function check_acl($db, $module, $page)
{
$uid = $_SESSION['login_id'];
/* get group id */
$q = 'SELECT ' . PRFX . 'CONFIG_EMPLOYEE_TYPE.TYPE_NAME
FROM ' . PRFX . 'TABLE_EMPLOYEE,' . PRFX . 'CONFIG_EMPLOYEE_TYPE
WHERE ' . PRFX . 'TABLE_EMPLOYEE.EMPLOYEE_TYPE = ' . PRFX . 'CONFIG_EMPLOYEE_TYPE.TYPE_ID AND EMPLOYEE_ID=' . $db->qstr($uid);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=Could not get Group ID for user');
exit;
} else {
$gid = $rs->fields['TYPE_NAME'];
}
/* check page to see if we have access */
if (!isset($module)) {
$page = "core:main";
} else {
$page = $module . ":" . $page;
}
$q = 'SELECT ' . $gid . ' as ACL FROM ' . PRFX . 'ACL WHERE page=' . $db->qstr($page);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=Could not get Page ACL');
exit;
} else {
$acl = $rs->fields['ACL'];
if ($acl != 1) {
return false;
} else {
return true;
}
}
}
function display_workorder_status2($db, $wo_id)
{
$sql = "SELECT " . PRFX . "TABLE_WORK_ORDER_STATUS.*, " . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_DISPLAY_NAME \n\t\t\t\tFROM " . PRFX . "TABLE_WORK_ORDER_STATUS, " . PRFX . "TABLE_EMPLOYEE \n\t\t\t\tWHERE " . PRFX . "TABLE_WORK_ORDER_STATUS.WORK_ORDER_ID=" . $db->qstr($wo_id) . " \n\t\t\t\tAND " . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_ID = " . PRFX . "TABLE_WORK_ORDER_STATUS.WORK_ORDER_STATUS_ENTER_BY ORDER BY " . PRFX . "TABLE_WORK_ORDER_STATUS.WORK_ORDER_STATUS_ID";
if (!($result = $db->Execute($sql))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
$work_order_status2 = $result->GetArray();
return $work_order_status2;
}
function date_format_call($db)
{
$q = 'SELECT * FROM ' . PRFX . 'TABLE_COMPANY';
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
$date_format = $rs->fields['COMPANY_DATE_FORMAT'];
return $date_format;
}
}
function display_closed($db, $page_no, $smarty)
{
global $smarty;
// Define the number of results per page
$max_results = 25;
// Figure out the limit for the Execute based
// on the current page number.
$from = $page_no * $max_results - $max_results;
$sql = "SELECT \n\t\t\t" . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_ID, \n\t\t\t" . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_OPEN_DATE,\n\t\t\t" . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_ASSIGN_TO,\n\t\t\t" . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_SCOPE, \n\t\t\t" . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_CLOSE_DATE,\n\t\t\t" . PRFX . "TABLE_CUSTOMER.*, \n\t\t\t" . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_ID, \n\t\t\t" . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_DISPLAY_NAME, \n\t\t\t" . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_WORK_PHONE, \n\t\t\t" . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_HOME_PHONE, \n\t\t\t" . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_MOBILE_PHONE, \n\t\t\t" . PRFX . "CONFIG_WORK_ORDER_STATUS.CONFIG_WORK_ORDER_STATUS\n\t\t\tFROM " . PRFX . "TABLE_WORK_ORDER\n\t\t\tLEFT JOIN " . PRFX . "TABLE_CUSTOMER ON " . PRFX . "TABLE_WORK_ORDER.CUSTOMER_ID = " . PRFX . "TABLE_CUSTOMER.CUSTOMER_ID\n\t\t\tLEFT JOIN " . PRFX . "TABLE_EMPLOYEE ON " . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_ASSIGN_TO = " . PRFX . "TABLE_EMPLOYEE.EMPLOYEE_ID\n\t\t\tLEFT JOIN " . PRFX . "CONFIG_WORK_ORDER_STATUS ON " . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_CURRENT_STATUS = " . PRFX . "CONFIG_WORK_ORDER_STATUS.CONFIG_WORK_ORDER_STATUS_ID\n\t\t\tWHERE WORK_ORDER_STATUS=" . $db->qstr(6) . " GROUP BY " . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_ID ORDER BY " . PRFX . "TABLE_WORK_ORDER.WORK_ORDER_ID DESC LIMIT {$from}, {$max_results}";
if (!($rs = $db->Execute($sql))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
$work_order = $rs->GetArray();
}
// Figure out the total number of results in DB:
$q = "SELECT COUNT(*) as Num FROM " . PRFX . "TABLE_WORK_ORDER WHERE WORK_ORDER_STATUS=" . $db->qstr(6);
if (!($results = $db->Execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
