public static function search_query($keyword = '', $category = '')
{
if (isset($_GET)) {
$keyword_clean = mysqli_real_escape_string(db_connect(), $keyword);
$category_clean = mysqli_real_escape_string(db_connect(), $category);
if ($category_clean === 'post') {
$search_results = db_select("SELECT * FROM post WHERE title LIKE '%" . $keyword_clean . "%' OR body LIKE '%" . $keyword_clean . "%'");
} elseif ($category_clean === 'category') {
$search_results = db_select("SELECT * FROM category WHERE title LIKE '%" . $keyword_clean . "%' OR description LIKE '%" . $keyword_clean . "%'");
} elseif ($category_clean === 'page') {
$search_results = db_select("SELECT * FROM page WHERE title LIKE '%" . $keyword_clean . "%' OR body LIKE '%" . $keyword_clean . "%'");
} elseif ($category_clean === 'upload') {
$search_results = db_select("SELECT * FROM upload WHERE filename LIKE '%" . $keyword_clean . "%' OR filetype LIKE '%" . $keyword_clean . "%' OR filepath LIKE '%" . $keyword_clean . "%'");
} elseif ($category_clean === 'user') {
$search_results = db_select("SELECT * FROM user WHERE username LIKE '%" . $keyword_clean . "%'");
} else {
// ALL
$search = new Search();
$search_results = $search->searchAllDB($keyword_clean);
//print_r($search_results);
}
} else {
$search_results = '';
$flash = new Flash();
$flash->flash('flash_message', 'No keyword entered!', 'danger');
}
return $search_results;
}
function display_search_result_by_name($search_key)
{
// query database for the books in a category
if (!$search_key || $search_key == '') {
return false;
}
$conn = db_connect();
$query = "select * from food;";
$result = @$conn->query($query);
if (!$result) {
echo "Error: Can't execute query about food";
return false;
}
$num = @$result->num_rows;
if ($num == 0) {
return false;
}
$is_search_mached = false;
while ($row = $result->fetch_assoc()) {
if (strpos($row['name'], $search_key) !== false) {
echo "<div class=\"col-xs-12 col-sm-6 col-md-4\">\n\t\t\t\t\t <div class=\"thumbnail\">\n\t\t\t\t\t <a href=\"food_details.php?food_id=" . $row['food_id'] . "\"><img src=\"img/" . $row['food_id'] . ".jpg\" alt=\"...\"></a>\n\t\t\t\t\t\t<div class=\"caption\">\n\t\t\t\t\t\t <h3><b>Name: </b>" . $row['name'] . "</h3>\n\t\t\t\t\t\t <p><b>Description: </b>" . $row['description'] . "</p>\n\t\t\t\t\t\t <p>\n\t\t\t\t\t\t <a href=\"food_details.php?food_id=" . $row['food_id'] . "\" class=\"btn btn-primary\" role=\"button\">View Details</a>\t\t\t\t \t\t\t \n\t\t\t\t\t\t </p>\n\t\t\t\t\t </div>\n\t\t\t\t\t </div>\n\t\t\t\t\t</div>";
$is_search_mached = true;
}
}
if (!$is_search_mached) {
echo '<div class="form-group" id="success_message">
<div class="col-sm-offset-2 col-sm-8">
<div class="alert alert-danger">
<h3> No results!</h3>
</div>
</div>
</div>';
}
}
function getArtist($counter)
{
global $artistList;
$limit_start = $counter;
$limit_stop = $counter + 20;
$conn = db_connect();
$conn->set_charset("utf8");
// ๆๅฎๆฐๆฎๅบๅญ็ฌฆ็ผ็
$result = $conn->query("select artist.id, artist.name, artist.avatar, company.name as company, artist.comments_number, artist.score from decoration_artist as artist, decoration_company as company WHERE artist.company = company.id LIMIT {$limit_start}, {$limit_stop} ");
if (!$result) {
throw new Exception('Search user score failed.');
}
$num_result = $result->num_rows;
$artistList['total'] = $num_result;
//ๆฐๆฎๅบๆฅ่ฏขๅบๆฅ็ๅญๆฎตๅ
จ้จๆฏๅญ็ฌฆไธฒ๏ผๅฆๅคjsonๅฎไน่ทๆฐๆฎๅบๅฎไนๅฏ่ฝไธไธ่ด๏ผๆไปฅ้่ฆๅ็ธๅบๅฐ่ฝฌๆข
for ($i = 0; $i < $num_result; $i++) {
$row_db = $result->fetch_assoc();
$converted_row = array();
//ไฟๅญ่ฝฌๆขๅ็ๅๆก่ฎฐๅฝ
$converted_row['id'] = intval(stripslashes($row_db['id']));
$converted_row['name'] = stripslashes($row_db['name']);
$converted_row['avatar'] = stripslashes($row_db['avatar']);
$converted_row['company'] = stripslashes($row_db['company']);
$converted_row['comments'] = intval(stripslashes($row_db['comments_number']));
$converted_row['score'] = intval(stripslashes($row_db['score']));
$artistList["row"][$i] = $converted_row;
}
$result->free();
$conn->close();
return json_encode($artistList);
}
function printGrp()
{
# Set up table to display in
$printGrp = "\r\n <h3>Asset Groups</h3>\r\n <table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\r\n <tr><th>Group</th><th>Cost Account</th><th>Accumulated Depreciation Account</th><th>Depreciation Account</th><th colspan=2>Options</th></tr>";
# connect to database
db_connect();
# Query server
$i = 0;
$sql = "SELECT * FROM assetgrp WHERE div = '" . USER_DIV . "' ORDER BY grpname ASC";
$GrpRslt = db_exec($sql) or errDie("Unable to retrieve Asset Groups from database.");
if (pg_numrows($GrpRslt) < 1) {
return "\r\n\t\t\t\t<li> There are no Assets Groups in Cubit.</li><br>" . mkQuickLinks(ql("assetgrp-new.php", "Add Asset Group"), ql("assetgrp-view.php", "View Asset Groups"));
}
while ($Grp = pg_fetch_array($GrpRslt)) {
# get ledger account name(cost)
core_connect();
$sql = "SELECT accname FROM accounts WHERE accid = '{$Grp['costacc']}' AND div = '" . USER_DIV . "'";
$accRslt = db_exec($sql);
$acccost = pg_fetch_array($accRslt);
# get ledger account name(accum dep)
$sql = "SELECT accname FROM accounts WHERE accid = '{$Grp['accdacc']}' AND div = '" . USER_DIV . "'";
$accRslt = db_exec($sql);
$acdacc = pg_fetch_array($accRslt);
# get ledger account name(dep)
$sql = "SELECT accname FROM accounts WHERE accid = '{$Grp['depacc']}' AND div = '" . USER_DIV . "'";
$accRslt = db_exec($sql);
$accdep = pg_fetch_array($accRslt);
# alternate bgcolor
$printGrp .= "<tr class='" . bg_class() . "'><td>{$Grp['grpname']}</td><td>{$acccost['accname']}</td><td>{$acdacc['accname']}</td><td>{$accdep['accname']}</td><td><a href='assetgrp-edit.php?grpid={$Grp['grpid']}'>Edit</a></td>";
$printGrp .= "<td><a href='assetgrp-rem.php?grpid={$Grp['grpid']}'>Remove</a></td></tr>";
$i++;
}
$printGrp .= "</table>\r\n <p>\r\n\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width=15%>\r\n <tr><td><br></td></tr>\r\n <tr><th>Quick Links</th></tr>\r\n\t\t<tr class='bg-odd'><td><a href='assetgrp-new.php'>Add Asset Group</a></td></tr>\r\n\t\t<script>document.write(getQuicklinkSpecial());</script>\r\n\t</table>";
return $printGrp;
}
function write_details($_POST)
{
extract($_POST);
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($branch_ip, "url", 1, 50, "Invalid Branch IP.");
$v->isOk($branch_company, "url", 4, 4, "Invalid Branch Company Code.");
$v->isOk($branch_username, "string", 1, 50, "Invalid Branch Username.");
// $v->isOk ($branch_password, "url", 1, 50, "Invalid Branch Password.");
// $v->isOk ($branch_passwordconfirm, "url", 1, 50, "Invalid Branch Password.");
// $v->isOk ($branch_ip, "url", 1, 50, "Invalid Branch IP.");
if ($branch_password != $branch_passwordconfirm) {
