function getProductById() { $sql = "SELECT * FROM oe_product WHERE productId = :productId"; $namedParameters = array(); $namedParameters[':productId'] = $_GET['productId']; $record = fetchRecord($sql, $namedParameters); return $record; }
function createForm($strFunc, $strList, $strForm) { require "form_switch.php"; if (!sesAccessLevel($levelsAllowed) && !sesAdminAccess()) { ?> <div class="form_container ui-widget-content"> <?php echo $GLOBALS['locNoAccess'] . "\n"; ?> </div> <?php return; } $blnNew = getPostRequest('newact', FALSE); $blnCopy = getPostRequest('copyact', FALSE) ? TRUE : FALSE; $blnDelete = getPostRequest('deleteact', FALSE) ? TRUE : FALSE; $intKeyValue = getPostRequest('id', FALSE); if (!$intKeyValue) { $blnNew = TRUE; } if (!sesWriteAccess() && ($blnNew || $blnCopy || $blnDelete)) { ?> <div class="form_container ui-widget-content"> <?php echo $GLOBALS['locNoAccess'] . "\n"; ?> </div> <?php return; } $strMessage = ''; if (isset($_SESSION['formMessage']) && $_SESSION['formMessage']) { $strMessage = $GLOBALS['loc' . $_SESSION['formMessage']]; unset($_SESSION['formMessage']); } $strErrorMessage = ''; if (isset($_SESSION['formErrorMessage']) && $_SESSION['formErrorMessage']) { $strErrorMessage = $GLOBALS['loc' . $_SESSION['formErrorMessage']]; unset($_SESSION['formErrorMessage']); } // if NEW is clicked clear existing form data if ($blnNew) { unset($intKeyValue); unset($astrValues); unset($_POST); unset($_REQUEST); $readOnlyForm = false; } $astrValues = getPostValues($astrFormElements, isset($intKeyValue) ? $intKeyValue : FALSE); $redirect = getRequest('redirect', null); if (isset($redirect)) { // Redirect after save foreach ($astrFormElements as $elem) { if ($elem['name'] == $redirect) { if ($elem['style'] == 'redirect') { $newLocation = str_replace('_ID_', $intKeyValue, $elem['listquery']); } elseif ($elem['style'] == 'openwindow') { $openWindow = str_replace('_ID_', $intKeyValue, $elem['listquery']); } } } } if ($blnDelete && $intKeyValue && !$readOnlyForm) { deleteRecord($strTable, $intKeyValue); unset($intKeyValue); unset($astrValues); $blnNew = TRUE; if (getSetting('auto_close_after_delete')) { $qs = preg_replace('/&form=\\w*/', '', $_SERVER['QUERY_STRING']); $qs = preg_replace('/&id=\\w*/', '', $qs); header("Location: " . _PROTOCOL_ . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?{$qs}"); return; } ?> <div class="form_container ui-widget-content"> <?php echo $GLOBALS['locRecordDeleted'] . "\n"; ?> </div> <?php return; } if (isset($intKeyValue) && $intKeyValue) { $res = fetchRecord($strTable, $intKeyValue, $astrFormElements, $astrValues); if ($res === 'deleted') { $strMessage .= $GLOBALS['locDeletedRecord'] . '<br>'; } elseif ($res === 'notfound') { echo $GLOBALS['locEntryDeleted']; die; } } if ($blnCopy) { unset($intKeyValue); unset($_POST); $blnNew = TRUE; $readOnlyForm = false; } ?> <div id="popup_dlg" style="display: none; width: 900px; overflow: hidden"> <iframe id="popup_dlg_iframe" src="about:blank" style="width: 100%; height: 100%; overflow: hidden; border: 0"></iframe> </div> <?php if (isset($popupHTML)) { echo $popupHTML; } ?> <div class="form_container"> <?php createFormButtons($blnNew, $copyLinkOverride, true, $readOnlyForm); ?> <div class="form"> <form method="post" name="admin_form" id="admin_form"> <input type="hidden" name="copyact" value="0"> <input type="hidden" name="newact" value="<?php echo $blnNew ? 1 : 0; ?> "> <input type="hidden" name="deleteact" value="0"> <input type="hidden" name="redirect" id="redirect" value=""> <input type="hidden" id="record_id" name="id" value="<?php echo isset($intKeyValue) && $intKeyValue ? $intKeyValue : ''; ?> "> <table> <?php $haveChildForm = false; $prevPosition = false; $prevColSpan = 1; $rowOpen = false; $formFieldMode = sesWriteAccess() && !$readOnlyForm ? 'MODIFY' : 'READONLY'; foreach ($astrFormElements as $elem) { if ($elem['type'] === false) { continue; } $fieldMode = isset($elem['read_only']) && $elem['read_only'] ? 