function __construct($orientation, $metric, $size, $startdate, $enddate, $userid)
{
$dynamicY = 0;
parent::__construct($orientation, $metric, $size);
$this->SetAutoPageBreak(true, 30);
$this->AddPage();
try {
$sql = "SELECT A.*, \n\t\t\t\t\t B.name AS customername, B.accountnumber, \n\t\t\t\t\t\tDATE_FORMAT(A.metacreateddate, '%d/%m/%Y %H:%I') AS metacreateddate, \n\t\t\t\t\t\tDATE_FORMAT(A.converteddatetime, '%d/%m/%Y %H:%I') AS converteddatetime,\n\t\t\t\t\t\tTIMEDIFF(A.converteddatetime, A.metacreateddate) as diff\n\t\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}quotation A \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}customer B \n\t\t\t\t\t\tON B.id = A.customerid \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members C \n\t\t\t\t\t\tON C.member_id = A.takenbyid \n\t\t\t\t\t\tWHERE A.takenbyid = {$userid} \n\t\t\t\t\t\tAND A.metacreateddate >= '{$startdate}' \n\t\t\t\t\t\tAND A.metacreateddate <= '{$enddate}' \n\t\t\t\t\t\tORDER BY A.metacreateddate DESC";
$result = mysql_query($sql);
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$diff = $member['diff'];
$conversiondate = $member['converteddatetime'];
if (substr($diff, 0, 1) == "-") {
$diff = " ";
}
if (substr($conversiondate, 0, 2) == "00") {
$conversiondate = " ";
}
$line = array("Customer" => $member['customername'], "Customer Code" => $member['accountnumber'], "Quotation Number" => getSiteConfigData()->bookingprefix . "-" . sprintf("%06d", $member['id']), "Quotation Date" => $member['metacreateddate'], "Conversion Date" => $conversiondate, "Time Taken" => $diff, "Total" => number_format($member['total'], 2));
$this->addLine($this->GetY(), $line);
}
} else {
logError($sql . " - " . mysql_error());
}
} catch (Exception $e) {
logError($e->getMessage());
}
}
function __construct($orientation, $metric, $size, $startdate, $enddate, $userid)
{
$dynamicY = 0;
parent::__construct($orientation, $metric, $size);
$this->SetAutoPageBreak(true, 30);
$this->AddPage();
try {
$and = "";
if ($startdate != "") {
$and .= " AND A.metacreateddate >= '{$startdate}' ";
}
if ($enddate != "") {
$and .= " AND A.metacreateddate <= '{$enddate}' ";
}
if ($userid != "0") {
$and .= " AND A.takenbyid = {$userid} ";
}
$sql = "SELECT A.*, \n\t\t\t\t\t B.name AS customername, B.accountnumber, \n\t\t\t\t\t C.fullname,\n\t\t\t\t\t\tDATE_FORMAT(A.metacreateddate, '%d/%m/%Y %H:%I') AS metacreateddate\n\t\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}quotation A \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}customer B \n\t\t\t\t\t\tON B.id = A.customerid \n\t\t\t\t\t\tLEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members C \n\t\t\t\t\t\tON C.member_id = A.takenbyid \n\t\t\t\t\t\tWHERE 1 = 1 {$and} \n\t\t\t\t\t\tORDER BY B.name, A.metacreateddate";
$result = mysql_query($sql);
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$line = array("Customer" => $member['customername'], "Customer Code" => $member['accountnumber'], "Quotation Number" => getSiteConfigData()->bookingprefix . "-" . sprintf("%06d", $member['id']), "User" => $member['fullname'], "Quotation Date" => $member['metacreateddate'], "Value" => number_format($member['total'], 2));
$this->addLine($this->GetY(), $line);
}
} else {
logError($sql . " - " . mysql_error());
}
} catch (Exception $e) {
logError($e->getMessage());
}
}
public function postScriptEvent()
{
?>
var currentID = 0;
var currentItem = -1;
var itemArray = [];
function showHeader() {
callAjax(
"finddata.php",
{
sql: "SELECT A.*, B.id AS clientid, B.customerid, B.invoiceaddress1, B.invoiceaddress2, " +
"B.invoiceaddress3, B.invoicecity, B.invoicepostcode " +
"FROM <?php
echo $_SESSION['DB_PREFIX'];
?>
customerclientsite A " +
"INNER JOIN <?php
echo $_SESSION['DB_PREFIX'];
?>
customerclient B " +
"ON B.id = A.clientid " +
"WHERE A.id = " + $("#siteid").val()
},
function(data) {
if (data.length > 0) {
var node = data[0];
var invoiceaddress = "";
var deliveryaddress = "";
if (node.deliveryaddress1 != "") deliveryaddress += node.deliveryaddress1+ "\n";
if (node.deliveryaddress2!= "") deliveryaddress += node.deliveryaddress2+ "\n";
if (node.deliveryaddress3!= "") deliveryaddress += node.deliveryaddress3+ "\n";
if (node.deliverycity!= "") deliveryaddress += node.deliverycity+ "\n";
if (node.deliverypostcode!= "") deliveryaddress += node.deliverypostcode+ "\n";
if (node.invoiceaddress1!= "") invoiceaddress += node.invoiceaddress1+ "\n";
if (node.invoiceaddress2!= "") invoiceaddress += node.invoiceaddress2+ "\n";
if (node.invoiceaddress3!= "") invoiceaddress += node.invoiceaddress3+ "\n";
if (node.invoicecity!= "") invoiceaddress += node.invoicecity+ "\n";
if (node.invoicepostcode!= "") invoiceaddress += node.invoicepostcode+ "\n";
if (deliveryaddress == "") {
deliveryaddress = invoiceaddress;
}
$("#invoiceaddress").val(invoiceaddress);
$("#deliveryaddress").val(deliveryaddress);
$("#customerid").val(node.customerid);
$("#clientid").val(node.clientid);
}
},
false
);
}
function customerid_onchange() {
$.ajax({
url: "createclientcombo.php",
dataType: 'html',
async: false,
