function getPageTitle()
{
//set the page title (need tr grab client information)
$querystatement = "\n\t\t\t\tSELECT\n\t\t\t\t\tfirstname,\n\t\t\t\t\tlastname,\n\t\t\t\t\tcompany\n\t\t\t\tFROM\n\t\t\t\t\tclients\n\t\t\t\tWHERE\n\t\t\t\t\tid=" . $this->clientid;
$queryresult = $this->db->query($querystatement);
$refrecord = $this->db->fetchArray($queryresult);
$pageTitle = "Addresses: ";
if ($refrecord["company"] == "") {
$pageTitle .= $refrecord["firstname"] . " " . $refrecord["lastname"];
} else {
$pageTitle .= $refrecord["company"];
}
$pageTitle = htmlQuotes($pageTitle);
return $pageTitle;
}
function getName($tabledefid, $recordid)
{
switch ($tabledefid) {
case "tbld:6d290174-8b73-e199-fe6c-bcf3d4b61083":
default:
$querystatement = "\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tif(clients.lastname!='',concat(clients.lastname,', ',clients.firstname,if(clients.company!='',concat(' (',clients.company,')'),'')),clients.company) AS thename\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\tclients\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t`uuid` = '" . $recordid . "'\n\t\t\t\t\t";
break;
}
//endswitch tabledefid
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult)) {
$therecord = $this->db->fetchArray($queryresult);
return htmlQuotes($therecord["thename"]);
} else {
return "orphaned record: tableDefinitionID=" . $tabledefid . ", RecordID:" . $recordid;
}
}
function display($record)
{
$output = "{ prereqMet: ";
if ($record) {
$record["memo"] = str_replace("\r", "", str_replace("\n", " ", $record["memo"]));
$output .= "true, record: {";
foreach ($record as $key => $value) {
$output .= $key . ": '" . str_replace("'", "\\'", htmlQuotes($value)) . "',";
}
$output = substr($output, 0, -1) . "}";
} else {
$output .= "false";
}
//endif - record
$output .= "}";
header("Content-type: text/plain");
echo $output;
}
/**
* function process
* Process request array posted to api
*
* The method process() loops through the request array, and attempts to
* find a corresponding function to run for the request. It first looks for
* a corresponding api class to load. If it does not find it, it next to
* see if there is an overriden table class file, and finally if none of
* these are present, it uses the standard table class.
*
*/
function process()
{
$i = 1;
$tabledefid = null;
if (!is_array($this->data)) {
$this->sendError("Passed data malformed. Was expecting an array.", $this->data, true);
}
foreach ($this->data as $request) {
if (!is_array($request)) {
$this->sendError("Malformed request number " . $i, $request);
}
if (!isset($request["tabledefid"]) || !isset($request["command"]) || !isset($request["data"])) {
$this->sendError("Malformed request number " . $i, $request);
}
/**
* Process the options and populate the options object.
*/
if (!isset($request["options"])) {
$request["options"] = NULL;
}
$this->processOptions($request["options"]);
if ((int) $request["tabledefid"] !== $tabledefid) {
$tabledefid = mysql_real_escape_string($request["tabledefid"]);
//First let's get the table information from the tabledef
$querystatement = "\n SELECT\n `maintable`,\n `deletebutton`,\n `querytable`,\n `modules`.`name`,\n `apiaccessible`\n FROM\n `tabledefs` INNER JOIN `modules` ON tabledefs.moduleid = modules.uuid\n WHERE\n tabledefs.uuid = '" . $tabledefid . "'\n ";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult) == 0) {
if (!in_array($request["command"], array("procedure", "getsetting"))) {
$this->sendError("Invalid tabledefid (" . $tabledefid . ") from request number " . $i);
continue;
} else {
$deletebutton = "delete";
$maintable = "settings";
$modulename = "base";
$hasAPIOveride = false;
$hasTableClassOveride = false;
}
//endif
} else {
$therecord = $this->db->fetchArray($queryresult);
if (!$therecord["apiaccessible"]) {
$this->sendError("Invalid tabledefid (" . $tabledefid . ") from request number " . $i . ": This table definition is inaccessible via api.");
continue;
}
//endif
$deletebutton = $therecord["deletebutton"];
$maintable = $therecord["maintable"];
$modulename = $therecord["name"];
//check for ovridding classes only once.
$hasAPIOveride = file_exists("../extendedapi/" . $maintable . ".php");
$hasTableClassOveride = file_exists("../" . $modulename . "/include/" . $maintable . ".php");
}
//endif
}
//endif
/* Order in which to check for processors is as follows:
If the extendedAPI module is present, look for a file matching the main
table name of the table def.
Example: modules/extendedapi/clients.php
If a table class file exists in the module's include folder
use that.
Example: modules/bms/include/clients.php
Use the standard class module.
*/
$methodName = "";
if ($hasAPIOveride) {
// Found an API module table php
@(include_once "modules/extendedapi/" . $maintable . ".php");
$className = $className . "Api";
if (class_exists($className)) {
$processor = new $className($this->db);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
if (!method_exists($processor, $request["command"])) {
$methodName = $request["command"];
$this->response[] = $processor->{$methodName}($request["data"], $this->options->useUuid);
}
//endif
}
//end if
}
//endif
/* If the command starts with api_, and there is a request overload, let's assume they
are trying to call a homeade function in the ovveriden phpBMS table that they created.
*/
if (!$methodName && substr($request["command"], 0, 4) == "api_" && $hasTableClassOveride) {
include_once "include/tables.php";
@(include_once "modules/" . $modulename . "/include/" . $maintable . ".php");
if (class_exists($maintable)) {
$processor = new $maintable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
if (method_exists($processor, $request["command"])) {
$methodName = $request["command"];
$this->response[] = $processor->{$methodName}($request["data"], $this->options->useUuid);
}
//endif
}
//endif
if (!$methodName) {
/* Either using the modules overriden table class or search
functions class or the standard one There are several
standard commands that can be passed:
* insert - calls the tabledefs insertRecord command, the
same command that is called on standard
phpBMS forms. a variable array should be
passed in the request data.
