echo "<s";
echo "elect name=\"status\"><option>New<option>Pending<option>In Progress<option>Completed<option>Postponed</select></td></tr>\n</table>\n\n<img src=\"images/spacer.gif\" height=\"10\" width=\"1\"><br>\n<DIV ALIGN=\"center\"><input type=\"submit\" value=\"";
echo $aInt->lang("todolist", "addtodoitem");
echo "\" class=\"button\"></DIV>\n</form>\n\n </div>\n</div>\n\n<br />\n\n";
$aInt->sortableTableInit("duedate", "ASC");
unset($where);
if ($status == "Incomplete" || $status == "") {
$where['status'] = array("sqltype" => "NEQ", "value" => "Completed");
} else {
$where['status'] = $status;
}
if ($date) {
$where['date'] = toMySQLDate($date);
}
if ($duedate) {
$where['duedate'] = toMySQLDate($duedate);
}
if ($title) {
$where['title'] = array("sqltype" => "LIKE", "value" => $title);
}
if ($description) {
$where['description'] = array("sqltype" => "LIKE", "value" => $description);
}
if ($admin) {
$where['admin'] = $admin;
}
$table = "tbltodolist";
$result = select_query($table, "COUNT(*)", $where, $orderby, $order);
$data = mysql_fetch_array($result);
$numrows = $data[0];
$AdminsArray = array();
<?php
use WHMCS\Input\Sanitize;
if (!defined("WHMCS")) {
die("This file cannot be accessed directly");
}
if (!function_exists('getRegistrarsDropdownMenu')) {
require ROOTDIR . '/includes/registrarfunctions.php';
}
$whmcs = App::self();
$reportdata["title"] = $aInt->lang('reports', 'domainRenewalEmailsTitle');
$userID = $whmcs->get_req_var('client');
$domain = $whmcs->get_req_var('domain');
$dateFrom = $whmcs->get_req_var('dateFrom') ? toMySQLDate($whmcs->get_req_var('dateFrom')) : '';
$dateTo = $whmcs->get_req_var('dateTo') ? toMySQLDate($whmcs->get_req_var('dateTo')) : '';
$formDateFrom = $dateFrom ? fromMySQLDate($dateFrom) : '';
$formDateTo = $dateTo ? fromMySQLDate($dateTo) : '';
$registrar = $whmcs->get_req_var('registrar');
$print = $whmcs->get_req_var('print');
/**
* Replace the "None" string with the "Any" string
*/
$registrarList = str_replace($aInt->lang('global', 'none'), $aInt->lang('global', 'any'), getRegistrarsDropdownMenu($registrar));
$reportdata["description"] = $aInt->lang('reports', 'domainRenewalEmailsDescription');
$reportHeader = '';
if (!$print) {
$reportHeader = <<<REPORT_HEADER
<form method="post" action="reports.php?report=domain_renewal_emails">
{$aInt->lang('fields', 'clientid')}: {$aInt->clientsDropDown($userID, '', 'client', true)}
{$aInt->lang('fields', 'domain')}: <input type="text" name="domain" value="{$domain}" size="30" />
{$aInt->lang('fields', 'registrar')}: {$registrarList}
$result = select_query("tbladmins", "id,firstname,lastname", "", "firstname` ASC,`lastname", "ASC");
while ($data = mysql_fetch_array($result)) {
$aid = $data['id'];
$admindropdown .= "<option value=\"" . $aid . "\"";
if ($aid == $adminid) {
echo " selected";
}
$admindropdown .= ">" . $data['firstname'] . " " . $data['lastname'] . "</option>";
}
$admindropdown .= "</select>";
$reportdata['headertext'] = "<form method=\"post\" action=\"reports.php?report=" . $report . "\">\n<table align=\"center\">\n<tr><td>Due Date Range - From</td><td><input type=\"text\" name=\"datefrom\" value=\"" . $datefrom . "\" class=\"datepick\" /></td><td width=\"20\"></td><td>To</td><td><input type=\"text\" name=\"dateto\" value=\"" . $dateto . "\" class=\"datepick\" /></td><td width=\"20\"></td><td>Filter by Status</td><td>" . $statusdropdown . "</td><td width=\"20\"></td><td>Filter by Staff Member</td><td>" . $admindropdown . "</td><td width=\"20\"></td><td><input type=\"submit\" value=\"Submit\" /></tr>\n</table>\n</form>";
$reportdata['tableheadings'] = array("ID", "Created", "Project Title", "Assigned Staff", "Associated Client", "Due Date", "Total Invoiced", "Total Paid", "Total Time", "Status");
$totalprojectstime = $i = 0;
$adminquery = $adminid ? " AND adminid='" . (int) $adminid . "'" : "";
$statusquery = $status ? " AND status='" . db_escape_string($status) . "'" : "";
$result = select_query("mod_project", "", "duedate>='" . toMySQLDate($datefrom) . "' AND duedate<='" . toMySQLDate($dateto) . "'" . $adminquery . $statusquery);
while ($data = mysql_fetch_array($result)) {
$totaltaskstime = 0;
$projectid = $data['id'];
$projectname = $data['title'];
$adminid = $data['adminid'];
$userid = $data['userid'];
$created = $data['created'];
$duedate = $data['duedate'];
$ticketids = $data['ticketids'];
$projectstatus = $data['status'];
$created = fromMySQLDate($created);
$duedate = fromMySQLDate($duedate);
$admin = $adminid ? getAdminName($adminid) : "None";
if ($userid) {
$clientsdetails = getClientsDetails($userid);
function Render()
{
// get post and get variables
global $Translation;
$adminConfig = config('adminConfig');
$FiltersPerGroup = 4;
$buttonWholeWidth = 136;
$current_view = '';
/* TV, DV, TVDV, TVP, DVP, Filters */
$Embedded = intval($_REQUEST['Embedded']);
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$SortField = $_GET["SortField"];
$SortDirection = $_GET["SortDirection"];
$FirstRecord = $_GET["FirstRecord"];
$ScrollUp_y = $_GET["ScrollUp_y"];
$ScrollDn_y = $_GET["ScrollDn_y"];
$Previous_x = $_GET["Previous_x"];
$Next_x = $_GET["Next_x"];
$Filter_x = $_GET["Filter_x"];
$SaveFilter_x = $_GET["SaveFilter_x"];
$NoFilter_x = $_GET["NoFilter_x"];
$CancelFilter = $_GET["CancelFilter"];
$ApplyFilter = $_GET["ApplyFilter"];
$Search_x = $_GET["Search_x"];
$SearchString = get_magic_quotes_gpc() ? stripslashes($_GET['SearchString']) : $_GET['SearchString'];
$CSV_x = $_GET["CSV_x"];
$FilterAnd = $_GET["FilterAnd"];
$FilterField = $_GET["FilterField"];
$FilterOperator = $_GET["FilterOperator"];
if (is_array($_GET['FilterValue'])) {
foreach ($_GET['FilterValue'] as $fvi => $fv) {
$FilterValue[$fvi] = get_magic_quotes_gpc() ? stripslashes($fv) : $fv;
}
}
$Print_x = $_GET['Print_x'];
$PrintTV = $_GET['PrintTV'];
$PrintDV = $_GET['PrintDV'];
$SelectedID = get_magic_quotes_gpc() ? stripslashes($_GET['SelectedID']) : $_GET['SelectedID'];
$insert_x = $_GET['insert_x'];
$update_x = $_GET['update_x'];
$delete_x = $_GET['delete_x'];
$SkipChecks = $_GET['confirmed'];
$deselect_x = $_GET['deselect_x'];
$addNew_x = $_GET['addNew_x'];
$dvprint_x = $_GET['dvprint_x'];
$DisplayRecords = in_array($_GET['DisplayRecords'], array('user', 'group')) ? $_GET['DisplayRecords'] : 'all';
} else {
$SortField = $_POST['SortField'];
$SortDirection = $_POST['SortDirection'];
$FirstRecord = $_POST['FirstRecord'];
$ScrollUp_y = $_POST['ScrollUp_y'];
$ScrollDn_y = $_POST['ScrollDn_y'];
$Previous_x = $_POST['Previous_x'];
$Next_x = $_POST['Next_x'];
$Filter_x = $_POST['Filter_x'];
$SaveFilter_x = $_POST['SaveFilter_x'];
$NoFilter_x = $_POST['NoFilter_x'];
$CancelFilter = $_POST['CancelFilter'];
$ApplyFilter = $_POST['ApplyFilter'];
$Search_x = $_POST['Search_x'];
$SearchString = get_magic_quotes_gpc() ? stripslashes($_POST['SearchString']) : $_POST['SearchString'];
$CSV_x = $_POST['CSV_x'];
$FilterAnd = $_POST['FilterAnd'];
$FilterField = $_POST['FilterField'];
$FilterOperator = $_POST['FilterOperator'];
if (is_array($_POST['FilterValue'])) {
foreach ($_POST['FilterValue'] as $fvi => $fv) {
$FilterValue[$fvi] = get_magic_quotes_gpc() ? stripslashes($fv) : $fv;
}
}
$Print_x = $_POST['Print_x'];
$PrintTV = $_POST['PrintTV'];
$PrintDV = $_POST['PrintDV'];
$SelectedID = get_magic_quotes_gpc() ? stripslashes($_POST['SelectedID']) : $_POST['SelectedID'];
$insert_x = $_POST['insert_x'];
$update_x = $_POST['update_x'];
$delete_x = $_POST['delete_x'];
$SkipChecks = $_POST['confirmed'];
$deselect_x = $_POST['deselect_x'];
$addNew_x = $_POST['addNew_x'];
$dvprint_x = $_POST['dvprint_x'];
$DisplayRecords = in_array($_POST['DisplayRecords'], array('user', 'group')) ? $_POST['DisplayRecords'] : 'all';
}
$mi = getMemberInfo();
// insure authenticity of user inputs:
if (is_array($FilterAnd)) {
foreach ($FilterAnd as $i => $f) {
if ($f && !preg_match('/^(and|or)$/i', trim($f))) {
$FilterAnd[$i] = 'and';
}
}
}
if (is_array($FilterOperator)) {
foreach ($FilterOperator as $i => $f) {
if ($f && !in_array(trim($f), array_keys($GLOBALS['filter_operators']))) {
$FilterOperator[$i] = '';
}
}
}
if (!preg_match('/^\\s*[1-9][0-9]*\\s*(asc|desc)?(\\s*,\\s*[1-9][0-9]*\\s*(asc|desc)?)*$/i', $SortField)) {
$SortField = '';
}
if (!preg_match('/^(asc|desc)$/i', $SortDirection)) {
$SortDirection = '';
}
if (!$this->AllowDelete) {
$delete_x = '';
}
if (!$this->AllowDeleteOfParents) {
$SkipChecks = '';
}
if (!$this->AllowInsert) {
$insert_x = '';
$addNew_x = '';
}
if (!$this->AllowUpdate) {
$update_x = '';
}
if (!$this->AllowFilters) {
$Filter_x = '';
}
if (!$this->AllowPrinting) {
$Print_x = '';
$PrintTV = '';
}
if (!$this->QuickSearch) {
$SearchString = '';
}
if (!$this->AllowCSV) {
$CSV_x = '';
}
// enforce record selection if user has edit/delete permissions on the current table
$AllowPrintDV = 1;
$this->Permissions = getTablePermissions($this->TableName);
if ($this->Permissions[3] || $this->Permissions[4]) {
// current user can edit or delete?
$this->AllowSelection = 1;
} elseif (!$this->AllowSelection) {
$SelectedID = '';
$AllowPrintDV = 0;
$PrintDV = '';
}
if (!$this->AllowSelection || !$SelectedID) {
$dvprint_x = '';
}
$this->QueryFieldsIndexed = reIndex($this->QueryFieldsFilters);
// determine type of current view: TV, DV, TVDV, TVP, DVP or Filters?
if ($this->SeparateDV) {
$current_view = 'TV';
if ($Print_x != '' || $PrintTV != '') {
$current_view = 'TVP';
} elseif ($dvprint_x != '' || $PrintDV != '') {
$current_view = 'DVP';
} elseif ($Filter_x != '') {
$current_view = 'Filters';
} elseif ($SelectedID && !$deselect_x && !$delete_x || $addNew_x != '') {
$current_view = 'DV';
}
} else {
$current_view = 'TVDV';
if ($Print_x != '' || $PrintTV != '') {
$current_view = 'TVP';
} elseif ($dvprint_x != '' || $PrintDV != '') {
$current_view = 'DVP';
} elseif ($Filter_x != '') {
$current_view = 'Filters';
}
}
$this->HTML .= '<div class="row"><div class="col-xs-11 col-md-12">';
$this->HTML .= '<form ' . (datalist_image_uploads_exist ? 'enctype="multipart/form-data" ' : '') . 'method="post" name="myform" action="' . $this->ScriptFileName . '">';
if ($Embedded) {
$this->HTML .= '<input name="Embedded" value="1" type="hidden" />';
}
$this->HTML .= '<script>';
$this->HTML .= 'function enterAction(){';
$this->HTML .= ' if($$("input[name=SearchString]:focus")[0] != undefined){ $("Search").click(); }';
$this->HTML .= ' return false;';
$this->HTML .= '}';
$this->HTML .= '</script>';
$this->HTML .= '<input id="EnterAction" type="submit" style="position: absolute; left: 0px; top: -250px;" onclick="return enterAction();">';
$this->ContentType = 'tableview';
// default content type
if ($PrintTV != '') {
$Print_x = 1;
$_POST['Print_x'] = 1;
}
// handle user commands ...
if ($deselect_x != '') {
$SelectedID = '';
$this->showTV();
} elseif ($insert_x != '') {
$SelectedID = call_user_func($this->TableName . '_insert');
// redirect to a safe url to avoid refreshing and thus
// insertion of duplicate records.
$url = $this->RedirectAfterInsert;
$insert_status = 'record-added-ok=' . rand();
if (!$SelectedID) {
$insert_status = 'record-added-error=' . rand();
}
// compose filters and sorting
foreach ($this->filterers as $filterer => $caption) {
if ($_REQUEST['filterer_' . $filterer] != '') {
$filtersGET .= '&filterer_' . $filterer . '=' . urlencode($_REQUEST['filterer_' . $filterer]);
}
}
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
if ($FilterField[$i] != '' && $FilterOperator[$i] != '' && ($FilterValue[$i] != '' || strpos($FilterOperator[$i], 'empty'))) {
$filtersGET .= "&FilterAnd[{$i}]={$FilterAnd[$i]}&FilterField[{$i}]={$FilterField[$i]}&FilterOperator[{$i}]={$FilterOperator[$i]}&FilterValue[{$i}]=" . urlencode($FilterValue[$i]);
}
}
if ($Embedded) {
$filtersGET .= '&Embedded=1&SelectedID=' . urlencode($SelectedID);
}
$filtersGET .= "&SortField={$SortField}&SortDirection={$SortDirection}&FirstRecord={$FirstRecord}";
$filtersGET .= "&DisplayRecords={$DisplayRecords}";
$filtersGET .= '&SearchString=' . urlencode($SearchString);
$filtersGET = substr($filtersGET, 1);
// remove initial &
if ($url) {
/* if designer specified a redirect-after-insert url */
$url .= (strpos($url, '?') !== false ? '&' : '?') . $insert_status;
$url .= strpos($url, $this->ScriptFileName) !== false ? "&{$filtersGET}" : '';
$url = str_replace("#ID#", urlencode($SelectedID), $url);
} else {
/* if no redirect-after-insert url, use default */
$url = "{$this->ScriptFileName}?{$insert_status}&{$filtersGET}";
/* if DV and TV in same page, select new record */
if (!$this->SeparateDV) {
$url .= '&SelectedID=' . urlencode($SelectedID);
}
}
@header('Location: ' . $url);
$this->HTML .= "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;url=" . $url . "\">";
return;
} elseif ($delete_x != '') {
$d = call_user_func($this->TableName . '_delete', $SelectedID, $this->AllowDeleteOfParents, $SkipChecks);
// handle ajax delete requests
if (is_ajax()) {
die($d ? $d : 'OK');
}
if ($d) {
//$_REQUEST['record-deleted-error'] = 1;
$this->HTML .= error_message($d);
} else {
$_REQUEST['record-deleted-ok'] = 1;
$SelectedID = '';
$this->showTV();
}
} elseif ($update_x != '') {
$updated = call_user_func($this->TableName . '_update', $SelectedID);
$update_status = 'record-updated-ok=' . rand();
if ($updated === false) {
$update_status = 'record-updated-error=' . rand();
}
// compose filters and sorting
foreach ($this->filterers as $filterer => $caption) {
if ($_REQUEST['filterer_' . $filterer] != '') {
$filtersGET .= '&filterer_' . $filterer . '=' . urlencode($_REQUEST['filterer_' . $filterer]);
}
}
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
if ($FilterField[$i] != '' && $FilterOperator[$i] != '' && ($FilterValue[$i] != '' || strpos($FilterOperator[$i], 'empty'))) {
$filtersGET .= "&FilterAnd[{$i}]={$FilterAnd[$i]}&FilterField[{$i}]={$FilterField[$i]}&FilterOperator[{$i}]={$FilterOperator[$i]}&FilterValue[{$i}]=" . urlencode($FilterValue[$i]);
}
}
$filtersGET .= "&SortField={$SortField}&SortDirection={$SortDirection}&FirstRecord={$FirstRecord}&Embedded={$Embedded}";
$filtersGET .= "&DisplayRecords={$DisplayRecords}";
$filtersGET .= '&SearchString=' . urlencode($SearchString);
$filtersGET = substr($filtersGET, 1);
// remove initial &
$redirectUrl = $this->ScriptFileName . '?SelectedID=' . urlencode($SelectedID) . '&' . $filtersGET . '&' . $update_status;
@header("Location: {$redirectUrl}");
$this->HTML .= '<META HTTP-EQUIV="Refresh" CONTENT="0;url=' . $redirectUrl . '">';
return;
} elseif ($addNew_x != '') {
$SelectedID = '';
$this->hideTV();
} elseif ($Print_x != '') {
// print code here ....
$this->AllowNavigation = 0;
$this->AllowSelection = 0;
} elseif ($SaveFilter_x != '' && $this->AllowSavingFilters) {
$filter_link = $_SERVER['HTTP_REFERER'] . '?SortField=' . urlencode($SortField) . '&SortDirection=' . $SortDirection . '&';
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
if (($FilterField[$i] != '' || $i == 1) && $FilterOperator[$i] != '' && ($FilterValue[$i] != '' || strpos($FilterOperator[$i], 'empty'))) {
$filter_link .= urlencode("FilterAnd[{$i}]") . '=' . urlencode($FilterAnd[$i]) . '&';
$filter_link .= urlencode("FilterField[{$i}]") . '=' . urlencode($FilterField[$i]) . '&';
$filter_link .= urlencode("FilterOperator[{$i}]") . '=' . urlencode($FilterOperator[$i]) . '&';
$filter_link .= urlencode("FilterValue[{$i}]") . '=' . urlencode($FilterValue[$i]) . '&';
}
}
$filter_link = substr($filter_link, 0, -1);
/* trim last '&' */
$this->HTML .= '<div id="saved_filter_source_code" class="row"><div class="col-md-6 col-md-offset-3">';
$this->HTML .= '<div class="panel panel-info">';
$this->HTML .= '<div class="panel-heading"><h3 class="panel-title">' . $Translation["saved filters title"] . "</h3></div>";
$this->HTML .= '<div class="panel-body">';
$this->HTML .= $Translation["saved filters instructions"];
$this->HTML .= '<textarea rows="4" class="form-control vspacer-lg" style="width: 100%;" onfocus="$j(this).select();">' . "<a href=\"{$filter_link}\">Saved filter link<a>" . '</textarea>';
$this->HTML .= "<div><a href=\"{$filter_link}\" title=\"" . htmlspecialchars($filter_link) . "\">{$Translation['permalink']}</a></div>";
$this->HTML .= '<button type="button" class="btn btn-default btn-block vspacer-lg" onclick="$j(\'#saved_filter_source_code\').remove();"><i class="glyphicon glyphicon-remove"></i> ' . $Translation['hide code'] . '</button>';
$this->HTML .= '</div>';
$this->HTML .= '</div>';
$this->HTML .= '</div></div>';
} elseif ($Filter_x != '') {
$orderBy = array();
if ($SortField) {
$sortFields = explode(',', $SortField);
$i = 0;
foreach ($sortFields as $sf) {
$tob = preg_split('/\\s+/', $sf, 2);
$orderBy[] = array(trim($tob[0]) => strtolower(trim($tob[1])) == 'desc' ? 'desc' : 'asc');
$i++;
}
$orderBy[$i - 1][$tob[0]] = strtolower(trim($SortDirection)) == 'desc' ? 'desc' : 'asc';
}
$currDir = dirname(__FILE__) . '/hooks';
// path to hooks folder
$uff = "{$currDir}/{$this->TableName}.filters.{$mi['username']}.php";
// user-specific filter file
$gff = "{$currDir}/{$this->TableName}.filters.{$mi['group']}.php";
// group-specific filter file
$tff = "{$currDir}/{$this->TableName}.filters.php";
// table-specific filter file
/*
if no explicit filter file exists, look for filter files in the hooks folder in this order:
1. tablename.filters.username.php ($uff)
2. tablename.filters.groupname.php ($gff)
3. tablename.filters.php ($tff)
*/
if (!is_file($this->FilterPage)) {
$this->FilterPage = 'defaultFilters.php';
if (is_file($uff)) {
$this->FilterPage = $uff;
} elseif (is_file($gff)) {
$this->FilterPage = $gff;
} elseif (is_file($tff)) {
$this->FilterPage = $tff;
}
}
if ($this->FilterPage != '') {
ob_start();
@(include $this->FilterPage);
$out = ob_get_contents();
ob_end_clean();
$this->HTML .= $out;
}
// hidden variables ....
