$entitlement = user_holiday_entitlement($user); $holiday_resetdate = user_holiday_resetdate($user); $holidaystaken = user_count_holidays($user, HOL_HOLIDAY, $holiday_resetdate); if ($entitlement - $holidaystaken <= 0) { echo user_alert($strNoHolidayEntitlement, E_USER_WARNING); } } // swap dates around if end is before start if ($start > $end) { $newend = $start; $start = $end; $end = $newend; unset($newend); } if ($type == HOL_SICKNESS and $start > $now) { echo user_alert($strSicknessOnlyBookedNowOrPast, E_USER_ERROR); } echo "<p align='center'><strong>{$strSelectDays}</strong></p>"; echo "<table align='center' width='550' class='vertical'>"; echo "<tr><th>{$strStartDate}</th><td>" . ldate($CONFIG['dateformat_date'], $start) . "</td></tr>"; echo "<tr><th>{$strEndDate}</th><td>" . ldate($CONFIG['dateformat_date'], $end) . "</td></tr>"; echo "</table><br />"; echo "<form name='date' action='{$_SERVER['PHP_SELF']}' method='post'>"; echo "<input type='hidden' name='user' value='{$user}' />"; echo "<input type='hidden' name='type' value='{$type}' />"; echo "<table align='center' width='550'>"; echo "<tr><th>{$strDate}</th><th>{$strNone}</th><th>{$strDay}</th><th>{$strAM}</th><th>{$strPM}</th></tr>\n"; $daynumber = 1; $options = 0; // if ($end==$start) $end += 86400;
echo "</table>\n"; $totalincidents = contact_count_incidents($id); if ($totalincidents > 0) { echo user_alert(sprintf($strThereAreXIncidentsAssignedToThisContact, $totalincidents), E_USER_WARNING); } $sql = "SELECT sc.maintenanceid AS maintenanceid, m.product, p.name AS productname, "; $sql .= "m.expirydate, m.term "; $sql .= "FROM `{$dbSupportContacts}` AS sc, `{$dbMaintenance}` AS m, `{$dbProducts}` AS p "; $sql .= "WHERE sc.maintenanceid = m.id AND m.product = p.id AND sc.contactid = '{$id}' "; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING); } $totalcontracts = mysql_num_rows($result); if ($totalcontracts > 0) { echo user_alert(sprintf($strThereAreXcontractsAssignedToThisPerson, $totalcontracts), E_USER_WARNING); } if ($totalincidents > 0 || $totalcontracts > 0) { echo "<form action='{$_SERVER['PHP_SELF']}' onsubmit=\"return confirm_action('{$strAreYouSureDelete}')\" method='post'>\n"; echo "<p align='center'>{$strBeforeDeleteContact}</p>"; $sql = "SELECT id, forenames, surname, siteid FROM `{$dbContacts}` ORDER BY surname ASC"; $result = mysql_query($sql); echo "<p align='center'>"; echo "<select name='newcontact'>"; if ($id == 0) { echo "<option selected='selected' value='0'>Select A Contact\n"; } while ($contacts = mysql_fetch_array($result)) { $site = ''; if ($contacts['siteid'] != '' && $contacts['siteid'] != 0) { $site = " of " . site_name($contacts['siteid']);
$versionresult = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING); } list($dbversion) = mysql_fetch_row($versionresult); if ($dbversion < $application_version) { echo "<p class='error'><strong>IMPORTANT</strong> The SiT database schema needs to be updated"; if (user_permission($sit[2], 22)) { echo " from v{$dbversion} to v{$application_version}</p>"; echo "<p class='tip'>Visit <a href='setup.php'>Setup</a> to update the schema"; } echo "</p>"; } // Check users email address if (empty($_SESSION['email'])) { echo user_alert("{$strInvalidEmailAddress} - <a href='user_profile_edit.php'>{$strEditEmail}</a>", E_USER_ERROR); } //display (trigger) notices $noticesql = "SELECT * FROM `{$GLOBALS['dbNotices']}` "; // Don't show more than 20 notices, saftey cap $noticesql .= "WHERE userid={$sit[2]} ORDER BY timestamp DESC LIMIT 20"; $noticeresult = mysql_query($noticesql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($noticeresult) > 0) { echo "<div id='noticearea'>\n"; $keys = array_keys($_GET); foreach ($keys as $key) { if ($key != 'noticeid') { $url .= "&{$key}=" . $_GET[$key];
