include_once "../../dao/DAOLog.class.php";
$log = new DAOLog($_SESSION["pessoa"], 3, $_SESSION["nivel"], $_SESSION["codigo"], 13, "num ext=\\'" . $tfNumExt . "\\'", "../../", $conexao);
if (!$dao->cadastrar() || !$log->cadastrar()) {
$comitar = false;
}
}
if ($comitar) {
$conexao->commit();
} else {
$conexao->rollback();
}
$_SESSION["numeroExt"] = $tfNumExt;
header("Location: cadAverbacao.php?ave=ok");
die;
}
$ave = antiSQL(isset($_GET["ave"]) ? $_GET["ave"] : NULL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
@import url("../../scripts/css/geral.css");
-->
</style>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/averbacao.js"></script>
<script type="text/javascript" language="javascript">
<!--
}
$comitar = true;
$dao = new DAOAverbacao(NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, "../../", $conexao);
$log = new DAOLog($_SESSION["pessoa"], 7, $_SESSION["nivel"], $_SESSION["codigo"], 12, "id=\\'" . $slEmpRef . "\\'", "../../", $conexao);
if (!$dao->deletar($slAveRef) || !$log->cadastrar()) {
$comitar = false;
}
if ($comitar == true) {
$conexao->commit();
} else {
$conexao->rollback();
}
header("Location: delAverbacao.php?can=ok");
die;
}
$can = antiSQL(isset($_GET["can"]) ? $_GET["can"] : NULL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
@import url("../../scripts/css/geral.css");
-->
</style>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/empresa.js"></script>
</head>
<body>
if ($empDel != NULL) {
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
include_once "../../dao/DAOLog.class.php";
$log = new DAOLog($_SESSION["pessoa"], 5, $_SESSION["nivel"], $_SESSION["codigo"], 2, "id=\\'" . $slEmpRef . "\\'", "../../", $conexao);
include_once "../../dao/DAOEmpresa.class.php";
$dao = new DAOEmpresa(NULL, "../../", $conexao);
if ($dao->deletar($empDel) && $log->cadastrar()) {
$conexao->commit();
} else {
$conexao->rollback();
}
header("Location: delEmpresa.php?del=ok");
die;
}
$del = antiSQL(isset($_GET["del"]) ? $_GET["del"] : NULL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
@import url("../../scripts/css/geral.css");
-->
</style>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/empresa.js"></script>
<script type="text/javascript" language="javascript">
window.onload = function(){
<?php
session_start();
$nivelAcesso = "../../:4";
include_once "../../utils/controladorAcesso.php";
include_once "../../utils/funcoes.php";
$periodo = antiSQL(isset($_POST["slPer"]) ? $_POST["slPer"] : NULL);
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
No banco: <?php
echo $_SESSION["banco_nome"];
?>
<br />
<br />
<table width="623" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="309" height="80" valign="top"><div align="center"><span class="texto2">Relatório analítico geral por periodo em .xls<br />
</span> <img src="../../imagens/xls.png" width="50" height="51" onclick="javascript: window.location = '../relatorioGeralXLS.php?per=<?php
echo $periodo;
?>
';" style="cursor:pointer"/> <br />
Periodo: <?php
<?php
include "config.php";
$login = antiSQL(@$_POST['login']);
$login_ = strtolower($login);
$senha = md5(antiSQL(@$_POST['senha']));
$query = @mysql_query("SELECT * FROM users WHERE login = '******' AND senha = '{$senha}' OR login = '******' AND senha = '{$senha}' ORDER BY id DESC LIMIT 1");
$ct = @mysql_num_rows($query);
if ($ct == 0) {
header("location: login.php?msg=Login / Senha incorretos! ({$ct})");
} else {
setCookie('login', $login);
setCookie('cad', 'true');
header('location: main.php');
}
<?php
session_start();
$nivelAcesso = "../../:2:3:4";
include_once "../../utils/controladorAcesso.php";
include_once "../../utils/funcoes.php";
$key = antiSQL(isset($_GET["key"]) ? $_GET["key"] : NULL);
if ($key != NULL) {
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
include_once "../../dao/DAOBanco.class.php";
include_once "../../beans/Banco.class.php";
$dao = new DAOBanco(NULL, NULL, "../../", $conexao);
$banco = new Banco(NULL, NULL);
$banco = $dao->getBanco($key);
$conexao->commit();
echo '<div id="A">' . $banco->getCodigo() . '</div>';
echo '<div id="B">' . utf8_encode($banco->getDescricao()) . '</div>';