$this->HTML .= '<input name="SortField" value="' . $SortField . '" type="hidden" />';
$this->HTML .= '<input name="SortDirection" type="hidden" value="' . $SortDirection . '" />';
$this->HTML .= '<input name="FirstRecord" type="hidden" value="1" />';
$this->ContentType = 'filters';
return;
} elseif ($NoFilter_x != '') {
// clear all filters ...
for ($i = 1; $i <= datalist_filters_count * $FiltersPerGroup; $i++) {
// Number of filters allowed
$FilterField[$i] = '';
$FilterOperator[$i] = '';
$FilterValue[$i] = '';
}
$DisplayRecords = 'all';
$SearchString = '';
$FirstRecord = 1;
// clear filterers
foreach ($this->filterers as $filterer => $caption) {
$_REQUEST['filterer_' . $filterer] = '';
}
} elseif ($SelectedID) {
$this->hideTV();
}
// apply lookup filterers to the query
foreach ($this->filterers as $filterer => $caption) {
if ($_REQUEST['filterer_' . $filterer] != '') {
if ($this->QueryWhere == '') {
$this->QueryWhere = "where ";
} else {
$this->QueryWhere .= " and ";
}
$this->QueryWhere .= "`{$this->TableName}`.`{$filterer}`='" . makeSafe($_REQUEST['filterer_' . $filterer]) . "' ";
break;
// currently, only one filterer can be applied at a time
}
}
// apply quick search to the query
if ($SearchString != '') {
if ($Search_x != '') {
$FirstRecord = 1;
}
if ($this->QueryWhere == '') {
$this->QueryWhere = "where ";
} else {
$this->QueryWhere .= " and ";
}
foreach ($this->QueryFieldsQS as $fName => $fCaption) {
if (strpos($fName, '<img') === False) {
$this->QuerySearchableFields[$fName] = $fCaption;
}
}
$this->QueryWhere .= '(' . implode(" LIKE '%" . makeSafe($SearchString) . "%' or ", array_keys($this->QuerySearchableFields)) . " LIKE '%" . makeSafe($SearchString) . "%')";
}
// set query filters
$QueryHasWhere = 0;
if (strpos($this->QueryWhere, 'where ') !== FALSE) {
$QueryHasWhere = 1;
}
$WhereNeedsClosing = 0;
for ($i = 1; $i <= datalist_filters_count * $FiltersPerGroup; $i += $FiltersPerGroup) {
// Number of filters allowed
// test current filter group
$GroupHasFilters = 0;
for ($j = 0; $j < $FiltersPerGroup; $j++) {
if ($FilterField[$i + $j] != '' && $this->QueryFieldsIndexed[$FilterField[$i + $j]] != '' && $FilterOperator[$i + $j] != '' && ($FilterValue[$i + $j] != '' || strpos($FilterOperator[$i + $j], 'empty'))) {
$GroupHasFilters = 1;
break;
}
}
if ($GroupHasFilters) {
if (!stristr($this->QueryWhere, "where ")) {
$this->QueryWhere = "where (";
} elseif ($QueryHasWhere) {
$this->QueryWhere .= " and (";
$QueryHasWhere = 0;
}
$this->QueryWhere .= " <FilterGroup> " . $FilterAnd[$i] . " (";
for ($j = 0; $j < $FiltersPerGroup; $j++) {
if ($FilterField[$i + $j] != '' && $this->QueryFieldsIndexed[$FilterField[$i + $j]] != '' && $FilterOperator[$i + $j] != '' && ($FilterValue[$i + $j] != '' || strpos($FilterOperator[$i + $j], 'empty'))) {
if ($FilterAnd[$i + $j] == '') {
$FilterAnd[$i + $j] = 'and';
}
// test for date/time fields
$tries = 0;
$isDateTime = FALSE;
$isDate = FALSE;
$fieldName = str_replace('`', '', $this->QueryFieldsIndexed[$FilterField[$i + $j]]);
list($tn, $fn) = explode('.', $fieldName);
while (!($res = sql("show columns from `{$tn}` like '{$fn}'", $eo)) && $tries < 2) {
$tn = substr($tn, 0, -1);
$tries++;
}
if ($row = @db_fetch_array($res)) {
if ($row['Type'] == 'date' || $row['Type'] == 'time') {
$isDateTime = TRUE;
if ($row['Type'] == 'date') {
$isDate = True;
}
}
}
// end of test
if ($FilterOperator[$i + $j] == 'is-empty' && !$isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " (" . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "='' or " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " is NULL) </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'is-not-empty' && !$isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "!='' </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'is-empty' && $isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " (" . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "=0 or " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " is NULL) </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'is-not-empty' && $isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "!=0 </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'like' && !strstr($FilterValue[$i + $j], "%") && !strstr($FilterValue[$i + $j], "_")) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " like '%" . makeSafe($FilterValue[$i + $j]) . "%' </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'not-like' && !strstr($FilterValue[$i + $j], "%") && !strstr($FilterValue[$i + $j], "_")) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " not like '%" . makeSafe($FilterValue[$i + $j]) . "%' </FilterItem>";
} elseif ($isDate) {
$dateValue = toMySQLDate($FilterValue[$i + $j]);
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " " . $GLOBALS['filter_operators'][$FilterOperator[$i + $j]] . " '{$dateValue}' </FilterItem>";
} else {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " " . $GLOBALS['filter_operators'][$FilterOperator[$i + $j]] . " '" . makeSafe($FilterValue[$i + $j]) . "' </FilterItem>";
}
}
}
$this->QueryWhere .= ") </FilterGroup>";
$WhereNeedsClosing = 1;
}
}
if ($WhereNeedsClosing) {
$this->QueryWhere .= ")";
}
// set query sort
if (!stristr($this->QueryOrder, "order by ") && $SortField != '' && $this->AllowSorting) {
$actualSortField = $SortField;
foreach ($this->SortFields as $fieldNum => $fieldSort) {
$actualSortField = str_replace(" {$fieldNum} ", " {$fieldSort} ", " {$actualSortField} ");
$actualSortField = str_replace(",{$fieldNum} ", ",{$fieldSort} ", " {$actualSortField} ");
}
$this->QueryOrder = "order by {$actualSortField} {$SortDirection}";
}
// clean up query
$this->QueryWhere = str_replace('( <FilterGroup> and ', '( ', $this->QueryWhere);
$this->QueryWhere = str_replace('( <FilterGroup> or ', '( ', $this->QueryWhere);
$this->QueryWhere = str_replace('( <FilterItem> and ', '( ', $this->QueryWhere);
$this->QueryWhere = str_replace('( <FilterItem> or ', '( ', $this->QueryWhere);
$this->QueryWhere = str_replace('<FilterGroup>', '', $this->QueryWhere);
$this->QueryWhere = str_replace('</FilterGroup>', '', $this->QueryWhere);
$this->QueryWhere = str_replace('<FilterItem>', '', $this->QueryWhere);
$this->QueryWhere = str_replace('</FilterItem>', '', $this->QueryWhere);
// if no 'order by' clause found, apply default sorting if specified
if ($this->DefaultSortField != '' && $this->QueryOrder == '') {
$this->QueryOrder = "order by " . $this->DefaultSortField . " " . $this->DefaultSortDirection;
}
// get count of matching records ...
$TempQuery = 'SELECT count(1) from ' . $this->QueryFrom . ' ' . $this->QueryWhere;
$RecordCount = sqlValue($TempQuery);
$FieldCountTV = count($this->QueryFieldsTV);
$FieldCountCSV = count($this->QueryFieldsCSV);
$FieldCountFilters = count($this->QueryFieldsFilters);
if (!$RecordCount) {
$FirstRecord = 1;
}
// Output CSV on request
if ($CSV_x != '') {
$this->HTML = '';
if (datalist_db_encoding == 'UTF-8') {
$this->HTML = "";
}
// BOM characters for UTF-8 output
// execute query for CSV output
$fieldList = '';
foreach ($this->QueryFieldsCSV as $fn => $fc) {
$fieldList .= "{$fn} as `{$fc}`, ";
}
$fieldList = substr($fieldList, 0, -2);
$csvQuery = 'SELECT ' . $fieldList . ' from ' . $this->QueryFrom . ' ' . $this->QueryWhere . ' ' . $this->QueryOrder;
// hook: table_csv
if (function_exists($this->TableName . '_csv')) {
$args = array();
$mq = call_user_func_array($this->TableName . '_csv', array($csvQuery, $mi, &$args));
$csvQuery = $mq ? $mq : $csvQuery;
}
$result = sql($csvQuery, $eo);
// output CSV field names
for ($i = 0; $i < $FieldCountCSV; $i++) {
$this->HTML .= "\"" . db_field_name($result, $i) . "\"" . $this->CSVSeparator;
}
$this->HTML .= "\n\n";
// output CSV data
while ($row = db_fetch_row($result)) {
for ($i = 0; $i < $FieldCountCSV; $i++) {
$this->HTML .= "\"" . str_replace(array("\r\n", "\r", "\n", '"'), array(' ', ' ', ' ', '""'), strip_tags($row[$i])) . "\"" . $this->CSVSeparator;
}
$this->HTML .= "\n\n";
}
$this->HTML = str_replace($this->CSVSeparator . "\n\n", "\n", $this->HTML);
$this->HTML = substr($this->HTML, 0, -1);
// clean any output buffers
while (@ob_end_clean()) {
}
// output CSV HTTP headers ...
header('HTTP/1.1 200 OK');
header('Date: ' . @date("D M j G:i:s T Y"));
header('Last-Modified: ' . @date("D M j G:i:s T Y"));
header("Content-Type: application/force-download");
header("Content-Length: " . (string) strlen($this->HTML));
header("Content-Transfer-Encoding: Binary");
header("Content-Disposition: attachment; filename={$this->TableName}.csv");
// send output and quit script
echo $this->HTML;
exit;
}
$t = time();
// just a random number for any purpose ...
// should SelectedID be reset on clicking TV buttons?
$resetSelection = $this->SeparateDV ? "document.myform.SelectedID.value = '';" : "document.myform.writeAttribute('novalidate', 'novalidate');";
if ($current_view == 'DV' && !$Embedded) {
$this->HTML .= '<div class="page-header">';
$this->HTML .= '<h1>';
$this->HTML .= '<a style="text-decoration: none; color: inherit;" href="' . $this->TableName . '_view.php"><img src="' . $this->TableIcon . '"> ' . $this->TableTitle . '</a>';
$this->HTML .= '</h1>';
$this->HTML .= '</div>';
}
// quick search and TV action buttons
if (!$this->HideTableView && !($dvprint_x && $this->AllowSelection && $SelectedID) && !$PrintDV) {
$buttons_all = $quick_search_html = '';
if ($Print_x == '') {
// display 'Add New' icon
if ($this->Permissions[1] && $this->SeparateDV) {
$buttons_all .= '<button type="submit" id="addNew" name="addNew_x" value="1" class="btn btn-success"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Add New'] . '</button>';
$buttonsCount++;
}
// display Print icon
if ($this->AllowPrinting) {
$buttons_all .= '<button onClick="document.myform.NoDV.value=1; ' . $resetSelection . ' return true;" type="submit" name="Print_x" id="Print" value="1" class="btn btn-default"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>';
$buttonsCount++;
}
// display CSV icon
if ($this->AllowCSV) {
$buttons_all .= '<button onClick="document.myform.NoDV.value=1; ' . $resetSelection . ' return true;" type="submit" name="CSV_x" id="CSV" value="1" class="btn btn-default"><i class="glyphicon glyphicon-download-alt"></i> ' . $Translation['CSV'] . '</button>';
$buttonsCount++;
}
// display Filter icon
if ($this->AllowFilters) {
$buttons_all .= '<button onClick="document.myform.NoDV.value=1; ' . $resetSelection . ' return true;" type="submit" name="Filter_x" id="Filter" value="1" class="btn btn-default"><i class="glyphicon glyphicon-filter"></i> ' . $Translation['filter'] . '</button>';
$buttonsCount++;
}
// display Show All icon
if ($this->AllowFilters) {
$buttons_all .= '<button onClick="document.myform.NoDV.value=1; ' . $resetSelection . ' return true;" type="submit" name="NoFilter_x" id="NoFilter" value="1" class="btn btn-default"><i class="glyphicon glyphicon-remove-circle"></i> ' . $Translation['Reset Filters'] . '</button>';
$buttonsCount++;
}
$quick_search_html .= '<div class="input-group" id="quick-search">';
$quick_search_html .= '<input type="text" name="SearchString" value="' . htmlspecialchars($SearchString, ENT_QUOTES, 'iso-8859-1') . '" class="form-control" placeholder="' . htmlspecialchars($this->QuickSearchText) . '">';
$quick_search_html .= '<span class="input-group-btn">';
$quick_search_html .= '<button name="Search_x" value="1" id="Search" type="submit" onClick="' . $resetSelection . ' document.myform.NoDV.value=1; return true;" class="btn btn-default" title="' . htmlspecialchars($this->QuickSearchText) . '"><i class="glyphicon glyphicon-search"></i></button>';
$quick_search_html .= '<button name="NoFilter_x" value="1" id="NoFilter_x" type="submit" onClick="' . $resetSelection . ' document.myform.NoDV.value=1; return true;" class="btn btn-default" title="' . htmlspecialchars($Translation['Reset Filters']) . '"><i class="glyphicon glyphicon-remove-circle"></i></button>';
$quick_search_html .= '</span>';
$quick_search_html .= '</div>';
} else {
$buttons_all .= '<button class="btn btn-primary" type="button" id="sendToPrinter" onClick="window.print();"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print'] . '</button>';
$buttons_all .= '<button class="btn btn-default" type="submit"><i class="glyphicon glyphicon-remove-circle"></i> ' . $Translation['Cancel Printing'] . '</button>';
}
/* if user can print DV, add action to 'More' menu */
$selected_records_more = array();
if ($AllowPrintDV) {
$selected_records_more[] = array('function' => $this->SeparateDV ? 'print_multiple_dv_sdv' : 'print_multiple_dv_tvdv', 'title' => $Translation['Print Preview Detail View'], 'icon' => 'print');
}
/* if user can mass-delete selected records, add action to 'More' menu */
if ($this->AllowMassDelete && $this->AllowDelete) {
$selected_records_more[] = array('function' => 'mass_delete', 'title' => $Translation['Delete'], 'icon' => 'trash', 'class' => 'text-danger');
}
/* if user is admin, add 'Change owner' action to 'More' menu */
/* also, add help link for adding more actions */
if ($mi['admin']) {
$selected_records_more[] = array('function' => 'mass_change_owner', 'title' => $Translation['Change owner'], 'icon' => 'user');
$selected_records_more[] = array('function' => 'add_more_actions_link', 'title' => $Translation['Add more actions'], 'icon' => 'question-sign', 'class' => 'text-info');
}
/* user-defined actions ... should be set in the {tablename}_batch_actions() function in hooks/{tablename}.php */
$user_actions = array();
if (function_exists($this->TableName . '_batch_actions')) {
$args = array();
$user_actions = call_user_func_array($this->TableName . '_batch_actions', array(&$args));
if (is_array($user_actions) && count($user_actions)) {
$selected_records_more = array_merge($selected_records_more, $user_actions);
}
}
$actual_more_count = 0;
$more_menu = $more_menu_js = '';
if (count($selected_records_more)) {
$more_menu .= '<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" id="selected_records_more"><i class="glyphicon glyphicon-check"></i> ' . $Translation['More'] . ' <span class="caret"></span></button>';
$more_menu .= '<ul class="dropdown-menu" role="menu">';
foreach ($selected_records_more as $action) {
if (!$action['function'] || !$action['title']) {
continue;
}
$action['class'] = !isset($action['class']) ? '' : $action['class'];
$action['icon'] = !isset($action['icon']) ? '' : $action['icon'];
$actual_more_count++;
$more_menu .= '<li>' . '<a href="#" id="selected_records_' . $action['function'] . '">' . '<span class="' . $action['class'] . '">' . ($action['icon'] ? '<i class="glyphicon glyphicon-' . $action['icon'] . '"></i> ' : '') . $action['title'] . '</span>' . '</a>' . '</li>';
// on clicking an action, call its js handler function, passing the current table name and an array of selected IDs to it
$more_menu_js .= "jQuery('[id=selected_records_{$action['function']}]').click(function(){ {$action['function']}('{$this->TableName}', get_selected_records_ids()); return false; });";
}
$more_menu .= '</ul>';
}
if ($Embedded) {
$this->HTML .= '<script>$j(function(){ $j(\'[id^=notification-]\').parent().css({\'margin-top\': \'15px\', \'margin-bottom\': \'0\'}); })</script>';
} else {
$this->HTML .= '<div class="page-header">';
$this->HTML .= '<h1>';
$this->HTML .= '<div class="row">';
$this->HTML .= '<div class="col-sm-8">';
$this->HTML .= '<a style="text-decoration: none; color: inherit;" href="' . $this->TableName . '_view.php"><img src="' . $this->TableIcon . '"> ' . $this->TableTitle . '</a>';
$this->HTML .= '</div>';
if ($this->QuickSearch) {
$this->HTML .= '<div class="col-sm-4">';
$this->HTML .= $quick_search_html;
$this->HTML .= '</div>';
}
$this->HTML .= '</div>';
$this->HTML .= '</h1>';
$this->HTML .= '</div>';
$this->HTML .= '<div id="top_buttons" class="hidden-print">';
/* .all_records: container for buttons that don't need a selection */
/* .selected_records: container for buttons that need a selection */
$this->HTML .= '<div class="btn-group btn-group-lg visible-md visible-lg all_records pull-left">' . $buttons_all . '</div>';
$this->HTML .= '<div class="btn-group btn-group-lg visible-md visible-lg selected_records hidden pull-left hspacer-lg">' . $buttons_selected . ($actual_more_count ? $more_menu : '') . '</div>';
$this->HTML .= '<div class="btn-group-vertical btn-group-lg visible-xs visible-sm all_records">' . $buttons_all . '</div>';
$this->HTML .= '<div class="btn-group-vertical btn-group-lg visible-xs visible-sm selected_records hidden vspacer-lg">' . $buttons_selected . ($actual_more_count ? $more_menu : '') . '</div>';
$this->HTML .= '<div class="clearfix"></div><p></p>';
$this->HTML .= '</div>';
}
if ($Print_x != '') {
/* fix top margin for print-preview */
$this->HTML .= '<style>body{ padding-top: 0 !important; }</style>';
/* disable links inside table body to prevent printing their href */
$this->HTML .= '<script>jQuery(function(){ jQuery("tbody a").removeAttr("href").removeAttr("rel"); });</script>';
}
// script for focusing into the search box on loading the page
// and for declaring record action handlers
$this->HTML .= '<script>jQuery(function(){ jQuery("input[name=SearchString]").focus(); ' . $more_menu_js . ' });</script>';
}
// begin table and display table title
if (!$this->HideTableView && !($dvprint_x && $this->AllowSelection && $SelectedID) && !$PrintDV && !$Embedded) {
$this->HTML .= '<div class="table-responsive"><table class="table table-striped table-bordered table-hover">';
$this->HTML .= '<thead><tr>';
if (!$Print_x) {
$this->HTML .= '<th style="width: 18px;" class="text-center"><input class="hidden-print" type="checkbox" title="' . htmlspecialchars($Translation['Select all records']) . '" id="select_all_records"></th>';
}
// Templates
if ($this->Template != '') {
$rowTemplate = @implode('', @file('./' . $this->Template));
if (!$rowTemplate) {
$rowTemplate = '';
$selrowTemplate = '';
} else {
if ($this->SelectedTemplate != '') {
$selrowTemplate = @implode('', @file('./' . $this->SelectedTemplate));
if (!$selrowTemplate) {
$selrowTemplate = '';
}
} else {
$selrowTemplate = '';
}
}
} else {
$rowTemplate = '';
$selrowTemplate = '';
}
// process translations
if ($rowTemplate) {
foreach ($Translation as $symbol => $trans) {
$rowTemplate = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $rowTemplate);
}
}
if ($selrowTemplate) {
foreach ($Translation as $symbol => $trans) {
$selrowTemplate = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $selrowTemplate);
}
}
// End of templates
// $this->ccffv: map $FilterField values to field captions as stored in ColCaption
$this->ccffv = array();
foreach ($this->ColCaption as $captionIndex => $caption) {
$ffv = 1;
foreach ($this->QueryFieldsFilters as $uselessKey => $filterCaption) {
if ($caption == $filterCaption) {
$this->ccffv[$captionIndex] = $ffv;
}
$ffv++;
}
}
// display table headers
$totalColWidth = array_sum($this->ColWidth);
$forceHeaderWidth = false;
if ($rowTemplate == '' || $this->ShowTableHeader) {
for ($i = 0; $i < count($this->ColCaption); $i++) {
/* Sorting icon and link */
$sort1 = $sort2 = $filterHint = '';
if ($this->AllowSorting == 1) {
if ($current_view != 'TVP') {
$sort1 = "<a href=\"{$this->ScriptFileName}?SortDirection=asc&SortField=" . $this->ColNumber[$i] . "\" onClick=\"{$resetSelection} document.myform.NoDV.value=1; document.myform.SortDirection.value='asc'; document.myform.SortField.value = '" . $this->ColNumber[$i] . "'; document.myform.submit(); return false;\" class=\"TableHeader\">";
$sort2 = "</a>";
}
if ($this->ColNumber[$i] == $SortField) {
$SortDirection = $SortDirection == "asc" ? "desc" : "asc";
if ($current_view != 'TVP') {
$sort1 = "<a href=\"{$this->ScriptFileName}?SortDirection={$SortDirection}&SortField=" . $this->ColNumber[$i] . "\" onClick=\"{$resetSelection} document.myform.NoDV.value=1; document.myform.SortDirection.value='{$SortDirection}'; document.myform.SortField.value = " . $this->ColNumber[$i] . "; document.myform.submit(); return false;\" class=\"TableHeader\">";
}
$sort2 = " <i class=\"text-warning glyphicon glyphicon-sort-by-attributes" . ($SortDirection == 'desc' ? '' : '-alt') . "\"></i>{$sort2}";
$SortDirection = $SortDirection == "asc" ? "desc" : "asc";
}
} else {
$sort1 = '';
$sort2 = '';
}
/* Filtering icon and hint */
if ($this->AllowFilters && is_array($FilterField)) {
// check to see if there is any filter applied on the current field
if (isset($this->ccffv[$i]) && in_array($this->ccffv[$i], $FilterField)) {
// render filter icon
$filterHint = ' <button type="submit" class="btn btn-default btn-xs' . ($current_view == 'TVP' ? ' disabled' : '') . '" name="Filter_x" value="1" title="' . htmlspecialchars($Translation['filtered field']) . '"><i class="glyphicon glyphicon-filter"></i></button>';
}
}
$this->HTML .= "\t<th class=\"{$this->TableName}-{$this->ColFieldName[$i]}\" " . ($forceHeaderWidth ? ' style="width: ' . ($this->ColWidth[$i] ? $this->ColWidth[$i] : 100) . 'px;"' : '') . ">{$sort1}{$this->ColCaption[$i]}{$sort2}{$filterHint}</th>\n";
}
} else {
// Display a Sort by drop down
$this->HTML .= "\t<th><td colspan=" . (count($this->ColCaption) + 1) . ">";
if ($this->AllowSorting == 1) {
$sortCombo = new Combo();
for ($i = 0; $i < count($this->ColCaption); $i++) {
$sortCombo->ListItem[] = $this->ColCaption[$i];
$sortCombo->ListData[] = $this->ColNumber[$i];
}
$sortCombo->SelectName = "FieldsList";
$sortCombo->SelectedData = $SortField;
$sortCombo->Class = 'TableBody';
$sortCombo->SelectedClass = 'TableBodySelected';
$sortCombo->Render();
$d = $sortCombo->HTML;
$d = str_replace('<select ', "<select onChange=\"document.myform.SortDirection.value='{$SortDirection}'; document.myform.SortField.value=document.myform.FieldsList.value; document.myform.NoDV.value=1; document.myform.submit();\" ", $d);
if ($SortField) {
$SortDirection = $SortDirection == "desc" ? "asc" : "desc";
$sort = "<a href=\"javascript: document.myform.NoDV.value=1; document.myform.SortDirection.value='{$SortDirection}'; document.myform.SortField.value='{$SortField}'; document.myform.submit();\" class=TableHeader><img src={$SortDirection}.gif border=0 width=11 height=11 hspace=3></a>";
$SortDirection = $SortDirection == "desc" ? "asc" : "desc";
} else {
$sort = '';
}
$this->HTML .= $Translation['order by'] . " {$d} {$sort}";
}
$this->HTML .= "</td></th>\n";
}
// table view navigation code ...
