$alertmessage = "The title was left empty.";
$page = "blog_edit";
$action = "add";
$proj_id = $_POST[blog_proj];
} else {
// This determines the page to show once the form submission has been successful
$page = "blog_view";
// Begin to clean up the $_POST submissions
$blog_id = CleanUp($_POST[blog_id]);
$blog_user = CleanUp($_POST[blog_user]);
$blog_date = CleanUp($_POST[blog_date]);
$blog_proj = CleanUp($_POST[blog_proj]);
$blog_text = addslashes($_POST[blog_text]);
$blog_view = CleanUp($_POST[blog_view]);
$blog_title = CleanUp($_POST[blog_title]);
$blog_type = CleanUp($_POST[blog_type]);
$blog_contact = CleanNumber($_POST[blog_contact]);
$blog_link = CleanUp($_POST[blog_link]);
$blog_task = CleanUp($_POST[blog_task]);
$blog_date_minute = CleanNumber($_POST[blog_date_minute]);
$blog_date_hour = CleanNumber($_POST[blog_date_hour]);
$blog_date_day = CleanNumber($_POST[blog_date_day]);
$blog_date_month = CleanNumber($_POST[blog_date_month]);
$blog_date_year = CleanNumber($_POST[blog_date_year]);
$blog_date = mktime($blog_date_hour, $blog_date_minute, 0, $blog_date_month, $blog_date_day, $blog_date_year);
// Construct the MySQL instruction to add these entries to the database
$sql_add = "UPDATE intranet_projects_blog SET\nblog_user = '******',\nblog_date = '{$blog_date}',\nblog_proj = '{$blog_proj}',\nblog_text = '{$blog_text}',\nblog_view = '{$blog_view}',\nblog_title = '{$blog_title}',\nblog_type = '{$blog_type}',\nblog_contact = '{$blog_contact}',\nblog_link = '{$blog_link}',\nblog_task = '{$blog_task}'\nWHERE blog_id = '{$blog_id}' LIMIT 1\n";
$result = mysql_query($sql_add, $conn) or die(mysql_error());
$actionmessage = "The blog entry was edited successfully.";
$techmessage = $sql_add;
}
$ts_datum_length = $array['ts_datum_length'];
echo "<h1>Edit Fee Stage</h1>";
// echo "<p class=\"menu_bar\">Menu goes here</p>";
echo "<input type=\"hidden\" name=\"ts_fee_id\" value=\"{$ts_fee_id}\" />";
} else {
$ts_fee_stage = CleanNumber($_POST[ts_fee_stage]);
$ts_fee_text = CleanUp($_POST[ts_fee_text]);
$ts_fee_value = CleanUp($_POST[ts_fee_value]);
if ($_POST[ts_fee_project]) {
$ts_fee_project = CleanUp($_POST[ts_fee_project]);
} elseif ($_GET[proj_id]) {
$ts_fee_project = CleanUp($_GET[proj_id]);
}
$ts_fee_percentage = CleanNumber($_POST[ts_fee_percentage]);
$ts_fee_prospect = CleanNumber($_POST[ts_fee_prospect]);
$ts_fee_target = CleanNumber($_POST[ts_fee_target]);
$ts_fee_comment = CleanUp($_POST[ts_fee_comment]);
$ts_fee_commence = CleanUp($_POST[ts_fee_commence]);
if ($_GET[proj_id] != NULL) {
$proj_id_page = $_GET[proj_id];
}
echo "<h1>Add Fee Stage</h1>";
}
echo "<form action=\"index2.php?page=project_fees\" method=\"post\">";
// Begin the invoice entry system
$nowtime = time();
if ($ts_fee_time_begin_day > 0) {
$nowtime_day = $ts_fee_time_begin_day;
$thentime_day = $ts_fee_time_end_day;
} else {
$nowtime_day = date("d", $nowtime);
$invoice_date_month = CleanNumber($_POST[invoice_date_month]);
$invoice_date_year = CleanNumber($_POST[invoice_date_year]);
$invoice_due_day = CleanNumber($_POST[invoice_due_day]);
$invoice_due_month = CleanNumber($_POST[invoice_due_month]);
$invoice_due_year = CleanNumber($_POST[invoice_due_year]);
$invoice_paid_day = CleanNumber($_POST[invoice_paid_day]);
$invoice_paid_month = CleanNumber($_POST[invoice_paid_month]);
$invoice_paid_year = CleanNumber($_POST[invoice_paid_year]);
$invoice_project = $_POST[invoice_project];
$invoice_ref = CleanUp($_POST[invoice_ref]);
$invoice_notes = CleanUp($_POST[invoice_notes]);
$invoice_text = CleanUp($_POST[invoice_text]);
$invoice_account = CleanNumber($_POST[invoice_account]);
$invoice_baddebt = CleanUp($_POST[invoice_baddebt]);
$invoice_client = CleanNumber($_POST[invoice_client]);
$invoice_purchase_order = CleanNumber($_POST[invoice_purchase_order]);
$proj_id = $invoice_project;
// Check the date input
if (checkdate($invoice_date_month, $invoice_date_day, $invoice_date_year) != TRUE) {
$alertmessage = "The date entered is invalid.";
