function getLink($table = '', $linkField = '', $pk = '', $id = '', $path = '')
{
if (!$id || !$table || !$linkField || !$pk) {
// default link to return
exit;
}
if (preg_match('/^Lookup: (.*?)::(.*?)::(.*?)$/', $path, $m)) {
$linkID = makeSafe(sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'"));
$link = sqlValue("select `{$m[3]}` from `{$m[1]}` where `{$m[2]}`='{$linkID}'");
} else {
$link = sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'");
}
if (!$link) {
exit;
}
if (preg_match('/^(http|ftp)/i', $link)) {
// if the link points to an external url, don't prepend path
$path = '';
} elseif (!is_file(dirname(__FILE__) . "/{$path}{$link}")) {
// if the file doesn't exist in the given path, try to find it without the path
$path = '';
}
@header("Location: {$path}{$link}");
exit;
}
/**
* Return file as response
* @param $filePath path of file to return
* @param $fileName name of file to return
*/
function forceDownload($filePath, $fileName)
{
header("Cache-Control: private");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=" . makeSafe(transliterate($fileName)));
header("Content-Type: audio/mpeg");
header("Content-length: " . filesize($filePath));
readfile($filePath);
}
/**
* Deletes a file
* @param string The relative folder path to the file
*/
function delete_file($listdir)
{
josSpoofCheck(null, null, 'get');
$delFile = makeSafe(mosGetParam($_REQUEST, 'delFile', ''));
$fullPath = COM_MEDIA_BASE . $listdir . DIRECTORY_SEPARATOR . stripslashes($delFile);
if (file_exists($fullPath)) {
unlink($fullPath);
}
}
public function hate()
{
$deal_id = makeSafe($this->input->post('did'));
if ($this->session->userdata('id_user') != "") {
$retData = $this->deal_model->hate($deal_id);
} else {
$retData = array('DEAL_ID' => $deal_id, 'STAT' => false, 'MSG' => 'Login to avail this faility');
}
echo json_encode($retData);
}
public function login()
{
$data['msg'] = "";
$user_name = makeSafe($this->input->post('email'));
$user_pass = makeSafe($this->input->post('pass'));
if ($this->user_model->check_user($user_name, $user_pass)) {
echo 1;
} else {
echo 0;
}
}
public function post_comment()
{
$data = array('DEAL_ID' => makeSafe($this->input->post('did')), 'USER_ID' => $this->session->userdata('id_user'), 'COMMENT' => makeSafe($this->input->post('cmt')), 'IP' => $this->input->ip_address());
$this->db->insert('deal_comments', $data);
$dataR['comment_id'] = $this->db->insert_id();
$dataR['comment'] = makeSafe($this->input->post('cmt'));
$dataR['user_image'] = $this->session->userdata('user_image_url');
$dataR['full_name'] = $this->session->userdata('full_name');
$dataR['time'] = "Just Now";
return json_encode($dataR);
}
/**
* This hook function is called when send mail.
* @param $mail_info
* An array contains mail information : to,cc,bcc,subject,message
**/
function smtp_mail($mail_info)
{
/* include phpmailer library */
require dirname(__FILE__) . "/phpmailer/class.phpmailer.php";
require dirname(__FILE__) . "/phpmailer/class.smtp.php";
/* create mail_log table if it doesn't exist */
$database_tabels = str_split(sqlValue("SHOW TABLES"));
$exist = in_array('mail_log', $database_tabels) ? True : False;
if (!$exist) {
$sql = "CREATE TABLE IF NOT EXISTS `mail_log` (\r\n\t\t\t\t\t`mail_id` int(15) NOT NULL AUTO_INCREMENT,\r\n\t\t\t\t\t`to` varchar(225) NOT NULL,\r\n\t\t\t\t\t`cc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`bcc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`subject` varchar(225) NOT NULL,\r\n\t\t\t\t\t`body` text NOT NULL,\r\n\t\t\t\t\t`senttime` int(15) NOT NULL,\r\n\t\t\t\t\tPRIMARY KEY (`mail_id`)\r\n\t\t\t\t ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;\r\n\t\t\t\t ";
sql($sql, $eo);
}
/* SMTP configuration*/
$mail = new PHPMailer();
$mail->isSMTP();
// telling the class to use SMTP
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->isHTML(true);
// Set email format to HTML
$mail->SMTPDebug = 0;
// Enable verbose debug output
$mail->Username = SMTP_USER;
// SMTP username
$mail->Password = SMTP_PASSWORD;
// SMTP password
$mail->SMTPSecure = SMTP_SECURE;
// Enable TLS encryption, `ssl` also accepted
$mail->Port = SMTP_PORT;
// TCP port to connect to
$mail->FromName = SMTP_FROM_NAME;
$mail->From = SMTP_FROM;
$mail->Host = SMTP_SERVER;
// SMTP server
$mail->setFrom(SMTP_FROM, SMTP_FROM_NAME);
/* send to */
$mail->addAddress($mail_info['to']);
$mail->addCC($mail_info['cc']);
$mail->addBCC(SMTP_BCC);
$mail->Subject = $mail_info['subject'];
$mail->Body = $mail_info['message'];
if (!$mail->send()) {
return FALSE;
}
/* protect against malicious SQL injection attacks */
$to = makeSafe($mail_info['to']);
$cc = makeSafe($mail_info['cc']);
$bcc = makeSafe(SMTP_BCC);
$subject = makeSafe($mail_info['subject']);
$message = makeSafe($mail_info['message']);
sql("INSERT INTO `mail_log` (`to`,`cc`,`bcc`,`subject`,`body`,`senttime`) VALUES ('{$to}','{$cc}','{$bcc}','{$subject}','{$message}',unix_timestamp(NOW()))", $eo);
return TRUE;
}
/** Contact Form **/
function TB_ContactForm($emailTo, $emailCC = FALSE, $sentHeading = 'Your message has been successfully submitted..', $sentMessage = 'We will get back to you asap.')