$v->addError($branch_password, "Passwords do not match.");
}
# display errors, if any
if ($v->isError()) {
$confirmCust = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$confirmCust .= "<li class='err'>" . $e["msg"] . "</li>";
}
return get_details($_POST, $confirmCust);
}
db_connect();
$add_sql = "\n\t\tINSERT INTO branches_data (\n\t\t\tbranch_name, branch_desc, branch_contact, branch_ip, \n\t\t\tdate_added, last_online, branch_username, branch_password, \n\t\t\tlast_login_from, branch_localuser, branch_company\n\t\t) VALUES (\n\t\t\t'{$branch_name}', '{$branch_desc}', '{$branch_contact}', '{$branch_ip}', \n\t\t\t'now', '1990-01-01', '{$branch_username}', md5('{$branch_password}'), \n\t\t\t'1990-01-01', '{$branch_localuser}', '{$branch_company}'\n\t\t)";
$run_add = pg_exec($add_sql) or errDie("Unable to add branch information.");
$display = "\n\t\t\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<th>Branch Added</th>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t\t\t<td>Branch Has Been Added.</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t";
return $display;
}
function create_backup_sql($file)
{
$line_count = 0;
$db_connection = db_connect();
mysql_select_db(db_name()) or exit;
$tables = mysql_list_tables(db_name());
$sql_string = NULL;
while ($table = mysql_fetch_array($tables)) {
$table_name = $table[0];
$sql_string = "DELETE FROM {$table_name}";
$table_query = mysql_query("SELECT * FROM `{$table_name}`");
$num_fields = mysql_num_fields($table_query);
while ($fetch_row = mysql_fetch_array($table_query)) {
$sql_string .= "INSERT INTO {$table_name} VALUES(";
$first = TRUE;
for ($field_count = 1; $field_count <= $num_fields; $field_count++) {
if (TRUE == $first) {
$sql_string .= "'" . mysql_real_escape_string($fetch_row[$field_count - 1]) . "'";
$first = FALSE;
} else {
$sql_string .= ", '" . mysql_real_escape_string($fetch_row[$field_count - 1]) . "'";
}
}
$sql_string .= ");";
if ($sql_string != "") {
$line_count = write_backup_sql($file, $sql_string, $line_count);
}
$sql_string = NULL;
}
}
return $line_count;
}
function fill_with_random_data()
{
$gen = new LoremIpsumGenerator('lorem.txt');
$iterations = 10;
$rows_per_iteration = 10000;
$connection = db_connect();
while ($iterations--) {
$query = "INSERT INTO goods (`name`, `description`, `price`, `imgurl`) VALUES ";
for ($i = 0; $i < $rows_per_iteration; $i++) {
$item = [];
$item['name'] = ucfirst(trim($gen->get_sentence()));
$item['description'] = trim($gen->get_paragraph());
$item['price'] = rand(1, 10000000) / 100;
$item['imgurl'] = get_random_img_name();
$query .= "('{$item['name']}', '{$item['description']}', '{$item['price']}', '{$item['imgurl']}')";
if ($i + 1 != $rows_per_iteration) {
$query .= ",";
}
}
$result = mysqli_query($connection, $query);
if (!$result) {
die('query error: ' . mysqli_error($connection));
}
}
}
function confirm($catid)
{
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($catid, "num", 1, 50, "Invalid stock category id.");
# display errors, if any
if ($v->isError()) {
$confirm = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$confirm .= "<li class=err>-" . $e["msg"] . "<br>";
}
return $confirm;
}
# Select Stock
db_connect();
$sql = "SELECT * FROM stockcat WHERE catid = '{$catid}' AND div = '" . USER_DIV . "'";
$catRslt = db_exec($sql) or errDie("Unable to access databse.", SELF);
if (pg_numrows($catRslt) < 1) {
return "<li> Invalid Stock ID.";
} else {
$cat = pg_fetch_array($catRslt);
}
# get stock vars
foreach ($cat as $key => $value) {
${$key} = $value;
}
// Layout
$confirm = "<h3>Stock Category</h3>\n\t\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\n\t\t\t<tr><th width=40%>Field</th><th width=60%>Value</th></tr>\n\t\t\t<tr class='bg-odd'><td>Category Code</td><td>{$catcod}</td></tr>\n\t\t\t<tr class='bg-even'><td>Category Name</td></td><td>{$cat}</td></tr>\n\t\t\t<tr class='bg-odd'><td valign=top>Description</td><td><pre>{$descript}</pre></td></tr>\n\t\t</table>\n\t\t<p>\n\t\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width=100>\n\t\t\t<tr><th>Quick Links</th></tr>\n\t\t\t<tr class='bg-odd'><td><a href='stockcat-edit.php?catid={$catid}'>Edit</a></td></tr>\n\t\t\t<tr class='bg-even'><td><a href='stockcat-view.php'>View Stock Category</a></td></tr>\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t</table>";
return $confirm;
}
function display_duck_blinds()
{
$dbinfo = initialize_db_info();
#report_database_settings($dbinfo);
try {
$db_link = db_connect($dbinfo);
db_select($db_link, $dbinfo);
} catch (Exception $e) {
echo report_exception("Database Connection", $e);
echo report_database_settings($dbinfo);
}
$sql = generate_blind_list_sql();
$result_rows = mysql_query($sql, $db_link);
if (!$result_rows) {
echo $sql;
$message = 'Invalid query: ' . mysql_error() . "\n";
echo $message;
throw new Exception('No Results.');
}
echo '<table>';
while ($row = mysql_fetch_array($result_rows, MYSQL_ASSOC)) {
//echo generate_blind_row($row);
}
echo '</table>';
}
function get_cate_post($id)
{
$db = db_connect();
$query = "select * from entries where category=" . $id;
$result = $db->query($query);
return $result;
}
function _valid_db($name, $pass, $admin_auser = 0)
{
$name = strtolower($name);
global $dbhost, $dbuser, $dbpass, $dbdb;
db_connect($dbhost, $dbuser, $dbpass, $dbdb);
$query = "SELECT * FROM user WHERE user_uname='" . addslashes($name) . "'" . ($admin_auser ? "" : " AND user_pass='******' AND user_authtype='db'");
$r = db_query($query);
// $a = db_fetch_assoc($r);
// if (db_num_rows($r) && $a['pass'] == $pass) {
if (db_num_rows($r)) {
$a = db_fetch_assoc($r);
$x = array();
// array for returned info
$x[fullname] = $a[user_fname];
$x[user] = $name;
$x[pass] = $pass;
$x[email] = $a[user_email];
$x[type] = $a[user_type];
$x[method] = 'db';
$x[id] = $a[user_id];
return $x;
}
/*else {
$query = "select * from users where email='$name' and pass='******' and status='open'";
$r = db_query($query);
if (db_num_rows($r)) {
$logmethod = "open";
return $r;
}
}*/
return 0;
}
function show_branches($active_search = FALSE)
{
db_connect();
$get_branches = "SELECT * FROM branches_data ORDER BY branch_name";
$run_branches = db_exec($get_branches) or errDie("Unable to get branch information.");
if (pg_numrows($run_branches) < 1) {
$listing = "\n\t\t\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t\t\t<td colspan='7'>No Branches Found.</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t";
} else {
$listing = "";
while ($barr = pg_fetch_array($run_branches)) {
if ($active_search == FALSE) {
$status = "Unknown";
} else {
if ($connect_test = @fsockopen("{$barr['branch_ip']}", 80, $errno, $errstr, 4)) {
#online ...