echo "'>{$strShowAll}</a>"; $inactivestring = "displayinactive=false"; } echo "</td></tr><tr><td valign='middle'>"; echo "<a href='contact_add.php'>{$strAdd}</a> | "; echo alpha_index("{$_SERVER['PHP_SELF']}?search_string="); echo "<a href='{$_SERVER['PHP_SELF']}?search_string=*&{$inactivestring}'>{$strAll}</a>"; echo "</td></tr></table>"; if (empty($search_string)) { echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSearch}'"), E_USER_ERROR); } else { // perform search // check input if ($search_string == '') { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSearch}'"), E_USER_ERROR); } // search for criteria if ($errors == 0) { if ($submit_value != 'go') { // Don't need to do this again, already done above, us the results of that // build SQL $sql = "SELECT c.* FROM `{$dbContacts}` AS c, `{$dbSites}` AS s "; $sql .= "WHERE c.siteid = s.id "; $search_string_len = strlen(utf8_decode($search_string)); if ($search_string != '*') { $sql .= " AND ("; if ($search_string_len <= 6) { $sql .= "c.id=('{$search_string}') OR "; } if ($search_string_len <= 2) {
$owner = cleanvar($_POST['owner']); $_SESSION['formdata']['add_site'] = $_REQUEST; include APPLICATION_INCPATH . 'htmlheader.inc.php'; $errors = 0; // check for blank name if ($name == '') { $errors++; $_SESSION['formerrors']['add_site']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSiteName}'"), E_USER_ERROR); } if ($address1 == '') { $errors++; $_SESSION['formerrors']['add_site']['address1'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strAddress1}'"), E_USER_ERROR); } if ($email == '') { $errors++; $_SESSION['formerrors']['add_site']['email'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR); } // add site if no errors if ($errors == 0) { if ($owner == '') { $owner = 0; } $sql = "INSERT INTO `{$dbSites}` (name, department, address1, address2, city, county, country, postcode, telephone, fax, email, websiteurl, notes, typeid, owner) "; $sql .= "VALUES ('{$name}', '{$department}' ,'{$address1}', '{$address2}', '{$city}', '{$county}', '{$country}', '{$postcode}', "; $sql .= "'{$telephone}', '{$fax}', '{$email}', '{$websiteurl}', '{$notes}', '{$typeid}','{$owner}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } $id = mysql_insert_id(); // show error message if addition failed
$lifetime_start = date('Y-m-d', strtotime($_REQUEST['lifetime_start'])); } else { $lifetime_start = ''; } if (!empty($_REQUEST['lifetime_end'])) { $lifetime_end = date('Y-m-d', strtotime($_REQUEST['lifetime_end'])); } else { $lifetime_end = ''; } $_SESSION['formdata']['add_software'] = $_REQUEST; // Add new $errors = 0; // check for blank name if ($name == '') { $errors++; $_SESSION['formerrors']['add_software']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR); } // Check this is not a duplicate $sql = "SELECT id FROM `{$dbSoftware}` WHERE LCASE(name)=LCASE('{$name}') LIMIT 1"; $result = mysql_query($sql); if (mysql_num_rows($result) >= 1) { $errors++; $_SESSION['formerrors']['add_software']['duplicate'] .= $strARecordAlreadyExistsWithTheSameName; } // add product if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbSoftware}` (name, vendorid, lifetime_start, lifetime_end) VALUES ('{$name}','{$vendor}','{$lifetime_start}','{$lifetime_end}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); }
$page = str_replace('..', '', $page); $page = strip_tags($page); $page = htmlentities($page, ENT_COMPAT, $GLOBALS['i18ncharset']); // Invalid user, show log in form include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<p class='error'>If you are not a developer, please under no circumstances run this version of SiT!, it is now destined for 4.0, at best it will be barely be useable, at worst it might injure you.</p>"; if ($id == 1) { echo "<p class='error'>"; echo sprintf($strEnterCredentials, $CONFIG['application_shortname']); echo "</p><br />"; } if ($id == 2) { echo user_alert($strSessionExpired, E_USER_ERROR); } if ($id == 3) { echo user_alert($strInvalidCredentials, E_USER_ERROR); } // Language selector if (!empty($CONFIG['available_i18n'])) { $available_languages = i18n_code_to_name($CONFIG['available_i18n']); } else { $available_languages = available_languages(); } if (count($available_languages) == 1 and array_key_exists($CONFIG['default_i18n'], $available_languages)) { echo "<!-- Language: {$CONFIG['default_i18n']} -->"; } else { $available_languages = array_merge(array('default' => $strDefault), $available_languages); echo "<div style='margin-left: auto; margin-right: auto; width: 380px;"; echo " text-align: center; margin-top: 3em;'>"; echo "<form id='langselectform' action='login.php' method='post'>"; echo icon('language', 16, $strLanguage) . " <label for='lang'>";