{
if (isset($_POST['contact_submit'])) {
$error = "";
$fullname = makeSafe($_POST['fullname']);
$email = makeSafe($_POST['email']);
$phone = makeSafe($_POST['phone']);
$message = makesafe($_POST['message']);
$subject = "Enquiry from Canareef Resort Maldives";
$from_name = "Canareef";
$from_email = "*****@*****.**";
if (empty($fullname)) {
$error['fullname'] = "Your Name";
}
if (empty($email) || !isValidEmail($email)) {
$error['email'] = "Your Email";
}
if (empty($message)) {
$error['message'] = "Your Message";
}
if (!empty($_POST['antispam'])) {
echo '<p>We don’t appreciate spam.</p>';
} elseif (!empty($error)) {
TB_DisplayForm($error);
} else {
$content = __('Name') . ' : ' . $fullname . "\n" . __('Email') . ' : ' . $email . "\n" . __('Phone Number') . ' : ' . $phone . "\n" . __('Message') . " : \n" . $message . "\n\n";
$headers = 'From: =?UTF-8?B?' . base64_encode($fullname) . '?= <' . $email . '>' . "\r\n";
// $headers = 'From: =?UTF-8?B?'.base64_encode($from_name).'?= <'.$from_email.'>'."\r\n";
$emailBCC = '';
if ($emailCC) {
$headers .= 'CC: ' . $emailCC . "\r\n";
}
if ($emailBCC != '') {
$headers .= 'BCC: ' . $emailBCC . "\r\n";
}
$headers .= 'Reply-To: ' . $email . "\r\n";
$headers .= 'Content-type: text/plain; charset=UTF-8';
if (mail($emailTo, $subject, $content, $headers)) {
echo '<a id="contact-status" name="status"></a>' . "\n";
echo '<p class="tbSuccess">' . __($sentHeading) . ' ' . __($sentMessage) . '</p>' . "\n";
$fullname = "";
$email = "";
$phone = "";
$message = "";
} else {
$error['sendemail'] = "Email could not be sent.";
}
TB_DisplayForm($error);
}
} else {
TB_DisplayForm();
}
}
public function activate()
{
$user_id = $this->input->post('actid');
$act_code = makeSafe($this->input->post('user_input'));
$sql = "Select * FROM user_details where md5(USER_ID)='" . makeSafe($user_id) . "' and ACT_CODE='" . $act_code . "'";
$query = $this->db->query($sql);
if ($query->num_rows() > 0) {
$sql = "UPDATE user_details set ACTIVATED='Y' where md5(USER_ID)='" . makeSafe($user_id) . "' and ACT_CODE='" . $act_code . "'";
$query = $this->db->query($sql);
echo "Your account has been activated,Login to your account and post Deals ";
} else {
return "Invalid Activation COde";
}
}
/** Contact Form **/
function TB_ContactForm($emailTo, $emailCC = FALSE, $sentHeading = 'Your message was sent successfully.', $sentMessage = 'We will get back to you soon.')
{
if (isset($_POST['contact_submit'])) {
$error = "";
$fullname = makeSafe($_POST['fullname']);
$email = makeSafe($_POST['email']);
$phone = makeSafe($_POST['phone']);
$message = makesafe($_POST['message']);
$subject = "Enquiry from Estadia by Hatten";
if (empty($fullname)) {
$error['fullname'] = "Your name";
}
if (empty($email) || !isValidEmail($email)) {
$error['email'] = "Email Address";
}
if (empty($message)) {
$error['message'] = "General Enquiry";
}
if (!empty($_POST['antispam'])) {
echo '<p>We don’t appreciate spam.</p>';
} elseif (!empty($error)) {
TB_DisplayForm($error);
} else {
$content = __('Name') . ' : ' . $fullname . "\n\n" . __('Email Address') . ' : ' . $email . "\n\n" . __('Contact No.') . ' : ' . $phone . "\n\n" . __('General Enquiry') . " : \n\n" . $message . "\n\n";
$headers = 'From: =?UTF-8?B?' . base64_encode($fullname) . '?= <' . $email . '>' . "\r\n";
$emailBCC = '';
if ($emailCC) {
$headers .= 'CC: ' . $emailCC . "\r\n";
}
if ($emailBCC != '') {
$headers .= 'BCC: ' . $emailBCC . "\r\n";
}
$headers .= 'Reply-To: ' . $email . "\r\n";
$headers .= 'Content-type: text/plain; charset=UTF-8';
if (mail($emailTo, $subject, $content, $headers)) {
echo '<a id="contact-status" name="status"></a>' . "\n";
echo '<p class="tbSuccess">' . __($sentHeading) . ' ' . __($sentMessage) . '</p>' . "\n";
} else {
$error['sendemail'] = "Email could not be sent.";
}
TB_DisplayForm($error);
}
} else {
TB_DisplayForm();
}
}
<?php
$d = dirname(__FILE__);
require "{$d}/incCommon.php";
include "{$d}/incHeader.php";
// process search
$memberID = makeSafe(strtolower($_GET['memberID']));
$groupID = intval($_GET['groupID']);
$tableName = makeSafe($_GET['tableName']);
// process sort
$sortDir = $_GET['sortDir'] ? 'desc' : '';
$sort = makeSafe($_GET['sort']);
if ($sort != 'dateAdded' && $sort != 'dateUpdated') {
// default sort is newly created first
$sort = 'dateAdded';
$sortDir = 'desc';
}
if ($sort) {
$sortClause = "order by {$sort} {$sortDir}";
}
if ($memberID != '') {
$where .= ($where ? " and " : "") . "r.memberID like '{$memberID}%'";
}
if ($groupID != '') {
$where .= ($where ? " and " : "") . "g.groupID='{$groupID}'";
}
if ($tableName != '') {
$where .= ($where ? " and " : "") . "r.tableName='{$tableName}'";
}
if ($where) {
$where = "where {$where}";
$permissionsJoin = $permissionsWhere ? ", `membership_userrecords`" : '';
// build the count query
$forcedWhere = $userPCConfig[$ChildTable][$ChildLookupField]['forced-where'];
$query = preg_replace('/^select .* from /i', 'SELECT count(1) FROM ', $userPCConfig[$ChildTable][$ChildLookupField]['query']) . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'";
$totalMatches = sqlValue($query);
// make sure $Page is <= max pages
$maxPage = ceil($totalMatches / $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']);
if ($Page > $maxPage) {
$Page = $maxPage;
}
// initiate output data array
$data = array('config' => $userPCConfig[$ChildTable][$ChildLookupField], 'parameters' => array('ChildTable' => $ChildTable, 'ChildLookupField' => $ChildLookupField, 'SelectedID' => $SelectedID, 'Page' => $Page, 'SortBy' => $SortBy, 'SortDirection' => $SortDirection, 'Operation' => 'get-records'), 'records' => array(), 'totalMatches' => $totalMatches);
// build the data query
if ($totalMatches) {
// if we have at least one record, proceed with fetching data
$startRecord = $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page'] * ($Page - 1);
$data['query'] = $userPCConfig[$ChildTable][$ChildLookupField]['query'] . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'" . ($SortBy !== false && $userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy] ? " ORDER BY {$userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy]} {$SortDirection}" : '') . " LIMIT {$startRecord}, {$userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']}";
$res = sql($data['query'], $eo);
while ($row = db_fetch_row($res)) {
$data['records'][$row[$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key-index']]] = $row;
}
} else {
// if no matching records
$startRecord = 0;
}
$response = loadView($userPCConfig[$ChildTable][$ChildLookupField]['template'], $data);
// change name space to ensure uniqueness
