function inputsvalidation()
{
$validateresult = array();
$validateresult['curpassword'] = validateinput("curpassword", "Current Password", array("validpassword"));
$validateresult['password'] = validateinput("password", "Password", array("password", "match|repassword"));
return $validateresult;
}
function inputsvalidation()
{
$validateresult = array();
$validateresult['fullname'] = validateinput("fullname", "Full name", array("required", 4));
$validateresult['email'] = validateinput("email", "Email", array("required", 5, "email", "emailused"));
$validateresult['username'] = validateinput("username", "Username", array("required", 4, "username"));
$validateresult['password'] = validateinput("password", "Password", array("password", "match|repassword"));
return $validateresult;
}
function inputsvalidation()
{
$validateresult = array();
$validateresult['username'] = validateinput("username", "Username", array("required", 4));
$validateresult['secretword'] = validateinput("secretword", "Password", array("required", 8));
foreach ($validateresult as $key => $value) {
//echo $value. $control;
if ($value != 1) {
$inputsvalid = false;
$_SESSION['results']['message'] = "Username / Password is invalid";
header("Location: ../index.php");
} else {
${$key} = $_POST[$key];
}
}
if (validuser($username, $secretword)) {
$_SESSION['userid'] = getuserid($username);
header("Location: ../workspace.php");
} else {
$_SESSION['results']['message'] = "Username / Password is invalid";
header("Location: ../index.php");
}
}
echo "New record created successfully<br>";
} else {
echo "Error: " . $oosql . "<br>" . mysqli_error($conn);
}
$sql1 = "SELECT Pnumber FROM numbers WHERE IDNKey='{$idnkey}'";
$result1 = mysqli_query($conn, $sql1);
$row1 = $result1->fetch_assoc();
$pnum = $row1["Pnumber"];
$start = "UPDATE numbers SET DateofContact='{$date}',";
//Setup our SQL template for easy access
$end = " WHERE Pnumber='{$pnum}'";
$mid = "o";
//Handle Furnace and AC Ages
$submit = false;
$fage = validateinput($_POST["fage"]);
$acage = validateinput($_POST["acage"]);
if ($fage != "0") {
//if furnace age is entered
if ($acage != "0") {
//if ac age is entered
$mid = " FAge='{$fage}' , ACAge='{$acage}'";
} else {
$mid = " FAge={$fage}";
}
$submit = true;
} elseif ($acage != "0") {
//but AC age is
$mid = " ACAge={$acage}";
$submit = true;
}
//Execute the SQL command for furnaces and AC
<td>
<form method="post" action="{$_SERVER['PHP_SELF']}?action=deleteuser&id={$id}">
<input type="submit" value="delete">
</form>
</td>
<td>
<form method="post" action="users.php{$cancel_action}">
<input type="submit" value="cancel">
</form>
</td>
</tr>
</table>
EOT;
break;
case "deleteuser":
$input = validateinput($_GET, $fields_def, array('id'));
if (!$input) {
break;
}
$id = $input['id'];
if (!$userprivileges['manageusers']) {
if ($userid != $id || $userid < 1) {
print "You are not permitted to access this page !<br>\n";
break;
}
}
# --- set his news items' author to the special 'deleted' user ---
$query = "update news set userid=-1 where userid={$id}";
mysql_query($query, $DBconnection) or die("Could not execute query !");
# --- set his projects' maintainer to the special 'deleted' user ---
$query = "update projects set userid=-1 where userid={$id}";
<head>
<title>CoolHeat comfort CRM</title>
<link rel="stylesheet" type="text/css" href="/Main Style.css">
<link rel="shortcut icon" href="/icon.ico" />
</head>
<body>
<?php
session_start();
$conn = new mysqli($_SESSION["servername"], $_SESSION["Dusername"], $_SESSION["Dpassword"], $_SESSION["dbname"]);
// Check connection
include '..\\Validate.php';
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$AT = $_SESSION["AccountType"];
$text = validateinput($_POST["text"]);
$IDN = $_SESSION["IDNKey"];
$agent = $_SESSION["idnum"];
$date = date('Y/m/d H:i:s');
$date = str_replace('/', '-', $date);
$sql = "INSERT INTO notes (IDNKey,Date,Text,AgentID) VALUES('{$IDN}','{$date}','{$text}','{$agent}')";
if ($conn->query($sql) === TRUE) {
//echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
if ($AT == 0 || $AT == 7) {
echo "<form action='/Calendar/CreateNote.php' method='post'>\n\t\tAdd Another Note:\n\t\t<input type='text' value='' name='text'><br>\n\t\t<input type='submit' value='Create Note'>\n\t\t</form><br>\n\t\t<form action='/CallCenterAgents/getnextnumber.php' method='post'>\n\t\tNext Number:<input type='submit' value='Next Number'>\n\t\t</form><br>\n\t\t<form action='/CallCenterAgents/Callbacks.php' method='post'>\n\t\tManage Callbacks:<input type='submit' value='Callbacks'>\n\t\t</form>";
} else {
if ($AT == 1) {
echo "<form action= '/SalesAgents/savebookings.php' method='post'>\n\t\t\t\t<input type='number' value='0' name='Mode' hidden>\n\t\t\t\t<input type='submit' value='Back' class='calbutton'>\n\t\t\t\t";
<td
<form method="post" action="{$_SERVER['PHP_SELF']}">
<input type="submit" value="cancel">
</form>
</td>
</tr>
</table>
EOT;
break;
case "deletecategory":
if (!$userprivileges['managefaqcategories']) {
print "You are not permitted to access this page !<br>\n";
break;
}
$input = validateinput($_GET, $faq_categories_fields_def, array('id'));
if (!$input) {
break;
}
//--- delete all entries in that category ---//
$query = "delete from faqentries where category={$input['id']}";