$status = "Online";
} else {
$status = "Offline";
}
}
$get_username = "******";
$run_username = db_exec($get_username) or errDie("Unable to get user information.");
if (pg_numrows($run_username) < 1) {
}
$listing .= "\n\t\t\t\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t\t\t\t<td>{$barr['branch_name']}</td>\n\t\t\t\t\t\t\t\t<td>" . nl2br($barr['branch_desc']) . "</td>\n\t\t\t\t\t\t\t\t<td>{$barr['branch_username']}</td>\n\t\t\t\t\t\t\t\t<td>{$barr['branch_contact']}</td>\n\t\t\t\t\t\t\t\t<td></td>\n\t\t\t\t\t\t\t\t<td>{$barr['branch_ip']}</td>\n\t\t\t\t\t\t\t\t<td>{$status}</td>\n\t\t\t\t\t\t\t\t<td><a href='branches-rem.php?bid={$barr['id']}'>Remove</a></td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t";
}
}
$display = "\n\t\t\t\t\t<h3>Current Branches on Cubit</h3>\n\t\t\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t\t<form action='" . SELF . "' method='POST'>\n\t\t\t\t\t\t<input type='hidden' name='key' value='confirm'>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<th>Branch Name</th>\n\t\t\t\t\t\t\t<th>Branch Description</th>\n\t\t\t\t\t\t\t<th>Branch Username</th>\n\t\t\t\t\t\t\t<th>Branch Contact</th>\n\t\t\t\t\t\t\t<th>Local Username</th>\n\t\t\t\t\t\t\t<th>Branch IP</th>\n\t\t\t\t\t\t\t<th>Status</th>\n\t\t\t\t\t\t\t<th>Remove</th>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t{$listing}\n\t\t\t\t\t\t<tr><td><br></td></tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><input type='submit' value='Update Status'></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</form>\n\t\t\t\t\t</table>\n\t\t\t\t";
return $display;
}
function printDep()
{
# Set up table to display in
$printDep = "\n\t\t<h3>View Employee Departments</h3>\n\t\t<table " . TMPL_tblDflts . ">\n\t\t\t<tr>\n\t\t\t\t<th>Department</th>\n\t\t\t\t<th colspan='2'>Options</th>\n\t\t\t</tr>";
# connect to database
db_connect();
# Query server
$i = 0;
$sql = "SELECT * FROM departments ORDER BY department ASC";
$depRslt = db_exec($sql) or errDie("Unable to retrieve employee departments from database.");
if (pg_numrows($depRslt) < 1) {
return "<li>There are no employee departments in Cubit.</li>";
}
while ($dep = pg_fetch_array($depRslt)) {
$printDep .= "\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td align='center'>{$dep['department']}</td>\n\t\t\t\t<td><a href='empdepartment-edit.php?id={$dep['id']}'>Edit</a></td>";
$sql = "SELECT * FROM employees WHERE department='{$dep['id']}'";
$depRslt = db_exec($sql) or ereDie("Unable to retrieve employee departments from database.");
if (pg_numrows($depRslt) < 1) {
$printDep .= "<td><a href='empdepartment-rem.php?id={$dep['id']}'>Remove</a></td></tr>";
} else {
$printDep .= "</tr>";
}
$i++;
}
$printDep .= "\n\t\t</table>\n\t\t<p>\n\t\t<table " . TMPL_tblDflts . " width='15%'>\n\t\t\t<tr><td><br></td></tr>\n\t\t\t<tr>\n\t\t\t\t<th>Quick Links</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td><a href='empdepartment-add.php'>Add Employee Department</a></td>\n\t\t\t</tr>\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t</table>";
return $printDep;
}
function transform($x, $y, $oldEPSG, $newEPSG)
{
if (is_null($x) || !is_numeric($x) || is_null($y) || !is_numeric($y) || is_null($oldEPSG) || !is_numeric($oldEPSG) || is_null($newEPSG) || !is_numeric($newEPSG)) {
return null;
}
if (SYS_DBTYPE == 'pgsql') {
$con = db_connect(DBSERVER, OWNER, PW);
$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as minx";
$resMinx = db_query($sqlMinx);
$minx = floatval(db_result($resMinx, 0, "minx"));
$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as miny";
$resMiny = db_query($sqlMiny);
$miny = floatval(db_result($resMiny, 0, "miny"));
} else {
$con_string = "host=" . GEOS_DBSERVER . " port=" . GEOS_PORT . " dbname=" . GEOS_DB . "user="******"password="******"Error while connecting database");
/*
* @security_patch sqli done
*/
$sqlMinx = "SELECT X(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as minx";
$resMinx = pg_query($con, $sqlMinx);
$minx = floatval(pg_fetch_result($resMinx, 0, "minx"));
$sqlMiny = "SELECT Y(transform(GeometryFromText('POINT(" . pg_escape_string($x) . " " . pg_escape_string($y) . ")'," . pg_escape_string($oldEPSG) . ")," . pg_escape_string($newEPSG) . ")) as miny";
$resMiny = pg_query($con, $sqlMiny);
$miny = floatval(pg_fetch_result($resMiny, 0, "miny"));
}
return array("x" => $minx, "y" => $miny);
}
function render_tag_page($tag_name, $page)
{
$start = (intval($page) - 1) * 20;
$html = render_header($tag_name, "", true);
$html .= "<div class=\"bg_menu_wrapper\">\n" . "<ul class=\"bg_menu\">\n" . "<li><a href=\"/explore/firehose\" title=\"Firehose\">Firehose</a></li>\n" . "<li><a href=\"/explore/popular\" title=\"Popular\">Popular</a></li>\n" . "<li class=\"selected\"><a href=\"/explore/tags\" title=\"Tags\">Tags</a></li>\n" . "<li><a href=\"/explore/directory\" title=\"Directory\">Directory</a></li>\n" . "<li><a href=\"/explore/suggested\" title=\"Suggested Users\">Suggested</a></li>\n" . "<li><a href=\"/explore/search\" title=\"Search\">Search</a></li>\n" . "</ul>\n" . "<div class=\"clear\"></div>\n" . "</div>\n";
$mysqli = db_connect();
$sql = "";
$sql_count = "";
if (isset($_SESSION["user_id"])) {
$sql = "SELECT DISTINCT Posts.*,Users.Username,Users.Avatar,Likes.Id AS LikeId FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " INNER JOIN PostTags ON Posts.Id=PostTags.PostId" . " INNER JOIN Tags ON PostTags.TagId=Tags.Id" . " LEFT OUTER JOIN Likes ON Likes.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Likes.PostId=Posts.Id" . " LEFT OUTER JOIN Friends FriendsA ON Posts.UserId=FriendsA.UserId" . " WHERE" . " ((FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Tags.Name='" . $mysqli->real_escape_string($tag_name) . "'" . " ORDER BY Created DESC LIMIT " . $mysqli->real_escape_string($start) . ",20";
$sql_count = "SELECT COUNT(DISTINCT Posts.Id) AS NumPosts FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " INNER JOIN PostTags ON Posts.Id=PostTags.PostId" . " INNER JOIN Tags ON PostTags.TagId=Tags.Id" . " LEFT OUTER JOIN Friends FriendsA ON Posts.UserId=FriendsA.UserId" . " WHERE" . " ((FriendsA.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Tags.Name='" . $mysqli->real_escape_string($tag_name) . "'";
} else {
