new groupID
$groupID = db_insert_id(db_link());
} else {
// old group
// validate groupID
$groupID = intval($_POST['groupID']);
if ($groupID == $anonGroupID) {
$name = $adminConfig['anonymousGroup'];
$allowSignup = 0;
$needsApproval = 0;
}
// make sure group name is unique
if (sqlValue("select count(1) from membership_groups where name='{$name}' and groupID!='{$groupID}'")) {
echo "<div class=\"alert alert-danger\">Error: Group name already exists. You must choose a unique group name.</div>";
include "{$currDir}/incFooter.php";
}
// update group
sql("update membership_groups set name='{$name}', description='{$description}', allowSignup='{$allowSignup}', needsApproval='{$needsApproval}' where groupID='{$groupID}'", $eo);
// reset then add group permissions
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='customers'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='employees'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='orders'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='order_details'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='products'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='categories'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='suppliers'", $eo);
sql("delete from membership_grouppermissions where groupID='{$groupID}' and tableName='shippers'", $eo);
}
if ($oldMemberID != $memberID) {
sql("update membership_userrecords set memberID='{$memberID}' where lcase(memberID)='{$oldMemberID}'");
}
// is member was approved, notify him
if ($isApproved && !$oldIsApproved) {
notifyMemberApproval($memberID);
}
}
// redirect to member editing page
redirect("pageEditMember.php?memberID={$memberID}");
} elseif ($_GET['memberID'] != '') {
// we have an edit request for a member
$memberID = makeSafe(strtolower($_GET['memberID']));
} elseif ($_GET['groupID'] != '') {
$groupID = intval($_GET['groupID']);
$addend = " to '" . sqlValue("select name from membership_groups where groupID='{$groupID}'") . "'";
}
include "{$d}/incHeader.php";
if ($memberID != '') {
// fetch group data to fill in the form below
$res = sql("select * from membership_users where lcase(memberID)='{$memberID}'");
if ($row = mysql_fetch_assoc($res)) {
// get member data
$email = $row['email'];
$groupID = $row['groupID'];
$isApproved = $row['isApproved'];
$isBanned = $row['isBanned'];
$custom1 = htmlspecialchars($row['custom1']);
$custom2 = htmlspecialchars($row['custom2']);
$custom3 = htmlspecialchars($row['custom3']);
$custom4 = htmlspecialchars($row['custom4']);
/**
* Called when a user requests to view the detail view (before displaying the detail view).
*
* @param $selectedID
* The primary key value of the record selected. False if no record is selected (i.e. the detail view will be
* displayed to enter a new record).
*
* @param $memberInfo
* An array containing logged member's info.
* @see http://bigprof.com/appgini/help/working-with-generated-web-database-application/hooks/memberInfo
*
* @param $html
* (passed by reference) the HTML code of the form ready to be displayed. This could be useful for manipulating
* the code before displaying it using regular expressions, … etc.
*
* @param $args
* An empty array that is passed by reference. It's currently not used but is reserved for future uses.
*
* @return
* None.
*/
function patients_dv($selectedID, $memberInfo, &$html, &$args)
{
// re-calculate age
if ($selectedID) {
$dobTS = strtotime(sqlValue("select birth_date from patients where id='" . intval($selectedID) . "'"));
if ($dobTS) {
// calculate age in years from timestamps (seconds)
$age = floor((time() - $dobTS) / (365 * 86400));
// update age in database
sql("update patients set age={$age} where id='" . intval($selectedID) . "'");
// update age in page
$html .= "\n\n<script>document.observe('dom:loaded', function() { \$('age').value='{$age}'; });</script>";
}
}
}
$user_id = $usr['userid'];
$latitude = sqlValue("SELECT `latitude` FROM user WHERE user_id='" . sql_escape($usr['userid']) . "'", 0);
$longitude = sqlValue("SELECT `longitude` FROM user WHERE user_id='" . sql_escape($usr['userid']) . "'", 0);
tpl_set_var('userid', $user_id);
if ($longitude == NULL && $latitude == NULL || $longitude == 0 && $latitude == 0) {
tpl_set_var('info', '<br><div class="notice" style="line-height: 1.4em;font-size: 120%;"><b>' . tr("myn_info") . '</b></div><br>');
} else {
tpl_set_var('info', '');
}
if ($latitude == NULL || $latitude == 0) {
$latitude = 52.24522;
}
if ($longitude == NULL || $longitude == 0) {
$longitude = 21.00442;
}
$distance = sqlValue("SELECT `notify_radius` FROM user WHERE user_id='" . sql_escape($usr['userid']) . "'", 0);
if ($distance == 0) {
$distance = 35;
}
$distance_unit = 'km';
$radius = $distance;
//get the users home coords
$lat = $latitude;
$lon = $longitude;
$lon_rad = $lon * 3.14159 / 180;
$lat_rad = $lat * 3.14159 / 180;
//all target caches are between lat - max_lat_diff and lat + max_lat_diff
$max_lat_diff = $distance / 111.12;
//all target caches are between lon - max_lon_diff and lon + max_lon_diff
//TODO: check!!!