if (!($total_results = $results->FetchRow())) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
$smarty->assign('total_results', $total_results['Num']);
}
// Figure out the total number of pages. Always round up using ceil()
$total_pages = ceil($total_results["Num"] / $max_results);
$smarty->assign('total_pages', $total_pages);
// Assign the first page
if ($page_no > 1) {
$prev = $page_no - 1;
}
// Build Next Link
if ($page_no < $total_pages) {
$next = $page_no + 1;
}
$smarty->assign('name', $name);
$smarty->assign('page_no', $page_no);
$smarty->assign("previous", $prev);
$smarty->assign("next", $next);
return $work_order;
}
<?php
// Load the Expense Functions
require_once 'include.php';
// Load the Translations for this Module
if (!xml2php('expense')) {
$smarty->assign('error_msg', "Error in language file");
}
$expenseID = $VAR['expenseID'];
// Load PHP Language Translations
$langvals = gateway_xml2php('expense');
// Make sure we got an Expense ID number
if (!isset($expenseID) || $expenseID == "") {
$smarty->assign('results', 'Please go back and select an expense record');
die;
}
// Delete the expense function call
if (!delete_expense($db, $expenseID)) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
force_page('expense', 'search&page_title=' . $langvals['expense_search_title']);
exit;
}
<?php
// Load the Expense Functions
require_once 'include.php';
// Load the Translations for this Module
if (!xml2php('expense')) {
$smarty->assign('error_msg', "Error in language file");
}
// Load PHP Language Translations
$langvals = gateway_xml2php('expense');
// Load expense details
$expense_details = display_expense_info($db, $VAR['expenseID']);
// If details submitted run update values, if not set load edit.tpl and populate values
if (isset($VAR['submit'])) {
if (!update_expense($db, $VAR)) {
force_page('expense', 'edit&error_msg=Falied to Update Expense Information&expenseID=' . $VAR['expenseID']);
exit;
} else {
force_page('expense', 'expense_details&expenseID=' . $VAR['expenseID'] . '&page_title=' . $langvals['expense_details_title']);
exit;
}
} else {
$smarty->assign('expense_details', $expense_details);
$smarty->display('expense' . SEP . 'edit.tpl');
}
require_once 'include.php';
// Load the Translation for this Module
if (!xml2php('refund')) {
$smarty->assign('error_msg', "Error in language file");
}
// Load PHP Language Translations
$langvals = gateway_xml2php('refund');
$last_record_id = last_record_id_lookup($db);
$new_record_id = $last_record_id + 1;
// If details submitted insert record, if non submitted load new.tpl and populate values
if (isset($VAR['submit']) || isset($VAR['submitandnew'])) {
if ($run != insert_new_refund($db, $VAR)) {
$smarty->assign('error_msg', 'Falied to insert Refund');
$smarty->display('core' . SEP . 'error.tpl');
echo "refund insert error";
} else {
if (isset($VAR['submitandnew'])) {
// Submit New Refund and reload page
force_page('refund', 'new&page_title=');
exit;
} else {
// Submit and load Refund View Details
force_page('refund', 'refund_details&refundID=' . $new_record_id . '&page_title=' . $langvals['refund_details_title']);
exit;
}
}
} else {
$smarty->assign('new_record_id', $new_record_id);
$smarty->assign('tax_rate', $tax_rate);
$smarty->display('refund' . SEP . 'new.tpl');
}
function employee_type($db)
{
$q = "SELECT * FROM " . PRFX . "CONFIG_EMPLOYEE_TYPE";
if (!($rs = $db->Execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
$arr = $rs->GetArray();
return $arr;
}
}
<?php
// Load the Refund Functions
require_once 'include.php';
// Load the Translation for this Module
if (!xml2php('refund')) {
$smarty->assign('error_msg', "Error in language file");
}
// Load PHP Language Translations
$langvals = gateway_xml2php('refund');
// Load refund details
$refund_details = display_refund_info($db, $VAR['refundID']);
// If details submitted run update values, if not set load edit.tpl and populate values
if (isset($VAR['submit'])) {
if (!update_refund($db, $VAR)) {
force_page('refund', 'edit&error_msg=Falied to Update refund Information&refundID=' . $VAR['refundID']);
exit;
} else {