if ($RecordCount && $this->AllowNavigation && $RecordCount > $this->RecordsPerPage) {
while ($FirstRecord > $RecordCount) {
$FirstRecord -= $this->RecordsPerPage;
}
if ($FirstRecord == '' || $FirstRecord < 1) {
$FirstRecord = 1;
}
if ($Previous_x != '') {
$FirstRecord -= $this->RecordsPerPage;
if ($FirstRecord <= 0) {
$FirstRecord = 1;
}
} elseif ($Next_x != '') {
$FirstRecord += $this->RecordsPerPage;
if ($FirstRecord > $RecordCount) {
$FirstRecord = $RecordCount - $RecordCount % $this->RecordsPerPage + 1;
}
if ($FirstRecord > $RecordCount) {
$FirstRecord = $RecordCount - $this->RecordsPerPage + 1;
}
if ($FirstRecord <= 0) {
$FirstRecord = 1;
}
}
} elseif ($RecordCount) {
$FirstRecord = 1;
$this->RecordsPerPage = 2000;
// a limit on max records in print preview to avoid performance drops
}
// end of table view navigation code
$this->HTML .= "\n\t</tr>\n\n</thead>\n\n<tbody><!-- tv data below -->\n";
$i = 0;
$hc = new CI_Input();
$hc->charset = datalist_db_encoding;
if ($RecordCount) {
$i = $FirstRecord;
// execute query for table view
$fieldList = '';
foreach ($this->QueryFieldsTV as $fn => $fc) {
$fieldList .= "{$fn} as `{$fc}`, ";
}
$fieldList = substr($fieldList, 0, -2);
if ($this->PrimaryKey) {
$fieldList .= ", {$this->PrimaryKey} as '" . str_replace('`', '', $this->PrimaryKey) . "'";
}
$tvQuery = 'SELECT ' . $fieldList . ' from ' . $this->QueryFrom . ' ' . $this->QueryWhere . ' ' . $this->QueryOrder;
$result = sql($tvQuery . " limit " . ($i - 1) . ",{$this->RecordsPerPage}", $eo);
while (($row = db_fetch_array($result)) && $i < $FirstRecord + $this->RecordsPerPage) {
$attr_id = htmlspecialchars($row[$FieldCountTV], ENT_QUOTES, 'iso-8859-1');
/* pk value suitable for inserting into html tag attributes */
$js_id = addslashes($row[$FieldCountTV]);
/* pk value suitable for inserting into js strings */
$alt = ($i - $FirstRecord) % 2;
if (($PrintTV || $Print_x) && count($_POST['record_selector']) && !in_array($row[$FieldCountTV], $_POST['record_selector'])) {
continue;
}
$class = "TableBody" . ($alt ? 'Selected' : '') . ($fNumeric ? 'Numeric' : '');
if ($Print_x != '') {
$this->HTML .= '<tr>';
}
if (!$Print_x) {
$this->HTML .= $SelectedID == $row[$FieldCountTV] ? '<tr class="active">' : '<tr>';
$checked = is_array($_POST['record_selector']) && in_array($row[$FieldCountTV], $_POST['record_selector']) ? ' checked' : '';
$this->HTML .= "<td class=\"text-center\"><input class=\"hidden-print record_selector\" type=\"checkbox\" id=\"record_selector_{$attr_id}\" name=\"record_selector[]\" value=\"{$attr_id}\"{$checked}></td>";
}
// templates
if ($rowTemplate != '') {
if ($this->AllowSelection == 1 && $SelectedID == $row[$FieldCountTV] && $selrowTemplate != '') {
$rowTemp = $selrowTemplate;
} else {
$rowTemp = $rowTemplate;
}
if ($this->AllowSelection == 1 && $SelectedID != $row[$FieldCountTV]) {
$rowTemp = str_replace('<%%SELECT%%>', "<a onclick=\"document.myform.SelectedField.value=this.parentNode.cellIndex; document.myform.SelectedID.value='" . addslashes($row[$FieldCountTV]) . "'; document.myform.submit(); return false;\" href=\"{$this->ScriptFileName}?SelectedID=" . htmlspecialchars($row[$FieldCountTV], ENT_QUOTES) . "\" class=\"{$class}\" style=\"display: block; padding:0px;\">", $rowTemp);
$rowTemp = str_replace('<%%ENDSELECT%%>', '</a>', $rowTemp);
} else {
$rowTemp = str_replace('<%%SELECT%%>', '', $rowTemp);
$rowTemp = str_replace('<%%ENDSELECT%%>', '', $rowTemp);
}
for ($j = 0; $j < $FieldCountTV; $j++) {
$fieldTVCaption = current(array_slice($this->QueryFieldsTV, $j, 1));
$fd = $hc->xss_clean(nl2br($row[$j]));
/* Sanitize output against XSS attacks */
/*
the TV template could contain field placeholders in the format
<%%FIELD_n%%> or <%%VALUE(Field name)%%>
*/
$rowTemp = str_replace("<%%FIELD_{$j}%%>", thisOr($fd), $rowTemp);
$rowTemp = str_replace("<%%VALUE({$fieldTVCaption})%%>", thisOr($fd), $rowTemp);
if (strpos($rowTemp, "<%%YOUTUBETHUMB({$fieldTVCaption})%%>") !== false) {
$rowTemp = str_replace("<%%YOUTUBETHUMB({$fieldTVCaption})%%>", thisOr(get_embed('youtube', $fd, '', '', 'thumbnail_url'), 'blank.gif'), $rowTemp);
}
if (strpos($rowTemp, "<%%GOOGLEMAPTHUMB({$fieldTVCaption})%%>") !== false) {
$rowTemp = str_replace("<%%GOOGLEMAPTHUMB({$fieldTVCaption})%%>", thisOr(get_embed('googlemap', $fd, '', '', 'thumbnail_url'), 'blank.gif'), $rowTemp);
}
if (thisOr($fd) == ' ' && preg_match('/<a href=".*? .*?<\\/a>/i', $rowTemp, $m)) {
$rowTemp = str_replace($m[0], '', $rowTemp);
}
}
if ($alt && $SelectedID != $row[$FieldCountTV]) {
$rowTemp = str_replace("TableBody", "TableBodySelected", $rowTemp);
$rowTemp = str_replace("TableBodyNumeric", "TableBodySelectedNumeric", $rowTemp);
$rowTemp = str_replace("SelectedSelected", "Selected", $rowTemp);
}
if ($SearchString != '') {
$rowTemp = highlight($SearchString, $rowTemp);
}
$this->HTML .= $rowTemp;
$rowTemp = '';
} else {
// end of templates
for ($j = 0; $j < $FieldCountTV; $j++) {
$fType = db_field_type($result, $j);
$fNumeric = stristr($fType, 'int') || stristr($fType, 'float') || stristr($fType, 'decimal') || stristr($fType, 'numeric') || stristr($fType, 'real') || stristr($fType, 'double') ? true : false;
if ($this->AllowSelection == 1) {
$sel1 = "<a href=\"{$this->ScriptFileName}?SelectedID=" . htmlspecialchars($row[$FieldCountTV], ENT_QUOTES) . "\" onclick=\"document.myform.SelectedID.value='" . addslashes($row[$FieldCountTV]) . "'; document.myform.submit(); return false;\" class=\"{$class}\" style=\"padding:0px;\">";
$sel2 = "</a>";
} else {
$sel1 = '';
$sel2 = '';
}
$this->HTML .= "<td valign=top class={$class}><div class={$class}> {$sel1}" . $row[$j] . "{$sel2} </div></td>";
}
}
$this->HTML .= "</tr>\n";
$i++;
}
$i--;
}
$this->HTML = preg_replace("/<a href=\"(mailto:)? [^\n]*title=\" \"><\\/a>/", ' ', $this->HTML);
$this->HTML = preg_replace("/<a [^>]*>( )*<\\/a>/", ' ', $this->HTML);
$this->HTML = preg_replace("/<%%.*%%>/U", ' ', $this->HTML);
// end of data
$this->HTML .= '<!-- tv data above -->';
$this->HTML .= "\n</tbody>";
if ($Print_x == '') {
// TV
$pagesMenu = '';
if ($RecordCount > $this->RecordsPerPage) {
$pagesMenuId = "{$this->TableName}_pagesMenu";
$pagesMenu = $Translation['go to page'] . ' <select class="input-sm" id="' . $pagesMenuId . '" onChange="document.myform.writeAttribute(\'novalidate\', \'novalidate\'); document.myform.NoDV.value=1; document.myform.FirstRecord.value=(this.value * ' . $this->RecordsPerPage . '+1); document.myform.submit();">';
$pagesMenu .= '</select>';
$pagesMenu .= '<script>';
$pagesMenu .= 'var lastPage = ' . (ceil($RecordCount / $this->RecordsPerPage) - 1) . ';';
$pagesMenu .= 'var currentPage = ' . ($FirstRecord - 1) / $this->RecordsPerPage . ';';
$pagesMenu .= 'var pagesMenu = document.getElementById("' . $pagesMenuId . '");';
$pagesMenu .= 'var lump = ' . datalist_max_page_lump . ';';
$pagesMenu .= 'if(lastPage <= lump * 3){';
$pagesMenu .= ' addPageNumbers(0, lastPage);';
$pagesMenu .= '}else{';
$pagesMenu .= ' addPageNumbers(0, lump - 1);';
$pagesMenu .= ' if(currentPage < lump) addPageNumbers(lump, currentPage + lump / 2);';
$pagesMenu .= ' if(currentPage >= lump && currentPage < (lastPage - lump)){';
$pagesMenu .= ' addPageNumbers(';
$pagesMenu .= ' Math.max(currentPage - lump / 2, lump),';
$pagesMenu .= ' Math.min(currentPage + lump / 2, lastPage - lump - 1)';
$pagesMenu .= ' );';
$pagesMenu .= ' }';
$pagesMenu .= ' if(currentPage >= (lastPage - lump)) addPageNumbers(currentPage - lump / 2, lastPage - lump - 1);';
$pagesMenu .= ' addPageNumbers(lastPage - lump, lastPage);';
$pagesMenu .= '}';
$pagesMenu .= 'function addPageNumbers(fromPage, toPage){';
$pagesMenu .= ' var ellipsesIndex = 0;';
$pagesMenu .= ' if(fromPage > toPage) return;';
$pagesMenu .= ' if(fromPage > 0){';
$pagesMenu .= ' if(pagesMenu.options[pagesMenu.options.length - 1].text != fromPage){';
$pagesMenu .= ' ellipsesIndex = pagesMenu.options.length;';
$pagesMenu .= ' fromPage--;';
$pagesMenu .= ' }';
$pagesMenu .= ' }';
$pagesMenu .= ' for(i = fromPage; i <= toPage; i++){';
$pagesMenu .= ' var option = document.createElement("option");';
$pagesMenu .= ' option.text = (i + 1);';
$pagesMenu .= ' option.value = i;';
$pagesMenu .= ' if(i == currentPage){ option.selected = "selected"; }';
$pagesMenu .= ' try{';
$pagesMenu .= ' /* for IE earlier than version 8 */';
$pagesMenu .= ' pagesMenu.add(option, pagesMenu.options[null]);';
$pagesMenu .= ' }catch(e){';
$pagesMenu .= ' pagesMenu.add(option, null);';
$pagesMenu .= ' }';
$pagesMenu .= ' }';
$pagesMenu .= ' if(ellipsesIndex > 0){';
$pagesMenu .= ' pagesMenu.options[ellipsesIndex].text = " ... ";';
$pagesMenu .= ' }';
$pagesMenu .= '}';
$pagesMenu .= '</script>';
}
$this->HTML .= "\n\t";
if ($i) {
// 1 or more records found
$this->HTML .= "<tfoot><tr><td colspan=" . (count($this->ColCaption) + 1) . '>';
$this->HTML .= $Translation['records x to y of z'];
$this->HTML .= '</td></tr></tfoot>';
}
if (!$i) {
// no records found
$this->HTML .= "<tfoot><tr><td colspan=" . (count($this->ColCaption) + 1) . '>';
$this->HTML .= '<div class="alert alert-warning">';
$this->HTML .= '<i class="glyphicon glyphicon-warning-sign"></i> ';
$this->HTML .= $Translation['No matches found!'];
$this->HTML .= '</div>';
$this->HTML .= '</td></tr></tfoot>';
}
} else {
// TVP
if ($i) {
$this->HTML .= "\n\t<tfoot><tr><td colspan=" . (count($this->ColCaption) + 1) . '>' . $Translation['records x to y of z'] . '</td></tr></tfoot>';
}
if (!$i) {
$this->HTML .= "\n\t<tfoot><tr><td colspan=" . (count($this->ColCaption) + 1) . '>' . $Translation['No matches found!'] . '</td></tr></tfoot>';
}
}
$this->HTML = str_replace("<FirstRecord>", number_format($FirstRecord), $this->HTML);
$this->HTML = str_replace("<LastRecord>", number_format($i), $this->HTML);
$this->HTML = str_replace("<RecordCount>", number_format($RecordCount), $this->HTML);
$tvShown = true;
$this->HTML .= "</table></div>\n";
if ($Print_x == '' && $i) {
// TV
$this->HTML .= '<div class="row">';
$this->HTML .= '<div class="col-sm-4 col-md-3 col-lg-2 vspacer-lg">';
$this->HTML .= '<button onClick="' . $resetSelection . ' document.myform.NoDV.value = 1; return true;" type="submit" name="Previous_x" id="Previous" value="1" class="btn btn-default btn-block"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Previous'] . '</button>';
$this->HTML .= '</div>';
$this->HTML .= '<div class="col-sm-4 col-md-4 col-lg-2 col-md-offset-1 col-lg-offset-3 text-center vspacer-lg">';
$this->HTML .= $pagesMenu;
$this->HTML .= '</div>';
$this->HTML .= '<div class="col-sm-4 col-md-3 col-lg-2 col-md-offset-1 col-lg-offset-3 text-right vspacer-lg">';
$this->HTML .= '<button onClick="' . $resetSelection . ' document.myform.NoDV.value=1; return true;" type="submit" name="Next_x" id="Next" value="1" class="btn btn-default btn-block">' . $Translation['Next'] . ' <i class="glyphicon glyphicon-chevron-right"></i></button>';
$this->HTML .= '</div>';
$this->HTML .= '</div>';
}
}
/* that marks the end of the TV table */
// hidden variables ....
foreach ($this->filterers as $filterer => $caption) {
if ($_REQUEST['filterer_' . $filterer] != '') {
$this->HTML .= "<input name=\"filterer_{$filterer}\" value=\"" . htmlspecialchars($_REQUEST['filterer_' . $filterer], ENT_QUOTES, 'iso-8859-1') . "\" type=\"hidden\" />";
break;
// currently, only one filterer can be applied at a time
}
}
$this->HTML .= '<input name="SortField" value="' . $SortField . '" type="hidden">';
$this->HTML .= '<input name="SelectedID" value="' . htmlspecialchars($SelectedID, ENT_QUOTES, 'iso-8859-1') . '" type="hidden">';
$this->HTML .= '<input name="SelectedField" value="" type="hidden">';
$this->HTML .= '<input name="SortDirection" type="hidden" value="' . $SortDirection . '">';
$this->HTML .= '<input name="FirstRecord" type="hidden" value="' . $FirstRecord . '">';
$this->HTML .= '<input name="NoDV" type="hidden" value="">';
$this->HTML .= '<input name="PrintDV" type="hidden" value="">';
if ($this->QuickSearch && !strpos($this->HTML, 'SearchString')) {
$this->HTML .= '<input name="SearchString" type="hidden" value="' . htmlspecialchars($SearchString, ENT_QUOTES, 'iso-8859-1') . '">';
}
// hidden variables: filters ...
$FiltersCode = '';
for ($i = 1; $i <= datalist_filters_count * $FiltersPerGroup; $i++) {
// Number of filters allowed
if ($i % $FiltersPerGroup == 1 && $i != 1 && $FilterAnd[$i] != '') {
$FiltersCode .= "<input name=\"FilterAnd[{$i}]\" value=\"{$FilterAnd[$i]}\" type=\"hidden\">\n";
}
if ($FilterField[$i] != '' && $FilterOperator[$i] != '' && ($FilterValue[$i] != '' || strpos($FilterOperator[$i], 'empty'))) {
if (!strstr($FiltersCode, "<input name=\"FilterAnd[{$i}]\" value=")) {
$FiltersCode .= "<input name=\"FilterAnd[{$i}]\" value=\"{$FilterAnd[$i]}\" type=\"hidden\">\n";
}
$FiltersCode .= "<input name=\"FilterField[{$i}]\" value=\"{$FilterField[$i]}\" type=\"hidden\">\n";
$FiltersCode .= "<input name=\"FilterOperator[{$i}]\" value=\"{$FilterOperator[$i]}\" type=\"hidden\">\n";
$FiltersCode .= "<input name=\"FilterValue[{$i}]\" value=\"" . htmlspecialchars($FilterValue[$i], ENT_QUOTES, 'iso-8859-1') . "\" type=\"hidden\">\n";
}
}
$FiltersCode .= "<input name=\"DisplayRecords\" value=\"{$DisplayRecords}\" type=\"hidden\" />";
$this->HTML .= $FiltersCode;
// display details form ...
if (($this->AllowSelection || $this->AllowInsert || $this->AllowUpdate || $this->AllowDelete) && $Print_x == '' && !$PrintDV) {
if ($this->SeparateDV && $this->HideTableView || !$this->SeparateDV) {
$dvCode = call_user_func("{$this->TableName}_form", $SelectedID, $this->AllowUpdate, $this->HideTableView && $SelectedID ? 0 : $this->AllowInsert, $this->AllowDelete, $this->SeparateDV);
$this->HTML .= "\n\t<div class=\"panel panel-default detail_view\">{$dvCode}</div>";
$this->HTML .= $this->SeparateDV ? '<input name="SearchString" value="' . htmlspecialchars($SearchString, ENT_QUOTES, 'iso-8859-1') . '" type="hidden">' : '';
if ($dvCode) {
$this->ContentType = 'detailview';
$dvShown = true;
}
}
}
// display multiple printable detail views
if ($PrintDV) {
$dvCode = '';
$_POST['dvprint_x'] = $_GET['dvprint_x'] = $_REQUEST['dvprint_x'] = 1;
// hidden vars
foreach ($this->filterers as $filterer => $caption) {
if ($_REQUEST['filterer_' . $filterer] != '') {
$this->HTML .= "<input name=\"filterer_{$filterer}\" value=\"" . htmlspecialchars($_REQUEST['filterer_' . $filterer], ENT_QUOTES, 'iso-8859-1') . "\" type=\"hidden\" />";
break;
// currently, only one filterer can be applied at a time
}
}
// count selected records
$selectedRecords = 0;
if (is_array($_POST['record_selector'])) {
foreach ($_POST['record_selector'] as $id) {
$selectedRecords++;
$this->HTML .= '<input type="hidden" name="record_selector[]" value="' . htmlspecialchars($id, ENT_QUOTES, 'iso-8859-1') . '">' . "\n";
}
}
if ($selectedRecords && $selectedRecords <= datalist_max_records_dv_print) {
// if records selected > {datalist_max_records_dv_print} don't show DV preview to avoid db performance issues.