} else {
echo "ERRO!";
}
<?php
session_start();
$toRoot = "../";
include_once $toRoot . "beans/Produto.class.php";
include_once $toRoot . "dao/DAOProduto.class.php";
include_once $toRoot . "utils/ConectarMySQL.class.php";
include_once $toRoot . "utils/funcoes.php";
$valRef = antiSQL(isset($_GET["valRef"]) ? $_GET["valRef"] : NULL);
if ($valRef != NULL) {
$conexao = new ConectarMySql($toRoot);
$bean = new Produto();
$dao = new DAOProduto($bean, $conexao);
$bean = $dao->getProduto($valRef);
$conexao->fechar();
echo '<div id="A">' . $bean->codigo . '</div>';
echo '<div id="B">' . $bean->empCodigo . '</div>';
echo '<div id="C">' . utf8_encode($bean->descricao) . '</div>';
echo '<div id="D">' . utf8_encode($bean->modelo) . '</div>';
echo '<div id="E">' . inverterValor($bean->valorVenda) . '</div>';
} else {
echo "ERRO!";
}
}
header("Location: cadPessoa.php?cad=ok");
die;
} else {
$comitar = false;
}
break;
}
if ($comitar) {
$conexao->commit();
} else {
$conexao->rollback();
}
}
$destino = "cadPessoa.php?tipo=" . $tipo . "&cadastrar=ok";
$cad = antiSQL(isset($_GET["cad"]) ? $_GET["cad"] : NULL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
@import url("../../scripts/css/geral.css");
-->
</style>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/pessoa.js"></script>
<script type="text/javascript" language="javascript">
window.onload = function(){
$servidor = $dao->getServidor($linha["pes_codigo"], "%");
$servidor->setUtilizada($servidor->getUtilizada() - $parcela->getValor());
$servidor->setDisponivel($servidor->getDisponivel() + $parcela->getValor());
$dao->setServidor($servidor);
if (!$dao->alterar($servidor->getPesCodigo() . ":" . $servidor->getMatricula())) {
$comitar = false;
}
if ($comitar == true) {
$conexao->commit();
} else {
$conexao->rollback();
}
header("Location: altAverbacao.php?liq=ok");
die;
}
$liq = antiSQL(isset($_GET["liq"]) ? $_GET["liq"] : NULL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
@import url("../../scripts/css/geral.css");
-->
</style>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/empresa.js"></script>
<script type="text/javascript" language="javascript">
window.onload = function(){
<?php
session_start();
$nivelAcesso = "../../:2:3:4";
include_once "../../utils/controladorAcesso.php";
include_once "../../utils/funcoes.php";
$tipo = antiSQL(isset($_GET["tipo"]) ? $_GET["tipo"] : NULL);
$slTipo = antiSQL(isset($_POST["slTipo"]) ? $_POST["slTipo"] : NULL);
$slPesRef = antiSQL(isset($_POST["slPesRef"]) ? $_POST["slPesRef"] : NULL);
if ($slTipo != NULL && $slPesRef != NULL) {
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
include_once "../../dao/DAOPessoa.class.php";
include_once "../../beans/Pessoa.class.php";
$dao = new DAOPessoa(NULL, NULL, NULL, "../../", $conexao);
$pessoa = new Pessoa(NULL, NULL, NULL, NULL);
$pessoa = $dao->getPessoa($slPesRef);
switch ($slTipo) {
case "admin":
include_once "../../dao/DAOAdministrador.class.php";
$dao = new DAOAdministrador(NULL, NULL, NULL, NULL, NULL, "../../", $conexao);
include_once "../../beans/Administrador.class.php";
$administrador = new Administrador(NULL, NULL, NULL, NULL, NULL, NULL);
$administrador = $dao->getAdministrador("codPes", $pessoa->getCodigo());
break;
case "contato":
include_once "../../dao/DAOBancoPessoa.class.php";
$dao = new DAOBancoPessoa(NULL, NULL, "../../", $conexao);
include_once "../../beans/BancoPessoa.class.php";
$bancoPessoa = new BancoPessoa(NULL, NULL);
$bancoPessoa = $dao->getBancoPessoa($pessoa->getCodigo());
<?php
include "config.php";
$avatar = "../img/icon/avatar.png";
$login = antiSQL(@$_POST['login']);
$login_ = strtolower($login);
$senha = md5(antiSQL(@$_POST['senha']));
$email = antiSQL(@$_POST['email']);
$query = @mysql_query("SELECT * FROM users WHERE login = '******'") or die(mysql_error());
$ct = @mysql_num_rows($query);
if ($ct == 1) {
header("location: cadastro?msg=Usuário Existente! ({$ct})");
die('');
}
$query = "INSERT INTO users(login, senha, email, nuggets, avatar, last) VALUES";
$query .= "('{$login}', '{$senha}', '{$email}', '0', '{$avatar}', '')";
mysql_query($query) or die(mysql_error());