force_page('refund', 'refund_details&refundID=' . $VAR['refundID'] . '&page_title=' . $langvals['refund_details_title']);
exit;
}
} else {
$smarty->assign('refund_details', $refund_details);
$smarty->display('refund' . SEP . 'edit.tpl');
}
<?php
// Load the Supplier classes
require_once 'include.php';
// Load the Translation for this Module
if (!xml2php('supplier')) {
$smarty->assign('error_msg', "Error in language file");
}
// Load PHP Language Translations
$langvals = gateway_xml2php('supplier');
// Load supplier details
$supplier_details = display_supplier_info($db, $VAR['supplierID']);
// If details submitted run update values, if not set load edit.tpl and populate values
if (isset($VAR['submit'])) {
if (!update_supplier($db, $VAR)) {
force_page('supplier', 'edit&error_msg=Falied to Update Supplier Information&supplierID=' . $VAR['supplierID']);
exit;
} else {
force_page('supplier', 'supplier_details&supplierID=' . $VAR['supplierID'] . '&page_title=' . $langvals['supplier_details_title']);
exit;
}
} else {
$smarty->assign('supplier_details', $supplier_details);
$smarty->display('supplier' . SEP . 'edit.tpl');
}
<?php
require_once "include.php";
if (!xml2php("customer")) {
$smarty->assign('error_msg', "Error in language file");
}
if (isset($VAR['submit'])) {
if (!($customer_id = insert_new_customer($db, $VAR))) {
$smarty->assign('error_msg', 'Falied to insert customer');
$smarty->display('core' . SEP . 'error.tpl');
} else {
force_page('customer', 'customer_details&customer_id=' . $customer_id . '&msg=Added New Customer ' . $VAR["displayName"] . ' &page_title=' . $VAR["displayName"]);
exit;
}
} else {
$smarty->display('customer' . SEP . 'new.tpl');
}
<?php
require_once "include.php";
if (empty($VAR['wo_id'])) {
force_page('core', 'error&error_msg=No Work Order ID');
exit;
}
if (isset($VAR['submit'])) {
if (!update_status($db, $VAR)) {
force_page('core', 'error&error_msg=Falied to update work order status');
exit;
} else {
force_page('workorder', 'view&wo_id=' . $VAR['wo_id'] . '&page_title=Work%20Order%20ID%20' . $VAR['wo_id']);
exit;
}
} else {
$smarty->assign('wo_id', $VAR['wo_id']);
$smarty->display('workorder' . SEP . 'new_status.tpl');
}
$trans = $rs->GetArray();
$smarty->assign('trans', $trans);
}
$smarty->assign('invoice_details', $invoice_details);
/* get billing settings from db */
$q = "SELECT BILLING_OPTION, ACTIVE FROM " . PRFX . "CONFIG_BILLING_OPTIONS WHERE ACTIVE='1'";
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
$billing_options = $rs->GetAssoc();
if (empty($billing_options)) {
force_page('core', 'error&error_msg=No Billing Methods Available. Please select billing options in the configuration&menu=1');
exit;
}
$smarty->assign('billing_options', $billing_options);
/* get Accepted Credit cards*/
if ($billing_options['cc_billing'] == '1') {
$q = "SELECT CARD_TYPE, CARD_NAME FROM " . PRFX . "CONFIG_CC_CARDS WHERE ACTIVE='1'";
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
$cc_cards = $rs->GetAssoc();
if (empty($cc_cards)) {
force_page('core', 'error&error_msg=Credit Card Billing is Set on but no cards are active. Please enable at least on credit card in the control panel&menu=1');
exit;
}
$smarty->assign('cc_cards', $cc_cards);
}
$smarty->display('billing' . SEP . 'new.tpl');
$q = "INSERT INTO " . PRFX . "TABLE_WORK_ORDER_STATUS SET\n\t\t\t\tWORK_ORDER_ID\t\t\t\t\t= " . $db->qstr($wo_id) . ",\n\t\t\t\tWORK_ORDER_STATUS_DATE \t\t= " . $db->qstr(time()) . ",\n\t\t\t\tWORK_ORDER_STATUS_NOTES \t\t= " . $db->qstr($memo) . ",\n\t\t\t\tWORK_ORDER_STATUS_ENTER_BY\t= " . $db->qstr($_SESSION['login_id']);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
/* check status */
$q = "SELECT WORK_ORDER_STATUS FROM " . PRFX . "TABLE_WORK_ORDER WHERE WORK_ORDER_ID=" . $db->qstr($wo_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
if ($rs->fields['WORK_ORDER_STATUS'] != '6') {
/* check if we have a schedule */
$q = "SELECT count(*) as count FROM " . PRFX . "TABLE_SCHEDULE WHERE WORK_ORDER_ID=" . $db->qstr($wo_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