* update - calls the tabledefs iupdateRecord command, the
same command that is called on standard
phpBMS forms. a variable array should be
passed in the request data
* delete (or the corresponding delete button command)
- calls the deleteRecord searchFunctions command
data should be an array of ids
* procedure - This calls a stored MySQL stored procedure
request data should pass an object with the
(name) and optionally an array of any
(parameters)
In addition, you can pass a command that corresponds to
any additional commands as defined in the table definition
the request data passed should contain an array of ids
*/
switch ($request["command"]) {
case "ping":
//======================================================
$this->_addToResponse("message", "Everything is phpBMSy!");
break;
case "getDefaults":
include_once "include/tables.php";
if ($hasTableClassOveride) {
@(include_once "modules/" . $modulename . "/include/" . $maintable . ".php");
if (class_exists($maintable)) {
$processor = new $maintable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
$therecord = $processor->getDefaults();
$this->_addToResponse("retrieved", "defaults retrieved in tabledef " . $tabledefid, $therecord);
break;
case "insert":
//======================================================
include_once "include/tables.php";
if ($hasTableClassOveride) {
@(include_once "modules/" . $modulename . "/include/" . $maintable . ".php");
if (class_exists($maintable)) {
$processor = new $maintable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
$errorArray = $processor->verifyVariables((array) $request["data"]);
if (count($errorArray)) {
$this->sendError("Insert failed from request number " . $i, $errorArray);
} else {
$overrideID = false;
if (is_array($request["data"])) {
if (isset($request["data"]["id"])) {
if ((int) $request["data"]["id"] !== 0) {
$overrideID = true;
}
if ($this->options->keepDestId && isset($request["data"]["uuid"]) && $this->options->useUuid) {
$request["data"]["id"] = getId($this->db, $processor->uuid, $request["data"]["uuid"]);
}
} elseif ($this->options->keepDestId && isset($request["data"]["uuid"]) && $this->options->useUuid) {
$request["data"]["id"] = getId($this->db, $processor->uuid, $request["data"]["uuid"]);
}
}
$createUuid = true;
if (is_array($request["data"])) {
if (isset($request["data"]["uuid"])) {
if ((string) $request["data"]["uuid"] !== "") {
$overrideID = true;
$createUuid = false;
}
}
}
//end if
if (!isset($processor->fields["uuid"])) {
$createUuid = false;
}
$newid = $processor->insertRecord($request["data"], NULL, $overrideID, true, $createUuid);
if ($newid) {
if ($createUuid) {
$this->_addToResponse("added", "record added to tabledef " . $tabledefid, $newid["uuid"]);
} elseif (isset($processor->fields["uuid"])) {
$this->_addToResponse("added", "record added to tabledef " . $tabledefid, $request["data"]["uuid"]);
} else {
$this->_addToResponse("added", "record added to tabledef " . $tabledefid, $newid);
}
//end if
} else {
$this->sendError("Insert failed from request number " . $i);
}
}
//endif
break;
case "update":
//======================================================
include_once "include/tables.php";
if ($hasTableClassOveride) {
@(include_once "modules/" . $modulename . "/include/" . $maintable . ".php");
if (class_exists($maintable)) {
$processor = new $maintable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
$errorArray = $processor->verifyVariables($request["data"]);
if ($this->options->useUuid) {
if (!isset($request["data"]["uuid"])) {
$errorArray[] = "The `uuid` field must be set.";
}
} else {
if (!isset($request["data"]["id"])) {
$errorArray[] = "The `id` field must be set.";
}
}
//end if
if (count($errorArray)) {
$this->sendError("Update failed from request number " . $i, $errorArray);
} else {
$processor->updateRecord($request["data"], NULL, (bool) $this->options->useUuid);
$this->_addToResponse("updated", "record updated in tabledef " . $tabledefid);
}
//endif
break;
case "get":
//======================================================
include_once "include/tables.php";
if ($hasTableClassOveride) {
@(include_once "modules/" . $modulename . "/include/" . $maintable . ".php");
if (class_exists($maintable)) {
$processor = new $maintable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
} else {
$processor = new phpbmsTable($this->db, $tabledefid);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
}
//end if
$errorMessage = "";
if ($this->options->useUuid) {
if (!isset($request["data"]["uuid"])) {
$errorMessage = "The `uuid` field must be set.";
}
} else {
if (!isset($request["data"]["id"])) {
$errorMessage = "The `id` field must be set.";
}
}
//end if
if ($errorMessage) {
$this->sendError("Get failed from request number " . $i, $errorMessage);
} elseif (!$this->options->useUuid) {
$therecord = $processor->getRecord((int) $request["data"]["id"], $this->options->useUuid);
$thereturn = $therecord["id"];
$thevalue = (int) $request["data"]["id"];
} else {
$therecord = $processor->getRecord(mysql_real_escape_string($request["data"]["uuid"]), $this->options->useUuid);
$thereturn = $therecord["uuid"];
$thevalue = $request["data"]["uuid"];
}
if ($thereturn == $thevalue) {
$this->_addToResponse("retrieved", "record (" . htmlQuotes($thevalue) . ") retrieved in tabledef " . $tabledefid, $therecord);
} else {
$this->_addToResponse("retrieved", "no record found (" . htmlQuotes($thevalue) . ") in tabledef " . $tabledefid);
}
break;
case "delete":
case $deletebutton:
//======================================================
if (!is_array($request["data"])) {
$this->sendError("Passed data is not array in request number " . $i, $request["data"]);
} else {
include_once "include/search_class.php";
if ($hasTableClassOveride) {
@(include_once "modules/" . $modulename . "/include/" . $maintable . ".php");
$className = $maintable . "SearchFunctions";
if (class_exists($className)) {
$processor = new $className($this->db, $tabledefid, $request["data"]);
} else {
$processor = new searchFunctions($this->db, $tabledefid, $request["data"]);
}
} else {
$processor = new searchFunctions($this->db, $tabledefid, $request["data"]);
}
$result = $processor->delete_record($this->options->useUuid);
$this->_addToResponse($request["command"], $result);
}
//endif
break;
case "procedure":
//======================================================
if (!is_array($request["data"])) {
$this->sendError("Wrong passed procedure format, expected object in request number " . $i, $request["data"]);
} else {
if (!isset($request["data"]["name"])) {
$this->sendError("Wrong passed procedure format, name missing in request number " . $i, $request["data"]);
} else {
//check to see if stored procedure exists
$querystatement = "\n SHOW PROCEDURE STATUS LIKE '" . mysql_real_escape_string($request["data"]["name"]) . "'\n ";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult) === 0) {
$this->sendError("Procedure '" . $request["data"]["name"] . "' does not exist in request number " . $i, $request["data"]);
} else {
$parameterList = "";
if (isset($request["data"]["parameters"])) {
