/**
  * Fetch products data from the database
  * possibility to mix search, filter and order
  * @param int $manufacuture_id 
  * @param string $search_string 
  * @param strong $order
  * @param string $order_type 
  * @param int $limit_start
  * @param int $limit_end
  * @return array
  */
 public function get_products($member_id = null, $search_string = null, $order = null, $order_type = 'Asc', $limit_start, $limit_end)
 {
     if (!is_admin()) {
         $member_id = getUID();
     }
     $this->db->select('products.*');
     $this->db->select('products.description');
     $this->db->select('products.stock');
     $this->db->select('products.cost_price');
     $this->db->select('products.sell_price');
     $this->db->select('products.member_id');
     $this->db->select('membership.name as vendor_name');
     $this->db->from('products');
     if ($member_id != null && $member_id != 0) {
         $this->db->where('vendor_id', $member_id);
     }
     if ($search_string) {
         $this->db->like('products.name', $search_string);
     }
     $this->db->join('membership', 'products.vendor_id = membership.id', 'left');
     $this->db->group_by('products.id');
     if ($order) {
         $this->db->order_by($order, $order_type);
     } else {
         $this->db->order_by('id', $order_type);
     }
     $this->db->limit($limit_start, $limit_end);
     //$this->db->limit('4', '4');
     $query = $this->db->get();
     return $query->result_array();
 }
Ejemplo n.º 2
0
function showVotes($db_handle, $db_found)
{
    $func_message = "";
    $username = $_SESSION['username'];
    $uid = getUID($db_handle, $username);
    if ($db_found) {
        //next query to find all files UID has voted on
        $SQL_stmt = "SELECT images_voted FROM users WHERE uid = '{$uid}'";
        $query_result = mysqli_query($db_handle, $SQL_stmt);
        if ($query_result) {
            $actual_result = mysqli_fetch_assoc($query_result);
            $images_voted = $actual_result['images_voted'];
            if ($images_voted != '') {
                $image_array = explode(',', $images_voted);
                foreach ($image_array as $image_id) {
                    $SQL_stmt = "SELECT fname FROM files WHERE fid = '{$image_id}'";
                    $query_result2 = mysqli_query($db_handle, $SQL_stmt);
                    $actual_result2 = mysqli_fetch_assoc($query_result2);
                    //echo $actual_result2['fname'] . "<br>";
                    echo "<a href='imageload.php?image=" . $actual_result2['fname'] . "'>" . $actual_result2['fname'] . " </a><br>";
                }
            } else {
                $func_message = "No files found";
            }
        } else {
            $func_message = "Error querying database";
        }
        mysqli_close($db_handle);
    } else {
        $func_message = "Error connecting to database";
    }
    return $func_message;
}
 public function get_vouchers($member_id = null, $search_string = null, $order = null, $order_type = 'Asc', $limit_start, $limit_end)
 {
     if (!is_admin()) {
         $member_id = getUID();
     }
     $this->db->select('deal_voucher.*');
     $this->db->select('membership.name as vendor_name');
     $this->db->select('o.customer_firstname as customer_firstname');
     $this->db->select('o.customer_lastname as customer_lastname');
     $this->db->select('i.name as product_name');
     $this->db->from('deal_voucher');
     $this->db->join('sales_flat_order as o', 'deal_voucher.order_id = o.entity_id', 'left');
     $this->db->join('sales_flat_order_item as i', 'deal_voucher.order_id = i.order_id', 'left');
     if ($member_id != null && $member_id != 0) {
         $this->db->where('vendor_id', $member_id);
     }
     if ($search_string) {
         $this->db->like('order_increment_id', $search_string);
     }
     $this->db->join('membership', 'deal_voucher.vendor_id = membership.id', 'left');