$uniqueNameSpace = $ChildTable . ucfirst($ChildLookupField) . 'GetRecords';
echo str_replace("{$ChildTable}GetChildrenRecordsList", $uniqueNameSpace, $response);
/************************************************/
}
function getValueGivenCaption($query, $caption)
{
if (!preg_match('/select\\s+(.*?)\\s*,\\s*(.*?)\\s+from\\s+(.*?)\\s+order by.*/i', $query, $m)) {
if (!preg_match('/select\\s+(.*?)\\s*,\\s*(.*?)\\s+from\\s+(.*)/i', $query, $m)) {
return '';
}
}
// get where clause if present
if (preg_match('/\\s+from\\s+(.*?)\\s+where\\s+(.*?)\\s+order by.*/i', $query, $mw)) {
$where = "where ({$mw['2']}) AND";
$m[3] = $mw[1];
} else {
$where = 'where';
}
$caption = makeSafe($caption);
return sqlValue("SELECT {$m['1']} FROM {$m['3']} {$where} {$m['2']}='{$caption}'");
}
<?php
$currDir = dirname(__FILE__);
require "{$currDir}/incCommon.php";
include "{$currDir}/incHeader.php";
if ($_GET['searchGroups'] != "") {
$searchSQL = makeSafe($_GET['searchGroups']);
$searchHTML = htmlspecialchars($_GET['searchGroups']);
$where = "where name like '%{$searchSQL}%' or description like '%{$searchSQL}%'";
} else {
$searchSQL = '';
$searchHTML = '';
$where = "";
}
$numGroups = sqlValue("select count(1) from membership_groups {$where}");
if (!$numGroups && $searchSQL != '') {
echo "<div class=\"status\">{$Translation['no matching results found']}</div>";
$noResults = true;
$page = 1;
} else {
$noResults = false;
}
$page = intval($_GET['page']);
if ($page < 1) {
$page = 1;
} elseif ($page > ceil($numGroups / $adminConfig['groupsPerPage']) && !$noResults) {
redirect("admin/pageViewGroups.php?page=" . ceil($numGroups / $adminConfig['groupsPerPage']));
}
$start = ($page - 1) * $adminConfig['groupsPerPage'];
?>
<div class="page-header"><h1><?php
function categories_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('categories');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `categories` where `CategoryID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
} else {
}
ob_start();
?>
<script>
// initial lookup values
jQuery(function() {
});
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/categories_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/categories_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Add/Edit Product Categories', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#Picture').replaceWith('<div class=\"form-control-static\" id=\"Picture\">' + (jQuery('#Picture').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#CategoryName').replaceWith('<div class=\"form-control-static\" id=\"CategoryName\">' + (jQuery('#CategoryName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(CategoryID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Picture)%%>', $noUploads ? '' : '<input type=hidden name=MAX_FILE_SIZE value=204800>' . $Translation['upload image'] . ' <input type="file" name="Picture" id="Picture">', $templateCode);
if ($AllowUpdate && $row['Picture'] != '') {
$templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '<br><input type="checkbox" name="Picture_remove" id="Picture_remove" value="1"> <label for="Picture_remove" style="color: red; font-weight: bold;">' . $Translation['remove image'] . '</label>', $templateCode);
} else {
$templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '', $templateCode);
}
$templateCode = str_replace('<%%UPLOADFILE(CategoryName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Description)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(CategoryID)%%>', htmlspecialchars($row['CategoryID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode($urow['CategoryID']), $templateCode);
$row['Picture'] = $row['Picture'] != '' ? $row['Picture'] : 'blank.gif';
$templateCode = str_replace('<%%VALUE(Picture)%%>', htmlspecialchars($row['Picture'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Picture)%%>', urlencode($urow['Picture']), $templateCode);
$templateCode = str_replace('<%%VALUE(CategoryName)%%>', htmlspecialchars($row['CategoryName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode($urow['CategoryName']), $templateCode);
if ($AllowUpdate || $AllowInsert) {
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5">' . htmlspecialchars($row['Description'], ENT_QUOTES, 'iso-8859-1') . '</textarea>', $templateCode);
} else {
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', $row['Description'], $templateCode);
}
$templateCode = str_replace('<%%VALUE(Description)%%>', nl2br($row['Description']), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Description)%%>', urlencode($urow['Description']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(CategoryID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Picture)%%>', 'blank.gif', $templateCode);
$templateCode = str_replace('<%%VALUE(CategoryName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5"></textarea>', $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: categories_dv
if (function_exists('categories_dv')) {
$args = array();
categories_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$search_term = false;
if (isset($_REQUEST['s'])) {
$search_term = iconv('UTF-8', datalist_db_encoding, $_REQUEST['s']);
}
$page = intval($_REQUEST['p']);
if ($page < 1) {
$page = 1;
}
$skip = $results_per_page * ($page - 1);
$table_name = $_REQUEST['t'];
if (!in_array($table_name, array_keys(getTableList()))) {
/* invalid table */
echo '{"results":[{"id":"","text":"Invalid table"}],"more":false,"elapsed":0}';
exit;
}
/* if id is provided, get owner */
$owner = false;
if ($id) {
$owner = sqlValue("select memberID from membership_userrecords where tableName='{$table_name}' and pkValue='" . makeSafe($id) . "'");
}
$prepared_data = array();
$where = "g.name!='{$adminConfig['anonymousGroup']}' and p.allowView>0 ";
if ($search_term) {
$search_term = makeSafe($search_term);
$where .= "and (u.memberID like '%{$search_term}%' or g.name like '%{$search_term}%')";
}
$res = sql("select u.memberID, g.name from membership_users u left join membership_groups g on u.groupID=g.groupID left join membership_grouppermissions p on g.groupID=p.groupID and p.tableName='{$table_name}' where {$where} order by g.name, u.memberID limit {$skip}, {$results_per_page}", $eo);
while ($row = db_fetch_row($res)) {
$prepared_data[] = array('id' => iconv(datalist_db_encoding, 'UTF-8', $row[0]), 'text' => iconv(datalist_db_encoding, 'UTF-8', "<b>{$row[1]}</b>/{$row[0]}"));
}
echo json_encode(array('results' => $prepared_data, 'more' => @db_num_rows($res) >= $results_per_page, 'elapsed' => round(microtime(true) - $start_ts, 3)));
require "{$d}/incCommon.php";
// request to save changes?