echo "<dd>{$ttvar['description']}"; } if (!empty($ttvar[0]['description'])) { echo "<dd>{$ttvar[0]['description']}"; } echo "<br />"; } } echo "</dl>"; plugin_do('emailtemplate_list'); echo "</table>\n"; echo "</div>"; echo "<p style='clear:both; margin-top: 2em;' align='center'><a href='{$_SERVER['PHP_SELF']}'>{$strBackToList}</a></p>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmailTemplate}'"), E_USER_ERROR); } } elseif ($action == "delete") { if (empty($id) or is_numeric($id) == FALSE) { // id must be filled and be a number header("Location: {$_SERVER['PHP_SELF']}?action=showform"); exit; } // We only allow user templates to be deleted $sql = "DELETE FROM `{$dbEmailTemplates}` WHERE id='{$id}' AND type='user' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } header("Location: {$_SERVER['PHP_SELF']}?action=showform"); exit;
$class = "shade1"; } else { $class = "shade2"; } flush(); $softarr[] = $software->id; } $softlist = implode(',', $softarr); echo "</table>\n"; echo "<input type='hidden' name='user' value='{$user}' />"; echo "<input type='hidden' name='softlist' value='{$softlist}' />"; echo "<input type='hidden' name='save' value='vqvbgf' />"; echo "<p align='center'><input type='submit' value='{$strSave}' /></p>"; echo "</form>"; } else { echo user_alert($strNoSkillsDefined, E_USER_WARNING); } include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { // External variables $softlist = explode(',', $_REQUEST['softlist']); $backup = $_REQUEST['backup']; $user = cleanvar($_REQUEST['user']); foreach ($backup as $key => $backupid) { if ($backupid > 0) { $sql = "UPDATE `{$dbUserSoftware}` SET backupid='{$backupid}' WHERE userid='{$user}' AND softwareid='{$softlist[$key]}' LIMIT 1 "; } // echo "{$softlist[$key]} -- $key -- $value<br />"; //echo "$sql <br />"; mysql_query($sql); if (mysql_error()) {
mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } if ($target != 'none') { // Reset the slaemail sent column, so that email reminders can be sent if the new sla target goes out $sql = "UPDATE `{$dbIncidents}` SET slaemail='0', slanotice='0' WHERE id='{$id}' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } if (!$result) { include 'inc/incident_html_top.inc.php'; echo user_alert($strUpdateIncidentFailed, E_USER_WARNING); include 'inc/incident_html_bottom.inc.php'; } else { if ($draftid != -1 and !empty($draftid)) { $sql = "DELETE FROM `{$dbDrafts}` WHERE id = {$draftid}"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } } journal(CFG_LOGGING_MAX, 'Incident Updated', "Incident {$id} Updated", CFG_JOURNAL_SUPPORT, $id); html_redirect("incident_details.php?id={$id}"); } } } }
$sql = "SELECT up.userid AS userid, username, realname "; $sql .= "FROM `{$dbUserPermissions}` AS up, `{$dbUsers}` AS u "; $sql .= "WHERE up.userid = u.id "; $sql .= "AND permissionid = '{$permid}' AND granted = 'true' AND u.status > 0"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($result) >= 1) { echo "<table align='center'>"; echo "<tr><th>{$strUser}</th></tr>"; $shade = 'shade1'; while ($user = mysql_fetch_object($result)) { echo "<tr class='{$shade}'><td>✔ <a href='{$_SERVER['PHP_SELF']}?action=edit&userid={$user->userid}#perm{$perm}'>{$user->realname}</a> ({$user->username})</td></tr>\n"; if ($shade == 'shade1') { $shade = 'shade2'; } else { $shade = 'shade1'; } } echo "</table>"; } else { echo "<p align='center'>{$strNone}</p>"; } } else { echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strPermission}'"), E_USER_ERROR); } } else { echo user_alert("{$strNoChangesToMake}", E_USER_WARNING); } include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} // NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0 $sql = "UPDATE `{$dbMaintenance}` SET reseller={$reseller}, expirydate='{$expirydate}', licence_quantity='{$licence_quantity}', "; $sql .