     $this->db->group_by('deal_voucher.entity_id');
     if ($order) {
         $this->db->order_by($order, $order_type);
     } else {
         $this->db->order_by('entity_id', $order_type);
     }
     $this->db->limit($limit_start, $limit_end);
     //$this->db->limit('4', '4');
     $query = $this->db->get();
     return $query->result_array();
 }
Ejemplo n.º 4
0
 function getUID()
 {
     return getUID();
 }
Ejemplo n.º 5
0
function updateConnection($text, $array)
{
    $player = getUID($text);
    if ($player == "BOT") {
        return;
    }
    echo "Player: " . $player . "<br>";
    if (preg_match('/connected, address/', $text)) {
        $time = getTime($text);
        $array[$player] = $time;
    }
}
Ejemplo n.º 6
0
include_once $FANNIE_ROOT . 'auth/login.php';
if (!validateUserQuiet('editmembers') && !validateUserQuiet('editmembers_csc') && !validateUserQuiet('viewmembers')) {
    $url = $FANNIE_URL . 'auth/ui/loginform.php?redirect=' . $_SERVER['PHP_SELF'];
    header('Location: ' . $url);
    return;
}
//include('../db.php');
include 'memAddress.php';
$username = validateUserQuiet('editmembers');
if (isset($_GET['memNum'])) {
    $memID = $_GET['memNum'];
} else {
    $memID = $_POST['memNum'];
}
/* audit logging */
$uid = getUID($username);
$auditQ = "insert custUpdate select " . $sql->now() . ",{$uid},1,\n    CardNo,personNum,LastName,FirstName,\n    CashBack,Balance,Discount,ChargeLimit,ChargeOK,\n    WriteChecks,StoreCoupons,Type,memType,staff,SSI,Purchases,\n    NumberOfChecks,memCoupons,blueLine,Shown,id from custdata where cardno={$memID}";
//$auditR = $sql->query($auditQ);
$MI_FIELDS = array();
$memNum = $_POST['memNum'];
$MI_FIELDS['street'] = $_POST['address1'] . (!empty($_POST['address2']) ? "\n" . $_POST['address2'] : '');
$MI_FIELDS['city'] = $_POST['city'];
$MI_FIELDS['state'] = $_POST['state'];
$MI_FIELDS['zip'] = $_POST['zip'];
$MI_FIELDS['phone'] = $_POST['phone'];
$MI_FIELDS['email_2'] = $_POST['phone2'];
$MI_FIELDS['email_1'] = $_POST['email'];
$MI_FIELDS['ads_OK'] = $_POST['mailflag'];
$cust = new CustdataModel($dbc);
$cust->CardNo($memNum);
$cust->personNum(1);
Ejemplo n.º 7
0
<?php

include '../../config.php';
include $FANNIE_ROOT . 'auth/login.php';
$uid = 1005;
$user = validateUserQuiet('delete_items');
if (!$user) {
    header("Location: {$FANNIE_URL}auth/ui/loginform.php?redirect={$FANNIE_URL}legacy/queries/listDel.php?upc={$_GET['upc']}&description={$_GET['description']}");
    return;
}
$uid = getUID($user);
?>
<html>
<body bgcolor=#dd0000 text=#ccccff>
<?php 
include '../db.php';
if (isset($_POST['Yes'])) {
    $upc = $_POST['upc'];
    $gatherQ = '';
    $args = array();
    if (isset($_POST['description'])) {
        $desc = base64_decode($_POST['description']);
        $sql->prepare($gatherQ = "select upc,description,normal_price,department,tax,foodstamp,scale,modified,qttyenforced,discount,inuse from products where upc=? and description=?");
        $args = array($upc, $desc);
    } else {
        $gatherQ = $sql->prepare("select upc,description,normal_price,department,tax,foodstamp,scale,modified,qttyenforced,discount,inuse from products where upc=?");
        $args = array($upc);
    }
    $gatherR = $sql->execute($gatherQ, $args);
    $gatherRow = $sql->fetch_row($gatherR);
    $query = '';
Ejemplo n.º 8
0
/**
 * logging出力
 */
function logging($arglog, $argLogName = NULL, $argConsolEchoFlag = FALSE)
{
    static $pdate = NULL;
    static $phour = NULL;
    static $loggingLineNum = 1;
    $logpath = dirname(dirname(dirname(dirname(__FILE__)))) . '/log/';
    if (class_exists('Configure', FALSE) && NULL !== constant('Configure::LOG_PATH')) {
        $logpath = Configure::LOG_PATH;
    }
    if (class_exists('Configure', FALSE) && NULL !== constant('Configure::DEBUG_ENABLED')) {
        $debugFlag = Configure::DEBUG_ENABLED;
