function __construct($orientation, $metric, $size, $startdate, $enddate, $userid) { $dynamicY = 0; parent::__construct($orientation, $metric, $size); $this->SetAutoPageBreak(true, 30); $this->AddPage(); try { $sql = "SELECT A.*, \n\t\t\t\t\t B.name AS customername, B.accountnumber, \n\t\t\t\t\t\tDATE_FORMAT(A.metacreateddate, '%d/%m/%Y %H:%I') AS metacreateddate, \n\t\t\t\t\t\tDATE_FORMAT(A.converteddatetime, '%d/%m/%Y %H:%I') AS converteddatetime,\n\t\t\t\t\t\tTIMEDIFF(A.converteddatetime, A.metacreateddate) as diff\n\t\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}quotation A \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}customer B \n\t\t\t\t\t\tON B.id = A.customerid \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members C \n\t\t\t\t\t\tON C.member_id = A.takenbyid \n\t\t\t\t\t\tWHERE A.takenbyid = {$userid} \n\t\t\t\t\t\tAND A.metacreateddate >= '{$startdate}' \n\t\t\t\t\t\tAND A.metacreateddate <= '{$enddate}' \n\t\t\t\t\t\tORDER BY A.metacreateddate DESC"; $result = mysql_query($sql); if ($result) { while ($member = mysql_fetch_assoc($result)) { $diff = $member['diff']; $conversiondate = $member['converteddatetime']; if (substr($diff, 0, 1) == "-") { $diff = " "; } if (substr($conversiondate, 0, 2) == "00") { $conversiondate = " "; } $line = array("Customer" => $member['customername'], "Customer Code" => $member['accountnumber'], "Quotation Number" => getSiteConfigData()->bookingprefix . "-" . sprintf("%06d", $member['id']), "Quotation Date" => $member['metacreateddate'], "Conversion Date" => $conversiondate, "Time Taken" => $diff, "Total" => number_format($member['total'], 2)); $this->addLine($this->GetY(), $line); } } else { logError($sql . " - " . mysql_error()); } } catch (Exception $e) { logError($e->getMessage()); } }
function __construct($orientation, $metric, $size, $startdate, $enddate, $userid) { $dynamicY = 0; parent::__construct($orientation, $metric, $size); $this->SetAutoPageBreak(true, 30); $this->AddPage(); try { $and = ""; if ($startdate != "") { $and .= " AND A.metacreateddate >= '{$startdate}' "; } if ($enddate != "") { $and .= " AND A.metacreateddate <= '{$enddate}' "; } if ($userid != "0") { $and .= " AND A.takenbyid = {$userid} "; } $sql = "SELECT A.*, \n\t\t\t\t\t B.name AS customername, B.accountnumber, \n\t\t\t\t\t C.fullname,\n\t\t\t\t\t\tDATE_FORMAT(A.metacreateddate, '%d/%m/%Y %H:%I') AS metacreateddate\n\t\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}quotation A \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}customer B \n\t\t\t\t\t\tON B.id = A.customerid \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members C \n\t\t\t\t\t\tON C.member_id = A.takenbyid \n\t\t\t\t\t\tWHERE 1 = 1 {$and} \n\t\t\t\t\t\tORDER BY B.name, A.metacreateddate"; $result = mysql_query($sql); if ($result) { while ($member = mysql_fetch_assoc($result)) { $line = array("Customer" => $member['customername'], "Customer Code" => $member['accountnumber'], "Quotation Number" => getSiteConfigData()->bookingprefix . "-" . sprintf("%06d", $member['id']), "User" => $member['fullname'], "Quotation Date" => $member['metacreateddate'], "Value" => number_format($member['total'], 2)); $this->addLine($this->GetY(), $line); } } else { logError($sql . " - " . mysql_error()); } } catch (Exception $e) { logError($e->getMessage()); } }
public function postScriptEvent() { ?> var currentID = 0; var currentItem = -1; var itemArray = []; function showHeader() { callAjax( "finddata.php", { sql: "SELECT A.*, B.id AS clientid, B.customerid, B.invoiceaddress1, B.invoiceaddress2, " + "B.invoiceaddress3, B.invoicecity, B.invoicepostcode " + "FROM <?php echo $_SESSION['DB_PREFIX']; ?> customerclientsite A " + "INNER JOIN <?php echo $_SESSION['DB_PREFIX']; ?> customerclient B " + "ON B.id = A.clientid " + "WHERE A.id = " + $("#siteid").val() }, function(data) { if (data.length > 0) { var node = data[0]; var invoiceaddress = ""; var deliveryaddress = ""; if (node.deliveryaddress1 != "") deliveryaddress += node.deliveryaddress1+ "\n"; if (node.deliveryaddress2!= "") deliveryaddress += node.deliveryaddress2+ "\n"; if (node.deliveryaddress3!= "") deliveryaddress += node.deliveryaddress3+ "\n"; if (node.deliverycity!= "") deliveryaddress += node.deliverycity+ "\n"; if (node.deliverypostcode!= "") deliveryaddress += node.deliverypostcode+ "\n"; if (node.invoiceaddress1!= "") invoiceaddress += node.invoiceaddress1+ "\n"; if (node.invoiceaddress2!= "") invoiceaddress += node.invoiceaddress2+ "\n"; if (node.invoiceaddress3!= "") invoiceaddress += node.invoiceaddress3+ "\n"; if (node.invoicecity!= "") invoiceaddress += node.invoicecity+ "\n"; if (node.invoicepostcode!