Example #1
0
$title = _('Customer EDI Set Up');
include 'includes/header.inc';
echo '<a href="' . $rootpath . '/SelectCustomer.php">' . _('Back to Customers') . '</a><br />';
if (isset($Errors)) {
    unset($Errors);
}
$Errors = array();
$i = 0;
echo '<p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/customer.png" title="' . _('Search') . '" alt="" />' . ' ' . $title . '</p><br />';
if (isset($_POST['submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    if (ContainsIllegalCharacters($_POST['EDIReference'])) {
        $InputError = 1;
        prnMsg(_('The customers EDI reference code cannot contain any of the illegal characters'), 'warn');
    }
    if (mb_strlen($_POST['EDIReference']) < 4 and ($_POST['EDIInvoices'] == 1 or $_POST['EDIOrders'] == 1)) {
        $InputError = 1;
        prnMsg(_('The customers EDI reference code must be set when EDI Invoices or EDI orders are activated'), 'warn');
        $Errors[$i] = 'EDIReference';
        $i++;
    }
    if (mb_strlen($_POST['EDIAddress']) < 4 and $_POST['EDIInvoices'] == 1) {
        $InputError = 1;
        prnMsg(_('The customers EDI email address or FTP server address must be entered if EDI Invoices are to be sent'), 'warn');
        $Errors[$i] = 'EDIAddress';
        $i++;
    }
Example #2
0
     echo '<br />';
     $Errors[$i] = 'CodeExpense';
     $i++;
 } elseif (mb_strlen($_POST['CodeExpense']) > 20) {
     $InputError = 1;
     prnMsg(_('The Expense code must be twenty characters or less long'), 'error');
     echo '<br />';
     $Errors[$i] = 'CodeExpense';
     $i++;
 } elseif (ContainsIllegalCharacters($_POST['CodeExpense'])) {
     $InputError = 1;
     prnMsg(_('The Expense code cannot contain any of the following characters " \' - &amp;'), 'error');
     echo '<br />';
     $Errors[$i] = 'CodeExpense';
     $i++;
 } elseif (ContainsIllegalCharacters($_POST['Description'])) {
     $InputError = 1;
     prnMsg(_('The Expense description cannot contain any of the following characters " \' - &amp;'), 'error');
     echo '<br />';
     $Errors[$i] = 'Description';
     $i++;
 } elseif (mb_strlen($_POST['Description']) > 50) {
     $InputError = 1;
     prnMsg(_('The tab code must be Fifty characters or less long'), 'error');
     echo '<br />';
     echo '<br />';
     $Errors[$i] = 'Description';
     $i++;
 } elseif (mb_strlen($_POST['Description']) == 0) {
     $InputError = 1;
     echo prnMsg(_('The tab code description must be entered'), 'error');
/*Script to Delete all sales transactions*/
$PageSecurity = 15;
include 'includes/session.inc';
$title = _('UTILITY PAGE Change A Stock Code');
include 'includes/header.inc';
include 'includes/SQL_CommonFunctions.inc';
if (isset($_POST['ProcessStockChange'])) {
    $_POST['NewStockID'] = strtoupper($_POST['NewStockID']);
    /*First check the stock code exists */
    $result = DB_query("SELECT stockid FROM stockmaster WHERE stockid='" . $_POST['OldStockID'] . "'", $db);
    if (DB_num_rows($result) == 0) {
        prnMsg(_('The stock code') . ': ' . $_POST['OldStockID'] . ' ' . _('does not currently exist as a stock code in the system'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    if (ContainsIllegalCharacters($_POST['NewStockID'])) {
        prnMsg(_('The new stock code to change the old code to contains illegal characters - no changes will be made'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    if ($_POST['NewStockID'] == '') {
        prnMsg(_('The new stock code to change the old code to must be entered as well'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    /*Now check that the new code doesn't already exist */
    $result = DB_query("SELECT stockid FROM stockmaster WHERE stockid='" . $_POST['NewStockID'] . "'", $db);
    if (DB_num_rows($result) != 0) {
        echo '<br><br>';
        prnMsg(_('The replacement stock code') . ': ' . $_POST['NewStockID'] . ' ' . _('already exists as a stock code in the system') . ' - ' . _('a unique stock code must be entered for the new code'), 'error');
        include 'includes/footer.inc';
Example #4
0
$result = DB_query($sql, $db);
$myrow = DB_fetch_array($result);
$CustomerName = $myrow['name'];
echo '<p class="page_title_text">
		<img src="' . $RootPath . '/css/' . $Theme . '/images/customer.png" title="' . _('Customer') . '" alt="" />' . ' ' . _('Customer') . ' : ' . $_SESSION['CustomerID'] . ' - ' . $CustomerName . _(' has been selected') . '</p>
	<br />';
if (isset($_POST['submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    if (mb_strlen($_POST['UserID']) < 4) {
        $InputError = 1;
        prnMsg(_('The user ID entered must be at least 4 characters long'), 'error');
    } elseif (ContainsIllegalCharacters($_POST['UserID']) or mb_strstr($_POST['UserID'], ' ')) {
        $InputError = 1;
        prnMsg(_('User names cannot contain any of the following characters') . " - ' &amp; + \" \\ " . _('or a space'), 'error');
    } elseif (mb_strlen($_POST['Password']) < 5) {
        if (!$SelectedUser) {
            $InputError = 1;
            prnMsg(_('The password entered must be at least 5 characters long'), 'error');
        }
    } elseif (mb_strstr($_POST['Password'], $_POST['UserID']) != false) {
        $InputError = 1;
        prnMsg(_('The password cannot contain the user id'), 'error');
    } elseif (mb_strlen($_POST['Cust']) > 0 and mb_strlen($_POST['BranchCode']) == 0) {
        $InputError = 1;
        prnMsg(_('If you enter a Customer Code you must also enter a Branch Code valid for this Customer'), 'error');
    }
    if (mb_strlen($_POST['BranchCode']) > 0 and $InputError != 1) {
include 'includes/session.inc';
$Title = _('Units Of Measure');
include 'includes/header.inc';
echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/magnifier.png" title="' . _('Search') . '" alt="" />' . ' ' . $Title . '</p>';
if (isset($_GET['SelectedMeasureID'])) {
    $SelectedMeasureID = $_GET['SelectedMeasureID'];
} elseif (isset($_POST['SelectedMeasureID'])) {