    }
    // XXX ログローテートの実行
    if (NULL === $argLogName) {
        $argLogName = 'process';
    }
    if (NULL === $pdate) {
        $deftimezone = @date_default_timezone_get();
        date_default_timezone_set('Asia/Tokyo');
        $dateins = new DateTime();
        $pdate = $dateins->format('Y-m-d H:i:s') . ' [UDate:' . microtime(TRUE) . ']';
        $phour = $dateins->format('H');
        date_default_timezone_set($deftimezone);
    }
    if (is_array($arglog) || is_object($arglog)) {
        $arglog = var_export($arglog, TRUE);
    }
    if (isset($_SERVER['REQUEST_URI'])) {
        $arglog = '[URI:' . $_SERVER['REQUEST_URI'] . ']' . $arglog;
    }
    $logstr = $pdate . '[logging' . $loggingLineNum . '][SID:' . getSessionID() . '][UID:' . getUID() . ']' . $arglog;
    // 改行コードは\rだけにして、一行で表現出来るようにする
    $logstr = str_replace(PHP_CR, '[EOL]', $logstr);
    $logstr = str_replace(PHP_LF, '[EOL]', $logstr);
    if ('process' !== $argLogName) {
        // process_logは常に出す
        if (!is_file($logpath . 'process_log')) {
            @touch($logpath . 'process_log');
            @chmod($logpath . 'process_log', 0666);
        }
        if (!is_file($logpath . 'process_' . $phour . '.log')) {
            @touch($logpath . 'process_' . $phour . '.log');
            @chmod($logpath . 'process_' . $phour . '.log', 0666);
        }
        @file_put_contents($logpath . 'process_log', $logstr . PHP_EOL, FILE_APPEND);
        @file_put_contents($logpath . 'process_' . $phour . '.log', $logstr . PHP_EOL, FILE_APPEND);
    }
    if (!is_file($logpath . $argLogName . '_log')) {
        @touch($logpath . $argLogName . '_log');
        @chmod($logpath . $argLogName . '_log', 0666);
    }
    if (!is_file($logpath . $argLogName . '_' . $phour . '.log')) {
        @touch($logpath . $argLogName . '_' . $phour . '.log');
        @chmod($logpath . $argLogName . '_' . $phour . '.log', 0666);
    }
    @file_put_contents($logpath . $argLogName . '_log', $logstr . PHP_EOL, FILE_APPEND);
    @file_put_contents($logpath . $argLogName . '_' . $phour . '.log', $logstr . PHP_EOL, FILE_APPEND);
    // $debugFlagが有効だったらdebugログに必ず出力
    if (isset($debugFlag) && 1 === (int) $debugFlag && isset($_SERVER['REQUEST_URI']) && 'debug' != $argLogName) {
        debug($arglog);
    }
    // XXX consolは画面に出力
    if (TRUE === $argConsolEchoFlag && isset($debugFlag) && TRUE == $debugFlag && !isset($_SERVER['REQUEST_URI'])) {
        echo $logstr . PHP_EOL;
    }
    $loggingLineNum++;
}
Ejemplo n.º 9
0
 protected function showPairedBatchDisplay($id, $name)
 {
     global $FANNIE_SERVER_DBMS;
     $dbc = $this->connection;
     $uid = getUID($this->current_user);
     $uid = ltrim($uid, '0');
     $ret = "";
     $ret .= sprintf('<input type="hidden" id="currentBatchID" value="%d" />', $id);
     $ret .= "<b>Batch name</b>: {$name}<br />";
     $ret .= "<a href=\"BatchListPage.php\">Back to batch list</a> | ";
     $ret .= "<a href=\"\" onclick=\"forceNow({$id}); return false;\">Force batch</a>";
     $ret .= " | No limit";
     $ret .= " <span id=\"currentLimit\" style=\"color:#000;\"></span>";
     $q = $dbc->prepare_statement("SELECT b.discounttype,salePrice,\n            CASE WHEN l.pricemethod IS NULL THEN 4 ELSE l.pricemethod END as pricemethod,\n            CASE WHEN l.quantity IS NULL THEN 1 ELSE l.quantity END as quantity\n            FROM batches AS b LEFT JOIN batchList AS l \n            ON b.batchID=l.batchID WHERE b.batchID=? ORDER BY l.pricemethod");
     $r = $dbc->exec_statement($q, array($id));
     $w = $dbc->fetch_row($r);
     if (!empty($w['salePrice'])) {
         $ret .= "<div class=\"well\">Add all items before fiddling with these settings\n                or they'll tend to go haywire</div>";
         $ret .= '<div id="paired-fields">
             <div class="form-group form-inline">';
         $ret .= '<label>Member only sale