= "") invoiceaddress += node.invoicepostcode+ "\n"; if (deliveryaddress == "") { deliveryaddress = invoiceaddress; } $("#invoiceaddress").val(invoiceaddress); $("#deliveryaddress").val(deliveryaddress); $("#customerid").val(node.customerid); $("#clientid").val(node.clientid); } }, false ); } function customerid_onchange() { $.ajax({ url: "createclientcombo.php", dataType: 'html', async: false, data: { customerid: $("#customerid").val() }, type: "POST", error: function(jqXHR, textStatus, errorThrown) { alert(errorThrown); }, success: function(data) { $("#clientid").html(data).trigger("change"); } }); } function clientid_onchange() { $.ajax({ url: "createclientsitecombo.php", dataType: 'html', async: false, data: { clientid: $("#clientid").val() }, type: "POST", error: function(jqXHR, textStatus, errorThrown) { alert(errorThrown); }, success: function(data) { $("#siteid").html(data).trigger("change"); } }); } function siteid_onchange() { showHeader(); } function total_onchange() { calculate_total(); } function calculate_total() { var total; var deliverycharge; var discount; deliverycharge = parseFloat($("#deliverycharge").val()); discount = parseFloat($("#discount").val()); total = parseFloat($("#total").val()); total -= deliverycharge; if (total < 0) { total = 0; } total -= (total * (discount) / 100); $("#discount").val(new Number(discount).toFixed(2)); $("#deliverycharge").val(new Number(deliverycharge).toFixed(2)); $("#total").val(new Number(total).toFixed(2)); } function productid_onchange() { callAjax( "finddata.php", { sql: "SELECT A.rspnet, A.productcode, B.priceeach, B.qtyfrom, B.qtyto FROM <?php echo $_SESSION['DB_PREFIX']; ?> product A LEFT OUTER JOIN <?php echo $_SESSION['DB_PREFIX']; ?> pricebreak B ON B.productid = A.id WHERE A.id = " + $("#item_productid").val() }, function(data) { var i; for (i = 0; i < data.length; i++) { var node = data[i]; if (i == 0) { /* Default to unit price. */ $("#item_unitprice").val(new Number(node.rspnet).toFixed(2)).trigger("change"); } $("#item_productcode").val(node.productcode); if (node.qtyfrom != null) { var qty = parseInt($("#item_quantity").val()); if (node.qtyfrom <= qty && node.qtyto >= qty) { /* Use price break. */ $("#item_unitprice").val(new Number(node.priceeach).toFixed(2)).trigger("change"); } } } } ); } function qty_onchange(node) { var qty = parseInt($("#item_quantity").val()); var unitprice = parseFloat($("#item_unitprice").val()); var vatrate = parseFloat($("#item_vatrate").val()); if (isNaN(unitprice)) { unitprice = 0; } if (isNaN(vatrate)) { vatrate = 0; } if (isNaN(qty)) { qty = 0; } var total = parseFloat(qty * unitprice); var vat = total * (vatrate / 100); total += vat; $("#item_vatrate").val(new Number(vatrate).toFixed(2)); $("#item_vat").val(new Number(vat).toFixed(2)); $("#item_unitprice").val(new Number(unitprice).toFixed(2)); $("#item_quantity").val(new Number(qty).toFixed(0)); $("#item_linetotal").val(new Number(total).toFixed(2)); } function printOrder(id) { window.open("orderreport.php?id=" + id); } function printDelivery(id) { window.open("deliveryreport.php?id=" + id); } function populateTable(data) { var total = 0; var html = "<TABLE width='100%' class='grid list'><THEAD><?php createHeader(); ?> </THEAD>"; if (data != null) { data.sort( function(a, b) { if(a.sequence < b.sequence) return -1; if(a.sequence > b.sequence) return 1; return 0; } ); } $("#item_serial").val(JSON.stringify(data)); if (data != null) { for (var i = 0; i < data.length; i++) { var node = data[i]; if (node.description != null) { html += "<TR>"; html += "<TD>" + "<img src='images/edit.png' title='Edit item' onclick='editItem(" + i + ")' /> " + "<img src='images/delete.png' title='Remove item' onclick='removeItem(" + i + ")' /> "; if (i > 0) { html += "<img src='images/up.png' title='Move up' onclick='moveUpItem(" + i + ")' /> "; } else { html += "<img src='images/up.png' style='visibility:hidden' /> "; } if (i < (data.length - 1)) { html += "<img src='images/down.png' title='Move down' onclick='moveDownItem(" + i + ")' />"; } else { html += "<img src='images/down.png' style='visibility:hidden' /> "; } html += "</TD>"; html += "<TD>" + node.description + "</TD>"; html += "<TD align=right>" + new Number(node.quantity).toFixed(0) + "</TD>"; html += "<TD align=right>" + new Number(node.priceeach).toFixed(2) + "</TD>"; html += "<TD align=right>" + new Number(node.vatrate).toFixed(2) + "</TD>"; html += "<TD align=right>" + new Number(node.vat).toFixed(2) + "</TD>"; html += "<TD align=right>" + new Number(node.linetotal).toFixed(2) + "</TD>"; html += "</TR>\n"; total += parseFloat(node.linetotal); } } } if ($("#deliverycharge").val() == "6.50" || $("#deliverycharge").val() == "0.00") { if (total < 75) { $("#deliverycharge").val("6.50"); } else { $("#deliverycharge").val("0.00"); } } $("#total").val(new Number(total).toFixed(2)); calculate_total(); html = html + "</TABLE>"; $("#divtable").html(html); } function saveQuoteItem() { if (! verifyStandardForm("#invoiceitemform")) { pwAlert("Invalid form"); return false; } if (currentItem == -1) { var lastsequence = 1; if (itemArray.length > 0) { lastsequence = itemArray[itemArray.length - 1].sequence + 1; } } else { lastsequence = itemArray[currentItem].sequence; } var item = { id: $("#item_id").val(), sequence: lastsequence, quantity: $("#item_quantity").val(), priceeach: $("#item_unitprice").val(), vatrate: $("#item_vatrate").val(), vat: $("#item_vat").val(), linetotal: $("#item_linetotal").val(), productid: $("#item_productid").val(), description: $("#item_productid_lazy").val() }; if (currentItem == -1) { itemArray.push(item); } else { itemArray[currentItem] = item; } populateTable(itemArray); return true; } function moveUpItem(id) { var sequence = itemArray[id].sequence; var prevsequence = itemArray[id - 1].sequence; itemArray[id].sequence = prevsequence; itemArray[id - 1].sequence = sequence; populateTable(itemArray) } function moveDownItem(id) { var sequence = itemArray[id].sequence; var nextsequence = itemArray[id + 1].sequence; itemArray[id].sequence = nextsequence; itemArray[id + 1].sequence = sequence; populateTable(itemArray) } function removeItem(id) { currentItem = id; $("#confirmRemoveDialog .confirmdialogbody").html("You are about to approve this item.