$entitlement = user_holiday_entitlement($user);
$holiday_resetdate = user_holiday_resetdate($user);
$holidaystaken = user_count_holidays($user, HOL_HOLIDAY, $holiday_resetdate);
if ($entitlement - $holidaystaken <= 0) {
echo user_alert($strNoHolidayEntitlement, E_USER_WARNING);
}
}
// swap dates around if end is before start
if ($start > $end) {
$newend = $start;
$start = $end;
$end = $newend;
unset($newend);
}
if ($type == HOL_SICKNESS and $start > $now) {
echo user_alert($strSicknessOnlyBookedNowOrPast, E_USER_ERROR);
}
echo "<p align='center'><strong>{$strSelectDays}</strong></p>";
echo "<table align='center' width='550' class='vertical'>";
echo "<tr><th>{$strStartDate}</th><td>" . ldate($CONFIG['dateformat_date'], $start) . "</td></tr>";
echo "<tr><th>{$strEndDate}</th><td>" . ldate($CONFIG['dateformat_date'], $end) . "</td></tr>";
echo "</table><br />";
echo "<form name='date' action='{$_SERVER['PHP_SELF']}' method='post'>";
echo "<input type='hidden' name='user' value='{$user}' />";
echo "<input type='hidden' name='type' value='{$type}' />";
echo "<table align='center' width='550'>";
echo "<tr><th>{$strDate}</th><th>{$strNone}</th><th>{$strDay}</th><th>{$strAM}</th><th>{$strPM}</th></tr>\n";
$daynumber = 1;
$options = 0;
// if ($end==$start)
$end += 86400;
echo "</table>\n";
$totalincidents = contact_count_incidents($id);
if ($totalincidents > 0) {
echo user_alert(sprintf($strThereAreXIncidentsAssignedToThisContact, $totalincidents), E_USER_WARNING);
}
$sql = "SELECT sc.maintenanceid AS maintenanceid, m.product, p.name AS productname, ";
$sql .= "m.expirydate, m.term ";
$sql .= "FROM `{$dbSupportContacts}` AS sc, `{$dbMaintenance}` AS m, `{$dbProducts}` AS p ";
$sql .= "WHERE sc.maintenanceid = m.id AND m.product = p.id AND sc.contactid = '{$id}' ";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
$totalcontracts = mysql_num_rows($result);
if ($totalcontracts > 0) {
echo user_alert(sprintf($strThereAreXcontractsAssignedToThisPerson, $totalcontracts), E_USER_WARNING);
}
if ($totalincidents > 0 || $totalcontracts > 0) {
echo "<form action='{$_SERVER['PHP_SELF']}' onsubmit=\"return confirm_action('{$strAreYouSureDelete}')\" method='post'>\n";
echo "<p align='center'>{$strBeforeDeleteContact}</p>";
$sql = "SELECT id, forenames, surname, siteid FROM `{$dbContacts}` ORDER BY surname ASC";
$result = mysql_query($sql);
echo "<p align='center'>";
echo "<select name='newcontact'>";
if ($id == 0) {
echo "<option selected='selected' value='0'>Select A Contact\n";
}
while ($contacts = mysql_fetch_array($result)) {
$site = '';
if ($contacts['siteid'] != '' && $contacts['siteid'] != 0) {
$site = " of " . site_name($contacts['siteid']);
$versionresult = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
list($dbversion) = mysql_fetch_row($versionresult);
if ($dbversion < $application_version) {
echo "<p class='error'><strong>IMPORTANT</strong> The SiT database schema needs to be updated";
if (user_permission($sit[2], 22)) {
echo " from v{$dbversion} to v{$application_version}</p>";
echo "<p class='tip'>Visit <a href='setup.php'>Setup</a> to update the schema";
}
echo "</p>";
}
// Check users email address
if (empty($_SESSION['email'])) {
echo user_alert("{$strInvalidEmailAddress} - <a href='user_profile_edit.php'>{$strEditEmail}</a>", E_USER_ERROR);
}
//display (trigger) notices
$noticesql = "SELECT * FROM `{$GLOBALS['dbNotices']}` ";
// Don't show more than 20 notices, saftey cap
$noticesql .= "WHERE userid={$sit[2]} ORDER BY timestamp DESC LIMIT 20";
$noticeresult = mysql_query($noticesql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($noticeresult) > 0) {
echo "<div id='noticearea'>\n";
$keys = array_keys($_GET);
foreach ($keys as $key) {