'READONLY' : $formFieldMode; if ($elem['type'] == "LABEL") { if ($rowOpen) { echo " </tr>\n"; } $rowOpen = false; ?> <tr> <td class="sublabel ui-widget-header ui-state-default" colspan="4"> <?php echo $elem['label']; ?> </td> </tr> <?php continue; } if ($elem['position'] == 0 || $elem['position'] <= $prevPosition) { $prevPosition = 0; $prevColSpan = 1; echo " </tr>\n"; $rowOpen = false; } if ($elem['type'] != "IFORM") { if (!$rowOpen) { $rowOpen = true; echo " <tr>\n"; } if ($prevPosition !== FALSE && $elem['position'] > 0) { for ($i = $prevPosition + $prevColSpan; $i < $elem['position']; $i++) { echo " <td class=\"label\"> </td>\n"; } } if ($elem['position'] == 0 && !strstr($elem['type'], "HID_")) { $strColspan = "colspan=\"3\""; $intColspan = 3; } elseif ($elem['position'] == 1 && !strstr($elem['type'], "HID_")) { $strColspan = ''; $intColspan = 2; } else { $intColspan = 2; } } if ($blnNew && ($elem['type'] == 'BUTTON' || $elem['type'] == 'JSBUTTON' || $elem['type'] == 'IMAGE')) { echo " <td class=\"label\"> </td>"; } elseif ($elem['type'] == "BUTTON" || $elem['type'] == "JSBUTTON") { $intColspan = 1; ?> <td class="button"> <?php echo htmlFormElement($elem['name'], $elem['type'], $astrValues[$elem['name']], $elem['style'], $elem['listquery'], $fieldMode, $elem['parent_key'], $elem['label'], array(), isset($elem['elem_attributes']) ? $elem['elem_attributes'] : '', isset($elem['options']) ? $elem['options'] : null); ?> </td> <?php } elseif ($elem['type'] == "FILLER") { $intColspan = 1; ?> <td> </td> <?php } elseif ($elem['type'] == "HID_INT" || strstr($elem['type'], "HID_")) { ?> <?php echo htmlFormElement($elem['name'], $elem['type'], $astrValues[$elem['name']], $elem['style'], $elem['listquery'], $fieldMode, $elem['parent_key'], $elem['label']); } elseif ($elem['type'] == "IMAGE") { ?> <td class="image" colspan="<?php echo $intColspan; ?> "> <?php echo htmlFormElement($elem['name'], $elem['type'], $astrValues[$elem['name']], $elem['style'], $elem['listquery'], $fieldMode, $elem['parent_key'], $elem['label'], array(), isset($elem['elem_attributes']) ? $elem['elem_attributes'] : '', isset($elem['options']) ? $elem['options'] : null); ?> </td> <?php } elseif ($elem['type'] == "IFORM") { if ($rowOpen) { echo " </tr>\n"; } echo " </table>\n </form>\n"; $haveChildForm = true; createIForm($astrFormElements, $elem, isset($intKeyValue) ? $intKeyValue : 0, $blnNew, $strForm); break; } else { $value = $astrValues[$elem['name']]; if ($elem['style'] == 'measurement') { $value = $value ? miscRound2Decim($value, 2) : ''; } if ($elem['type'] == 'AREA') { ?> <td class="toplabel"><?php echo $elem['label']; ?> </td> <?php } else { ?> <td id="<?php echo htmlentities($elem['name']) . '_label'; ?> " class="label"<?php if (isset($elem['title'])) { echo ' title="' . $elem['title'] . '"'; } ?> ><?php echo $elem['label']; ?> </td> <?php } ?> <td class="field"<?php echo $strColspan ? " {$strColspan}" : ''; ?> > <?php echo htmlFormElement($elem['name'], $elem['type'], $value, $elem['style'], $elem['listquery'], $fieldMode, isset($elem['parent_key']) ? $elem['parent_key'] : '', '', array(), isset($elem['elem_attributes']) ? $elem['elem_attributes'] : '', isset($elem['options']) ? $elem['options'] : null); if (isset($elem['attached_elem'])) { echo ' ' . $elem['attached_elem'] . "\n"; } ?> </td> <?php } $prevPosition = is_int($elem['position']) ? $elem['position'] : 0; if ($prevPosition == 0) { $prevPosition = 255; } $prevColSpan = $intColspan; } if (!$haveChildForm) { if ($rowOpen) { echo " </tr>\n"; } echo " </table>\n </form>\n"; } if ($strForm == 'product') { // Special case for product: show stock balance change log ?> <div class="iform ui-corner-tl ui-corner-bl ui-corner-br ui-corner-tr ui-helper-clearfix" id="stock_balance_log"> <div class="ui-corner-tl ui-corner-tr fg-toolbar ui-toolbar ui-widget-header"><?php echo $GLOBALS['locStockBalanceUpdates']; ?