$max_lon_diff = $distance * 180 / (abs(sin((90 - $lat) * 3.14159 / 180)) * 6378 * 3.14159);
function categories_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('categories');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `categories` where `CategoryID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
} else {
}
ob_start();
?>
<script>
// initial lookup values
jQuery(function() {
});
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/categories_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/categories_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Add/Edit Product Categories', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#Picture').replaceWith('<div class=\"form-control-static\" id=\"Picture\">' + (jQuery('#Picture').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#CategoryName').replaceWith('<div class=\"form-control-static\" id=\"CategoryName\">' + (jQuery('#CategoryName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(CategoryID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Picture)%%>', $noUploads ? '' : '<input type=hidden name=MAX_FILE_SIZE value=204800>' . $Translation['upload image'] . ' <input type="file" name="Picture" id="Picture">', $templateCode);
if ($AllowUpdate && $row['Picture'] != '') {
$templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '<br><input type="checkbox" name="Picture_remove" id="Picture_remove" value="1"> <label for="Picture_remove" style="color: red; font-weight: bold;">' . $Translation['remove image'] . '</label>', $templateCode);
} else {
$templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '', $templateCode);
}
$templateCode = str_replace('<%%UPLOADFILE(CategoryName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Description)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(CategoryID)%%>', htmlspecialchars($row['CategoryID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode($urow['CategoryID']), $templateCode);
$row['Picture'] = $row['Picture'] != '' ? $row['Picture'] : 'blank.gif';
$templateCode = str_replace('<%%VALUE(Picture)%%>', htmlspecialchars($row['Picture'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Picture)%%>', urlencode($urow['Picture']), $templateCode);
$templateCode = str_replace('<%%VALUE(CategoryName)%%>', htmlspecialchars($row['CategoryName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode($urow['CategoryName']), $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5">' . htmlspecialchars($row['Description'], ENT_QUOTES, 'iso-8859-1') . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', $row['Description'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(Description)%%>', nl2br($row['Description']), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Description)%%>', urlencode($urow['Description']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(CategoryID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Picture)%%>', 'blank.gif', $templateCode);
$templateCode = str_replace('<%%VALUE(CategoryName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5"></textarea>', $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: categories_dv
if (function_exists('categories_dv')) {
$args = array();
categories_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
if ($rUser === false) {
die('User existiert nicht!');
}
sql("UPDATE caches SET user_id='&1' WHERE cache_id='&2'", $rUser['user_id'], $rCache['cache_id']);
// send event to delete statpic
event_change_statpic($rCache['user_id']);
event_change_statpic($rUser['user_id']);
echo 'Besitzer geändert';
// logentry($module, $eventid, $userid, $objectid1, $objectid2, $logtext, $details)
logentry('approving', 4, 0, $cacheid, 0, 'Owner changed ' . $cacheid, '');
exit;
} elseif ($action == 'showcache') {