if ($key != 'noticeid') {
$url .= "&{$key}=" . $_GET[$key];
echo "'>{$strShowAll}</a>";
$inactivestring = "displayinactive=false";
}
echo "</td></tr><tr><td valign='middle'>";
echo "<a href='contact_add.php'>{$strAdd}</a> | ";
echo alpha_index("{$_SERVER['PHP_SELF']}?search_string=");
echo "<a href='{$_SERVER['PHP_SELF']}?search_string=*&{$inactivestring}'>{$strAll}</a>";
echo "</td></tr></table>";
if (empty($search_string)) {
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSearch}'"), E_USER_ERROR);
} else {
// perform search
// check input
if ($search_string == '') {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSearch}'"), E_USER_ERROR);
}
// search for criteria
if ($errors == 0) {
if ($submit_value != 'go') {
// Don't need to do this again, already done above, us the results of that
// build SQL
$sql = "SELECT c.* FROM `{$dbContacts}` AS c, `{$dbSites}` AS s ";
$sql .= "WHERE c.siteid = s.id ";
$search_string_len = strlen(utf8_decode($search_string));
if ($search_string != '*') {
$sql .= " AND (";
if ($search_string_len <= 6) {
$sql .= "c.id=('{$search_string}') OR ";
}
if ($search_string_len <= 2) {
$owner = cleanvar($_POST['owner']);
$_SESSION['formdata']['add_site'] = $_REQUEST;
include APPLICATION_INCPATH . 'htmlheader.inc.php';
$errors = 0;
// check for blank name
if ($name == '') {
$errors++;
$_SESSION['formerrors']['add_site']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSiteName}'"), E_USER_ERROR);
}
if ($address1 == '') {
$errors++;
$_SESSION['formerrors']['add_site']['address1'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strAddress1}'"), E_USER_ERROR);
}
if ($email == '') {
$errors++;
$_SESSION['formerrors']['add_site']['email'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR);
}
// add site if no errors
if ($errors == 0) {
if ($owner == '') {
$owner = 0;
}
$sql = "INSERT INTO `{$dbSites}` (name, department, address1, address2, city, county, country, postcode, telephone, fax, email, websiteurl, notes, typeid, owner) ";
$sql .= "VALUES ('{$name}', '{$department}' ,'{$address1}', '{$address2}', '{$city}', '{$county}', '{$country}', '{$postcode}', ";
$sql .= "'{$telephone}', '{$fax}', '{$email}', '{$websiteurl}', '{$notes}', '{$typeid}','{$owner}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$id = mysql_insert_id();
// show error message if addition failed
$lifetime_start = date('Y-m-d', strtotime($_REQUEST['lifetime_start']));
} else {
$lifetime_start = '';
}
if (!empty($_REQUEST['lifetime_end'])) {
$lifetime_end = date('Y-m-d', strtotime($_REQUEST['lifetime_end']));
} else {
$lifetime_end = '';
}
$_SESSION['formdata']['add_software'] = $_REQUEST;
// Add new
$errors = 0;
// check for blank name
if ($name == '') {
$errors++;
$_SESSION['formerrors']['add_software']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR);
}
// Check this is not a duplicate
$sql = "SELECT id FROM `{$dbSoftware}` WHERE LCASE(name)=LCASE('{$name}') LIMIT 1";
$result = mysql_query($sql);
if (mysql_num_rows($result) >= 1) {
$errors++;
$_SESSION['formerrors']['add_software']['duplicate'] .= $strARecordAlreadyExistsWithTheSameName;
}
// add product if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbSoftware}` (name, vendorid, lifetime_start, lifetime_end) VALUES ('{$name}','{$vendor}','{$lifetime_start}','{$lifetime_end}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$page = str_replace('..', '', $page);
$page = strip_tags($page);
$page = htmlentities($page, ENT_COMPAT, $GLOBALS['i18ncharset']);
// Invalid user, show log in form
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<p class='error'>If you are not a developer, please under no circumstances run this version of SiT!, it is now destined for 4.0, at best it will be barely be useable, at worst it might injure you.</p>";