foreach ($request["data"]["parameters"] as $parameter) {
$parameterList .= ", '" . mysql_real_escape_string($parameter) . "'";
}
}
if ($parameterList) {
$parameterList = substr(1, $parameterList);
}
$procedurestatement = "\n CALL " . $request["data"]["name"] . "(" . $parameterList . ")";
$queryresult = $this->db->query($procedurestatement);
$result = array();
while ($therecord = $this->db->fetchArray($queryresult)) {
$result[] = $therecord;
}
$this->_addToResponse("result", "Procedure '" . $request["data"]["name"] . "' returned (" . $this->db->numRows($queryresult) . ") in request number " . $i, $result);
}
//endif
}
//endif
}
//endif
break;
case "getsetting":
//======================================================
if (!is_array($request["data"])) {
$this->sendError("Wrong passed data format, expected array in request number " . $i, $request["data"]);
} else {
$whereclause = "";
foreach ($request["data"] as $settingName) {
$whereclause = "OR `name` = '" . mysql_real_escape_string($settingName) . "' ";
}
if ($whereclause) {
$whereclause = "WHERE " . substr($whereclause, 2);
}
$querystatement = "\n SELECT\n `name`,\n `value`\n FROM\n `settings`\n " . $whereclause;
$queryresult = $this->db->query($querystatement);
$settings = array();
while ($therecord = $this->db->fetchArray($queryresult)) {
$settings[$therecord["name"]] = $therecord["value"];
}
$this->_addToResponse("result", "GetSettings returned (" . count($settings) . ") in request number " . $i, $settings);
}
//endif
break;
default:
//======================================================
// a catch all for other requests. This should correspond
// to an ovrriden search class function only. Calling
// some commands can cause response errors so be careful
if (!is_array($request["data"]) && !$hasTableClassOveride) {
$this->sendError("Passaed data is not array or function (" . $request["command"] . ") does not exist in request number " . $i, $request["data"]);
} else {
@(include_once "modules/" . $modulename . "/include/" . $maintable . ".php");
$className = $maintable . "SearchFunctions";
if (!class_exists($className)) {
$this->sendError("Function (" . $request["command"] . ") does not exist in request number " . $i, $request["data"]);
} else {
$processor = new $className($this->db, $tabledefid, $request["data"]);
$processor->dateFormat = $this->options->dateFormat;
$processor->timeFormat = $this->options->timeFormat;
$methodName = $request["command"];
if (!method_exists($processor, $methodName)) {
$this->sendError("Function (" . $request["command"] . ") does not exist in request number " . $i, $request["data"]);
} else {
$result = $processor->{$methodName}();
$this->_addToResponse($request["command"], $result);
}
//endif method_exists
}
//endif $className
}
//endif
break;
}
//endswitch $request["command"]
}
//endif $modulename
$i++;
}
//endforeach
$this->displayResult();
}
function display()
{
?>
<div id="menu">
<h1><a href="<?php
echo APP_PATH . DEFAULT_LOAD_PAGE;
?>
" title="<?php
echo htmlQuotes(APPLICATION_NAME);
?>
" name="toptop"><span><?php
echo APPLICATION_NAME;
?>
</span></a></h1>
<div id="menuRighthand"><?php
echo htmlQuotes(trim($_SESSION["userinfo"]["firstname"] . " " . $_SESSION["userinfo"]["lastname"]));
?>
</div>
<ul id="menuBar">
<?php
$submenustring = "";
while ($menurecord = $this->db->fetchArray($this->menuresult)) {
if (hasRights($menurecord["roleid"])) {
if ($menurecord["link"]) {
if (strpos($menurecord["link"], "http") !== 0 && strpos($menurecord["link"], "javascript") !== 0) {
$menurecord["link"] = APP_PATH . $menurecord["link"];
}
?>
<li class="firstLevel"><a href="<?php
echo $menurecord["link"];
?>
"><?php
echo $menurecord["name"];
?>
</a></li><?php
} else {
?>
<li class="firstLevel"><a href="#toptop" class="topMenus" id="menu<?php
echo $menurecord["id"];
?>
"><?php
echo $menurecord["name"];
?>
</a></li><li class="submenusli"><ul class="submenuitems" id="submenu<?php
echo $menurecord["id"];
?>
"><?php
$subitemsquery = $this->getSubItems($menurecord["uuid"]);
if ($subitemsquery) {
$sep = false;
while ($subrecord = $this->db->fetchArray($subitemsquery)) {
if ($subrecord["name"] == "----") {
$sep = true;
} else {
if (hasRights($subrecord["roleid"])) {
if (strpos($subrecord["link"], "http") !== 0 && strpos($subrecord["link"], "javascript") !== 0) {
$subrecord["link"] = APP_PATH . $subrecord["link"];
}
if (strpos($subrecord["link"], "javascript") === 0) {
$subrecord["link"] = "#\" onclick=\"" . str_replace("javascript:", "", $subrecord["link"]);
}
?>
<li <?php
if ($sep) {
echo " class=\"menuSep\" ";
}
?>
><a href="<?php
echo $subrecord["link"];
?>
"> <?php
echo $subrecord["name"];
?>
</a></li><?php
$sep = false;
}
//end if
}
//end if
}
//end while
}
//end if
?>
</ul></li><?php
}
//end if
}
//end if
}
//end while
?>
</ul></div><?php
}
function displaySystemMessages()
{
//shows system messages, but only if they exist
$querystatement = "\n SELECT\n notes.id,\n notes.subject,\n notes.content,\n concat(users.firstname,' ',users.lastname) AS createdby,\n notes.creationdate\n FROM\n notes INNER JOIN users ON notes.createdby=users.id\n WHERE\n type='SM'\n ORDER BY\n importance DESC,\n notes.creationdate";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult)) {
?>
<div class="box" id="systemMessageContainer">
<h2>System Messages</h2>
<?php
while ($therecord = $this->db->fetchArray($queryresult)) {
$therecord["content"] = str_replace("\n", "<br />", htmlQuotes($therecord["content"]));
?>
<h3 class="systemMessageLinks"><?php
echo htmlQuotes($therecord["subject"]);
?>
<span>[ <?php
echo htmlQuotes(formatFromSQLDateTime($therecord["creationdate"]));
?>
<?php
echo htmlQuotes($therecord["createdby"]);
?>
]</span></h3>
<div class="systemMessages">
<p><?php
echo $therecord["content"];
?>
</p>
</div>
<?php
}
//end while
?>
</div>
<?php
}
//endif
}
function showRecords($queryresult)
{
global $phpbms;
?>
<div class="fauxP">
<table border="0" cellpadding="0" cellspacing="0" class="querytable">
<tr>
<th nowrap="nowrap" class="queryheader">move</th>
<th align="left" nowrap="nowrap" class="queryheader" width="100%">name/field</th>
<th align="left" nowrap="nowrap" class="queryheader">ascending</th>
<th align="left" nowrap="nowrap" class="queryheader">access</th>
<th nowrap="nowrap" class="queryheader"> </th>
</tr>
<?php
$topdisplayorder = -1;
$row = 1;
while ($therecord = $this->db->fetchArray($queryresult)) {
$topdisplayorder = $therecord["displayorder"];
if ($row == 1) {
$row = 2;
} else {
$row = 1;
}
?>
<tr class="qr<?php
echo $row;
?>
noselects">
<td nowrap="nowrap"valign="top">
<button type="button" class="graphicButtons buttonUp" onclick="document.location='<?php
echo $_SERVER["PHP_SELF"] . "?id=" . $_GET["id"] . "&command=moveup&selid=" . $therecord["id"];
?>
';"><span>Move Up</span></button>
<button type="button" class="graphicButtons buttonDown" onclick="document.location='<?php
echo $_SERVER["PHP_SELF"] . "?id=" . $_GET["id"] . "&command=movedown&selid=" . $therecord["id"];
?>
';"><span>Move Down</span></button>
<?php
echo $therecord["displayorder"];
?>
</td>
<td valign="top"><?php