data: {
customerid: $("#customerid").val()
},
type: "POST",
error: function(jqXHR, textStatus, errorThrown) {
alert(errorThrown);
},
success: function(data) {
$("#clientid").html(data).trigger("change");
}
});
}
function clientid_onchange() {
$.ajax({
url: "createclientsitecombo.php",
dataType: 'html',
async: false,
data: {
clientid: $("#clientid").val()
},
type: "POST",
error: function(jqXHR, textStatus, errorThrown) {
alert(errorThrown);
},
success: function(data) {
$("#siteid").html(data).trigger("change");
}
});
}
function siteid_onchange() {
showHeader();
}
function total_onchange() {
calculate_total();
}
function calculate_total() {
var total;
var deliverycharge;
var discount;
deliverycharge = parseFloat($("#deliverycharge").val());
discount = parseFloat($("#discount").val());
total = parseFloat($("#total").val());
total -= deliverycharge;
if (total < 0) {
total = 0;
}
total -= (total * (discount) / 100);
$("#discount").val(new Number(discount).toFixed(2));
$("#deliverycharge").val(new Number(deliverycharge).toFixed(2));
$("#total").val(new Number(total).toFixed(2));
}
function productid_onchange() {
callAjax(
"finddata.php",
{
sql: "SELECT A.rspnet, A.productcode, B.priceeach, B.qtyfrom, B.qtyto FROM <?php
echo $_SESSION['DB_PREFIX'];
?>
product A LEFT OUTER JOIN <?php
echo $_SESSION['DB_PREFIX'];
?>
pricebreak B ON B.productid = A.id WHERE A.id = " + $("#item_productid").val()
},
function(data) {
var i;
for (i = 0; i < data.length; i++) {
var node = data[i];
if (i == 0) {
/* Default to unit price. */
$("#item_unitprice").val(new Number(node.rspnet).toFixed(2)).trigger("change");
}
$("#item_productcode").val(node.productcode);
if (node.qtyfrom != null) {
var qty = parseInt($("#item_quantity").val());
if (node.qtyfrom <= qty && node.qtyto >= qty) {
/* Use price break. */
$("#item_unitprice").val(new Number(node.priceeach).toFixed(2)).trigger("change");
}
}
}
}
);
}
function qty_onchange(node) {
var qty = parseInt($("#item_quantity").val());
var unitprice = parseFloat($("#item_unitprice").val());
var vatrate = parseFloat($("#item_vatrate").val());
if (isNaN(unitprice)) {
unitprice = 0;
}
if (isNaN(vatrate)) {
vatrate = 0;
}
if (isNaN(qty)) {
qty = 0;
}
var total = parseFloat(qty * unitprice);
var vat = total * (vatrate / 100);
total += vat;
$("#item_vatrate").val(new Number(vatrate).toFixed(2));
$("#item_vat").val(new Number(vat).toFixed(2));
$("#item_unitprice").val(new Number(unitprice).toFixed(2));
$("#item_quantity").val(new Number(qty).toFixed(0));
$("#item_linetotal").val(new Number(total).toFixed(2));
}
function printOrder(id) {
window.open("orderreport.php?id=" + id);
}
function printDelivery(id) {
window.open("deliveryreport.php?id=" + id);
}
function populateTable(data) {
var total = 0;
var html = "<TABLE width='100%' class='grid list'><THEAD><?php
createHeader();
?>
</THEAD>";
if (data != null) {
data.sort(
function(a, b) {
if(a.sequence < b.sequence) return -1;
if(a.sequence > b.sequence) return 1;
return 0;
}
);
}
$("#item_serial").val(JSON.stringify(data));
if (data != null) {
for (var i = 0; i < data.length; i++) {
var node = data[i];
if (node.description != null) {
html += "<TR>";
html += "<TD>" +
"<img src='images/edit.png' title='Edit item' onclick='editItem(" + i + ")' /> " +
"<img src='images/delete.png' title='Remove item' onclick='removeItem(" + i + ")' /> ";
if (i > 0) {
html += "<img src='images/up.png' title='Move up' onclick='moveUpItem(" + i + ")' /> ";
} else {
html += "<img src='images/up.png' style='visibility:hidden' /> ";
}
if (i < (data.length - 1)) {
html += "<img src='images/down.png' title='Move down' onclick='moveDownItem(" + i + ")' />";
} else {
html += "<img src='images/down.png' style='visibility:hidden' /> ";
}
html +=
"</TD>";
html += "<TD>" + node.description + "</TD>";
html += "<TD align=right>" + new Number(node.quantity).toFixed(0) + "</TD>";
html += "<TD align=right>" + new Number(node.priceeach).toFixed(2) + "</TD>";
html += "<TD align=right>" + new Number(node.vatrate).toFixed(2) + "</TD>";
html += "<TD align=right>" + new Number(node.vat).toFixed(2) + "</TD>";
html += "<TD align=right>" + new Number(node.linetotal).toFixed(2) + "</TD>";
html += "</TR>\n";
total += parseFloat(node.linetotal);
}
}
}
if ($("#deliverycharge").val() == "6.50" || $("#deliverycharge").val() == "0.00") {
if (total < 75) {
$("#deliverycharge").val("6.50");
} else {
$("#deliverycharge").val("0.00");
}
}
$("#total").val(new Number(total).toFixed(2));
calculate_total();
html = html + "</TABLE>";
$("#divtable").html(html);
}
function saveQuoteItem() {
if (! verifyStandardForm("#invoiceitemform")) {
pwAlert("Invalid form");
return false;
}
if (currentItem == -1) {
var lastsequence = 1;
if (itemArray.length > 0) {
lastsequence = itemArray[itemArray.length - 1].sequence + 1;
}
} else {
lastsequence = itemArray[currentItem].sequence;
}
var item = {
id: $("#item_id").val(),
sequence: lastsequence,
quantity: $("#item_quantity").val(),
priceeach: $("#item_unitprice").val(),
vatrate: $("#item_vatrate").val(),
vat: $("#item_vat").val(),