$page = "timesheet_invoice_edit";
} elseif (checkdate($invoice_due_month, $invoice_due_day, $invoice_due_year) != TRUE and $_POST[invoice_due_type] == "manual") {
$alertmessage = "The date entered is invalid.";
$page = "timesheet_invoice_edit";
} elseif ($invoice_paid < $invoice_date) {
$alertmessage = "The paid date is before the issue date of the invoice.";
$page = "timesheet_invoice_edit";
} elseif ($invoice_ref == "") {
$alertmessage = "The invoice reference was left empty.";
$page = "timesheet_invoice_edit";
} else {
function GetProjectInfo($proj_id)
{
if ($proj_id != NULL) {
global $conn;
$sql = "SELECT proj_num, proj_name FROM intranet_projects WHERE proj_id = {$proj_id}";
$result = mysql_query($sql, $conn) or die(mysql_error());
$array = mysql_fetch_array($result);
$proj_num = $array['proj_num'];
$proj_name = $array['proj_name'];
$proj_title = $proj_num . " " . $proj_name;
echo "<a href=\"index2.php?page=project_view&proj_id={$proj_id}\">" . $proj_title . "</a>";
}
}
// Check if we're updating the current fee stage
if ($_POST[fee_stage_current] > 0) {
$fee_stage_current = CleanNumber($_POST[fee_stage_current]);
$sql_update = "UPDATE intranet_projects SET proj_riba = '{$fee_stage_current}' WHERE proj_id = '{$proj_id}' LIMIT 1";
$result_update = mysql_query($sql_update, $conn) or die(mysql_error());
}
// Item Sub Menu
echo "<p class=\"submenu_bar\">";
if ($user_usertype_current > 3 or $user_id_current == $proj_rep_black) {
echo "<a href=\"index2.php?page=project_edit&status=edit&proj_id={$proj_id}\" class=\"submenu_bar\">Edit</a>";
}
if ($user_usertype_current > 2) {
echo "<a href=\"index2.php?page=project_hourlyrates_view&proj_id={$proj_id}\" class=\"submenu_bar\">Hourly Rates</a>";
echo "<a href=\"index2.php?page=project_timesheet_view&proj_id={$proj_id}\" class=\"submenu_bar\">Expenditure</a>";
echo "<a href=\"index2.php?page=timesheet_fees_edit&proj_id={$proj_id}\" class=\"submenu_bar\">Add Fee Stage</a>";
}
echo "</p>";
echo "<h2>Fee Stages</h2>";
}
}
if ($_POST[drawing_number_4] == NULL) {
$drawing_number_4 = FindDrawing4($_POST, $drawing_number_3);
} else {
$drawing_number_4 = CleanUp($_POST[drawing_number_4]);
}
$drawing_project = CleanUp($_POST[drawing_project]);
$drawing_author = $_POST[drawing_author];
$drawing_scale = CleanNumber($_POST[drawing_scale]);
$drawing_paper = $_POST[drawing_paper];
$drawing_orientation = CleanUp($_POST[drawing_orientation]);
$drawing_title = CleanUp($_POST[drawing_title]);
$drawing_date_day = CleanNumber($_POST[drawing_date_day]);
$drawing_date_month = CleanNumber($_POST[drawing_date_month]);
$drawing_date_year = CleanNumber($_POST[drawing_date_year]);
$drawing_checked = CleanUp($_POST[drawing_checked]);
$drawing_package_list = $_POST[drawing_package_list];
$drawing_total_packages = $_POST[drawing_total_packages];
$drawing_targetdate = $_POST[drawing_targetdate];
$drawing_comment = CleanUp($_POST[drawing_comment]);
$counter = 0;
while ($counter < $drawing_total_packages) {
if ($drawing_package_list[$counter] != NULL) {
$drawing_packages = $drawing_package_list[$counter] . "," . $drawing_packages;
}
$counter++;
}
if ($drawing_number == NULL) {
$drawing_number = $drawing_number_1 . "-" . $drawing_number_2;
if ($drawing_number_3 != NULL) {
<?php
if ($_GET[month] == NULL) {
$month = date("n", time());
} else {
$month = CleanNumber($_GET[month]);
}
if ($_GET[year] == NULL) {
$year = date("Y", time());
} else {
$year = CleanNumber($_GET[year]);
}
if ($_GET[type] != NULL) {
$type = $_GET[type];
} else {
$type = "date";
}
function DateTitle($month, $year)
{
$input = mktime(12, 0, 0, $month, 15, $year);
$input = date("F Y", $input);
return $input;
}
$month_next = $month + 1;
if ($month_next > 12) {
$month_next = 1;
$year_next = $year + 1;
} else {
$year_next = $year;
}
$year_before = $year - 1;
} else {
$current_vat = $settings_vat / 100 + 1;
}
$ts_expense_vat = $ts_expense_value;
$ts_expense_value = 1 / $current_vat * $ts_expense_value;