             <input type="checkbox" name="member" value="1" ' . ($w['discounttype'] == 2 ? 'checked' : '') . ' />
             </label>';
         $ret .= ' | ';
         $ret .= '<label>Split discount
             <input type="checkbox" name="split" value="1" ' . ($w['pricemethod'] == 4 ? '' : 'checked') . ' />
             </label>';
         $ret .= '</div>';
         $ret .= '<div class="form-group form-inline">';
         $ret .= '<label>Qualifiers Required</label> ';
         $ret .= sprintf('<input type="number" class="form-control" value="%d"
                 name="qualifiers" />', $w['quantity'] - 1);
         $ret .= ' <label>Discount</label> ';
         $ret .= sprintf('<div class="input-group">
                 <span class="input-group-addon">$</span>
                 <input type="text" class="form-control" value="%.2f"
                 name="discount" /></div>', empty($w['salePrice']) ? '' : abs($w['salePrice']));
         $ret .= sprintf(' <button type="submit" class="btn btn-default"
                 onclick="savePairedPricing(%d); return false;">Update Pricing</button>', $id);
         $ret .= '</div>';
         $ret .= '</div>';
         // end #paired-fields
     } else {
         $ret .= "<div class=\"alert alert-warning\">Add items first</div>";
     }
     $fetchQ = $dbc->prepare_statement("\n            SELECT b.upc,\n                case when l.likeCode is null then p.description else l.likeCodeDesc end as description,\n                p.normal_price,\n                b.salePrice,\n                b.batchID\n            FROM batchList AS b \n                " . DTrans::joinProducts('b') . "\n                LEFT JOIN likeCodes as l on b.upc = concat('LC'+convert(l.likeCode,char))\n            WHERE b.batchID = ? \n                AND b.salePrice >= 0");
     if ($FANNIE_SERVER_DBMS == "MSSQL") {
         $fetchQ = $dbc->prepare_statement("select b.upc,\n                    case when l.likecode is null then p.description\n                    else l.likecodedesc end as description,\n                    p.normal_price,b.salePrice\n                    from batchList as b \n                        " . DTrans::joinProducts('b') . "\n                        left join likeCodes as l on\n                    b.upc = 'LC'+convert(varchar,l.likecode)\n                    where b.batchID = ? AND b.salePrice >= 0");
     }
     $fetchR = $dbc->exec_statement($fetchQ, array($id));
     $ret .= '<table class="table" id="qualifier-table">';
     $ret .= '<tr><th colspan="4">Qualifying Item(s)</th></tr>';
     $ret .= $this->pairedTableBody($dbc, $fetchR);
     $ret .= "</table>";
     $fetchQ = $dbc->prepare_statement("\n            SELECT b.upc,\n                case when l.likeCode is null then p.description else l.likeCodeDesc end as description,\n                p.normal_price,\n                b.salePrice,\n                b.batchID\n            FROM batchList AS b \n                " . DTrans::joinProducts('b') . "\n                LEFT JOIN likeCodes as l on b.upc = concat('LC'+convert(l.likeCode,char))\n            WHERE b.batchID = ? \n                AND b.salePrice < 0");
     if ($FANNIE_SERVER_DBMS == "MSSQL") {
         $fetchQ = $dbc->prepare_statement("select b.upc,\n                    case when l.likecode is null then p.description\n                    else l.likecodedesc end as description,\n                    p.normal_price,b.salePrice\n                    from batchList as b \n                        " . DTrans::joinProducts('b') . "\n                        left join likeCodes as l on\n                    b.upc = 'LC'+convert(varchar,l.likecode)\n                    where b.batchID = ? AND b.salePrice < 0");
     }
     $fetchR = $dbc->exec_statement($fetchQ, array($id));
     $ret .= '<table class="table" id="discount-table">';
     $ret .= '<tr><th colspan="4">Discount Item(s)</th></tr>';