foreach ($_POST['record_selector'] as $id) {
$dvCode .= call_user_func($this->TableName . '_form', $id, 0, 0, 0, 1);
}
if ($dvCode != '') {
$dvCode = preg_replace('/<input .*?type="?image"?.*?>/', '', $dvCode);
$this->HTML .= $dvCode;
}
} else {
$this->HTML .= error_message($Translation['Maximum records allowed to enable this feature is'] . ' ' . datalist_max_records_dv_print);
$this->HTML .= '<input type="submit" class="print-button" value="' . $Translation['Print Preview Table View'] . '">';
}
}
$this->HTML .= "</form>";
$this->HTML .= '</div><div class="col-xs-1 md-hidden lg-hidden"></div></div>';
// $this->HTML .= '<font face="garamond">'.htmlspecialchars($tvQuery).'</font>'; // uncomment this line for debugging the table view query
if ($dvShown && $tvShown) {
$this->ContentType = 'tableview+detailview';
}
if ($dvprint_x != '') {
$this->ContentType = 'print-detailview';
}
if ($Print_x != '') {
$this->ContentType = 'print-tableview';
}
if ($PrintDV != '') {
$this->ContentType = 'print-detailview';
}
// call detail view javascript hook file if found
$dvJSHooksFile = dirname(__FILE__) . '/hooks/' . $this->TableName . '-dv.js';
if (is_file($dvJSHooksFile) && ($this->ContentType == 'detailview' || $this->ContentType == 'tableview+detailview')) {
$this->HTML .= "\n<script src=\"hooks/{$this->TableName}-dv.js\"></script>\n";
}
}
}
if ($type != "Server") {
$server = 0;
}
if (!$type) {
$errormessage = "You must choose a type for the issue";
}
if (!$title) {
$errormessage = "A title is required summarising the issue";
}
if ($errormessage) {
$action = "manage";
} else {
$startdate = toMySQLDate($startdate);
if ($enddate) {
$enddate = toMySQLDate($enddate);
} else {
$enddate = "NULL";
}
$updatearray = array("startdate" => $startdate, "enddate" => $enddate, "title" => $title, "description" => html_entity_decode($description), "type" => $type, "server" => $server, "affecting" => $affecting, "priority" => $priority, "status" => $status, "lastupdate" => "now()");
if ($id) {
update_query("tblnetworkissues", $updatearray, array("id" => $id));
run_hook("NetworkIssueEdit", array_merge(array("id" => $id), $updatearray));
if ($status == "Resolved") {
run_hook("NetworkIssueClose", array("id" => $id));
}
} else {
$nwid = insert_query("tblnetworkissues", $updatearray);
run_hook("NetworkIssueAdd", array_merge(array("id" => $nwid), $updatearray));
}
redir();
$recurringamount += $domainemailforwardingprice;
}
if ($idprotection) {
$recurringamount += $domainidprotectionprice;
}
if ($promoid) {
$recurringamount -= recalcPromoAmount("D." . $domainparts[1], $userid, $id, $regperiod . "Years", $recurringamount, $promoid);
}
}
if (!$olddonotrenew && $donotrenew) {
disableAutoRenew($id);
}
$table = "tbldomains";
$array = array("registrationdate" => toMySQLDate($regdate), "domain" => $domain, "firstpaymentamount" => $firstpaymentamount, "recurringamount" => $recurringamount, "paymentmethod" => $paymentmethod, "registrar" => $registrar, "registrationperiod" => $regperiod, "expirydate" => toMySQLDate($expirydate), "nextduedate" => toMySQLDate($nextduedate), "subscriptionid" => $subscriptionid, "promoid" => $promoid, "additionalnotes" => $additionalnotes, "status" => $status, "dnsmanagement" => $dnsmanagement, "emailforwarding" => $emailforwarding, "idprotection" => $idprotection, "donotrenew" => $donotrenew);
if ($oldnextduedate != $nextduedate) {
$array['nextinvoicedate'] = toMySQLDate($nextduedate);
}
$where = array("id" => $id);
update_query($table, $array, $where);
logActivity("Domain Modified - User ID: " . $userid . " - Domain ID: " . $id, $userid);
if ($additionaldomainfield) {
$domainparts = explode(".", $domain, 2);
$tld = "." . $domainparts[1];
$tempdomainfields = $additionaldomainfields[$tld];
foreach ($tempdomainfields as $key => $value) {
$key = $value['Name'];
$value = $additionaldomainfield[$key];
$table = "tbldomainsadditionalfields";
$where = array("domainid" => $id, "name" => $key);
$result = select_query($table, "COUNT(*)", $where);
$data = mysql_fetch_array($result);
$todate = getTodaysDate();
}
$reportdata["headertext"] = "<form method=\"post\" action=\"{$PHP_SELF}?" . (isset($_REQUEST['module']) ? 'module=' . $_REQUEST['module'] . '&' : '') . "report={$report}¤cyid={$currencyid}&calculate=true\"><center>Staff Name: <select name=\"staffid\"><option value=\"0\">- Any -</option>";
$result = select_query("tbladmins", "id,CONCAT(firstname,' ',lastname)", "", "firstname", "ASC");
while ($data = mysql_fetch_array($result)) {
$reportdata["headertext"] .= "<option value=\"" . $data[0] . "\"" . ($data[0] == $staffid ? " selected" : "") . ">" . $data[1] . "</option>";
}
$reportdata["headertext"] .= "</select> Start Date: <input type=\"text\" name=\"fromdate\" value=\"{$fromdate}\" class=\"datepick\" /> End Date: <input type=\"text\" name=\"todate\" value=\"{$todate}\" class=\"datepick\" /> <input type=\"submit\" value=\"Generate Report\" /></form>";
$reportdata["tableheadings"][] = "Ticket ID";
$reportdata["tableheadings"][] = "Staff Name";
$reportdata["tableheadings"][] = "Subject";
$reportdata["tableheadings"][] = "Feedback Left";
$reportdata["tableheadings"][] = "Rating";
$reportdata["tableheadings"][] = "Comments";
$reportdata["tableheadings"][] = "IP Address";
$result = select_query("tblticketfeedback", "tblticketfeedback.*,(SELECT CONCAT(firstname,' ',lastname) FROM tbladmins WHERE tbladmins.id=tblticketfeedback.adminid) AS adminname,(SELECT CONCAT(tid,'|||',title) FROM tbltickets WHERE tbltickets.id=tblticketfeedback.ticketid) AS ticketinfo", "datetime>='" . toMySQLDate($fromdate) . "' AND datetime<='" . toMySQLDate($todate . ' 23:59:59') . "'" . ($staffid ? " AND adminid=" . (int) $staffid : ""), "datetime", "ASC");
while ($data = mysql_fetch_array($result)) {
$id = $data['id'];
$ticketid = $data['ticketid'];
$ticketinfo = $data['ticketinfo'];
$adminid = $data['adminid'];
$adminname = $data['adminname'];
$rating = $data['rating'];
$comments = $data['comments'];
$datetime = $data['datetime'];
$ip = $data['ip'];
if ($adminid == 0) {
$adminname = 'Generic Feedback';
} elseif (!trim($adminname)) {
$adminname = 'Deleted Admin';
}
<form method="post" action="reports.php?report={$report}">
<table align="center">
<tr><td>Date From:</td><td><input type="text" name="datefrom" value="{$datefrom}" class="datepick" /></td><td width="20"></td><td>Date To:</td><td><input type="text" name="dateto" value="{$dateto}" class="datepick" /></td><td width="20"></td><td><input type="submit" value="Submit" /></tr>
</table>
</form>
EOF;
$reportdata["tableheadings"] = array("Coupon Code", "Discount Type", "Value", "Recurring", "Notes", "Usage Count", "Total Revenue");
$i = 0;
$result = select_query("tblpromotions", "", "", "code", "ASC");
while ($data = mysql_fetch_array($result)) {
$code = $data["code"];
$type = $data["type"];
$value = $data["value"];
$recurring = $data["recurring"];
$notes = $data["notes"];
$rowcount = $rowtotal = 0;
$reportdata["drilldown"][$i]["tableheadings"] = array("Order ID", "Order Date", "Order Number", "Order Total", "Order Status");
$result2 = select_query("tblorders", "", "promocode='" . db_escape_string($code) . "' AND date>='" . toMySQLDate($datefrom) . "' AND date<='" . toMySQLDate($dateto) . "'", "id", "ASC");
while ($data = mysql_fetch_array($result2)) {
$orderid = $data['id'];
$ordernum = $data['ordernum'];
$orderdate = $data['date'];
$ordertotal = $data['amount'];
$orderstatus = $data['status'];
$rowcount++;
$rowtotal += $ordertotal;
$reportdata["drilldown"][$i]["tablevalues"][] = array('<a href="orders.php?action=view&id=' . $orderid . '">' . $orderid . '</a>', fromMySQLDate($orderdate), $ordernum, $ordertotal, $orderstatus);
}
$reportdata["tablevalues"][$i] = array($code, $type, $value, $recurring, $notes, $rowcount, format_as_currency($rowtotal));
$i++;
}
$where = array();
if ($show == "received") {
$where[] = "tblaccounts.amountin>0";
} else {
if ($show == "sent") {
$where[] = "tblaccounts.amountout>0";
}
}
if ($amount) {
$where[] = "(tblaccounts.amountin='" . db_escape_string($amount) . "' OR tblaccounts.amountout='" . db_escape_string($amount) . "')";
}
if ($startdate) {
$where[] = "tblaccounts.date>='" . toMySQLDate($startdate) . " 00:00:00'";
}
if ($enddate) {
$where[] = "tblaccounts.date<='" . toMySQLDate($enddate) . " 23:59:59'";
}
if (!$startdate && !$enddate) {
if ($within == "week") {
$lastweek = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - 7, date("Y")));
$where[] = "tblaccounts.date>=" . $lastweek;
} else {
if ($within == "month") {
$lastmonth = date("Ymd", mktime(0, 0, 0, date("m") - 1, date("d"), date("Y")));
$where[] = "tblaccounts.date>=" . $lastmonth;
} else {
if ($within == "year") {
$lastyear = date("Ymd", mktime(0, 0, 0, date("m"), date("d"), date("Y") - 1));
$where[] = "tblaccounts.date>=" . $lastyear;
}
}
function Render()
{
// get post and get variables
global $Translation;
$FiltersPerGroup = 4;
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$SortField = $_GET["SortField"];
$SortDirection = $_GET["SortDirection"];
$FirstRecord = $_GET["FirstRecord"];
$ScrollUp_y = $_GET["ScrollUp_y"];
$ScrollDn_y = $_GET["ScrollDn_y"];
$Previous_x = $_GET["Previous_x"];
$Next_x = $_GET["Next_x"];
$Filter_x = $_GET["Filter_x"];
$SaveFilter_x = $_GET["SaveFilter_x"];
$NoFilter_x = $_GET["NoFilter_x"];
$CancelFilter = $_GET["CancelFilter"];
$ApplyFilter = $_GET["ApplyFilter"];
$Search_x = $_GET["Search_x"];
$SearchString = get_magic_quotes_gpc() ? stripslashes($_GET['SearchString']) : $_GET['SearchString'];
$CSV_x = $_GET["CSV_x"];
$FilterAnd = $_GET["FilterAnd"];
$FilterField = $_GET["FilterField"];
$FilterOperator = $_GET["FilterOperator"];
if (is_array($_GET['FilterValue'])) {
foreach ($_GET['FilterValue'] as $fvi => $fv) {
$FilterValue[$fvi] = get_magic_quotes_gpc() ? stripslashes($fv) : $fv;
}
}
$Print_x = $_GET["Print_x"];
$SelectedID = get_magic_quotes_gpc() ? stripslashes($_GET['SelectedID']) : $_GET['SelectedID'];
$insert_x = $_GET["insert_x"];
$update_x = $_GET["update_x"];
$delete_x = $_GET["delete_x"];
$SkipChecks = $_GET['confirmed'];
$deselect_x = $_GET["deselect_x"];
$addNew_x = $_GET["addNew_x"];
$dvprint_x = $_GET['dvprint_x'];
} else {
$SortField = $_POST["SortField"];
$SortDirection = $_POST["SortDirection"];
$FirstRecord = $_POST["FirstRecord"];
$ScrollUp_y = $_POST["ScrollUp_y"];
$ScrollDn_y = $_POST["ScrollDn_y"];
$Previous_x = $_POST["Previous_x"];
$Next_x = $_POST["Next_x"];
$Filter_x = $_POST["Filter_x"];
$SaveFilter_x = $_POST["SaveFilter_x"];
$NoFilter_x = $_POST["NoFilter_x"];
$CancelFilter = $_POST["CancelFilter"];
$ApplyFilter = $_POST["ApplyFilter"];
$Search_x = $_POST["Search_x"];
$SearchString = get_magic_quotes_gpc() ? stripslashes($_POST['SearchString']) : $_POST['SearchString'];
$CSV_x = $_POST["CSV_x"];
$FilterAnd = $_POST['FilterAnd'];
$FilterField = $_POST['FilterField'];
$FilterOperator = $_POST['FilterOperator'];
if (is_array($_POST['FilterValue'])) {
foreach ($_POST['FilterValue'] as $fvi => $fv) {
$FilterValue[$fvi] = get_magic_quotes_gpc() ? stripslashes($fv) : $fv;
}
}
$Print_x = $_POST['Print_x'];
$PrintTV = $_POST['PrintTV'];
$PrintDV = $_POST['PrintDV'];
$SelectedID = get_magic_quotes_gpc() ? stripslashes($_POST['SelectedID']) : $_POST['SelectedID'];
$insert_x = $_POST['insert_x'];
$update_x = $_POST['update_x'];
$delete_x = $_POST['delete_x'];
$SkipChecks = $_POST['confirmed'];
$deselect_x = $_POST['deselect_x'];
$addNew_x = $_POST['addNew_x'];
$dvprint_x = $_POST['dvprint_x'];
}
// insure authenticity of user inputs:
if (!$this->AllowDelete) {
$delete_x = "";
}
if (!$this->AllowDeleteOfParents) {
$SkipChecks = "";
}
if (!$this->AllowInsert) {
$insert_x = "";
$addNew_x = "";
}
if (!$this->AllowUpdate) {
$update_x = "";
}
if (!$this->AllowFilters) {
$Filter_x = "";
}
if (!$this->AllowPrinting) {
$Print_x = '';
$PrintDV = '';
$PrintTV = '';
}
if (!$this->AllowPrintingMultiSelection) {
$PrintDV = '';
$PrintTV = '';
}
if (!$this->QuickSearch) {
$SearchString = "";
}
if (!$this->AllowCSV) {
$CSV_x = "";
}
// enforce record selection if user has edit/delete permissions on the current table
$AllowPrintDV = 1;
$this->Permissions = getTablePermissions($this->TableName);
if ($this->Permissions[3] || $this->Permissions[4]) {
// current user can edit or delete?
$this->AllowSelection = 1;
} elseif (!$this->AllowSelection) {
$SelectedID = '';
$AllowPrintDV = 0;
$PrintDV = '';
}
if (!$this->AllowSelection || !$SelectedID) {
$dvprint_x = '';
}
$this->QueryFieldsIndexed = reIndex($this->QueryFieldsFilters);
$this->HTML .= '<form method="post" name="myform" action="' . $this->ScriptFileName . '">';
$this->HTML .= '<input type="submit" style="position: absolute; left: 0px; top: -100px;" onclick="return false;">';
$this->ContentType = 'tableview';
// default content type
// handle user commands ...
if ($PrintTV != '') {
$Print_x = 1;
$_POST['Print_x'] = 1;
}
if ($deselect_x != '') {
$SelectedID = '';
$this->showTV();
} elseif ($insert_x != '') {
$SelectedID = call_user_func($this->TableName . '_insert');
// redirect to a safe url to avoid refreshing and thus
// insertion of duplicate records.
// compose filters and sorting
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
if ($FilterField[$i] != "" && $FilterOperator[$i] != "" && ($FilterValue[$i] != "" || strstr($FilterOperator[$i], 'Empty'))) {
$filtersGET .= "&FilterAnd[{$i}]={$FilterAnd[$i]}&FilterField[{$i}]={$FilterField[$i]}&FilterOperator[{$i}]={$FilterOperator[$i]}&FilterValue[{$i}]=" . urlencode($FilterValue[$i]);
}
}
$filtersGET .= "&SortField={$SortField}&SortDirection={$SortDirection}&FirstRecord={$FirstRecord}";
$filtersGET = substr($filtersGET, 1);
// remove initial &
if ($this->RedirectAfterInsert != "") {
if (strpos($this->RedirectAfterInsert, '?')) {
$this->RedirectAfterInsert .= '&record-added-ok=' . rand();
} else {
$this->RedirectAfterInsert .= '?record-added-ok=' . rand();
}
if (strpos($this->RedirectAfterInsert, $this->ScriptFileName) !== false) {
$this->RedirectAfterInsert .= '&' . $filtersGET;
}
$this->HTML .= "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;url=" . str_replace("#ID#", urlencode($SelectedID), $this->RedirectAfterInsert) . "\">";
return;
} else {
$this->HTML .= '<META HTTP-EQUIV="Refresh" CONTENT="0;url=' . $this->ScriptFileName . '?SelectedID=' . urlencode($SelectedID) . '&' . $filtersGET . '">';
return;
}
} elseif ($delete_x != "") {
$d = call_user_func($this->TableName . '_delete', $SelectedID, $this->AllowDeleteOfParents, $SkipChecks);
if ($d) {
$this->HTML .= "<div class=Error>" . $Translation['error:'] . " {$d}</div>";
} else {
$SelectedID = "";
$this->showTV();
}
} elseif ($update_x != "") {
call_user_func($this->TableName . '_update', $SelectedID);
// compose filters and sorting
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
if ($FilterField[$i] != "" && $FilterOperator[$i] != "" && ($FilterValue[$i] != "" || strstr($FilterOperator[$i], 'Empty'))) {
$filtersGET .= "&FilterAnd[{$i}]={$FilterAnd[$i]}&FilterField[{$i}]={$FilterField[$i]}&FilterOperator[{$i}]={$FilterOperator[$i]}&FilterValue[{$i}]=" . urlencode($FilterValue[$i]);
}
}
$filtersGET .= "&SortField={$SortField}&SortDirection={$SortDirection}&FirstRecord={$FirstRecord}";
$filtersGET = substr($filtersGET, 1);
// remove initial &
$this->HTML .= '<META HTTP-EQUIV="Refresh" CONTENT="0;url=' . $this->ScriptFileName . '?SelectedID=' . urlencode($SelectedID) . '&' . $filtersGET . '&record-updated-ok=' . rand() . '">';
return;
} elseif ($addNew_x != "") {
$SelectedID = '';
$this->hideTV();
} elseif ($Print_x != "") {
// print code here ....
$this->AllowNavigation = 0;
$this->AllowSelection = 0;
} elseif ($SaveFilter_x != "" && $this->AllowSavingFilters) {
$this->HTML .= "<table width=550 border=0 align=center><tr><td class=TableTitle>" . $Translation["saved filters title"] . "</td></tr>";
$this->HTML .= "\n\t<tr><td class=TableHeader>" . $Translation["saved filters instructions"] . "</td></tr>";
$this->HTML .= "\n\t<tr><td class=TableHeader><textarea cols=60 rows=12 wrap=off>";
$SourceCode = "<html><body>\n";
$SourceCode .= '<form method="post" action="' . $_SERVER['HTTP_REFERER'] . '">' . "\n";
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
if ($i % $FiltersPerGroup == 1 && $i != 1 && $FilterAnd[$i] != "") {
$SourceCode .= "\t<input name=FilterAnd[{$i}] value='{$FilterAnd[$i]}' type=hidden>\n";
}
if ($FilterField[$i] != "" && $FilterOperator[$i] != "" && ($FilterValue[$i] != "" || strstr($FilterOperator[$i], 'Empty'))) {
if (!strstr($SourceCode, "\t<input name=FilterAnd[{$i}] value=")) {
$SourceCode .= "\t<input name=FilterAnd[{$i}] value='{$FilterAnd[$i]}' type=hidden>\n";
}
$SourceCode .= "\t<input name=FilterField[{$i}] value='{$FilterField[$i]}' type=hidden>\n";
$SourceCode .= "\t<input name=FilterOperator[{$i}] value='{$FilterOperator[$i]}' type=hidden>\n";
$SourceCode .= "\t<input name=FilterValue[{$i}] value='" . htmlspecialchars($FilterValue[$i], ENT_QUOTES) . "' type=hidden>\n\n";
}
}
$SourceCode .= "\n\t<input type=submit value=\"Show Filtered Data\">\n";
$SourceCode .= "</form>\n</body></html>";
$this->HTML .= $SourceCode;
$this->HTML .= "</textarea>";
$this->HTML .= "<br /><input type=submit value=\"" . $Translation["hide code"] . "\">";
$this->HTML .= "\n\t</table>\n\n";
} elseif ($Filter_x != "") {
if ($this->FilterPage != "") {
ob_start();
@(include $this->FilterPage);
$out = ob_get_contents();
ob_end_clean();
$this->HTML .= $out;
} else {
// filter page code here .....
$this->HTML .= '<table border="0" align="center"><tr><td colspan="4" class="TableTitle">' . $this->TableTitle . " " . $Translation['filters'] . "</td></tr>";
$this->HTML .= "\n\t<tr><td class=\"TableHeader\"></td><td class=\"TableHeader\">" . $Translation['filtered field'] . '</td><td class="TableHeader">' . $Translation['comparison operator'] . '</td><td class="TableHeader">' . $Translation['comparison value'] . '</td></tr>';
$this->HTML .= "\n\t<tr><td colspan=\"4\" class=\"TableHeader\"></td></tr>";
for ($i = 1; $i <= 3 * $FiltersPerGroup; $i++) {
// Number of filters allowed
$fields = "";
$operators = "";
if ($i % $FiltersPerGroup == 1 && $i != 1) {
$this->HTML .= "\n\t<tr><td colspan=4 class=TableHeader></td></tr>";
$this->HTML .= "\n\t<tr><td colspan=4 align=center>";
$seland = new Combo();
$seland->ListItem = array($Translation["or"], $Translation["and"]);
$seland->ListData = array("or", "and");
$seland->SelectName = "FilterAnd[{$i}]";
$seland->SelectedData = $FilterAnd[$i];
$seland->Render();
$this->HTML .= $seland->HTML . "</td></tr>";
$this->HTML .= "\n\t<tr><td colspan=4 class=TableHeader></td></tr>";
}
$this->HTML .= "\n\t<tr><td class=TableHeader style='text-align:left;'> " . $Translation["filter"] . sprintf("%02d", $i) . " ";
// And, Or select
if ($i % $FiltersPerGroup != 1) {
$seland = new Combo();
$seland->ListItem = array($Translation["and"], $Translation["or"]);
$seland->ListData = array("and", "or");
$seland->SelectName = "FilterAnd[{$i}]";
$seland->SelectedData = $FilterAnd[$i];
$seland->Render();
$this->HTML .= $seland->HTML . "</td>";
} else {
$this->HTML .= "</td>";
}
// Fields list
$selfields = new Combo();
$selfields->SelectName = "FilterField[{$i}]";
$selfields->SelectedData = $FilterField[$i];
$selfields->ListItem = array_values($this->QueryFieldsFilters);
$selfields->ListData = array_keys($this->QueryFieldsIndexed);
$selfields->Render();
$this->HTML .= "\n\t\t<td>{$selfields->HTML}</td>";
// Operators list
$selop = new Combo();
$selop->ListItem = array($Translation["equal to"], $Translation["not equal to"], $Translation["greater than"], $Translation["greater than or equal to"], $Translation["less than"], $Translation["less than or equal to"], $Translation["like"], $Translation["not like"], $Translation["is empty"], $Translation["is not empty"]);
$selop->ListData = array("<=>", "!=", ">", ">=", "<", "<=", "like", "not like", "isEmpty", "isNotEmpty");
$selop->SelectName = "FilterOperator[{$i}]";
$selop->SelectedData = $FilterOperator[$i];
$selop->Render();
$this->HTML .= "\n\t\t<td>{$selop->HTML}</td>";
// Comparison expression
$this->HTML .= "\n\t\t<td><input size=25 type=text name=FilterValue[{$i}] value=\"" . htmlspecialchars($FilterValue[$i], ENT_QUOTES) . "\" class=TextBox></td></tr>";
if (!$i % $FiltersPerGroup) {
$this->HTML .= "\n\t<tr><td colspan=4 class=TableHeader></td></tr>";
}
}
$this->HTML .= "\n\t<tr><td colspan=4 class=TableHeader></td></tr>";
$this->HTML .= "\n\t<tr><td colspan=4 align=right><input type=image src=applyFilters.gif alt='" . $Translation["apply filters"] . "'>" . ($this->AllowSavingFilters ? " <input type=image src=save_search.gif alt='" . $Translation["save filters"] . "' name=SaveFilter>" : "") . "</td></tr>";
$this->HTML .= "\n</table>";
}
// hidden variables ....
$this->HTML .= "<input name=SortField value='" . (is_numeric($SortField) ? $SortField : $SortFieldNumeric) . "' type=hidden>";
$this->HTML .= "<input name=SortDirection type=hidden value='{$SortDirection}'>";
$this->HTML .= "<input name=FirstRecord type=hidden value='1'>";
$this->ContentType = 'filters';
return;
} elseif ($NoFilter_x != "") {
// clear all filters ...