$wp = isset($_REQUEST['waypoint']) ? $_REQUEST['waypoint'] : 0;
$newusername = isset($_REQUEST['newusername']) ? $_REQUEST['newusername'] : 0;
$cacheid = sqlValue("SELECT cache_id FROM caches WHERE wp_oc='" . sql_escape($wp) . "'", 0);
$userid = sqlValue("SELECT user_id FROM user WHERE username='******'", '');
if ($cacheid == 0) {
die('Cache nicht gefunden!');
}
if ($userid == 0) {
die('User nicht gefunden!');
}
$rsUser = sql("SELECT user_id, username FROM user WHERE user_id='&1'", $userid);
$rUser = sql_fetch_assoc($rsUser);
sql_free_result($rsUser);
$rsCache = sql("SELECT caches.cache_id, caches.wp_oc, caches.name, user.username\n FROM caches\n INNER JOIN user ON caches.user_id=user.user_id\n WHERE caches.cache_id='&1'", $cacheid);
$rCache = sql_fetch_assoc($rsCache);
sql_free_result($rsCache);
?>
<html>
<body>
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
***************************************************************************/
$rootpath = '../../';
header('Content-type: text/html; charset=utf-8');
require_once $rootpath . 'lib/common.inc.php';
$wp = isset($_REQUEST['wp']) ? $_REQUEST['wp'] : '';
if (isset($_REQUEST['post'])) {
$attrs_set = isset($_REQUEST['cache_attribs']) ? $_REQUEST['cache_attribs'] : '';
$attrs = mb_split(';', $attrs_set);
$cache_id = sqlValue("SELECT `cache_id` FROM `caches` WHERE `wp_oc`='" . sql_escape($wp) . "'", 0);
if ($cache_id == 0) {
die('cache_id unknown');
}
sql("DELETE FROM `caches_attributes` WHERE `cache_id`='&1'", $cache_id);
foreach ($attrs as $attr) {
sql("INSERT INTO `caches_attributes` (`cache_id`, `attrib_id`) VALUES ('&1', '&2')", $cache_id, $attr);
}
}
$attrs = array();
$rsAttribs = sql("SELECT `caches_attributes`.`attrib_id`\n\tFROM `caches_attributes`, `caches`\n\tWHERE `caches_attributes`.`cache_id`=`caches`.`cache_id`\n\tAND `caches`.`wp_oc`='&1'", $wp);
while ($rAttribs = sql_fetch_assoc($rsAttribs)) {
$attrs[$rAttribs['attrib_id']] = $rAttribs['attrib_id'];
}
mysql_free_result($rsAttribs);
$attr_js = '';
$rs = sql("SELECT `id`, `icon_large`, `icon_undef` FROM `cache_attrib`");
<?php
require "conexion.php";
require "funciones.php";
$idasociado = sqlValue($_POST["idasociado"], "int");
$action = getParam($_GET["action"], "");
$ssh = $_POST["ssh"];
$contador = 1;
if ($action == "edit") {
if (isset($_POST['cat'])) {
if (is_array($_POST['cat'])) {
$sql1 = "DELETE FROM asociado_has_categorias ";
$sql1 .= "WHERE asociado_idasociado = " . $idasociado;
if (mysql_query($sql1, $conexion)) {
}
foreach ($_POST['cat'] as $value) {
echo "valor " . $contador . " es " . $value . " <br />";
if ($contador <= 12) {
$sql = "INSERT INTO fidelizator_1.asociado_has_categorias (asociado_idasociado, categorias_idcategorias) ";
$sql .= "VALUES ('" . $idasociado . "', '" . $value . "')";
if (mysql_query($sql, $conexion)) {
$mensaje = "Categorias Actualizadas";
header("location: editar.php?mensajeCat=" . $mensaje . "&idasociado=" . $idasociado . "&ssh=" . $ssh . "&#panelCategorias");
} else {
echo "Hay un error en la comunicación con el servidor, por favor reporte esto a: Marylena Tzay, 2387-2727";
}
}
$contador++;
}
}
}
mysql_free_result($rsLayers);
if ($sCode != '') {
$adm1 = null;
$code1 = null;
$adm2 = null;
$code2 = null;
$adm3 = null;
$code3 = null;
$adm4 = null;
$code4 = null;
if (mb_strlen($sCode) > 5) {
$sCode = mb_substr($sCode, 0, 5);
}
if (mb_strlen($sCode) == 5) {
$code4 = $sCode;
$adm4 = sqlValue("SELECT `name` FROM `nuts_codes` WHERE `code`='{$sCode}'", 0);
$sCode = mb_substr($sCode, 0, 4);
}
if (mb_strlen($sCode) == 4) {
$code3 = $sCode;
$adm3 = sqlvalue("SELECT `name` FROM `nuts_codes` WHERE `code`='{$sCode}'", 0);
$sCode = mb_substr($sCode, 0, 3);
}
if (mb_strlen($sCode) == 3) {
$code2 = $sCode;
$adm2 = sqlvalue("SELECT `name` FROM `nuts_codes` WHERE `code`='{$sCode}'", 0);