mysql_query("INSERT INTO stats (login, store) VALUES ('{$login}', '0')") or die(mysql_error());
setCookie('login', $login);
setCookie('cad', time());
header('location: main.php');
<?php
session_start();
include_once "../../utils/funcoes.php";
$tfCPF = antiSQL(isset($_POST["tfCPF"]) ? $_POST["tfCPF"] : NULL);
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
No banco: <?php
echo $_SESSION["banco_nome"];
?>
<table width="583" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="242" height="80" valign="bottom"><span class="texto2">Relatório geral em .xls</span> <img src="../../imagens/xls.png" width="50" height="51" onclick="javascript: window.location = '../relatorioGeralXLSCPF.php?cpf=<?php
echo $tfCPF;
?>
';" style="cursor:pointer"/> </td>
<td width="341" valign="bottom"><span class="texto2">Veja o esquema desse arquivo em PDF aqui</span> <img src="../../imagens/pdf.png" width="50" height="77" onclick="javascript: window.location = '../../downloads/esquema-arquivo-xls.pdf';" style="cursor:pointer"/> </td>
</tr>
</table>
<p><br />
Voltar <img src="../../imagens/voltar.gif" width="40" height="35" onclick="javascript: history.back(-1);" style="cursor:pointer"/>
<br />
<?php
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
include_once "../../utils/funcoes.php";
$classe = antiSQL(isset($_GET["classe"]) ? $_GET["classe"] : "%");
switch ($classe) {
case "B":
case "contato":
$sql = "SELECT distinct p.pes_codigo, p.pes_nome FROM pessoas p INNER JOIN bancos_pessoas bp ON p.pes_codigo = bp.pes_codigo ORDER BY pes_nome";
break;
case "A":
case "admin":
$sql = "SELECT * FROM pessoas p INNER JOIN administradores a ON p.pes_codigo = a.pes_codigo ORDER BY pes_nome";
break;
default:
$sql = "SELECT * FROM pessoas ORDER BY pes_nome";
break;
}
$resultado = $conexao->selecionar($sql);
if ($resultado == false) {
die("Não foi possivel realizar a busca!");
}
echo '<option value="---">-----------------------------</option>';
while ($linha = mysqli_fetch_array($resultado)) {
echo '<option value="' . $linha["pes_codigo"] . '">' . utf8_encode($linha["pes_nome"]) . '</option>';
}
<?php
session_start();
$nivelAcesso = "../../:2:3:4";
include_once "../../utils/controladorAcesso.php";
include_once "../../utils/funcoes.php";
$slBancRef = antiSQL(isset($_POST["slBancRef"]) ? $_POST["slBancRef"] : NULL);
if ($slBancRef != NULL) {
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
include_once "../../dao/DAOBanco.class.php";
include_once "../../beans/Banco.class.php";
$dao = new DAOBanco(NULL, NULL, "../../", $conexao);
$banco = new Banco(NULL, NULL);
$banco = $dao->getBanco($slBancRef);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
@import url("../../scripts/css/geral.css");
-->
</style>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/banco.js"></script>
<script type="text/javascript" language="javascript">
window.onload = function(){
<?php
include_once "../../utils/ConectarMySQL.class.php";
include_once "../../utils/funcoes.php";
$status = antiSQL(isset($_GET["status"]) ? $_GET["status"] : NULL);
$conexao = new ConectarMySQL();
$data = date("Y-m-d");
$dataMenor = $data . " 00:00:00";
$dataMaior = $data . "24:59:59";
if ($status == "aberto") {
$resultado = $conexao->selecionar("SELECT ave_numero_externo FROM averbacoes WHERE sta_codigo = 1");
} else {
$resultado = $conexao->selecionar("SELECT ave_numero_externo FROM averbacoes WHERE ave_data_criacao > '" . $dataMenor . "' AND ave_data_criacao < '" . $dataMaior . "'");
}
echo $sql;
if ($resultado == false) {
die("Não foi possivel realizar a busca!");
}
echo '<option value="---">-------------------------------------------------------</option>';
while ($linha = mysqli_fetch_array($resultado)) {
echo '<option value="' . $linha["ave_numero_externo"] . '">' . $linha["ave_numero_externo"] . '</option>';
}
<?php
include_once "../../utils/ConectarMySQL.class.php";
include_once "../../utils/funcoes.php";
$conexao = new ConectarMySQL();
$key = antiSQL(isset($_GET["key"]) ? $_GET["key"] : "%");
$resultado = $conexao->selecionar("SELECT * FROM telefones WHERE pes_codigo=" . $key);