= "licence_type={$licence_type}, notes='{$notes}', admincontact={$admincontact}, term='{$terminated}', servicelevelid='{$servicelevelid}', "; $sql .= "incident_quantity='{$incident_quantity}', "; $sql .= "incidentpoolid='{$incidentpoolid}', productonly='{$productonly}', "; $sql .= "supportedcontacts='{$amount}', allcontactssupported='{$allcontacts}'"; if (!empty($product) and user_permission($sit[2], 22)) { $sql .= ", product='{$product}'"; } $sql .= " WHERE id='{$maintid}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } // show error message if addition failed if (!$result) { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo user_alert("Update failed", E_USER_WARNING); include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { journal(CFG_LOGGING_NORMAL, 'Contract Edited', "contract {$maintid} modified", CFG_JOURNAL_MAINTENANCE, $maintid); html_redirect("contract_details.php?id={$maintid}"); } } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo $errors_string; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } } }
} } if ($numresults > 0) { $average = number_format($cumul / $numresults, 2); } $percent = number_format(($average - 1) * (100 / ($CONFIG['feedback_max_score'] - 1)), 0); if ($percent < 0) { $percent = 0; } $totalresult += $average; $html .= "{$average} <strong>({$percent}%)</strong><br />"; } $total_average = number_format($totalresult / $numquestions, 2); $total_percent = number_format(($total_average - 1) * (100 / ($CONFIG['feedback_max_score'] - 1)), 0); if ($total_percent < 0) { $total_percent = 0; } $html .= "<p>{$strPositivity}: {$total_average} <strong>({$total_percent}%)</strong> " . sprintf($strAfterXSurveys, $numresults) . "</p>"; $surveys += $numresults; $html .= "<hr />\n"; //if ($total_average>0) echo $html; echo "\n\n\n<!-- {$surveys} -->\n\n\n"; } else { echo user_alert($strNoFeedbackFound, E_USER_WARNING); } } } else { echo user_alert($strFoundNoUsersToReport, E_USER_WARNING); } echo "</div>\n";
echo "</table>"; echo "<p align='center'><input name='submit' type='submit' value='{$strContinue}' /></p>"; echo "</form>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } elseif ($action == "delete") { // Delete the chosen support contact $errors = 0; // check for blank contact if ($contactid == 0) { $errors = 1; $errors_string .= user_alert("{$strYouMustSelectAsupportContact}", E_USER_ERROR); } // check for blank maintenance id if ($maintid == 0) { $errors = 1; $errors_string .= user_alert("{$strYouMustSelectAmaintenanceContract}", E_USER_ERROR); } // delete maintenance support contact if no errors if ($errors == 0) { $sql = "DELETE FROM `{$dbSupportContacts}` WHERE maintenanceid='{$maintid}' AND contactid='{$contactid}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } // show error message if deletion failed if (!$result) { include APPLICATION_INCPATH . 'htmlheader.inc.php'; trigger_error("Deletion of maintenance support conact failed: {$sql}", E_USER_WARNING); include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { journal(CFG_LOGGING_NORMAL, 'Supported Contact Removed', "Contact {$contactid} removed from maintenance contract {$maintid}", CFG_JOURNAL_MAINTENANCED, $maintid);
// echo show_links('tasks', $task->id, 0, '', 'rl'); // // echo "</div>"; // // echo show_create_links('tasks', $task->id); // echo "</div>"; // Notes echo "<div style='width: 48%; float: right; border: 1px solid #CCCCFF;'>"; echo add_note_form(NOTE_TASK, $taskid); echo show_notes(NOTE_TASK, $taskid); echo "</div>"; } elseif ($mode == 'incident') { echo "<div style='width: 48%; margin-left: auto; margin-right: auto;border: 1px solid #CCCCFF;'>"; echo add_note_form(NOTE_TASK, $taskid); echo show_notes(NOTE_TASK, $taskid, FALSE); echo "</div>"; } } else { echo user_alert($strNoMatchingTask, E_USER_WARNING); } if ($mode != 'incident') { echo "</div>"; } echo "<div style='clear:both; padding-top: 20px;'>"; if ($mode != 'incident') { echo "<p align='center'><a href='tasks.php'>{$strTaskList}</a></p>"; } else { echo "<p align='center'><a href=task_edit.php?id={$taskid}&action=markcomplete&incident={$incidentid}>{$strMarkComplete}</a> | <a href='tasks.php?incident={$id}'>{$strActivityList}</a></p>"; } echo "</div>";