$sCode = mb_substr($sCode, 0, 2);
}
if (mb_strlen($sCode) == 2) {
$code1 = $sCode;
if (checkField('countries', 'list_default_' . $lang)) {
$nombrecomercial = sqlValue($_POST["nombrecomercial"], "text");
$representante = sqlValue($_POST["representante"], "text");
$puesto_r1 = sqlValue($_POST["puesto_r1"], "text");
$representante2 = sqlValue($_POST["representante2"], "text");
$puesto_r2 = sqlValue($_POST["puesto_r2"], "text");
$representante3 = sqlValue($_POST["representante3"], "text");
$puesto_r3 = sqlValue($_POST["puesto_r3"], "text");
$direccion = sqlValue($_POST["direccion"], "text");
$telefono = sqlValue($_POST["tele1"], "text");
$tel2 = sqlValue($_POST["tel2"], "text");
$tel3 = sqlValue($_POST["tel3"], "text");
$email = sqlValue($_POST["email"], "text");
$pagina = sqlValue($_POST["pagina"], "text");
$gremial = sqlValue($_POST["gremial"], "text");
$actividad = sqlValue($_POST["actividad"], "text");
$sucursal = sqlValue($_POST["sucursal"], "text");
$sql = "UPDATE asociado SET ";
$sql .= "nombre=" . $nombre . ", nit=" . $nit . ", nombrecomercial=" . $nombrecomercial . ", ";
$sql .= "representante=" . $representante . ", puesto_r1=" . $puesto_r1 . ", representante2=" . $representante2 . ", ";
$sql .= "puesto_r2=" . $puesto_r2 . ", representante3=" . $representante3 . ", puesto_r3=" . $puesto_r3 . ", ";
$sql .= "tel2=" . $tel2 . ", direccion=" . $direccion . ", tele1=" . $telefono . ", ";
$sql .= "tel3=" . $tel3 . ", email=" . $email . ", pagina=" . $pagina . ", ";
$sql .= "gremial=" . $gremial . ", actividad=" . $actividad . ", sucursal=" . $sucursal . ", ";
$sql .= "actualizado='1'";
$sql .= "WHERE idasociado=" . $idasociado;
if (mysql_query($sql, $conexion)) {
$mensaje = "Datos Actualizados";
header("location: editar.php?mensajeDatos=" . $mensaje . "&idasociado=" . $idasociado . "&ssh=" . $ssh . "&#panelLogo");
} else {
echo "Hay un error en la comunicación con el servidor, por favor reporte esto a: Marylena Tzay, 2387-2727";
}
$updateDT = date($adminConfig['PHPDateTimeFormat']);
sql("UPDATE `membership_users` set email='{$email}', custom1='{$custom1}', custom2='{$custom2}', custom3='{$custom3}', custom4='{$custom4}', comments=CONCAT_WS('\\n', comments, 'member updated his profile on {$updateDT} from IP address {$mi[IP]}') WHERE memberID='{$mi['username']}'", $eo);
// hook: member_activity
if (function_exists('member_activity')) {
$args = array();
member_activity($mi, 'profile', $args);
}
exit;
}
/* change password */
if ($_POST['action'] == 'changePassword' && $mi['username'] != $adminConfig['adminUsername']) {
/* process inputs */
$oldPassword = $_POST['oldPassword'];
$newPassword = $_POST['newPassword'];
/* validate password */
if (md5($oldPassword) != sqlValue("SELECT `passMD5` FROM `membership_users` WHERE memberID='{$mi['username']}'")) {
echo "{$Translation['error:']} {$Translation['Wrong password']}";
echo "<script>\$\$('label[for=\"old-password\"]')[0].pulsate({ pulses: 10, duration: 4 }); \$('old-password').activate();</script>";
exit;
}
if (strlen($newPassword) < 4) {
echo "{$Translation['error:']} {$Translation['password invalid']}";
echo "<script>\$\$('label[for=\"new-password\"]')[0].pulsate({ pulses: 10, duration: 4 }); \$('new-password').activate();</script>";
exit;
}
/* update password */
$updateDT = date($adminConfig['PHPDateTimeFormat']);
sql("UPDATE `membership_users` set `passMD5`='" . md5($newPassword) . "', `comments`=CONCAT_WS('\\n', comments, 'member changed his password on {$updateDT} from IP address {$mi[IP]}') WHERE memberID='{$mi['username']}'", $eo);
// hook: member_activity
if (function_exists('member_activity')) {
$args = array();
function try_login($user, $password, $permanent)
{
$this->pClear();
// check the number of logins in the last hour ...