     $ret .= $this->pairedTableBody($dbc, $fetchR);
     $ret .= "</table>";
     return $ret;
 }
Ejemplo n.º 10
0
<?php

session_start();
$message = '';
//only logged in users can vote
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
    $message = "Log in to vote";
}
require 'db_connect.php';
require 'getUID.php';
require 'getTotalVotes.php';
if ($message == '') {
    $username = $_SESSION['username'];
    $modified_username = mysqli_real_escape_string($db_handle, $username . ', ');
    $uid = getUID($db_handle, $_SESSION['username']);
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        $image_id = $_POST['image_id'];
        $modified_image_id = mysqli_real_escape_string($db_handle, $image_id . ',');
        //check if user has voted (optimize this to mysqli_multi_query in future)
        $SQL_stmt = "SELECT fusers_voted FROM files WHERE fid = '{$image_id}'";
        $SQL_stmt2 = "SELECT images_voted FROM users WHERE uid = '{$uid}'";
        //first query
        $query_result = mysqli_query($db_handle, $SQL_stmt);
        $actual_result = mysqli_fetch_assoc($query_result);
        $fusers_voted = mysqli_real_escape_string($db_handle, $actual_result['fusers_voted']);
        //second query
        $query_result = mysqli_query($db_handle, $SQL_stmt2);
        $actual_result = mysqli_fetch_assoc($query_result);
        $images_voted = mysqli_real_escape_string($db_handle, $actual_result['images_voted']);
        //if yes, then remove vote
        if (checkVoted($fusers_voted, $username)) {
 /**
  * Delete product by his id
  * @return void
  */
 public function delete()
 {
     //product id
     $id = $this->uri->segment(4);
     $p = $this->vouchers_model->get_product_by_id($id);
     if (isset($p[0]) && $p[0]['vendor_id'] != getUID()) {
         if (!is_admin()) {
             redirect('admin/vouchers');
         }
     }
     $this->vouchers_model->delete_product($id);
     redirect('admin/vouchers');
 }
Ejemplo n.º 12
0
    return (int) $matches[1];
}
$query = "SELECT * FROM war_audit_add_user";
$uidfile = GWF_CORE_PATH . 'module/Audit/ruth/lastwcid';
if (false === ($result = $db->queryRead($query))) {
    die('DB ERROR 1');
}
while (false !== ($row = $db->fetchAssoc($result))) {
    $username = $row['username'];
    if (!preg_match('/^[a-z][a-z0-9_]{0,31}$/iD', $username)) {
        GWF_Cronjob::error('Username invalid: ' . $username);
        continue;
    }
    $create = false;
    $crypt_pass = escapeshellarg($row['password']);
    if (false === ($uid = getUID($username))) {
        $nextuid = trim(file_get_contents($uidfile));
        $nextuid++;
        $uid = $nextuid;
        file_put_contents($uidfile, $uid);
        $create = true;
    }
    if ($uid > 3000) {
        if ($create) {
            system(GWF_PATH . 'core/module/Audit/ruth/adduser.sh' . " {$uid} {$username} {$crypt_pass}");
        } else {
            system("/usr/sbin/usermod -p {$crypt_pass} {$username}");
        }
        GWF_File::filewalker(GWF_CORE_PATH . 'module/Audit/challs', 'setup_chall', true, true, $username);
        if ($create) {
            $dirname = "/home/user/{$username}/level";
Ejemplo n.º 13
0
 public function resetPassword($username)
 {
     if (!empty($username)) {
         if ($uid = getUID($username)) {
             $query = sprintf("SELECT time FROM tokens WHERE affects = %d AND type = %d", $this->sql->sanitize($uid), $this->sql->sanitize(USER_RESETPW));
             $this->sql->query($query, SQL_FIRST);
             if (NULL == $this->sql->error) {
                 if (!empty($this->sql->record[0])) {
                     $this->error = "A reset request for this user has already been sent.";
                     return FALSE;
                 }
                 $passwordHash = $this->crypto->genPassword();
                 $passwordHash = explode(':::::', $passwordHash);