if ($rs->fields['count'] == 1) {
$status = '2';
} else {
$status = '1';
}
$q = "UPDATE " . PRFX . "TABLE_WORK_ORDER SET WORK_ORDER_CURRENT_STATUS =" . $db->qstr($status) . ", LAST_ACTIVE=" . $db->qstr(time()) . " WHERE WORK_ORDER_ID = " . $db->qstr($wo_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
}
force_page('workorder', 'view&wo_id=' . $wo_id . '&page_title=Work%20Order%20ID%20' . $wo_id);
$partsID = $VAR['partsID'];
// Labour Delete Record
if (isset($VAR['deleteType']) && $VAR['deleteType'] == "labourRecord") {
// Delete the labour record Function call
if (!delete_labour_record($db, $labourID)) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
force_page('invoice', 'new&invoice_id=' . $invoice_id . '&wo_id=' . $wo_id . '&page_title=' . $langvals['invoice_invoice'] . '&customer_id=' . $customer_id);
exit;
}
}
// Parts Delete Record
if (isset($VAR['deleteType']) && $VAR['deleteType'] == "partsRecord") {
// Delete the labour record Function call
if (!delete_parts_record($db, $partsID)) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
force_page('invoice', 'new&invoice_id=' . $invoice_id . '&wo_id=' . $wo_id . '&page_title=' . $langvals['invoice_invoice'] . '&customer_id=' . $customer_id);
exit;
}
}
// Delete Invoice
if (!delete_invoice($db, $invoice_id, $customer_id, $login)) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
force_page('invoice', 'view_paid&page_title=Paid%20Invoices');
exit;
}
<?php
#########################################################
# This program is distributed under the terms and #
# conditions of the GPL #
# new.php #
# Version 0.0.1 Fri Sep 30 09:30:10 PDT 2005 #
# #
#########################################################
require_once "include.php";
//require_once("js/emp_new.js");
if (!xml2php("employees")) {
$smarty->assign('error_msg', "Error in language file");
}
$VAR['page_title'] = "Add New Employee";
if (isset($VAR['submit'])) {
$smarty->assign('VAR', $VAR);
if (!check_employee_ex($db, $VAR)) {
$smarty->assign('error_msg', 'The employees Display Name, ' . $VAR["displayName"] . ', already exists! Please use a differnt name.');
$smarty->display('employees' . SEP . 'new.tpl');
} else {
if (!($employee_id = insert_new_employee($db, $VAR))) {
$smarty->assign('error_msg', 'Falied to insert Employee');
} else {
force_page('employees', 'employee_details&employee_id=' . $employee_id . '&page_title=Employees');
}
}
} else {
$smarty->display('employees' . SEP . 'new.tpl');
}
function display_memo($db, $customer_id)
{
$q = "SELECT * FROM " . PRFX . "CUSTOMER_NOTES WHERE CUSTOMER_ID=" . $db->qstr($customer_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
$arr = $rs->GetArray();
return $arr;
}
$smarty->assign('DD_BSB', $DD_BSB);
$smarty->assign('DD_ACC', $DD_ACC);
$smarty->assign('DD_INS', $DD_INS);
$smarty->assign('DD_BANK', $DD_BANK);
$smarty->assign('CHECK_PAYABLE', $CHECK_PAYABLE);
$smarty->assign('PAYMATE_LOGIN', $PAYMATE_LOGIN);
$smarty->assign('company', $company);
$smarty->assign('company2', $company2);
//$smarty->assign('CURRENCY_CODE',$CURRENCY_CODE);
//$smarty->assign('currency_sym',$currency_sym);
$smarty->assign('country', $country);
$smarty->assign('pamount', $pamount);
$smarty->assign('paymate_amt', $paymate_amt);
$smarty->assign('PAYMATE_FEES', $PAYMATE_FEES);
$smarty->assign('parts_sub_total_sum', $parts_sub_total_sum);
$smarty->assign('labour_sub_total_sum', $labour_sub_total_sum);
$smarty->assign('wo_description', $wo_description);
$smarty->assign('wo_resolution', $wo_resolution);
$smarty->display('invoice' . SEP . 'print_html.tpl');
} else {
// EOF HTML Printing Section
// BOF PDF Printing Section
if ($print_type == 'pdf') {
require_once FILE_ROOT . 'templates/invoice/print_pdf_tpl.php';
//This loads the PDF template file
} else {
force_page('core', "error&menu=1&error_msg=No Printing Options set. Please set up printing options in the Control Center.&type=error");
exit;
}
}
// EOF PDF Printing Section
<?php
####################################################