<br>Are you sure ?"); $("#confirmRemoveDialog").dialog("open"); } function confirmRemoval() { var newItemArray = []; var i; $("#confirmRemoveDialog").dialog("close"); for (i = 0; i < itemArray.length; i++) { if (currentItem != i) { newItemArray.push(itemArray[i]); } } itemArray = newItemArray; populateTable(itemArray); } function editItem(id) { currentItem = id; var node = itemArray[id]; $("#item_itemid").val(node.id); $("#item_productid").val(node.productid).trigger("change"); $("#item_productid_lazy").val(node.description); $("#item_quantity").val(node.quantity); $("#item_vat").val(node.vat); $("#item_vatrate").val(node.vatrate); $("#item_unitprice").val(node.priceeach); $("#item_linetotal").val(node.linetotal); $('#invoiceitemdialog').dialog('open'); } function addQuoteItem() { currentItem = -1; $("#item_itemid").val("0"); $("#item_productid").val("0"); $("#item_productid_lazy").val(""); $("#item_quantity").val("1"); $("#item_vatrate").val("<?php echo getSiteConfigData()->vatrate; ?> "); $("#item_vat").val("0.00"); $("#item_unitprice").val("0.00"); $("#item_linetotal").val("0.00"); $('#invoiceitemdialog').dialog('open'); } function validateForm() { return true; } $(document).ready( function() { $("#item_productid").change(productid_onchange); $("#customerid").change(customerid_onchange); $("#clientid").change(clientid_onchange); $("#siteid").change(siteid_onchange); $("#invoiceitemdialog").dialog({ modal: true, autoOpen: false, show:"fade", closeOnEscape: true, width: 690, hide:"fade", title:"Quote Item", open: function(event, ui){ }, buttons: { "Save": function() { if (saveQuoteItem()) { $(this).dialog("close"); } }, Cancel: function() { $(this).dialog("close"); } } }); } ); function bookingReference(node) { return "<?php echo getSiteConfigData()->bookingprefix; ?> " + padZero(node.id, 6); } function accept(id) { currentID = id; $("#confirmacceptdialog .confirmdialogbody").html("You are about to invoice this order.<br>Are you sure ?"); $("#confirmacceptdialog").dialog("open"); } function undo(id) { currentID = id; $("#confirmundodialog .confirmdialogbody").html("You are about to undo this order.<br>Are you sure ?"); $("#confirmundodialog").dialog("open"); } function confirmaccept() { post("editform", "accept", "submitframe", { orderid: currentID } ); $("#confirmacceptdialog").dialog("close"); } function confirmundo() { post("editform", "undo", "submitframe", { orderid: currentID } ); $("#confirmundodialog").dialog("close"); } function checkStatus(node) { if (node.status == 0) { $("#acceptbutton").show(); $("#undobutton").hide(); } else { $("#acceptbutton").hide(); $("#undobutton").show(); } } function editDocuments(node) { viewDocument(node, "addorderdocument.php", node, "orderdocs", "orderid"); } <?php }
function __construct($orientation, $metric, $size, $id) { $dynamicY = 0; start_db(); parent::__construct($orientation, $metric, $size); try { $sql = "SELECT A.*, DATE_FORMAT(A.invoicedate, '%d/%m/%Y') AS invoicedate,\n\t\t\t\t\t\tD.name AS customername, D.accountnumber, D.invoiceaddress1, D.invoiceaddress2, D.invoiceaddress3, \n\t\t\t\t\t\tD.invoicecity, D.invoicepostcode, B.deliveryaddress1, B.deliveryaddress2, \n\t\t\t\t\t\tB.deliveryaddress3, B.deliverycity, B.deliverypostcode, D.firstname, B.lastname,\n\t\t\t\t\t\tE.fullname AS takenbyname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}invoice A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}customerclientsite B\n\t\t\t\t\t ON B.id = A.siteid\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}customerclient C\n\t\t\t\t\t ON C.id = B.clientid\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}customer D\n\t\t\t\t\t ON D.id = C.customerid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members E\n\t\t\t\t\t ON E.member_id = A.takenbyid\n\t\t\t\t\t WHERE A.id = {$id}\n\t\t\t\t\t ORDER BY A.id DESC"; $result = mysql_query($sql); if ($result) { while ($this->headermember = mysql_fetch_assoc($result)) { $shipping = $this->headermember['deliverycharge']; $discount = $this->headermember['discount']; $total = 0; $dynamicY = $this->newPage() + 7; $sql = "SELECT A.