if ($therecord["name"]) {
echo "<strong>" . $therecord["name"] . "</strong><br />";
}
echo htmlQuotes($therecord["field"]);
?>
</td>
<td align="center" nowrap="nowrap"valign="top"><?php
echo booleanFormat($therecord["ascending"]);
?>
</td>
<td valign="top"><?php
$phpbms->displayRights($therecord["roleid"]);
?>
</td>
<td nowrap="nowrap"valign="top">
<button id="edit<?php
echo $therecord["id"];
?>
" name="doedit" type="button" onclick="document.location='<?php
echo $_SERVER["PHP_SELF"] . "?id=" . $_GET["id"] . "&command=edit&selid=" . $therecord["id"];
?>
';" class="graphicButtons buttonEdit"><span>edit</span></button>
<button id="delete<?php
echo $therecord["id"];
?>
" name="dodelete" type="button" onclick="document.location='<?php
echo $_SERVER["PHP_SELF"] . "?id=" . $_GET["id"] . "&command=delete&selid=" . $therecord["id"];
?>
';" class="graphicButtons buttonDelete"><span>delete</span></button>
</td>
</tr>
<?php
}
?>
<tr class="queryfooter">
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table></div>
<?php
}
function displayUsers($uuid, $type)
{
$querystatement = "\n\t\t\t\tSELECT\n\t\t\t\t\t`users`.`uuid`,\n\t\t\t\t\tconcat(`users`.`firstname`,' ',`users`.`lastname`) AS `name`\n\t\t\t\tFROM\n\t\t\t\t\t`users` INNER JOIN `rolestousers` ON `rolestousers`.`userid`=`users`.`uuid`\n\t\t\t\tWHERE\n\t\t\t\t\t`rolestousers`.`roleid`='" . mysql_real_escape_string($uuid) . "'\n\t\t\t";
$assignedquery = $this->db->query($querystatement);
$thelist = array();
if ($type == "available") {
$excludelist = array();
while ($therecord = $this->db->fetchArray($assignedquery)) {
$excludelist[] = $therecord["uuid"];
}
$querystatement = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t`uuid`,\n\t\t\t\t\t\tconcat(`users`.`firstname`,' ',`users`.`lastname`) AS `name`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`users`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`revoked` = '0'\n\t\t\t\t\t\tAND\n\t\t\t\t\t\t`portalaccess`='0'\n\t\t\t\t\t";
$availablequery = $this->db->query($querystatement);
while ($therecord = $this->db->fetchArray($availablequery)) {
if (!in_array($therecord["uuid"], $excludelist)) {
$thelist[] = $therecord;
}
}
} else {
while ($therecord = $this->db->fetchArray($assignedquery)) {
$thelist[] = $therecord;
}
}
foreach ($thelist as $theoption) {
?>
<option value="<?php
echo $theoption["uuid"];
?>
"><?php
echo htmlQuotes($theoption["name"]);
?>
</option>
<?php
}
}
function showRecords()
{
$rownum = 1;
$this->db->seek($this->queryresult, 0);
//groupings
if ($this->showGroupings) {
for ($i = 0; $i < count($this->thegroupings); $i++) {
$this->thegroupings[$i]["theValue"] = "";
}
}
while ($therecord = $this->db->fetchArray($this->queryresult)) {
// more groupings
if ($this->showGroupings) {
for ($i = 0; $i < count($this->thegroupings); $i++) {
if ($this->thegroupings[$i]["theValue"] != $therecord["_group" . ($i + 1)]) {
$this->thegroupings[$i]["theValue"] = $therecord["_group" . ($i + 1)];
?>
<tr class="queryGroup"><td colspan = "<?php
echo count($this->thecolumns);
?>
" <?php
if ($i) {
echo 'style = "padding-left:' . $i * 15 . 'px"';
}
?>
>
<?php
if ($this->thegroupings[$i]["displayname"]) {
echo htmlQuotes($this->thegroupings[$i]["displayname"] . ": ");
}
echo $therecord["_group" . ($i + 1)];
?>
</td></tr><?php
$rownum = 1;
}
//endif
}
//endfor
}
//endif
?>
<tr id="<?php
echo $this->uniqueName . ":" . $therecord["theid"];
?>
" class="qr<?php
echo $rownum;
?>
"><?php
if ($rownum == 1) {
$rownum++;
} else {
$rownum = 1;
}
foreach ($this->thecolumns as $thecolumn) {
?>
<td align="<?php
echo $thecolumn["align"];
?>
" <?php
if (!$thecolumn["wrap"]) {
echo "nowrap=\"nowrap\"";
}
?>
><?php
echo $therecord[$thecolumn["name"]] !== "" ? formatVariable($therecord[$thecolumn["name"]], $thecolumn["format"]) : " ";
?>
</td><?php
}
//endforeach
?>
</tr><?php
}
//endwhile
}
?>
</td></tr>
<tr><td id="parenShipping">
<?php
if ($therecord["shippingmethodid"]) {
echo "(" . htmlQuotes($shippingMethods[$therecord["shippingmethodid"]]["name"]) . ")";
} else {
echo " ";
}
?>
</td></tr>
<tr><td class="blanks"> </td></tr>
<tr><td id="parenSpacer" class="blanks"> </td></tr>
<tr><td id="parenPayment"><?php
if ($therecord["paymentmethodid"] != "") {
echo "(" . htmlQuotes($paymentMethods[$therecord["paymentmethodid"]]["name"]) . ")";
} else {
echo " ";
}
?>
</td></tr>
</tbody>
</table>
</td>
<td colspan="2" class="invoiceTotalLabels vTabs" id="vTab1"><div>discount<input type="hidden" id="totalBD" name="totalBD" value="<?php
echo $therecord["totaltni"] + $therecord["discountamount"];
?>
" /></div></td>
<td class="totalItems"><input name="discountamount" id="discountamount" type="text" value="<?php
echo numberToCurrency($therecord["discountamount"]);
" />
<p><?php
$theform->showField("name");
?>
</p>
<p><?php
$theform->showField("roleid");
?>
</p>
<p>
<label for="search">search</label> <span class="notes">(SQL WHERE clause)</span><br />
<textarea id="search" name="search" cols="32" rows="2"><?php
echo htmlQuotes($thequicksearch["search"]);
?>
</textarea>
</p>
</fieldset>
<p align="right">
<input name="command" id="save" type="submit" value="<?php
echo $action;
?>
" class="Buttons" />
<?php
if ($action == "edit quick search item") {
?>
<input name="command" id="cancel" type="submit" value="cancel edit" class="Buttons" />
<?php
echo htmlQuotes(CURRENCY_SYM);
?>
";<?php
?>
CURRENCY_ACCURACY=<?php
echo CURRENCY_ACCURACY;
?>
;<?php
?>
DECIMAL_SYMBOL="<?php
echo htmlQuotes(DECIMAL_SYMBOL);
?>
";<?php
?>
THOUSANDS_SEPARATOR="<?php
echo htmlQuotes(THOUSANDS_SEPARATOR);
?>
";<?php
?>
LOGIN_REFRESH=<?php
echo LOGIN_REFRESH;
?>
;<?php
if (defined("TERM1_DAYS")) {
?>
TERM1_DAYS=<?php
echo TERM1_DAYS;
?>
;<?php
}
//end if
<div class="bodyline">
<form action="<?php
echo htmlentities($_SERVER["PHP_SELF"]);
?>
" method="post" name="record" id="record" onsubmit="return false">
<input type="hidden" id="command" name="command" value=""/>
<h1><span><?php
echo $pageTitle;
?>
</span></h1>
<fieldset>
<legend>Name</legend>
<p id="nameP"><?php
echo htmlQuotes($_SESSION["userinfo"]["firstname"] . " " . $_SESSION["userinfo"]["lastname"]);
?>
</p>
</fieldset>
<fieldset>
<legend>Change Password</legend>
<p>
<label for="curPass">current password</label><br />
<input type="password" id="curPass" name="curPass" maxlength="32"/>
</p>
<p>
<label for="newPass">new password</label><br />
<input type="password" id="newPass" name="newPass" maxlength="32"/>
</p>
function formatVariable($value, $format = NULL)
{
switch ($format) {
case "real":
$value = number_format($value, 2);
break;
case "currency":
$value = htmlQuotes(numberToCurrency($value));
break;
case "boolean":
$value = booleanFormat($value);
break;
case "date":
$value = formatFromSQLDate($value);
break;
case "time":
$value = formatFromSQLTime($value);
break;
case "datetime":
$value = formatFromSQLDatetime($value);
break;
case "filelink":
$value = "<button class=\"graphicButtons buttonDownload\" type=\"button\" onclick=\"document.location='" . APP_PATH . "servefile.php?i=" . $value . "'\"><span>download</span></button>";