if ($_POST['saveChanges'] != '') {
// validate data
$recID = intval($_POST['recID']);
$memberID = makeSafe(strtolower($_POST['memberID']));
$groupID = intval($_POST['groupID']);
###############################
// update ownership
$upQry = "UPDATE `membership_userrecords` set memberID='{$memberID}', groupID='{$groupID}' WHERE recID='{$recID}'";
sql($upQry);
// redirect to member editing page
redirect("pageEditOwnership.php?recID={$recID}");
} elseif ($_GET['recID'] != '') {
// we have an edit request for a member
$recID = makeSafe($_GET['recID']);
}
include "{$d}/incHeader.php";
if ($recID != '') {
// fetch record data to fill in the form below
$res = sql("select * from membership_userrecords where recID='{$recID}'");
if ($row = mysql_fetch_assoc($res)) {
// get record data
$tableName = $row['tableName'];
$pkValue = $row['pkValue'];
$memberID = strtolower($row['memberID']);
$dateAdded = date($adminConfig['PHPDateTimeFormat'], $row['dateAdded']);
$dateUpdated = date($adminConfig['PHPDateTimeFormat'], $row['dateUpdated']);
$groupID = $row['groupID'];
} else {
// no such record exists
function orders_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('orders');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
$filterer_CustomerID = thisOr(undo_magic_quotes($_REQUEST['filterer_CustomerID']), '');
$filterer_EmployeeID = thisOr(undo_magic_quotes($_REQUEST['filterer_EmployeeID']), '');
$filterer_ShipVia = thisOr(undo_magic_quotes($_REQUEST['filterer_ShipVia']), '');
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: CustomerID
$combo_CustomerID = new DataCombo();
// combobox: EmployeeID
$combo_EmployeeID = new DataCombo();
// combobox: OrderDate
$combo_OrderDate = new DateCombo();
$combo_OrderDate->DateFormat = "mdy";
$combo_OrderDate->MinYear = 1900;
$combo_OrderDate->MaxYear = 2100;
$combo_OrderDate->DefaultDate = parseMySQLDate('1', '1');
$combo_OrderDate->MonthNames = $Translation['month names'];
$combo_OrderDate->NamePrefix = 'OrderDate';
// combobox: RequiredDate
$combo_RequiredDate = new DateCombo();
$combo_RequiredDate->DateFormat = "mdy";
$combo_RequiredDate->MinYear = 1900;
$combo_RequiredDate->MaxYear = 2100;
$combo_RequiredDate->DefaultDate = parseMySQLDate('1', '1');
$combo_RequiredDate->MonthNames = $Translation['month names'];
$combo_RequiredDate->NamePrefix = 'RequiredDate';
// combobox: ShippedDate
$combo_ShippedDate = new DateCombo();
$combo_ShippedDate->DateFormat = "mdy";
$combo_ShippedDate->MinYear = 1900;
$combo_ShippedDate->MaxYear = 2100;
$combo_ShippedDate->DefaultDate = parseMySQLDate('', '');
$combo_ShippedDate->MonthNames = $Translation['month names'];
$combo_ShippedDate->NamePrefix = 'ShippedDate';
// combobox: ShipVia
$combo_ShipVia = new DataCombo();
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `orders` where `OrderID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_CustomerID->SelectedData = $row['CustomerID'];
$combo_EmployeeID->SelectedData = $row['EmployeeID'];
$combo_OrderDate->DefaultDate = $row['OrderDate'];
$combo_RequiredDate->DefaultDate = $row['RequiredDate'];
$combo_ShippedDate->DefaultDate = $row['ShippedDate'];
$combo_ShipVia->SelectedData = $row['ShipVia'];
} else {
$combo_CustomerID->SelectedData = $filterer_CustomerID;
$combo_EmployeeID->SelectedData = $filterer_EmployeeID;
$combo_ShipVia->SelectedData = $filterer_ShipVia;
}
$combo_CustomerID->HTML = '<span id="CustomerID-container' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_CustomerID->MatchText = '<span id="CustomerID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_EmployeeID->HTML = '<span id="EmployeeID-container' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_EmployeeID->MatchText = '<span id="EmployeeID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_ShipVia->HTML = '<span id="ShipVia-container' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
$combo_ShipVia->MatchText = '<span id="ShipVia-container-readonly' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
ob_start();
?>
<script>
// initial lookup values
var current_CustomerID__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['CustomerID'] : $filterer_CustomerID);
?>
"};
var current_EmployeeID__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['EmployeeID'] : $filterer_EmployeeID);
?>
"};
var current_ShipVia__RAND__ = { text: "", value: "<?php
echo addslashes($selected_id ? $urow['ShipVia'] : $filterer_ShipVia);
?>
"};
jQuery(function() {
if(typeof(CustomerID_reload__RAND__) == 'function') CustomerID_reload__RAND__();
if(typeof(EmployeeID_reload__RAND__) == 'function') EmployeeID_reload__RAND__();
if(typeof(ShipVia_reload__RAND__) == 'function') ShipVia_reload__RAND__();
});
function CustomerID_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#CustomerID-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="CustomerID"]').val(resp.results[0].id);
jQuery('[id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>');
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
},
width: ($j('fieldset .col-xs-11').width() - 99) + 'px',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'CustomerID' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_CustomerID__RAND__.value = e.added.id;
current_CustomerID__RAND__.text = e.added.text;
jQuery('[name="CustomerID"]').val(e.added.id);
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
if(!$j("#CustomerID-container__RAND__").length){
$j.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' }
}).done(function(resp){
$j('[name="CustomerID"]').val(resp.results[0].id);
$j('[id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>');
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
}
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' }
}).done(function(resp){
jQuery('[id=CustomerID-container__RAND__], [id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>');
if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__();
});
<?php
}
?>
}
function EmployeeID_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#EmployeeID-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="EmployeeID"]').val(resp.results[0].id);
jQuery('[id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>');
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
},
width: ($j('fieldset .col-xs-11').width() - 99) + 'px',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'EmployeeID' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_EmployeeID__RAND__.value = e.added.id;
current_EmployeeID__RAND__.text = e.added.text;
jQuery('[name="EmployeeID"]').val(e.added.id);
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
if(!$j("#EmployeeID-container__RAND__").length){
$j.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' }
}).done(function(resp){
$j('[name="EmployeeID"]').val(resp.results[0].id);
$j('[id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>');
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
}
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' }
}).done(function(resp){
jQuery('[id=EmployeeID-container__RAND__], [id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>');
if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__();
});
<?php
}
?>
}
function ShipVia_reload__RAND__(){
<?php
if (($AllowUpdate || $AllowInsert) && !$dvprint) {
?>
jQuery("#ShipVia-container__RAND__").select2({
/* initial default value */
initSelection: function(e, c){
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' }
}).done(function(resp){
c({
id: resp.results[0].id,
text: resp.results[0].text
});
jQuery('[name="ShipVia"]').val(resp.results[0].id);
jQuery('[id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>');
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
},
width: ($j('fieldset .col-xs-11').width() - 99) + 'px',
formatNoMatches: function(term){ return '<?php
echo addslashes($Translation['No matches found!']);
?>
'; },
minimumResultsForSearch: 10,
loadMorePadding: 200,
ajax: {
url: 'ajax_combo.php',
dataType: 'json',
cache: true,
data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'ShipVia' }; },
results: function(resp, page){ return resp; }
}
}).on('change', function(e){
current_ShipVia__RAND__.value = e.added.id;
current_ShipVia__RAND__.text = e.added.text;
jQuery('[name="ShipVia"]').val(e.added.id);
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
if(!$j("#ShipVia-container__RAND__").length){
$j.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' }
}).done(function(resp){
$j('[name="ShipVia"]').val(resp.results[0].id);
$j('[id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>');
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
}
<?php
} else {
?>
jQuery.ajax({
url: 'ajax_combo.php',
dataType: 'json',
data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' }
}).done(function(resp){
jQuery('[id=ShipVia-container__RAND__], [id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>');
if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__();
});
<?php
}
?>
}
</script>
<?php
$lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
ob_end_clean();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/orders_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/orders_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#CustomerID').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#CustomerID_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#EmployeeID').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#EmployeeID_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#OrderDate').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#OrderDateDay, #OrderDateMonth, #OrderDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#RequiredDate').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#RequiredDateDay, #RequiredDateMonth, #RequiredDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#ShippedDate').prop('readonly', true);\n";
$jsReadOnly .= "\tjQuery('#ShippedDateDay, #ShippedDateMonth, #ShippedDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#ShipVia').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n";