$sql = "SELECT DISTINCT Posts.*,Users.Username,Users.Avatar FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " INNER JOIN PostTags ON Posts.Id=PostTags.PostId" . " INNER JOIN Tags ON PostTags.TagId=Tags.Id" . " WHERE" . " Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Tags.Name='" . $mysqli->real_escape_string($tag_name) . "'" . " ORDER BY Created DESC LIMIT " . $mysqli->real_escape_string($start) . ",20";
$sql_count = "SELECT COUNT(DISTINCT Posts.Id) AS NumPosts FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " INNER JOIN PostTags ON Posts.Id=PostTags.PostId" . " INNER JOIN Tags ON PostTags.TagId=Tags.Id" . " WHERE" . " Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " AND Tags.Name='" . $mysqli->real_escape_string($tag_name) . "'";
}
// fetch count for pagination
$count_result = $mysqli->query($sql_count);
$count_row = $count_result->fetch_assoc();
$count = $count_row["NumPosts"];
$post_result = $mysqli->query($sql);
$html .= "<div id=\"header\"><h1>Posts tagged ‘<span>" . $tag_name . "</span>’</h1></div>\n";
$html .= render_posts($mysqli, $post_result);
$html .= render_pagination("explore/tag/" . $tag_name, $page, $count, 20);
$html .= render_display_controls();
$html .= render_footer();
return $html;
}
function printInv()
{
# Set up table to display in
$printQuo = "\n\t\t\t\t\t<h3>View previous POS Quotes</h3>\n\t\t\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t\t<form action='" . SELF . "' method='POST'>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<th>Department</th>\n\t\t\t\t\t\t\t<th>Sales Person</th>\n\t\t\t\t\t\t\t<th>Quote No.</th>\n\t\t\t\t\t\t\t<th>Quote Date</th>\n\t\t\t\t\t\t\t<th>Customer Name</th>\n\t\t\t\t\t\t\t<th>Order No</th>\n\t\t\t\t\t\t\t<th>Grand Total</th>\n\t\t\t\t\t\t\t<th colspan='6'>Options</th>\n\t\t\t\t\t\t\t<th>Email</th>\n\t\t\t\t\t\t</tr>";
# connect to database
db_connect();
# Query server
$i = 0;
$sql = "SELECT * FROM pos_quotes WHERE accepted != 'c' AND done = 'y' AND div = '" . USER_DIV . "' ORDER BY quoid DESC";
$quoRslt = db_exec($sql) or errDie("Unable to retrieve quotes from database.");
if (pg_numrows($quoRslt) < 1) {
$printQuo = "<li>No previous quotes.</li>";
} else {
while ($quo = pg_fetch_array($quoRslt)) {
# format date
$quo['odate'] = explode("-", $quo['odate']);
$quo['odate'] = $quo['odate'][2] . "-" . $quo['odate'][1] . "-" . $quo['odate'][0];
$printQuo .= "\n\t\t\t\t\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t\t\t\t\t<td>{$quo['deptname']}</td>\n\t\t\t\t\t\t\t\t\t<td>{$quo['salespn']}</td>\n\t\t\t\t\t\t\t\t\t<td>{$quo['quoid']}</td>\n\t\t\t\t\t\t\t\t\t<td align='center'>{$quo['odate']}</td>\n\t\t\t\t\t\t\t\t\t<td>{$quo['cusname']} {$quo['surname']}</td>\n\t\t\t\t\t\t\t\t\t<td align=right>{$quo['ordno']}</td>\n\t\t\t\t\t\t\t\t\t<td>" . CUR . " {$quo['total']}</td>\n\t\t\t\t\t\t\t\t\t<td><a href='pos-quote-details.php?quoid={$quo['quoid']}'>Details</a></td>";
if ($quo['accepted'] == 'n') {
$printQuo .= "\n\t\t\t\t\t\t\t\t\t<td><a href='pos-quote-new.php?quoid={$quo['quoid']}&cont=true&done='>Edit</a></td>\n\t\t\t\t\t\t\t\t\t<td><a href='pos-quote-cancel.php?quoid={$quo['quoid']}'>Cancel</a></td>\n\t\t\t\t\t\t\t\t\t<td><a href='pos-quote-accept.php?quoid={$quo['quoid']}'>Accept</a></td>\n\t\t\t\t\t\t\t\t\t<td><a href='pos-quote-print.php?quoid={$quo['quoid']}' target='_blank'>Print</a></td>\n\t\t\t\t\t\t\t\t\t<td><a href='pdf/pos-quote-pdf-print.php?quoid={$quo['quoid']}' target='_blank'>Print in PDF</a></td>\n\t\t\t\t\t\t\t\t\t<td><input type='checkbox' name='evs[]' value='{$quo['quoid']}'></td>\n\t\t\t\t\t\t\t\t</tr>";
} else {
$printQuo .= "\n\t\t\t\t\t\t\t\t\t<td colspan='3'>Accepted</td>\n\t\t\t\t\t\t\t\t\t<td><a href='pos-quote-print.php?quoid={$quo['quoid']}' target='_blank'>Print</a></td>\n\t\t\t\t\t\t\t\t\t<td><a href='pdf/pos-quote-pdf-print.php?quoid={$quo['quoid']}' target='_blank'>Print in PDF</a></td>\n\t\t\t\t\t\t\t\t\t<td><input type='checkbox' name='evs[]' value='{$quo['quoid']}'></td>\n\t\t\t\t\t\t\t\t</tr>";
}
$i++;
}
$printQuo .= "\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td colspan='14' align='right'><input type='submit' name='key' value='Send Emails'></td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t";
}
// Layout
$printQuo .= "\n\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t<p>\n\t\t\t\t\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t\t\t\t\t<tr><td><br></td></tr>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<th>Quick Links</th>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t<tr class='datacell'>\n\t\t\t\t\t\t\t\t\t<td align='center'><a href='pos-quote-new.php'>New POS Quote</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t<tr class='datacell'>\n\t\t\t\t\t\t\t\t\t<td align='center'><a href='main.php'>Main Menu</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>";
return $printQuo;
}
public function start()
{
$t1 = microtime(true);
$db = db_connect(DBHOST, DBUSER, DBPASS, DBNAME);
$sdb = db_connect('localhost:9306', '', '', 'rtindex');
$total_urls = count($this->urls);
for ($i = 0; $i < $total_urls; $i++) {
unset($res);
file_put_contents('status.txt', 'Limetorrents::...' . $this->urls[$i]);
$res = gethtml($this->urls[$i]);
if (strstr($this->urls[$i], 'Movies')) {
$category = 'movies';
} elseif (strstr($this->urls[$i], 'TV')) {
$category = 'tv';
} elseif (strstr($this->urls[$i], 'Music')) {
$category = 'music';
} elseif (strstr($this->urls[$i], 'Games')) {
$category = 'games';
} elseif (strstr($this->urls[$i], 'Applications')) {
$category = 'software';
} elseif (strstr($this->urls[$i], 'Anime')) {
$category = 'anime';
} else {
$category = 'other';
}
$type = Rivr::getType($category);
$this->index($res, $type, $db, $sdb);
}
$time = microtime(true) - $t1;
$db->query("INSERT INTO crawls SET source_id = '{$this->source_id}', added_torrents = '{$this->added}', updated_torrents = '{$this->updated}', time = '{$time}';");
return array($this->added, $this->updated);
}
function show_image($_POST)
{
extract($_POST);
if (!isset($picid)) {
return "";
}
db_connect();
$get_img = "SELECT type,ident_id FROM display_images WHERE id = '{$picid}' LIMIT 1";
$run_img = db_exec($get_img) or errDie("Unable to get image information.");
if (pg_numrows($run_img) < 1) {
#image not found ??
$previous = "";
$next = "";
} else {
$arr = pg_fetch_array($run_img);
$previous = "";
$next = "";
#check for any additional images for this member
#get prev button
$get_other = "SELECT id FROM display_images WHERE type = '{$arr['type']}' AND ident_id = '{$arr['ident_id']}' AND id < '{$picid}' ORDER BY id desc LIMIT 1";