//$value="<a href=\"".APP_PATH."servefile.php?i=".$value."\" style=\"display:block;\"><img src=\"".APP_PATH."common/stylesheet/".STYLESHEET."/image/button-download.png\" align=\"middle\" alt=\"view\" width=\"16\" height=\"16\" border=\"0\" /></a>";
break;
case "invoice":
if ($value > 0 and $value != 9999999) {
$value = "<a href=\"" . APP_PATH . "modules/bms/invoices_addedit.php?id={$value}\">{$value}</a>";
}
break;
case "client":
$value = "<a href=\"" . APP_PATH . "modules/bms/clients_addedit.php?id={$value}\">{$value}</a>";
break;
case "noencoding":
$value = $value;
break;
case "bbcode":
$value = htmlQuotes($value);
// This list needs to be expanded
$bbcodelist["[b]"] = "<strong>";
$bbcodelist["[/b]"] = "</strong>";
$bbcodelist["[br]"] = "<br />";
$bbcodelist["[space]"] = " ";
foreach ($bbcodelist as $bbcode => $translation) {
$value = str_replace($bbcode, $translation, $value);
}
break;
default:
$value = htmlQuotes($value);
}
return $value;
}
<p>
<?php
$theform->showfield("webenabled");
?>
</p>
<div style=" <?php
if (!$therecord["webenabled"]) {
echo "display:none;";
}
?>
" id="webstuff">
<p>
<label for="keywords">keywords <span class="notes">(comma separated key word list)</span></label><br />
<input type="text" id="keywords" name="keywords" value="<?php
echo htmlQuotes($therecord["keywords"]);
?>
" size="40" maxlength="255"/>
</p>
<div class="fauxP">
<label for="webdescription">web description <span class="notes">(HTML acceptable)</span></label><br />
<div style=" <?php
if ($therecord["webdescription"]) {
echo "display:none;";
}
?>
" id="webDescEdit">
<textarea id="webdescription" name="webdescription" cols="60" rows="6"><?php
echo $therecord["webdescription"];
?>
<fieldset >
<legend>processing</legend>
<p>
<?php
$theform->showField("onlineprocess");
?>
</p>
<p id="pProcessscript" <?php
if ($therecord["onlineprocess"] == 0) {
echo "style=\"display:none\" ";
}
?>
>
<label for="processscript">process script</label><br />
<input id="processscript" name="processscript" type="text" value="<?php
echo htmlQuotes($therecord["processscript"]);
?>
" size="64" maxlength="128"/>
</p>
</fieldset>
<?php
$theform->showCustomFields($db, $thetable->customFieldsQueryResult);
?>
</div>
<?php
$theform->showGeneralInfo($phpbms, $therecord);
$theform->endForm();
?>
</div>
function display($clientInfo)
{
$invoiceEditFile = getAddEditFile($this->db, "tbld:62fe599d-c18f-3674-9e54-b62c2d6b1883");
$noteEditFile = getAddEditFile($this->db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1");
$clientEditFile = getAddEditFile($this->db, "tbld:6d290174-8b73-e199-fe6c-bcf3d4b61083");
?>
<div class="bodyline" id="theDetails">
<div id="rightSideDiv">
<fieldset>
<legend>sales</legend>
<ul class="recordCommands">
<li class="firstToolbarItem"><a href="#" class="newRecord" onclick="addEditRecord('new','invoice','<?php
echo getAddEditFile($this->db, "tbld:62fe599d-c18f-3674-9e54-b62c2d6b1883", "add");
?>
')" title="new sales order"><span>new</span></a></li>
<li><a href="#" id="invoiceedit" class="editRecordDisabled" onclick="addEditRecord('edit','invoice','<?php
echo $invoiceEditFile;
?>
')" title="edit"><span>edit</span></a></li>
</ul>
<div class="recordContainers">
<div id="salesTable" class="smallQueryTableHolder">
<?php
if (!count($clientInfo["invoices"])) {
?>
<div class="small"><em>no records</em></div>
<?php
} else {
?>
<table border="0" cellpadding="0" cellspacing="0" class="smallQueryTable">
<tr>
<th align="left">ID</th>
<th align="left">Type</th>
<th align="left">Date</th>
<th align="right" width="100%">Total</th>
</tr>
<?php
foreach ($clientInfo["invoices"] as $invoicerecord) {
if ($invoicerecord["type"] == "VOID") {
$invoicerecord["totalti"] = "-----";
}
?>
<tr onclick="selectEdit(this,<?php
echo $invoicerecord["id"];
?>
,'invoice')" ondblclick="selectedInvoice=<?php
echo $invoicerecord["id"];
?>
;addEditRecord('edit','invoice','<?php
echo $invoiceEditFile;
?>
')">
<td><?php
echo $invoicerecord["id"];
?>
</td>
<td><?php
echo $invoicerecord["type"];
?>
</td>
<td nowrap="nowrap"><?php
echo formatFromSQLDate($invoicerecord["thedate"]);
?>
</td>
<td align="right"><?php
echo numberToCurrency($invoicerecord["totalti"]);
?>
</td>
</tr>
<?php
}
?>
</table><?php
}
?>
</div>
</div>
</fieldset>
<fieldset>
<legend>notes</legend>
<ul class="recordCommands">
<li class="firstToolbarItem"><a href="#" title="new note" class="newRecord" onclick="addEditRecord('new','note','<?php
echo getAddEditFile($this->db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1", "add");
?>
')"><span>new</span></a></li>
<li><a href="#" title="edit" id="noteedit" class="editRecordDisabled" onclick="addEditRecord('edit','note','<?php
echo $noteEditFile;
?>
')"><span>edit</span></a></li>
</ul>
<div class="recordContainers">
<div id="notesTable" class="smallQueryTableHolder">
<?php
if (!count($clientInfo["notes"])) {
?>
<div class="small"><em>no records</em></div>
<?php
} else {
?>
<table border="0" cellpadding="0" cellspacing="0" class="smallQueryTable">
<tr>
<th align="left">type</th>
<th align="left">category</th>
<th align="left" width="100%">title</th>
<th align="center">done</th>
</tr>
<?php
foreach ($clientInfo["notes"] as $noterecord) {
if (strlen($noterecord["subject"]) > 17) {
$noterecord["subject"] = substr($noterecord["subject"], 0, 17) . "...";
}
if (strlen($noterecord["category"]) > 17) {
$noterecord["category"] = substr($noterecord["category"], 0, 17) . "...";
}
?>
<tr onclick="selectEdit(this,<?php
echo $noterecord["id"];
?>
,'note')" ondblclick="selectedNote=<?php
echo $noterecord["id"];
?>
;addEditRecord('edit','note','<?php
echo $noteEditFile;
?>
')">
<td><?php
echo $noterecord["type"];
?>
</td>
<td><?php
echo $noterecord["category"];
?>
</td>
<td><?php
echo $noterecord["subject"];
?>
</td>
<td align="center"><?php
echo booleanFormat($noterecord["completed"]);
?>
</td>
</tr>
<?php
}
?>
</table><?php
}
?>
</div>
</div>
</fieldset>
</div>
<div id="leftSideDiv">
<fieldset id="crTile" class="fs<?php
echo $clientInfo["type"];
?>
">
<h1>
<input type="hidden" id="theid" value="<?php
echo $clientInfo["id"];
?>
" />
<input type="hidden" id="theuuid" value="<?php
echo $clientInfo["uuid"];
?>
" />
<?php
if ($clientInfo["company"]) {
echo htmlQuotes($clientInfo["company"]);
} else {
echo htmlQuotes($clientInfo["firstname"] . " " . $clientInfo["lastname"]);
}
?>
<button id="viewClientButton" type="button" title="view client" class="graphicButtons buttonInfo" onclick="addEditRecord('edit','client','<?php
echo $clientEditFile;
?>
')"><span>view client</span></button></h1>
<?php
if ($clientInfo["company"] && $clientInfo["firstname"] && $clientInfo["lastname"]) {
?>
<p id="crName"><?php
echo htmlQuotes($clientInfo["firstname"]);
?>
<?php
echo htmlQuotes($clientInfo["lastname"]);
?>
</p><?php
}
//endif
?>
<?php
$location = "";
$location .= htmlQuotes($clientInfo["address1"]);
if ($clientInfo["address2"]) {
$location .= "<br />" . htmlQuotes($clientInfo["address2"]);
}
if ($clientInfo["city"] || $clientInfo["state"] || $clientInfo["postalcode"]) {
$location .= "<br/>" . htmlQuotes($clientInfo["city"]);