$_SESSION['formerrors']['portaladdincident'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strIncidentTitle}'"), E_USER_ERROR); $errors = 1; } if (empty($probdesc)) { $_SESSION['formerrors']['portaladdincident'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProblemDescription}'"), E_USER_ERROR); $errors = 1; } foreach ($_POST as $key => $value) { if (substr($key, 0, 5) == 'pinfo' and empty($value)) { $id = intval(str_replace("pinfo", "", $key)); $sql = "SELECT information FROM `{$dbProductInfo}` "; $sql .= "WHERE id='{$id}' "; $result = mysql_query($sql); $fieldobj = mysql_fetch_object($result); $field = $fieldobj->information; $_SESSION['formerrors']['portaladdincident'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$field}'"), E_USER_ERROR); // i18n fieldname $errors = 1; } } if ($errors == 0) { $updatetext = sprintf($SYSLANG['strOpenedViaThePortalByX'], "[b]" . contact_realname($contactid) . "[/b]"); $updatetext .= "\n\n"; if (!empty($probdesc)) { $updatetext .= "[b]{$SYSLANG['strProblemDescription']}[/b]\n{$probdesc}\n\n"; } if ($CONFIG['portal_creates_incidents']) { $incidentid = create_incident($incidenttitle, $contactid, $servicelevel, $contractid, $productid, $software); $_SESSION['incidentid'] = $incidentid; // Save productinfo if there is some $sql = "SELECT * FROM `{$dbProductInfo}` WHERE productid='{$productid}'";
function region_move_money($method_name, $params, $app_data) { global $economy_sink_account; $req = $params[0]; $agentid = $req['agentId']; $sessionid = $req['secureSessionId']; $regionid = $req['regionId']; $secret = $req['secret']; $currencySecret = $req['currencySecret']; $destid = $req['destId']; $cash = $req['cash']; $aggregatePermInventory = $req['aggregatePermInventory']; $aggregatePermNextOwner = $req['aggregatePermNextOwner']; $flags = $req['flags']; $transactiontype = $req['transactionType']; $description = $req['description']; $ipAddress = $_SERVER['REMOTE_ADDR']; # # Validate region secret # $db = new DB(); $sql = "select UUID from " . C_REGIONS_TBL . " " . "where UUID='" . $db->escape($regionid) . "' and " . "regionSecret='" . $db->escape($secret) . "'"; $db->query($sql); list($region_id) = $db->next_record(); if ($region_id) { # We have a region, check agent session $sql = "select UUID from " . C_AGENTS_TBL . " " . "where UUID='" . $db->escape($agentid) . "' and " . "secureSessionID='" . $db->escape($sessionid) . "' and " . "agentOnline=1 and " . "currentRegion='" . $db->escape($regionid) . "'"; $db->query($sql); list($user_id) = $db->next_record(); if ($user_id) { if (get_balance($agentid) < $cash) { $response_xml = xmlrpc_encode(array('success' => False, 'errorMessage' => "You do not have sufficient funds for this purchase", 'errorURI' => " ")); } else { if ($destid == "00000000-0000-0000-0000-000000000000") { $destid = $economy_sink_account; } if ($transactiontype == 1002) { user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid L\$ " . $cash . " to create a group"); $description = "Group creation fee"; } else { if ($transactiontype == 1101) { user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid L\$ " . $cash . " to upload."); $description = "Upload Charge"; } else { if ($transactiontype == 3000) { $description = "Give Inventory"; } else { if ($transactiontype == 5001) { $destName = agent_name($destid); $sourceName = agent_name($agentid); user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash); user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash); $description = "Gift"; } else { if ($transactiontype == 5002) { if ($destid == $economy_sink_account) { user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid L\$ " . $cash . " for a parcel of land."); } else { $destName = agent_name($destid); $sourceName = agent_name($agentid); user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash . " for a parcel of land."); user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash . " for a parcel of land"); } $description = "Land Sale"; } else { if ($transactiontype == 5008) { $destName = agent_name($destid); $sourceName = agent_name($agentid); user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash); user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash); } else { if ($transactiontype == 2) { $destName = agent_name($destid); $sourceName = agent_name($agentid); user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash); user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash); } } } } } } } move_money($agentid, $destid, $cash, $aggregatePermInventory, $aggregatePermNextOwner, $flags, $transactiontype, $description, $regionid, $ipAddress); $response_xml = xmlrpc_encode(array('success' => True, 'agentId' => $agentid, 'funds' => get_balance($agentid), 'funds2' => get_balance($destid), 'currencySecret' => " ")); } } else { $response_xml = xmlrpc_encode(array('success' => False, 'errorMessage' => "Unable to authenticate avatar. Money operations may be unavailable", 'errorURI' => " ")); } } else { $response_xml = xmlrpc_encode(array('success' => False, 'errorMessage' => "This region is not authorized to manage your money. Money operations may be unavailable", 'errorURI' => " ")); } header("Content-type: text/xml"); print $response_xml; $stri = update_simulator_balance($agentid); $stri = update_simulator_balance($destid); return ""; }
} echo "<table align='center'>"; if (mysql_num_rows($result) > 0) { echo "<tr><th>{$strID}</th><th>{$strTitle}</th><th>{$strOpened}</th><th>{$strClosed}</th><th>{$strOwner}</th><th>{$strCustomer}</th><th>{$strSite}</th></tr>"; while ($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td><a href=\"javascript:incident_details_window('{$row['id']}','incident{$row['id']}')\" class='info'>{$row['id']}</a></td>"; echo "<td><a href=\"javascript:incident_details_window('{$row['id']}','incident{$row['id']}')\" class='info'>{$row['title']}</a></td>"; echo "<td>" . date($CONFIG['dateformat_datetime'], $row['opened']) . "</td>"; if ($row['status'] != 2) { echo "<td>{$strCurrentlyOpen}</td>"; } else { echo "<td>" . date($CONFIG['dateformat_datetime'], $row['closed']) . "</td>"; } echo "<td>" . user_realname($row['owner']) . "</td>"; $sql = "SELECT c.forenames, c.surname, s.name "; $sql .= "FROM `{$dbContacts}` AS c, `{$dbSites}` AS s "; $sql .= "WHERE s.id = c.siteid AND c.id = {$row['contact']}"; $contactResult = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING); } $contact = mysql_fetch_array($contactResult); echo "<td>{$contact['forenames']} {$contact['surname']}</td>"; echo "<td>{$contact['name']}</td>"; echo "</tr>\n"; } echo "</table>\n"; } else { echo user_alert($strNoRecords, E_USER_WARNING); }
} if (mysql_num_rows($result) > 0) { $errors = 1; $errors_string .= user_alert("A contact can only be listed once per support contract", E_USER_ERROR); } // add maintenance support contact if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbSupportContacts}` (maintenanceid, contactid) VALUES ({$maintid}, {$contactid})"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } // show error message if addition failed if (!$result) { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo user_alert("Addition of support contact failed", E_USER_WARNING); include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { if ($context == 'contact') { html_redirect("contact_details.php?id={$contactid}"); } else { html_redirect("contract_details.php?id={$maintid}"); } } } else { // show error message if errors include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo $errors_string; echo "<p align='center'><a href='contract_details.php?id={$maintid}'>Return</a></p>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; }