$jsReadOnly .= "\tjQuery('#ShipVia_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n";
$jsReadOnly .= "\tjQuery('#Freight').replaceWith('<div class=\"form-control-static\" id=\"Freight\">' + (jQuery('#Freight').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(CustomerID)%%>', $combo_CustomerID->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(CustomerID)%%>', $combo_CustomerID->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(CustomerID)%%>', urlencode($combo_CustomerID->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(EmployeeID)%%>', $combo_EmployeeID->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(EmployeeID)%%>', $combo_EmployeeID->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(EmployeeID)%%>', urlencode($combo_EmployeeID->MatchText), $templateCode);
$templateCode = str_replace('<%%COMBO(OrderDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_OrderDate->GetHTML(true) . '</div>' : $combo_OrderDate->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(OrderDate)%%>', $combo_OrderDate->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(RequiredDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_RequiredDate->GetHTML(true) . '</div>' : $combo_RequiredDate->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(RequiredDate)%%>', $combo_RequiredDate->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(ShippedDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_ShippedDate->GetHTML(true) . '</div>' : $combo_ShippedDate->GetHTML(), $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(ShippedDate)%%>', $combo_ShippedDate->GetHTML(true), $templateCode);
$templateCode = str_replace('<%%COMBO(ShipVia)%%>', $combo_ShipVia->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(ShipVia)%%>', $combo_ShipVia->MatchText, $templateCode);
$templateCode = str_replace('<%%URLCOMBOTEXT(ShipVia)%%>', urlencode($combo_ShipVia->MatchText), $templateCode);
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array('CustomerID' => array('customers', 'Customer'), 'EmployeeID' => array('employees', 'Employee'), 'ShipVia' => array('shippers', 'Ship Via'));
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(OrderID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(EmployeeID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(OrderDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(RequiredDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ShippedDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ShipVia)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Freight)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(OrderID)%%>', htmlspecialchars($row['OrderID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderID)%%>', urlencode($urow['OrderID']), $templateCode);
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', htmlspecialchars($row['CustomerID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode($urow['CustomerID']), $templateCode);
$templateCode = str_replace('<%%VALUE(EmployeeID)%%>', htmlspecialchars($row['EmployeeID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(EmployeeID)%%>', urlencode($urow['EmployeeID']), $templateCode);
$templateCode = str_replace('<%%VALUE(OrderDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['OrderDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['OrderDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode);
$templateCode = str_replace('<%%VALUE(RequiredDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['RequiredDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(RequiredDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['RequiredDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode);
$templateCode = str_replace('<%%VALUE(ShippedDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['ShippedDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShippedDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['ShippedDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode);
$templateCode = str_replace('<%%VALUE(ShipVia)%%>', htmlspecialchars($row['ShipVia'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShipVia)%%>', urlencode($urow['ShipVia']), $templateCode);
$templateCode = str_replace('<%%VALUE(Freight)%%>', htmlspecialchars($row['Freight'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Freight)%%>', urlencode($urow['Freight']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(OrderID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(EmployeeID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(EmployeeID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(OrderDate)%%>', '1', $templateCode);
$templateCode = str_replace('<%%URLVALUE(OrderDate)%%>', urlencode('1'), $templateCode);
$templateCode = str_replace('<%%VALUE(RequiredDate)%%>', '1', $templateCode);
$templateCode = str_replace('<%%URLVALUE(RequiredDate)%%>', urlencode('1'), $templateCode);
$templateCode = str_replace('<%%VALUE(ShippedDate)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShippedDate)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ShipVia)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ShipVia)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Freight)%%>', '0', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Freight)%%>', urlencode('0'), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "\tCustomerID_update_autofills{$rnd1} = function(){\n";
$templateCode .= "\t\tnew Ajax.Request(\n";
if ($dvprint) {
$templateCode .= "\t\t\t'orders_autofill.php?rnd1={$rnd1}&mfk=CustomerID&id='+encodeURIComponent('" . addslashes($row['CustomerID']) . "'),\n";
$templateCode .= "\t\t\t{encoding: 'iso-8859-1', method: 'get'}\n";
} else {
$templateCode .= "\t\t\t'orders_autofill.php?rnd1={$rnd1}&mfk=CustomerID&id=' + encodeURIComponent(current_CustomerID{$rnd1}.value),\n";
$templateCode .= "\t\t\t{encoding: 'iso-8859-1', method: 'get', onCreate: function(){ \$('CustomerID{$rnd1}').disable(); \$('CustomerIDLoading').innerHTML='<img src=loading.gif align=top>'; }, onComplete: function(){" . ($arrPerm[1] || ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) ? "\$('CustomerID{$rnd1}').enable(); " : "\$('CustomerID{$rnd1}').disable(); ") . "\$('CustomerIDLoading').innerHTML='';}}\n";
}
$templateCode .= "\t\t);\n";
$templateCode .= "\t};\n";
if (!$dvprint) {
$templateCode .= "\tif(\$('CustomerID_caption') != undefined) \$('CustomerID_caption').onchange=CustomerID_update_autofills{$rnd1};\n";
}
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: orders_dv
if (function_exists('orders_dv')) {
$args = array();
orders_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
$custom3 = makeSafe($_POST['custom3']);
$custom4 = makeSafe($_POST['custom4']);
$MySQLDateFormat = makeSafe($_POST['MySQLDateFormat']);
$PHPDateFormat = makeSafe($_POST['PHPDateFormat']);
$PHPDateTimeFormat = makeSafe($_POST['PHPDateTimeFormat']);
$groupsPerPage = intval($_POST['groupsPerPage']) ? intval($_POST['groupsPerPage']) : $adminConfig['groupsPerPage'];
$membersPerPage = intval($_POST['membersPerPage']) ? intval($_POST['membersPerPage']) : $adminConfig['membersPerPage'];
$recordsPerPage = intval($_POST['recordsPerPage']) ? intval($_POST['recordsPerPage']) : $adminConfig['recordsPerPage'];
$defaultSignUp = intval($_POST['visitorSignup']);
$anonymousGroup = makeSafe($_POST['anonymousGroup']);
$anonymousMember = makeSafe($_POST['anonymousMember']);
$senderEmail = isEmail($_POST['senderEmail']);
$senderName = makeSafe($_POST['senderName']);
$approvalMessage = makeSafe($_POST['approvalMessage']);
//$approvalMessage=str_replace(array("\r", "\n"), '\n', $approvalMessage);
$approvalSubject = makeSafe($_POST['approvalSubject']);
// save changes
if (!($fp = @fopen($conFile, "w"))) {
errorMsg("Couldn't create the file '{$conFile}'. Please make sure the directory is writeable (Try chmoding it to 755 or 777).");
include "{$d}/incFooter.php";
} else {
fwrite($fp, "<?php\n\t");
fwrite($fp, "\$adminConfig['adminUsername']='******';\n\t");
fwrite($fp, "\$adminConfig['adminPassword']='******';\n\t");
fwrite($fp, "\$adminConfig['notifyAdminNewMembers']={$notifyAdminNewMembers};\n\t");
fwrite($fp, "\$adminConfig['defaultSignUp']={$defaultSignUp};\n\t");
fwrite($fp, "\$adminConfig['anonymousGroup']='{$anonymousGroup}';\n\t");
fwrite($fp, "\$adminConfig['anonymousMember']='{$anonymousMember}';\n\t");
fwrite($fp, "\$adminConfig['groupsPerPage']={$groupsPerPage};\n\t");
fwrite($fp, "\$adminConfig['membersPerPage']={$membersPerPage};\n\t");
fwrite($fp, "\$adminConfig['recordsPerPage']={$recordsPerPage};\n\t");
<?php
$d = dirname(__FILE__);
require "{$d}/incCommon.php";
include "{$d}/incHeader.php";
// process search
if ($_GET['searchMembers'] != "") {
$searchSQL = makeSafe($_GET['searchMembers']);
$searchHTML = htmlspecialchars($_GET['searchMembers']);
$searchField = intval($_GET['searchField']);
$searchFieldName = array_search($searchField, array('m.memberID' => 1, 'g.name' => 2, 'm.email' => 3, 'm.custom1' => 4, 'm.custom2' => 5, 'm.custom3' => 6, 'm.custom4' => 7, 'm.comments' => 8));
if (!$searchFieldName) {
// = search all fields
$where = "where (m.memberID like '%{$searchSQL}%' or g.name like '%{$searchSQL}%' or m.email like '%{$searchSQL}%' or m.custom1 like '%{$searchSQL}%' or m.custom2 like '%{$searchSQL}%' or m.custom3 like '%{$searchSQL}%' or m.custom4 like '%{$searchSQL}%' or m.comments like '%{$searchSQL}%')";
} else {
// = search a specific field
$where = "where ({$searchFieldName} like '%{$searchSQL}%')";
}
} else {
$searchSQL = '';
$searchHTML = '';
$searchField = 0;
$searchFieldName = '';
$where = "";
}
// process groupID filter
$groupID = intval($_GET['groupID']);
if ($groupID) {
if ($where != '') {
$where .= " and (g.groupID='{$groupID}')";
} else {
$perm = getTablePermissions($table_name);
if (!$perm[0] && !$search_id) {
die('{ "error": "' . addslashes($Translation['tableAccessDenied']) . '" }');
}
$field = $lookups[$table_name][$field_name];
$wheres = array();
// search term provided?