if ($resultado == false) {
die("Não foi possivel realizar a busca!");
}
$contador = 1;
while ($linha = mysqli_fetch_array($resultado)) {
echo '<div id="T' . $contador . '"><div id="tC' . $contador . '">' . $linha["tel_codigo"] . '</div><div id="tPC' . $contador . '">' . $linha["pes_codigo"] . '</div><div id="tN' . $contador . '">' . $linha["tel_numero"] . '</div></div>';
$contador++;
}
$contador--;
echo '<div id="TQuantidade">' . $contador . '</div>';
<?php
include_once "funcoes.php";
$tfNomeUsuario = antiSQL(isset($_POST["tfNomeUsuario"]) ? $_POST["tfNomeUsuario"] : NULL);
$tfSenha = antiSQL(isset($_POST["tfSenha"]) ? $_POST["tfSenha"] : NULL);
if ($tfNomeUsuario != NULL && $tfSenha != NULL) {
include_once "ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
include_once "../dao/DAOAdministrador.class.php";
$daoAdm = new DAOAdministrador(NULL, NULL, NULL, NULL, NULL, "../", $conexao);
$resultado = $daoAdm->pesquisar("nomUsu", $tfNomeUsuario);
while ($linha = mysqli_fetch_array($resultado)) {
if ($tfNomeUsuario == $linha["adm_nome_usuario"] && $tfSenha == decodificar($linha["adm_senha"])) {
session_start();
$_SESSION["codigo"] = $linha["adm_codigo"];
$_SESSION["pessoa"] = $linha["pes_codigo"];
$_SESSION["nivel"] = $linha["niv_codigo"];
$_SESSION["banco"] = $linha["ban_codigo"];
$_SESSION["usuario"] = $linha["adm_nome_usuario"];
$_SESSION["senha"] = $linha["adm_senha"];
$linha = mysqli_fetch_array($conexao->selecionar("SELECT ban_descricao FROM bancos WHERE ban_codigo='" . $linha["ban_codigo"] . "'"));
$_SESSION["banco_nome"] = $linha["ban_descricao"];
include_once "../dao/DAOLog.class.php";
$log = new DAOLog($linha["pes_codigo"], 1, $linha["niv_codigo"], $linha["adm_codigo"], 1, "Realizou log-in no sistema!", "../", $conexao);
$log->cadastrar();
$conexao->commit();
header("Location: ../main.php");
die;
}
}
$conexao->commit();
if ($slVerRef != NULL && $tfVerba != NULL && $slEmpRef != NULL && $slBancRef != NULL && $slProRef != NULL && $tfVerDesc != NULL) {
include_once "../../utils/ConectarMySQL.class.php";
$conexao = new ConectarMySQL();
include_once "../../dao/DAOVerba.class.php";
include_once "../../dao/DAOLog.class.php";
$dao = new DAOVerba($tfVerba, $slEmpRef, $slBancRef, $slProRef, $tfVerDesc, "../../", $conexao);
$log = new DAOLog($_SESSION["pessoa"], 4, $_SESSION["nivel"], $_SESSION["codigo"], 9, "Log id=\\'" . $slVerRef . "\\'", "../../", $conexao);
if ($dao->alterar($slVerRef) && $log->cadastrar()) {
$conexao->commit();
} else {
$conexao->rollback();
}
header("Location: altVerba.php?alt=ok");
die;
}
$alt = antiSQL(isset($_GET["alt"]) ? $_GET["alt"] : NULL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
@import url("../../scripts/css/geral.css");
-->
</style>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/ajax.js"></script>
<script type="text/javascript" language="javascript" src="../../scripts/javascript/verba.js"></script>
<script type="text/javascript" language="javascript">
window.onload = function(){
$toRoot = "../../";
if (!isset($_SESSION["empresa"])) {
header("Location: " . $toRoot . "utils/selecionarEmpresa.php?selecionar=nao");
die;
}
include_once $toRoot . "utils/funcoes.php";
include_once $toRoot . "utils/ConectarMySQL.class.php";
include_once $toRoot . "beans/Solicitacao.class.php";
include_once $toRoot . "beans/Log.class.php";
include_once $toRoot . "dao/DAOSolicitacao.class.php";
include_once $toRoot . "dao/DAOLog.class.php";
$conexao = new ConectarMySql($toRoot);
$valRef = antiSQL(isset($_GET["valRef"]) ? $_GET["valRef"] : NULL);
$alterar = isset($_GET["alterar"]) ? $_GET["alterar"] : NULL;
if ($valRef == NULL) {
$valRef = antiSQL($_POST["valRef"]);
}
if ($alterar == "sim") {
foreach ($_POST as $nomeCampo => $valor) {
$comando = "\$" . $nomeCampo . "= antiSQL(isset(\$_POST['{$nomeCampo}']) ? '" . $valor . "' : NULL);";
eval($comando);
}
$solicitacao = new Solicitacao();
$daoSolicitacao = new DAOSolicitacao($solicitacao, $conexao);
$daoSolicitacao->getSolicitacao($valRef);
$solicitacao->valorPago = $tfVal2;
if ($solicitacao->valor == $tfVal2) {
$solicitacao->staCodigo = 2;
} else {
$solicitacao->staCodigo = 3;
}