} else {
$ts_expense_vat = $ts_expense_value;
}
$ts_expense_vat = round($ts_expense_vat, 2);
$ts_expense_desc = CleanUp($_POST[ts_expense_desc]);
$ts_expense_verified = 0;
$ts_expense_invoiced = $_POST[ts_expense_invoiced];
$ts_expense_receipt = $_POST[ts_expense_receipt];
$ts_expense_reimburse = $_POST[ts_expense_reimburse];
$ts_expense_notes = CleanUp($_POST[ts_expense_notes]);
$ts_expense_category = CleanNumber($_POST[ts_expense_category]);
// Check the date input
if (checkdate($ts_expense_month, $ts_expense_day, $ts_expense_year) != TRUE) {
$alertmessage = "The date entered is invalid.";
$page_redirect = "timesheet_expense_edit";
} elseif ($_POST[ts_expense_desc] == "") {
$alertmessage = "The description was left empty.";
$page_redirect = "timesheet_expense_edit";
} elseif ($_POST[ts_expense_value] == "") {
$alertmessage = "The expenses value was left empty.";
$page_redirect = "timesheet_expense_edit";
} else {
// Convert the date to a time
$ts_expense_date = mktime(12, 0, 0, $ts_expense_month, $ts_expense_day, $ts_expense_year);
// Construct the MySQL instruction to add these entries to the database
if ($ts_expense_id > 0) {
echo "<p><strong>All Dates?</strong><br />Yes<input type=\"radio\" name=\"time_all\" value=\"yes\" checked=\"checked\" /> Dates as follows:<input type=\"radio\" name=\"time_all\" value=\"no\" /></p>";
print "<p>Date Begin<br />Day <input type=\"text\" name=\"then_day\" value=\"{$then_day}\" size=\"4\" /> Month <input type=\"text\" name=\"then_month\" value=\"{$then_month}\" size=\"4\" /> Year <input type=\"text\" name=\"then_year\" value=\"{$then_year}\" size=\"4\" /></p>";
if ($_GET[now_day] == NULL) {
$now_day = date("j", time());
} else {
$now_day = CleanNumber($_GET[now_day]);
}
if ($_GET[now_month] == NULL) {
$now_month = date("n", time());
} else {
$now_month = CleanNumber($_GET[now_month]);
}
if ($_GET[now_year] == NULL) {
$now_year = date("Y", time());
} else {
$now_year = CleanNumber($_GET[now_year]);
}
print "<p>Date End<br />Day <input type=\"text\" name=\"now_day\" value=\"{$now_day}\" size=\"4\" /> Month <input type=\"text\" name=\"now_month\" value=\"{$now_month}\" size=\"4\" /> Year <input type=\"text\" name=\"now_year\" value=\"{$now_year}\" size=\"4\" /></p>";
echo "<p><strong>Include P11d Items?</strong><br />Yes<input type=\"radio\" name=\"include_p11d\" value=\"yes\" checked=\"checked\" /> No<input type=\"radio\" name=\"include_p11d\" value=\"no\" /> Both<input type=\"radio\" name=\"include_p11d\" value=\"both\" /></p>";
print "<p><input type=\"submit\" /></p>";
print "</form>";
print "</fieldset>";
print "<fieldset><legend>Verify or View P11d Items</legend>";
function MonthRow($user)
{
$current_year = date("Y", time());
$year_start = $current_year - 4;
$year_now = $year_start;
while ($year_now <= $current_year) {
$year_next = $year_now + 1;
echo "<td><a href=\"csv_expense_user.php?user={$user}&year={$year_now}\">{$year_now} - {$year_next}</a></td>";
<?php
$ts_expense_id = CleanNumber($_GET[ts_expense_id]);
if ($ts_expense_id == NULL && $user_usertype_current < 3) {
$page_redirect = "timesheet_expense_list";
$alertmessage = "The expense item you tried to delete does not exist.";
} else {
$nowtime = TimeFormat(time()) . " by user " . $_COOKIE[user];
$sql_edit = "UPDATE intranet_timesheet_expense SET\n\t\tts_expense_project = NULL,\n\t\tts_expense_value = NULL,\n\t\tts_expense_date = '{$_POST['ts_expense_date']}',\n\t\tts_expense_desc = '- Deleted -',\n\t\tts_expense_user = '******'ts_expense_user']}',\n\t\tts_expense_vat = NULL,\n\t\tts_expense_receipt = NULL,\n\t\tts_expense_invoiced = NULL,\n\t\tts_expense_reimburse = NULL,\n\t\tts_expense_notes = 'Deleted {$nowtime}',\n\t\tts_expense_category = NULL,\n\t\tts_expense_disbursement = NULL,\n\t\tts_expense_p11d = NULL,\n\t\tts_expense_verified = NULL\n\t\tWHERE ts_expense_id = {$ts_expense_id} LIMIT 1";
$result = mysql_query($sql_edit, $conn) or die(mysql_error());