                 if ("" != ($email = $this->get($uid, USER_EMAIL))) {
                     $token = $this->crypto->genUniqueID();
                     $query = sprintf("INSERT INTO tokens (id, type, time, affects) values ('%s', %d, %d, %d", $this->sql->sanitize($token), $this->sql->sanitize(USER_RESETPW), $this->sql->sanitize(time()), $this->sql->sanitize($uid));
                     $this->sql->query($query);
                     if (NULL == $this->sql->error) {
                         $envelope = array('dest' => $email, 'subject' => 'Your password has been reset.', 'message' => 'To retrieve your new password and disable your old' . 'passwords, please visit the following link: ' . WEBSITE_URL . '?module=auth&action=confirm&id=' . $token);
                         if (emailAdmin($envelope)) {
                             return TRUE;
                         } else {
                             $this->error = "There was a problem sending the confirmation e-mail.";
                             return FALSE;
                         }
                     }
                 } else {
                     $this->error = "There is no e-mail assoiated with that user.";
                     return FALSE;
                 }
             }
             $this->error = "Query error.";
             return FALSE;
         } else {
             $this->error = "Invalid username.";
             return FALSE;
         }
     } else {
         $this->error = "You must enter a username.";
         return FALSE;
     }
 }
Ejemplo n.º 14
0
function deleteLogin($name)
{
    if (!isAlphanumeric($name)) {
        return false;
    }
    if (!validateUser('admin')) {
        return false;
    }
    $sql = dbconnect();
    $uid = getUID($name);
    $delQ = $sql->prepare_statement("delete from userPrivs where uid=?");
    $delR = $sql->exec_statement($delQ, array($uid));
    $deleteQ = $sql->prepare_statement("delete from Users where name=?");
    $deleteR = $sql->exec_statement($deleteQ, array($name));
    $groupQ = $sql->prepare_statement("DELETE FROM userGroups WHERE username=?");
    $groupR = $sql->exec_statement($groupQ, array($name));
    return true;
}
Ejemplo n.º 15
0
<?php

if (basename(__FILE__) != basename($_SERVER['PHP_SELF'])) {
    return;
}
include dirname(__FILE__) . '/../../../config.php';
if (!function_exists('validateUserQuiet')) {
    require $FANNIE_ROOT . 'auth/login.php';
}
$all = validateUserQuiet('view_all_hours');
$name = checkLogin();
if ($all) {
    header("Location: WfcHtMenuPage.php");
} elseif ($name) {
    header("Location: WfcHtViewEmpPage.php?id=" . getUID($name));
} else {
    header("Location: {$FANNIE_URL}auth/ui/loginform.php?redirect={$_SERVER['PHP_SELF']}");
}
 public function jianbaoList()
 {
     $uid = getUID();
     $date = $this->_param('date');
     if (!$uid) {
         $this->ajaxReturn(0, '请登录', 0);
     }
     $mode = M();
     if (!isset($date)) {
         $query = "SELECT a.id,a.today,a.tomorrow,a.create_date,b.name,b.leader FROM `iqianjin_daily_group` as a left join `iqianjin_group` as b on a.group_id = b.id where to_days(a.create_date) = to_days(now())";
     } else {
         $query = "SELECT a.id,a.today,a.tomorrow,a.create_date,b.name,b.leader FROM `iqianjin_daily_group` as a left join `iqianjin_group` as b on a.group_id = b.id where to_days(a.create_date) = to_days({$date})";
     }
     $list = $mode->query($query);
     if ($list) {
         $this->ajaxReturn($list, 'ok', 1);
     } else {
         $this->ajaxReturn(0, 'fail', 0);
     }
 }
Ejemplo n.º 17
0
function activate($memNum)
{
    global $sql;
    $model = new CustomerAccountSuspensionsModel($sql);
    $model->card_no($memNum);
    $username = checkLogin();
    $uid = getUID($username);
    $auditQ = "insert custUpdate select now(),{$uid},1,* from custdata where cardno={$memNum}";