sql("DELETE FROM `sys_logins` WHERE `timestamp`<'&1'", date('Y-m-d H:i:s', time() - 3600));
$logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "'", 0);
if ($logins_count > 24) {
return LOGIN_TOOMUCHLOGINS;
}
// delete old sessions
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
sql("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent);
// compare $user with email and username, if both match, use email
$rsUser = sql("\n SELECT\n `user_id`, `username`, 2 AS `prio`, `is_active_flag`,\n `permanent_login_flag`, `admin`\n FROM `user`\n WHERE `username` LIKE '&1'\n\n UNION\n\n SELECT\n `user_id`, `username`, 1 AS `prio`, `is_active_flag`,\n `permanent_login_flag`, `admin`\n FROM `user`\n WHERE\n `email` LIKE '&1'\n\n ORDER BY `prio` ASC\n LIMIT 1\n ", mb_strtolower($user));
$rUser = sql_fetch_assoc($rsUser);
sql_free_result($rsUser);
if ($rUser) {
/* User exists. Is the password correct? */
$pm = new PasswordManager($rUser['user_id']);
if (!$pm->verify($password)) {
$rUser = null;
}
}
if ($rUser) {
if ($permanent == null) {
$permanent = $rUser['permanent_login_flag'] == 1;
}
// ok, there is a valid login
if ($rUser['is_active_flag'] != 0) {
// begin session
$uuid = sqlValue('SELECT UUID()', '');
sql("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], $permanent != false ? 1 : 0);
sql("UPDATE `user` SET `last_login`=NOW() WHERE `user_id`='&1'", $rUser['user_id']);
$this->userid = $rUser['user_id'];
$this->username = $rUser['username'];
$this->permanent = $permanent;
$this->lastlogin = date('Y-m-d H:i:s');
$this->sessionid = $uuid;
$this->admin = $rUser['admin'] == 1;
$this->verified = true;
$retval = LOGIN_OK;
} else {
$retval = LOGIN_USERNOTACTIVE;
}
} else {
// sorry, bad login
$retval = LOGIN_BADUSERPW;
}
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`, `timestamp`) VALUES ('&1', '&2', NOW())", $_SERVER['REMOTE_ADDR'], $rUser === false ? 0 : 1);
// store to cookie
$this->pStoreCookie();
return $retval;
}
//crypt the log ROT13, but keep HTML-Tags and Entities
$data_text = str_rot13_html($data_text);
} else {
$logtext .= "<br/>";
}
$logtext .= $data_text;
$tmp_log = mb_ereg_replace('{logtext}', $logtext, $tmp_log);
$content .= "\n" . $tmp_log;
}
mysql_free_result($rs_logs);
$content .= '</ul></div><br />';
}
}
// ----------------- begin owner section ----------------------------------
if ($user_id == $usr['userid'] || $usr['admin']) {
$rscheck = sqlValue("SELECT count(*) FROM caches WHERE (status = 4 OR status = 5 OR status = 6) AND `user_id`='" . sql_escape($_REQUEST['userid']) . "'", 0);
if ($rscheck != 0) {
$content .= '<br /><div class="content-title-noshade box-blue">';
}
if (checkField('cache_status', $lang)) {
$lang_db = $lang;
} else {
$lang_db = "en";
}
//get not published caches DATE_FORMAT(`caches`.`date_activate`,'%d-%m-%Y'),
$rs_caches1 = sql(" SELECT `caches`.`cache_id`, `caches`.`name`, `caches`.`date_hidden`, `caches`.`date_activate`, `caches`.`status`, `cache_status`.`&1` AS `cache_status_text`, `caches`.`wp_oc` AS `wp_name`\n FROM `caches`, `cache_status`\n WHERE `user_id`='&2'\n AND `cache_status`.`id`=`caches`.`status`\n AND `caches`.`status` = 5\n ORDER BY `date_activate` DESC, `caches`.`date_created` DESC ", $lang_db, $user_id);
if (mysql_num_rows($rs_caches1) != 0) {
$content .= '<p><span class="content-title-noshade txt-blue08">' . tr('not_yet_published') . ':</span></p><br /><div><ul style="margin: -0.9em 0px 0.9em 0px; padding: 0px 0px 0px 10px; list-style-type: none; line-height: 1.2em; font-size: 115%;">';
for ($i = 0; $i < mysql_num_rows($rs_caches1); $i++) {
$record_caches = sql_fetch_array($rs_caches1);
$tmp_cache = $cache_notpublished_line;
if ($sort) {
$sortClause = "order by {$sort} {$sortDir}";
}
if ($memberID != '') {
$where .= ($where ? " and " : "") . "r.memberID like '{$memberID}%'";
}
if ($groupID != '') {
$where .= ($where ? " and " : "") . "g.groupID='{$groupID}'";
}
if ($tableName != '') {
$where .= ($where ? " and " : "") . "r.tableName='{$tableName}'";
}
if ($where) {
$where = "where {$where}";
}
$numRecords = sqlValue("select count(1) from membership_userrecords r left join membership_groups g on r.groupID=g.groupID {$where}");
if (!$numRecords) {
echo "<div class=\"status\">No matching results found.</div>";
$noResults = TRUE;
$page = 1;
} else {
$noResults = FALSE;
}
$page = intval($_GET['page']);
if ($page < 1) {
$page = 1;
} elseif ($page > ceil($numRecords / $adminConfig['recordsPerPage']) && !$noResults) {
redirect("pageViewRecords.php?page=" . ceil($numRecords / $adminConfig['recordsPerPage']));
}
$start = ($page - 1) * $adminConfig['recordsPerPage'];
?>
<?php
$d = dirname(__FILE__);