$actionmessage = "Expense <strong>{$ts_expense_id}</strong> deleted successfully.";
//echo $sql_edit;
}
<?php
// First, identify if we're adding or editing
if ($_GET[contact_proj_id] > 0) {
$contact_proj_id = CleanNumber($_GET[contact_proj_id]);
$sql_check = "SELECT contact_proj_contact, contact_proj_role, contact_proj_note, contact_proj_company FROM intranet_contacts_project WHERE contact_proj_id = '{$contact_proj_id}' LIMIT 1 ";
$result_check = mysql_query($sql_check, $conn) or die(mysql_error());
$array_check = mysql_fetch_array($result_check);
$contact_proj_contact = $array_check['contact_proj_contact'];
$contact_proj_role = $array_check['contact_proj_role'];
$contact_proj_note = $array_check['contact_proj_note'];
$contact_proj_company = $array_check['contact_proj_company'];
$contact_id = $array_check['contact_proj_contact'];
// work out the CURRENT company to see if the contact has changed
$sql_check_previous = "SELECT contact_company FROM contacts_contactlist WHERE contact_id = '{$contact_id}' LIMIT 1 ";
$result_check_previous = mysql_query($sql_check_previous, $conn) or die(mysql_error());
$array_check_previous = mysql_fetch_array($result_check_previous);
$contact_company_previous = $array_check_previous['contact_company'];
echo "<h2>Edit Project Contacts</h2>";
echo "<form method=\"post\" action=\"index2.php?page=project_contacts&proj_id={$_GET['proj_id']}\">";
} else {
echo "<h2>Add Project Contacts</h2>";
echo "<form method=\"post\" action=\"index2.php?page=project_view&proj_id={$_GET['proj_id']}&status=edit&show=contacts\">";
}
echo "<table><tr><td colspan=\"2\">Contact Name</td></tr>";
$sql_contact = "SELECT contact_id, contact_namefirst, contact_namesecond, contact_company, company_name, company_postcode, company_id FROM contacts_contactlist LEFT JOIN contacts_companylist ON contacts_contactlist.contact_company = contacts_companylist.company_id ORDER BY contact_namesecond, contact_namefirst";
$result_contact = mysql_query($sql_contact, $conn) or die(mysql_error());
echo "<tr><td colspan=\"2\"><select name=\"contact_proj_contact\">";
while ($array_contact = mysql_fetch_array($result_contact)) {
$contact_id = $array_contact['contact_id'];
$company_id = $array_contact['company_id'];
$ts_fee_commence = $_POST[ts_fee_commence];
$ts_fee_prospect = $_POST[ts_fee_prospect];
$ts_fee_proj_change = $_POST[ts_fee_proj_change];
if ($ts_fee_commence == 0) {
$ts_fee_commence = BeginWeek(time());
}
$choose = CleanNumber($_POST[choose]);
if ($choose == "value") {
$ts_fee_value = CleanNumber($_POST[ts_fee_value]);
$ts_fee_percentage = "";
} else {
$ts_fee_percentage = CleanNumber($_POST[ts_fee_percentage]);
$ts_fee_value = "";
}
$ts_fee_duration = CleanNumber($_POST[ts_fee_duration]);
$ts_fee_pre = CleanNumber($_POST[ts_fee_pre]);
$ts_fee_pre_lag = 604800 * $_POST[ts_fee_pre_lag];
$ts_fee_duration = $ts_fee_duration * 604800;
// Calculate the revised date of commencement if previous stage provided
if ($ts_fee_pre > 0) {
$sql_pre = "SELECT ts_fee_commence, ts_fee_time_end FROM intranet_timesheet_fees WHERE ts_fee_id = {$ts_fee_pre} LIMIT 1";
$result_pre = mysql_query($sql_pre, $conn) or die(mysql_error());
$array_pre = mysql_fetch_array($result_pre);
$stage_length = $array_pre['ts_fee_time_end'];
$stage_start = AssessDays($array_pre['ts_fee_commence']);
$delay = $ts_fee_pre_lag;
$ts_fee_commence = $stage_start + $stage_length + $delay;
$ts_fee_commence = date("Y-n-j", $ts_fee_commence);
}
// Now update any fee stages directly linked to this one
if ($ts_fee_id > 0) {
}
print "<h2>Edit Mileage Claim</h2>";
print "<form action=\"index2.php?page=timesheet_expense_view&ts_expense_id={$ts_expense_id}\" method=\"post\">";
} else {
$ts_expense_project = CleanNumber($_POST[ts_expense_project]);
$ts_expense_value = NumberFormat($_POST[ts_expense_value]);
$ts_expense_date = CleanNumber($_POST[ts_expense_date]);
$ts_expense_desc = CleanUp($_POST[ts_expense_desc]);
$ts_expense_user = CleanNumber($_POST[ts_expense_user]);