*, B.productcode, B.description\n\t\t\t\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}invoiceitem A \n\t\t\t\t\t\t\t\tINNER JOIN {$_SESSION['DB_PREFIX']}product B \n\t\t\t\t\t\t\t\tON B.id = A.productid \n\t\t\t\t\t\t\t\tWHERE A.invoiceid = {$id} \n\t\t\t\t\t\t\t\tORDER BY A.sequence"; $itemresult = mysql_query($sql); if ($itemresult) { while ($itemmember = mysql_fetch_assoc($itemresult)) { $line = array("Quantity" => $itemmember['quantity'], "Code" => $itemmember['productcode'], "Description" => $itemmember['description'], "Price Each" => number_format($itemmember['priceeach'], 2), "Line Total" => number_format($itemmember['priceeach'] * $itemmember['quantity'], 2)); $size = $this->addLine($dynamicY, $line); $dynamicY += $size + 1; if ($dynamicY > 225) { $dynamicY = $this->newPage(); $dynamicY = 102; } $total = $total + $itemmember['priceeach'] * $itemmember['quantity']; $totalvat += $itemmember['vat']; } } else { logError($qry . " - " . mysql_error()); } $line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Goods Net:", "Line Total" => number_format($total, 2)); $size = $this->addLine(236, $line); $line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Delivery:", "Line Total" => number_format($shipping, 2)); $size = $this->addLine(242, $line); $line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Invoice Net:", "Line Total" => number_format($shipping + $total, 2)); $size = $this->addLine(248, $line); $totalvat += $shipping * (getSiteConfigData()->vatrate / 100); $line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "VAT:", "Line Total" => number_format($totalvat, 2)); $size = $this->addLine(254, $line); $line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Total:", "Line Total" => number_format($totalvat + $shipping + $total - $discount, 2)); $size = $this->addLine(260, $line); $this->addText(162, 265, "Pounds Sterling", 6, 3); } } else { logError($sql . " - " . mysql_error()); } } catch (Exception $e) { logError($e->getMessage()); } $this->AliasNbPages(); }
$objPHPExcel->getActiveSheet()->getColumnDimension('D')->setWidth(37); $objPHPExcel->getActiveSheet()->getColumnDimension('E')->setWidth(37); $objPHPExcel->getActiveSheet()->getColumnDimension('F')->setWidth(29); $objPHPExcel->getActiveSheet()->getColumnDimension('G')->setWidth(28); $objPHPExcel->getActiveSheet()->SetCellValue('A1', 'Customer'); $objPHPExcel->getActiveSheet()->SetCellValue('B1', 'Customer Code'); $objPHPExcel->getActiveSheet()->SetCellValue('C1', 'Quotation Number'); $objPHPExcel->getActiveSheet()->SetCellValue('D1', 'Quotation Date'); $objPHPExcel->getActiveSheet()->SetCellValue('E1', 'Conversion Date'); $objPHPExcel->getActiveSheet()->SetCellValue('F1', 'Time Taken'); $objPHPExcel->getActiveSheet()->SetCellValue('G1', 'Total'); while ($member = mysql_fetch_assoc($result)) { $row++; $diff = $member['diff']; $conversiondate = $member['converteddatetime']; if (substr($diff, 0, 1) == "-") { $diff = " "; } if (substr($conversiondate, 0, 2) == "00") { $conversiondate = " "; } $objPHPExcel->getActiveSheet()->SetCellValue('A' . $row, $member['customername']); $objPHPExcel->getActiveSheet()->SetCellValue('B' . $row, $member['accountnumber']); $objPHPExcel->getActiveSheet()->SetCellValue('C' . $row, getSiteConfigData()->bookingprefix . "-" . sprintf("%06d", $member['id'])); $objPHPExcel->getActiveSheet()->SetCellValue('D' . $row, $member['metacreateddate']); $objPHPExcel->getActiveSheet()->SetCellValue('E' . $row, $conversiondate); $objPHPExcel->getActiveSheet()->SetCellValue('F' . $row, $diff); $objPHPExcel->getActiveSheet()->SetCellValue('G' . $row, number_format($member['total'], 2)); } $objWriter = new PHPExcel_Writer_Excel2007($objPHPExcel); $objWriter->save('php://output');
function login($login, $password, $redirect = true) { //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; unset($_SESSION['LOGIN_ERRMSG_ARR']); unset($_SESSION['ERR_USER']); unset($_SESSION['MENU_CACHE']); //Function to sanitize values received from the form. Prevents SQL injection //Sanitize the POST values $login = clean($login); $password = clean($password); //Input Validations if ($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if ($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //Create query $qry = "SELECT DISTINCT A.* " . "FROM {$_SESSION['DB_PREFIX']}members A " . "WHERE A.login = '******' " . "AND A.passwd = '" . md5($password) . "' " . "AND A.accepted = 'Y'"; $result = mysql_query($qry); //Check whether the query was successful or not if ($result) { if (mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; $qry = "SELECT * FROM {$_SESSION['DB_PREFIX']}userroles WHERE memberid = " . $_SESSION['SESS_MEMBER_ID'] . ""; $result = mysql_query($qry); $index = 0; $status = null; $arr = array(); $arr[$index++] = "PUBLIC"; unset($_SESSION['SESS_EVENT_ID']); //Check whether the query was successful or not if ($result) { while ($member = mysql_fetch_assoc($result)) { $arr[$index++] = $member['roleid']; } } else { logError('Failed to connect to server: ' . mysql_error()); } $_SESSION['ROLES'] = $arr; $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}loginaudit " . "(" . "memberid, timeon, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid" . ") " . "VALUES " . "(" . $_SESSION['SESS_MEMBER_ID'] . ", NOW(), NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . "" . ")"; $auditresult = mysql_query($qry); $auditid = mysql_insert_id(); $_SESSION['SESS_LOGIN_AUDIT'] = $auditid; if (!