if ($clientInfo["city"] && $clientInfo["state"]) {
$location .= ", ";
}
$location .= htmlQuotes($clientInfo["state"]);
$location .= " " . htmlQuotes($clientInfo["postalcode"]);
}
//endif
if ($clientInfo["country"]) {
$location .= "<br />" . htmlQuotes($clientInfo["country"]);
}
if ($location == "") {
$location = "unspecified location";
}
?>
<p id="crLocation"><?php
echo $location;
?>
</p>
</fieldset>
<fieldset>
<legend>Contact</legend>
<?php
if ($clientInfo["workphone"] || $clientInfo["homephone"] || $clientInfo["mobilephone"] || $clientInfo["otherphone"] || $clientInfo["fax"]) {
?>
<p class="RDNames">phone</p>
<div class="fauxP RDData">
<ul>
<?php
if ($clientInfo["workphone"]) {
?>
<li><?php
echo $clientInfo["workphone"];
?>
(w)</li>
<?php
}
?>
<?php
if ($clientInfo["homephone"]) {
?>
<li><?php
echo $clientInfo["homephone"];
?>
(h)</li>
<?php
}
?>
<?php
if ($clientInfo["mobilephone"]) {
?>
<li><?php
echo $clientInfo["mobilephone"];
?>
(m)</li>
<?php
}
?>
<?php
if ($clientInfo["otherphone"]) {
?>
<li><?php
echo $clientInfo["otherphone"];
?>
(o)</li>
<?php
}
?>
<?php
if ($clientInfo["fax"]) {
?>
<li><?php
echo $clientInfo["fax"];
?>
(fax)</li>
<?php
}
?>
</ul>
</div>
<?php
}
?>
<?php
if ($clientInfo["email"]) {
?>
<p class="RDNames">e-mail</p>
<p class="RDData">
<button type="button" class="graphicButtons buttonEmail" onclick="document.location='mailto:<?php
echo $clientInfo["email"];
?>
'"><span>send email</span></button>
<a href="mailto:<?php
echo $clientInfo["email"];
?>
"><?php
echo htmlQuotes($clientInfo["email"]);
?>
</a>
</p>
<?php
}
?>
<?php
if ($clientInfo["webaddress"]) {
?>
<p class="RDNames">web site</p>
<p class="RDData">
<button type="button" class="graphicButtons buttonWWW" onclick="window.open('<?php
echo $clientInfo["webaddress"];
?>
')"><span>visit site</span></button>
<a href="<?php
echo $clientInfo["webaddress"];
?>
" target="_blank"><?php
echo htmlQuotes($clientInfo["webaddress"]);
?>
</a>
</p>
<?php
}
?>
</fieldset>
<fieldset>
<legend>Details</legend>
<?php
if ($clientInfo["becameclient"]) {
?>
<p class="RDNames">became client</p>
<p class="RDData">
<?php
echo formatVariable($clientInfo["becameclient"], "date");
?>
</p>
<?php
}
?>
<?php
if ($clientInfo["category"]) {
?>
<p class="RDNames">category</p>
<p class="RDData">
<?php
echo htmlQuotes($clientInfo["category"]);
?>
</p>
<?php
}
?>
<?php
if ($clientInfo["leadsource"]) {
?>
<p class="RDNames">lead source</p>
<p class="RDData">
<?php
echo htmlQuotes($clientInfo["leadsource"]);
?>
</p>
<?php
}
?>
<?php
if ($clientInfo["salesmanagerid"]) {
global $phpbms;
?>
<p class="RDNames">sales person</p>
<p class="RDData">
<?php
echo htmlQuotes($phpbms->getUserName($clientInfo["salesmanagerid"]));
?>
</p>
<?php
}
?>
</fieldset>
<?php
if ($clientInfo["comments"]) {
?>
<fieldset>
<legend>memo</legend>
<p>
<?php
echo htmlQuotes($clientInfo["comments"]);
?>
</p>
</fieldset>
<?php
}
?>
</div>
<p id="theclear"> </p>
</div>
<?php
}
</p>
<p><?php
$theform->showField("align");
?>
</p>
<p><?php
$theform->showField("wrap");
?>
</p>
<p>
<label for="size">column size</label><br />
<input id="size" name="size" type="text" value="<?php
echo htmlQuotes($thecolumn["size"]);
?>
" size="32" maxlength="128" /><br />
<span class="notes">HTML sizing conventions (e.g. 95%, or 150px)</span>
</p>
<p>
<?php
$theform->showField("format");
?>
<br />
<span class="notes">if you are using HTML code in your field, you will want to choose the no-encoding option, but special character in the database may not display correctly.</span>
</p>
<p>
<label for="sortorder">sorting</label><br />
<textarea id="sortorder" name="sortorder" cols="64" rows="2"><?php
echo $thecolumn["sortorder"];
function showTasks($type)
{
$querystatement = "\n\t\t\tSELECT\n\t\t\t\tid,\n\t\t\t\ttype,\n\t\t\t\tsubject,\n\t\t\t\tcompleted,\n\t\t\t\tif(enddate < CURDATE(),1,0) AS ispastdue,\n\t\t\t\tif(assignedtodate < CURDATE(),1,0) AS ispastassigneddate,\n\t\t\t\tstartdate,\n\t\t\t\tenddate,\n\t\t\t\tassignedtodate,\n\t\t\t\tprivate,\n\t\t\t\tassignedbyid,\n\t\t\t\tassignedtoid,\n\t\t\t\tIF(assignedtodate IS NOT NULL, assignedtodate, IF((enddate IS NOT NULL && type = 'TS'), enddate, IF((startdate IS NOT NULL && type = 'EV'), startdate, CURDATE()))) AS xdate\n\t\t\tFROM\n\t\t\t\tnotes\n\t\t\tWHERE";
switch ($type) {
case "ReceivedAssignments":
$querystatement .= "\n\t\t\t\t\t((\n\t\t\t\t\t\tassignedtoid = '" . $this->useruuid . "'\n\t\t\t\t\t\tOR \t(\n\t\t\t\t\t\t\ttype = 'TS'\n\t\t\t\t\t\t\tAND (assignedtoid = '' OR assignedtoid IS NULL)\n\t\t\t\t\t\t\tAND createdby = " . $this->userid . "\n\t\t\t\t\t\t\t)\n\t\t\t\t\t)\n\t\t\t\t\t\tAND \t(\n\t\t\t\t\t\t\tcompleted = 0\n\t\t\t\t\t\t\tOR \t(\n\t\t\t\t\t\t\t\tcompleted = 1\n\t\t\t\t\t\t\t\tAND completeddate >= CURDATE()\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t)\n\t\t\t\t\t)";
$title = "Assignments";
$id = "AS";
break;
case "GivenAssignments":
$querystatement .= "\n\t\t\t\t\t(assignedbyid = '" . $this->useruuid . "'\n\t\t\t\t\tAND (completed = 0\n\t\t\t\t\t\tOR (completed = 1 AND completeddate >= CURDATE())\n\t\t\t\t\t))";
$title = "Delegations";
$id = "DG";
break;
}
//endswitch
$querystatement .= "AND (\n\t\t\t\t\t(startdate IS NULL AND enddate IS NULL AND assignedtodate IS NULL)\n\t\t\t\t\tOR (startdate IS NOT NULL AND startdate <= DATE_ADD(CURDATE(),INTERVAL 30 DAY) AND enddate IS NULL AND assignedtodate IS NULL)\n\t\t\t\t\tOR (enddate IS NOT NULL AND enddate <= DATE_ADD(CURDATE(),INTERVAL 30 DAY))\n\t\t\t\t\tOR (assignedtodate IS NOT NULL AND assignedtodate <= DATE_ADD(CURDATE(),INTERVAL 30 DAY))\n\t\t\t\t )";
$querystatement .= " ORDER BY\n\t\t\t\timportance DESC,\n\t\t\t\txdate,\n\t\t\t\tsubject";
$queryresult = $this->db->query($querystatement);
$numRows = $this->db->numRows($queryresult);
?>
<h3 class="tasksLinks"><?php
echo $title;
if ($numRows) {
?>
<span class="small">(<?php
echo $numRows;
?>
)</span><?php
}
?>
</h3>
<div class="tasksDivs">
<div>
<?php
if ($numRows) {
$linkStart = getAddEditFile($this->db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1");
$section["title"] = "Today";
$section["date"] = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
while ($therecord = $this->db->fetchArray($queryresult)) {
$className = "tasks";
if ($therecord["completed"]) {
$className .= " complete";
} else {
if ($therecord["ispastdue"] || $therecord["ispastassigneddate"]) {
$className .= " pastDue";
}
}
if ($therecord["private"]) {
$className .= " private";
}
$className .= " " . $therecord["type"];
$checkBoxID = $id . $therecord["type"] . "C" . $therecord["id"];
$link = $linkStart . "?id=" . $therecord["id"] . "&backurl=" . APP_PATH . "modules/base/snapshot.php";
$rightSide = "";
if ($therecord["assignedtodate"]) {
$rightSide .= "FUP: " . formatFromSQLDate($therecord["assignedtodate"]) . "<br />";
}
switch ($therecord["type"]) {
case "TS":
if ($therecord["enddate"]) {
$rightSide .= "Due: " . formatFromSQLDate($therecord["enddate"]) . "<br />";
}
break;
case "EV":
$rightSide .= "Start: " . formatFromSQLDate($therecord["startdate"]) . "<br />";
$rightSide .= "End: " . formatFromSQLDate($therecord["enddate"]) . "<br />";