require "{$d}/incCommon.php";
include "{$d}/incHeader.php";
if ($_POST['saveChanges'] != '') {
// validate inputs
$adminUsername = makeSafe(strtolower($_POST['adminUsername']));
// check if this member already exists
if ($adminConfig['adminUsername'] != $adminUsername && sqlValue("select count(1) from membership_users where lcase(memberID)='{$adminUsername}'")) {
// display status
echo "<div class=\"status\">Couldn't save admin settings. The new admin username is already held be a member. Please make sure the new admin username is unique.<br />Back to <a href=\"pageSettings.php\">Admin settings</a>.</div>";
// exit
include "{$d}/incFooter.php";
}
$adminPassword = $_POST['adminPassword'];
if ($adminPassword != '') {
$adminPassword = md5($adminPassword);
} else {
$adminPassword = $adminConfig['adminPassword'];
}
$notifyAdminNewMembers = intval($_POST['notifyAdminNewMembers']);
$custom1 = makeSafe($_POST['custom1']);
$custom2 = makeSafe($_POST['custom2']);
$custom3 = makeSafe($_POST['custom3']);
$custom4 = makeSafe($_POST['custom4']);
$MySQLDateFormat = makeSafe($_POST['MySQLDateFormat']);
$PHPDateFormat = makeSafe($_POST['PHPDateFormat']);
$PHPDateTimeFormat = makeSafe($_POST['PHPDateTimeFormat']);
$groupsPerPage = intval($_POST['groupsPerPage']) ? intval($_POST['groupsPerPage']) : $adminConfig['groupsPerPage'];
$membersPerPage = intval($_POST['membersPerPage']) ? intval($_POST['membersPerPage']) : $adminConfig['membersPerPage'];
function getUserCountry()
{
global $opt, $cookie, $usr;
// language specified in cookie?
if ($cookie->is_set('usercountry')) {
$sCountry = $cookie->get('usercountry', null);
if ($sCountry != null) {
return $sCountry;
}
}
// user specified a country?
if (isset($usr) && $usr !== false) {
$sCountry = sqlValue("SELECT `country` FROM `user` WHERE `user_id`='" . ($usr['userid'] + 0) . "'", null);
if ($sCountry != null) {
return $sCountry;
}
}
// default country of this language
//
// disabled: produces unexpected results on multi-domains without translation,
// and will confusingly switch country when switching language -- following 3.9.2015
//
// if (isset($opt['template']['locale']) && isset($opt['locale'][$opt['template']['locale']]['country']))
// return $opt['locale'][$opt['template']['locale']]['country'];
// default country of installation (or domain)
if (isset($opt['template']['default']['country'])) {
return $opt['template']['default']['country'];
}
// country could not be determined by the above checks -> return "GB"
return 'GB';
}
$search_term = false;
if (isset($_REQUEST['s'])) {
$search_term = iconv('UTF-8', datalist_db_encoding, $_REQUEST['s']);
}
$page = intval($_REQUEST['p']);
if ($page < 1) {
$page = 1;
}
$skip = $results_per_page * ($page - 1);
$table_name = $_REQUEST['t'];
if (!in_array($table_name, array_keys(getTableList()))) {
/* invalid table */
echo '{"results":[{"id":"","text":"Invalid table"}],"more":false,"elapsed":0}';
exit;
}
/* if id is provided, get owner */
$owner = false;
if ($id) {
$owner = sqlValue("select memberID from membership_userrecords where tableName='{$table_name}' and pkValue='" . makeSafe($id) . "'");
}
$prepared_data = array();
$where = "g.name!='{$adminConfig['anonymousGroup']}' and p.allowView>0 ";
if ($search_term) {
$search_term = makeSafe($search_term);
$where .= "and (u.memberID like '%{$search_term}%' or g.name like '%{$search_term}%')";
}
$res = sql("select u.memberID, g.name from membership_users u left join membership_groups g on u.groupID=g.groupID left join membership_grouppermissions p on g.groupID=p.groupID and p.tableName='{$table_name}' where {$where} order by g.name, u.memberID limit {$skip}, {$results_per_page}", $eo);
while ($row = db_fetch_row($res)) {
$prepared_data[] = array('id' => iconv(datalist_db_encoding, 'UTF-8', $row[0]), 'text' => iconv(datalist_db_encoding, 'UTF-8', "<b>{$row[1]}</b>/{$row[0]}"));
}
echo json_encode(array('results' => $prepared_data, 'more' => @db_num_rows($res) >= $results_per_page, 'elapsed' => round(microtime(true) - $start_ts, 3)));
function customers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('customers');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: Country
$combo_Country = new Combo();
$combo_Country->ListType = 0;
$combo_Country->MultipleSeparator = ', ';
$combo_Country->ListBoxHeight = 10;
$combo_Country->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/customers.Country.csv')) {
$Country_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/customers.Country.csv')));
$combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($Country_data)));
$combo_Country->ListData = $combo_Country->ListItem;
} else {
$combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Afghanistan;;Albania;;Algeria;;American Samoa;;Andorra;;Angola;;Anguilla;;Antarctica;;Antigua, Barbuda;;Argentina;;Armenia;;Aruba;;Australia;;Austria;;Azerbaijan;;Bahamas;;Bahrain;;Bangladesh;;Barbados;;Belarus;;Belgium;;Belize;;Benin;;Bermuda;;Bhutan;;Bolivia;;Bosnia, Herzegovina;;Botswana;;Bouvet Is.;;Brazil;;Brunei Darussalam;;Bulgaria;;Burkina Faso;;Burundi;;Cambodia;;Cameroon;;Canada;;Canary Is.;;Cape Verde;;Cayman Is.;;Central African Rep.;;Chad;;Channel Islands;;Chile;;China;;Christmas Is.;;Cocos Is.;;Colombia;;Comoros;;Congo, D.R. Of;;Congo;;Cook Is.;;Costa Rica;;Croatia;;Cuba;;Cyprus;;Czech Republic;;Denmark;;Djibouti;;Dominica;;Dominican Republic;;Ecuador;;Egypt;;El Salvador;;Equatorial Guinea;;Eritrea;;Estonia;;Ethiopia;;Falkland Is.;;Faroe Is.;;Fiji;;Finland;;France;;French Guiana;;French Polynesia;;French Territories;;Gabon;;Gambia;;Georgia;;Germany;;Ghana;;Gibraltar;;Greece;;Greenland;;Grenada;;Guadeloupe;;Guam;;Guatemala;;Guernsey;;Guinea-bissau;;Guinea;;Guyana;;Haiti;;Heard, Mcdonald Is.;;Honduras;;Hong Kong;;Hungary;;Iceland;;India;;Indonesia;;Iran;;Iraq;;Ireland;;Israel;;Italy;;Ivory Coast;;Jamaica;;Japan;;Jersey;;Jordan;;Kazakhstan;;Kenya;;Kiribati;;Korea, D.P.R Of;;Korea, Rep. Of;;Kuwait;;Kyrgyzstan;;Lao Peoples D.R.;;Latvia;;Lebanon;;Lesotho;;Liberia;;Libyan Arab Jamahiriya;;Liechtenstein;;Lithuania;;Luxembourg;;Macao;;Macedonia, F.Y.R Of;;Madagascar;;Malawi;;Malaysia;;Maldives;;Mali;;Malta;;Mariana Islands;;Marshall Islands;;Martinique;;Mauritania;;Mauritius;;Mayotte;;Mexico;;Micronesia;;Moldova;;Monaco;;Mongolia;;Montserrat;;Morocco;;Mozambique;;Myanmar;;Namibia;;Nauru;;Nepal;;Netherlands Antilles;;Netherlands;;New Caledonia;;New Zealand;;Nicaragua;;Niger;;Nigeria;;Niue;;Norfolk Island;;Norway;;Oman;;Pakistan;;Palau;;Palestinian Terr.;;Panama;;Papua New Guinea;;Paraguay;;Peru;;Philippines;;Pitcairn;;Poland;;Portugal;;Puerto Rico;;Qatar;;Reunion;;Romania;;Russian Federation;;Rwanda;;Samoa;;San Marino;;Sao Tome, Principe;;Saudi Arabia;;Senegal;;Seychelles;;Sierra Leone;;Singapore;;Slovakia;;Slovenia;;Solomon Is.;;Somalia;;South Africa;;South Georgia;;South Sandwich Is.;;Spain;;Sri Lanka;;St. Helena;;St. Kitts, Nevis;;St. Lucia;;St. Pierre, Miquelon;;St. Vincent, Grenadines;;Sudan;;Suriname;;Svalbard, Jan Mayen;;Swaziland;;Sweden;;Switzerland;;Syrian Arab Republic;;Taiwan;;Tajikistan;;Tanzania;;Thailand;;Timor-leste;;Togo;;Tokelau;;Tonga;;Trinidad, Tobago;;Tunisia;;Turkey;;Turkmenistan;;Turks, Caicoss;;Tuvalu;;Uganda;;Ukraine;;United Arab Emirates;;United Kingdom;;United States;;Uruguay;;Uzbekistan;;Vanuatu;;Vatican City;;Venezuela;;Viet Nam;;Virgin Is. British;;Virgin Is. U.S.;;Wallis, Futuna;;Western Sahara;;Yemen;;Yugoslavia;;Zambia;;Zimbabwe")));
$combo_Country->ListData = $combo_Country->ListItem;
}
$combo_Country->SelectName = 'Country';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `customers` where `CustomerID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_Country->SelectedData = $row['Country'];
} else {
$combo_Country->SelectedText = $_REQUEST['FilterField'][1] == '9' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
}
$combo_Country->Render();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/customers_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/customers_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#CustomerID').replaceWith('<div class=\"form-control-static\" id=\"CustomerID\">' + (jQuery('#CustomerID').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#CompanyName').replaceWith('<div class=\"form-control-static\" id=\"CompanyName\">' + (jQuery('#CompanyName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ContactName').replaceWith('<div class=\"form-control-static\" id=\"ContactName\">' + (jQuery('#ContactName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ContactTitle').replaceWith('<div class=\"form-control-static\" id=\"ContactTitle\">' + (jQuery('#ContactTitle').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Address').replaceWith('<div class=\"form-control-static\" id=\"Address\">' + (jQuery('#Address').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#City').replaceWith('<div class=\"form-control-static\" id=\"City\">' + (jQuery('#City').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Region').replaceWith('<div class=\"form-control-static\" id=\"Region\">' + (jQuery('#Region').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#PostalCode').replaceWith('<div class=\"form-control-static\" id=\"PostalCode\">' + (jQuery('#PostalCode').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Country').replaceWith('<div class=\"form-control-static\" id=\"Country\">' + (jQuery('#Country').val() || '') + '</div>'); jQuery('#Country-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#Phone').replaceWith('<div class=\"form-control-static\" id=\"Phone\">' + (jQuery('#Phone').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Fax').replaceWith('<div class=\"form-control-static\" id=\"Fax\">' + (jQuery('#Fax').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(Country)%%>', $combo_Country->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(Country)%%>', $combo_Country->SelectedData, $templateCode);