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
$FilterField[$i] = "";
$FilterOperator[$i] = "";
$FilterValue[$i] = "";
}
$SearchString = "";
} elseif ($SelectedID) {
$this->hideTV();
}
if ($SearchString != '') {
if ($Search_x != '') {
$FirstRecord = 1;
}
if ($this->QueryWhere == '') {
$this->QueryWhere = "where ";
} else {
$this->QueryWhere .= " and ";
}
foreach ($this->QueryFieldsQS as $fName => $fCaption) {
if (strpos($fName, '<img') === False) {
$this->QuerySearchableFields[$fName] = $fCaption;
}
}
$this->QueryWhere .= '(' . implode(" LIKE '%" . makeSafe($SearchString) . "%' or ", array_keys($this->QuerySearchableFields)) . " LIKE '%" . makeSafe($SearchString) . "%')";
}
// set query filters
$QueryHasWhere = 0;
if (strpos($this->QueryWhere, 'where ') !== FALSE) {
$QueryHasWhere = 1;
}
$WhereNeedsClosing = 0;
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i += $FiltersPerGroup) {
// Number of filters allowed
// test current filter group
$GroupHasFilters = 0;
for ($j = 0; $j < $FiltersPerGroup; $j++) {
if ($FilterField[$i + $j] != "" && $FilterOperator[$i + $j] != "" && ($FilterValue[$i + $j] != "" || strstr($FilterOperator[$i + $j], 'Empty'))) {
$GroupHasFilters = 1;
break;
}
}
if ($GroupHasFilters) {
if (!stristr($this->QueryWhere, "where ")) {
$this->QueryWhere = "where (";
} elseif ($QueryHasWhere) {
$this->QueryWhere .= " and (";
$QueryHasWhere = 0;
}
$this->QueryWhere .= " <FilterGroup> " . $FilterAnd[$i] . " (";
for ($j = 0; $j < $FiltersPerGroup; $j++) {
if ($FilterField[$i + $j] != "" && $FilterOperator[$i + $j] != "" && ($FilterValue[$i + $j] != "" || strstr($FilterOperator[$i + $j], 'Empty'))) {
if ($FilterAnd[$i + $j] == '') {
$FilterAnd[$i + $j] = 'and';
}
// test for date/time fields
$tries = 0;
$isDateTime = FALSE;
$isDate = FALSE;
$fieldName = str_replace('`', '', $this->QueryFieldsIndexed[$FilterField[$i + $j]]);
list($tn, $fn) = explode('.', $fieldName);
while (!($res = sql("show columns from `{$tn}` like '{$fn}'")) && $tries < 2) {
$tn = substr($tn, 0, -1);
$tries++;
}
if ($row = @mysql_fetch_array($res)) {
if ($row['Type'] == 'date' || $row['Type'] == 'time') {
$isDateTime = TRUE;
if ($row['Type'] == 'date') {
$isDate = True;
}
}
}
// end of test
if ($FilterOperator[$i + $j] == 'isEmpty' && !$isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " (" . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "='' or " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " is NULL) </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'isNotEmpty' && !$isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "!='' </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'isEmpty' && $isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " (" . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "=0 or " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " is NULL) </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'isNotEmpty' && $isDateTime) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . "!=0 </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'like' && !strstr($FilterValue[$i + $j], "%") && !strstr($FilterValue[$i + $j], "_")) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " " . $FilterOperator[$i + $j] . " '%" . makeSafe($FilterValue[$i + $j]) . "%' </FilterItem>";
} elseif ($FilterOperator[$i + $j] == 'not like' && !strstr($FilterValue[$i + $j], "%") && !strstr($FilterValue[$i + $j], "_")) {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " " . $FilterOperator[$i + $j] . " '%" . makeSafe($FilterValue[$i + $j]) . "%' </FilterItem>";
} elseif ($isDate) {
$dateValue = toMySQLDate($FilterValue[$i + $j]);
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " " . $FilterOperator[$i + $j] . " '{$dateValue}' </FilterItem>";
} else {
$this->QueryWhere .= " <FilterItem> " . $FilterAnd[$i + $j] . " " . $this->QueryFieldsIndexed[$FilterField[$i + $j]] . " " . $FilterOperator[$i + $j] . " '" . makeSafe($FilterValue[$i + $j]) . "' </FilterItem>";
}
}
}
$this->QueryWhere .= ") </FilterGroup>";
$WhereNeedsClosing = 1;
}
}
if ($WhereNeedsClosing) {
$this->QueryWhere .= ")";
}
// set query sort
if (!stristr($this->QueryOrder, "order by ") && $SortField != "" && $this->AllowSorting) {
$this->QueryOrder = "order by {$SortField} {$SortDirection}";
}
// clean up query
$this->QueryWhere = str_replace("( <FilterGroup> and ", "( ", $this->QueryWhere);
$this->QueryWhere = str_replace("( <FilterGroup> or ", "( ", $this->QueryWhere);
$this->QueryWhere = str_replace("( <FilterItem> and ", "( ", $this->QueryWhere);
$this->QueryWhere = str_replace("( <FilterItem> or ", "( ", $this->QueryWhere);
$this->QueryWhere = str_replace("<FilterGroup>", "", $this->QueryWhere);
$this->QueryWhere = str_replace("</FilterGroup>", "", $this->QueryWhere);
$this->QueryWhere = str_replace("<FilterItem>", "", $this->QueryWhere);
$this->QueryWhere = str_replace("</FilterItem>", "", $this->QueryWhere);
// if no 'order by' clause found, apply default sorting if specified
if ($this->DefaultSortField != "" && $this->QueryOrder == '') {
$this->QueryOrder = "order by " . $this->DefaultSortField . " " . $this->DefaultSortDirection;
}
// get count of matching records ...
$TempQuery = 'SELECT count(1) from ' . $this->QueryFrom . ' ' . $this->QueryWhere;
$RecordCount = sqlValue($TempQuery);
$FieldCountTV = count($this->QueryFieldsTV);
$FieldCountCSV = count($this->QueryFieldsCSV);
$FieldCountFilters = count($this->QueryFieldsFilters);
if (!$RecordCount) {
$FirstRecord = 1;
}
// disable multi-selection if too many records to avoid browser performance issues
if ($RecordCount > 1000) {
$this->AllowPrintingMultiSelection = 0;
}
// Output CSV on request
if ($CSV_x != '') {
$this->HTML = '';
// execute query for CSV output
$fieldList = '';
foreach ($this->QueryFieldsCSV as $fn => $fc) {
$fieldList .= "{$fn} as `{$fc}`, ";
}
$fieldList = substr($fieldList, 0, -2);
$csvQuery = 'SELECT ' . $fieldList . ' from ' . $this->QueryFrom . ' ' . $this->QueryWhere . ' ' . $this->QueryOrder;
// hook: table_csv
if (function_exists($this->TableName . '_csv')) {
$args = array();
$mq = call_user_func($this->TableName . '_csv', $csvQuery, getMemberInfo(), $args);
$csvQuery = $mq ? $mq : $csvQuery;
}
$result = sql($csvQuery);
// output CSV field names
for ($i = 0; $i < $FieldCountCSV; $i++) {
$this->HTML .= "\"" . mysql_field_name($result, $i) . "\"" . $this->CSVSeparator;
}
$this->HTML .= "\n\n";
// output CSV data
while ($row = mysql_fetch_row($result)) {
for ($i = 0; $i < $FieldCountCSV; $i++) {
$this->HTML .= "\"" . str_replace(array("\r\n", "\r", "\n", '"'), array(' ', ' ', ' ', '""'), $row[$i]) . "\"" . $this->CSVSeparator;
}
$this->HTML .= "\n\n";
}
$this->HTML = str_replace($this->CSVSeparator . "\n\n", "\n", $this->HTML);
$this->HTML = substr($this->HTML, 0, strlen($this->HTML) - 1);
// clean any output buffers
while (@ob_end_clean()) {
}
// output CSV HTTP headers ...
header('HTTP/1.1 200 OK');
header('Date: ' . @date("D M j G:i:s T Y"));
header('Last-Modified: ' . @date("D M j G:i:s T Y"));
header("Content-Type: application/force-download");
header("Content-Lenght: " . (string) strlen($this->HTML));
header("Content-Transfer-Encoding: Binary");
header("Content-Disposition: attachment; filename={$this->TableName}.csv");
// send output and quit script
echo $this->HTML;
exit;
}
$t = time();
// just a random number for any purpose ...
//$this->HTML .= "<font face=garamond>".$this->Query."</font>"; // uncomment this line for debugging
// should SelectedID be reset on clicking TV buttons?
$resetSelection = $this->SeparateDV ? "document.myform.SelectedID.value=''; " : '';
// begin table and display table title
$this->HTML .= "<table align=center cellspacing=1 cellpadding=0 border=0><tr>\n";
$this->HTML .= "<td colspan=" . ($FieldCountTV + 2) . ">";
$sum_width = 0;
for ($i = 0; $i < count($this->ColWidth); $i++) {
$sum_width += $this->ColWidth[$i];
}
$this->HTML .= "<table" . ($this->HideTableView ? "" : " width=100%") . " cellspacing=0 cellpadding=0 border=0>" . ($dvprint_x && $this->AllowSelection && $SelectedID ? '' : "<tr><td align=left colspan=2><div class=TableTitle>{$this->TableTitle}</div><br /></td></tr>");
if (!$this->HideTableView && !($dvprint_x && $this->AllowSelection && $SelectedID) && !$PrintDV) {
$this->HTML .= "<tr>";
// display tables navigator menu
if ($Print_x == '') {
$this->HTML .= "<td align=left>" . NavMenus() . "</td>";
} else {
$this->HTML .= "\n<style type=\"text/css\">@media print{.displayOnly {display: none;}}</style>\n";
if ($this->AllowPrintingMultiSelection) {
$withSelected = '' . '<input class="print-button" type="button" id="selectAll" value="' . $Translation['Select all records'] . '" onClick="$(\'toggleAll\').checked=!$(\'toggleAll\').checked; toggleAllRecords();">' . '<span id="withSelected">' . '<input class="print-button" type="submit" name="PrintTV" value="' . $Translation['Print Preview Table View'] . '">' . ($AllowPrintDV ? '<input id="PrintDV" class="print-button" type="submit" name="PrintDV" value="' . $Translation['Print Preview Detail View'] . '">' : '') . '<input class="print-button" type="submit" name="Print_x" value="' . $Translation['Cancel Selection'] . '">' . ' </span>' . '<script>' . 'var countSelected=0; ' . 'document.observe(\'dom:loaded\', function(){ ' . 'setInterval("' . '$(\'withSelected\').style.display=(countSelected ? \'inline\' : \'none\');' . '", 500); ' . '});' . '</script>';
}
$this->HTML .= "\n" . '<td colspan="2" class="displayOnly" style="min-width: 65em;"><div>' . '<input class="print-button" type="submit" value="' . $Translation['Cancel Printing'] . '">' . '<input class="print-button" type="button" id="sendToPrinter" value="' . $Translation['Print'] . '" onClick="window.print();">' . $withSelected . '</div></td>' . "\n";
}
// display quick search box
if ($this->QuickSearch > 0 && $this->QuickSearch < 4 && $Print_x == '') {
if ($this->QuickSearch == 1 || $this->QuickSearch == 2) {
$this->HTML .= '</tr><tr>';
}
$this->HTML .= "<td><div class=TableBodySelected style='text-align:" . ($this->QuickSearch == 1 ? "left" : ($this->QuickSearch == 2 ? "center" : "right")) . ";'>";
$this->HTML .= "<nobr><b>" . $this->QuickSearchText . "</b> <input type=text name=SearchString value='" . htmlspecialchars($SearchString, ENT_QUOTES) . "' size=15 class=TextBox>";
$this->HTML .= "<input onClick=\"{$resetSelection} document.myform.NoDV.value=1;\" align=top border=0 name=Search type=image vspace=2 hspace=2 src=qsearch.gif alt='" . $this->QuickSearchText . "'>";
$this->HTML .= "</nobr></div></td>";
}
$this->HTML .= "</tr>";
$this->HTML .= "<tr><td colspan=2><div class=\"TableBody\" style=\"text-align:center;\"><nobr>";
// display 'Add New' icon
if ($this->Permissions[1] && $this->SeparateDV && $Print_x == '') {
$this->HTML .= " <input type=image src=addNew.gif name=addNew alt='" . $Translation['add new record'] . "'>";
}
// display Print icon
if ($this->AllowPrinting && $Print_x == '') {
$this->HTML .= " <input onClick=\"document.myform.NoDV.value=1;\" type=image src=print.gif name=Print alt='" . $Translation["printer friendly view"] . "'>";
}
// display CSV icon
if ($this->AllowCSV && $Print_x == '') {
$this->HTML .= " <input onClick=\"document.myform.NoDV.value=1;\" type=image src=csv.gif name=CSV alt='" . $Translation["save as csv"] . "'>";
}
// display Filter icons
if ($this->AllowFilters && $Print_x == '') {
$this->HTML .= " <input onClick=\"document.myform.NoDV.value=1;\" type=image src=search.gif name=Filter alt='" . $Translation["edit filters"] . "'> <input onClick=\"{$resetSelection} document.myform.NoDV.value=1;\" type=image src=cancel_search.gif name=NoFilter alt='" . $Translation["clear filters"] . "'> ";
}
$this->HTML .= "</nobr></div></td></tr>";
$this->HTML .= "<!--</td></tr>--></table></td></tr>";
$this->HTML .= "<tr><td class=TableHeader>" . ($this->AllowSelection ? " " : "") . "</td>";
if ($this->AllowPrintingMultiSelection && $Print_x != '') {
$this->HTML .= '<td class="TableHeader displayOnly" align="left"><input type="checkbox" title="' . $Translation['Select all records'] . '" id="toggleAll" onclick="toggleAllRecords();"></td>';
}
// Templates
if ($this->Template != '') {
$rowTemplate = @implode('', @file('./' . $this->Template));
if (!$rowTemplate) {
$rowTemplate = '';
$selrowTemplate = '';
} else {
if ($this->SelectedTemplate != '') {
$selrowTemplate = @implode('', @file('./' . $this->SelectedTemplate));
if (!$selrowTemplate) {
$selrowTemplate = '';
}
} else {
$selrowTemplate = '';
}
}
} else {
$rowTemplate = '';
$selrowTemplate = '';
}
// process translations
if ($rowTemplate) {
foreach ($Translation as $symbol => $trans) {
$rowTemplate = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $rowTemplate);
}
}
if ($selrowTemplate) {
foreach ($Translation as $symbol => $trans) {
$selrowTemplate = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $selrowTemplate);
}
}
// End of templates
// display table headers
global $SortFieldNumeric;
if ($rowTemplate == '' || $this->ShowTableHeader == 1) {
for ($i = 0; $i < count($this->ColCaption); $i++) {
if ($this->AllowSorting == 1) {
$sort1 = "<a href=\"{$this->ScriptFileName}?SortDirection=asc&SortField=" . $this->ColNumber[$i] . "\" onClick=\"{$resetSelection} document.myform.NoDV.value=1; document.myform.SortDirection.value='asc'; document.myform.SortField.value = '" . $this->ColNumber[$i] . "'; document.myform.submit(); return false;\" class=\"TableHeader\">";
$sort2 = "</a>";
if ($this->ColNumber[$i] == $SortField || $this->ColNumber[$i] == $SortFieldNumeric) {
$SortDirection = $SortDirection == "asc" ? "desc" : "asc";
$sort1 = "<a href=\"{$this->ScriptFileName}?SortDirection={$SortDirection}&SortField=" . $this->ColNumber[$i] . "\" onClick=\"{$resetSelection} document.myform.NoDV.value=1; document.myform.SortDirection.value='{$SortDirection}'; document.myform.SortField.value = " . $this->ColNumber[$i] . "; document.myform.submit(); return false;\" class=\"TableHeader\"><img src=\"{$SortDirection}.gif\" border=\"0\" hspace=\"3\">";
$SortDirection = $SortDirection == "asc" ? "desc" : "asc";
}
} else {
$sort1 = '';
$sort2 = '';
}
$this->HTML .= "\t<td valign=top nowrap width='" . ($this->ColWidth[$i] ? $this->ColWidth[$i] : 100) . "' class=TableHeader><div class=TableHeader>{$sort1}" . $this->ColCaption[$i] . "{$sort2}</div></td>\n";
}
} else {
// Display a Sort by drop down
$this->HTML .= "\t<td valign=top class=TableHeader colspan=" . ($FieldCountTV + 1) . "><div class=TableHeader>";
if ($this->AllowSorting == 1) {
$sortCombo = new Combo();
//$sortCombo->ListItem[] = "";
//$sortCombo->ListData[] = "";
for ($i = 0; $i < count($this->ColCaption); $i++) {
$sortCombo->ListItem[] = $this->ColCaption[$i];
$sortCombo->ListData[] = $this->ColNumber[$i];
}
$sortCombo->SelectName = "FieldsList";
$sortCombo->SelectedData = is_numeric($SortField) ? $SortField : $SortFieldNumeric;
$sortCombo->Class = 'TableBody';
$sortCombo->SelectedClass = 'TableBodySelected';
$sortCombo->Render();
$d = $sortCombo->HTML;
$d = str_replace('<select ', "<select onChange=\"document.myform.SortDirection.value='{$SortDirection}'; document.myform.SortField.value=document.myform.FieldsList.value; document.myform.NoDV.value=1; document.myform.submit();\" ", $d);
if ($SortField) {
$SortDirection = $SortDirection == "desc" ? "asc" : "desc";
$sort = "<a href=\"javascript: document.myform.NoDV.value=1; document.myform.SortDirection.value='{$SortDirection}'; document.myform.SortField.value='{$SortField}'; document.myform.submit();\" class=TableHeader><img src={$SortDirection}.gif border=0 width=11 height=11 hspace=3></a>";
$SortDirection = $SortDirection == "desc" ? "asc" : "desc";
} else {
$sort = '';
}
$this->HTML .= $Translation['order by'] . " {$d} {$sort}";
}
$this->HTML .= "</div></td>\n";
}
// table view navigation code ...
if ($RecordCount && $this->AllowNavigation && $RecordCount > $this->RecordsPerPage) {
while ($FirstRecord > $RecordCount) {
$FirstRecord -= $this->RecordsPerPage;
}
if ($FirstRecord == "" || $FirstRecord < 1) {
$FirstRecord = 1;
}
if ($Previous_x != "") {
$FirstRecord -= $this->RecordsPerPage;
if ($FirstRecord <= 0) {
$FirstRecord = 1;
}
} elseif ($Next_x != "") {
$FirstRecord += $this->RecordsPerPage;
if ($FirstRecord > $RecordCount) {
$FirstRecord = $RecordCount - $RecordCount % $this->RecordsPerPage + 1;
}
if ($FirstRecord > $RecordCount) {
$FirstRecord = $RecordCount - $this->RecordsPerPage + 1;
}
if ($FirstRecord <= 0) {
$FirstRecord = 1;
}
} else {
// no scrolling action took place :)
}
} elseif ($RecordCount) {
$FirstRecord = 1;
$this->RecordsPerPage = $RecordCount;
}
// end of table view navigation code
$this->HTML .= "\n\t</tr>\n";
$this->HTML = "<script>\n\t\t\t\t\tfunction colorize(item, color){\n\t\t\t\t\t\tvar n=item.childNodes.length;\n\t\t\t\t\t\tfor(var i=0; i<n; i++){\n\t\t\t\t\t\t\tif(item.childNodes[i].nodeName=='TD'){\n\t\t\t\t\t\t\t\titem.childNodes[i].style.backgroundColor=color;\n\t\t\t\t\t\t\t\tif(item.childNodes[i].childNodes.length>0){\n\t\t\t\t\t\t\t\t\tif(item.childNodes[i].childNodes[0].nodeName=='A'){\n\t\t\t\t\t\t\t\t\t\titem.childNodes[i].childNodes[0].style.backgroundColor=color;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t</script>" . $this->HTML . '<!-- tv data below -->';
$i = 0;
$hc = new HtmlFilter();
$hc->encoding = 'iso-8859-1';
$hc->defaultProtocol = '';
if ($RecordCount) {
$i = $FirstRecord;
// execute query for table view
$fieldList = '';
foreach ($this->QueryFieldsTV as $fn => $fc) {
$fieldList .= "{$fn} as `{$fc}`, ";
}
$fieldList = substr($fieldList, 0, -2);
if ($this->PrimaryKey) {
$fieldList .= ", {$this->PrimaryKey} as '" . str_replace('`', '', $this->PrimaryKey) . "'";
}
$tvQuery = 'SELECT ' . $fieldList . ' from ' . $this->QueryFrom . ' ' . $this->QueryWhere . ' ' . $this->QueryOrder;
$result = sql($tvQuery . " limit " . ($i - 1) . ",{$this->RecordsPerPage}");
while (($row = mysql_fetch_array($result)) && $i < $FirstRecord + $this->RecordsPerPage) {
$alt = ($i - $FirstRecord) % 2;
if ($PrintTV && $_POST["select_{$row[$FieldCountTV]}"] != 1) {
continue;
}
$class = "TableBody" . ($alt ? "Selected" : "") . ($fNumeric ? "Numeric" : "");
$this->HTML .= "\t<tr onMouseOver=\"colorize(this, '" . $this->HighlightColor . "');\" onMouseOut=\"colorize(this, '');\">";
$this->HTML .= "<td class={$class} valign=top align=right width=12>" . ($SelectedID == $row[$FieldCountTV] ? "<font color=red>⇒</font>" : " ") . "</td>";
if ($this->AllowPrintingMultiSelection && $Print_x != '') {
$this->HTML .= "<td class=\"{$class} displayOnly\" valign=\"top\" align=\"left\" width=\"12\"><input type=\"checkbox\" id=\"select_{$row[$FieldCountTV]}\" name=\"select_{$row[$FieldCountTV]}\" value=\"1\" onclick=\"if(\$('select_{$row[$FieldCountTV]}').checked) countSelected++; else countSelected--;\"></td>";
$toggleAllScript .= "\$('select_{$row[$FieldCountTV]}').checked=s;";
}
// templates
if ($rowTemplate != '') {
if ($this->AllowSelection == 1 && $SelectedID == $row[$FieldCountTV] && $selrowTemplate != "") {
$rowTemp = $selrowTemplate;
} else {
$rowTemp = $rowTemplate;
}
if ($this->AllowSelection == 1 && $SelectedID != $row[$FieldCountTV]) {
$rowTemp = str_replace('<%%SELECT%%>', "<a onclick=\"document.myform.SelectedField.value=this.parentNode.cellIndex; document.myform.SelectedID.value='" . addslashes($row[$FieldCountTV]) . "'; document.myform.submit(); return false;\" href=\"{$this->ScriptFileName}?SelectedID=" . htmlspecialchars($row[$FieldCountTV], ENT_QUOTES) . "\" class=\"{$class}\" style=\"display: block; padding:0px;\">", $rowTemp);
$rowTemp = str_replace('<%%ENDSELECT%%>', '</a>', $rowTemp);
} else {
$rowTemp = str_replace('<%%SELECT%%>', "", $rowTemp);
$rowTemp = str_replace('<%%ENDSELECT%%>', '', $rowTemp);
}
for ($j = 0; $j < $FieldCountTV; $j++) {
$fieldTVCaption = current(array_slice($this->QueryFieldsTV, $j, 1));
$fd = $hc->clean($row[$j]);
/*
the TV template could contain field placeholders in the format
<%%FIELD_n%%> or <%%VALUE(Field Caption)%%>
*/
$rowTemp = str_replace("<%%FIELD_{$j}%%>", thisOr($fd), $rowTemp);
$rowTemp = str_replace("<%%VALUE({$fieldTVCaption})%%>", thisOr($fd), $rowTemp);
if (thisOr($fd) == ' ' && preg_match('/<a href=".*? .*?<\\/a>/i', $rowTemp, $m)) {
$rowTemp = str_replace($m[0], '', $rowTemp);
}
}
if ($alt && $SelectedID != $row[$FieldCountTV]) {
$rowTemp = str_replace("TableBody", "TableBodySelected", $rowTemp);
$rowTemp = str_replace("TableBodyNumeric", "TableBodySelectedNumeric", $rowTemp);
$rowTemp = str_replace("SelectedSelected", "Selected", $rowTemp);
}
if ($SearchString != '') {
$rowTemp = highlight($SearchString, $rowTemp);
}
$this->HTML .= $rowTemp;
$rowTemp = '';
} else {
// end of templates
for ($j = 0; $j < $FieldCountTV; $j++) {
$fType = mysql_field_type($result, $j);
$fNumeric = stristr($fType, 'int') || stristr($fType, 'float') || stristr($fType, 'decimal') || stristr($fType, 'numeric') || stristr($fType, 'real') || stristr($fType, 'double') ? true : false;
if ($this->AllowSelection == 1) {
$sel1 = "<a href=\"{$this->ScriptFileName}?SelectedID=" . htmlspecialchars($row[$FieldCountTV], ENT_QUOTES) . "\" onclick=\"document.myform.SelectedID.value='" . addslashes($row[$FieldCountTV]) . "'; document.myform.submit(); return false;\" class=\"{$class}\" style=\"padding:0px;\">";
$sel2 = "</a>";
} else {
$sel1 = "";
$sel2 = "";
}
$this->HTML .= "<td valign=top class={$class}><div class={$class}> {$sel1}" . $row[$j] . "{$sel2} </div></td>";
}
}
$this->HTML .= "</tr>\n";
$i++;
}
$i--;
}
$this->HTML = preg_replace("/<a href=\"(mailto:)? [^\n]*title=\" \"><\\/a>/", ' ', $this->HTML);
$this->HTML = preg_replace("/<a [^>]*>( )*<\\/a>/", ' ', $this->HTML);
$this->HTML = preg_replace("/<%%.*%%>/U", ' ', $this->HTML);
if ($this->ShowRecordSlots) {
for ($j = $i + 1; $j < $FirstRecord + $this->RecordsPerPage; $j++) {
$this->HTML .= "\n\t<tr><td colspan=" . ($FieldCountTV + 1) . "><div class=TableBody> </div></td></tr>";
}
}
// end of data
$this->HTML .= '<!-- tv data above -->';
if ($Print_x == "") {
$pagesMenu = '';
if ($RecordCount > $this->RecordsPerPage) {
$pagesMenu = "<td align=center><div class=TableFooter>" . $Translation['go to page'] . " <select onChange=\"{$resetSelection} document.myform.NoDV.value=1; document.myform.FirstRecord.value=(this.value*" . $this->RecordsPerPage . "+1); document.myform.submit();\">";
for ($page = 0; $page < ceil($RecordCount / $this->RecordsPerPage); $page++) {
$pagesMenu .= "<option value=\"{$page}\" " . ($FirstRecord == $page * $this->RecordsPerPage + 1 ? 'selected' : '') . ">" . ($page + 1) . "</option>";
}
$pagesMenu .= '</select></div></td>';
}
$totalWidth = array_sum($this->ColWidth);
$totalWidth = $totalWidth > 750 ? 750 : '100%';
$this->HTML .= "\n\t<tr><td colspan=" . ($FieldCountTV + 1) . "><table width=100%><tr class=TableFooter><td align=left><input onClick=\"{$resetSelection} document.myform.NoDV.value=1;\" type=image name=Previous src=previousPage.gif></td><td align=center><div class=TableFooter>" . $Translation["records x to y of z"] . "</div></td>{$pagesMenu}<td align=right><input onClick=\"{$resetSelection} document.myform.NoDV.value=1;\" type=image name=Next src=nextPage.gif></td></tr></table></td></tr>";
} else {
$this->HTML .= "\n\t<tr><td colspan=" . ($FieldCountTV + 1) . "><nobr><div class=TableFooter>" . $Translation["records x to y of z"] . "</div></nobr></td></tr>";
}
$this->HTML = str_replace("<FirstRecord>", $FirstRecord, $this->HTML);
$this->HTML = str_replace("<LastRecord>", $i, $this->HTML);
$this->HTML = str_replace("<RecordCount>", $RecordCount, $this->HTML);
$tvShown = true;
}
// hidden variables ....