if ($id == 1) {
echo "<p class='error'>";
echo sprintf($strEnterCredentials, $CONFIG['application_shortname']);
echo "</p><br />";
}
if ($id == 2) {
echo user_alert($strSessionExpired, E_USER_ERROR);
}
if ($id == 3) {
echo user_alert($strInvalidCredentials, E_USER_ERROR);
}
// Language selector
if (!empty($CONFIG['available_i18n'])) {
$available_languages = i18n_code_to_name($CONFIG['available_i18n']);
} else {
$available_languages = available_languages();
}
if (count($available_languages) == 1 and array_key_exists($CONFIG['default_i18n'], $available_languages)) {
echo "<!-- Language: {$CONFIG['default_i18n']} -->";
} else {
$available_languages = array_merge(array('default' => $strDefault), $available_languages);
echo "<div style='margin-left: auto; margin-right: auto; width: 380px;";
echo " text-align: center; margin-top: 3em;'>";
echo "<form id='langselectform' action='login.php' method='post'>";
echo icon('language', 16, $strLanguage) . " <label for='lang'>";
echo "<dd>{$ttvar['description']}";
}
if (!empty($ttvar[0]['description'])) {
echo "<dd>{$ttvar[0]['description']}";
}
echo "<br />";
}
}
echo "</dl>";
plugin_do('emailtemplate_list');
echo "</table>\n";
echo "</div>";
echo "<p style='clear:both; margin-top: 2em;' align='center'><a href='{$_SERVER['PHP_SELF']}'>{$strBackToList}</a></p>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmailTemplate}'"), E_USER_ERROR);
}
} elseif ($action == "delete") {
if (empty($id) or is_numeric($id) == FALSE) {
// id must be filled and be a number
header("Location: {$_SERVER['PHP_SELF']}?action=showform");
exit;
}
// We only allow user templates to be deleted
$sql = "DELETE FROM `{$dbEmailTemplates}` WHERE id='{$id}' AND type='user' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
header("Location: {$_SERVER['PHP_SELF']}?action=showform");
exit;
$class = "shade1";
} else {
$class = "shade2";
}
flush();
$softarr[] = $software->id;
}
$softlist = implode(',', $softarr);
echo "</table>\n";
echo "<input type='hidden' name='user' value='{$user}' />";
echo "<input type='hidden' name='softlist' value='{$softlist}' />";
echo "<input type='hidden' name='save' value='vqvbgf' />";
echo "<p align='center'><input type='submit' value='{$strSave}' /></p>";
echo "</form>";
} else {
echo user_alert($strNoSkillsDefined, E_USER_WARNING);
}
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
// External variables
$softlist = explode(',', $_REQUEST['softlist']);
$backup = $_REQUEST['backup'];
$user = cleanvar($_REQUEST['user']);
foreach ($backup as $key => $backupid) {
if ($backupid > 0) {
$sql = "UPDATE `{$dbUserSoftware}` SET backupid='{$backupid}' WHERE userid='{$user}' AND softwareid='{$softlist[$key]}' LIMIT 1 ";
}
// echo "{$softlist[$key]} -- $key -- $value<br />";
//echo "$sql <br />";
mysql_query($sql);
if (mysql_error()) {
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
if ($target != 'none') {
// Reset the slaemail sent column, so that email reminders can be sent if the new sla target goes out
$sql = "UPDATE `{$dbIncidents}` SET slaemail='0', slanotice='0' WHERE id='{$id}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
if (!$result) {
include 'inc/incident_html_top.inc.php';
echo user_alert($strUpdateIncidentFailed, E_USER_WARNING);
include 'inc/incident_html_bottom.inc.php';
} else {
if ($draftid != -1 and !empty($draftid)) {
$sql = "DELETE FROM `{$dbDrafts}` WHERE id = {$draftid}";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
journal(CFG_LOGGING_MAX, 'Incident Updated', "Incident {$id} Updated", CFG_JOURNAL_SUPPORT, $id);
html_redirect("incident_details.php?id={$id}");
}
}
}
}