break;
}
//endswitch
if (!$rightSide) {
$rightSide = " ";
}
$bottomInfo = "";
switch ($type) {
case "ReceivedAssignments":
if ($therecord["assignedbyid"]) {
$bottomInfo = "Assigned By: " . htmlQuotes($this->phpbms->getUserName($therecord["assignedbyid"], true));
}
break;
case "GivenAssignments":
$bottomInfo = "Assigned To: " . htmlQuotes($this->phpbms->getUserName($therecord["assignedtoid"], true));
break;
}
//endswitch
// Looking for grouping changes in headers (3 days, 4-7 days, > 7 days)
$xdate = stringToDate($therecord["xdate"], "SQL");
if ($xdate > $section["date"]) {
while ($xdate > $section["date"]) {
switch ($section["title"]) {
case "Today":
$section["title"] = "Soon";
$section["date"] = mktime(0, 0, 0, date("m"), date("d") + 7, date("Y"));
break;
case "Soon":
$section["title"] = "Later";
$section["date"] = mktime(0, 0, 0, 1, 1, 2038);
break;
case "Later":
//should never be here
$section["date"] = $xdate;
}
//end switch
}
//endwhile
?>
<div class="taskSection"><?php
echo $section["title"];
?>
</div><?php
}
//end if
?>
<div id="<?php
echo $id . $therecord["id"];
?>
" class="<?php
echo $className;
?>
">
<span class="taskRight"><?php
echo $rightSide;
?>
</span>
<input class="radiochecks taskChecks" id="<?php
echo $checkBoxID;
?>
" name="<?php
echo $checkBoxID;
?>
" type="checkbox" value="1" <?php
if ($therecord["completed"]) {
echo 'checked="checked"';
}
?>
align="middle" />
<a href="<?php
echo $link;
?>
"><?php
echo htmlQuotes($therecord["subject"]);
?>
</a>
<?php
if ($bottomInfo) {
?>
<p><?php
echo $bottomInfo;
?>
</p>
<?php
}
//endif
?>
</div>
<?php
}
//endwhile
} else {
?>
<p class="small disabledtext">no <?php
echo strtolower($title);
?>
</p><?php
}
?>
</div>
</div> <?php
}
<input name="state" type="text" id="state" value="<?php echo htmlQuotes($therecord["state"]); ?> " size="10" maxlength="20" /> </p> <p> <label for="postalcode">zip/postal code</label><br /> <input name="postalcode" type="text" id="postalcode" value="<?php echo htmlQuotes($therecord["postalcode"]); ?> " size="12" maxlength="15" /> </p> <p> <label for="country">country</label><br /> <input id="country" name="country" type="text" value="<?php echo htmlQuotes($therecord["country"]); ?> " size="44" maxlength="128" /> </p> </fieldset> <fieldset> <legend><label for="comments">memo</label></legend> <p> <textarea name="comments" cols="20" rows="10" id="comments"><?php echo $therecord["comments"]; ?> </textarea> </p>
$theform->showField("category");
?>
</p>
</fieldset>
</div>
<div id="leftSideDiv">
<fieldset>
<legend><label for="content">memo</label></legend>
<p id="timeStampP">
<button id="timeStampButton" type="button" class="graphicButtons buttonTimeStamp" accesskey="t" title="Add time stamp to memo (Access Key - t)">time stamp</button>
</p>
<p>
<textarea name="content" cols="45" rows="23" id="content"><?php
echo htmlQuotes($therecord["content"]);
?>
</textarea>
<input id = "username" type="hidden" value="<?php
echo formatVariable(trim($_SESSION["userinfo"]["firstname"] . " " . $_SESSION["userinfo"]["lastname"]));
?>
" />
</p>
</fieldset>
</div>
<div id="repeatDiv">
<div <?php
if ($therecord["parentid"]) {
echo 'style="display:none;"';
function display()
{
if ($this->displayLabel) {
$this->showLabel();
}
if (!isset($this->_attributes["class"])) {
$this->_attributes["class"] = "";
} else {
$this->_attributes["class"] = " " . $this->_attributes["class"];
}
$this->_attributes["class"] = "inputSmartSearch" . $this->_attributes["class"];
?>
<input type="hidden" name="<?php
echo $this->id;
?>
" id="<?php
echo $this->id;
?>
" value="<?php
echo $this->value;
?>
" />
<input type="hidden" id="sff-<?php
echo $this->id;
?>
" value="<?php
echo (int) $this->allowFreeForm;
?>
"/>
<input type="hidden" id="sdbid-<?php
echo $this->id;
?>
" value="<?php
echo $this->searchInfo["id"];
?>
"/>
<input type="text" name="ds-<?php
echo $this->id;
?>
" id="ds-<?php
echo $this->id;
?>
" title="Use % for wildcard searches." <?php
$this->displayAttributes();
?>
value="<?php
echo htmlQuotes($this->displayValue);
?>
"/><?php
}
<p>
<label for="company_phone">phone number</label><br />
<input id="company_phone" name="company_phone" type="text" value="<?php
echo htmlQuotes($therecord["company_phone"]);
?>
" size="40" maxlength="128" />
</p>
<?php
if (isset($therecord["company_taxid"])) {
?>
<p>
<label for="company_taxid">company tax id</label><br />
<input id="company_taxid" name="company_taxid" type="text" value="<?php
echo htmlQuotes($therecord["company_taxid"]);
?>
" size="40" maxlength="128" />
</p>
<?php
}
//endif - tax id
?>
<div class="fauxP">
print logo
<div id="graphicHolder"><img alt="logo" src="<?php
echo APP_PATH;
?>
dbgraphic.php?t=file&r=1" /></div>
</div>
}
?>
name="radio" onclick="showTypeDetails();" class="radiochecks" /><label for="type3">page link</label><br />
<img src="menu-example-link.png" width="220" height="167" class="typeImage" alt="page link" />
</p>
</fieldset>
</div>
<div id="details">
<fieldset>
<legend>link / parent</legend>
<p id="thelink">
<label for="link">link</label> <span class="notes">(URL)</span><br />
<input id="link" name="link" type="text" value="<?php
if (substr($therecord["link"], 0, 10) != "search.php") {
echo htmlQuotes($therecord["link"]);
}
?>
" size="64" maxlength="255" />
</p>
<p id="thetabledef">
<label for="linkdropdown">table definition</label><br />
<?php
$thetable->displayTableDropDown($therecord["link"]);
?>
</p>
<p>
parent<br/>
<?php
$thetable->displayParentDropDown($therecord["parentid"], $therecord["uuid"]);
?>
?> <noscript> <p class="standout" align="center">JavaScript is disabled.</p> <p> Please check browser requirements.</p> </noscript> <form name="form1" method="post" action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?> "> <p> <label for="username">name</label><br /> <input name="name" type="text" id="username" size="25" maxlength="64" value="<?php echo htmlQuotes($_POST["name"]); ?> " disabled="disabled"/> </p> <p> <label for="password">password</label><br /> <input name="password" type="password" id="password" size="25" maxlength="24" disabled="disabled"/> </p> <p id="moreinfoButtonP"><button id="moreinfoButton" type="button" class="graphicButtons buttonInfo"><span>more info</span></button></p> <p id="buttonP"><button class="Buttons" type="submit" id="loginButton" disabled="disabled">Log In</button></p> </form>
echo "style=\"display:none;\""; } ?> > <p> <label for="defaultcriteriafindoptions">criteria: selected find option</label> <span class="notes">(quick search)</span><br/> <textarea id="defaultcriteriafindoptions" name="defaultcriteriafindoptions" cols="32" rows="2"><?php echo htmlQuotes($therecord["defaultcriteriafindoptions"]); ?> </textarea> </p> <p> <label for="defaultcriteriaselection">criteria: selected search field</label><br /> <textarea id="defaultcriteriaselection" name="defaultcriteriaselection" cols="32" rows="2" ><?php echo htmlQuotes($therecord["defaultcriteriaselection"]); ?> </textarea> </p> </div> </fieldset> <?php $theform->showCustomFields($db, $thetable->customFieldsQueryResult); ?> </div> <?php $theform->showGeneralInfo($phpbms, $therecord); $theform->endForm();