$this->HTML .= "<input name=SortField value='{$SortField}' type=hidden>";
$this->HTML .= "<input name=SelectedID value=\"{$SelectedID}\" type=hidden>";
$this->HTML .= "<input name=SelectedField value=\"\" type=hidden>";
$this->HTML .= "<input name=SortDirection type=hidden value='{$SortDirection}'>";
$this->HTML .= "<input name=FirstRecord type=hidden value='{$FirstRecord}'>";
$this->HTML .= "<input name=NoDV type=hidden value=''>";
if ($this->QuickSearch && !strpos($this->HTML, 'SearchString')) {
$this->HTML .= '<input name="SearchString" type="hidden" value="' . htmlspecialchars($SearchString, ENT_QUOTES) . '">';
}
// hidden variables: filters ...
$FiltersCode = '';
for ($i = 1; $i <= 20 * $FiltersPerGroup; $i++) {
// Number of filters allowed
if ($i % $FiltersPerGroup == 1 && $i != 1 && $FilterAnd[$i] != "") {
$FiltersCode .= "<input name=\"FilterAnd[{$i}]\" value=\"{$FilterAnd[$i]}\" type=\"hidden\">\n";
}
if ($FilterField[$i] != '' && $FilterOperator[$i] != '' && ($FilterValue[$i] != '' || strstr($FilterOperator[$i], 'Empty'))) {
if (!strstr($FiltersCode, "<input name=\"FilterAnd[{$i}]\" value=")) {
$FiltersCode .= "<input name=\"FilterAnd[{$i}]\" value=\"{$FilterAnd[$i]}\" type=\"hidden\">\n";
}
$FiltersCode .= "<input name=\"FilterField[{$i}]\" value=\"{$FilterField[$i]}\" type=\"hidden\">\n";
$FiltersCode .= "<input name=\"FilterOperator[{$i}]\" value=\"{$FilterOperator[$i]}\" type=\"hidden\">\n";
$FiltersCode .= "<input name=\"FilterValue[{$i}]\" value=\"" . htmlspecialchars($FilterValue[$i], ENT_QUOTES) . "\" type=\"hidden\">\n";
}
}
$this->HTML .= $FiltersCode;
// display details form ...
if (($this->AllowSelection || $this->AllowInsert || $this->AllowUpdate || $this->AllowDelete) && $Print_x == '' && !$PrintDV) {
if ($this->SeparateDV && $this->HideTableView || !$this->SeparateDV) {
$dvCode = call_user_func($this->TableName . '_form', $SelectedID, $this->AllowUpdate, $this->HideTableView && $SelectedID ? 0 : $this->AllowInsert, $this->AllowDelete, $this->SeparateDV);
$this->HTML .= "\n\t<tr><td colspan=" . ($FieldCountTV + 2) . ">{$dvCode}</td></tr>";
$this->HTML .= $this->SeparateDV ? "<input name=SearchString value='" . htmlspecialchars($SearchString, ENT_QUOTES) . "' type=hidden>" : "";
if ($dvCode) {
$this->ContentType = 'detailview';
$dvShown = true;
}
}
}
// display multiple printable detail views
if ($PrintDV) {
$dvCode = '';
$_POST['dvprint_x'] = 1;
// hidden vars
$this->HTML .= '<input type="hidden" name="Print_x" value="1">' . "\n";
$this->HTML .= '<input type="hidden" name="PrintTV" value="1">' . "\n";
// count selected records
$selectedRecords = 0;
foreach ($_POST as $n => $v) {
if (strpos($n, 'select_') === 0) {
$id = str_replace('select_', '', $n);
$selectedRecords++;
$this->HTML .= '<input type="hidden" name="select_' . $id . '" value="1">' . "\n";
}
}
if ($selectedRecords <= 100) {
// if records selected > 100 don't show DV preview to avoid db performance issues.
foreach ($_POST as $n => $v) {
if (strpos($n, 'select_') === 0) {
$id = str_replace('select_', '', $n);
$dvCode .= call_user_func($this->TableName . '_form', $id, 0, 0, 0, 1);
}
}
if ($dvCode != '') {
$dvCode = preg_replace('/<input .*?type="?image"?.*?>/', '', $dvCode);
$this->HTML .= "\n" . '<div class="TableBodySelected displayOnly">' . '<input class="print-button" type="submit" value="' . $Translation['Cancel Printing'] . '">' . '<input class="print-button" type="button" id="sendToPrinter" value="' . $Translation['Print'] . '" onClick="window.print();">' . '</div>' . "\n";
$this->HTML .= $dvCode;
}
} else {
$this->HTML .= '<div class="Error">' . $Translation['Maximum records allowed to enable this feature is'] . ' 100.</div>';
$this->HTML .= '<input type="submit" class="print-button" value="' . $Translation['Print Preview Table View'] . '">';
}
}
$this->HTML .= "</table>\n";
if ($this->AllowPrintingMultiSelection && $Print_x != '') {
$this->HTML .= "<script>function toggleAllRecords(){ var s=\$('toggleAll').checked; {$toggleAllScript} if(s) countSelected={$RecordCount}; else countSelected=0; }</script>\n";
}
$this->HTML .= "</form></center>";
if ($dvShown && $tvShown) {
$this->ContentType = 'tableview+detailview';
}
if ($dvprint_x != '') {
$this->ContentType = 'print-detailview';
}
if ($Print_x != '') {
$this->ContentType = 'print-tableview';
}
//mysql_close();
// Das ist Alles!
}
}
if ($userid) {
$result = select_query("tblclients", "id", array("id" => $userid));
$data = mysql_fetch_array($result);
if (!$data['id']) {
$apiresults = array("result" => "error", "message" => "Client ID Not Found");
return null;
}
}
if ($invoiceid = (int) $_POST['invoiceid']) {
$query = "SELECT * FROM tblinvoices WHERE id='" . $invoiceid . "'";
$result = full_query($query);
$data = mysql_fetch_array($result);
if (!$data['id']) {
$apiresults = array("result" => "error", "message" => "Invoice ID Not Found");
return null;
}
}
if (!$paymentmethod) {
$apiresults = array("result" => "error", "message" => "Payment Method is required");
return null;
}
addTransaction($userid, $currencyid, $description, $amountin, $fees, $amountout, $paymentmethod, $transid, $invoiceid, $date, "", $rate);
if ($userid && $credit) {
if ($transid) {
$description .= " (Trans ID: " . $transid . ")";
}
insert_query("tblcredit", array("clientid" => $userid, "date" => toMySQLDate($date), "description" => $description, "amount" => $amountin));
update_query("tblclients", array("credit" => "+=" . $amountin), array("id" => (int) $userid));
}
$apiresults = array("result" => "success");
private function buildCriteria($criteria)
{
$filters = array();
if ($criteria['clientid']) {
$filters[] = "userid=" . (int) $criteria['clientid'];
}
if ($criteria['clientname']) {
$filters[] = "concat(firstname,' ',lastname) LIKE '%" . db_escape_string($criteria['clientname']) . "%'";
}
if ($criteria['invoicenum']) {
$filters[] = "(tblinvoices.id='" . db_escape_string($criteria['invoicenum']) . "' OR tblinvoices.invoicenum='" . db_escape_string($criteria['invoicenum']) . "')";
}
if ($criteria['lineitem']) {
$filters[] = "tblinvoices.id IN (SELECT invoiceid FROM tblinvoiceitems WHERE description LIKE '%" . db_escape_string($criteria['lineitem']) . "%')";
}
if ($criteria['paymentmethod']) {
$filters[] = "tblinvoices.paymentmethod='" . db_escape_string($criteria['paymentmethod']) . "'";
}
if ($criteria['invoicedate']) {
$filters[] = "tblinvoices.date='" . toMySQLDate($criteria['invoicedate']) . "'";
}
if ($criteria['duedate']) {
$filters[] = "tblinvoices.duedate='" . toMySQLDate($criteria['duedate']) . "'";
}
if ($criteria['datepaid']) {
$filters[] = "tblinvoices.datepaid>='" . toMySQLDate($criteria['datepaid']) . "' AND tblinvoices.datepaid<='" . toMySQLDate($criteria['datepaid']) . "235959'";
}
if ($criteria['totalfrom']) {
$filters[] = "tblinvoices.total>='" . db_escape_string($criteria['totalfrom']) . "'";
}
if ($criteria['totalto']) {
$filters[] = "tblinvoices.total<='" . db_escape_string($criteria['totalto']) . "'";
}
if ($criteria['status']) {
if ($criteria['status'] == "Overdue") {
$filters[] = "tblinvoices.status='Unpaid' AND tblinvoices.duedate<'" . date("Ymd") . "'";
} else {
$filters[] = "tblinvoices.status='" . db_escape_string($criteria['status']) . "'";
}
}
return $filters;
}
function convertQuotetoInvoice($id, $invoicetype, $invoiceduedate, $depositpercent, $depositduedate, $finalduedate, $sendemail)
{
global $CONFIG;
global $_LANG;
$result = select_query("tblquotes", "", array("id" => $id));
$data = mysql_fetch_array($result);
$userid = $data['userid'];
$firstname = $data['firstname'];
$lastname = $data['lastname'];
$companyname = $data['companyname'];
$email = $data['email'];
$address1 = $data['address1'];
$address2 = $data['address2'];
$city = $data['city'];
$state = $data['state'];
$postcode = $data['postcode'];
$country = $data['country'];
$phonenumber = $data['phonenumber'];
$currency = $data['currency'];
if ($userid) {
getUsersLang($userid);
$clientsdetails = getClientsDetails($userid);
$state = $clientsdetails['state'];
$country = $clientsdetails['country'];
} else {
if (!function_exists("addClient")) {
require ROOTDIR . "/clientfunctions.php";
}
$_SESSION['currency'] = $currency;
$userid = addClient($firstname, $lastname, $companyname, $email, $address1, $address2, $city, $state, $postcode, $country, $phonenumber, substr(md5($id), 0, 10), 0, "", "on");
}
if ($CONFIG['TaxEnabled'] == "on") {
$taxlevel1 = getTaxRate(1, $state, $country);
$taxlevel2 = getTaxRate(2, $state, $country);
$taxrate = $taxlevel1['rate'];
$taxrate2 = $taxlevel2['rate'];
}
$subtotal = $data['subtotal'];
$tax1 = $data['tax1'];
$tax2 = $data['tax2'];
$total = $data['total'];
$result = select_query("tblpaymentgateways", "gateway", array("setting" => "name"), "order", "ASC");
$data = mysql_fetch_array($result);
$gateway = $data['gateway'];
$duedate = $finaldate = "";
if ($invoicetype == "deposit") {
if ($depositduedate) {
$duedate = toMySQLDate($depositduedate);
}
$finaldate = $finalduedate ? toMySQLDate($finalduedate) : date("Y-m-d");
} else {
if ($invoiceduedate) {
$duedate = toMySQLDate($invoiceduedate);
}
}
if (!$duedate) {
$duedate = date("Y-m-d");
}
$invoiceid = insert_query("tblinvoices", array("date" => "now()", "duedate" => $duedate, "userid" => $userid, "status" => "Unpaid", "paymentmethod" => $gateway, "taxrate" => $taxrate, "taxrate2" => $taxrate2, "subtotal" => $subtotal, "tax" => $tax1, "tax2" => $tax2, "total" => $total, "notes" => $_LANG['quoteref'] . $id));
if ($finaldate) {
$finalinvoiceid = insert_query("tblinvoices", array("date" => "now()", "duedate" => $finaldate, "userid" => $userid, "status" => "Unpaid", "paymentmethod" => $gateway, "taxrate" => $taxrate, "taxrate2" => $taxrate2, "subtotal" => $subtotal, "tax" => $tax1, "tax2" => $tax2, "total" => $total, "notes" => $_LANG['quoteref'] . $id));
}
$result = select_query("tblquoteitems", "", array("quoteid" => $id), "id", "ASC");
while ($data = mysql_fetch_array($result)) {
$line_id = $data['id'];
$line_desc = $data['description'];
$line_qty = $data['quantity'];
$line_unitprice = $data['unitprice'];
$line_discount = $data['discount'];
$line_taxable = $data['taxable'];
$line_total = format_as_currency($line_qty * $line_unitprice * (1 - $line_discount / 100));
$lineitemdesc = "" . $line_qty . " x " . $line_desc . " @ " . $line_unitprice;
if (0 < $line_discount) {
$lineitemdesc .= " - " . $line_discount . "% " . $_LANG['orderdiscount'];
}
if ($finalinvoiceid) {
$originalamount = $line_total;
$line_total = $originalamount * ($depositpercent / 100);
$final_amount = $originalamount - $line_total;
insert_query("tblinvoiceitems", array("invoiceid" => $finalinvoiceid, "userid" => $userid, "description" => $lineitemdesc . " (" . (100 - $depositpercent) . "% " . $_LANG['quotefinalpayment'] . ")", "amount" => $final_amount, "taxed" => $line_taxable));
$lineitemdesc .= " (" . $depositpercent . "% " . $_LANG['quotedeposit'] . ")";
}
insert_query("tblinvoiceitems", array("invoiceid" => $invoiceid, "userid" => $userid, "description" => $lineitemdesc, "amount" => $line_total, "taxed" => $line_taxable));
}
if (!function_exists("updateInvoiceTotal")) {
require ROOTDIR . "/includes/invoicefunctions.php";
}
updateInvoiceTotal($invoiceid);
if ($finalinvoiceid) {
updateInvoiceTotal($finalinvoiceid);
}
run_hook("InvoiceCreationPreEmail", array("invoiceid" => $invoiceid));
if ($finalinvoiceid) {
run_hook("InvoiceCreationPreEmail", array("invoiceid" => $finalinvoiceid));
}
if ($sendemail) {
sendMessage("Invoice Created", $invoiceid);
if ($finalinvoiceid) {
sendMessage("Invoice Created", $finalinvoiceid);
}
}
run_hook("InvoiceCreated", array("invoiceid" => $invoiceid));
if ($finalinvoiceid) {
run_hook("InvoiceCreated", array("invoiceid" => $finalinvoiceid));
}
if (1 < $CONFIG['InvoiceIncrement']) {
$invoiceincrement = $CONFIG['InvoiceIncrement'] - 1;
$counter = 1;
while ($counter <= $invoiceincrement) {
$tempinvoiceid = insert_query("tblinvoices", array("date" => "now()"));
delete_query("tblinvoices", array("id" => $tempinvoiceid));
$counter += 1;
}
}
update_query("tblquotes", array("userid" => $userid, "stage" => "Accepted"), array("id" => $id));
return $invoiceid;
}
$tbl->addRow(array("<input type=\"checkbox\" name=\"selectedinvoices[]\" value=\"" . $invoice['id'] . "\" class=\"checkall\">", $linkopen . $invoice['invoicenum'] . $linkclose, $invoice['clientname'], $invoice['date'], $invoice['duedate'], "<a href=\"invoices.php?action=invtooltip&id=" . $invoice['id'] . "&userid=" . $invoice['userid'] . generate_token("link") . "\" class=\"invtooltip\" lang=\"\">" . $invoice['totalformatted'] . "</a>", $invoice['paymentmethod'], $invoice['statusformatted'], $linkopen . "<img src=\"images/edit.gif\" width=\"16\" height=\"16\" border=\"0\" alt=\"Edit\">" . $linkclose, "<a href=\"#\" onClick=\"doDelete('" . $invoice['id'] . "');return false\"><img src=\"images/delete.gif\" width=\"16\" height=\"16\" border=\"0\" alt=\"Delete\"></a>"));
}
$tbl->setMassActionBtns("<input type=\"submit\" value=\"" . $aInt->lang("invoices", "markpaid") . "\" class=\"btn-success\" name=\"markpaid\" onclick=\"return confirm('" . $aInt->lang("invoices", "markpaidconfirm", "1") . "')\" /> <input type=\"submit\" value=\"" . $aInt->lang("invoices", "markunpaid") . "\" name=\"markunpaid\" onclick=\"return confirm('" . $aInt->lang("invoices", "markunpaidconfirm", "1") . "')\" /> <input type=\"submit\" value=\"" . $aInt->lang("invoices", "markcancelled") . "\" name=\"markcancelled\" onclick=\"return confirm('" . $aInt->lang("invoices", "markcancelledconfirm", "1") . "')\" /> <input type=\"submit\" value=\"" . $aInt->lang("invoices", "duplicateinvoice") . "\" name=\"duplicateinvoice\" onclick=\"return confirm('" . $aInt->lang("invoices", "duplicateinvoiceconfirm", "1") . "')\" /> <input type=\"submit\" value=\"" . $aInt->lang("invoices", "sendreminder") . "\" name=\"paymentreminder\" onclick=\"return confirm('" . $aInt->lang("invoices", "sendreminderconfirm", "1") . "')\" /> <input type=\"submit\" value=\"" . $aInt->lang("global", "delete") . "\" class=\"btn-danger\" name=\"massdelete\" onclick=\"return confirm('" . $aInt->lang("invoices", "massdeleteconfirm", "1") . "')\" />");
echo $tbl->output();
unset($clientlist);
unset($invoicesModel);
}
} else {
if ($action == "edit") {
$result = select_query("tblinvoices", "userid,paymentmethod", array("id" => $id));
$data = mysql_fetch_array($result);
$userid = $data[0];
$oldpaymentmethod = $data[1];
if ($saveoptions) {
check_token("WHMCS.admin.default");
update_query("tblinvoices", array("date" => toMySQLDate($invoicedate), "duedate" => toMySQLDate($datedue), "paymentmethod" => $paymentmethod, "invoicenum" => $invoicenum, "taxrate" => $taxrate, "taxrate2" => $taxrate2, "status" => $status), array("id" => $id));
updateInvoiceTotal($id);
if ($oldpaymentmethod != $paymentmethod) {
run_hook("InvoiceChangeGateway", array("invoiceid" => $id, "paymentmethod" => $paymentmethod));
}
logActivity("Modified Invoice Options - Invoice ID: " . $id, $userid);
redir("action=edit&id=" . $id);
exit;
}
if ($save == "notes") {
check_token("WHMCS.admin.default");
update_query("tblinvoices", array("notes" => $notes), array("id" => $id));
logActivity("Modified Invoice Notes - Invoice ID: " . $id, $userid);
redir("action=edit&id=" . $id);
exit;
}
function namecheap_ssl_output($vars)
{
if (!empty($_REQUEST['action'])) {
$action = $_REQUEST['action'];
} else {
$action = 'default';
}
global $_LANG;
namecheapssl_initlang();
$view = array('global' => array('mod_url' => '?module=namecheap_ssl', 'module' => 'namecheap_ssl'));
if ('log' == $action) {
// prepare data for actions filters
// actions
$view['filter_action_options'] = array();
$sql = "SELECT DISTINCT action FROM mod_namecheapssl_log";
$r = mysql_query($sql);
if (mysql_numrows($r)) {
while ($row = mysql_fetch_assoc($r)) {
if (!empty($row['action'])) {
$view['filter_action_options'][] = $row['action'];
}
}
}
// detect selected action
if (!empty($_REQUEST['filter_action']) && in_array($_REQUEST['filter_action'], $view['filter_action_options'])) {
$view['filter_action_value'] = $_REQUEST['filter_action'];
} else {
$view['filter_action_value'] = '';
}
//
$view['filter_date_from_value'] = empty($_REQUEST['filter_date_from']) ? '' : $_REQUEST['filter_date_from'];
$view['filter_date_to_value'] = empty($_REQUEST['filter_date_to']) ? '' : $_REQUEST['filter_date_to'];
$view['filter_user_value'] = empty($_REQUEST['filter_user']) ? '' : $_REQUEST['filter_user'];
// prepare query for page items
$iOffset = empty($vars['log_items_per_page']) ? 50 : (int) $vars['log_items_per_page'];
$page = !empty($_REQUEST['page']) ? (int) $_REQUEST['page'] : 1;
$iLimit = $page <= 1 ? 0 : ($page - 1) * $iOffset;
// create WHERE for sql query
$sqlWhereArray = array();
// action value
if (!empty($view['filter_action_value'])) {
$sqlWhereArray[] = sprintf(" action='%s' ", mysql_real_escape_string($view['filter_action_value']));
}
// date from value
if (!empty($view['filter_date_from_value'])) {
$sqlWhereArray[] = sprintf("date>='%s'", toMySQLDate($view['filter_date_from_value']));
}
// date to value
if (!empty($view['filter_date_to_value'])) {
$sqlWhereArray[] = sprintf("date<='%s'", toMySQLDate($view['filter_date_to_value']) . ' 23:59:59');
}
// admin / client filter
if (!empty($view['filter_user_value'])) {
if (false !== strpos($view['filter_user_value'], '@')) {
$sqlWhereArray[] = sprintf("c.email = '%s'", mysql_real_escape_string($view['filter_user_value']));
} else {
$sqlWhereArray[] = sprintf("log.user LIKE '%s%%'", mysql_real_escape_string($view['filter_user_value']));
}
}
if (!empty($sqlWhereArray)) {
$sqlWhere = ' WHERE ' . implode(' AND ', $sqlWhereArray);
} else {
$sqlWhere = '';
}
$sql = "SELECT log.*,c.email FROM mod_namecheapssl_log log LEFT JOIN tblclients AS c ON (log.userid=c.id AND user='******') {$sqlWhere} ORDER BY log.id DESC LIMIT {$iLimit},{$iOffset}";
$view['log_items'] = array();
$r = mysql_query($sql);
if (mysql_numrows($r)) {
while ($row = mysql_fetch_assoc($r)) {
$view['log_items'][] = $row;
}
}
// query for count
$sql = "SELECT COUNT(log.id) FROM mod_namecheapssl_log log LEFT JOIN tblclients AS c ON (log.userid=c.id AND user='******') {$sqlWhere}";
$r = mysql_query($sql);
$row = mysql_fetch_array($r);
$iCountOfLogItems = array_shift($row);
$iCountOfPages = (int) ceil($iCountOfLogItems / $iOffset);
$view['log_items_count'] = $iCountOfLogItems;
$view['log_items_count_of_pages'] = $iCountOfPages;
$view['log_items_current_page'] = $page <= 1 ? 1 : $page;
} else {
if ('sync' == $action) {
if (!empty($_REQUEST['hostingid'])) {
$view['hostingid'] = (int) $_REQUEST['hostingid'];
// search product