linetotal: $("#item_linetotal").val(),
productid: $("#item_productid").val(),
description: $("#item_productid_lazy").val()
};
if (currentItem == -1) {
itemArray.push(item);
} else {
itemArray[currentItem] = item;
}
populateTable(itemArray);
return true;
}
function moveUpItem(id) {
var sequence = itemArray[id].sequence;
var prevsequence = itemArray[id - 1].sequence;
itemArray[id].sequence = prevsequence;
itemArray[id - 1].sequence = sequence;
populateTable(itemArray)
}
function moveDownItem(id) {
var sequence = itemArray[id].sequence;
var nextsequence = itemArray[id + 1].sequence;
itemArray[id].sequence = nextsequence;
itemArray[id + 1].sequence = sequence;
populateTable(itemArray)
}
function removeItem(id) {
currentItem = id;
$("#confirmRemoveDialog .confirmdialogbody").html("You are about to approve this item.<br>Are you sure ?");
$("#confirmRemoveDialog").dialog("open");
}
function confirmRemoval() {
var newItemArray = [];
var i;
$("#confirmRemoveDialog").dialog("close");
for (i = 0; i < itemArray.length; i++) {
if (currentItem != i) {
newItemArray.push(itemArray[i]);
}
}
itemArray = newItemArray;
populateTable(itemArray);
}
function editItem(id) {
currentItem = id;
var node = itemArray[id];
$("#item_itemid").val(node.id);
$("#item_productid").val(node.productid).trigger("change");
$("#item_productid_lazy").val(node.description);
$("#item_quantity").val(node.quantity);
$("#item_vat").val(node.vat);
$("#item_vatrate").val(node.vatrate);
$("#item_unitprice").val(node.priceeach);
$("#item_linetotal").val(node.linetotal);
$('#invoiceitemdialog').dialog('open');
}
function addQuoteItem() {
currentItem = -1;
$("#item_itemid").val("0");
$("#item_productid").val("0");
$("#item_productid_lazy").val("");
$("#item_quantity").val("1");
$("#item_vatrate").val("<?php
echo getSiteConfigData()->vatrate;
?>
");
$("#item_vat").val("0.00");
$("#item_unitprice").val("0.00");
$("#item_linetotal").val("0.00");
$('#invoiceitemdialog').dialog('open');
}
function validateForm() {
return true;
}
$(document).ready(
function() {
$("#item_productid").change(productid_onchange);
$("#customerid").change(customerid_onchange);
$("#clientid").change(clientid_onchange);
$("#siteid").change(siteid_onchange);
$("#invoiceitemdialog").dialog({
modal: true,
autoOpen: false,
show:"fade",
closeOnEscape: true,
width: 690,
hide:"fade",
title:"Quote Item",
open: function(event, ui){
},
buttons: {
"Save": function() {
if (saveQuoteItem()) {
$(this).dialog("close");
}
},
Cancel: function() {
$(this).dialog("close");
}
}
});
}
);
function bookingReference(node) {
return "<?php
echo getSiteConfigData()->bookingprefix;
?>
" + padZero(node.id, 6);
}
function accept(id) {
currentID = id;
$("#confirmacceptdialog .confirmdialogbody").html("You are about to invoice this order.<br>Are you sure ?");
$("#confirmacceptdialog").dialog("open");
}
function undo(id) {
currentID = id;
$("#confirmundodialog .confirmdialogbody").html("You are about to undo this order.<br>Are you sure ?");
$("#confirmundodialog").dialog("open");
}
function confirmaccept() {
post("editform", "accept", "submitframe",
{
orderid: currentID
}
);
$("#confirmacceptdialog").dialog("close");
}
function confirmundo() {
post("editform", "undo", "submitframe",
{
orderid: currentID
}
);
$("#confirmundodialog").dialog("close");
}
function checkStatus(node) {
if (node.status == 0) {
$("#acceptbutton").show();
$("#undobutton").hide();
} else {
$("#acceptbutton").hide();
$("#undobutton").show();
}
}
function editDocuments(node) {
viewDocument(node, "addorderdocument.php", node, "orderdocs", "orderid");
}
<?php
}
function __construct($orientation, $metric, $size, $id)
{
$dynamicY = 0;
start_db();
parent::__construct($orientation, $metric, $size);
try {
$sql = "SELECT A.*, DATE_FORMAT(A.invoicedate, '%d/%m/%Y') AS invoicedate,\n\t\t\t\t\t\tD.name AS customername, D.accountnumber, D.invoiceaddress1, D.invoiceaddress2, D.invoiceaddress3, \n\t\t\t\t\t\tD.invoicecity, D.invoicepostcode, B.deliveryaddress1, B.deliveryaddress2, \n\t\t\t\t\t\tB.deliveryaddress3, B.deliverycity, B.deliverypostcode, D.firstname, B.lastname,\n\t\t\t\t\t\tE.fullname AS takenbyname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}invoice A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}customerclientsite B\n\t\t\t\t\t ON B.id = A.siteid\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}customerclient C\n\t\t\t\t\t ON C.id = B.clientid\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}customer D\n\t\t\t\t\t ON D.id = C.customerid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}members E\n\t\t\t\t\t ON E.member_id = A.takenbyid\n\t\t\t\t\t WHERE A.id = {$id}\n\t\t\t\t\t ORDER BY A.id DESC";
$result = mysql_query($sql);
if ($result) {
while ($this->headermember = mysql_fetch_assoc($result)) {
$shipping = $this->headermember['deliverycharge'];
$discount = $this->headermember['discount'];
$total = 0;
$dynamicY = $this->newPage() + 7;
$sql = "SELECT A.*, B.productcode, B.description\n\t\t\t\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}invoiceitem A \n\t\t\t\t\t\t\t\tINNER JOIN {$_SESSION['DB_PREFIX']}product B \n\t\t\t\t\t\t\t\tON B.id = A.productid \n\t\t\t\t\t\t\t\tWHERE A.invoiceid = {$id} \n\t\t\t\t\t\t\t\tORDER BY A.sequence";