# This program is distributed under the terms and #
# conditions of the GPL #
# Schedule Delete #
# Version 0.0.2 2:18 PM Monday, 6 April 2009 #
# #
####################################################
$sch_id = $VAR['sch_id'];
$y = $VAR['y'];
$m = $VAR['m'];
$d = $VAR['d'];
$q = "DELETE FROM " . PRFX . "TABLE_SCHEDULE WHERE SCHEDULE_ID =" . $db->qstr($sch_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
force_page('schedule', 'main&y=' . $y . '&m=' . $m . '&d=' . $d . '&wo_id=' . $VAR['wo_id']);
exit;
}
if (!insert_new_schedule($db, $VAR)) {
/* If db insert fails send em the error */
$day = $VAR['start']['schedule_date'];
$start_time = $VAR['start']['Time_Hour'] . ":" . $VAR['start']['Time_Minute'] . " " . $VAR['start']['Time_Meridian'];
$notes = $VAR['schedule_notes'];
$end_time = $VAR['end']['Time_Hour'] . ":" . $VAR['end']['Time_Minute'] . " " . $VAR['end']['Time_Meridian'];
$smarty->assign('end_time', $end_time);
$smarty->assign('start_day', $day);
$smarty->assign('start_time', $start_time);
$smarty->assign('schedule_notes', $notes);
$smarty->assign('tech', $VAR['tech']);
$smarty->assign('wo_id', $VAR['wo_id']);
$smarty->display("schedule/new.tpl");
//force_page('schedule','main&y='.$s_year.'&d='.$s_month.'&m='.$s_day.'&wo_id='.$VAR['wo_id'].'&page_title=schedule&tech='.$VAR['tech']);
} else {
//list($s_day, $s_month, $s_year) = split('[/.-]', $VAR['start']['SCHEDULE_date']);
list($s_month, $s_day, $s_year) = split('[/.-]', $VAR['start']['SCHEDULE_date']);
force_page('schedule', 'main&y=' . $s_year . '&d=' . $s_month . '&m=' . $s_day . '&wo_id=' . $VAR['wo_id'] . '&page_title=schedule&tech=' . $VAR['tech']);
}
} else {
// Load html form to smarty
$start_time = $VAR['starttime'];
$day = $VAR['day'];
$wo_id = $VAR['wo_id'];
$tech = $VAR['tech'];
$smarty->assign('tech', $tech);
$smarty->assign('wo_id', $wo_id);
$smarty->assign('start_day', $day);
$smarty->assign('start_time', $start_time);
$smarty->display('schedule' . SEP . 'new.tpl');
}
function delete_invoice($db, $invoice_id, $customer_id, $login)
{
//Actual Deletion Function from Invoice Table
$q = "DELETE FROM " . PRFX . "TABLE_INVOICE WHERE INVOICE_ID=" . $db->qstr($invoice_id);
if (!($rs = $db->Execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
return true;
}
// TODO - Add transaction log to database
/*
$q = "INSERT INTO ".PRFX."TABLE_TRANSACTION ( TRANSACTION_ID, DATE, TYPE, INVOICE_ID, WORKORDER_ID, CUSTOMER_ID, MEMO, AMOUNT ) VALUES,
( NULL, ".$db->qstr(time()).",'6',".$db->qstr($invoice_id).",'0',".$db->qstr($customer_id).",'Invoice Deleted By ".$db->qstr($login).",'0.00');";
if (!$rs = $db->Execute($q)) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}*/
}
force_page('billing', 'new&wo_id=' . $workorder_id . '&customer_id=' . $customer_id . '&invoice_id=' . $invoice_id . '&error_msg=You can not bill more than the amount of the invoice.');
exit;
}
if ($invoice_details['INVOICE_AMOUNT'] == $deposit_amount) {
/* insert Transaction */
$memo = "Full Deposit Payment Made of {$currency_sym}{$deposit_amount}, Deposit ID#: {$deposit_recieved}, Deposit Memo: {$deposit_memo}";
$q = "INSERT INTO " . PRFX . "TABLE_TRANSACTION SET\n\t\t\tDATE \t\t\t= " . $db->qstr(time()) . ",\n\t\t\tTYPE \t\t\t= '6',\n\t\t\tINVOICE_ID = " . $db->qstr($invoice_id) . ",\n\t\t\tWORKORDER_ID = " . $db->qstr($workorder_id) . ",\n\t\t\tCUSTOMER_ID = " . $db->qstr($customer_id) . ",\n\t\t\tMEMO \t\t\t= " . $db->qstr($memo) . ",\n\t\t\tAMOUNT\t\t\t= " . $db->qstr($deposit_amount);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
/* update the invoice */
$q = "UPDATE " . PRFX . "TABLE_INVOICE SET\n\t\t\tPAID_DATE \t\t= " . $db->qstr(time()) . ", \n\t\t\tPAID_AMOUNT \t\t= " . $db->qstr($deposit_amount) . ",\n\t\t\tINVOICE_PAID\t\t= '1',\n\t\t\tBALANCE \t\t= " . $db->qstr(0.0) . "\n\t\t\tWHERE INVOICE_ID \t= " . $db->qstr($invoice_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
/* update work order */