$run_other = db_exec($get_other) or errDie("Unable to get images information.");
if (pg_numrows($run_other) > 0) {
$previous = "<input type='button' onCLick=\"document.location='view_image.php?picid=" . pg_fetch_result($run_other, 0, 0) . "'\" value='Previous'>";
}
$get_other = "SELECT id FROM display_images WHERE type = '{$arr['type']}' AND ident_id = '{$arr['ident_id']}' AND id > '{$picid}' LIMIT 1";
$run_other = db_exec($get_other) or errDie("Unable to get images information.");
if (pg_numrows($run_other) > 0) {
$next = "<input type='button' onCLick=\"document.location='view_image.php?picid=" . pg_fetch_result($run_other, 0, 0) . "'\" value='Next'>";
}
}
$buttons = "<tr height='20%' valign='bottom'><td width='40%' align='right'>{$previous}</td><td>{$next}</td></tr>";
$display = "\n\t\t\t\t\t<table " . TMPL_tblDflts . " height='95%' width='100%'>\n\t\t\t\t\t\t<tr height='80%'>\n\t\t\t\t\t\t\t<td colspan='2'><img src='show_dimg.php?picid={$picid}' width='160' height='185' border='1'></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t{$buttons}\n\t\t\t\t\t</table>\n\t\t\t\t";
return $display;
}
function select($_POST)
{
# get vars
foreach ($_POST as $key => $value) {
${$key} = $value;
}
# Set uppercase
$ALPHA = strtoupper($alpha);
# Connect to database
db_connect();
# Query server for customer info
$sql = "SELECT * FROM customers WHERE cusname LIKE '{$alpha}%' OR cusname LIKE '{$ALPHA}%' ORDER BY cusname";
$prnCustRslt = db_exec($sql) or errDie("Unable to view customers");
$numrows = pg_numrows($prnCustRslt);
if ($numrows < 1) {
return "<li class=err>No customer names starting with <b>{$ALPHA}</b> in database.";
}
$select = "<h4>Select a customer</h4>\r\n\t\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width='50%'>\r\n\t\t<tr><th>Customer no.</th><th>Customer name</th></tr>";
// display customers to choose from
for ($i = 0; $i < $numrows; $i++) {
$myCust = pg_fetch_array($prnCustRslt);
$select .= "<tr class='" . bg_class() . "'><td align=center>{$myCust['cusnum']}</td><td align=center><a href='quote-new.php?cusnum={$myCust['cusnum']}'>{$myCust['cusname']}</a></td></tr>";
}
$select .= "</table>\r\n\t\t<p>\r\n\t\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width=100>\r\n\t\t\t<tr><th>Quick Links</th></tr>\r\n\t\t\t<tr bgcolor='#88BBFF'><td><a href='customers-new.php'>New Customer</a></td></tr>\r\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\r\n\t\t\t<tr bgcolor='#88BBFF'><td><a href='main.php'>Main Menu</a></td></tr>\r\n\t\t</table>";
return $select;
}
function do_search()
{
global $_POST;
extract($_POST);
db_connect();
$search_sql = "SELECT * FROM training WHERE course_name LIKE '%{$search_string}%' OR other_details LIKE '%{$search_string}%' LIMIT 25";
$run_search = db_exec($search_sql);
if (pg_numrows($run_search) < 1) {
$results = "";
} else {
$results = "";
$i = 0;
while ($tarr = pg_fetch_array($run_search)) {
$empval = $tarr['empnum'];
$tarr['empnum'] = $empval + 0;
#get this employee name
$get_emp = "SELECT fnames,sname FROM employees WHERE empnum = '{$tarr['empnum']}' LIMIT 1";
$run_emp = db_exec($get_emp);
if (pg_numrows($run_emp) < 1) {
$employee_name = "Unknown";
} else {
$earr = pg_fetch_array($run_emp);
$employee_name = "{$earr['fnames']} {$earr['sname']}";
}
$results .= "\n\t\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t\t<td>{$employee_name}</td>\n\t\t\t\t\t\t<td>{$tarr['course_name']}</td>\n\t\t\t\t\t\t<td>{$tarr['date_date']}</td>\n\t\t\t\t\t\t<td>{$tarr['commence_date']}</td>\n\t\t\t\t\t\t<td>{$tarr['completed_date']}</td>\n\t\t\t\t\t\t<td>{$tarr['competent_date']}</td>\n\t\t\t\t\t\t<td>" . nl2br($tarr['other_details']) . "</td>\n\t\t\t\t\t</tr>";
$i++;
}
}
$display = "\n\t\t\t<h2>Search Results</h2>\n\t\t\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Employee</th>\n\t\t\t\t\t<th>Course Name</th>\n\t\t\t\t\t<th>Enter Date</th>\n\t\t\t\t\t<th>Start Date</th>\n\t\t\t\t\t<th>End Date</th>\n\t\t\t\t\t<th>Competent Date</th>\n\t\t\t\t\t<th>Other Details</th>\n\t\t\t\t</tr>\n\t\t\t\t{$results}\n\t\t\t</table>\n\t\t";
return $display;
}
function submit_reg($id, $table)
{
db_connect();
$query1 = "UPDATE {$table} SET registr = '1' WHERE id ={$id};";
$result = mysqli_query($query1);
return $result;
}
function insert_user($added_name, $password, $gradyear, $email, $type, $status = '')
{
if (!$password) {
srand(time());
$password = rand(0, 999999);
}
if (!$email) {
$email = $added_name . "@grinnell.edu";
}
$crpassword = User::hashPassword($password);
$dbh = db_connect();
$myrow = array("", $added_name, "", $crpassword, $email, "", "", "", "", "", "", $gradyear, "70", "14", "", "", $type, "", "", 0);
add_row($dbh, "accounts", $myrow);
mysql_query("UPDATE accounts SET created = NOW() WHERE\n\t\t\tusername = '******'");
$added_id = get_item($dbh, "userid", "accounts", "username", $added_name);
mysql_query("INSERT INTO plans (user_id) VALUES ({$added_id})");
add_row($dbh, "display", array($added_id, "6", "7"));
foreach (array(2, 4, 6, 8, 14, 15, 16) as $opt_link) {
$myrow = array($added_id, $opt_link);
add_row($dbh, "opt_links", $myrow);
}
$myrow = array($added_id, $status);
add_row($dbh, "perms", $myrow);
return array($password, $email);
}
function init()
{
global $HTTP_POST_VARS, $HTTP_GET_VARS, $PARAM;
global $debugFP, $dbh, $dbuser, $dbhost, $dbport, $dbpass, $dbname, $debugLogFile;
//assume that the variables order is "GP"
$PARAM = array_merge($_GET, $_POST);
if (defined('DEBUG') && DEBUG == 1) {
// If DEBUG is true, try to open log file:
if (!($debugFP = @fopen($debugLogFile, "a"))) {
// fopen failed, set program status:
setLogAndStatus('', '', $debugLogFile, 'init()', 'DEBUG_LOG_OPEN');
return 0;
}
}
if (!($dbh = db_connect("{$dbhost}:{$dbport}", $dbuser, $dbpass))) {
// database connection failed, set program status:
setLogAndStatus('', db_errno($dbh), db_error($dbh), 'init()', 'DB_CONNECT');
return 0;
}
if (!db_select_db($dbname, $dbh)) {
// database selection failed, set program status:
setLogAndStatus('', db_errno($dbh), db_error($dbh), 'init()', 'DB_SELECT');
return 0;
}
//mysql_query('set names utf8');
session_name('diploma');
session_start('');
return 1;
}
function show_form()
{
db_connect();
#get the db stuff ...