$auditresult) { logError("{$qry} - " . mysql_error()); } $qry = "UPDATE {$_SESSION['DB_PREFIX']}members SET " . "loginauditid = {$auditid}, metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = " . $_SESSION['SESS_MEMBER_ID']; $auditresult = mysql_query($qry); if (!$auditresult) { logError("{$qry} - " . mysql_error()); } //Create query $qry = "SELECT lastschedulerun " . "FROM {$_SESSION['DB_PREFIX']}siteconfig A " . "WHERE (lastschedulerun <= (DATE_ADD(CURDATE(), INTERVAL -" . getSiteConfigData()->runscheduledays . " DAY)) OR lastschedulerun IS NULL) "; $result = mysql_query($qry); //Check whether the query was successful or not if ($result) { if (mysql_num_rows($result) == 1) { require_once "runalerts.php"; } } if ($redirect) { header("location: index.php"); exit; } } else { //If there are input validations, redirect back to the login form if (!$errflag) { // $errmsg_arr[] = "Login not found / Not active.<br>Please register or contact portal support"; $errmsg_arr[] = "Invalid login"; } $_SESSION['LOGIN_ERRMSG_ARR'] = $errmsg_arr; //Login failed header("location: system-login.php?session=" . urlencode($_GET['session'])); exit; } } else { logError("Query failed :" . mysql_error()); } }
function login($login, $password, $redirect = true, $mobile = true) { //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; unset($_SESSION['LOGIN_ERRMSG_ARR']); unset($_SESSION['ERR_USER']); unset($_SESSION['MENU_CACHE']); //Function to sanitize values received from the form. Prevents SQL injection //Sanitize the POST values $login = clean($login); $password = clean($password); //Input Validations if ($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if ($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } $md5passwd = md5($password); //Create query if ($mobile) { $qry = "SELECT DISTINCT A.* \n\t\t\t FROM {$_SESSION['DB_PREFIX']}members A \n\t\t\t WHERE A.login = '******' \n\t\t\t AND A.passwd = '{$md5passwd}' \n\t\t\t \tAND A.accepted = 'Y'"; } else { $qry = "SELECT DISTINCT A.*\n\t\t\t FROM {$_SESSION['DB_PREFIX']}members A \n\t\t\t WHERE A.login = '******' \n\t\t\t AND A.passwd = '{$md5passwd}' \n\t\t\t \tAND A.accepted = 'Y'\n\t\t\t \tAND A.member_id IN (SELECT C.memberid FROM {$_SESSION['DB_PREFIX']}userroles C WHERE C.roleid = 'ADMIN')"; } $result = mysql_query($qry); //Check whether the query was successful or not if ($result) { if (mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_NAME'] = $member['fullname']; $qry = "SELECT * \n\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}userroles \n\t\t\t\t\tWHERE memberid = {$_SESSION['SESS_MEMBER_ID']}"; $result = mysql_query($qry); $index = 0; $status = null; $arr = array(); $arr[$index++] = "PUBLIC"; //Check whether the query was successful or not if ($result) { while ($member = mysql_fetch_assoc($result)) { $arr[$index++] = $member['roleid']; } } else { logError('Failed to connect to server: ' . mysql_error()); } $_SESSION['ROLES'] = $arr; $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}loginaudit \n\t\t\t\t\t(\n\t\t\t\t\t\ttimeon, memberid, \n\t\t\t\t\t\tmetacreateddate, metacreateduserid, \n\t\t\t\t\t\tmetamodifieddate, metamodifieduserid\n\t\t\t\t\t) \n\t\t\t\t\tVALUES \n\t\t\t\t\t(\n\t\t\t\t\t\tNOW(), {$_SESSION['SESS_MEMBER_ID']}, \n\t\t\t\t\t\tNOW(), {$_SESSION['SESS_MEMBER_ID']}, \n\t\t\t\t\t\tNOW(), {$_SESSION['SESS_MEMBER_ID']}\n\t\t\t\t\t)"; $auditresult = mysql_query($qry); $auditid = mysql_insert_id(); $_SESSION['SESS_LOGIN_AUDIT'] = $auditid; if (!$auditresult) { logError("{$qry} - " . mysql_error()); } $qry = "UPDATE {$_SESSION['DB_PREFIX']}members SET \n\t\t\t\t\tloginauditid = {$auditid}, \n\t\t\t\t\tmetamodifieddate = NOW(), \n\t\t\t\t\tmetamodifieduserid = {$_SESSION['SESS_MEMBER_ID']}\n\t\t\t\t\tWHERE member_id = {$_SESSION['SESS_MEMBER_ID']}"; $auditresult = mysql_query($qry); if (!$auditresult) { logError("{$qry} - " . mysql_error()); } //Create query $days = getSiteConfigData()->runscheduledays; $qry = "SELECT lastschedulerun \n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}siteconfig A \n\t\t\t\t WHERE (lastschedulerun <= (DATE_ADD(CURDATE(), INTERVAL -{$days} DAY)) \n\t\t\t\t OR lastschedulerun IS NULL) "; $result = mysql_query($qry); //Check whether the query was successful or not if ($result) { if (mysql_num_rows($result) == 1) { require_once "runalerts.php"; } } if ($redirect) { header("location: index.php"); exit; } } else { //If there are input validations, redirect back to the login form if (!$errflag) { $errmsg_arr[] = "Invalid login"; } $_SESSION['LOGIN_ERRMSG_ARR'] = $errmsg_arr; //Login failed if ($mobile) { header("location: system-login.php?session=" . urlencode($_GET['session'])); } else { header("location: system-login.php?session=" . urlencode($_GET['session'])); } exit; } } else { logError(mysql_error() . " - {$qry}"); } }
$("#loginForm").submit(); } $(document).ready(function() { $("#login").change( function() { $(".loginerror").hide(); } ); $("#dialog").dialog({ modal: true, width: 480, closeOnEscape: false, dialogClass: '<?php if (getSiteConfigData()->maintenancemode == "Y") { echo "login-dialog2"; } else { echo "login-dialog"; } ?> ', beforeClose: function() { return false; } }); }); </script> <?php } unset($_SESSION['ERRMSG_ARR']);