$q = "INSERT INTO " . PRFX . "TABLE_WORK_ORDER_STATUS SET\n\t\t\tWORK_ORDER_ID\t\t\t= " . $db->qstr($workorder_id) . ",\n\t\t\tWORK_ORDER_STATUS_DATE \t\t= " . $db->qstr(time()) . ",\n\t\t\tWORK_ORDER_STATUS_NOTES \t= " . $db->qstr($memo) . ",\n\t\t\tWORK_ORDER_STATUS_ENTER_BY\t= " . $db->qstr($_SESSION['login_id']);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
$q = "UPDATE " . PRFX . "TABLE_WORK_ORDER SET\n\t\t\tWORK_ORDER_STATUS\t\t\t= '6',\n\t\t\tWORK_ORDER_CURRENT_STATUS \t= '8'\n\t\t\tWHERE WORK_ORDER_ID \t\t=\t" . $db->qstr($workorder_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
force_page('invoice', "view&invoice_id={$invoice_id}&customer_id={$customer_id}");
}
}
$parts_sub_total_sum = parts_sub_total_sum($db, $invoice['INVOICE_ID']);
$smarty->assign('labour_sub_total_sum', $labour_sub_total_sum);
$smarty->assign('parts_sub_total_sum', $parts_sub_total_sum);
$smarty->display('invoice' . SEP . 'new.tpl');
// If discount is greate than 100% then these close WO and mark the invoice as paid
if ($VAR['discount'] >= 100) {
$q = "UPDATE " . PRFX . "TABLE_WORK_ORDER SET\n WORK_ORDER_STATUS\t\t= '6',\n WORK_ORDER_CURRENT_STATUS \t= '8'\n WHERE WORK_ORDER_ID \t\t=" . $db->qstr($wo_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
}
if ($VAR['discount'] >= 100) {
/* update the invoice */
$q = "UPDATE " . PRFX . "TABLE_INVOICE SET\n PAID_DATE \t\t= " . $db->qstr(time()) . ",\n PAID_AMOUNT \t\t= '0',\n INVOICE_PAID\t\t= '1'\n WHERE INVOICE_ID \t= " . $db->qstr($VAR['invoice_id']);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
}
}
##################################
# If We have a Submit2 #
##################################
if (isset($submit2) && $wo_id != "0") {
$q = "UPDATE " . PRFX . "TABLE_WORK_ORDER SET\n\t\t\tWORK_ORDER_STATUS\t\t= '6',\n\t\t\tWORK_ORDER_CURRENT_STATUS \t= '8'\n\t\t\tWHERE WORK_ORDER_ID \t\t=" . $db->qstr($wo_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
}
unlink($target_path);*/
} else {
$users = array($email_from => $employee_details['EMPLOYEE_FIRST_NAME']);
//Generate Replacements
$replacements = array();
foreach ($users as $email => $user) {
$replacements[$email] = array('{name}' => $employee_details['EMPLOYEE_FIRST_NAME'], '{sig}' => $sig);
}
$decorator = new Swift_Plugins_DecoratorPlugin($replacements);
$mailer->registerPlugin($decorator);
$message = Swift_Message::newInstance($email_subject)->setFrom(array($email_from => $employee_details['EMPLOYEE_FIRST_NAME']))->setTo($users)->setBody($message_body, 'text/html');
//Send the message
$numSent = $mailer->send($message);
//Display how many messages were sent
echo "<script>alert('Successfully Sent {$numSent} message')</script>";
echo "<script>navigate('?page=customer:email&customer_id=" . $c2 . "&page_title=Email Customer')</script>";
//Show what file was uploaded
//printf("File Location", $fname2);
//Assign the variables with smarty
$smarty->assign('email_subject', $email_subject);
$smarty->assign('email_from', $email_from);
$smarty->assign('email_to', $email_to);
$smarty->assign('message_body', $message_body);
$smarty->assign('rr', $rr);
$smarty->assign('file_download', $file_download);
// EOF Email Message details
force_page('customer', "email&customer_id=" . $c2 . "&page_title=Email Customer");
}
}
///Display the template we will use
$smarty->display('customer' . SEP . 'email.tpl');
exit;
}
force_page('billing', 'new&wo_id=' . $workorder_id . '&customer_id=' . $customer_id . '&invoice_id=' . $invoice_id . '&page_title=Billing&error_msg=' . $result[3]);
exit;
} else {
if ($result[0] == "3") {
/* insert Transaction */
$memo = "ERROR: " . $result[3] . " Card Number: {$cc_num} TRANS ID: " . $result[37];
$q = "INSERT INTO " . PRFX . "TABLE_TRANSACTION SET\n\t\t\tDATE \t\t\t= " . $db->qstr(time()) . ",\n\t\t\tTYPE \t\t\t= '1',\n\t\t\tINVOICE_ID \t\t= " . $db->qstr($invoice_id) . ",\n\t\t\tWORKORDER_ID = " . $db->qstr($workorder_id) . ",\n\t\t\tCUSTOMER_ID \t\t= " . $db->qstr($customer_id) . ",\n\t\t\tMEMO \t\t\t= " . $db->qstr($memo) . ",\n\t\t\tAMOUNT\t\t\t= " . $db->qstr($cc_amount);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
force_page('billing', 'new&wo_id=' . $workorder_id . '&customer_id=' . $customer_id . '&invoice_id=' . $invoice_id . '&page_title=Billing&error_msg=' . $result[3]);