$itemresult = mysql_query($sql);
if ($itemresult) {
while ($itemmember = mysql_fetch_assoc($itemresult)) {
$line = array("Quantity" => $itemmember['quantity'], "Code" => $itemmember['productcode'], "Description" => $itemmember['description'], "Price Each" => number_format($itemmember['priceeach'], 2), "Line Total" => number_format($itemmember['priceeach'] * $itemmember['quantity'], 2));
$size = $this->addLine($dynamicY, $line);
$dynamicY += $size + 1;
if ($dynamicY > 225) {
$dynamicY = $this->newPage();
$dynamicY = 102;
}
$total = $total + $itemmember['priceeach'] * $itemmember['quantity'];
$totalvat += $itemmember['vat'];
}
} else {
logError($qry . " - " . mysql_error());
}
$line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Goods Net:", "Line Total" => number_format($total, 2));
$size = $this->addLine(236, $line);
$line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Delivery:", "Line Total" => number_format($shipping, 2));
$size = $this->addLine(242, $line);
$line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Invoice Net:", "Line Total" => number_format($shipping + $total, 2));
$size = $this->addLine(248, $line);
$totalvat += $shipping * (getSiteConfigData()->vatrate / 100);
$line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "VAT:", "Line Total" => number_format($totalvat, 2));
$size = $this->addLine(254, $line);
$line = array("Quantity" => " ", "Code" => " ", "Description" => " ", "Price Each" => "Total:", "Line Total" => number_format($totalvat + $shipping + $total - $discount, 2));
$size = $this->addLine(260, $line);
$this->addText(162, 265, "Pounds Sterling", 6, 3);
}
} else {
logError($sql . " - " . mysql_error());
}
} catch (Exception $e) {
logError($e->getMessage());
}
$this->AliasNbPages();
}
$objPHPExcel->getActiveSheet()->getColumnDimension('D')->setWidth(37);
$objPHPExcel->getActiveSheet()->getColumnDimension('E')->setWidth(37);
$objPHPExcel->getActiveSheet()->getColumnDimension('F')->setWidth(29);
$objPHPExcel->getActiveSheet()->getColumnDimension('G')->setWidth(28);
$objPHPExcel->getActiveSheet()->SetCellValue('A1', 'Customer');
$objPHPExcel->getActiveSheet()->SetCellValue('B1', 'Customer Code');
$objPHPExcel->getActiveSheet()->SetCellValue('C1', 'Quotation Number');
$objPHPExcel->getActiveSheet()->SetCellValue('D1', 'Quotation Date');
$objPHPExcel->getActiveSheet()->SetCellValue('E1', 'Conversion Date');
$objPHPExcel->getActiveSheet()->SetCellValue('F1', 'Time Taken');
$objPHPExcel->getActiveSheet()->SetCellValue('G1', 'Total');
while ($member = mysql_fetch_assoc($result)) {
$row++;
$diff = $member['diff'];
$conversiondate = $member['converteddatetime'];
if (substr($diff, 0, 1) == "-") {
$diff = " ";
}
if (substr($conversiondate, 0, 2) == "00") {
$conversiondate = " ";
}
$objPHPExcel->getActiveSheet()->SetCellValue('A' . $row, $member['customername']);
$objPHPExcel->getActiveSheet()->SetCellValue('B' . $row, $member['accountnumber']);
$objPHPExcel->getActiveSheet()->SetCellValue('C' . $row, getSiteConfigData()->bookingprefix . "-" . sprintf("%06d", $member['id']));
$objPHPExcel->getActiveSheet()->SetCellValue('D' . $row, $member['metacreateddate']);
$objPHPExcel->getActiveSheet()->SetCellValue('E' . $row, $conversiondate);
$objPHPExcel->getActiveSheet()->SetCellValue('F' . $row, $diff);
$objPHPExcel->getActiveSheet()->SetCellValue('G' . $row, number_format($member['total'], 2));
}
$objWriter = new PHPExcel_Writer_Excel2007($objPHPExcel);
$objWriter->save('php://output');
function login($login, $password, $redirect = true)
{
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
unset($_SESSION['LOGIN_ERRMSG_ARR']);
unset($_SESSION['ERR_USER']);
unset($_SESSION['MENU_CACHE']);
//Function to sanitize values received from the form. Prevents SQL injection
//Sanitize the POST values
$login = clean($login);
$password = clean($password);
//Input Validations
if ($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if ($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//Create query
$qry = "SELECT DISTINCT A.* " . "FROM {$_SESSION['DB_PREFIX']}members A " . "WHERE A.login = '******' " . "AND A.passwd = '" . md5($password) . "' " . "AND A.accepted = 'Y'";
$result = mysql_query($qry);
//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$qry = "SELECT * FROM {$_SESSION['DB_PREFIX']}userroles WHERE memberid = " . $_SESSION['SESS_MEMBER_ID'] . "";
$result = mysql_query($qry);
$index = 0;
$status = null;
$arr = array();
$arr[$index++] = "PUBLIC";
unset($_SESSION['SESS_EVENT_ID']);
//Check whether the query was successful or not
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$arr[$index++] = $member['roleid'];
}
} else {
logError('Failed to connect to server: ' . mysql_error());
}
$_SESSION['ROLES'] = $arr;
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}loginaudit " . "(" . "memberid, timeon, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid" . ") " . "VALUES " . "(" . $_SESSION['SESS_MEMBER_ID'] . ", NOW(), NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . "" . ")";