echo "<td><img title='Click to sign' src='images/stock.png' onclick='sign(" . $member['id'] . ")'/></td>"; echo "</tr>\n"; } } ?> </table> </td> <?php } ?> <td style='border: 1px solid #CCCCCC; padding: 10px'> <div class="welcome" > <div class="fright welcome"> <img src='images/logo-welcome.png' /> </div> <?php if (isUserInRole("ADMIN")) { echo getSiteConfigData()->welcometext; } ?> </div> </td> </tr> </table> <?php if (!isUserInRole("ADMIN")) { ?> <p>Please click on the icon above to sign your loan agreement</p> <?php } include "system-footer.php";
<?php require_once 'system-db.php'; start_db(); $id = $_GET['id']; if (!isset($id)) { logError("Please select your image!"); } else { $dirname = "uploads/image{$id}"; if (is_dir($dirname)) { if ($handle = opendir($dirname)) { while (false !== ($entry = readdir($handle))) { if ($entry != "." && $entry != "..") { header("location: " . getSiteConfigData()->domainurl . "/{$dirname}/{$entry}"); } } closedir($handle); } } else { $query = mysql_query("SELECT mimetype, name, image " . "FROM {$_SESSION['DB_PREFIX']}images " . "WHERE id= " . $id); $row = mysql_fetch_array($query); $content = $row['image']; $name = $row['name']; header('Content-type: ' . $row['mimetype']); try { if (!is_dir($dirname)) { error_reporting(0); mkdir($dirname); chmod($dirname, 0777); } file_put_contents("{$dirname}/{$name}", $content);
$qry = "UPDATE {$_SESSION['DB_PREFIX']}teamagegroup SET \n\t\t\t\t\tfirstname = '{$fname}', \n\t\t\t\t\tlastname = '{$lname}',\n\t\t\t\t\ttelephone = '{$landline}',\n\t\t\t\t\temail = '{$email}',\n\t\t\t\t\tlogin = {$memberid}\n\t\t\t\t\tWHERE id = {$teamid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE team failed ({$qry}):" . mysql_error()); } } if ($clubid != 0) { $qry = "UPDATE {$_SESSION['DB_PREFIX']}team SET \n\t\t\t\t\tfirstname = '{$fname}', \n\t\t\t\t\tlastname = '{$lname}',\n\t\t\t\t\ttelephone = '{$landline}',\n\t\t\t\t\temail = '{$email}'\n\t\t\t\t\tWHERE id = {$clubid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE team failed ({$qry}):" . mysql_error()); } } mysql_query("COMMIT"); sendUserMessage(getLoggedOnMemberID(), "User Registration", "User " . $_POST['login'] . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome " . $_POST['fname'] . " " . $_POST['lname'] . ".</h3><br>You have been invited to become a member of 'Harrow Youth Football League'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : " . $_POST['login'] . "<br>Password : "******"location: system-register-success.php"); } else { logError("1 Query failed:" . mysql_error()); } } else { $memberid = $_GET['id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}members \n\t\t\t\tSET email = '{$email}', \n\t\t\t\tfirstname = '{$fname}', \n\t\t\t\tlastname = '{$lname}', \n\t\t\t\tlastaccessdate = NOW(),\n\t\t\t\tpasswd = '" . md5($password) . "'\n\t\t\t\tWHERE member_id = {$memberid}"; $result = mysql_query($qry); if (!$result) { logError("UPDATE members failed:" . mysql_error()); } $_SESSION['SESS_FIRST_NAME'] = $fname; $_SESSION['SESS_LAST_NAME'] = $lname; sendUserMessage(getLoggedOnMemberID(), "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>.");
function getFilteredData($sql) { if (!isset($_SESSION['SITE_CONFIG'])) { return $sql; } $parser = new PHPSQLParser($sql); $tablealias = null; $data = getSiteConfigData(); foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_members") { if ($table['alias'] != "") { $tablealias = $table['alias']['name']; } else { $tablealias = $table['table']; } } } // echo $sql . "\n"; // print_r($parser->parsed); if (!isset($parser->parsed['WHERE'])) { /* Create where clause. */ $parser->parsed['WHERE'] = array(); } else { /* Add to the where clause. */ $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "AND", "sub_tree" => ""); } if (isUserInRole($data->adminrole) || isUserInRole($data->managementrole)) { /* Do nothing, access rights to all. */ return $sql; } if (isUserInRole($data->trainingmanagementrole)) { /* Not restricted by anything training related. * Page roles will prevent access to parts of the system * that are not appropriate to training management. */ return $sql; } if (isUserInRole($data->officeadminrole)) { /* Restricted to. * Personal details for APPRAISALS only. */ foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] != "horizon_appraisal") { $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""); } } } if (isUserInRole($data->compliancerole)) { foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_holiday") { /* Compliance don't restrict holidays */ return $sql; } } /* Restricted to. * All technicians and team leaders. */ $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); } else { if (isUserInRole($data->regionalservicemanagerrole)) { /* Restricted to. * All personnel and team leaders. */ $parser->parsed['OPTIONS'][] = "DISTINCT"; $parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userteams", "alias" => array("as" => "", "name" => "horizon_userteams", "base_expr" => "horizon_userteams"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.teamid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""))); } else { if (isUserInRole($data->officerole)) { $appraisal = false; foreach ($parser->parsed['FROM'] as $table) { if ($table['table'] == "horizon_appraisal") { /* Compliance don't restrict holidays */ $appraisal = true; } } if (!