$ts_expense_verified = $_POST[ts_expense_verified];
$ts_expense_vat = $_POST[ts_expense_vat];
$ts_expense_invoiced = $_POST[ts_expense_invoiced];
$ts_expense_receipt = $_POST[ts_expense_receipt];
$expense_date_day = CleanNumber($_POST[ts_expense_day]);
$expense_date_month = CleanNumber($_POST[ts_expense_month]);
$expense_date_year = CleanNumber($_POST[ts_expense_year]);
if ($_GET[proj_id] != NULL) {
$proj_id_page = $_GET[proj_id];
}
print "<h2>Add Mileage Claim</h2>";
print "<form action=\"index2.php?page=timesheet_expense_view\" method=\"post\">";
}
print "<input type=\"hidden\" name=\"ts_expense_id\" value=\"{$ts_expense_id}\" />";
// Begin the invoice entry system
$nowtime = time();
if ($expense_date_day > 0) {
$nowtime_day = $expense_date_day;
} else {
$nowtime_day = date("d", $nowtime);
}
if ($expense_date_month > 0) {
<?php
if ($_GET[company_id] > 0) {
$company_id = CleanNumber($_GET[company_id]);
} elseif ($company_id_added > 0) {
$company_id = $company_id_added;
} else {
$company_id = 0;
}
if ($company_id == NULL) {
header("location:index2.php");
}
$sql_company = "SELECT * FROM contacts_companylist WHERE company_id = '{$company_id}' LIMIT 1";
$result_company = mysql_query($sql_company, $conn) or die(mysql_error());
$array_company = mysql_fetch_array($result_company);
$company_id = $array_company['company_id'];
$company_name = $array_company['company_name'];
$company_address = $array_company['company_address'];
$company_city = $array_company['company_city'];
$company_county = $array_company['company_county'];
$company_country = $array_company['company_country'];
$company_postcode = $array_company['company_postcode'];
$company_phone = $array_company['company_phone'];
$company_fax = $array_company['company_fax'];
$company_web = $array_company['company_web'];
$company_notes = $array_company['company_notes'];
// Determine the country
$sql_country = "SELECT country_printable_name FROM intranet_contacts_countrylist where country_id = '{$company_country}' LIMIT 1";
$result_country = mysql_query($sql_country, $conn);
$array_country = mysql_fetch_array($result_country);
$country_printable_name = $array_country['country_printable_name'];
}
if ($_GET[invoice_id] != NULL) {
$invoice_id = CleanNumber($_GET[invoice_id]);
$viewall = "";
} elseif ($_POST[viewall] != NULL) {
$viewall = "yes";
} else {
header("Location: ../index2.php");
}
if ($_POST[order_by] != NULL) {
$order_by = CleanUp($_POST[order_by]);
} else {
$order_by = "invoice_id";
}
if ($_POST[account_id] != NULL) {
$account_test = "AND invoice_account = " . CleanNumber($_POST[account_id]);
}
// Use FDPI to get the template
define('FPDF_FONTPATH', 'fpdf/font/');
require 'fpdf/fpdi.php';
$pdf = new fpdi();
$pagecount = $pdf->setSourceFile("pdf/template.pdf");
$tplidx = $pdf->ImportPage(1);
$pdf->AddFont($format_font, '', $format_font_2);
$counter = 1;
if ($viewall == "yes") {
$nowtime = time();
$sql_complete = "SELECT invoice_id FROM intranet_timesheet_invoice WHERE invoice_date < {$nowtime} {$account_test} ORDER BY {$order_by}";
$result_complete = mysql_query($sql_complete, $conn) or die(mysql_error());
} else {
$nowtime = time();
<?php
require_once 'secure/rollbar.php';
$config = array('access_token' => '79f4496bab774563862a8da48e15cf19', 'environment' => 'production', 'root' => '/Users/brian/www/myapp');
Rollbar::init($config);
// installs global error and exception handlers
Rollbar::init(array('access_token' => '79f4496bab774563862a8da48e15cf19'));
date_default_timezone_set('Europe/London ');
include "inc_action_functions.php";
if ($_GET[time] != NULL) {
$time = CleanNumber($_GET[time]);
setcookie("lastdayview", $time);
} else {
$time = time();
}
$ip_current = getenv("REMOTE_ADDR");
// get the ip number of the user
if ($_COOKIE[password] == NULL or $_COOKIE[user] == NULL) {
header("Location: login.php");
} else {
// Get the database variables from file
$database_read = file_get_contents("secure/database.inc");