$auditresult = mysql_query($qry);
$auditid = mysql_insert_id();
$_SESSION['SESS_LOGIN_AUDIT'] = $auditid;
if (!$auditresult) {
logError("{$qry} - " . mysql_error());
}
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members SET " . "loginauditid = {$auditid}, metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = " . $_SESSION['SESS_MEMBER_ID'];
$auditresult = mysql_query($qry);
if (!$auditresult) {
logError("{$qry} - " . mysql_error());
}
//Create query
$qry = "SELECT lastschedulerun " . "FROM {$_SESSION['DB_PREFIX']}siteconfig A " . "WHERE (lastschedulerun <= (DATE_ADD(CURDATE(), INTERVAL -" . getSiteConfigData()->runscheduledays . " DAY)) OR lastschedulerun IS NULL) ";
$result = mysql_query($qry);
//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
require_once "runalerts.php";
}
}
if ($redirect) {
header("location: index.php");
exit;
}
} else {
//If there are input validations, redirect back to the login form
if (!$errflag) {
// $errmsg_arr[] = "Login not found / Not active.<br>Please register or contact portal support";
$errmsg_arr[] = "Invalid login";
}
$_SESSION['LOGIN_ERRMSG_ARR'] = $errmsg_arr;
//Login failed
header("location: system-login.php?session=" . urlencode($_GET['session']));
exit;
}
} else {
logError("Query failed :" . mysql_error());
}
}
function login($login, $password, $redirect = true, $mobile = true)
{
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
unset($_SESSION['LOGIN_ERRMSG_ARR']);
unset($_SESSION['ERR_USER']);
unset($_SESSION['MENU_CACHE']);
//Function to sanitize values received from the form. Prevents SQL injection
//Sanitize the POST values
$login = clean($login);
$password = clean($password);
//Input Validations
if ($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if ($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
$md5passwd = md5($password);
//Create query
if ($mobile) {
$qry = "SELECT DISTINCT A.* \n\t\t\t FROM {$_SESSION['DB_PREFIX']}members A \n\t\t\t WHERE A.login = '******' \n\t\t\t AND A.passwd = '{$md5passwd}' \n\t\t\t \tAND A.accepted = 'Y'";
} else {
$qry = "SELECT DISTINCT A.*\n\t\t\t FROM {$_SESSION['DB_PREFIX']}members A \n\t\t\t WHERE A.login = '******' \n\t\t\t AND A.passwd = '{$md5passwd}' \n\t\t\t \tAND A.accepted = 'Y'\n\t\t\t \tAND A.member_id IN (SELECT C.memberid FROM {$_SESSION['DB_PREFIX']}userroles C WHERE C.roleid = 'ADMIN')";
}
$result = mysql_query($qry);
//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_NAME'] = $member['fullname'];
$qry = "SELECT * \n\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}userroles \n\t\t\t\t\tWHERE memberid = {$_SESSION['SESS_MEMBER_ID']}";
$result = mysql_query($qry);
$index = 0;
$status = null;
$arr = array();
$arr[$index++] = "PUBLIC";
//Check whether the query was successful or not
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$arr[$index++] = $member['roleid'];
}
} else {
logError('Failed to connect to server: ' . mysql_error());
}
$_SESSION['ROLES'] = $arr;
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}loginaudit \n\t\t\t\t\t(\n\t\t\t\t\t\ttimeon, memberid, \n\t\t\t\t\t\tmetacreateddate, metacreateduserid, \n\t\t\t\t\t\tmetamodifieddate, metamodifieduserid\n\t\t\t\t\t) \n\t\t\t\t\tVALUES \n\t\t\t\t\t(\n\t\t\t\t\t\tNOW(), {$_SESSION['SESS_MEMBER_ID']}, \n\t\t\t\t\t\tNOW(), {$_SESSION['SESS_MEMBER_ID']}, \n\t\t\t\t\t\tNOW(), {$_SESSION['SESS_MEMBER_ID']}\n\t\t\t\t\t)";
$auditresult = mysql_query($qry);
$auditid = mysql_insert_id();
$_SESSION['SESS_LOGIN_AUDIT'] = $auditid;
if (!$auditresult) {
logError("{$qry} - " . mysql_error());
}
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members SET \n\t\t\t\t\tloginauditid = {$auditid}, \n\t\t\t\t\tmetamodifieddate = NOW(), \n\t\t\t\t\tmetamodifieduserid = {$_SESSION['SESS_MEMBER_ID']}\n\t\t\t\t\tWHERE member_id = {$_SESSION['SESS_MEMBER_ID']}";
$auditresult = mysql_query($qry);
if (!$auditresult) {
logError("{$qry} - " . mysql_error());
}
//Create query
$days = getSiteConfigData()->runscheduledays;
$qry = "SELECT lastschedulerun \n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}siteconfig A \n\t\t\t\t WHERE (lastschedulerun <= (DATE_ADD(CURDATE(), INTERVAL -{$days} DAY)) \n\t\t\t\t OR lastschedulerun IS NULL) ";
$result = mysql_query($qry);
//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
require_once "runalerts.php";
}
}
if ($redirect) {
header("location: index.php");
exit;
}
} else {
//If there are input validations, redirect back to the login form
if (!$errflag) {
$errmsg_arr[] = "Invalid login";
}
$_SESSION['LOGIN_ERRMSG_ARR'] = $errmsg_arr;
//Login failed
if ($mobile) {
header("location: system-login.php?session=" . urlencode($_GET['session']));
} else {
header("location: system-login.php?session=" . urlencode($_GET['session']));
}
exit;
}
} else {
logError(mysql_error() . " - {$qry}");
}
}
$("#loginForm").submit();
}
$(document).ready(function() {
$("#login").change(
function() {
$(".loginerror").hide();
}
);
$("#dialog").dialog({