if ($search_term) {
$wheres[] = "{$field['parent_caption']} like '%{$search_term}%'";
}
// any filterers specified?
if (is_array($field['filterers'])) {
foreach ($field['filterers'] as $filterer => $filterer_parent) {
$get = isset($_REQUEST["filterer_{$filterer}"]) ? $_REQUEST["filterer_{$filterer}"] : false;
if ($get) {
$wheres[] = "`{$field['parent_table']}`.`{$filterer_parent}`='" . makeSafe($get) . "'";
}
}
}
// inherit permissions?
if ($field['inherit_permissions']) {
$inherit = permissions_sql($field['parent_table']);
if ($inherit === false && !$search_id) {
die($Translation['tableAccessDenied']);
}
if ($inherit['where']) {
$wheres[] = $inherit['where'];
}
if ($inherit['from']) {
$field['parent_from'] .= ", {$inherit['from']}";
}
foreach ($table_captions as $tn => $tc) {
$eo['silentErrors'] = true;
$res = sql("show columns from `{$tn}`", $eo);
if ($res) {
while ($row = db_fetch_assoc($res)) {
if (!isset($schema[$tn][$row['Field']]['appgini'])) {
continue;
}
$field_description = strtoupper(str_replace(' ', '', $row['Type']));
$field_description = str_ireplace('unsigned', ' unsigned', $field_description);
$field_description = str_ireplace('zerofill', ' zerofill', $field_description);
$field_description = str_ireplace('binary', ' binary', $field_description);
$field_description .= $row['Null'] == 'NO' ? ' not null' : '';
$field_description .= $row['Key'] == 'PRI' ? ' primary key' : '';
$field_description .= $row['Key'] == 'UNI' ? ' unique' : '';
$field_description .= $row['Default'] != '' ? " default '" . makeSafe($row['Default']) . "'" : '';
$field_description .= $row['Extra'] == 'auto_increment' ? ' auto_increment' : '';
$schema[$tn][$row['Field']]['db'] = '';
if (isset($schema[$tn][$row['Field']])) {
$schema[$tn][$row['Field']]['db'] = $field_description;
}
}
}
}
?>
<?php
if ($field_added || $field_updated) {
?>
<div class="alert alert-info alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<?php
$currDir = dirname(__FILE__);
require "{$currDir}/incCommon.php";
// get groupID of anonymous group
$anonGroupID = sqlValue("select groupID from membership_groups where name='" . $adminConfig['anonymousGroup'] . "'");
// request to save changes?
if ($_POST['saveChanges'] != '') {
// validate data
$name = makeSafe($_POST['name']);
$description = makeSafe($_POST['description']);
switch ($_POST['visitorSignup']) {
case 0:
$allowSignup = 0;
$needsApproval = 1;
break;
case 2:
$allowSignup = 1;
$needsApproval = 0;
break;
default:
$allowSignup = 1;
$needsApproval = 1;
}
###############################
$customers_insert = checkPermissionVal('customers_insert');
$customers_view = checkPermissionVal('customers_view');
$customers_edit = checkPermissionVal('customers_edit');
$customers_delete = checkPermissionVal('customers_delete');
###############################
$employees_insert = checkPermissionVal('employees_insert');
$upQry = "UPDATE `membership_users` set memberID='{$memberID}', passMD5=" . ($password != '' ? "'" . md5($password) . "'" : "passMD5") . ", email='{$email}', groupID='{$groupID}', isBanned='{$isBanned}', isApproved='{$isApproved}', custom1='{$custom1}', custom2='{$custom2}', custom3='{$custom3}', custom4='{$custom4}', comments='{$comments}' WHERE lcase(memberID)='{$oldMemberID}'";
sql($upQry);
// if memberID was changed, update membership_userrecords
if ($oldMemberID != $memberID) {
sql("update membership_userrecords set memberID='{$memberID}' where lcase(memberID)='{$oldMemberID}'");
}
// is member was approved, notify him
if ($isApproved && !$oldIsApproved) {
notifyMemberApproval($memberID);
}
}
// redirect to member editing page
redirect("pageEditMember.php?memberID={$memberID}");
} elseif ($_GET['memberID'] != '') {
// we have an edit request for a member
$memberID = makeSafe(strtolower($_GET['memberID']));
} elseif ($_GET['groupID'] != '') {
$groupID = intval($_GET['groupID']);
$addend = " to '" . sqlValue("select name from membership_groups where groupID='{$groupID}'") . "'";
}
include "{$d}/incHeader.php";
if ($memberID != '') {
// fetch group data to fill in the form below
$res = sql("select * from membership_users where lcase(memberID)='{$memberID}'");
if ($row = mysql_fetch_assoc($res)) {
// get member data
$email = $row['email'];
$groupID = $row['groupID'];
$isApproved = $row['isApproved'];
$isBanned = $row['isBanned'];
$custom1 = htmlspecialchars($row['custom1']);
<?php
echo JText::_('NNEM_TITLE_DOWNGRADE');
?>
</span>
</span></span>
</div>
<div class="pro_installed data hide">
<span class="pro_no_access data hide">
<span class="btn btn-small btn-danger disabled hasPopover" data-trigger="hover" data-placement="right"
title="<?php
echo makeSafe('<span class="icon-warning"></span> ' . JText::_('NNEM_COMMENT'));
?>
"
data-content="<?php
echo makeSafe(JText::_('NNEM_COMMENT_NO_PRO'));
?>
">
<span class="icon-upload"></span> <?php
echo JText::_('NNEM_TITLE_UPDATE');
?>
</span>
</span>
</div>
<span class="hidden-tablet hidden-desktop nowrap">
<div class="clearfix"></div>
<span class="changelog data hide">
<a href="https://www.nonumber.nl/<?php
echo $item->id;
?>
#changelog" target="_blank">
if (function_exists('order_details_init')) {
$args = array();
$render = order_details_init($x, getMemberInfo(), $args);
}
if ($render) {
$x->Render();
}
// column sums
if (strpos($x->HTML, '<!-- tv data below -->')) {
// if printing multi-selection TV, calculate the sum only for the selected records
if (isset($_REQUEST['Print_x']) && is_array($_REQUEST['record_selector'])) {
$QueryWhere = '';
foreach ($_REQUEST['record_selector'] as $id) {
// get selected records
if ($id != '') {
$QueryWhere .= "'" . makeSafe($id) . "',";
}
}
if ($QueryWhere != '') {
$QueryWhere = 'where `order_details`.`odID` in (' . substr($QueryWhere, 0, -1) . ')';
} else {
// if no selected records, write the where clause to return an empty result
$QueryWhere = 'where 1=0';
}
} else {
$QueryWhere = $x->QueryWhere;
}
$sumQuery = "select sum(`order_details`.`Quantity`) from " . $x->QueryFrom . ' ' . $QueryWhere;
$res = sql($sumQuery, $eo);
if ($row = db_fetch_row($res)) {
$sumRow = "<tr class=\"success\">";
$groupID = $row['groupID'];
} else {
// no such record exists
die("<div class=\"status\">Error: Record not found!</div>");
}
}
// get pk field name
$pkField = getPKFieldName($tableName);
// get field list
if (!($res = sql("show fields from `{$tableName}`", $eo))) {