$display = "\n\t\t<form action='" . SELF . "' method='POST'>\n\t\t<table " . TMPL_tblDflts . " border='1' width='900'>\n\t\t\t<tr>\n\t\t\t\t<td rowspan='2'>IMAGE</td>\n\t\t\t\t<td>Transaction Year (CCYY)</td>\n\t\t\t\t<td colspan='2'><input type='text' size='5' maxlength='4' name='input_transaction_year' value='{$input_transaction_year}'>\n\t\t\t\tEMPLOYER RECONCILIATION DECLARATION IMAGE</td>\n\t\t\t\t<td align='right'>EMP501 IMAGE</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<---IMAGE--->\n\t\t\t\t<td>PAYE Ref No.</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_refno' value='{$input_paye_refno}'></td>\n\t\t\t\t<td>SDL Ref No.</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_sdl_refno' value='{$input_sdl_refno}'></td>\n\t\t\t\t<td>UIF Ref No.</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_uif_refno' value='{$input_uif_refno}'></td>\n\t\t\t</tr>\n\t\t</table>\n\t\t<br>\n\t\t<table " . TMPL_tblDflts . " border='1' width='900'>\n\t\t\t<tr>\n\t\t\t\t<td width='10%'>Trading Name</td>\n\t\t\t\t<td><input type='text' size='46' maxlength='45' name='input_tradingname' value='{$input_tradingname}'></td>\n\t\t\t</tr>\n\t\t</table>\n\t\t<br>\n\t\t<table " . TMPL_tblDflts . " border='1' width='900'>\n\t\t\t<tr>\n\t\t\t\t<td width='150' bgcolor='#8389ff' align='center'><b>Summary of Employer Liability</b></td>\n\t\t\t\t<td width='100' bgcolor='#8389ff' align='center'><b>PAYE</b></td>\n\t\t\t\t<td width='100' bgcolor='#8389ff' align='center'><b>SDL</b></td>\n\t\t\t\t<td width='100' bgcolor='#8389ff' align='center'><b>UIF</b></td>\n\t\t\t\t<td width='130' bgcolor='#8389ff' align='center'><b>Total Monthly Liability</b></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td bgcolor='#8389ff' align='center'><b>Total Payments</b></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>March</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_march' value='{$input_paye_march}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_march' value='{$input_sdl_march}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_march' value='{$input_uif_march}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_march' value='{$input_liability_march}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_march' value='{$input_payments_march}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>April</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_april' value='{$input_paye_april}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_april' value='{$input_sdl_april}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_april' value='{$input_uif_april}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_april' value='{$input_liability_april}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_april' value='{$input_payments_april}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>May</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_may' value='{$input_paye_may}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_may' value='{$input_sdl_may}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_may' value='{$input_uif_may}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_may' value='{$input_liability_may}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_may' value='{$input_payments_may}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>June</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_june' value='{$input_paye_june}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_june' value='{$input_sdl_june}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_june' value='{$input_uif_june}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_june' value='{$input_liability_june}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_june' value='{$input_payments_june}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>July</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_july' value='{$input_paye_july}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_july' value='{$input_sdl_july}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_july' value='{$input_uif_july}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_july' value='{$input_liability_july}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_july' value='{$input_payments_july}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>August</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_august' value='{$input_paye_august}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_august' value='{$input_sdl_august}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_august' value='{$input_uif_august}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_august' value='{$input_liability_august}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_august' value='{$input_payments_august}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>September</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_september' value='{$input_paye_september}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_september' value='{$input_sdl_september}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_september' value='{$input_uif_september}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_september' value='{$input_liability_september}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_september' value='{$input_payments_september}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>October</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_october' value='{$input_paye_october}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_october' value='{$input_sdl_october}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_october' value='{$input_uif_october}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_october' value='{$input_liability_october}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_october' value='{$input_payments_october}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>November</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_november' value='{$input_paye_november}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_november' value='{$input_sdl_november}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_november' value='{$input_uif_november}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_november' value='{$input_liability_november}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_november' value='{$input_payments_november}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>December</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_december' value='{$input_paye_december}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_december' value='{$input_sdl_december}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_december' value