$sql = "SELECT up.userid AS userid, username, realname ";
$sql .= "FROM `{$dbUserPermissions}` AS up, `{$dbUsers}` AS u ";
$sql .= "WHERE up.userid = u.id ";
$sql .= "AND permissionid = '{$permid}' AND granted = 'true' AND u.status > 0";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($result) >= 1) {
echo "<table align='center'>";
echo "<tr><th>{$strUser}</th></tr>";
$shade = 'shade1';
while ($user = mysql_fetch_object($result)) {
echo "<tr class='{$shade}'><td>✔ <a href='{$_SERVER['PHP_SELF']}?action=edit&userid={$user->userid}#perm{$perm}'>{$user->realname}</a> ({$user->username})</td></tr>\n";
if ($shade == 'shade1') {
$shade = 'shade2';
} else {
$shade = 'shade1';
}
}
echo "</table>";
} else {
echo "<p align='center'>{$strNone}</p>";
}
} else {
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strPermission}'"), E_USER_ERROR);
}
} else {
echo user_alert("{$strNoChangesToMake}", E_USER_WARNING);
}
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
// NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0
$sql = "UPDATE `{$dbMaintenance}` SET reseller={$reseller}, expirydate='{$expirydate}', licence_quantity='{$licence_quantity}', ";
$sql .= "licence_type={$licence_type}, notes='{$notes}', admincontact={$admincontact}, term='{$terminated}', servicelevelid='{$servicelevelid}', ";
$sql .= "incident_quantity='{$incident_quantity}', ";
$sql .= "incidentpoolid='{$incidentpoolid}', productonly='{$productonly}', ";
$sql .= "supportedcontacts='{$amount}', allcontactssupported='{$allcontacts}'";
if (!empty($product) and user_permission($sit[2], 22)) {
$sql .= ", product='{$product}'";
}
$sql .= " WHERE id='{$maintid}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// show error message if addition failed
if (!$result) {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo user_alert("Update failed", E_USER_WARNING);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
journal(CFG_LOGGING_NORMAL, 'Contract Edited', "contract {$maintid} modified", CFG_JOURNAL_MAINTENANCE, $maintid);
html_redirect("contract_details.php?id={$maintid}");
}
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo $errors_string;
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
}
}
}
}
if ($numresults > 0) {
$average = number_format($cumul / $numresults, 2);
}
$percent = number_format(($average - 1) * (100 / ($CONFIG['feedback_max_score'] - 1)), 0);
if ($percent < 0) {
$percent = 0;
}
$totalresult += $average;
$html .= "{$average} <strong>({$percent}%)</strong><br />";
}
$total_average = number_format($totalresult / $numquestions, 2);
$total_percent = number_format(($total_average - 1) * (100 / ($CONFIG['feedback_max_score'] - 1)), 0);
if ($total_percent < 0) {
$total_percent = 0;
}
$html .= "<p>{$strPositivity}: {$total_average} <strong>({$total_percent}%)</strong> " . sprintf($strAfterXSurveys, $numresults) . "</p>";
$surveys += $numresults;
$html .= "<hr />\n";
//if ($total_average>0)
echo $html;
echo "\n\n\n<!-- {$surveys} -->\n\n\n";
} else {
echo user_alert($strNoFeedbackFound, E_USER_WARNING);
}
}
} else {
echo user_alert($strFoundNoUsersToReport, E_USER_WARNING);
}
echo "</div>\n";
echo "</table>";
echo "<p align='center'><input name='submit' type='submit' value='{$strContinue}' /></p>";
echo "</form>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} elseif ($action == "delete") {
// Delete the chosen support contact
$errors = 0;
// check for blank contact
if ($contactid == 0) {
$errors = 1;
$errors_string .= user_alert("{$strYouMustSelectAsupportContact}", E_USER_ERROR);
}
// check for blank maintenance id
if ($maintid == 0) {
$errors = 1;
$errors_string .= user_alert("{$strYouMustSelectAmaintenanceContract}", E_USER_ERROR);
}
// delete maintenance support contact if no errors