    $SelectedMeasureID = $_POST['SelectedMeasureID'];
}
if (isset($_POST['Submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    if (ContainsIllegalCharacters($_POST['MeasureName'])) {
        $InputError = 1;
        prnMsg(_('The unit of measure cannot contain any of the illegal characters'), 'error');
    }
    if (trim($_POST['MeasureName']) == '') {
        $InputError = 1;
        prnMsg(_('The unit of measure may not be empty'), 'error');
    }
    if (isset($_POST['SelectedMeasureID']) and $_POST['SelectedMeasureID'] != '' and $InputError != 1) {
        /*SelectedMeasureID could also exist if submit had not been clicked this code would not run in this case cos submit is false of course  see the delete code below*/
        // Check the name does not clash
        $sql = "SELECT count(*) FROM unitsofmeasure\n\t\t\t\tWHERE unitid <> '" . $SelectedMeasureID . "'\n\t\t\t\tAND unitname " . LIKE . " '" . $_POST['MeasureName'] . "'";
        $result = DB_query($sql);
        $myrow = DB_fetch_row($result);
        if ($myrow[0] > 0) {
            $InputError = 1;
/* Was the Cancel button pressed the last time through ? */
if (isset($_POST['EnterCompanyDetails'])) {
    header('Location:' . $RootPath . '/CompanyPreferences.php?' . SID);
    exit;
}
$Title = _('Make New Company Database Utility');
include 'includes/header.inc';
/* Your webserver user MUST have read/write access to here,
	otherwise you'll be wasting your time */
if (!is_writeable('./companies/')) {
    prnMsg(_('The web-server does not appear to be able to write to the companies directory to create the required directories for the new company and to upload the logo to. The system administrator will need to modify the permissions on your installation before a new company can be created'), 'error');
    include 'includes/footer.inc';
    exit;
}
if (isset($_POST['submit']) and isset($_POST['NewDatabase'])) {
    if (mb_strlen($_POST['NewDatabase']) > 32 or ContainsIllegalCharacters($_POST['NewDatabase'])) {
        prnMsg(_('Company database must not contain spaces, \\& or " or \''), 'error');
    } else {
        $_POST['NewDatabase'] = strtolower($_POST['NewDatabase']);
        echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?' . SID . '">';
        echo '<div class="centre">';
        echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
        /* check for directory existence */
        if (!file_exists('./companies/' . $_POST['NewDatabase']) and (isset($_FILES['LogoFile']) and $_FILES['LogoFile']['name'] != '')) {
            $result = $_FILES['LogoFile']['error'];
            $UploadTheLogo = 'Yes';
            //Assume all is well to start off with
            $filename = './companies/' . $_POST['NewDatabase'] . '/logo.jpg';
            //But check for the worst
            if (mb_strtoupper(mb_substr(trim($_FILES['LogoFile']['name']), mb_strlen($_FILES['LogoFile']['name']) - 3)) != 'JPG') {
                prnMsg(_('Only jpg files are supported - a file extension of .jpg is expected'), 'warn');
    include 'includes/footer.inc';
    exit;
}
$ModuleList = array(_('Orders'), _('Receivables'), _('Payables'), _('Purchasing'), _('Inventory'), _('Manufacturing'), _('General Ledger'), _('Asset Manager'), _('Petty Cash'), _('Setup'));
echo '<a href="' . $RootPath . '/SelectSupplier.php?">' . _('Back to Suppliers') . '</a><br />';
echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/supplier.png" title="' . _('Supplier') . '" alt="" />' . ' ' . _('Supplier') . ' : ' . $_SESSION['SupplierID'] . _(' has been selected') . '</p><br />';
if (isset($_POST['submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    if (mb_strlen($_POST['UserID']) < 4) {
        $InputError = 1;
        prnMsg(_('The user ID entered must be at least 4 characters long'), 'error');
    } elseif (ContainsIllegalCharacters($_POST['UserID'])) {
        $InputError = 1;
        prnMsg(_('User names cannot contain any of the following characters') . " - ' & + \" \\ " . _('or a space'), 'error');
    } elseif (mb_strlen($_POST['Password']) < 5) {
        $InputError = 1;
        prnMsg(_('The password entered must be at least 5 characters long'), 'error');
    } elseif (mb_strstr($_POST['Password'], $_POST['UserID']) != False) {
        $InputError = 1;
        prnMsg(_('The password cannot contain the user id'), 'error');
    }
    /* Make a comma separated list of modules allowed ready to update the database*/
    $i = 0;
    $ModulesAllowed = '';
    while ($i < count($ModuleList)) {
        $ModulesAllowed .= ' ' . ',';
        //no any modules allowed for the suppliers
Example #8
0
 $InputError = 0;
 $i = 1;
 /* actions to take once the user has clicked the submit button
 	ie the page has called itself with some user input */
 //first off validate inputs sensible
 if (isset($_POST['SectionID'])) {
     $sql = "SELECT sectionid\n\t\t\t\t\tFROM accountsection\n\t\t\t\t\tWHERE sectionid='" . $_POST['SectionID'] . "'";
     $result = DB_query($sql, $db);
     if (DB_num_rows($result) != 0 and !isset($_POST['SelectedSectionID'])) {
         $InputError = 1;
         prnMsg(_('The account section already exists in the database'), 'error');
         $Errors[$i] = 'SectionID';
         $i++;
     }
 }
 if (ContainsIllegalCharacters($_POST['SectionName'])) {
     $InputError = 1;
     prnMsg(_('The account section name cannot contain any illegal characters'), 'error');
     $Errors[$i] = 'SectionName';
     $i++;
 }
 if (mb_strlen($_POST['SectionName']) == 0) {
     $InputError = 1;
     prnMsg(_('The account section name must contain at least one character'), 'error');
     $Errors[$i] = 'SectionName';
     $i++;
 }
 if (isset($_POST['SectionID']) and !is_numeric($_POST['SectionID'])) {
     $InputError = 1;
     prnMsg(_('The section number must be an integer'), 'error');
     $Errors[$i] = 'SectionID';
Example #9
0
<?php

include 'includes/session.inc';
$Title = _('Stock Of Controlled Items');
include 'includes/header.inc';
echo '<p class="page_title_text noPrint" >