exit;
} else {
if ($result[0] == "4") {
/* insert Transaction */
$memo = "ERROR: " . $result[3] . " Card Number: {$cc_num} TRANS ID: " . $result[37];
$q = "INSERT INTO " . PRFX . "TABLE_TRANSACTION SET\n\t\t\tDATE \t\t\t= " . $db->qstr(time()) . ",\n\t\t\tTYPE \t\t\t= '1',\n\t\t\tINVOICE_ID \t\t= " . $db->qstr($invoice_id) . ",\n\t\t\tWORKORDER_ID = " . $db->qstr($workorder_id) . ",\n\t\t\tCUSTOMER_ID \t\t= " . $db->qstr($customer_id) . ",\n\t\t\tMEMO \t\t\t= " . $db->qstr($memo) . ",\n\t\t\tAMOUNT\t\t\t= " . $db->qstr($cc_amount);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1');
exit;
}
force_page('billing', 'new&wo_id=' . $workorder_id . '&customer_id=' . $customer_id . '&invoice_id=' . $invoice_id . '&page_title=Billing&error_msg=' . $result[3]);
exit;
} else {
}
}
}
}
force_page('control', 'hours_edit&error_msg=Start Time is the same as End Time');
exit;
} else {
$q = 'UPDATE ' . PRFX . 'SETUP SET
OFFICE_HOUR_START =' . $db->qstr($VAR['startHour']) . ',
OFFICE_HOUR_END =' . $db->qstr($VAR['endHour']);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
force_page('control', 'hours_edit&msg=Office hours have been updated.');
exit;
}
}
}
} else {
$q = 'SELECT OFFICE_HOUR_START, OFFICE_HOUR_END FROM ' . PRFX . 'SETUP';
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
$arr = $rs->GetArray();
$hour = array();
while ($count != 25) {
array_push($hour, $count);
$count++;
}
$smarty->assign('hour', $hour);
$smarty->assign('arr', $arr);
$smarty->display('control/hours_edit.tpl');
}
function display_refund_search($db, $refund_search_category, $refund_search_term, $page_no, $smarty)
{
global $smarty;
// Define the number of results per page
$max_results = 25;
// Figure out the limit for the Execute based
// on the current page number.
$from = $page_no * $max_results - $max_results;
$sql = "SELECT * FROM " . PRFX . "TABLE_REFUND WHERE REFUND_{$refund_search_category} LIKE '{$refund_search_term}' ORDER BY REFUND_ID DESC LIMIT {$from}, {$max_results}";
//print $sql;
if (!($result = $db->Execute($sql))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
$refund_search_result = array();
}
while ($row = $result->FetchRow()) {
array_push($refund_search_result, $row);
}
// Figure out the total number of results in DB:
$results = $db->Execute("SELECT COUNT(*) as Num FROM " . PRFX . "TABLE_REFUND WHERE REFUND_{$refund_search_category} LIKE " . $db->qstr("{$refund_search_term}"));
if (!($total_results = $results->FetchRow())) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
} else {
$smarty->assign('total_results', $total_results['Num']);
}
// Figure out the total number of pages. Always round up using ceil()
$total_pages = ceil($total_results["Num"] / $max_results);
$smarty->assign('total_pages', $total_pages);
// Assign the first page
if ($page_no > 1) {
$prev = $page_no - 1;
}
// Build Next Link
if ($page_no < $total_pages) {
$next = $page_no + 1;
}
$smarty->assign('items', $items);
$smarty->assign('page_no', $page_no);
$smarty->assign('previous', $prev);
$smarty->assign('next', $next);
$smarty->assign('refund_search_category', $refund_search_category);
$smarty->assign('refund_search_term', $refund_search_term);
return $refund_search_result;
}
<?php
require_once "include.php";
if (!xml2php("employees")) {
$smarty->assign('error_msg', "Error in language file");
}
if (isset($VAR['submit'])) {
/* check if we have an ID */
if (!isset($VAR['employee_id'])) {
force_page('core', 'error&error_msg=No Employee ID');
}
/* if we are changing password update */
if ($VAR['password'] != '' || $VAR['login_id'] != '') {