> </div> <table id="stock_balance_change_log"> <tr> <th class="medium"><?php echo $GLOBALS['locHeaderChangeLogDateTime']; ?> </th> <th class="medium"><?php echo $GLOBALS['locHeaderChangeLogUser']; ?> </th> <th class="small"><?php echo $GLOBALS['locHeaderChangeLogAmount']; ?> </th> <th class="long"><?php echo $GLOBALS['locHeaderChangeLogDescription']; ?> </th> </tr> </table> </div> </div> <?php } ?> </div> <script type="text/javascript"> /* <![CDATA[ */ var globals = {}; $(window).bind('beforeunload', function(e) { if ($('.save_button').hasClass('ui-state-highlight') || $('.add_row_button').hasClass('ui-state-highlight')) { e.returnValue = "<?php echo $GLOBALS['locUnsavedData']; ?> "; return "<?php echo $GLOBALS['locUnsavedData']; ?> "; } }); function showmsg(msg, timeout) { $.floatingMessage("<span>" + msg + "</span>", { position: "top-right", className: "ui-widget ui-state-highlight", show: "show", hide: "fade", stuffEaseTime: 200, moveEaseTime: 0, time: typeof(timeout) != 'undefined' ? timeout : 5000 }); } function errormsg(msg, timeout) { $.floatingMessage("<span>" + msg + "</span>", { position: "top-right", className: "ui-widget ui-state-error", show: "show", hide: "fade", stuffEaseTime: 200, moveEaseTime: 0, time: typeof(timeout) != 'undefined' ? timeout : 5000 }); } $(document).ready(function() { <?php if ($strMessage) { ?> showmsg("<?php echo $strMessage; ?> "); <?php } if ($strErrorMessage) { ?> errormsg("<?php echo $strErrorMessage; ?> "); <?php } if ($strForm == 'product') { ?> update_stock_balance_log(); <?php } if (sesWriteAccess()) { ?> $('input[class~="hasCalendar"]').datepicker(); <?php } ?> $('#message').ajaxStart(function() { $('#spinner').css('visibility', 'visible'); }); $('#message').ajaxStop(function() { $('#spinner').css('visibility', 'hidden'); }); $('#errormsg').ajaxError(function(event, request, settings) { errormsg('Server request failed: ' + request.status + ' - ' + request.statusText); $('#spinner').css('visibility', 'hidden'); }); $('#admin_form').find('input[type="text"],input[type="hidden"],input[type="checkbox"],select,textarea').change(function() { $('.save_button').addClass('ui-state-highlight'); }); <?php if ($haveChildForm && !$blnNew) { ?> init_rows(); $('#iform').find('input[type="text"],input[type="hidden"],input[type="checkbox"],select,textarea').change(function() { $('.add_row_button').addClass('ui-state-highlight'); }); <?php } elseif (isset($newLocation)) { echo "window.location='{$newLocation}';"; } if (isset($openWindow)) { echo "window.open('{$openWindow}');"; } ?> }); <?php if ($haveChildForm && !$blnNew) { ?> function init_rows_done() { <?php if (isset($newLocation)) { echo "window.location='{$newLocation}';"; } ?> } <?php } ?> function save_record(redirect_url, redir_style) { var form = document.getElementById('admin_form'); var obj = new Object(); <?php foreach ($astrFormElements as $elem) { if ($elem['name'] && !in_array($elem['type'], array('HID_INT', 'SECHID_INT', 'BUTTON', 'JSBUTTON', 'LABEL', 'IMAGE', 'NEWLINE', 'ROWSUM', 'CHECK', 'IFORM'))) { ?> obj.<?php echo $elem['name']; ?> = form.<?php echo $elem['name']; ?> .value; <?php } elseif ($elem['type'] == 'CHECK') { ?> obj.<?php echo $elem['name']; ?> = form.<?php echo $elem['name']; ?> .checked ? 1 : 0; <?php } } ?> obj.id = form.id.value; $.ajax({ 'url': "json.php?func=put_<?php echo $strJSONType; ?> ", 'type': 'POST', 'dataType': 'json', 'data': $.toJSON(obj), 'contentType': 'application/json; charset=utf-8', 'success': function(data) { if (data.warnings) alert(data.warnings); if (data.missing_fields) { errormsg('<?php echo $GLOBALS['locErrValueMissing']; ?> : ' + data.missing_fields); } else { $('.save_button').removeClass('ui-state-highlight'); showmsg('<?php echo $GLOBALS['locRecordSaved']; ?