$r = mysql_query('SELECT orderid, tblhosting.domain, tblproducts.name AS productname FROM tblhosting JOIN tblproducts ON tblhosting.packageid=tblproducts.id WHERE tblhosting.id=' . (int) $_REQUEST['hostingid']);
$row = mysql_fetch_assoc($r);
// check san certificate
// get config options
$certHasSanOption = false;
$r = mysql_query('SELECT tblproductconfigoptions.optionname FROM tblproductconfigoptions JOIN tblhostingconfigoptions ON (tblhostingconfigoptions.configid=tblproductconfigoptions.id) WHERE tblhostingconfigoptions.relid=' . (int) $_REQUEST['hostingid']);
$optionNames = array();
while (false !== ($optionsRow = mysql_fetch_assoc($r))) {
$optionNames[] = $optionsRow['optionname'];
if ('san' == substr($optionsRow['optionname'], 0, 3)) {
$certHasSanOption = true;
}
}
$view['cert_has_san_option'] = $certHasSanOption;
if (false == $row || $certHasSanOption) {
$view['found'] = false;
} else {
// select nc remote id
$r = mysql_query('SELECT * FROM tblsslorders WHERE serviceid=' . (int) $_REQUEST['hostingid']);
$ssl_order = mysql_fetch_array($r);
if (false == $ssl_order) {
$view['found'] = false;
} else {
$view['found'] = true;
$view['hosting'] = array('hostingid' => $_REQUEST['hostingid'], 'orderid' => $row['orderid'], 'domain' => $row['domain'], 'productname' => $row['productname'], 'ssl_order_remoteid' => $ssl_order['remoteid'], 'ssl_order_certtype' => $ssl_order['certtype'], 'ssl_order_id' => $ssl_order['id']);
if (isset($_REQUEST['message']) && 'updated' == $_REQUEST['message']) {
$view['updated'] = true;
} else {
$view['updated'] = false;
}
// final level verification
// assign remote id
if (!empty($_POST['remoteid']) && !empty($_POST['ssl_order_id'])) {
// two mysql queries
// update whmcs native table
mysql_query('UPDATE tblsslorders SET remoteid=' . (int) $_POST['remoteid'] . ' WHERE id=' . $_POST['ssl_order_id']);
// update custom module table
mysql_query('UPDATE mod_namecheapssl SET certificate_id=' . (int) $_POST['remoteid'] . ' WHERE id=' . $_POST['ssl_order_id']);
// redirect
$query_string = '?module=namecheap_ssl&action=sync&hostingid=' . $_REQUEST['hostingid'] . '&message=updated';
namecheapssl_log('addon.sync', 'addon_updated_remoteid', array($ssl_order['remoteid'], $_POST['remoteid']), $ssl_order['serviceid']);
header('Location: ' . $query_string);
exit;
}
}
}
} else {
$view['hostingid'] = '';
}
} else {
if ('list' == $action) {
$users = array();
// production certs
$query = "SELECT DISTINCT configoption1 AS user, configoption2 AS password, 'production' AS acc FROM tblproducts WHERE configoption9='' AND configoption1!='' AND configoption2!='' AND servertype='namecheapssl'";
$r = mysql_query($query);
while (false !== ($row = mysql_fetch_assoc($r))) {
$view['userlist'][] = array('user' => $row['user'], 'acc' => 'production');
$users['production'][$row['user']] = $row;
}
// sandbox users
$query = "SELECT DISTINCT configoption3 AS user, configoption4 AS password, 'sandbox' AS acc FROM tblproducts WHERE configoption9='on' AND configoption3!='' AND configoption4!='' AND servertype='namecheapssl'";
$r = mysql_query($query);
while (false !== ($row = mysql_fetch_assoc($r))) {
$view['userlist'][] = array('user' => $row['user'], 'acc' => 'sandbox');
$users['sandbox'][$row['user']] = $row;
}
if (!empty($_REQUEST['user']) && !empty($_REQUEST['acc'])) {
if ('sandbox' != $_REQUEST['acc'] && 'production' != $_REQUEST['acc']) {
echo 'unknown user';
exit;
}
if (!empty($users[$_REQUEST['acc']][$_REQUEST['user']])) {
$user = $users[$_REQUEST['acc']][$_REQUEST['user']]['user'];
$password = $users[$_REQUEST['acc']][$_REQUEST['user']]['password'];
} else {
echo 'unknown user';
exit;
}
$view['user'] = array('user' => $user, 'acc' => $_REQUEST['acc']);
$itemsOnPage = 20;
$page = empty($_REQUEST['page']) ? 1 : $_REQUEST['page'];
$view['current_page'] = $page;
$requestParams = array("Page" => $page, "PageSize" => $itemsOnPage);
$api = new NamecheapApi($user, $password, $_REQUEST['acc'] == 'sandbox');
try {
$response = $api->request("namecheap.ssl.getList", $requestParams);
$result = $api->parseResponse($response);
if (!empty($result['SSLListResult']['SSL'])) {
$items = array();
foreach ($result['SSLListResult']['SSL'] as $k => $item) {
// get whmcs product
$items[$k]['namecheap'] = $item['@attributes'];
$query = sprintf("SELECT serviceid,status FROM tblsslorders WHERE module='namecheapssl' AND remoteid='%s'", $item['@attributes']['CertificateID']);
$r = mysql_query($query);
if (mysql_num_rows($r)) {
$items[$k]['whmcs'] = mysql_fetch_assoc($r);
}
}
$view['items'] = $items;
}
$view['pages'] = array();
for ($i = 1; $i <= ceil($result['Paging']['TotalItems'] / $itemsOnPage); ++$i) {
$view['pages'][] = $i;
}
} catch (Exception $e) {
var_dump($e->getMessage());
exit;
$view['globals']['error'] = $e->getMessage();
}
}
} else {
if ('settings' == $action) {
// message
$view['message'] = '';
if (!empty($_REQUEST['message']) && 'updated' == $_REQUEST['message']) {
$view['message'] = $_LANG['ncssl_addon_changes_saved_success'];
}
// prepare information for view
$view['settings'] = NcSql::sql2set_keyval("SELECT name,value FROM mod_namecheapssl_settings");
$view['control_options'] = array('sync_date_offset' => array(0 => '0', 5 => '5', 15 => '15', 30 => '30'));
// process incoming data
if (isset($_REQUEST['settings'])) {
foreach ($_REQUEST['settings'] as $name => $value) {
NcSql::q(sprintf("DELETE FROM mod_namecheapssl_settings WHERE name='%s'", NcSql::e($name)));
NcSql::q(sprintf("INSERT INTO mod_namecheapssl_settings SET name='%s', value='%s'", NcSql::e($name), NcSql::e($value)));
}
// redirect
$query_string = '?module=namecheap_ssl&action=settings&message=updated';
namecheapssl_log('addon.settings', 'addon_updated_settings');
header('Location: ' . $query_string);
exit;
}
} else {
$action = 'default';
}
}
}
}
$view['global']['mod_action_url'] = $view['global']['mod_url'] . '&action=' . $action;
$view['global']['action'] = $action;
include dirname(__FILE__) . '/templates/' . $action . '.php';
}
redir("userid=" . $userid);
exit;
}
if ($sub == "remove") {
checkPermission("Manage Credits");
check_token("WHMCS.admin.default");
insert_query("tblcredit", array("clientid" => $userid, "date" => toMySQLDate($date), "description" => $description, "amount" => 0 - $amount));
update_query("tblclients", array("credit" => "-=" . $amount), array("id" => (int) $userid));
logActivity("Removed Credit - User ID: " . $userid . " - Amount: " . formatCurrency($amount), $userid);
redir("userid=" . $userid);
exit;
}
if ($sub == "save") {
checkPermission("Manage Credits");
check_token("WHMCS.admin.default");
update_query("tblcredit", array("date" => toMySQLDate($date), "description" => $description, "amount" => $amount), array("id" => $id));
logActivity("Edited Credit - Credit ID: " . $id . " - User ID: " . $userid, $userid);
redir("userid=" . $userid);
exit;
}
if ($sub == "delete") {
checkPermission("Manage Credits");
check_token("WHMCS.admin.default");
$result = select_query("tblcredit", "", array("id" => $ide));
$data = mysql_fetch_array($result);
$amount = $data['amount'];
$creditbalance = $creditbalance - $amount;
if ($creditbalance < 0) {
$creditbalance = 0;
}
update_query("tblclients", array("credit" => $creditbalance), array("id" => (int) $userid));
} else {
addTransaction($userid, 0, $description, $amountin, $fees, $amountout, $paymentmethod, $transid, $invoiceid, $date);
}
if ($addcredit) {
if ($transid) {
$description .= " (Trans ID: " . $transid . ")";
}
insert_query("tblcredit", array("clientid" => $userid, "date" => toMySQLDate($date), "description" => $description, "amount" => $amountin));
update_query("tblclients", array("credit" => "+=" . $amountin), array("id" => (int) $userid));
}
redir("userid=" . $userid);
exit;
}
if ($sub == "save") {
check_token("WHMCS.admin.default");
update_query("tblaccounts", array("gateway" => $paymentmethod, "date" => toMySQLDate($date), "description" => $description, "amountin" => $amountin, "fees" => $fees, "amountout" => $amountout, "transid" => $transid, "invoiceid" => $invoiceid), array("id" => $id));
logActivity("Modified Transaction (User ID: " . $userid . " - Transaction ID: " . $id . ")");
redir("userid=" . $userid);
exit;
}
if ($sub == "delete") {
check_token("WHMCS.admin.default");
checkPermission("Delete Transaction");
delete_query("tblaccounts", array("id" => $ide));
logActivity("Deleted Transaction (ID: " . $ide . " - User ID: " . $userid . ")");
redir("userid=" . $userid);
exit;
}
ob_start();
if ($action == "") {
$aInt->deleteJSConfirm("doDelete", "transactions", "deletesure", "clientstransactions.php?userid=" . $userid . "&sub=delete&ide=");
<?php
if (!defined("WHMCS")) {
die("This file cannot be accessed directly");
}
$reportdata["title"] = "Credits Reviewer";
$reportdata["description"] = "This report allows you to review all the credits issued to clients between 2 dates you specify";
$reportdata["headertext"] = '<form method="post" action="' . $PHP_SELF . '?report=' . $report . '">
<p align="center">Start Date: <input type="text" name="startdate" value="' . $startdate . '" class="datepick" /> End Date: <input type="text" name="enddate" value="' . $enddate . '" class="datepick" /> <input type="submit" value="Generate Report"></p>
</form>';
$reportdata["tableheadings"] = array("Credit ID", "Client Name", "Date", "Description", "Amount");
if ($startdate && $enddate) {
$query = "SELECT tblcredit.*,tblclients.firstname,tblclients.lastname FROM tblcredit INNER JOIN tblclients ON tblclients.id=tblcredit.clientid WHERE tblcredit.date BETWEEN '" . toMySQLDate($startdate) . "' AND '" . toMySQLDate($enddate) . "'";
$result = mysql_query($query);
while ($data = mysql_fetch_array($result)) {
$id = $data["id"];
$userid = $data["clientid"];
$clientname = $data["firstname"] . " " . $data["lastname"];
$date = fromMySQLDate($data["date"]);
$description = $data["description"];
$amount = $data["amount"];
$currency = getCurrency($userid);
$amount = formatCurrency($amount);
$reportdata["tablevalues"][] = array($id, '<a href="clientssummary.php?userid=' . $userid . '">' . $clientname . '</a>', $date, nl2br($description), $amount);
}
}
$data["footertext"] = '';
<?php
if (!defined("WHMCS")) {
die("This file cannot be accessed directly");
}
$reportdata["title"] = "Ticket Tags Overview";
$reportdata["description"] = "This report provides an overview of ticket tags assigned to tickets for a given date range";
if (!$fromdate) {
$fromdate = fromMySQLDate(date("Y-m-d", mktime(0, 0, 0, date("m") - 1, date("d"), date("Y"))));
}
if (!$todate) {
$todate = getTodaysDate();
}
$reportdata["headertext"] = "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?report={$report}\"><center>Start Date: <input type=\"text\" name=\"fromdate\" value=\"{$fromdate}\" class=\"datepick\" /> End Date: <input type=\"text\" name=\"todate\" value=\"{$todate}\" class=\"datepick\" /> <input type=\"submit\" value=\"Generate Report\" /></form>";
$reportdata["tableheadings"][] = "Tag";
$reportdata["tableheadings"][] = "Count";
$result = full_query("SELECT `tag`, COUNT(*) AS `count` FROM `tbltickettags` INNER JOIN tbltickets ON tbltickets.id=tbltickettags.ticketid WHERE tbltickets.date>='" . toMySQLDate($fromdate) . " 00:00:00' AND tbltickets.date<='" . toMySQLDate($todate) . " 23:59:59' GROUP BY tbltickettags.tag ORDER BY `count` DESC");
while ($data = mysql_fetch_array($result)) {
$tag = $data[0];
$count = $data[1];
$reportdata["tablevalues"][] = array($tag, $count);
$chartdata['rows'][] = array('c' => array(array('v' => $tag), array('v' => (int) $count, 'f' => $count)));
}
$chartdata['cols'][] = array('label' => 'Tag', 'type' => 'string');
$chartdata['cols'][] = array('label' => 'Count', 'type' => 'number');
$args = array();
$args['legendpos'] = 'right';
$reportdata["headertext"] .= $chart->drawChart('Pie', $chartdata, $args, '300px');
if ($action == "deletereferral") {
check_token("WHMCS.admin.default");
delete_query("tblaffiliatesaccounts", array("id" => $affaccid));
redir("action=edit&id=" . $id);
exit;
}
if ($action == "deletewithdrawal") {
check_token("WHMCS.admin.default");
delete_query("tblaffiliateswithdrawals", array("id" => $wid));
redir("action=edit&id=" . $id);
exit;
}
if ($action == "addcomm") {
check_token("WHMCS.admin.default");
$amount = format_as_currency($amount);
insert_query("tblaffiliateshistory", array("affiliateid" => $id, "date" => toMySQLDate($date), "affaccid" => $refid, "description" => $description, "amount" => $amount));
update_query("tblaffiliates", array("balance" => "+=" . $amount), array("id" => (int) $id));
redir("action=edit&id=" . $id);
exit;
}
if ($action == "withdraw") {
check_token("WHMCS.admin.default");
insert_query("tblaffiliateswithdrawals", array("affiliateid" => $id, "date" => "now()", "amount" => $amount));
update_query("tblaffiliates", array("balance" => "-=" . $amount, "withdrawn" => "+=" . $amount), array("id" => (int) $id));
if ($payouttype == "1") {
$result = select_query("tblaffiliates", "", array("id" => (int) $id));
$data = mysql_fetch_array($result);
$id = (int) $data['id'];
$clientid = (int) $data['clientid'];
addTransaction($clientid, "", "Affiliate Commissions Withdrawal Payout", "0", "0", $amount, $paymentmethod, $transid);
} else {
function update_entry($data, $can_edit = false, $needs_lock = true)
{
global $mySQLi, $posts, $post_meta, $viewColumns, $appt_types;
$out['success'] = false;
$lock_check = NULL;
if ($can_edit === false) {
$can_edit = can_edit($data);
}
if ($can_edit === true && $needs_lock == true) {
$lock_check = check_lock($data);
}
if ($can_edit === false) {
$out['error'] = 'You have insufficient access to edit this record';
} else {
if ($needs_lock == true && $lock_check !== NULL && $lock_check['locked'] == false) {
if (isset($lock_check['lock_error'])) {
$out['error'] = 'A problem was encountered while checking your right to update this record:<br />';
$out['lock_error'] = $lock_check['error'];
} else {
$out['error'] = $lock_check['locked_by'] . ' has this record locked since ' . $lock_check['locked_since'] . '. Please make note of your desired changes and try again later.';
}
} else {
$post_id = $data['id'];
$user_id = $data['user_id'];
unset($data['action']);
unset($data['access_level']);
unset($data['id']);
unset($data['user_id']);
$currSQL = "SELECT * FROM `{$posts}` WHERE `id`='{$post_id}'";
$currRow = $mySQLi->get_results($currSQL);
if ($currRow == false || $mySQLi->error != '') {
$out['error'] == 'Error ' . $mySQLi->error_num . ': ' . $mySQLi->error;
$out['currSQL'] = $currSQL;
} else {
$orig = $currRow[0];
unset($orig['id']);
unset($orig['updated']);
$orig['parent'] = $post_id;
$orig['type'] = 'revision';
$flds = array_keys($orig);
$buSQL = "INSERT INTO `{$posts}` (" . implode(',', $flds) . ") VALUES ('" . implode("','", $orig) . "');";
$out['buSQL'] = $buSQL;
$backup = $mySQLi->add_row($buSQL);
if ($mySQLi->error == '') {
// be sure to set the parent, so it points to the original post
$backupID = $mySQLi->insert_id;
$out['backup_id'] = $backupID;
// if we're updating the status, we don't want to touch these fields
$fldUpdate = array_key_exists('status', $data) ? "status='" . $data['status'] . "'" : '';
if (array_key_exists('provider', $data)) {
$data['provider'] = get_user_name($data['provider']);
$data['appointment_type'] = $data['appt_type'];
$data['appointment_date'] = toMySQLDate($data['appt_date']);
foreach ($data as $key => $value) {
if (array_key_exists($key, $viewColumns)) {
$fldUpdate .= ($fldUpdate == '' ? '' : ',') . "{$key}='{$value}'";
}
}
// loop through all fields
}
// end if found provider field data
if ($fldUpdate != '') {
$fldUpdate .= ",updated=CURRENT_TIMESTAMP";
$updateSQL = "UPDATE `{$posts}` SET {$fldUpdate} WHERE `{$posts}`.`id`='{$post_id}';";
$out['updateSQL'] = $updateSQL;
$updateRow = $mySQLi->update_row($updateSQL);
if ($mySQLi->error != '') {
$out['error'] = 'Error ' . $mySQLi->error_num . ': ' . $mySQLi->error;
} else {
$out['success'] = true;
$meta_results = update_post_meta($user_id, $post_id, $backupID);
if (is_array($meta_results)) {
$out = array_merge($out, $meta_results);
}
}
// end if no error in query
} else {
$out['error'] = 'Could not update current record';
$out['data'] = $data;
$out['view_columns'] = $viewColumns;
}
// end if field updates have been initialized
} else {
$out['sql'] = $buSQL;
$out['error'] = 'Error ' . $mySQLi->error_num . ': ' . $mySQLi->error;
}
// end if last SQL query had an error
}
// end if we found requested record to update
}
}
// end if can_edit
return $out;
}
while ($data = mysql_fetch_array($result2)) {
$invoiceid = $data[0];
$description .= "<a href=\"invoices.php?action=edit&id={$invoiceid}\" target=\"_blank\">#{$invoiceid}</a>, ";
}
$description = substr($description, 0, -2);
} else {
$description = $description;
if ($invoiceid) {
$description .= " - <a href=\"invoices.php?action=edit&id={$invoiceid}\" target=\"_blank\">#{$invoiceid}</a>";
}
}
$statement[str_replace('-', '', $date) . "_" . $count] = array("Transaction", $date, $description, $amountin, $amountout);
$count++;
}
}
$datefrom = $datefrom ? str_replace('-', '', toMySQLDate($datefrom)) : '';
$dateto = $dateto ? str_replace('-', '', toMySQLDate($dateto)) : '';
$reportdata["tableheadings"] = array("Type", "Date", "Description", "Credits", "Debits", "Balance");
ksort($statement);
foreach ($statement as $date => $entry) {
$date = substr($date, 0, 8);
if ($date <= $dateto or !$dateto) {
$totalcredits += $entry[3];
$totaldebits -= $entry[4];
$balance += $entry[3] - $entry[4];
}
if ($date >= $datefrom and $date <= $dateto or !$dateto) {
$reportdata["tablevalues"][] = array($entry[0], fromMySQLDate($entry[1]), $entry[2], formatCurrency($entry[3]), formatCurrency($entry[4]), formatCurrency($balance));
}
}
$reportdata["tablevalues"][] = array('#efefef', '', '', '<b>Ending Balance</b>', '<b>' . formatCurrency($totalcredits) . '</b>', '<b>' . formatCurrency($totaldebits) . '</b>', '<b>' . formatCurrency($balance) . '</b>');
if ($user == $username) {
echo " selected";
}
echo ">" . $user . "</option>";
}
echo "</select></td><td>";
echo $aInt->lang("fields", "ipaddress");
echo ": <input type=\"text\" name=\"ipaddress\" value=\"";
echo $ipaddress;
echo "\" size=\"20\"></td><td><input type=\"submit\" value=\"";
echo $aInt->lang("system", "filterlog");
echo "\" /></td></tr></table></div>\n</form>\n\n<br />\n\n";
$aInt->sortableTableInit("date");
$where = "userid='" . (int) $userid . "' AND ";
if ($date) {
$where .= "date>'" . toMySQLDate($date) . "' AND date<='" . toMySQLDate($date) . "235959' AND ";
}
if ($username) {
$where .= "user='******' AND ";
}
if ($description) {
$where .= "description LIKE '%" . db_escape_string($description) . "%' AND ";
}
if ($ipaddress) {
$where .= " ipaddr='" . db_escape_string($ipaddress) . "' AND ";
}
if ($where) {
$where = substr($where, 0, 0 - 5);
}