$database_read_array = explode("\n", $database_read);
$settings_companyaddress = file_get_contents("secure/address.inc");
$database_location = $database_read_array[0];
$database_username = $database_read_array[1];
$database_password = $database_read_array[2];
$database_name = $database_read_array[3];
$settings_popup_login = $database_read_array[4];
$settings_popup_newmessage = $database_read_array[5];
$settings_style = $database_read_array[6];
<?php
// Begin to clean up the $_POST submissions
$message_id = CleanNumber($_POST[message_id]);
$message_from_id = CleanNumber($_POST[message_from_id]);
$message_from_name = CleanUpNames($_POST[message_from_name]);
$message_from_company = CleanUpNames($_POST[message_from_company]);
$message_from_number = CleanUp($_POST[message_from_number]);
$message_for_user = CleanNumber($_POST[message_for_user]);
$message_text = CleanUp($_POST[message_text]);
$message_viewed = CleanNumber($_POST[message_viewed]);
$message_date = time();
$message_project = CleanNumber($_POST[message_project]);
$message_taken = CleanNumber($_POST[message_taken]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($_POST[message_from_id] == "" and $_POST[message_from_name] == "") {
$alertmessage = "You have not entered the name of the caller.";
$page_redirect = "phonemessage_edit";
} elseif ($_POST[message_text] == "") {
$alertmessage = "The message was left empty.";
$page_redirect = "timesheet_expense_edit";
} else {
// Construct the MySQL instruction to add these entries to the database
if ($message_id > 0) {
$sql_edit = "UPDATE intranet_phonemessage SET\n\t\tmessage_from_id = '{$message_from_id}',\n\t\tmessage_from_name = '{$message_from_name}',\n\t\tmessage_from_company = '{$message_from_company}',\n\t\tmessage_from_number = '{$message_from_number}',\n\t\tmessage_for_user = '******',\n\t\tmessage_text = '{$message_text}',\n\t\tmessage_viewed = '{$message_viewed}',\n\t\tmessage_date = '{$message_date}',\n\t\tmessage_project = '{$message_project}',\n\t\tmessage_taken = '{$message_taken}'\n\t\tWHERE message_id = '{$message_id}'\n\t\tLIMIT 1";
$result = mysql_query($sql_edit, $conn) or die(mysql_error());
$actionmessage = "Telephone message updated successfully.";
$techmessage = $sql_edit;
} else {
$sql_add = "INSERT INTO intranet_phonemessage (\n\t\tmessage_id,\n\t\tmessage_from_id,\n\t\tmessage_from_name,\n\t\tmessage_from_company,\n\t\tmessage_from_number,\n\t\tmessage_for_user,\n\t\tmessage_text,\n\t\tmessage_viewed,\n\t\tmessage_date,\n\t\tmessage_project,\n\t\tmessage_taken\n\t\t) values (\n\t\t'NULL',\n\t\t'{$message_from_id}',\n\t\t'{$message_from_name}',\n\t\t'{$message_from_company}',\n\t\t'{$message_from_number}',\n\t\t'{$message_for_user}',\n\t\t'{$message_text}',\n\t\t'{$message_viewed}',\n\t\t'{$message_date}',\n\t\t'{$message_project}',\n\t\t'{$message_taken}'\n\t\t)";
$result = mysql_query($sql_add, $conn) or die(mysql_error());
<?php
unset($alertmessage);
// Begin to clean up the $_POST submissions
$answer_id = CleanNumber($_POST[answer_id]);
$answer_words = CleanNumber($_POST[answer_words]);
$answer_question = addslashes($_POST[answer_question]);
$answer_ref = CleanUp($_POST[answer_ref]);
$answer_tender_id = CleanNumber($_POST[answer_tender_id]);
$answer_weighting = CleanUp($_POST[answer_weighting]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($answer_ref == NULL or $answer_question == NULL) {
$alertmessage = "Empty fields are not allowed";
$page_redirect = "index2.php?page=tender_view&tender_id=2&edit_question={$answer_id}";
}
if ($alertmessage == NULL) {
// Construct the MySQL instruction to add these entries to the database
if ($answer_id > 0) {
$sql_edit = "UPDATE intranet_tender_answers SET\n\t\tanswer_ref = '{$answer_ref}',\n\t\tanswer_words = '{$answer_words}',\n\t\tanswer_question = '{$answer_question}',\n\t\tanswer_weighting = '{$answer_weighting}'\n\t\tWHERE answer_id = '{$answer_id}' LIMIT 1";
$result = mysql_query($sql_edit, $conn) or die(mysql_error());