		<img src="' . $RootPath . '/css/' . $Theme . '/images/inventory.png" title="' . _('Inventory') . '" alt="" /><b>' . $Title . '</b>
	</p>';
if (isset($_GET['StockID'])) {
    if (ContainsIllegalCharacters($_GET['StockID'])) {
        prnMsg(_('The stock code sent to this page appears to be invalid'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    $StockID = trim(mb_strtoupper($_GET['StockID']));
} else {
    prnMsg(_('This page must be called with parameters specifying the item to show the serial references and quantities') . '. ' . _('It cannot be displayed without the proper parameters being passed'), 'error');
    include 'includes/footer.inc';
    exit;
}
$result = DB_query("SELECT description,\n\t\t\t\t\t\t\tunits,\n\t\t\t\t\t\t\tmbflag,\n\t\t\t\t\t\t\tdecimalplaces,\n\t\t\t\t\t\t\tserialised,\n\t\t\t\t\t\t\tcontrolled,\n\t\t\t\t\t\t\tperishable\n\t\t\t\t\t\tFROM stockmaster\n\t\t\t\t\t\tWHERE stockid='" . $StockID . "'", $db, _('Could not retrieve the requested item because'));
$myrow = DB_fetch_array($result);
$Description = $myrow['description'];
$UOM = $myrow['units'];
$DecimalPlaces = $myrow['decimalplaces'];
$Serialised = $myrow['serialised'];
$Controlled = $myrow['controlled'];
$Perishable = $myrow['perishable'];
if ($myrow['mbflag'] == 'K' or $myrow['mbflag'] == 'A' or $myrow['mbflag'] == 'D') {
    prnMsg(_('This item is either a kitset or assembly or a dummy part and cannot have a stock holding') . '. ' . _('This page cannot be displayed') . '. ' . _('Only serialised or controlled items can be displayed in this page'), 'error');
    include 'includes/footer.inc';
 if ($myrow[0] > 0 and isset($_POST['New'])) {
     $InputError = 1;
     prnMsg(_('The company number already exists in the database'), 'error');
     $Errors[$i] = 'DebtorNo';
     $i++;
 } elseif (strlen($_POST['CustName']) > 40 or strlen($_POST['CustName']) == 0) {
     $InputError = 1;
     prnMsg(_('The company name must be entered and be forty characters or less long'), 'error');
     $Errors[$i] = 'CustName';
     $i++;
 } elseif (strlen($_POST['DebtorNo']) == 0) {
     $InputError = 1;
     prnMsg(_('The debtor code cannot be empty'), 'error');
     $Errors[$i] = 'DebtorNo';
     $i++;
 } elseif (ContainsIllegalCharacters($_POST['DebtorNo']) or strpos($_POST['DebtorNo'], ' ')) {
     $InputError = 1;
     prnMsg(_('The customer code cannot contain any of the illefal characters'), 'error');
     $Errors[$i] = 'DebtorNo';
     $i++;
 } elseif (strlen($_POST['Address1']) > 40) {
     $InputError = 1;
     prnMsg(_('The Line 1 of the address must be forty characters or less long'), 'error');
     $Errors[$i] = 'Address1';
     $i++;
 } elseif (strlen($_POST['Address2']) > 40) {
     $InputError = 1;
     prnMsg(_('The Line 2 of the address must be forty characters or less long'), 'error');
     $Errors[$i] = 'Address2';
     $i++;
 } elseif (strlen($_POST['Address3']) > 40) {
        $GroupName = trim($_GET['GroupName']);
    } else {
        prnMsg(_('The Group Name should be less than 100 and cannot contains illegal characters'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    if (isset($_GET['UserId']) and mb_strlen($_GET['UserId']) < 21 and !ContainsIllegalCharacters($_GET['UserId'])) {
        $UserId = $_GET['UserId'];
    } else {
        prnMsg(_('The User Id should be set and must be less than 21 and cannot contains illegal characters'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    if (isset($_GET['GroupId']) and is_numeric($_GET['GroupId'])) {
        $GroupId = (int) $_GET['GroupId'];
        if (isset($_GET['GroupName']) and mb_strlen($_GET['GroupName']) <= 100 and !ContainsIllegalCharacters($_GET['GroupName'])) {
            $GroupName = trim($_GET['GroupName']);
        } else {
            prnMsg(_('The Group Name should be less than 100 and cannot contains illegal characters'), 'error');
            include 'includes/footer.inc';
            exit;
        }
    }
    $sql = "DELETE FROM mailgroupdetails WHERE userid = '" . $UserId . "' AND groupname = '" . $GroupName . "'";
    $ErrMsg = 'Failed to delete the userid ' . $UserId . ' from group ' . $GroupName;
    $result = DB_query($sql, $db, $ErrMsg);
    GetUsers($GroupId, $GroupName);
}
if (!isset($_GET['Edit'])) {
    //display the input form
    ?>
Example #12
0
include 'includes/session.inc';
$Title = _('Departments');
include 'includes/header.inc';
echo '<p class="page_title_text noPrint" ><img src="' . $RootPath . '/css/' . $Theme . '/images/magnifier.png" title="' . _('Departments') . '" alt="" />' . ' ' . $Title . '</p>';
if (isset($_GET['SelectedDepartmentID'])) {
    $SelectedDepartmentID = $_GET['SelectedDepartmentID'];
} elseif (isset($_POST['SelectedDepartmentID'])) {
    $SelectedDepartmentID = $_POST['SelectedDepartmentID'];
}
if (isset($_POST['Submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    if (ContainsIllegalCharacters($_POST['DepartmentName'])) {
        $InputError = 1;
        prnMsg(_('The description of the department must not contain the character') . " '&amp;' " . _('or the character') . " '", 'error');
    }
    if (trim($_POST['DepartmentName']) == '') {
        $InputError = 1;
        prnMsg(_('The Name of the Department should not be empty'), 'error');
    }
    if (isset($_POST['SelectedDepartmentID']) and $_POST['SelectedDepartmentID'] != '' and $InputError != 1) {
        /*SelectedDepartmentID could also exist if submit had not been clicked this code would not run in this case cos submit is false of course  see the delete code below*/
        // Check the name does not clash
        $sql = "SELECT count(*) FROM departments\n\t\t\t\tWHERE departmentid <> '" . $SelectedDepartmentID . "'\n\t\t\t\tAND description " . LIKE . " '" . $_POST['DepartmentName'] . "'";
        $result = DB_query($sql, $db);
        $myrow = DB_fetch_row($result);
        if ($myrow[0] > 0) {
            $InputError = 1;
$BookMark = 'Z_ChangeGLAccountCode';
// Anchor's id in the manual's html document.