?>
</div>
<?php
}
?>
<p id="uploadlabel">
<label for="upload">upload new file</label><br />
<input id="upload" name="upload" type="file" size="64" tabindex="260" />
</p>
<?php
}
?>
<p id="descriptionlabel">
<label for="content">description</label><br />
<textarea name="description" cols="45" rows="4" id="content"><?php
echo htmlQuotes($therecord["description"]);
?>
</textarea>
</p>
</fieldset>
<?php
if ($therecord["id"]) {
$attchmentsquery = getAttachments($db, $therecord["uuid"]);
if ($db->numRows($attchmentsquery)) {
?>
<h2>Record Attachments</h2>
<div class="fauxP">
<div style="" class="smallQueryTableHolder">
<table border="0" cellpadding="0" cellspacing="0" class="smallQueryTable">
<tr>
<th align="left">table</th>
<fieldset>
<legend>estimate charges</legend>
<p><br />
<?php
$theform->showField("canestimate");
?>
</p>
<p id="pEstimationscript" <?php
if ($therecord["canestimate"]) {
echo "style=\"display:block\" ";
}
?>
>
<label for="estimationscript">estimation script</label><br />
<input id="estimationscript" name="estimationscript" type="text" value="<?php
echo htmlQuotes($therecord["estimationscript"]);
?>
" size="64" maxlength="128"/>
</p>
</fieldset>
<?php
$theform->showCustomFields($db, $thetable->customFieldsQueryResult);
?>
</div>
<?php
$theform->showGeneralInfo($phpbms, $therecord);
$theform->endForm();
?>
function displayWeek($userid, $dayInWeek = null)
{
// Creates a week view calendar for the widget
if (!$dayInWeek) {
$dayInWeek = mktime(0, 0, 0);
}
$firstDay = $dayInWeek;
$dayArray = localtime($firstDay, true);
while ($dayArray["tm_wday"] != 0) {
$firstDay = strtotime("yesterday", $firstDay);
$dayArray = localtime($firstDay, true);
}
//endwhile
//build the initial array
$events = array();
$lastDay = strtotime("6 days", $firstDay);
$tempDay = $firstDay;
for ($i = 0; $i < 7; $i++) {
$events["d" . $tempDay] = array();
$tempDay = strtotime("tomorrow", $tempDay);
}
//endfor
//first lets get the regular events in the timeframe;
$querystatement = "\n SELECT\n notes.id,\n notes.startdate,\n notes.starttime,\n notes.enddate,\n notes.endtime,\n notes.subject\n FROM\n notes\n WHERE\n (\n notes.private = 0\n OR notes.createdby=" . $userid . "\n )\n AND notes.type='EV'\n AND notes.repeating = 0\n AND notes.startdate >= '" . dateToString($firstDay, "SQL") . "'\n AND notes.startdate <= '" . dateToString($lastDay, "SQL") . "'";
$queryresult = $this->db->query($querystatement);
while ($therecord = $this->db->fetchArray($queryresult)) {
$events["d" . stringToDate($therecord["startdate"], "SQL")]["t" . stringToTime($therecord["starttime"], "24 Hour")][] = $therecord;
}
//next we do recurring events
$querystatement = "\n SELECT\n notes.id,\n notes.startdate,\n notes.starttime,\n notes.enddate,\n notes.endtime,\n notes.subject,\n notes.repeattype,\n notes.repeatevery,\n notes.firstrepeat,\n notes.lastrepeat,\n notes.timesrepeated,\n notes.repeatontheday,\n notes.repeatontheweek,\n notes.repeateachlist,\n notes.repeatuntil,\n notes.repeattimes\n FROM\n notes\n WHERE\n repeating =1\n AND (\n notes.private = 0\n OR notes.createdby=" . $userid . "\n ) AND notes.type='EV'\n AND (\n notes.repeatuntil IS NULL\n OR notes.repeatuntil >= '" . dateToString($firstDay, "SQL") . "'\n )\n AND (\n notes.repeattimes IS NULL\n OR notes.repeattimes > notes.timesrepeated\n )";
$queryresult = $this->db->query($querystatement);
$thetable = new notes($this->db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1");
while ($therecord = $this->db->fetchArray($queryresult)) {
$dateArray = $thetable->getValidInRange(stringToDate($therecord["startdate"], "SQL"), $lastDay, $therecord);
foreach ($dateArray as $date) {
if ($date >= $firstDay && $date <= $lastDay) {
if ($therecord["enddate"]) {
$therecord["enddate"] = dateToString($date + (stringToDate($therecord["enddate"], "SQL") - stringToDate($therecord["startdate"], "SQL")), "SQL");
}
$therecord["startdate"] = dateToString($date, "SQL");
$events["d" . $date]["t" . stringToTime($therecord["starttime"], "24 Hour")][] = $therecord;
}
//endif
}
//endforeach
}
//endwhile
$querystatement = "\n SELECT\n DECODE(password,'" . ENCRYPTION_SEED . "') AS decpass\n FROM\n users\n WHERE\n id=" . $_SESSION["userinfo"]["id"];
$queryresult = $this->db->query($querystatement);
$passrec = $this->db->fetchArray($queryresult);
$icallink = "?u=" . $_SESSION["userinfo"]["id"] . "&h=" . md5("phpBMS" . $_SESSION["userinfo"]["firstname"] . $_SESSION["userinfo"]["lastname"] . $_SESSION["userinfo"]["id"] . $passrec["decpass"]);
?>
<input type="hidden" id="eventDateLast" value="<?php
echo strtotime("-7 days", $firstDay);
?>
" />
<input type="hidden" id="eventDateToday" value="<?php
echo mktime(0, 0, 0);
?>
" />
<input type="hidden" id="eventDateNext" value="<?php
echo strtotime("tomorrow", $lastDay);
?>
" />
<ul id="eventButtons">
<li id="icalLi"><a href="ical.php<?php
echo $icallink;
?>
" title="ical subscription link" id="icalA"><span>ical</span></a> </li>
<li><button id="eventLastWeek" type="button" title="previous week" class="smallButtons"><span><<</span></button></li>
<li><button id="eventToday" type="button" title="today" class="smallButtons"><span>today</span></button></li>
<li><button id="eventNextWeek" type="button" title="next week" class="smallButtons"><span>>></span></button></li>
</ul>
<table border="0" cellspacing="0" cellpadding="0" width="100%" id="eventsList"><?php
foreach ($events as $date => $times) {
?>
<tr class="eventDayName" <?php
if (mktime(0, 0, 0) === (int) str_replace("d", "", $date)) {
echo 'id="today"';
}
?>
>
<td nowrap="nowrap"><?php
echo @strftime("%A", (int) str_replace("d", "", $date));
?>
</td>
<td width="100%" align="right"><?php
echo @strftime("%b %e %Y", (int) str_replace("d", "", $date));
?>
</td>
</tr><?php
if (count($times)) {
ksort($times);
foreach ($times as $time => $timeevents) {
foreach ($timeevents as $event) {
?>
<tr>
<td nowrap="nowrap" valign="top" align="right"><?php
echo formatFromSQLTime($event["starttime"]);
?>
</td>
<td valign="top" ><a href="<?php
echo getAddEditFile($this->db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1") . "?id=" . $event["id"];
?>
&backurl=snapshot.php"><?php
echo htmlQuotes($event["subject"]);
?>
</a></td>
</tr><?php
}
//endforeach events
}
//endforeach time
} else {
?>
<tr>
<td class="disabledtext" align="right">no events</td>
<td> </td>
</tr><?php
}
// endif
}
//endforeach day
?>
</table><?php
}
function getTax($uuid)
{
$therecord["name"] = "";
if ($uuid) {
$uuid = mysql_real_escape_string($uuid);
$querystatement = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t`name`,\n\t\t\t\t\t\t`percentage`\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`tax`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`uuid`='" . $uuid . "'\n\t\t\t\t";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult)) {
$therecord = $this->db->fetchArray($queryresult);
}
} else {
$therecord["name"] = NULL;
$therecord["percentage"] = NULL;
}
$therecord["name"] = htmlQuotes($therecord["name"]);
return $therecord;
}