> ', 2000); if (redirect_url) { if (redir_style == 'openwindow') window.open(redirect_url); else window.location = redirect_url; } if (!obj.id) { obj.id = data.id; form.id.value = obj.id; if (!redirect_url || redir_style == 'openwindow') { var newloc = new String(window.location).split('#', 1)[0]; window.location = newloc + '&id=' + obj.id; } } } }, 'error': function(XMLHTTPReq, textStatus, errorThrown) { if (XMLHTTPReq.status == 409) { errormsg(jQuery.parseJSON(XMLHTTPReq.responseText).warnings); } else if (textStatus == 'timeout') errormsg('Timeout trying to save data'); else errormsg('Error trying to save data: ' + XMLHTTPReq.status + ' - ' + XMLHTTPReq.statusText); return false; } }); } function popup_dialog(url, on_close, dialog_title, event, width, height) { $("#popup_dlg").dialog({ modal: true, width: width, height: height, resizable: true, position: [50, 50], buttons: { "<?php echo $GLOBALS['locClose']; ?> ": function() { $("#popup_dlg").dialog('close'); } }, title: dialog_title, close: function(event, ui) { eval(on_close); } }).find("#popup_dlg_iframe").attr("src", url); return true; } /* ]]> */ </script> <?php createFormButtons($blnNew, $copyLinkOverride, false, $readOnlyForm); echo " </div>\n"; if ($addressAutocomplete && getSetting('address_autocomplete')) { ?> <script type="text/javascript"> $(document).ready(function() { var s = document.createElement("script"); s.type = "text/javascript"; s.src = "https://maps.googleapis.com/maps/api/js?sensor=false&libraries=places&callback=gmapsready"; window.gmapsready = function(){ initAddressAutocomplete(""); initAddressAutocomplete("quick_"); }; $("head").append(s); }); </script> <?php } }
function getGrossSalesToDate() { $sql = "SELECT SUM(Sales) AS 'GSTD' FROM (\n" . "SELECT SUM(qty * p.price) AS 'Sales'\n" . "FROM `oe_orderProduct` op\n" . "RIGHT JOIN `oe_product` p\n" . "ON op.productId = p.productId\n" . "GROUP BY op.`productId`) salesTable"; $record = fetchRecord($sql); return $record['GSTD']; }
<?php /** * @Author: Alexander * @Date: 2016-03-12 21:15:05 * @Last Modified by: Alexander * @Last Modified time: 2016-03-20 13:17:19 */ $root = '../'; $title = 'Section Editor'; $subTitle = 'You edit position details here.'; require_once $root . 'logincheck.php'; require_once $root . 'functions.php'; require_once $root . 'header.php'; if (isset($_GET['position_id'])) { $position = fetchRecord('`position`', 'position_id', $_GET['position_id']); ?> <div class="container"> <div class="row"> <div class="col m12"> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo json_encode($_POST, JSON_PRETTY_PRINT); } ?> <form class="col s12 m12" action="" method="POST"> <h4 class="header red-text">You are currently editing: <i><?php echo $position['position_name']; ?> </i></h4>
<?php /** * @Author: Alexander * @Date: 2016-03-12 21:15:05 * @Last Modified by: Alexander * @Last Modified time: 2016-03-20 13:50:09 */ $root = '../'; $title = 'Section Editor'; $subTitle = 'You edit work_status details here.'; require_once $root . 'logincheck.php'; require_once $root . 'functions.php'; require_once $root . 'header.php'; if (isset($_GET['work_status_id'])) { $work_status = fetchRecord('`work_status`', 'work_status_id', $_GET['work_status_id']); ?> <div class="container"> <div class="row"> <div class="col m12"> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo json_encode($_POST, JSON_PRETTY_PRINT); } ?> <form class="col s12 m12" action="" method="POST"> <h4 class="header red-text">You are currently editing: <i><?php echo $work_status['work_status_name']; ?> </i></h4>
<?php /** * @Author: Alexander * @Date: 2016-03-12 21:15:05 * @Last Modified by: Alexander * @Last Modified time: 2016-03-20 13:17:36 */ $root = '../'; $title = 'Section Editor'; $subTitle = 'You edit section details here.'; require_once $root . 'logincheck.php'; require_once $root . 'functions.php'; require_once $root . 'header.php'; if (isset($_GET['section_id'])) { $section = fetchRecord('`section`', 'section_id', $_GET['section_id']); $departments = queryDatabase('SELECT `department_id`, `department_name` FROM `department`'); ?> <div class="container"> <div class="row"> <div class="col m12"> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo json_encode($_POST, JSON_PRETTY_PRINT); } ?> <form class="col s12 m12" action="" method="POST"> <h4 class="header red-text">You are currently editing: <i><?php echo $section['section_name']; ?>