$actionmessage = "Response updated successfully.";
$techmessage = $sql_edit;
} else {
$sql_add = "INSERT INTO intranet_tender_answers (\n\t\tanswer_id,\n\t\tanswer_ref,\n\t\tanswer_words,\n\t\tanswer_wordcount,\n\t\tanswer_question,\n\t\tanswer_weighting,\n\t\tanswer_complete,\n\t\tanswer_tender_id\n\t\t) values (\n\t\t'NULL',\n\t\t'{$answer_ref}',\n\t\t'{$answer_words}',\n\t\t'0',\n\t\t'{$answer_question}',\n\t\t'{$answer_weighting}',\n\t\t'',\n\t\t'{$answer_tender_id}'\n\t\t)";
$result = mysql_query($sql_add, $conn) or die(mysql_error());
$actionmessage = "Response added successfully.";
$techmessage = $sql_add;
}
}
<?php
if ($_GET[message_id] != NULL) {
$message_id = CleanNumber($_GET[message_id]);
}
if ($message_id > 0) {
$sql = "SELECT * FROM intranet_phonemessage where message_id = '{$message_id}'";
$result = mysql_query($sql, $conn);
$array = mysql_fetch_array($result);
$message_id = $array['message_id'];
$message_from_id = $array['message_from_id'];
$message_from_name = $array['message_from_name'];
$message_from_company = $array['message_from_company'];
$message_from_number = $array['message_from_number'];
$message_for_user = $array['message_for_user'];
$message_text = $array['message_text'];
$message_viewed = $array['message_viewed'];
$message_date = $array['message_date'];
$message_project = $array['message_project'];
$message_action = $array['message_action'];
print "<h1>Edit Existing Telephone Message</h1>";
print "<form method=\"post\" action=\"index2.php?page=project_view&message_id={$message_id}&project_id={$message_project}\">";
print "<input type=\"hidden\" name=\"message_id\" value=\"{$message_id}\" />";
} else {
$message_id = $_POST[message_id];
$message_from_id = $_POST[message_from_id];
$message_from_name = $_POST[message_from_name];
$message_from_company = $_POST[message_from_company];
$message_from_number = $_POST[message_from_number];
$message_for_user = $_POST[message_for_user];
$message_text = $_POST[message_text];
<?php
if ($_GET[proj_id] != NULL) {
$proj_id = CleanNumber($_GET[proj_id]);
} elseif ($_POST[blog_proj] != NULL) {
$proj_id = CleanNumber($_POST[blog_proj]);
} else {
$proj_id = NULL;
}
print "<h2>Journal Entries</h2>";
$sql = "SELECT * FROM intranet_projects_blog, intranet_projects, intranet_user_details WHERE blog_proj = proj_id AND proj_id = '{$proj_id}' AND blog_user = user_id order by blog_date DESC";
$result = mysql_query($sql, $conn) or die(mysql_error());
$result_project = mysql_query($sql, $conn) or die(mysql_error());
$array_project = mysql_fetch_array($result_project);
$proj_num = $array_project['proj_num'];
$proj_name = $array_project['proj_name'];
$user_name_first = $array_project['user_name_first'];
$user_name_second = $array_project['user_name_second'];
$user_id = $array_project['user_id'];
// Include a bar to navigate through the pages
print "<p class=\"submenu_bar\">";
$items_to_view = 10;
if ($_GET[limit] == NULL) {
$limit = 0;
} else {
$limit = $_GET[limit];
}
$total_items = mysql_num_rows($result);
$page_prev = $limit - $items_to_view;
$page_next = $limit + $items_to_view;
if ($limit > 0) {
<?php
$contact_proj_id = $_POST[contact_proj_id];
$contact_proj_role = CleanNumber($_POST[contacts_discipline]);
$contact_proj_contact = CleanNumber($_POST[contact_proj_contact]);
$contact_proj_note = CleanUp($_POST[contact_proj_note]);
$contact_proj_company = CleanNumber($_POST[contact_proj_company]);
if ($contact_proj_id > 0) {
$sql_edit = "UPDATE intranet_contacts_project SET\n\t\tcontact_proj_role = '{$contact_proj_role}',\n\t\tcontact_proj_contact = '{$contact_proj_contact}',\n\t\tcontact_proj_note = '{$contact_proj_note}',\n\t\tcontact_proj_company = '{$contact_proj_company}'\n\t\tWHERE contact_proj_id = '{$contact_proj_id}' LIMIT 1";
$result = mysql_query($sql_edit, $conn) or die(mysql_error());
$actionmessage = "Project contact updated successfully.";
$techmessage = $sql_edit;
}
<?php
// Begin to clean up the $_POST submissions