    //$auditR = $sql->query($auditQ);
    $query = $sql->prepare("select type,memtype1,memtype2,discount,chargelimit,mailflag from suspensions where cardno=?");
    $result = $sql->execute($query, array($memNum));
    $row = $sql->fetch_array($result);
    // type S shouldn't exist any more, in here to deal with historical rows
    $mQ = $sql->prepare("update meminfo set ads_OK=? where card_no=?");
    $cQ = $sql->prepare("update custdata set memType=?, Type=?,ChargeOk=1,Discount=?,MemDiscountLimit=?,ChargeLimit=?\n        where CardNo=?");
    if ($row[0] == 'I' || $row[0] == 'T' || $row[0] == 'S') {
        $mR = $sql->execute($mQ, array($row['mailflag'], $memNum));
        $cR = $sql->execute($cQ, array($row['memtype1'], $row['memtype2'], $row['discount'], $row['chargelimit'], $row['chargelimit'], $memNum));
    } else {
        if ($row[0] == 'X') {
            $mR = $sql->execute($mQ, array($row['mailflag'], $memNum));
            $cR = $sql->execute($cQ, array($row['memtype1'], $row['memtype2'], $row['discount'], $row['chargelimit'], $row['chargelimit'], $memNum));
        }
    }
    $query = $sql->prepare("delete from suspensions where cardno=?");
    $result = $sql->execute($query, array($memNum));
    $username = validateUserQuiet('editmembers');
    $now = date("Y-m-d h:i:s");
    $query = $sql->prepare("insert into suspension_history (username, postdate, post, cardno, reasoncode)\n            values (?,?,'Account reactivated',?,-1)");
    $result = $sql->execute($query, array($username, $now, $memNum));
    // add record to denote account was activated
    // this record is not considered "active" because
    // the account is not suspended
    $model->reasonCode(0);
    $model->suspensionTypeID(0);
    $model->username($username);
    $model->tdate($now);
    $model->active(0);
    $model->save();
    $model->reset();
    $model->card_no($memNum);
    $model->active(1);
    foreach ($model->find() as $obj) {
        $obj->active(0);
        $obj->save();
    }
}
Ejemplo n.º 18
0
function syncUserLDAP($name, $uid, $fullname)
{
    $currentUID = getUID($name);
    $sql = dbconnect();
    if (!$currentUID) {
        $addQ = $sql->prepare_statement("INSERT INTO Users \n            (name,password,salt,uid,session_id,real_name)\n            VALUES (?,'','',?,'',?)");
        $sql->exec_statement($addQ, array($name, $uid, $fullname));
    } else {
        $upQ1 = $sql->prepare_statement("UPDATE Users SET real_name=?\n                WHERE name=?");
        $sql->exec_statement($upQ1, array($fullname, $name));
    }
}
Ejemplo n.º 19
0
    if ($currentW[$column] != trim($new_value, "'")) {
        $CHANGES[$column] = array('old' => $currentW[$column], 'new' => trim($new_value, "'"));
    }
}
$sR = $dbc->query("SELECT superID FROM MasterSuperDepts WHERE dept_ID=" . $up_array['department']);
$sID = 0;
if ($dbc->num_rows($sR) > 0) {
    $sID = array_pop($dbc->fetch_row($sR));
}
/* 1. Validate credentials of the operator.  */
$uid = 0;
if (!$validatedUser && !$auditedUser && $logged_in) {
    $validatedUser = validateUserQuiet('pricechange', $subdepartment);
}
if ($validatedUser) {
    $validatedUID = getUID($validatedUser);
    $uid = $validatedUID;
} elseif ($auditedUser) {
    /* 2el. Notify dept manager of the new values.  */
    if (!empty($likeCode)) {
        \COREPOS\Fannie\API\lib\AuditLib::itemUpdate($upc, $likeCode);
    } else {
        \COREPOS\Fannie\API\lib\AuditLib::itemUpdate($upc);
    }
}
/* 2. Insert or update per-coop products data  */
/* For WEFC_Toronto only
 * Store the raw versions of products.description and productUser.description in products_WEFC_Toronto.
*/
if (isset($FANNIE_COOP_ID) && $FANNIE_COOP_ID == "WEFC_Toronto") {
    $table_name = "products_{$FANNIE_COOP_ID}";
Ejemplo n.º 20
0
   they don't have permission to change prices on all
   items.  So get the sub department and check that.