include 'includes/header.inc';
echo '<p class="page_title_text"><img alt="" src="' . $RootPath . '/css/' . $Theme . '/images/gl.png" title="' . _('Change A GL Account Code') . '" /> ' . _('Change A GL Account Code') . '</p>';
// Page title.
include 'includes/SQL_CommonFunctions.inc';
if (isset($_POST['ProcessGLAccountCode'])) {
    $InputError = 0;
    $_POST['NewAccountCode'] = mb_strtoupper($_POST['NewAccountCode']);
    /*First check the code exists */
    $result = DB_query("SELECT accountcode FROM chartmaster WHERE accountcode='" . $_POST['OldAccountCode'] . "'");
    if (DB_num_rows($result) == 0) {
        prnMsg(_('The GL account code') . ': ' . $_POST['OldAccountCode'] . ' ' . _('does not currently exist as a GL account code in the system'), 'error');
        $InputError = 1;
    }
    if (ContainsIllegalCharacters($_POST['NewAccountCode'])) {
        prnMsg(_('The new GL account code to change the old code to contains illegal characters - no changes will be made'), 'error');
        $InputError = 1;
    }
    if ($_POST['NewAccountCode'] == '') {
        prnMsg(_('The new GL account code to change the old code to must be entered as well'), 'error');
        $InputError = 1;
    }
    /*Now check that the new code doesn't already exist */
    $result = DB_query("SELECT accountcode FROM chartmaster WHERE accountcode='" . $_POST['NewAccountCode'] . "'");
    if (DB_num_rows($result) != 0) {
        echo '<br /><br />';
        prnMsg(_('The replacement GL account code') . ': ' . $_POST['NewAccountCode'] . ' ' . _('already exists as a GL account code in the system') . ' - ' . _('a unique GL account code must be entered for the new code'), 'error');
        $InputError = 1;
    }
    if ($InputError == 0) {
Example #14
0
 $InputError = 0;
 /* actions to take once the user has clicked the submit button
 	ie the page has called itself with some user input */
 //first off validate inputs sensible
 $i = 1;
 if ($_POST['TypeTabCode'] == '') {
     $InputError = 1;
     prnMsg('<br />' . _('The Tabs type code cannot be an empty string'), 'error');
     $Errors[$i] = 'TypeTabCode';
     $i++;
 } elseif (mb_strlen($_POST['TypeTabCode']) > 20) {
     $InputError = 1;
     echo prnMsg(_('The tab code must be twenty characters or less long'), 'error');
     $Errors[$i] = 'TypeTabCode';
     $i++;
 } elseif (ContainsIllegalCharacters($_POST['TypeTabCode']) or mb_strpos($_POST['TypeTabCode'], ' ') > 0) {
     $InputError = 1;
     prnMsg(_('The petty cash tab type code cannot contain any of the illegal characters'), 'error');
 } elseif (mb_strlen($_POST['TypeTabDescription']) > 50) {
     $InputError = 1;
     echo prnMsg(_('The tab code must be Fifty characters or less long'), 'error');
     $Errors[$i] = 'TypeTabCode';
     $i++;
 }
 if (isset($SelectedTab) and $InputError != 1) {
     $sql = "UPDATE pctypetabs\n\t\t\tSET typetabdescription = '" . $_POST['TypeTabDescription'] . "'\n\t\t\tWHERE typetabcode = '" . $SelectedTab . "'";
     $msg = _('The Tabs type') . ' ' . $SelectedTab . ' ' . _('has been updated');
 } elseif ($InputError != 1) {
     // First check the type is not being duplicated
     $checkSql = "SELECT count(*)\n\t\t\t\t FROM pctypetabs\n\t\t\t\t WHERE typetabcode = '" . $_POST['TypeTabCode'] . "'";
     $checkresult = DB_query($checkSql, $db);
$Title = _('Customer EDI Set Up');
include 'includes/header.inc';
echo '<a href="' . $RootPath . '/SelectCustomer.php">' . _('Back to Customers') . '</a><br />';
if (isset($Errors)) {
    unset($Errors);
}
$Errors = array();
$i = 0;
echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/customer.png" title="' . _('Search') . '" alt="" />' . ' ' . $Title . '</p><br />';
if (isset($_POST['submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    if (ContainsIllegalCharacters($_POST['EDIReference']) or mb_strstr($_POST['EDIReference'], ' ')) {
        $InputError = 1;
        prnMsg(_('The customers EDI reference code cannot contain any of the following characters') . ' - \' &amp; + \\" ' . _('or a space'), 'warn');
    }
    if (mb_strlen($_POST['EDIReference']) < 4 and ($_POST['EDIInvoices'] == 1 or $_POST['EDIOrders'] == 1)) {
        $InputError = 1;
        prnMsg(_('The customers EDI reference code must be set when EDI Invoices or EDI orders are activated'), 'warn');
        $Errors[$i] = 'EDIReference';
        $i++;
    }
    if (mb_strlen($_POST['EDIAddress']) < 4 and $_POST['EDIInvoices'] == 1) {
        $InputError = 1;
        prnMsg(_('The customers EDI email address or FTP server address must be entered if EDI Invoices are to be sent'), 'warn');
        $Errors[$i] = 'EDIAddress';
        $i++;
    }
Example #16
0
         * as determined from user id /password entry  */
        $_SESSION['RequireCustomerSelection'] = 1;
    } else {
        $_SESSION['RequireCustomerSelection'] = 0;
    }
}
if (isset($_POST['CommitContract']) or isset($_POST['CreateQuotation'])) {
    /*This is the bit where the contract object is commited to the database after a bit of error checking */
    //First update the session['Contract'.$identifier] variable with all inputs from the form
    $InputError = False;
    //assume no errors on input then test for errors
    if (mb_strlen($_POST['ContractRef']) < 2) {