<?php $root = '../'; require_once $root . 'logincheck.php'; require_once $root . 'functions.php'; if (isset($_GET['id'])) { $employee = queryDatabase("SELECT * " . "FROM employee INNER JOIN emp_position ON employee.employee_id = emp_position.emp_position_employee_id INNER JOIN position ON emp_position.emp_position_position_id = position.position_id " . "WHERE employee.employee_id = " . $conn->quote($_GET['id']) . " LIMIT 1"); $employee = count($employee) > 0 ? $employee = $employee[0] : ($employee = fetchRecord('employee', 'employee_id', $_GET['id'])); $employee['employee_name'] = $employee['employee_fname'] . ' ' . $employee['employee_mname'] . ' ' . $employee['employee_lname']; } ?> <form action="updateEmployee.php" method="POST"> <div class="card blue-grey darken-1"> <div class="card-content white-text"> <div class="row"> <div class="col s12 center-align"> <img src="<?php echo $root; ?> res/guest.png" class="circle" width="183px" height="183px"> </div> </div> <div class="row"> <div class="col s12 center-align"> <span class="card-title" style="line-height: normal;"> <?php echo $employee['employee_name']; ?> </br> <small><i><?php
<?php /** * @Author: Alexander * @Date: 2016-03-12 21:15:05 * @Last Modified by: Alexander * @Last Modified time: 2016-03-20 13:16:58 */ $root = '../'; $title = 'Factory Editor'; $subTitle = 'You edit factory details here.'; require_once $root . 'logincheck.php'; require_once $root . 'functions.php'; require_once $root . 'header.php'; if (isset($_GET['factory_id'])) { $factory = fetchRecord('`factory`', 'factory_id', $_GET['factory_id']); ?> <div class="container"> <div class="row"> <div class="col m12"> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo json_encode($_POST, JSON_PRETTY_PRINT); } ?> <form class="col s12 m12" action="" method="POST"> <h4 class="header red-text">You are currently editing: <i><?php echo $factory['factory_name']; ?> </i></h4>
<?php /** * @Author: Alexander * @Date: 2016-03-12 21:15:05 * @Last Modified by: Alexander * @Last Modified time: 2016-03-20 13:18:00 */ $root = '../'; $title = 'Department Editor'; $subTitle = 'You edit department details here.'; require_once $root . 'logincheck.php'; require_once $root . 'functions.php'; require_once $root . 'header.php'; if (isset($_GET['department_id'])) { $department = fetchRecord('`department`', 'department_id', $_GET['department_id']); $factories = queryDatabase('SELECT `factory_id`, `factory_name` FROM `factory`'); ?> <div class="container"> <div class="row"> <div class="col m12"> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo json_encode($_POST, JSON_PRETTY_PRINT); } ?> <form class="col s12 m12" action="" method="POST"> <h4 class="header red-text">You are currently editing: <i><?php echo $department['department_name']; ?>
<?php include_once './includes/genericDataAccess.inc.php'; session_start(); if (isset($_POST['loginForm'])) { //checks whether user submitted the form $username = $_POST['username']; $password = sha1($_POST['password']); $sql = "SELECT * \r\n FROM oe_admin\r\n WHERE username = :username\r\n AND password = :password"; $namedParameters = array(); $namedParameters[':username'] = $username; $namedParameters[':password'] = $password; $auth = fetchRecord($sql, $namedParameters); if (empty($auth)) { //wrong username or password echo "Wrong username or password!"; } else { $_SESSION['username'] = $record['username']; $_SESSION['adminName'] = $record['firstName'] . " " . $record['lastName']; header("Location: products.php"); } }