*/
$deptSubQ = $sql->prepare("select superID from MasterSuperDepts where dept_ID = ?");
$deptSubR = $sql->execute($deptSubQ, array($dept));
$deptSubW = $sql->fetch_array($deptSubR);
$deptSub = $deptSubW[0];
if (!$validatedUser && !$auditedUser && $logged_in) {
    $validatedUser = validateUserQuiet('pricechange', $deptSub);
}
$uid = 1005;
if ($validatedUser) {
    $validatedUID = getUID($validatedUser);
    $uid = $validatedUID;
} elseif ($auditedUser) {
    $auditedUID = getUID($auditedUser);
    $uid = $auditedUID;
    include '../../item/audit.php';
    if (!empty($likeCode)) {
        audit($deptSub, $auditedUser, $upc, $descript, $price, $tax, $FS, $Scale, $NoDisc, $likeCode);
    } else {
        audit($deptSub, $auditedUser, $upc, $descript, $price, $tax, $FS, $Scale, $NoDisc);
    }
}
if (!$validatedUser && !$auditedUser && substr($upc, 0, 3) != "002") {
    echo "Please ";
    echo "<a href=/auth/ui/loginform.php?redirect=/queries/productTest.php?upc={$upc}>";
    echo "login</a> to add new items";
    return;
}
$price_method = 0;
Ejemplo n.º 21
0
          is in that department
       */
    $validated = false;
    $sql = hours_dbconnect();
    $depts = array(10, 11, 12, 13, 20, 21, 30, 40, 41, 50, 60, 998);
    $checkQ = $sql->prepare_statement("select department from employees where empID=?");
    $checkR = $sql->exec_statement($checkQ, array($empID));
    $checkW = $sql->fetch_row($checkR);
    if (validateUserQuiet('view_all_hours', $checkW['department'])) {
        $validated = true;
    }
    /* no access permissions found, so only allow the
          logged in user to see themself
       */
    if (!$validated) {
        $empID = getUID($name);
    }
}
echo "<html><head><title>View</title>";
echo "<style type=text/css>\n#payperiods {\n    margin-top: 50px;\n}\n\n#payperiods td {\n    text-align: right;\n}\n\n#payperiods th {\n    text-align: center;\n}\n\n#payperiods td.left {\n    text-align: left;\n}\n\n#payperiods th.left {\n    text-align: left;\n}\n\n#payperiods th.right {\n    text-align: right;\n}\n\ntr.one td {\n    background: #ffffcc;\n}\ntr.one th {\n    background: #ffffcc;\n    text-align: right;\n}\n\ntr.two td {\n    background: #ffffff;\n}\ntr.two th {\n    background: #ffffff;\n    text-align: right;\n}\na {\n    color: blue;\n}\n\n#temptable th {\n    text-align: left;\n}\n#temptable td {\n    text-align: right;\n    padding-left: 2em;\n}\n\n#temptable {\n    font-size: 125%;\n}\n\n#newtable th{\n    text-align: left;\n}\n#newtable td{\n    text-align: right;\n}\n\n</style>";
echo "</head><body>";
echo "<h3>Salary Employee PTO Status</h3>";
$sql = hours_dbconnect();
$infoQ = $sql->prepare_statement("select e.name,e.adpID,\n    s.totalTaken as daysTaken\n    from employees as e left join\n    salarypto_ytd as s on e.empID=s.empID\n    where e.empID=?");
$infoR = $sql->exec_statement($infoQ, array($empID));
$infoW = $sql->fetch_row($infoR);
echo "<h2>{$infoW['0']} [ <a href={$FANNIE_URL}auth/ui/loginform.php?logout=yes>Logout</a> ]</h2>";
echo "<table cellspacing=0 cellpadding=4 border=1 id=newtable>";
echo "<tr class=one><th>PTO Allocation</th><td>{$infoW['1']}</td></tr>";
echo "<tr class=two><th>PTO Taken, YTD</th><td>{$infoW['2']}</td></tr>";
echo "<tr class=one><th>PTO Remaining</th><td>" . ($infoW[1] - $infoW[2]) . "</td></tr>";
Ejemplo n.º 22
0
<?php

include '../../../config.php';
require $FANNIE_ROOT . 'auth/login.php';
$all = validateUserQuiet('view_all_hours');
$name = checkLogin();
if ($all) {
    header("Location: menu.php");
} elseif ($name) {
    header("Location: viewEmployee.php?id=" . getUID($name));
} else {
    header("Location: {$FANNIE_URL}auth/ui/loginform.php?redirect={$FANNIE_URL}legacy/it/hours/");
}
Ejemplo n.º 23
0
function checkAuth($name, $auth_class, $sub = 'all')
{
    if (init_check()) {
        return 'init';
    }
    if (!isAlphanumeric($name) or !isAlphanumeric($auth_class) or !isAlphanumeric($sub)) {
        return false;
    }
    $uid = getUID($name);
    if (!$uid) {
        return false;
    }
    $sql = dbconnect();
    $checkQ = $sql->prepare_statement("select * from userPrivs where uid=? and auth_class=? and\n             ((? between sub_start and sub_end) or (sub_start='all' and sub_end='all'))");
    $checkR = $sql->exec_statement($checkQ, array($uid, $auth_class, $sub));
    if ($sql->num_rows($checkR) == 0) {
        return false;
    }
    return true;
}