        prnMsg(_('The contract reference is expected to be more than 2 characters long. Please alter the contract reference before proceeding.'), 'error');
        $InputError = true;
    }
    if (ContainsIllegalCharacters($_POST['ContractRef'])) {
        prnMsg(_('The contract reference cannot contain any spaces, slashes, or inverted commas. Please alter the contract reference before proceeding.'), 'error');
        $InputError = true;
    }
    //The contractRef cannot be the same as an existing stockid or contractref
    $result = DB_query("SELECT stockid FROM stockmaster WHERE stockid='" . $_POST['ContractRef'] . "'");
    if (DB_num_rows($result) == 1 and $_SESSION['Contract' . $identifier]->Status == 0) {
        prnMsg(_('The contract reference cannot be the same as a previously created stock item. Please modify the contract reference before continuing'), 'error');
        $InputError = true;
    }
    if (mb_strlen($_POST['ContractDescription']) < 10) {
        prnMsg(_('The contract description is expected to be more than 10 characters long. Please alter the contract description in full before proceeding.'), 'error');
        $InputError = true;
    }
    if (!Is_Date($_POST['RequiredDate'])) {
        prnMsg(_('The date the contract is required to be completed by must be entered in the format') . ' ' . $_SESSION['DefaultDateFormat'], 'error');
Example #17
0
/* Was the Cancel button pressed the last time through ? */
if (isset($_POST['EnterCompanyDetails'])) {
    header('Location:' . $rootpath . '/CompanyPreferences.php?' . SID);
    exit;
}
$title = _('Make New Company Database Utility');
include 'includes/header.inc';
/* Your webserver user MUST have read/write access to here,
	otherwise you'll be wasting your time */
if (!is_writeable('./companies/')) {
    prnMsg(_('The web-server does not appear to be able to write to the companies directory to create the required directories for the new company and to upload the logo to. The system administrator will need to modify the permissions on your installation before a new company can be created'), 'error');
    include 'includes/footer.inc';
    exit;
}
if (isset($_POST['submit']) and isset($_POST['NewCompany'])) {
    if (strlen($_POST['NewCompany']) > 32 or ContainsIllegalCharacters($_POST['NewCompany'])) {
        prnMsg(_('Company abbreviations must not contain spaces, \\& or " or \''), 'error');
    } else {
        $_POST['NewCompany'] = strtolower($_POST['NewCompany']);
        echo '<CENTER>';
        echo '<FORM METHOD="post" ACTION=' . $_SERVER['PHP_SELF'] . '?' . SID . '>';
        /* check for directory existence */
        if (!file_exists('./companies/' . $_POST['NewCompany']) and (isset($_FILES['LogoFile']) and $_FILES['LogoFile']['name'] != '')) {
            $result = $_FILES['LogoFile']['error'];
            $UploadTheLogo = 'Yes';
            //Assume all is well to start off with
            $filename = './companies/' . $_POST['NewCompany'] . '/logo.jpg';
            //But check for the worst
            if (strtoupper(substr(trim($_FILES['LogoFile']['name']), strlen($_FILES['LogoFile']['name']) - 3)) != 'JPG') {
                prnMsg(_('Only jpg files are supported - a file extension of .jpg is expected'), 'warn');
                $UploadTheLogo = 'No';
Example #18
0
include 'includes/header.inc';
echo '<p class="page_title_text noPrint" >
		<img src="' . $RootPath . '/css/' . $Theme . '/images/maintenance.png" title="' . _('Search') . '" alt="" />' . ' ' . $Title . '
	</p>';
if (isset($_GET['SelectedTaxProvince'])) {
    $SelectedTaxProvince = $_GET['SelectedTaxProvince'];
} elseif (isset($_POST['SelectedTaxProvince'])) {
    $SelectedTaxProvince = $_POST['SelectedTaxProvince'];
}
if (isset($_POST['submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    if (ContainsIllegalCharacters($_POST['TaxProvinceName'])) {
        $InputError = 1;
        prnMsg(_('The tax province name cannot contain any of the illegal characters'), 'error');
    }
    if (trim($_POST['TaxProvinceName']) == '') {
        $InputError = 1;
        prnMsg(_('The tax province name may not be empty'), 'error');
    }
    if (isset($_POST['SelectedTaxProvince']) and $_POST['SelectedTaxProvince'] != '' and $InputError != 1) {
        /*SelectedTaxProvince could also exist if submit had not been clicked this code would not run in this case cos submit is false of course  see the delete code below*/
        // Check the name does not clash
        $sql = "SELECT count(*) FROM taxprovinces\n\t\t\t\tWHERE taxprovinceid <> '" . $SelectedTaxProvince . "'\n\t\t\t\tAND taxprovincename " . LIKE . " '" . $_POST['TaxProvinceName'] . "'";
        $result = DB_query($sql, $db);
        $myrow = DB_fetch_row($result);
        if ($myrow[0] > 0) {
            $InputError = 1;
Example #19
0
     prnMsg(_('Stock item "' . $StockID . '" already exists'), 'error');
 }
 //next validate inputs are sensible
 if (!$myrow[1] or mb_strlen($myrow[1]) > 50 or mb_strlen($myrow[1]) == 0) {
     $InputError = 1;
     prnMsg(_('The stock item description must be entered and be fifty characters or less long') . '. ' . _('It cannot be a zero length string either') . ' - ' . _('a description is required') . ' ("' . implode('","', $myrow) . $stockid . '") ', 'error');
 }
 if (mb_strlen($myrow[2]) == 0) {
     $InputError = 1;