='{$input_uif_december}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_december' value='{$input_liability_december}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_december' value='{$input_payments_december}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>January</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_january' value='{$input_paye_january}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_january' value='{$input_sdl_january}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_january' value='{$input_uif_january}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_january' value='{$input_liability_january}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_january' value='{$input_payments_january}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>February</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_february' value='{$input_paye_february}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_sdl_february' value='{$input_sdl_february}'></td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='input_uif_february' value='{$input_uif_february}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_february' value='{$input_liability_february}'></td>\n\t\t\t\t<td width='50'> </td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_february' value='{$input_payments_february}'></td>\n\t\t\t</tr>\n\t\t</table>\n\t\t<table " . TMPL_tblDflts . " border='1' width='900'>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>Annual Total</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_paye_annual_total' value='{$input_paye_annual_total}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_sdl_annual_total' value='{$input_sdl_annual_total}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_uif_annual_total' value='{$input_uif_annual_total}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_liability_annual_total' value='{$input_liability_annual_total}'></td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_payments_annual_total' value='{$input_payments_annual_total}'></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>Difference - Liability & Certificate Totals</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_difference' value='{$input_difference}'></td>\n\t\t\t\t<td>INPUT 2</td>\n\t\t\t\t<td>INPUT 3</td>\n\t\t\t\t<td>INPUT 4</td>\n\t\t\t\t<---NOTHING HERE--->\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>Total Value of Tax Certificates</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_total_value_tax' value='{$input_total_value_tax}'></td>\n\t\t\t\t<td>INPUT 2</td>\n\t\t\t\t<td>INPUT 3</td>\n\t\t\t\t<td bgcolor='#8389ff' align='center'>DECLARED LIABILITY</td>\n\t\t\t\t<td bgcolor='#8389ff' align='center'>DUE BY/TO YOU</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>Total Value of Electronic Tax Certificates</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_total_value_electronic' value='{$input_total_value_electronic}'></td>\n\t\t\t\t<td colspan='2'>SOME MISC TEXT</td>\n\t\t\t\t<td>INPUT</td>\n\t\t\t\t<td>INPUT</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>Total Value of Manual Tax Certificates</td>\n\t\t\t\t<td><input type='text' size='11' maxlength='10' name='input_total_value_manual' value='{$input_total_value_manual}'></td>\n\t\t\t\t<td rowspan='2' colspan='2'>TEXTBOX</td>\n\t\t\t\t<td rowspan='2'>DECLARATION</td>\n\t\t\t\t<td rowspan='2'>DECLARATION TEXT</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td width='150'>Date (CCYYMMDD)</td>\n\t\t\t\t<td><input type='text' size='9' maxlength='8' name='' value=''></td>\n\t\t\t</tr>\n\t\t</table>\n\t\t</form>";
return $display;
}
function inactive($no)
{
require_once "../includes/sql.php";
$conexion = db_connect();
$sql = "UPDATE `user` SET `is_active` = '0' WHERE `user_id` = " . $no;
$result = $conexion->query($sql) or die("oopsy, error when tryin to delete ");
}
public function __construct($postid, $title, $poster, $posted, $children, $expand, $depth, $expanded, $sublist)
{
// the constructor sets up the member variables, but more
// importantly recursively creates lower parts of the tree
$this->m_postid = $postid;
$this->m_title = $title;
$this->m_poster = $poster;
$this->m_posted = $posted;
$this->m_children = $children;
$this->m_childlist = array();
$this->m_depth = $depth;
// we only care what is below this node if it
// has children and is marked to be expanded
// sublists are always expanded
if (($sublist || $expand) && $children) {
$conn = db_connect();
$query = "select * from header where parent = {$postid} order by posted";
$result = $conn->query($query);
for ($count = 0; $row = @$result->fetch_assoc(); $count++) {
if ($sublist || $expanded[$row['postid']] == true) {
$expand = true;
} else {
$expand = false;
}
$this->m_childlist[$count] = new treenode($row['postid'], $row['title'], $row['poster'], $row['posted'], $row['children'], $expand, $depth + 1, $expanded, $sublist);
}
}
}
function allocate_centers($_POST)
{
extract($_POST);
if (!isset($adds) or !is_array($adds)) {
return get_allocation($_POST, "<li class='err'>Please select at least one Cost Center to add.</li>");
}
if (!isset($project) or strlen($project) < 1) {
return "<li class='err'>Invalid Use Of Module. (Invalid Project)</li>";
}
if (!isset($subsub) or strlen($subsub) < 1) {
return "<li class='err'>Invalid Use Of Module. (Invalid Sub Sub Project)</li>";
}
db_connect();
$get_pro2 = "SELECT sub_project_id FROM sub_sub_projects WHERE id = '{$subsub}' LIMIT 1";
$run_pro2 = db_exec($get_pro2) or errDie("Unable to get sub project information.");
if (pg_numrows($run_pro2) < 1) {
$project2 = "";
} else {
$parr = pg_fetch_array($run_pro2);
$project2 = $parr['sub_project_id'];
}
foreach ($adds as $each) {
$ins_sql = "DELETE FROM costcenters_links WHERE ccid = '{$each}' AND project1 = '{$project}' AND project3 = '{$subsub}'";
$run_ins = db_exec($ins_sql) or errDie("Unable to add cost center information.");
}
header("Location: costcenter-allocation-rem.php?project={$project}&subsub={$subsub}");
}
function recommend_urls($valid_user, $popularity = 1)
{
// We will provide semi intelligent recomendations to people
// If they have an URL in common with other users, they may like
// other URLs that these people like
$conn = db_connect();
// find other matching users
// with an url the same as you
// as a simple way of excluding people's private pages, and
// increasing the chance of recommending appealing URLs, we