if ($errors == 0) {
$sql = "DELETE FROM `{$dbSupportContacts}` WHERE maintenanceid='{$maintid}' AND contactid='{$contactid}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
// show error message if deletion failed
if (!$result) {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
trigger_error("Deletion of maintenance support conact failed: {$sql}", E_USER_WARNING);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
journal(CFG_LOGGING_NORMAL, 'Supported Contact Removed', "Contact {$contactid} removed from maintenance contract {$maintid}", CFG_JOURNAL_MAINTENANCED, $maintid);
// echo show_links('tasks', $task->id, 0, '', 'rl');
//
// echo "</div>";
//
// echo show_create_links('tasks', $task->id);
//
echo "</div>";
// Notes
echo "<div style='width: 48%; float: right; border: 1px solid #CCCCFF;'>";
echo add_note_form(NOTE_TASK, $taskid);
echo show_notes(NOTE_TASK, $taskid);
echo "</div>";
} elseif ($mode == 'incident') {
echo "<div style='width: 48%; margin-left: auto; margin-right: auto;border: 1px solid #CCCCFF;'>";
echo add_note_form(NOTE_TASK, $taskid);
echo show_notes(NOTE_TASK, $taskid, FALSE);
echo "</div>";
}
} else {
echo user_alert($strNoMatchingTask, E_USER_WARNING);
}
if ($mode != 'incident') {
echo "</div>";
}
echo "<div style='clear:both; padding-top: 20px;'>";
if ($mode != 'incident') {
echo "<p align='center'><a href='tasks.php'>{$strTaskList}</a></p>";
} else {
echo "<p align='center'><a href=task_edit.php?id={$taskid}&action=markcomplete&incident={$incidentid}>{$strMarkComplete}</a> | <a href='tasks.php?incident={$id}'>{$strActivityList}</a></p>";
}
echo "</div>";
$_SESSION['formerrors']['portaladdincident'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strIncidentTitle}'"), E_USER_ERROR);
$errors = 1;
}
if (empty($probdesc)) {
$_SESSION['formerrors']['portaladdincident'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProblemDescription}'"), E_USER_ERROR);
$errors = 1;
}
foreach ($_POST as $key => $value) {
if (substr($key, 0, 5) == 'pinfo' and empty($value)) {
$id = intval(str_replace("pinfo", "", $key));
$sql = "SELECT information FROM `{$dbProductInfo}` ";
$sql .= "WHERE id='{$id}' ";
$result = mysql_query($sql);
$fieldobj = mysql_fetch_object($result);
$field = $fieldobj->information;
$_SESSION['formerrors']['portaladdincident'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$field}'"), E_USER_ERROR);
// i18n fieldname
$errors = 1;
}
}
if ($errors == 0) {
$updatetext = sprintf($SYSLANG['strOpenedViaThePortalByX'], "[b]" . contact_realname($contactid) . "[/b]");
$updatetext .= "\n\n";
if (!empty($probdesc)) {
$updatetext .= "[b]{$SYSLANG['strProblemDescription']}[/b]\n{$probdesc}\n\n";
}
if ($CONFIG['portal_creates_incidents']) {
$incidentid = create_incident($incidenttitle, $contactid, $servicelevel, $contractid, $productid, $software);
$_SESSION['incidentid'] = $incidentid;
// Save productinfo if there is some
$sql = "SELECT * FROM `{$dbProductInfo}` WHERE productid='{$productid}'";
function region_move_money($method_name, $params, $app_data)
{
global $economy_sink_account;
$req = $params[0];
$agentid = $req['agentId'];
$sessionid = $req['secureSessionId'];
$regionid = $req['regionId'];
$secret = $req['secret'];
$currencySecret = $req['currencySecret'];
$destid = $req['destId'];
$cash = $req['cash'];
$aggregatePermInventory = $req['aggregatePermInventory'];
$aggregatePermNextOwner = $req['aggregatePermNextOwner'];
$flags = $req['flags'];
$transactiontype = $req['transactionType'];
$description = $req['description'];
$ipAddress = $_SERVER['REMOTE_ADDR'];
#
# Validate region secret
#
$db = new DB();
$sql = "select UUID from " . C_REGIONS_TBL . " " . "where UUID='" . $db->escape($regionid) . "' and " . "regionSecret='" . $db->escape($secret) . "'";