     prnMsg(_('The stock item description cannot be a zero length string') . ' - ' . _('a long description is required'), 'error');
 }
 if (mb_strlen($StockID) == 0) {
     $InputError = 1;
     prnMsg(_('The Stock Item code cannot be empty'), 'error');
 }
 if (ContainsIllegalCharacters($StockID) or mb_strstr($StockID, ' ')) {
     $InputError = 1;
     prnMsg(_('The stock item code cannot contain any of the following characters') . " ' & + \" \\ " . _('or a space') . " (" . $StockID . ")", 'error');
     $StockID = '';
 }
 if (mb_strlen($myrow[4]) > 20) {
     $InputError = 1;
     prnMsg(_('The unit of measure must be 20 characters or less long'), 'error');
 }
 if (mb_strlen($myrow[13]) > 20) {
     $InputError = 1;
     prnMsg(_('The barcode must be 20 characters or less long'), 'error');
 }
 if ($myrow[10] != 0 and $myrow[10] != 1) {
     $InputError = 1;
     prnMsg(_('Values in the Perishable field must be either 0 (No) or 1 (Yes)'), 'error');
Example #20
0
 if ($myrow[0] > 0 and isset($_POST['New'])) {
     $InputError = 1;
     prnMsg(_('The customer number already exists in the database'), 'error');
     $Errors[$i] = 'DebtorNo';
     $i++;
 } elseif (mb_strlen($_POST['CustName']) > 40 or mb_strlen($_POST['CustName']) == 0) {
     $InputError = 1;
     prnMsg(_('The customer name must be entered and be forty characters or less long'), 'error');
     $Errors[$i] = 'CustName';
     $i++;
 } elseif ($_SESSION['AutoDebtorNo'] == 0 and mb_strlen($_POST['DebtorNo']) == 0) {
     $InputError = 1;
     prnMsg(_('The debtor code cannot be empty'), 'error');
     $Errors[$i] = 'DebtorNo';
     $i++;
 } elseif ($_SESSION['AutoDebtorNo'] == 0 and (ContainsIllegalCharacters($_POST['DebtorNo']) or mb_strpos($_POST['DebtorNo'], ' '))) {
     $InputError = 1;
     prnMsg(_('The customer code cannot contain any of the following characters') . " . - ' &amp; + \" " . _('or a space'), 'error');
     $Errors[$i] = 'DebtorNo';
     $i++;
 } elseif (mb_strlen($_POST['Address1']) > 40) {
     $InputError = 1;
     prnMsg(_('The Line 1 of the address must be forty characters or less long'), 'error');
     $Errors[$i] = 'Address1';
     $i++;
 } elseif (mb_strlen($_POST['Address2']) > 40) {
     $InputError = 1;
     prnMsg(_('The Line 2 of the address must be forty characters or less long'), 'error');
     $Errors[$i] = 'Address2';
     $i++;
 } elseif (mb_strlen($_POST['Address3']) > 40) {
Example #21
0
if (isset($Errors)) {
    unset($Errors);
}
//initialise no input errors assumed initially before we test
$Errors = array();
$InputError = 0;
if (isset($_POST['submit'])) {
    $i = 1;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    //first off validate inputs sensible
    $_POST['BranchCode'] = mb_strtoupper($_POST['BranchCode']);
    if ($_SESSION['SalesmanLogin'] != '') {
        $_POST['Salesman'] = $_SESSION['SalesmanLogin'];
    }
    if (ContainsIllegalCharacters($_POST['BranchCode']) or mb_strstr($_POST['BranchCode'], ' ')) {
        $InputError = 1;
        prnMsg(_('The Branch code cannot contain any of the following characters') . " -  &amp; \\' &lt; &gt;", 'error');
        $Errors[$i] = 'BranchCode';
        $i++;
    }
    if (mb_strlen($_POST['BranchCode']) == 0) {
        $InputError = 1;
        prnMsg(_('The Branch code must be at least one character long'), 'error');
        $Errors[$i] = 'BranchCode';
        $i++;
    }
    if (!is_numeric($_POST['FwdDate'])) {
        $InputError = 1;
        prnMsg(_('The date after which invoices are charged to the following month is expected to be a number and a recognised number has not been entered'), 'error');
        $Errors[$i] = 'FwdDate';
/* $Id$ */
include 'includes/session.inc';
$title = _('UTILITY PAGE Change A Stock Category');
include 'includes/header.inc';
include 'includes/SQL_CommonFunctions.inc';
if (isset($_POST['ProcessStockChange'])) {
    $_POST['NewStockCategory'] = strtoupper($_POST['NewStockCategory']);
    /*First check the stock code exists */
    $result = DB_query("SELECT categoryid FROM stockcategory WHERE categoryid='" . $_POST['OldStockCategory'] . "'", $db);
    if (DB_num_rows($result) == 0) {
        prnMsg(_('The stock Category') . ': ' . $_POST['OldStockCategory'] . ' ' . _('does not currently exist as a stock category in the system'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    if (ContainsIllegalCharacters($_POST['NewStockCategory'])) {
        prnMsg(_('The new stock code to change the old code to contains illegal characters - no changes will be made'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    if ($_POST['NewStockCategory'] == '') {
        prnMsg(_('The new stock code to change the old code to must be entered as well'), 'error');
        include 'includes/footer.inc';
        exit;
    }
    /*Now check that the new code doesn't already exist */
    $result = DB_query("SELECT categoryid FROM stockcategory WHERE categoryid='" . $_POST['NewStockCategory'] . "'", $db);
    if (DB_num_rows($result) != 0) {
        echo '<br /><br />';
        prnMsg(_('The replacement stock category') . ': ' . $_POST['NewStockCategory'] . ' ' . _('already exists as a stock category in the system') . ' - ' . _('a unique stock category must be entered for the new stock category'), 'error');