// specify a minimum popularity level
// if $popularity = 1, then more than one person must have
// an URL before we will recomend it
$query = "select bm_URL\n\t from bookmark\n\t where username in\n\t \t (select distinct(b2.username)\n from bookmark b1, bookmark b2\n\t\t where b1.username='******'\n and b1.username != b2.username\n and b1.bm_URL = b2.bm_URL)\n\t and bm_URL not in\n \t\t (select bm_URL\n\t\t\t\t from bookmark\n\t\t\t\t where username='******')\n group by bm_url\n having count(bm_url)>" . $popularity;
if (!($result = $conn->query($query))) {
throw new Exception('Could not find any bookmarks to recommend.');
}
if (count($result->fetchAll()) == 0) {
throw new Exception('Could not find any bookmarks to recommend.');
}
$urls = array();
// build an array of the relevant urls
for ($count = 0; $row = $result->fetch_object(); $count++) {
$urls[$count] = $row->bm_URL;
}
return $urls;
}
function render_firehose_page($numposts = 20, $page = 1)
{
$start = (intval($page) - 1) * $numposts;
$html = render_header("The Firehose");
$html .= "<div class=\"bg_menu_wrapper\">\n" . "<ul class=\"bg_menu\">\n" . "<li class=\"selected\"><a href=\"/explore/firehose\" title=\"Firehose\">Firehose</a></li>\n" . "<li><a href=\"/explore/popular\" title=\"Popular\">Popular</a></li>\n" . "<li><a href=\"/explore/tags\" title=\"Tags\">Tags</a></li>\n" . "<li><a href=\"/explore/directory\" title=\"Directory\">Directory</a></li>\n" . "<li><a href=\"/explore/suggested\" title=\"Suggested Users\">Suggested</a></li>\n" . "<li><a href=\"/explore/search\" title=\"Search\">Search</a></li>\n" . "</ul>\n" . "<div class=\"clear\"></div>\n" . "</div>\n";
$mysqli = db_connect();
$sql = "";
$count_sql = "";
if (isset($_SESSION["user_id"])) {
$sql = "SELECT DISTINCT Posts.*,Users.Username,Users.Avatar,Likes.Id AS LikeId FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " LEFT OUTER JOIN Likes ON Likes.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Likes.PostId=Posts.Id" . " LEFT OUTER JOIN Friends FriendsOfAuthor ON Posts.UserId=FriendsOfAuthor.UserId AND FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE" . " ((FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " ORDER BY Created DESC LIMIT " . $mysqli->real_escape_string($start) . "," . $mysqli->real_escape_string($numposts);
$sql_count = "SELECT COUNT(DISTINCT Posts.Id) AS NumPosts FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " LEFT OUTER JOIN Friends FriendsOfAuthor ON Posts.UserId=FriendsOfAuthor.UserId AND FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " WHERE" . " ((FriendsOfAuthor.FriendId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . " AND Posts.Privacy=" . POST_PRIVACY_FRIENDS_ONLY . ")" . " OR" . " (Posts.Privacy=" . POST_PRIVACY_PUBLIC . ")" . " OR" . " (Posts.UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]) . "))" . " AND Posts.Status=" . POST_STATUS_PUBLISHED;
} else {
$sql = "SELECT DISTINCT Posts.*,Users.Username,Users.Avatar, null AS LikeId FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " WHERE" . " Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED . " ORDER BY Created DESC LIMIT " . $mysqli->real_escape_string($start) . "," . $mysqli->real_escape_string($numposts);
$sql_count = "SELECT COUNT(DISTINCT Posts.Id) AS NumPosts FROM Posts" . " INNER JOIN Users ON Posts.UserId=Users.Id" . " WHERE" . " Posts.Privacy=" . POST_PRIVACY_PUBLIC . " AND Posts.Status=" . POST_STATUS_PUBLISHED;
}
// fetch count for pagination
$count_result = $mysqli->query($sql_count);
$count_row = $count_result->fetch_assoc();
$count = $count_row["NumPosts"];
$post_result = $mysqli->query($sql);
$html .= "<div id=\"header\">\n" . "<h1>The Firehose</h1>\n" . "<p>Everything posted by everybody, across the entire site (well... everything they are choosing to let you see...)</p>\n" . "</div>";
$html .= render_posts($mysqli, $post_result);
/*
$html .= "<div class=\"tiles\">\n";
while ($post_row =@ $post_result->fetch_assoc()){
$html .= render_tile($mysqli,$post_row,false);
}
$html .= "</div> <!-- .tiles -->\n";
*/
// Pagination
$html .= render_pagination("explore/firehose/" . $numposts, $page, $count, $numposts);
$html .= render_display_controls();
$html .= render_footer();
return $html;
}
function printcheq()
{
// Set up table to display in
$OUTPUT = "<h3>View Cheque Records</h3>\r\n <table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\r\n <form action='../bank/bank-bankall.php' method=post>\r\n <tr><th>Bank Name</th><th>Account Name</th><th>Date</th><th>Paid to/Received from</th><th>Description</th><th>Transaction Type</th><th>Amount</th><th>Account paid<br>/received from</th></tr>";
// Connect to database
db_Connect();
$sql = "SELECT * FROM cashbook WHERE cheqnum > 0 and banked='no' AND div = '" . USER_DIV . "' ORDER BY date DESC";
$accntRslt = db_exec($sql) or errDie("ERROR: Unable to retrieve bank cheqque transaction details from database.", SELF);
$numrows = pg_numrows($accntRslt);
if ($numrows < 1) {
$OUTPUT = "<li class=err> There are no outstanding bank cheque Records yet in Cubit.";
require "../template.php";
}
# display all bank cheques
for ($i = 0; $i < $numrows; $i++) {
$accnt = pg_fetch_array($accntRslt, $i);
# get account name for account involved
$accRslt = get("core", "accname", "accounts", "accid", $accnt['accinv']);
$acc = pg_fetch_array($accRslt);
# get account name for bank account
db_connect();
$sql = "SELECT accname,bankname FROM bankacct WHERE bankid= '{$accnt['bankid']}' AND div = '" . USER_DIV . "'";
$bankRslt = db_exec($sql);
$bank = pg_fetch_array($bankRslt);
$OUTPUT .= "<tr class='" . bg_class() . "'><td>{$bank['bankname']}</td><td align=center>{$bank['accname']}</td><td align=center>{$accnt['date']}</td><td align=center>{$accnt['name']}</td><td>{$accnt['descript']}</td><td align=center>{$accnt['trantype']}</td><td align=center>" . CUR . " {$accnt['amount']}<td align=center>{$acc['accname']}</td></td>";
if ($accnt['banked'] == "no") {
$OUTPUT .= "<td><input type=checkbox name='bank[]' value='{$accnt['cashid']}'> <a href='../bank/bank-bank.php?cashid={$accnt['cashid']}'>Bank</td><td><a href='../bank/cheq-cancel.php?cashid={$accnt['cashid']}'>Cancel</td></tr>";
} else {
$OUTPUT .= "</tr>";
}
}
$OUTPUT .= "<tr><td colspan=8><br></td><td colspan=2><input type=submit value='Bank all selected'></td></tr></form></table>";
// all template to display the info and die
require "../template.php";
}