errorMsg("Couldn't retrieve field list from '{$tableName}'");
}
while ($row = db_fetch_assoc($res)) {
$field[] = $row['Field'];
}
$res = sql("select * from `{$tableName}` where `{$pkField}`='" . makeSafe($pkValue, false) . "'", $eo);
if ($row = db_fetch_assoc($res)) {
?>
<h2>Table: <?php
echo $tableName;
?>
</h2>
<table class="table table-striped">
<tr>
<td class="tdHeader"><div class="ColCaption">Field name</div></td>
<td class="tdHeader"><div class="ColCaption">Value</div></td>
</tr>
<?php
include "{$currDir}/../language.php";
foreach ($field as $fn) {
if (@is_file("{$currDir}/../" . $Translation['ImageFolder'] . $row[$fn])) {
include "{$currDir}/lib.php";
$adminConfig = config('adminConfig');
/* no access for guests */
$mi = getMemberInfo();
if (!$mi['username'] || $mi['group'] == $adminConfig['anonymousGroup']) {
@header('Location: index.php');
exit;
}
/* save profile */
if ($_POST['action'] == 'saveProfile') {
/* process inputs */
$email = isEmail($_POST['email']);
$custom1 = makeSafe($_POST['custom1']);
$custom2 = makeSafe($_POST['custom2']);
$custom3 = makeSafe($_POST['custom3']);
$custom4 = makeSafe($_POST['custom4']);
/* validate email */
if (!$email) {
echo "{$Translation['error:']} {$Translation['email invalid']}";
echo "<script>\$\$('label[for=\"email\"]')[0].pulsate({ pulses: 10, duration: 4 }); \$('email').activate();</script>";
exit;
}
/* update profile */
$updateDT = date($adminConfig['PHPDateTimeFormat']);
sql("UPDATE `membership_users` set email='{$email}', custom1='{$custom1}', custom2='{$custom2}', custom3='{$custom3}', custom4='{$custom4}', comments=CONCAT_WS('\\n', comments, 'member updated his profile on {$updateDT} from IP address {$mi[IP]}') WHERE memberID='{$mi['username']}'", $eo);
// hook: member_activity
if (function_exists('member_activity')) {
$args = array();
member_activity($mi, 'profile', $args);
}
exit;
function customers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('customers');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = $arrPerm[1] ? true : false;
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = $dvprint ? rand(1000000, 9999999) : '';
// combobox: Country
$combo_Country = new Combo();
$combo_Country->ListType = 0;
$combo_Country->MultipleSeparator = ', ';
$combo_Country->ListBoxHeight = 10;
$combo_Country->RadiosPerLine = 1;
if (is_file(dirname(__FILE__) . '/hooks/customers.Country.csv')) {
$Country_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/customers.Country.csv')));
$combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($Country_data)));
$combo_Country->ListData = $combo_Country->ListItem;
} else {
$combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Afghanistan;;Albania;;Algeria;;American Samoa;;Andorra;;Angola;;Anguilla;;Antarctica;;Antigua, Barbuda;;Argentina;;Armenia;;Aruba;;Australia;;Austria;;Azerbaijan;;Bahamas;;Bahrain;;Bangladesh;;Barbados;;Belarus;;Belgium;;Belize;;Benin;;Bermuda;;Bhutan;;Bolivia;;Bosnia, Herzegovina;;Botswana;;Bouvet Is.;;Brazil;;Brunei Darussalam;;Bulgaria;;Burkina Faso;;Burundi;;Cambodia;;Cameroon;;Canada;;Canary Is.;;Cape Verde;;Cayman Is.;;Central African Rep.;;Chad;;Channel Islands;;Chile;;China;;Christmas Is.;;Cocos Is.;;Colombia;;Comoros;;Congo, D.R. Of;;Congo;;Cook Is.;;Costa Rica;;Croatia;;Cuba;;Cyprus;;Czech Republic;;Denmark;;Djibouti;;Dominica;;Dominican Republic;;Ecuador;;Egypt;;El Salvador;;Equatorial Guinea;;Eritrea;;Estonia;;Ethiopia;;Falkland Is.;;Faroe Is.;;Fiji;;Finland;;France;;French Guiana;;French Polynesia;;French Territories;;Gabon;;Gambia;;Georgia;;Germany;;Ghana;;Gibraltar;;Greece;;Greenland;;Grenada;;Guadeloupe;;Guam;;Guatemala;;Guernsey;;Guinea-bissau;;Guinea;;Guyana;;Haiti;;Heard, Mcdonald Is.;;Honduras;;Hong Kong;;Hungary;;Iceland;;India;;Indonesia;;Iran;;Iraq;;Ireland;;Israel;;Italy;;Ivory Coast;;Jamaica;;Japan;;Jersey;;Jordan;;Kazakhstan;;Kenya;;Kiribati;;Korea, D.P.R Of;;Korea, Rep. Of;;Kuwait;;Kyrgyzstan;;Lao Peoples D.R.;;Latvia;;Lebanon;;Lesotho;;Liberia;;Libyan Arab Jamahiriya;;Liechtenstein;;Lithuania;;Luxembourg;;Macao;;Macedonia, F.Y.R Of;;Madagascar;;Malawi;;Malaysia;;Maldives;;Mali;;Malta;;Mariana Islands;;Marshall Islands;;Martinique;;Mauritania;;Mauritius;;Mayotte;;Mexico;;Micronesia;;Moldova;;Monaco;;Mongolia;;Montserrat;;Morocco;;Mozambique;;Myanmar;;Namibia;;Nauru;;Nepal;;Netherlands Antilles;;Netherlands;;New Caledonia;;New Zealand;;Nicaragua;;Niger;;Nigeria;;Niue;;Norfolk Island;;Norway;;Oman;;Pakistan;;Palau;;Palestinian Terr.;;Panama;;Papua New Guinea;;Paraguay;;Peru;;Philippines;;Pitcairn;;Poland;;Portugal;;Puerto Rico;;Qatar;;Reunion;;Romania;;Russian Federation;;Rwanda;;Samoa;;San Marino;;Sao Tome, Principe;;Saudi Arabia;;Senegal;;Seychelles;;Sierra Leone;;Singapore;;Slovakia;;Slovenia;;Solomon Is.;;Somalia;;South Africa;;South Georgia;;South Sandwich Is.;;Spain;;Sri Lanka;;St. Helena;;St. Kitts, Nevis;;St. Lucia;;St. Pierre, Miquelon;;St. Vincent, Grenadines;;Sudan;;Suriname;;Svalbard, Jan Mayen;;Swaziland;;Sweden;;Switzerland;;Syrian Arab Republic;;Taiwan;;Tajikistan;;Tanzania;;Thailand;;Timor-leste;;Togo;;Tokelau;;Tonga;;Trinidad, Tobago;;Tunisia;;Turkey;;Turkmenistan;;Turks, Caicoss;;Tuvalu;;Uganda;;Ukraine;;United Arab Emirates;;United Kingdom;;United States;;Uruguay;;Uzbekistan;;Vanuatu;;Vatican City;;Venezuela;;Viet Nam;;Virgin Is. British;;Virgin Is. U.S.;;Wallis, Futuna;;Western Sahara;;Yemen;;Yugoslavia;;Zambia;;Zimbabwe")));
$combo_Country->ListData = $combo_Country->ListItem;
}
$combo_Country->SelectName = 'Country';
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `customers` where `CustomerID`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found']);
}
$urow = $row;
/* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row);
/* sanitize data */
$combo_Country->SelectedData = $row['Country'];
} else {
$combo_Country->SelectedText = $_REQUEST['FilterField'][1] == '9' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
}
$combo_Country->Render();
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$templateCode = @file_get_contents('./templates/customers_templateDVP.html');
} else {
$templateCode = @file_get_contents('./templates/customers_templateDV.html');
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
// process buttons
if ($arrPerm[1] && !$selected_id) {
// allow insert and no record selected?