        include 'includes/footer.inc';
Example #23
0
 $i = 1;
 /* actions to take once the user has clicked the submit button
 		ie the page has called itself with some user input */
 if (mb_strlen(trim($_POST['SuppName'])) > 40 or mb_strlen(trim($_POST['SuppName'])) == 0 or trim($_POST['SuppName']) == '') {
     $InputError = 1;
     prnMsg(_('The supplier name must be entered and be forty characters or less long'), 'error');
     $Errors[$i] = 'Name';
     $i++;
 }
 if (mb_strlen($SupplierID) == 0) {
     $InputError = 1;
     prnMsg(_('The Supplier Code cannot be empty'), 'error');
     $Errors[$i] = 'ID';
     $i++;
 }
 if (ContainsIllegalCharacters($SupplierID)) {
     $InputError = 1;
     prnMsg(_('The supplier code cannot contain any of the illegal characters'), 'error');
     $Errors[$i] = 'ID';
     $i++;
 }
 if (mb_strlen($_POST['Phone']) > 25) {
     $InputError = 1;
     prnMsg(_('The telephone number must be 25 characters or less long'), 'error');
     $Errors[$i] = 'Telephone';
     $i++;
 }
 if (mb_strlen($_POST['Fax']) > 25) {
     $InputError = 1;
     prnMsg(_('The fax number must be 25 characters or less long'), 'error');
     $Errors[$i] = 'Fax';
Example #24
0
 /* actions to take once the user has clicked the submit button
 	ie the page has called itself with some user input */
 //first off validate inputs sensible
 $i = 1;
 $sql = "SELECT count(groupname)\n\t\t\tFROM accountgroups\n\t\t\tWHERE groupname='" . $_POST['GroupName'] . "'";
 $DbgMsg = _('The SQL that was used to retrieve the information was');
 $ErrMsg = _('Could not check whether the group exists because');
 $result = DB_query($sql, $db, $ErrMsg, $DbgMsg);
 $myrow = DB_fetch_row($result);
 if ($myrow[0] != 0 and $_POST['SelectedAccountGroup'] == '') {
     $InputError = 1;
     prnMsg(_('The account group name already exists in the database'), 'error');
     $Errors[$i] = 'GroupName';
     $i++;
 }
 if (ContainsIllegalCharacters($_POST['GroupName'])) {
     $InputError = 1;
     prnMsg(_('The account group name cannot contain the character') . " '&' " . _('or the character') . "' '", 'error');
     $Errors[$i] = 'GroupName';
     $i++;
 }
 if (mb_strlen($_POST['GroupName']) == 0) {
     $InputError = 1;
     prnMsg(_('The account group name must be at least one character long'), 'error');
     $Errors[$i] = 'GroupName';
     $i++;
 }
 if ($_POST['ParentGroupName'] != '') {
     if (CheckForRecursiveGroup($_POST['GroupName'], $_POST['ParentGroupName'], $db)) {
         $InputError = 1;
         prnMsg(_('The parent account group selected appears to result in a recursive account structure - select an alternative parent account group or make this group a top level account group'), 'error');
 $_POST['NewLocationID'] = mb_strtoupper($_POST['NewLocationID']);
 /*First check the location code exists */
 $result = DB_query("SELECT loccode FROM locations WHERE loccode='" . $_POST['OldLocationID'] . "'", $db);
 if (DB_num_rows($result) == 0) {
     prnMsg(_('The location code') . ': ' . $_POST['OldLocationID'] . ' ' . _('does not currently exist as a location code in the system'), 'error');
     $InputError = 1;
 }
 if (ContainsIllegalCharacters($_POST['NewLocationID'])) {
     prnMsg(_('The new location code to change the old code to contains illegal characters - no changes will be made'), 'error');
     $InputError = 1;
 }
 if ($_POST['NewLocationID'] == '') {
     prnMsg(_('The new location code to change the old code to must be entered as well'), 'error');
     $InputError = 1;
 }
 if (ContainsIllegalCharacters($_POST['NewLocationName'])) {
     prnMsg(_('The new location name to change the old name to contains illegal characters - no changes will be made'), 'error');
     $InputError = 1;
 }
 if ($_POST['NewLocationName'] == '') {
     prnMsg(_('The new location name to change the old name to must be entered as well'), 'error');
     $InputError = 1;
 }
 /*Now check that the new code doesn't already exist */
 $result = DB_query("SELECT loccode FROM locations WHERE loccode='" . $_POST['NewLocationID'] . "'", $db);
 if (DB_num_rows($result) != 0) {
     echo '<br /><br />';
     prnMsg(_('The replacement location code') . ': ' . $_POST['NewLocationID'] . ' ' . _('already exists as a location code in the system') . ' - ' . _('a unique location code must be entered for the new code'), 'error');
     $InputError = 1;
 }
 if ($InputError == 0) {
     $Errors[$i] = 'FaxNo';
     $i++;
 }
 if ($_POST['ContactName'] !== null and mb_strlen($_POST['ContactName']) > 30) {
     $InputError = 1;
     prnMsg(_('The contact name must not be over 30 characters'), 'error');
     $Errors[$i] = 'ContactName';
     $i++;
 }
 if ($_POST['Email'] !== null and !filter_var($_POST['Email'], FILTER_VALIDATE_EMAIL)) {
     $InputError = 1;
     prnMsg(_('The email address is not valid'), 'error');
     $Errors[$i] = 'Email';
     $i++;
 }
 if (ContainsIllegalCharacters($_POST['BrName']) or mb_strlen($_POST['BrName']) > 40) {
     $InputError = 1;
     prnMsg(_('The Branch code cannot contain any of the following characters') . " -  &amp; \\' &lt; &gt;" . ' ' . _('Or length is over 40'), 'error');
     $Errors[$i] = 'BrName';
     $i++;
 }
 if (empty($_POST['Area']) or !in_array($_POST['Area'], $Areas, true)) {
     $InputError = 1;