$invoice_item_value_novat = CleanNumber($_POST[invoice_value_novat]);
$invoice_item_invoice = CleanNumber($_POST[invoice_item_invoice]);
$invoice_item_vat = CleanNumber($_POST[invoice_item_vat]);
$invoice_item_novat = CleanUp($_POST[invoice_item_novat]);
$invoice_item_stage = CleanNumber($_POST[invoice_item_stage]);
$invoice_item_desc = CleanUp($_POST[invoice_item_desc]);
$current_vat = $settings_vat / 100 + 1;
if ($invoice_item_vat == 1) {
$invoice_item_vat = $invoice_item_novat * $current_vat;
} else {
$invoice_item_vat = $invoice_item_novat;
}
// Check the date input
if ($invoice_item_desc == NULL) {
$alertmessage = "The description is empty.";
$page = "timesheet_invoice_item_edit";
} else {
// Convert the date to a time
if ($_POST[invoice_item_id] != NULL) {
$sql_edit = "UPDATE intranet_timesheet_invoice_item SET\n\t\t\t\t\t\tinvoice_item_invoice = '{$invoice_item_invoice}',\n\t\t\t\t\t\tinvoice_item_stage = '{$invoice_item_stage}',\n\t\t\t\t\t\tinvoice_item_desc = '{$invoice_item_desc}',\n\t\t\t\t\t\tinvoice_item_novat = '{$invoice_item_novat}',\n\t\t\t\t\t\tinvoice_item_vat = '{$invoice_item_vat}'\n\t\t\t\t\t\tWHERE invoice_item_id = '{$_POST['invoice_item_id']}' LIMIT 1";
$result = mysql_query($sql_edit, $conn) or die(mysql_error());
$actionmessage = "Invoice {$invoice_ref} updated successfully.";
$techmessage = $sql_edit;
} else {
// Construct the MySQL instruction to add these entries to the database
$sql_add = "INSERT INTO intranet_timesheet_invoice_item (\n\t\t\t\t\t\tinvoice_item_id,\n\t\t\t\t\t\tinvoice_item_invoice,\n\t\t\t\t\t\tinvoice_item_stage,\n\t\t\t\t\t\tinvoice_item_desc,\n\t\t\t\t\t\tinvoice_item_novat,\n\t\t\t\t\t\tinvoice_item_vat\n\t\t\t\t\t\t) values (\n\t\t\t\t\t\t'NULL',\n\t\t\t\t\t\t'{$invoice_item_invoice}',\n\t\t\t\t\t\t'{$invoice_item_stage}',\n\t\t\t\t\t\t'{$invoice_item_desc}',\n\t\t\t\t\t\t'{$invoice_item_novat}',\n\t\t\t\t\t\t'{$invoice_item_vat}'\n\t\t\t\t\t\t)";
$result = mysql_query($sql_add, $conn) or die(mysql_error());
$actionmessage = "Invoice {$invoice_ref} added successfully.";
<?php
include "inc_files/inc_checkcookie.php";
$then_day = CleanNumber($_POST[then_day]);
$then_month = CleanNumber($_POST[then_month]);
$then_year = CleanNumber($_POST[then_year]);
$now_day = CleanNumber($_POST[now_day]);
$now_month = CleanNumber($_POST[now_month]);
$now_year = CleanNumber($_POST[now_year]);
$date_begin = mktime(0, 0, 0, $then_month, $then_day, $then_year);
$date_end = mktime(24, 0, 0, $now_month, $now_day, $now_year);
if ($date_end <= $date_begin or checkdate($then_month, $then_day, $then_year) != "TRUE" or checkdate($now_month, $now_day, $now_year) != "TRUE") {
$redirect = "Location:index2.php?page=timesheet_expense_analysis&then_day={$then_day}&then_month={$then_month}&then_year={$then_year}&now_day={$now_day}&now_month={$now_month}&now_year={$now_year}";
header($redirect);
}
if ($_POST[sorted_by] == "project") {
$expense_sortorder = "proj_num";
} elseif ($_POST[sorted_by] == "id") {
$expense_sortorder = "ts_expense_id";
} elseif ($_POST[sorted_by] == "ts_expense_vat") {
$expense_sortorder = "ts_expense_vat";
} else {
$expense_sortorder = "ts_expense_date";
}
if ($user_usertype_current <= 3) {
header("Location: index2.php");
}
// Begin creating the page
echo "<table><tr><td>ID</td><td>Date</td><td>Project</td><td>Description</td><td>Category</td><td>User</td><td>Date Verified</td><td>Invoice (ID) / Personal</td><td>Net.</td><td>VAT</td><td>Gross</td></tr>";
$expense_invoice_net = 0;
$expense_noinvoice_net = 0;
<?php
// Begin to clean up the $_GET submissions
$invoice_id = CleanNumber($_GET[invoice_id]);
$invoice_ref = CleanNumber($_GET[invoice_ref]);
if ($invoice_id != NULL) {
$sql_edit = "DELETE from intranet_timesheet_invoice\n\t\t\t\t\t\tWHERE invoice_id = '{$invoice_id}' LIMIT 1";
$result = mysql_query($sql_edit, $conn) or die(mysql_error());
$actionmessage = "Invoice <strong>{$invoice_ref}</strong> deleted successfully.";
$techmessage = $sql_edit;
}