$additional = cleanvar($_POST['additional']); $references = cleanvar($_POST['references']); $wait = cleanvar($_POST['wait']); $send_email = cleanvar($_POST['send_email']); $send_engineer_email = cleanvar($_POST['send_engineer_email']); // Close the incident $errors = 0; echo "<script src='{$CONFIG['application_webpath']}scripts/webtrack.js' type='text/javascript'></script>\n"; // check for blank closing status field if ($closingstatus == 0) { $errors = 1; $error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strClosingStatus}'"), E_USER_ERROR); } if ($_REQUEST['summary'] == '' && $_REQUEST['solution'] == '') { $errors = 1; $error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSummary}' / '{$strSolution}'"), E_USER_ERROR); } plugin_do('pre_incident_closing'); if ($errors == 0) { $addition_errors = 0; // update incident if ($wait == 'yes') { // mark incident as awaiting closure $sql = "SELECT params FROM `{$dbScheduler}` WHERE action = 'CloseIncidents' LIMIT 1"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING); $closure_delay = 554400; } else { list($closure_delay) = mysql_fetch_row($result); }
$site = cleanvar($_POST['site']); $tags = cleanvar($_POST['tags']); $active = cleanvar($_POST['active']); // Edit site, update the database $errors = 0; if ($name == '') { $errors = 1; $errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR); } if ($email == '') { $errors = 1; $errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR); } if ($telephone == '') { $errors = 1; $errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strTelephone}'"), E_USER_ERROR); } // edit site if no errors if ($errors == 0) { replace_tags(3, $site, $tags); if (isset($licenserx)) { $licenserx = '1'; } else { $licenserx = '0'; } // update site if ($active == 'true') { $activeStr = 'true'; } else { $activeStr = 'false'; }
} $percent = number_format($average / $maxscore * 100, 0); $totalresult += $average; $qanswer[$qrow->taborder] += $average; $qavgavg = $qanswer[$qrow->taborder]; } $prevcontactid = $mrow->contactid; } echo "<h2>{$strSummary}</h2><p>{$strShowPositivityGraph}:</p>"; $adjust = 13; $min = 4; for ($i = 0; $i <= 10; $i++) { if ($countcontacts > 0) { $weighted = number_format($counter[$i] / $countcontacts * 100, 0); } else { $weighted = 0; } echo "<div style='background: #B"; echo dechex(floor($i * 1.5)); echo "0; color: #FFF; float:left; width: " . ($min + $weighted * $adjust) . "px;'> </div> "; echo $i * 10; if ($i < 10) { echo " - "; echo $i * 10 + 9; } echo "% ({$weighted}%)<br />"; } } else { echo user_alert($strNoFeedbackFound, E_USER_WARNING); } echo "</div>\n";
echo "</form>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { // FIXME these errors need tidying INL 9Jun08 // Add product information $errors = 0; include APPLICATION_INCPATH . 'htmlheader.inc.php'; // check for blank product if ($product == 0) { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProduct}'"), E_USER_ERROR); } // check for blank information if ($information == '') { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strQuestion}'"), E_USER_ERROR); } // add product information if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbProductInfo}` (productid, information, moreinformation) "; $sql .= "VALUES ('{$product}', '{$information}', '{$moreinformation}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } if (!$result) { echo "<p class='error'>" . sprintf($strAddXfailed, $strProductInformation) . "\n"; } else { journal(CFG_LOGGING_NORMAL, 'Product Info Added', "Info was added to Product {$product}", CFG_JOURNAL_PRODUCTS, $product); html_redirect("products.php?productid={$product}"); exit;
// This file is to be included on any portal page that requires authentication // This file must be included before any page output // Prevent script from being run directly (ie. it must always be included if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { exit; } session_name($CONFIG['session_name']); session_start(); if (!isset($accesslevel)) { include APPLICATION_INCPATH . 'portalheader.inc.php'; echo user_alert("{$strPermissionDenied}: \$accesslevel not set", E_USER_ERROR); include APPLICATION_INCPATH . 'htmlfooter.inc.php'; exit; } elseif ($accesslevel == 'admin' and $_SESSION['usertype'] != 'admin' and $_SESSION['portalauth'] == TRUE) { include APPLICATION_INCPATH . 'portalheader.inc.php'; echo user_alert($strPermissionDenied, E_USER_ERROR); include APPLICATION_INCPATH . 'htmlfooter.inc.php'; exit; } if ($CONFIG['portal'] == FALSE) { // portal disabled $_SESSION['portalauth'] = FALSE; $page = $_SERVER['PHP_SELF']; if (!empty($_SERVER['QUERY_STRING'])) { $page .= '?' . $_SERVER['QUERY_STRING']; } $page = urlencode($page); header("Location: {$CONFIG['application_webpath']}index.php?id=2&page={$page}"); exit; } // Check session is authenticated, if not redirect to login page