$appraisal) { return $sql; } /* Restricted to. * All technicians and team leaders. */ $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""))); } else { if (isUserInRole($data->officemanagerrole)) { /* Restricted to. * All personnel and team leaders. */ $parser->parsed['OPTIONS'][] = "DISTINCT"; $parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userroles", "alias" => array("as" => "", "name" => "horizon_userroles", "base_expr" => "horizon_userroles"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""))); $parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.roleid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->officepersonnelrole . "'", "sub_tree" => ""))); } else { if (isUserInRole($data->teamleaderrole)) { /* Restricted to. * Team personnel and themselves. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => ""); } else { if (isUserInRole($data->areacoordinatorrole)) { /* Restricted to. * Team personnel and themselves. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => ""); } else { /* Restricted to. * Technician Level 1 – Personal details. */ $parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""); $parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""); } } } } } } $creator = new PHPSQLCreator($parser->parsed); $created = $creator->created; return $created; }
function __construct($orientation, $metric, $size, $id) { global $member; global $top; parent::__construct($orientation, $metric, $size); $this->SetAutoPageBreak(true, 0); //Include database connection details start_db(); $margin = 7; $sql = "SELECT A.*, " . "DATE_FORMAT(A.creditdate, '%d/%m/%Y') AS creditdate, " . "DATE_FORMAT(A.paymentdate, '%d/%m/%Y') AS paymentdate, " . "DATE_FORMAT(A.createddate, '%d/%m/%Y') AS createddate, " . "DATE_FORMAT(B.datedelivered, '%d/%m/%Y') AS datedelivered, " . "A.deladdress, A.toaddress, B.plaintiff, B.casenumber, B.transcripttype, B.j33number, B.depositamount, " . "D.name AS courtname, D.vatapplicable, D.address, D.fax AS courtfax, D.cellphone AS courtmobile, " . "D.email AS courtemail, D.telephone AS courttelephone, D.contact AS courtcontact, " . "E.name AS provincename, F.name AS terms, G.firstname, G.lastname, G.mobile, G.landline, G.email, G.fax, " . "I.name AS clientcourtname, " . "O.privatebankingdetails, O.bankingdetails, " . "O.address AS officeaddress, O.email AS officeemail, O.telephone, O.contact, O.fax AS officefax, O.name AS officename " . "FROM {$_SESSION['DB_PREFIX']}invoices A " . "INNER JOIN {$_SESSION['DB_PREFIX']}cases B " . "ON B.id = A.caseid " . "INNER JOIN {$_SESSION['DB_PREFIX']}courts D " . "ON D.id = B.courtid " . "INNER JOIN {$_SESSION['DB_PREFIX']}province E " . "ON E.id = D.provinceid " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}caseterms F " . "ON F.id = A.termsid " . "INNER JOIN {$_SESSION['DB_PREFIX']}members G " . "ON G.member_id = A.contactid " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}courts I " . "ON I.id = B.clientcourtid " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}offices J " . "ON J.id = A.officeid " . "INNER JOIN {$_SESSION['DB_PREFIX']}offices O " . "ON O.id = A.officeid " . "WHERE A.caseid = {$id} " . "ORDER BY B.id"; $result = mysql_query($sql); if ($result) { $total = 0; $subtotal = 0; $shipping = 0; $totalvat = 0; $depositamount = 0; $vatapplicable = "N"; while ($member = mysql_fetch_assoc($result)) { $this->newPage(); $first = false; $y = $top; $vatapplicable = $member['vatapplicable']; $invoiceid = $member['id']; // $description = $this->stripHTML($member['description']); $description = $member['description']; if ($member['depositamount'] != null) { $depositamount = $member['depositamount']; } $sql = "SELECT C.id, C.description, C.qty, C.vat, C.vatrate, C.total, C.unitprice, " . "H.name AS templatename " . "FROM {$_SESSION['DB_PREFIX']}invoiceitems C " . "INNER JOIN {$_SESSION['DB_PREFIX']}invoiceitemtemplates H " . "ON H.id = C.templateid " . "WHERE C.invoiceid = {$invoiceid} " . "ORDER BY C.id"; $itemresult = mysql_query($sql); if ($itemresult) { while ($itemmember = mysql_fetch_assoc($itemresult)) { $line = array("Quantity" => number_format($itemmember['qty'], 0), "Description" => $itemmember['templatename'], "Unit Price" => "R " . number_format($itemmember['unitprice'], 2), "Total" => "R " . number_format($itemmember['total'], 2)); $size = $this->addLine($y, $line); $y += $size; if ($y > 235) { $this->newPage(); $y = $top; } $subtotal += $itemmember['total'] - $member['vat']; $shipping = $itemmember['shippinghandling']; $totalvat += $itemmember['vat']; $total += $itemmember['total']; } $y += 4; if ($y > 175) { $this->newPage(); $y = $top; } $line = array("Quantity" => " ", "Description" => $description, "Unit Price" => " ", "Total" => " "); $size = $this->addLine($y, $line); $y += $size; if ($y > 235) { $this->newPage(); $y = $top; } } else { logError($sql . " - " . mysql_error()); } } } else { logError($sql . " - " . mysql_error()); } if ($vatapplicable == "Y") { $this->Line(121, 240, 200, 240); $this->Line(121, 245, 200, 245); $this->Line(121, 250, 200, 250); } $this->Line(121, 255, 200, 255); if ($vatapplicable == "Y") { $line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "VAT (" . number_format(getSiteConfigData()->vatrate, 0) . "%)", "Total" => "R " . number_format($totalvat, 2)); $size = $this->addLine(242, $line); $line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "TOTAL", "Total" => "R " . number_format($total, 2)); $size = $this->addLine(247, $line); $line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "DEPOSIT", "Total" => "R " . number_format($depositamount, 2)); $size = $this->addLine(252, $line); $line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "TOTAL DUE", "Total" => "R " . number_format($total - $depositamount, 2)); $size = $this->addLine(258, $line, 0, 'B'); } else { $line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "TOTAL", "Total" => "R " . number_format($total, 2)); $size = $this->addLine(258, $line, 0, 'B'); } }
$matchid = mysql_insert_id(); if (!$result) { logError($qry . " - " . mysql_error()); } for ($i = 0; $i < count($_POST['player']); $i++) { $playerid = $_POST['player'][$i]; $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}matchplayerdetails \n\t\t\t\t\t(\n\t\t\t\t\t\tmatchid, playerid, metacreateduserid, metamodifieduserid, \n\t\t\t\t\t\tmetacreateddate, metamodifieddate\n\t\t\t\t\t)\n\t\t\t\t\tVALUES\n\t\t\t\t\t(\n\t\t\t\t\t\t{$matchid}, {$playerid}, {$memberid}, {$memberid}, \n\t\t\t\t\t\tNOW(), NOW()\n\t\t\t\t\t)"; $result = mysql_query($qry); if (!$result) { logError($qry . " - " . mysql_error()); } } $details = "Match report attached for match on " . $_POST['matchdate']; $file = "uploads/matchcard{$id}" . session_id() . ".pdf"; $report = new MatchCardReport('P', 'mm', 'A4', $matchid); $report->Output($file, "F"); sendTeamMessage($teamid, "Match Report Confirmed", $details, "", array($file)); sendRoleMessage("LEAGUE", "Match Report Confirmed", $details, "", array($file)); if ($_POST['refereescore'] < 50 && $_POST['refereescore'] > 0) { $refname = GetRefereeName($refereeid); $refdetails = "Referee {$refname} has scored {$refereescore}<br><br>Report:<br>" . $_POST['refereeremarks']; smtpmailer(getSiteConfigData()->refereereportemail, "*****@*****.**", $_SESSION['SESS_TEAM_EMAIL'], "Referee Report", $refdetails); } } catch (Exception $e) { logError("Signing image: " . $e->getMessage()); } mysql_query("COMMIT"); header("location: matchconfirm.php?id={$matchid}"); ?>
<?php include "system-embeddedheader.php"; ?> <br> <h4>Order <?php echo getSiteConfigData()->bookingprefix . sprintf("%06d", $_GET['orderid']); ?> has been processed.</h4> <br> <a href="onlineordering.php">Create New Order</a> <?php include "system-embeddedfooter.php"; ?>
//Create INSERT query $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, 'PUBLIC', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = @mysql_query($qry); $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, 'USER', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = @mysql_query($qry); if (isset($_POST['accounttype'])) { $accountrole = $_POST['accounttype']; $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, '{$accountrole}', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")"; $result = @mysql_query($qry); } $_SESSION['SESS_FIRST_NAME'] = $fname; $_SESSION['SESS_LAST_NAME'] = $lname; $_SESSION['SESS_IMAGE_ID'] = $imageid; $_SESSION['SESS_CUSTOMER_ID'] = $customerid; sendRoleMessage("ADMIN", "User Registration", "User " . $login . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome {$fname} {$lname}.</h3><br>You have been invited to become a member of 'iAfrica Database'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : {$login}<br>Password : "******"location: system-register-success.php"); } else { logError("1 Query failed:" . mysql_error()); } } else { $memberid = $_GET['id']; $qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET email = '{$email}', " . "firstname = '{$fname}', " . "lastname = '{$lname}', " . "customerid = {$customerid}, " . "imageid = {$imageid}, " . "lastaccessdate = NOW(), "; if (isset($_POST['postcode'])) { $qry .= "postcode = '{$postcode}', "; } $qry .= "passwd = '" . md5($password) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = " . $_GET['id']; $result = mysql_query($qry); if (!$result) { logError("UPDATE members failed:" . mysql_error());
dp.init(scheduler); } function refresh() { scheduler.clearAll(); scheduler.setCurrentView(null, "timeline"); setTimeout( function() { refresh(); }, <?php echo getSiteConfigData()->refreshcycle * 1000; ?> ); } function modSchedHeight(){ var sch = document.getElementById("scheduler_here"); sch.style.height = (document.body.offsetHeight - 20) + "px"; var contbox = document.getElementById("contbox"); contbox.style.width = (parseInt(document.body.offsetWidth)-300)+"px"; } </script> <div style="height:0px;background-color:#3D3D3D;border-bottom:5px solid #828282;"> <div id="contbox" style="float:left;color:white;margin:22px 75px 0 75px; overflow:hidden;font: 17px Arial,Helvetica;color:white"> </div> </div>