modal: true,
width: 480,
closeOnEscape: false,
dialogClass: '<?php
if (getSiteConfigData()->maintenancemode == "Y") {
echo "login-dialog2";
} else {
echo "login-dialog";
}
?>
',
beforeClose: function() { return false; }
});
});
</script>
<?php
}
unset($_SESSION['ERRMSG_ARR']);
echo "<td><img title='Click to sign' src='images/stock.png' onclick='sign(" . $member['id'] . ")'/></td>";
echo "</tr>\n";
}
}
?>
</table>
</td>
<?php
}
?>
<td style='border: 1px solid #CCCCCC; padding: 10px'>
<div class="welcome" >
<div class="fright welcome">
<img src='images/logo-welcome.png' />
</div>
<?php
if (isUserInRole("ADMIN")) {
echo getSiteConfigData()->welcometext;
}
?>
</div>
</td>
</tr>
</table>
<?php
if (!isUserInRole("ADMIN")) {
?>
<p>Please click on the icon above to sign your loan agreement</p>
<?php
}
include "system-footer.php";
<?php
require_once 'system-db.php';
start_db();
$id = $_GET['id'];
if (!isset($id)) {
logError("Please select your image!");
} else {
$dirname = "uploads/image{$id}";
if (is_dir($dirname)) {
if ($handle = opendir($dirname)) {
while (false !== ($entry = readdir($handle))) {
if ($entry != "." && $entry != "..") {
header("location: " . getSiteConfigData()->domainurl . "/{$dirname}/{$entry}");
}
}
closedir($handle);
}
} else {
$query = mysql_query("SELECT mimetype, name, image " . "FROM {$_SESSION['DB_PREFIX']}images " . "WHERE id= " . $id);
$row = mysql_fetch_array($query);
$content = $row['image'];
$name = $row['name'];
header('Content-type: ' . $row['mimetype']);
try {
if (!is_dir($dirname)) {
error_reporting(0);
mkdir($dirname);
chmod($dirname, 0777);
}
file_put_contents("{$dirname}/{$name}", $content);
$qry = "UPDATE {$_SESSION['DB_PREFIX']}teamagegroup SET \n\t\t\t\t\tfirstname = '{$fname}', \n\t\t\t\t\tlastname = '{$lname}',\n\t\t\t\t\ttelephone = '{$landline}',\n\t\t\t\t\temail = '{$email}',\n\t\t\t\t\tlogin = {$memberid}\n\t\t\t\t\tWHERE id = {$teamid}";
$result = mysql_query($qry);
if (!$result) {
logError("UPDATE team failed ({$qry}):" . mysql_error());
}
}
if ($clubid != 0) {
$qry = "UPDATE {$_SESSION['DB_PREFIX']}team SET \n\t\t\t\t\tfirstname = '{$fname}', \n\t\t\t\t\tlastname = '{$lname}',\n\t\t\t\t\ttelephone = '{$landline}',\n\t\t\t\t\temail = '{$email}'\n\t\t\t\t\tWHERE id = {$clubid}";
$result = mysql_query($qry);
if (!$result) {
logError("UPDATE team failed ({$qry}):" . mysql_error());
}
}
mysql_query("COMMIT");
sendUserMessage(getLoggedOnMemberID(), "User Registration", "User " . $_POST['login'] . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome " . $_POST['fname'] . " " . $_POST['lname'] . ".</h3><br>You have been invited to become a member of 'Harrow Youth Football League'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : " . $_POST['login'] . "<br>Password : "******"location: system-register-success.php");
} else {
logError("1 Query failed:" . mysql_error());
}
} else {
$memberid = $_GET['id'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members \n\t\t\t\tSET email = '{$email}', \n\t\t\t\tfirstname = '{$fname}', \n\t\t\t\tlastname = '{$lname}', \n\t\t\t\tlastaccessdate = NOW(),\n\t\t\t\tpasswd = '" . md5($password) . "'\n\t\t\t\tWHERE member_id = {$memberid}";
$result = mysql_query($qry);
if (!$result) {
logError("UPDATE members failed:" . mysql_error());
}
$_SESSION['SESS_FIRST_NAME'] = $fname;
$_SESSION['SESS_LAST_NAME'] = $lname;
sendUserMessage(getLoggedOnMemberID(), "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>.");
function getFilteredData($sql)
{
if (!isset($_SESSION['SITE_CONFIG'])) {
return $sql;
}
$parser = new PHPSQLParser($sql);
$tablealias = null;
$data = getSiteConfigData();
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] == "horizon_members") {
if ($table['alias'] != "") {
$tablealias = $table['alias']['name'];
} else {
$tablealias = $table['table'];
}
}
}
// echo $sql . "\n";
// print_r($parser->parsed);
if (!isset($parser->parsed['WHERE'])) {
/* Create where clause. */
$parser->parsed['WHERE'] = array();
} else {
/* Add to the where clause. */
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "AND", "sub_tree" => "");
}
if (isUserInRole($data->adminrole) || isUserInRole($data->managementrole)) {
/* Do nothing, access rights to all. */
return $sql;
}
if (isUserInRole($data->trainingmanagementrole)) {
/* Not restricted by anything training related.
* Page roles will prevent access to parts of the system
* that are not appropriate to training management.
*/
return $sql;
}
if (isUserInRole($data->officeadminrole)) {
/* Restricted to.
* Personal details for APPRAISALS only.
*/
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] != "horizon_appraisal") {
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "");
}
}
}
if (isUserInRole($data->compliancerole)) {
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] == "horizon_holiday") {
/* Compliance don't restrict holidays */
return $sql;
}
}
/* Restricted to.
* All technicians and team leaders.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "")));
} else {
if (isUserInRole($data->regionalservicemanagerrole)) {
/* Restricted to.