$result = select_query("tblactivitylog", "COUNT(*)", $where, "id", "DESC");
$data = mysql_fetch_array($result);
define("ADMINAREA", true);
require "../init.php";
$aInt = new WHMCS_Admin("Manage Announcements");
$aInt->title = $aInt->lang("support", "announcements");
$aInt->sidebar = "support";
$aInt->icon = "announcements";
if ($sub == "delete") {
check_token("WHMCS.admin.default");
delete_query("tblannouncements", array("id" => $id));
delete_query("tblannouncements", array("parentid" => $id));
logActivity("Deleted Announcement (ID: " . $id . ")");
redir();
}
if ($sub == "save") {
check_token("WHMCS.admin.default");
$date = toMySQLDate($date);
if ($id) {
update_query("tblannouncements", array("date" => $date, "title" => html_entity_decode($title), "announcement" => html_entity_decode($announcement), "published" => $published), array("id" => $id));
logActivity("Modified Announcement (ID: " . $id . ")");
run_hook("AnnouncementEdit", array("announcementid" => $id, "date" => $date, "title" => $title, "announcement" => $announcement, "published" => $published));
} else {
$id = insert_query("tblannouncements", array("date" => $date, "title" => html_entity_decode($title), "announcement" => html_entity_decode($announcement), "published" => $published));
logActivity("Added New Announcement (" . $title . ")");
run_hook("AnnouncementAdd", array("announcementid" => $id, "date" => $date, "title" => $title, "announcement" => $announcement, "published" => $published));
}
foreach ($multilang_title as $language => $title) {
delete_query("tblannouncements", array("parentid" => $id, "language" => $language));
if ($title) {
insert_query("tblannouncements", array("parentid" => $id, "title" => html_entity_decode($title), "announcement" => html_entity_decode($multilang_announcement[$language]), "language" => $language));
continue;
}
} else {
if ($fieldname == "regdate" || $fieldname == "nextduedate" || $fieldname == "overidesuspenduntil") {
$newval = toMySQLDate($newval);
} else {
if ($fieldname == "password") {
$newval = encrypt($newval);
} else {
if ($fieldname == "amount" && 0 <= $newamount) {
$newval = $newamount;
}
}
}
}
$updatearr[$fieldname] = $newval;
}
if (toMySQLDate($whmcs->get_req_var("oldnextduedate")) != $updatearr['nextduedate']) {
$updatearr['nextinvoicedate'] = $updatearr['nextduedate'];
}
update_query("tblhosting", $updatearr, array("id" => $id));
logActivity("Modified Product/Service - " . implode(", ", $changelog) . (" - User ID: " . $userid . " - Service ID: " . $id), $userid);
$cancelid = get_query_val("tblcancelrequests", "id", array("relid" => $id, "type" => "End of Billing Period"), "id", "DESC");
if ($autoterminateendcycle) {
if ($cancelid) {
update_query("tblcancelrequests", array("reason" => $autoterminatereason), array("id" => $cancelid));
} else {
createCancellationRequest($userid, $id, $autoterminatereason, "End of Billing Period");
}
} else {
if ($cancelid) {
delete_query("tblcancelrequests", array("id" => $cancelid));
logActivity("Removed Automatic Cancellation for End of Current Cycle - Service ID: " . $id, $userid);
$filters[] = "(tblinvoices.id='" . db_escape_string($invoicenumber) . "' OR tblinvoices.invoicenum='" . db_escape_string($invoicenumber) . "')";
}
if ($lineitem = $filt->get("lineitem")) {
$filters[] = "tblinvoices.id IN (SELECT invoiceid FROM tblinvoiceitems WHERE userid=" . (int) $userid . " AND description LIKE '%" . db_escape_string($lineitem) . "%')";
}
if ($paymentmethod = $filt->get("paymentmethod")) {
$filters[] = "tblinvoices.paymentmethod='" . db_escape_string($paymentmethod) . "'";
}
if ($invoicedate = $filt->get("invoicedate")) {
$filters[] = "tblinvoices.date='" . toMySQLDate($invoicedate) . "'";
}
if ($duedate = $filt->get("duedate")) {
$filters[] = "tblinvoices.duedate='" . toMySQLDate($duedate) . "'";
}
if ($datepaid = $filt->get("datepaid")) {
$filters[] = "tblinvoices.datepaid>='" . toMySQLDate($datepaid) . "' AND tblinvoices.datepaid<='" . toMySQLDate($datepaid) . " 23:59:59'";
}
if ($totalfrom = $filt->get("totalfrom")) {
$filters[] = "tblinvoices.total>='" . db_escape_string($totalfrom) . "'";
}
if ($totalto = $filt->get("totalto")) {
$filters[] = "tblinvoices.total<='" . db_escape_string($totalto) . "'";
}
if ($status = $filt->get("status")) {
if ($status == "Overdue") {
$filters[] = "tblinvoices.status='Unpaid' AND tblinvoices.duedate<'" . date("Ymd") . "'";
} else {
$filters[] = "tblinvoices.status='" . db_escape_string($status) . "'";
}
}
$filt->store();
if (!$action) {
$reqperm = "View Billable Items";
} else {
$reqperm = "Manage Billable Items";
}
$aInt = new WHMCS_Admin($reqperm);
$aInt->title = $aInt->lang("billableitems", "title");
$aInt->sidebar = "billing";
$aInt->icon = "billableitems";
$aInt->requiredFiles(array("invoicefunctions", "gatewayfunctions"));
if ($action == "save") {
check_token("WHMCS.admin.default");
if (!$userid) {
$aInt->gracefulExit($aInt->lang("billableitems", "noclientsmsg"));
}
$duedate = toMySQLDate($duedate);
getUsersLang($userid);
if ($id) {
if ($hours != 0) {
if (strpos($description, " " . $_LANG['billableitemshours'] . " @ ")) {
$description = substr($description, 0, strrpos($description, " - ")) . " - " . $hours . " " . $_LANG['billableitemshours'] . " @ " . $amount . "/" . $_LANG['billableitemshour'];
}
$amount = $amount * $hours;
}
update_query("tblbillableitems", array("userid" => $userid, "description" => $description, "hours" => $hours, "amount" => $amount, "recur" => $recur, "recurcycle" => $recurcycle, "recurfor" => $recurfor, "invoiceaction" => $invoiceaction, "duedate" => $duedate, "invoicecount" => $invoicecount), array("id" => $id));
} else {
if ($hours != 0) {
$description .= " - " . $hours . " " . $_LANG['billableitemshours'] . " @ " . $amount . "/" . $_LANG['billableitemshour'];
$amount = $amount * $hours;
}
$id = insert_query("tblbillableitems", array("userid" => $userid, "description" => $description, "hours" => $hours, "amount" => $amount, "recur" => $recur, "recurcycle" => $recurcycle, "recurfor" => $recurfor, "invoiceaction" => $invoiceaction, "duedate" => $duedate));
}
$fieldlist = array();
foreach ($incfields as $fieldname) {
if (array_key_exists($fieldname, $filterfields)) {
$reportdata["tableheadings"][] = $filterfields[$fieldname];
if ($fieldname == "clientname") {
$fieldname = "(SELECT CONCAT(firstname,' ',lastname) FROM tblclients WHERE id=tblaccounts.userid)";
}
$fieldlist[] = $fieldname;
}
}
if (in_array('currency', $incfields) && !in_array('userid', $incfields)) {
$fieldlist[] = 'userid';
}
if ($whmcs->get_req_var('datefrom') && $whmcs->get_req_var('dateto')) {
$filters[] = "date>='" . toMySQLDate($whmcs->get_req_var('datefrom')) . "' AND date<='" . toMySQLDate($whmcs->get_req_var('dateto')) . " 23:59:59'";
}
$result = select_query("tblaccounts", implode(',', $fieldlist), implode(' AND ', $filters), "date", "ASC");
while ($data = mysql_fetch_assoc($result)) {
if (isset($data['currency'])) {
$currency = getCurrency($data['userid'], $data['currency']);
$data['currency'] = $currency['code'];
if (!in_array('userid', $incfields)) {
unset($data['userid']);
}
}
if (isset($data['gateway'])) {
$data['gateway'] = $gateways->getDisplayName($data['gateway']);
}
$reportdata["tablevalues"][] = $data;
}
$id = get_query_val("tbltodolist", "id", array("id" => $itemid));
if (!$itemid) {
$apiresults = array("result" => "error", "message" => "TODO Item ID Not Found");
return null;
}
$adminid = get_query_val("tbladmins", "id", array("id" => $adminid));
if (!$adminid) {
$apiresults = array("result" => "error", "message" => "Admin ID Not Found");
return null;
}
$todoarray = array();
if ($date) {
$todoarray['date'] = toMySQLDate($date);
}
if ($title) {
$todoarray['title'] = $title;
}
if ($description) {
$todoarray['description'] = $description;
}
if ($adminid) {
$todoarray['admin'] = $adminid;
}
if ($status) {
$todoarray['status'] = $status;
}
if ($duedate) {
$todoarray['duedate'] = toMySQLDate($duedate);
}
update_query("tbltodolist", $todoarray, array("id" => $itemid));
$apiresults = array("result" => "success", "itemid" => $itemid);
function paypal_addon_output($vars)
{
global $aInt;
$modulelink = $vars['modulelink'];
$url = "https://api-3t.paypal.com/nvp";
$startdate = trim($_REQUEST['startdate']);
$enddate = trim($_REQUEST['enddate']);
$transid = trim($_REQUEST['transid']);
$email = trim($_REQUEST['email']);
$receiptid = trim($_REQUEST['receiptid']);
$search = trim($_REQUEST['search']);
if (!$startdate) {
$startdate = fromMySQLDate(date("Y-m-d", mktime(0, 0, 0, date("m") - 1, date("d") + 1, date("Y"))));
}
if (!$enddate) {
$enddate = fromMySQLDate(date("Y-m-d", mktime(0, 0, 0, date("m"), date("d") + 1, date("Y"))));
}
echo "<form method=\"post\" action=\"" . $modulelink . "\">\n<input type=\"hidden\" name=\"search\" value=\"true\" />\n<table class=\"form\" width=\"100%\" border=\"0\" cellspacing=\"2\" cellpadding=\"3\">\n<tr><td width=\"20%\" class=\"fieldlabel\">Transaction ID</td><td class=\"fieldarea\"><input type=\"text\" name=\"transid\" size=\"30\" value=\"" . $transid . "\" /></td></tr>\n<tr><td width=\"20%\" class=\"fieldlabel\">Start Date</td><td class=\"fieldarea\"><input type=\"text\" name=\"startdate\" class=\"datepick\" size=\"30\" value=\"" . $startdate . "\" /></td></tr>\n<tr><td width=\"20%\" class=\"fieldlabel\">End Date</td><td class=\"fieldarea\"><input type=\"text\" name=\"enddate\" class=\"datepick\" size=\"30\" value=\"" . $enddate . "\" /></td></tr>\n<tr><td width=\"20%\" class=\"fieldlabel\">Email</td><td class=\"fieldarea\"><input type=\"text\" name=\"email\" size=\"30\" value=\"" . $email . "\" /></td></tr>\n<tr><td width=\"20%\" class=\"fieldlabel\">Receipt ID</td><td class=\"fieldarea\"><input type=\"text\" name=\"receiptid\" size=\"30\" value=\"" . $receiptid . "\" /></td></tr>\n</table>\n<p align=\"center\"><input type=\"submit\" value=\"Search\" /></p>\n</form>";
if (!$search) {
return false;
}
if ($transid) {
$postfields = $resultsarray = array();
$postfields['USER'] = $vars['username'];
$postfields['PWD'] = $vars['password'];
$postfields['SIGNATURE'] = $vars['signature'];
$postfields['METHOD'] = "GetTransactionDetails";
$postfields['TRANSACTIONID'] = $transid;
$postfields['VERSION'] = "3.0";
$result = curlCall($url, $postfields);
$resultsarray2 = explode("&", $result);
foreach ($resultsarray2 as $line) {
$line = explode("=", $line);
$resultsarray[$line[0]] = urldecode($line[1]);
}
$errormessage = $resultsarray['L_LONGMESSAGE0'];
$payerstatus = $resultsarray['PAYERSTATUS'];
$countrycode = $resultsarray['COUNTRYCODE'];
$invoiceid = $resultsarray['INVNUM'];
$timestamp = $resultsarray['TIMESTAMP'];
$firstname = $resultsarray['FIRSTNAME'];
$lastname = $resultsarray['LASTNAME'];
$email = $resultsarray['EMAIL'];
$transactionid = $resultsarray['TRANSACTIONID'];
$transactiontype = $resultsarray['TRANSACTIONTYPE'];
$paymenttype = $resultsarray['PAYMENTTYPE'];
$ordertime = $resultsarray['ORDERTIME'];
$amount = $resultsarray['AMT'];
$fee = $resultsarray['FEEAMT'];
$paymentstatus = $resultsarray['PAYMENTSTATUS'];
$description = $resultsarray['L_NAME0'];
$currencycode = $resultsarray['L_CURRENCYCODE0'];
$exchrate = $resultsarray['EXCHANGERATE'];
$settleamt = $resultsarray['SETTLEAMT'];
if ($errormessage) {
echo "<p><b>PayPal API Error Message</b></p><p>" . $errormessage . "</p>";
return null;
}
echo "<p><b>PayPal Transaction Details</b></p>\n\n<table class=\"form\" width=\"100%\" border=\"0\" cellspacing=\"2\" cellpadding=\"3\">\n<tr><td width=\"20%\" class=\"fieldlabel\">Transaction ID</td><td class=\"fieldarea\">" . $transactionid . "</td></tr>\n<tr><td class=\"fieldlabel\">Date/Time</td><td class=\"fieldarea\">" . fromMySQLDate($ordertime, true) . "</td></tr>\n<tr><td class=\"fieldlabel\">Transaction Type</td><td class=\"fieldarea\">" . $transactiontype . "</td></tr>\n<tr><td class=\"fieldlabel\">Payment Type</td><td class=\"fieldarea\">" . $paymenttype . "</td></tr>\n<tr><td class=\"fieldlabel\">Name</td><td class=\"fieldarea\">" . $firstname . " " . $lastname . "</td></tr>\n<tr><td class=\"fieldlabel\">Email</td><td class=\"fieldarea\">" . $email . "</td></tr>\n<tr><td class=\"fieldlabel\">Description</td><td class=\"fieldarea\">" . $description . "</td></tr>\n<tr><td class=\"fieldlabel\">Amount</td><td class=\"fieldarea\">" . $amount . "</td></tr>\n<tr><td class=\"fieldlabel\">PayPal Fee</td><td class=\"fieldarea\">" . $fee . "</td></tr>\n<tr><td class=\"fieldlabel\">Currency</td><td class=\"fieldarea\">" . $currencycode . "</td></tr>";
if ($exchrate) {
echo "\n<tr><td class=\"fieldlabel\">Exchange Rate</td><td class=\"fieldarea\">" . $exchrate . " (" . $settleamt . ")</td></tr>";
}
echo "\n<tr><td class=\"fieldlabel\">Payer Status</td><td class=\"fieldarea\">" . ucfirst($payerstatus) . "</td></tr>\n<tr><td class=\"fieldlabel\">PayPal Status</td><td class=\"fieldarea\">" . $paymentstatus . "</td></tr>\n</table>";
if (!$invoiceid) {
$invoiceid = explode("#", $description);
$invoiceid = (int) $invoiceid[1];
}
$result = select_query("tblinvoices", "tblinvoices.id,tblinvoices.status,tblinvoices.userid,tblclients.firstname,tblclients.lastname", array("tblinvoices.id" => $invoiceid), "", "", "", "tblclients ON tblclients.id=tblinvoices.userid");
$data = mysql_fetch_array($result);
$whmcs_invoiceid = $data['id'];
$whmcs_status = $data['status'];
$whmcs_userid = $data['userid'];
$whmcs_firstname = $data['firstname'];
$whmcs_lastname = $data['lastname'];
if (!$whmcs_invoiceid) {
$whmcs_status = "No Matching Invoice Found";
}
echo "<p><b>WHMCS Invoice Lookup</b></p>\n\n<table class=\"form\" width=\"100%\" border=\"0\" cellspacing=\"2\" cellpadding=\"3\">\n<tr><td width=\"20%\" class=\"fieldlabel\">Invoice ID</td><td class=\"fieldarea\"><a href=\"invoices.php?action=edit&id=" . $whmcs_invoiceid . "\">" . $whmcs_invoiceid . "</a></td></tr>\n<tr><td class=\"fieldlabel\">Invoice Status</td><td class=\"fieldarea\">" . $whmcs_status . "</td></tr>\n<tr><td class=\"fieldlabel\">Client Name</td><td class=\"fieldarea\"><a href=\"clientssummary.php?userid=" . $whmcs_userid . "\">" . $whmcs_firstname . " " . $whmcs_lastname . "</a></td></tr>\n</table>";
$result = select_query("tblaccounts", "", array("transid" => $transactionid));
$data = mysql_fetch_array($result);
$whmcstransid = $data['id'];
$date = $data['date'];
$invoiceid = $data['invoiceid'];
$amountin = $data['amountin'];
$fees = $data['fees'];
$result = select_query("tblinvoices", "", array("id" => $invoiceid));
$data = mysql_fetch_array($result);
$status = $data['status'];
if ($invoiceid) {
$date = fromMySQLDate($date);
$invoiceid = "<a href=\"invoices.php?action=edit&id=" . $invoiceid . "\">" . $invoiceid . "</a>";
} else {
$invoiceid = "No Matching Transaction Found";
}
echo "<p><b>WHMCS Transaction Lookup</b></p>\n\n<table class=\"form\" width=\"100%\" border=\"0\" cellspacing=\"2\" cellpadding=\"3\">\n<tr><td width=\"20%\" class=\"fieldlabel\">Date</td><td class=\"fieldarea\">" . $date . "</td></tr>\n<tr><td class=\"fieldlabel\">Invoice ID</td><td class=\"fieldarea\">" . $invoiceid . "</td></tr>\n<tr><td class=\"fieldlabel\">Amount</td><td class=\"fieldarea\">" . $amountin . "</td></tr>\n<tr><td class=\"fieldlabel\">Invoice Status</td><td class=\"fieldarea\">" . $status . "</td></tr>\n</table>";
return null;
}
if ($startdate) {
$startdate = date("c", strtotime(toMySQLDate($startdate))) . "<br>";
$enddate = date("c", strtotime(toMySQLDate($enddate))) . "<br>";
$postfields = $resultsarray = array();
$postfields['USER'] = $vars['username'];
$postfields['PWD'] = $vars['password'];
$postfields['SIGNATURE'] = $vars['signature'];
$postfields['METHOD'] = "TransactionSearch";
if ($startdate) {
$postfields['STARTDATE'] = $startdate;
}
if ($enddate) {
$postfields['ENDDATE'] = $enddate;
}
if ($email) {
$postfields['EMAIL'] = $email;
}
if ($receiptid) {
$postfields['RECEIPTID'] = $receiptid;
}
$postfields['VERSION'] = "51.0";
$result = curlCall($url, $postfields);
$resultsarray2 = explode("&", $result);
foreach ($resultsarray2 as $line) {
$line = explode("=", $line);
$resultsarray[$line[0]] = urldecode($line[1]);
}
if (!empty($resultsarray['L_ERRORCODE0']) && $resultsarray['L_ERRORCODE0'] != "11002") {
echo "<p><b>PayPal API Error Message</b></p><p>" . $resultsarray['L_SEVERITYCODE0'] . " Code: " . $resultsarray['L_ERRORCODE0'] . " - " . $resultsarray['L_SHORTMESSAGE0'] . " - " . $resultsarray['L_LONGMESSAGE0'] . "</p>";
return null;
}
if ($resultsarray['L_ERRORCODE0'] == "11002") {
global $infobox;
infoBox("Search Results Truncated", "There were more than 100 matching transactions for the selected criteria. Please make your search parameters more specific to see all results");
echo $infobox;
}
$aInt->sortableTableInit("nopagination");
$i = 0;
while ($i < 100) {
if ($resultsarray["L_TYPE" . $i] == "Payment" && !empty($resultsarray["L_EMAIL" . $i])) {
$data = get_query_vals("tblaccounts", "tblclients.id AS userid, tblclients.firstname,tblclients.lastname,tblclients.companyname,tblaccounts.invoiceid,tblinvoices.total,tblinvoices.status", array("transid" => $resultsarray["L_TRANSACTIONID" . $i]), "", "", "", " tblclients ON tblclients.id = tblaccounts.userid INNER JOIN tblinvoices ON tblinvoices.id = tblaccounts.invoiceid");
$tabledata[] = $testarray = array("clientname" => $data['invoiceid'] ? $data['companyname'] ? "<a href=\"clientssummary.php?userid=" . $data['userid'] . "\">" . $data['firstname'] . " " . $data['lastname'] . " (" . $data['companyname'] . ")</a>" : "<a href=\"clientssummary.php?userid=" . $data['userid'] . "\">" . $data['firstname'] . " " . $data['lastname'] . "</a>" : "Trans ID Not Found in WHMCS", "transid" => "<a href=\"addonmodules.php?module=paypal_addon&search=1&transid=" . $resultsarray["L_TRANSACTIONID" . $i] . "\">" . $resultsarray["L_TRANSACTIONID" . $i] . "<a/>", "datetime" => fromMySQLDate($resultsarray["L_TIMESTAMP" . $i], true), "name" => $resultsarray["L_NAME" . $i], "email" => $resultsarray["L_EMAIL" . $i], "amt" => $resultsarray["L_NETAMT" . $i], "fee" => $resultsarray["L_FEEAMT" . $i], "curcode" => $resultsarray["L_CURRENCYCODE" . $i], "status" => $resultsarray["L_STATUS" . $i], "invoiceid" => $data['invoiceid'] ? "<a href=\"invoices.php?action=edit&id=" . $data['invoiceid'] . "\">" . $data['invoiceid'] . "</a>" : "-", "invoiceamt" => $data['invoiceid'] ? $data['total'] : "-", "invoicestatus" => $data['invoiceid'] ? $data['status'] : "-");
}
++$i;
}
echo $aInt->sortableTable(array("Client Name", "Transaction ID", "Date/Time", " Payer Name", "Payer Email", "Amount", "Fee", "Currency Code", "Transaction Status", "Invoice ID", "Invoice Amount", "Invoice Status"), $tabledata);
return null;
}
global $infobox;
infoBox("Start Date Required", "You must enter a start and end date to search between");
echo $infobox;
}