     prnMsg(_('The sales area not empty and must exist.'), 'error');
     $Errors[$i] = 'Area';
     $i++;
 }
 if (empty($_POST['DefaultLocation']) or !in_array($_POST['DefaultLocation'], $Locations, true)) {
     $InputError = 1;
     prnMsg(_('The default location not empty and must exist.'), 'error');
     $Errors[$i] = 'DefaultLocation';
<?php

include 'includes/session.inc';
$title = _('Maintenance Of Petty Cash Expenses For a Type Tab');
include 'includes/header.inc';
echo '<p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/money_add.png" title="' . _('Payment Entry') . '" alt="" />' . ' ' . $title . '</p>';
if (isset($_POST['SelectedType'])) {
    $SelectedType = strtoupper($_POST['SelectedType']);
} elseif (isset($_GET['SelectedType'])) {
    $SelectedType = strtoupper($_GET['SelectedType']);
} else {
    $SelectedType = '';
}
if (!isset($_GET['delete']) and (ContainsIllegalCharacters($SelectedType) or strpos($SelectedType, ' ') > 0)) {
    $InputError = 1;
    prnMsg(_('The petty cash tab type contain any of the following characters " \' - & or a space'), 'error');
}
if (isset($_POST['SelectedTab'])) {
    $SelectedTab = strtoupper($_POST['SelectedTab']);
} elseif (isset($_GET['SelectedTab'])) {
    $SelectedTab = strtoupper($_GET['SelectedTab']);
}
if (isset($_POST['Cancel'])) {
    unset($SelectedTab);
    unset($SelectedType);
}
$Errors = array();
$InputError = 0;
$i = 0;
if (isset($_POST['process'])) {
    if ($_POST['SelectedTab'] == '') {
Example #28
0
 $ErrMsg = '';
 $InputError = 0;
 $WarnMsg = '';
 $InputWarn = 0;
 //set the default time zone
 if (!empty($_POST['DefaultTimeZone'])) {
     date_default_timezone_set($_POST['DefaultTimeZone']);
 }
 //Check if the browser has been set properly
 if (!isset($_SESSION['CookieAllowed']) or !($_SESSION['CookieAllowed'] == 1)) {
     $InputError = 1;
     $ErrMsg .= '<p>' . _('Please set Cookies allowed in your web brower, otherwise webERP cannot run properly') . '</p>';
 }
 //Check the situation of php safe mode
 if (!empty($_POST['SafeModeWarning'])) {
     if (!ContainsIllegalCharacters($_POST['SafeModeWarning'])) {
         $InputWarn = 1;
         $WarnMsg .= '<p>' . _($_POST['SafeModeWarning']) . '</p>';
     } else {
         //Something must be wrong since this messages have been defined.
         prnMsg(_('Illegal characters or data has been identified, please see your admistrator for help'), 'error');
         exit;
     }
 }
 //check the php version
 if (empty($_POST['PHPVersion'])) {
     $InputError = 1;
     $ErrMsg .= '<p>' . _('Although webERP should work with PHP version 5.1 onwards, a PHP version greater than 5.2 is strongly recommended') . '</p>';
 }
 //check the directory access authority of rootpath and companies
 if (empty($_POST['ConfigFile'])) {
Example #29
0
     $Errors[$i] = 'LongDescription';
     $i++;
 }
 if ($_POST['StockID'] == $_POST['OldStockID']) {
     $InputError = 1;
     prnMsg(_('The Stock Item code must be unique. Please re-enter a unique Stock Item code.'), 'error');
     $Errors[$i] = 'StockID';
     $i++;
 }
 if (mb_strlen($_POST['StockID']) == 0) {
     $InputError = 1;
     prnMsg(_('The Stock Item code cannot be empty. Please enter a unique Stock Item code.'), 'error');
     $Errors[$i] = 'StockID';
     $i++;
 }
 if (ContainsIllegalCharacters($_POST['StockID']) or mb_strpos($_POST['StockID'], ' ')) {
     $InputError = 1;
     prnMsg(_('The stock item code cannot contain any of the following characters') . " - ' &amp; + \" \\ ." . _('or a space'), 'error');
     $Errors[$i] = 'StockID';
     $i++;
     $_POST['StockID'] = '';
 }
 if (mb_strlen($_POST['Units']) > 20) {
     $InputError = 1;
     prnMsg(_('The unit of measure must be 20 characters or less long'), 'error');
     $Errors[$i] = 'Units';
     $i++;
 }
 if (mb_strlen($_POST['BarCode']) > 20) {
     $InputError = 1;
     prnMsg(_('The barcode must be 20 characters or less long'), 'error');
    $SelectedPaymentID = $_GET['SelectedPaymentID'];
} elseif (isset($_POST['SelectedPaymentID'])) {
    $SelectedPaymentID = $_POST['SelectedPaymentID'];
}
if (isset($Errors)) {
    unset($Errors);
}
$Errors = array();
if (isset($_POST['submit'])) {
    //initialise no input errors assumed initially before we test
    $InputError = 0;
    /* actions to take once the user has clicked the submit button
    	ie the page has called itself with some user input */
    $i = 1;
    //first off validate inputs sensible
    if (ContainsIllegalCharacters($_POST['MethodName'])) {
        $InputError = 1;
        prnMsg(_('The payment method cannot contain illegal characters'), 'error');
        $Errors[$i] = 'MethodName';
        $i++;
    }
    if (trim($_POST['MethodName']) == "") {
        $InputError = 1;
        prnMsg(_('The payment method may not be empty.'), 'error');
        $Errors[$i] = 'MethodName';
        $i++;
    }
    if (isset($_POST['SelectedPaymentID']) and $InputError != 1) {
        /*SelectedPaymentID could also exist if submit had not been clicked this code would not run in this case cos submit is false of course  see the delete code below*/
        // Check the name does not clash
        $sql = "SELECT count(*) FROM paymentmethods\n\t\t\t\tWHERE paymentid <> '" . $SelectedPaymentID . "'\n\t\t\t\tAND paymentname " . LIKE . " '" . $_POST['MethodName'] . "'";