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(CompanyName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ContactName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ContactTitle)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Address)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Region)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(PostalCode)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Country)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Fax)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', htmlspecialchars($row['CustomerID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode($urow['CustomerID']), $templateCode);
$templateCode = str_replace('<%%VALUE(CompanyName)%%>', htmlspecialchars($row['CompanyName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode($urow['CompanyName']), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactName)%%>', htmlspecialchars($row['ContactName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode($urow['ContactName']), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactTitle)%%>', htmlspecialchars($row['ContactTitle'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode($urow['ContactTitle']), $templateCode);
if ($dvprint) {
$templateCode = str_replace('<%%VALUE(Address)%%>', nl2br(htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1')), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(Address)%%>', htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
}
$templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode($urow['Address']), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', htmlspecialchars($row['City'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode($urow['City']), $templateCode);
$templateCode = str_replace('<%%VALUE(Region)%%>', htmlspecialchars($row['Region'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode($urow['Region']), $templateCode);
$templateCode = str_replace('<%%VALUE(PostalCode)%%>', htmlspecialchars($row['PostalCode'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode($urow['PostalCode']), $templateCode);
$templateCode = str_replace('<%%VALUE(Country)%%>', htmlspecialchars($row['Country'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode($urow['Country']), $templateCode);
$templateCode = str_replace('<%%VALUE(Phone)%%>', htmlspecialchars($row['Phone'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode($urow['Phone']), $templateCode);
$templateCode = str_replace('<%%VALUE(Fax)%%>', htmlspecialchars($row['Fax'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode($urow['Fax']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(CompanyName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactTitle)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Address)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Region)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(PostalCode)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Country)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Fax)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: customers_dv
if (function_exists('customers_dv')) {
$args = array();
customers_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
</div></td>
<td class="tdHeader"><div class="ColCaption"><?php
echo $Translation["description"];
?>
</div></td>
<td class="tdHeader"><div class="ColCaption"><?php
echo $Translation['members count'];
?>
</div></td>
<td class="tdHeader"> </td>
</tr>
</thead>
<?php
$res = sql("select groupID, name, description from membership_groups {$where} limit {$start}, " . $adminConfig['groupsPerPage'], $eo);
while ($row = db_fetch_row($res)) {
$groupMembersCount = sqlValue("select count(1) from membership_users where groupID='{$row['0']}'");
?>
<tr>
<td class="tdCaptionCell" align="left">
<a href="pageEditGroup.php?groupID=<?php
echo $row[0];
?>
"><i class="glyphicon glyphicon-edit" title="<?php
echo $Translation['Edit group'];
?>
"></i></a>
<?php
if (!$groupMembersCount) {
?>
<a href="pageDeleteGroup.php?groupID=<?php
echo $row[0];