mysql_query($query, $DBconnection) or die("Could not execute query !");
//--- remove category from the database ---//
$query = "delete from faqcategories where id={$input['id']}";
mysql_query($query, $DBconnection) or die("Could not execute query !");
echo <<<EOT
Deleted !<br>
<br>
<a href="{$_SERVER['PHP_SELF']}">back</a>
EOT;
break;
# ---------------------------
# ---------------------------
# ------ LIST PROJECTS ------
# ---------------------------
# ---------------------------
# ---------------------------
# ---------------------------
# ------ LIST PROJECTS ------
# ---------------------------
# ---------------------------
default:
# --- validate input ---
// match_userid and order are pretty safe but it doesn't hurt to
// validate them anyway
$input = validateinput($_GET, $query_fields_def, array('category', 'match_name', 'match_id', 'os', 'completed', 'perpage', 'start', 'order', 'match_userid', 'show_deleted'));
if ($input === False) {
break;
}
# --- fetch os list ---
$query = "select * from oses order by name";
$oslist = mysql_query($query, $DBconnection) or die("Could not execute query !");
$numberos = mysql_num_rows($oslist);
# --- set filters default values ---
$category = isset($input['category']) ? $input['category'] : '-1';
$match_name = $input['match_name'];
$match_id = $input['match_id'];
$os = isset($input['os']) ? $input['os'] : '-1';
$completed = isset($input['completed']) ? $input['completed'] : 0;
$perpage = isset($input['perpage']) ? $input['perpage'] : 50;
$start = isset($input['start']) ? $input['start'] : 0;
$sql = "SELECT * FROM quotes WHERE IDNKey='{$idnkey}'";
$result = mysqli_query($conn, $sql);
$idq = 0;
if (mysqli_num_rows($result) > 0) {
$row = $result->fetch_assoc();
$idq = $row["IDKey"];
$_SESSION["IDQKey"] = $idq;
}
if ($_POST["Mode"] == 1) {
$fn = validateinput($_POST["Fname"]);
$ln = validateinput($_POST["Lname"]);
$add = validateinput($_POST["Address"]);
$at = validateinput($_POST["Btime"]);
$ac = validateinput($_POST["ACAge"]);
$fa = validateinput($_POST["FAge"]);
$pnum = validateinput($_POST["Pnumber"]);
$cell = $_POST["Cell"];
$rad = $_POST["rad"];
$price = $_POST["price"];
$expiry = $_POST["exp"];
$date = substr(date('Y/m/d H:i:s'), 0, 10);
$date = str_replace('/', '-', $date);
$expiry = str_replace('/', '-', $expiry);
$sql = "Update numbers SET Fname='{$fn}',Lname='{$ln}',Address='{$add}',ACAge='{$ac}',FAge='{$fa}',Pnumber='{$pnum}',CellNumber='{$cell}' WHERE IDNKey='{$idnkey}';";
$result = mysqli_query($conn, $sql);
$flags = $_POST["check"];
$Aflag = '0';
$Fflag = '0';
$Tflag = '0';
$Bflag = '0';
$Sflag = '0';
$query = "delete from news where id={$input['id']}";
mysql_query($query, $DBconnection) or die("Could not execute query !");
UpdateRSS($DBconnection);
echo <<<EOT
Deleted!<br>
<br>
<a href="{$_SERVER['PHP_SELF']}">Back</a>
EOT;
break;
//---------------------------------------------------------------------
//---------------------------------------------------------------------
default:
//--- Show temporary notices ---//
show_motd();
//--- validate input ---//
$input = validateinput($_GET, $query_fields_def, array('step', 'start'));
if ($input === False) {
break;
}
//--- set input default values ---//
// max number news items to show at one time
$step = isset($input['step']) ? $input['step'] : 8;
// number news items to skip
$start = isset($input['start']) ? $input['start'] : 0;
//--- compute number of news items ---//
$query = "select count(*) as count from news";
$result = mysql_query($query, $DBconnection) or die("Could not execute query !");
$total = mysql_result($result, 0, "count");
//--- fetch news ---//
$query = "select * from news order by id desc limit {$step} offset {$start}";
$result = mysql_query($query, $DBconnection) or die("Could not execute query !");
}
if ($userlogin == "") {
$userlogin = "******";
}
# --------------- get user id -----------------
$userid = 0;
$usergroup = 0;
if ($userlogin != "anonymous") {
# We need to validate userpassword even if it is crypted at this point
# in a normal usecase because it can be coming directly from the cookie
# and thus could be forged.
# Tags are not allowed in the password field at this point since the
# crypted version of the password should be an hexadecimal string and
# as such not contain any tag.
$fields_def = array('login' => array('type' => 'char', 'size' => 20, 'required' => True), 'password' => array('type' => 'char', 'size' => 32, 'required' => True));
$login_input = validateinput(array('login' => $userlogin, 'password' => $userpassword), $fields_def, array('login', 'password'));
if (!$login_input) {
$wrong_login_or_password = 1;
} else {
$query = "select id,groupid,email from users where login='******'login']}' and password='******'password']}'";
$result = mysql_query($query, $DBconnection) or die("Could not execute query !");
if (mysql_num_rows($result) < 1) {
# could be 0 (no row) or -1 (error)
$wrong_login_or_password = 1;
} else {
$userid = mysql_result($result, 0, "id");
$usergroup = mysql_result($result, 0, "groupid");
$useremail = mysql_result($result, 0, "email");
$query = "update users set lastlogin = CURRENT_TIMESTAMP where id={$userid}";
mysql_query($query, $DBconnection) or die("Could not execute query !");
}