$update = "SET EMPLOYEE_PASSWD \t\t=" . $db->qstr(md5($VAR['password'])) . ",\n\t\t\t\t\t\t\tEMPLOYEE_EMAIL\t\t\t=" . $db->qstr($VAR['email']) . ", \n\t\t\t\t\t\t\tEMPLOYEE_FIRST_NAME\t\t=" . $db->qstr($VAR['firstName']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_LAST_NAME\t\t=" . $db->qstr($VAR['lastName']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_DISPLAY_NAME =" . $db->qstr($VAR['displayName']) . ",\n EMPLOYEE_LOGIN ="******",\n\t\t\t\t\t\t\tEMPLOYEE_SSN\t\t\t\t=" . $db->qstr($VAR['']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_ADDRESS\t\t=" . $db->qstr($VAR['address']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_CITY\t\t\t=" . $db->qstr($VAR['city']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_STATE\t\t\t=" . $db->qstr($VAR['state']) . ", \n\t\t\t\t\t\t\tEMPLOYEE_ZIP \t\t\t=" . $db->qstr($VAR['zip']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_TYPE\t\t\t=" . $db->qstr($VAR['type']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_BASED\t\t\t=" . $db->qstr($VAR['based']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_WORK_PHONE\t=" . $db->qstr($VAR['workPhone']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_HOME_PHONE \t=" . $db->qstr($VAR['homePhone']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_MOBILE_PHONE\t=" . $db->qstr($VAR['mobilePhone']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_STATUS\t\t\t=" . $db->qstr($VAR['active']);
} else {
$update = "\t\tSET\n\t\t\t\t\t\t\tEMPLOYEE_EMAIL\t\t\t=" . $db->qstr($VAR['email']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_FIRST_NAME\t\t=" . $db->qstr($VAR['firstName']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_LAST_NAME\t\t=" . $db->qstr($VAR['lastName']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_DISPLAY_NAME =" . $db->qstr($VAR['displayName']) . ", \n\t\t\t\t\t\t\tEMPLOYEE_SSN\t\t\t\t=" . $db->qstr($VAR['']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_ADDRESS\t\t=" . $db->qstr($VAR['address']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_CITY\t\t\t=" . $db->qstr($VAR['city']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_STATE\t\t\t=" . $db->qstr($VAR['state']) . ", \n\t\t\t\t\t\t\tEMPLOYEE_ZIP \t\t\t=" . $db->qstr($VAR['zip']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_TYPE\t\t\t=" . $db->qstr($VAR['type']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_BASED\t\t\t=" . $db->qstr($VAR['based']) . ",\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tEMPLOYEE_WORK_PHONE\t=" . $db->qstr($VAR['workPhone']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_HOME_PHONE \t=" . $db->qstr($VAR['homePhone']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_MOBILE_PHONE\t=" . $db->qstr($VAR['mobilePhone']) . ",\n\t\t\t\t\t\t\tEMPLOYEE_STATUS\t\t\t=" . $db->qstr($VAR['active']);
}
$q = "UPDATE " . PRFX . "TABLE_EMPLOYEE " . $update . "\n\t\t\tWHERE EMPLOYEE_ID= " . $db->qstr($VAR['employee_id']);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=Error updateing Employee Information');
}
force_page('employees', 'employee_details&employee_id=' . $VAR['employee_id'] . '&page_title=Employees');
} else {
$smarty->assign('employee_type', employee_type($db));
$smarty->assign('employee_details', display_employee_info($db, $VAR['employee_id']));
$smarty->display('employees' . SEP . 'edit.tpl');
}
function update_last_active($db, $wo_id)
{
$q = "UPDATE " . PRFX . "TABLE_WORK_ORDER SET LAST_ACTIVE=" . $db->qstr(time()) . " WHERE WORK_ORDER_ID=" . $db->qstr($wo_id);
if (!($rs = $db->execute($q))) {
force_page('core', 'error&error_msg=MySQL Error: ' . $db->ErrorMsg() . '&menu=1&type=database');
exit;
}
}
}
if (isset($VAR['msg'])) {
$smarty->assign('msg', $VAR['msg']);
}
if ($VAR['escape'] != 1) {
require 'modules' . SEP . 'core' . SEP . 'header.php';
require 'modules' . SEP . 'core' . SEP . 'navagation.php';
require 'modules' . SEP . 'core' . SEP . 'company.php';
}
if ($menu == 1) {
$smarty->assign('menu', '1');
$smarty->display('core' . SEP . 'error.tpl');
} else {
/* check acl for page request */
if (!check_acl($db, $module, $page)) {
force_page('core', 'error&error_msg=You do not have permission to access this ' . $module . ':' . $page . '&menu=1');
} else {
require $the_page;
}
}
if ($VAR['escape'] != 1) {
require 'modules' . SEP . 'core' . SEP . 'footer.php';
}
/* Tracker code */
function getIP()
{
// $ip;
if (getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} else {
if (getenv("HTTP_X_FORWARDED_FOR")) {