if (!$selected_id) {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
}
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
} else {
$backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) {
$templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
}
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
// allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) {
$jsReadOnly .= "\tjQuery('#CustomerID').replaceWith('<div class=\"form-control-static\" id=\"CustomerID\">' + (jQuery('#CustomerID').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#CompanyName').replaceWith('<div class=\"form-control-static\" id=\"CompanyName\">' + (jQuery('#CompanyName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ContactName').replaceWith('<div class=\"form-control-static\" id=\"ContactName\">' + (jQuery('#ContactName').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#ContactTitle').replaceWith('<div class=\"form-control-static\" id=\"ContactTitle\">' + (jQuery('#ContactTitle').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Address').replaceWith('<div class=\"form-control-static\" id=\"Address\">' + (jQuery('#Address').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#City').replaceWith('<div class=\"form-control-static\" id=\"City\">' + (jQuery('#City').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Region').replaceWith('<div class=\"form-control-static\" id=\"Region\">' + (jQuery('#Region').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#PostalCode').replaceWith('<div class=\"form-control-static\" id=\"PostalCode\">' + (jQuery('#PostalCode').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Country').replaceWith('<div class=\"form-control-static\" id=\"Country\">' + (jQuery('#Country').val() || '') + '</div>'); jQuery('#Country-multi-selection-help').hide();\n";
$jsReadOnly .= "\tjQuery('#Phone').replaceWith('<div class=\"form-control-static\" id=\"Phone\">' + (jQuery('#Phone').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('#Fax').replaceWith('<div class=\"form-control-static\" id=\"Fax\">' + (jQuery('#Fax').val() || '') + '</div>');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);";
// temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);";
// re-enable form change handler
}
// process combos
$templateCode = str_replace('<%%COMBO(Country)%%>', $combo_Country->HTML, $templateCode);
$templateCode = str_replace('<%%COMBOTEXT(Country)%%>', $combo_Country->SelectedData, $templateCode);
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(CompanyName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ContactName)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(ContactTitle)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Address)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Region)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(PostalCode)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Country)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(Fax)%%>', '', $templateCode);
// process values
if ($selected_id) {
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', htmlspecialchars($row['CustomerID'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode($urow['CustomerID']), $templateCode);
$templateCode = str_replace('<%%VALUE(CompanyName)%%>', htmlspecialchars($row['CompanyName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode($urow['CompanyName']), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactName)%%>', htmlspecialchars($row['ContactName'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode($urow['ContactName']), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactTitle)%%>', htmlspecialchars($row['ContactTitle'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode($urow['ContactTitle']), $templateCode);
if ($dvprint) {
$templateCode = str_replace('<%%VALUE(Address)%%>', nl2br(htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1')), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(Address)%%>', htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
}
$templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode($urow['Address']), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', htmlspecialchars($row['City'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode($urow['City']), $templateCode);
$templateCode = str_replace('<%%VALUE(Region)%%>', htmlspecialchars($row['Region'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode($urow['Region']), $templateCode);
$templateCode = str_replace('<%%VALUE(PostalCode)%%>', htmlspecialchars($row['PostalCode'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode($urow['PostalCode']), $templateCode);
$templateCode = str_replace('<%%VALUE(Country)%%>', htmlspecialchars($row['Country'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode($urow['Country']), $templateCode);
$templateCode = str_replace('<%%VALUE(Phone)%%>', htmlspecialchars($row['Phone'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode($urow['Phone']), $templateCode);
$templateCode = str_replace('<%%VALUE(Fax)%%>', htmlspecialchars($row['Fax'], ENT_QUOTES, 'iso-8859-1'), $templateCode);
$templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode($urow['Fax']), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(CustomerID)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(CompanyName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactName)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(ContactTitle)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Address)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(City)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Region)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(PostalCode)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Country)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Phone)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(Fax)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode(''), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '<!-- ', $templateCode);
$templateCode = str_replace('%%>', ' -->', $templateCode);
// hide links to inaccessible tables
if ($_POST['dvprint_x'] == '') {
$templateCode .= "\n\n<script>\$j(function(){\n";
$arrTables = getTableList();
foreach ($arrTables as $name => $caption) {
$templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n";
$templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n";
}
$templateCode .= $jsReadOnly;
$templateCode .= $jsEditable;
if (!$selected_id) {
}
$templateCode .= "\n});</script>\n";
}
// ajaxed auto-fill fields
$templateCode .= '<script>';
$templateCode .= '$j(function() {';
$templateCode .= "});";
$templateCode .= "</script>";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode);
// hook: customers_dv
if (function_exists('customers_dv')) {
$args = array();
customers_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}
?>
<div class="alert alert-danger">
<?php
echo $Translation['password reset invalid'];
?>
</div>
<?php
}
include_once "{$currDir}/footer.php";
exit;
}
#_______________________________________________________________________________
# Step 2: Send email to member containing the reset link
#_______________________________________________________________________________
if ($_POST['reset']) {
$username = makeSafe(strtolower(trim($_POST['username'])));
$email = isEmail(trim($_POST['email']));
if (!$username && !$email || $username == $adminConfig['adminUsername']) {
redirect("membership_passwordReset.php?emptyData=1");
exit;
}
?>
<div class="page-header"><h1><?php
echo $Translation['password reset'];
?>
</h1></div><?php
$where = '';
if ($username) {
$where = "lcase(memberID)='{$username}'";
} elseif ($email) {
$where = "email='{$email}'";