* All personnel and team leaders.
*/
$parser->parsed['OPTIONS'][] = "DISTINCT";
$parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userteams", "alias" => array("as" => "", "name" => "horizon_userteams", "base_expr" => "horizon_userteams"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "")));
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.teamid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => $tablealias . ".teamid", "sub_tree" => "")));
} else {
if (isUserInRole($data->officerole)) {
$appraisal = false;
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] == "horizon_appraisal") {
/* Compliance don't restrict holidays */
$appraisal = true;
}
}
if (!$appraisal) {
return $sql;
}
/* Restricted to.
* All technicians and team leaders.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "")));
} else {
if (isUserInRole($data->officemanagerrole)) {
/* Restricted to.
* All personnel and team leaders.
*/
$parser->parsed['OPTIONS'][] = "DISTINCT";
$parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userroles", "alias" => array("as" => "", "name" => "horizon_userroles", "base_expr" => "horizon_userroles"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => "")));
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.roleid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->officepersonnelrole . "'", "sub_tree" => "")));
} else {
if (isUserInRole($data->teamleaderrole)) {
/* Restricted to.
* Team personnel and themselves.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => "");
} else {
if (isUserInRole($data->areacoordinatorrole)) {
/* Restricted to.
* Team personnel and themselves.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => "");
} else {
/* Restricted to.
* Technician Level 1 – Personal details.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "");
}
}
}
}
}
}
$creator = new PHPSQLCreator($parser->parsed);
$created = $creator->created;
return $created;
}
function __construct($orientation, $metric, $size, $id)
{
global $member;
global $top;
parent::__construct($orientation, $metric, $size);
$this->SetAutoPageBreak(true, 0);
//Include database connection details
start_db();
$margin = 7;
$sql = "SELECT A.*, " . "DATE_FORMAT(A.creditdate, '%d/%m/%Y') AS creditdate, " . "DATE_FORMAT(A.paymentdate, '%d/%m/%Y') AS paymentdate, " . "DATE_FORMAT(A.createddate, '%d/%m/%Y') AS createddate, " . "DATE_FORMAT(B.datedelivered, '%d/%m/%Y') AS datedelivered, " . "A.deladdress, A.toaddress, B.plaintiff, B.casenumber, B.transcripttype, B.j33number, B.depositamount, " . "D.name AS courtname, D.vatapplicable, D.address, D.fax AS courtfax, D.cellphone AS courtmobile, " . "D.email AS courtemail, D.telephone AS courttelephone, D.contact AS courtcontact, " . "E.name AS provincename, F.name AS terms, G.firstname, G.lastname, G.mobile, G.landline, G.email, G.fax, " . "I.name AS clientcourtname, " . "O.privatebankingdetails, O.bankingdetails, " . "O.address AS officeaddress, O.email AS officeemail, O.telephone, O.contact, O.fax AS officefax, O.name AS officename " . "FROM {$_SESSION['DB_PREFIX']}invoices A " . "INNER JOIN {$_SESSION['DB_PREFIX']}cases B " . "ON B.id = A.caseid " . "INNER JOIN {$_SESSION['DB_PREFIX']}courts D " . "ON D.id = B.courtid " . "INNER JOIN {$_SESSION['DB_PREFIX']}province E " . "ON E.id = D.provinceid " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}caseterms F " . "ON F.id = A.termsid " . "INNER JOIN {$_SESSION['DB_PREFIX']}members G " . "ON G.member_id = A.contactid " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}courts I " . "ON I.id = B.clientcourtid " . "LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}offices J " . "ON J.id = A.officeid " . "INNER JOIN {$_SESSION['DB_PREFIX']}offices O " . "ON O.id = A.officeid " . "WHERE A.caseid = {$id} " . "ORDER BY B.id";
$result = mysql_query($sql);
if ($result) {
$total = 0;
$subtotal = 0;
$shipping = 0;
$totalvat = 0;
$depositamount = 0;
$vatapplicable = "N";
while ($member = mysql_fetch_assoc($result)) {
$this->newPage();
$first = false;
$y = $top;
$vatapplicable = $member['vatapplicable'];
$invoiceid = $member['id'];
// $description = $this->stripHTML($member['description']);
$description = $member['description'];
if ($member['depositamount'] != null) {
$depositamount = $member['depositamount'];
}
$sql = "SELECT C.id, C.description, C.qty, C.vat, C.vatrate, C.total, C.unitprice, " . "H.name AS templatename " . "FROM {$_SESSION['DB_PREFIX']}invoiceitems C " . "INNER JOIN {$_SESSION['DB_PREFIX']}invoiceitemtemplates H " . "ON H.id = C.templateid " . "WHERE C.invoiceid = {$invoiceid} " . "ORDER BY C.id";
$itemresult = mysql_query($sql);
if ($itemresult) {
while ($itemmember = mysql_fetch_assoc($itemresult)) {
$line = array("Quantity" => number_format($itemmember['qty'], 0), "Description" => $itemmember['templatename'], "Unit Price" => "R " . number_format($itemmember['unitprice'], 2), "Total" => "R " . number_format($itemmember['total'], 2));
$size = $this->addLine($y, $line);
$y += $size;
if ($y > 235) {
$this->newPage();
$y = $top;
}
$subtotal += $itemmember['total'] - $member['vat'];
$shipping = $itemmember['shippinghandling'];
$totalvat += $itemmember['vat'];
$total += $itemmember['total'];
}
$y += 4;
if ($y > 175) {
$this->newPage();
$y = $top;
}
$line = array("Quantity" => " ", "Description" => $description, "Unit Price" => " ", "Total" => " ");
$size = $this->addLine($y, $line);
$y += $size;
if ($y > 235) {
$this->newPage();