} } if (!empty($newpass) and empty($newpass2)) { $errors++; $_SESSION['formerrors']['portalcontactdetails'] .= "<p class='error'>{$strYouMustEnterYourNewPasswordTwice}</p>\n"; } elseif ($newpass != $newpass2) { $errors++; $_SESSION['formerrors']['portalcontactdetails'] .= "<p class='error'>{$strPasswordsDoNotMatch}</p>"; } if ($surname == '') { $errors++; $_SESSION['formerrors']['portalcontactdetails'] .= "<p class='error'>" . sprintf($strYouMustEnter, $strSurname) . "</p>\n"; } if ($email == '' or $email == 'none' or $email == 'n/a') { $errors++; $_SESSION['formerrors']['portalcontactdetails'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR); } if ($errors == 0) { $updatesql = "UPDATE `{$dbContacts}` SET username='******', forenames='{$forenames}', surname='{$surname}', "; $updatesql .= "department='{$department}', address1='{$address1}', address2='{$address2}', "; $updatesql .= "county='{$county}', country='{$country}', postcode='{$postcode}', "; $updatesql .= "phone='{$phone}', mobile='{$mobile}', fax='{$fax}', email='{$email}'"; if ($newpass != '') { $updatesql .= ", password=MD5('{$newpass}') "; } $updatesql .= "WHERE id='{$id}'"; mysql_query($updatesql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if ($_SESSION['contactid'] != $id) {
} else { $licence_type = "'{$licence_type}'"; } // NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0 $sql = "INSERT INTO `{$dbMaintenance}` (site, product, reseller, expirydate, licence_quantity, licence_type, notes, "; $sql .= "admincontact, servicelevelid, incidentpoolid, incident_quantity, productonly, term, supportedcontacts, allcontactssupported) "; $sql .= "VALUES ('{$site}', '{$product}', {$reseller}, '{$expirydate}', '{$licence_quantity}', {$licence_type}, '{$notes}', "; $sql .= "'{$admincontact}', '{$servicelevelid}', '{$incidentpoolid}', '{$incident_quantity}', '{$productonly}', '{$term}', '{$numcontacts}', '{$allcontacts}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } $maintid = mysql_insert_id(); if (!$result) { $addition_errors = 1; $addition_errors_string .= user_alert($strAdditionFail, E_USER_WARNING); } // Add service $sql = "INSERT INTO `{$dbService}` (contractid, startdate, enddate, creditamount, unitrate, incidentrate, foc) "; $sql .= "VALUES ('{$maintid}', '{$startdate}', '{$enddate}', '{$amount}', '{$unitrate}', '{$incidentrate}', '{$foc}')"; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_affected_rows() < 1) { trigger_error("Insert failed", E_USER_ERROR); } $serviceid = mysql_insert_id(); update_contract_balance($maintid, $strNewContract, $amount, $serviceid); if ($addition_errors == 1) { // show addition error message
// VALIDATION CHECKS */ // check for blank name if ($surname == '') { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSurname}'"), E_USER_ERROR); } // check for blank site if ($siteid == '') { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSiteName}'"), E_USER_ERROR); } // check for blank name if ($email == '' or $email == 'none' or $email == 'n/a') { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR); echo user_alert($strMustEnterEmail, E_USER_ERROR); } // check for blank contact id if ($contact == '') { $errors = 1; trigger_error("Something weird has happened, better call technical support", E_USER_ERROR); } // edit contact if no errors if ($errors == 0) { // update contact if ($dataprotection_email != '') { $dataprotection_email = 'Yes'; } else { $dataprotection_email = 'No'; } if ($dataprotection_phone != '') {