$y = $top;
}
} else {
logError($sql . " - " . mysql_error());
}
}
} else {
logError($sql . " - " . mysql_error());
}
if ($vatapplicable == "Y") {
$this->Line(121, 240, 200, 240);
$this->Line(121, 245, 200, 245);
$this->Line(121, 250, 200, 250);
}
$this->Line(121, 255, 200, 255);
if ($vatapplicable == "Y") {
$line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "VAT (" . number_format(getSiteConfigData()->vatrate, 0) . "%)", "Total" => "R " . number_format($totalvat, 2));
$size = $this->addLine(242, $line);
$line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "TOTAL", "Total" => "R " . number_format($total, 2));
$size = $this->addLine(247, $line);
$line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "DEPOSIT", "Total" => "R " . number_format($depositamount, 2));
$size = $this->addLine(252, $line);
$line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "TOTAL DUE", "Total" => "R " . number_format($total - $depositamount, 2));
$size = $this->addLine(258, $line, 0, 'B');
} else {
$line = array("Quantity" => " ", "Description" => " ", "Unit Price" => "TOTAL", "Total" => "R " . number_format($total, 2));
$size = $this->addLine(258, $line, 0, 'B');
}
}
$matchid = mysql_insert_id();
if (!$result) {
logError($qry . " - " . mysql_error());
}
for ($i = 0; $i < count($_POST['player']); $i++) {
$playerid = $_POST['player'][$i];
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}matchplayerdetails \n\t\t\t\t\t(\n\t\t\t\t\t\tmatchid, playerid, metacreateduserid, metamodifieduserid, \n\t\t\t\t\t\tmetacreateddate, metamodifieddate\n\t\t\t\t\t)\n\t\t\t\t\tVALUES\n\t\t\t\t\t(\n\t\t\t\t\t\t{$matchid}, {$playerid}, {$memberid}, {$memberid}, \n\t\t\t\t\t\tNOW(), NOW()\n\t\t\t\t\t)";
$result = mysql_query($qry);
if (!$result) {
logError($qry . " - " . mysql_error());
}
}
$details = "Match report attached for match on " . $_POST['matchdate'];
$file = "uploads/matchcard{$id}" . session_id() . ".pdf";
$report = new MatchCardReport('P', 'mm', 'A4', $matchid);
$report->Output($file, "F");
sendTeamMessage($teamid, "Match Report Confirmed", $details, "", array($file));
sendRoleMessage("LEAGUE", "Match Report Confirmed", $details, "", array($file));
if ($_POST['refereescore'] < 50 && $_POST['refereescore'] > 0) {
$refname = GetRefereeName($refereeid);
$refdetails = "Referee {$refname} has scored {$refereescore}<br><br>Report:<br>" . $_POST['refereeremarks'];
smtpmailer(getSiteConfigData()->refereereportemail, "*****@*****.**", $_SESSION['SESS_TEAM_EMAIL'], "Referee Report", $refdetails);
}
} catch (Exception $e) {
logError("Signing image: " . $e->getMessage());
}
mysql_query("COMMIT");
header("location: matchconfirm.php?id={$matchid}");
?>
<?php
include "system-embeddedheader.php";
?>
<br>
<h4>Order <?php
echo getSiteConfigData()->bookingprefix . sprintf("%06d", $_GET['orderid']);
?>
has been processed.</h4>
<br>
<a href="onlineordering.php">Create New Order</a>
<?php
include "system-embeddedfooter.php";
?>
//Create INSERT query
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, 'PUBLIC', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")";
$result = @mysql_query($qry);
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, 'USER', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")";
$result = @mysql_query($qry);
if (isset($_POST['accounttype'])) {
$accountrole = $_POST['accounttype'];
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}userroles(memberid, roleid, metacreateddate, metacreateduserid, metamodifieddate, metamodifieduserid) VALUES({$memberid}, '{$accountrole}', NOW(), " . getLoggedOnMemberID() . ", NOW(), " . getLoggedOnMemberID() . ")";
$result = @mysql_query($qry);
}
$_SESSION['SESS_FIRST_NAME'] = $fname;
$_SESSION['SESS_LAST_NAME'] = $lname;
$_SESSION['SESS_IMAGE_ID'] = $imageid;
$_SESSION['SESS_CUSTOMER_ID'] = $customerid;
sendRoleMessage("ADMIN", "User Registration", "User " . $login . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome {$fname} {$lname}.</h3><br>You have been invited to become a member of 'iAfrica Database'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : {$login}<br>Password : "******"location: system-register-success.php");
} else {
logError("1 Query failed:" . mysql_error());
}
} else {
$memberid = $_GET['id'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET email = '{$email}', " . "firstname = '{$fname}', " . "lastname = '{$lname}', " . "customerid = {$customerid}, " . "imageid = {$imageid}, " . "lastaccessdate = NOW(), ";
if (isset($_POST['postcode'])) {
$qry .= "postcode = '{$postcode}', ";
}
$qry .= "passwd = '" . md5($password) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = " . $_GET['id'];
$result = mysql_query($qry);
if (!$result) {
logError("UPDATE members failed:" . mysql_error());
dp.init(scheduler);
}
function refresh() {
scheduler.clearAll();
scheduler.setCurrentView(null, "timeline");
setTimeout(
function() {
refresh();
},
<?php
echo getSiteConfigData()->refreshcycle * 1000;
?>
);
}
function modSchedHeight(){
var sch = document.getElementById("scheduler_here");
sch.style.height = (document.body.offsetHeight - 20) + "px";
var contbox = document.getElementById("contbox");
contbox.style.width = (parseInt(document.body.offsetWidth)-300)+"px";
}
</script>
<div style="height:0px;background-color:#3D3D3D;border-bottom:5px solid #828282;">
<div id="contbox" style="float:left;color:white;margin:22px 75px 0 75px; overflow:hidden;font: 17px Arial,Helvetica;color:white">
</div>
</div>