$db->query($sql);
list($region_id) = $db->next_record();
if ($region_id) {
# We have a region, check agent session
$sql = "select UUID from " . C_AGENTS_TBL . " " . "where UUID='" . $db->escape($agentid) . "' and " . "secureSessionID='" . $db->escape($sessionid) . "' and " . "agentOnline=1 and " . "currentRegion='" . $db->escape($regionid) . "'";
$db->query($sql);
list($user_id) = $db->next_record();
if ($user_id) {
if (get_balance($agentid) < $cash) {
$response_xml = xmlrpc_encode(array('success' => False, 'errorMessage' => "You do not have sufficient funds for this purchase", 'errorURI' => " "));
} else {
if ($destid == "00000000-0000-0000-0000-000000000000") {
$destid = $economy_sink_account;
}
if ($transactiontype == 1002) {
user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid L\$ " . $cash . " to create a group");
$description = "Group creation fee";
} else {
if ($transactiontype == 1101) {
user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid L\$ " . $cash . " to upload.");
$description = "Upload Charge";
} else {
if ($transactiontype == 3000) {
$description = "Give Inventory";
} else {
if ($transactiontype == 5001) {
$destName = agent_name($destid);
$sourceName = agent_name($agentid);
user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash);
user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash);
$description = "Gift";
} else {
if ($transactiontype == 5002) {
if ($destid == $economy_sink_account) {
user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid L\$ " . $cash . " for a parcel of land.");
} else {
$destName = agent_name($destid);
$sourceName = agent_name($agentid);
user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash . " for a parcel of land.");
user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash . " for a parcel of land");
}
$description = "Land Sale";
} else {
if ($transactiontype == 5008) {
$destName = agent_name($destid);
$sourceName = agent_name($agentid);
user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash);
user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash);
} else {
if ($transactiontype == 2) {
$destName = agent_name($destid);
$sourceName = agent_name($agentid);
user_alert($agentid, "00000000-0000-0000-0000-000000000000", "You paid " . $destName . " L\$" . $cash);
user_alert($destid, "00000000-0000-0000-0000-000000000000", $sourceName . " paid you L\$" . $cash);
}
}
}
}
}
}
}
move_money($agentid, $destid, $cash, $aggregatePermInventory, $aggregatePermNextOwner, $flags, $transactiontype, $description, $regionid, $ipAddress);
$response_xml = xmlrpc_encode(array('success' => True, 'agentId' => $agentid, 'funds' => get_balance($agentid), 'funds2' => get_balance($destid), 'currencySecret' => " "));
}
} else {
$response_xml = xmlrpc_encode(array('success' => False, 'errorMessage' => "Unable to authenticate avatar. Money operations may be unavailable", 'errorURI' => " "));
}
} else {
$response_xml = xmlrpc_encode(array('success' => False, 'errorMessage' => "This region is not authorized to manage your money. Money operations may be unavailable", 'errorURI' => " "));
}
header("Content-type: text/xml");
print $response_xml;
$stri = update_simulator_balance($agentid);
$stri = update_simulator_balance($destid);
return "";
}
}
echo "<table align='center'>";
if (mysql_num_rows($result) > 0) {
echo "<tr><th>{$strID}</th><th>{$strTitle}</th><th>{$strOpened}</th><th>{$strClosed}</th><th>{$strOwner}</th><th>{$strCustomer}</th><th>{$strSite}</th></tr>";
while ($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><a href=\"javascript:incident_details_window('{$row['id']}','incident{$row['id']}')\" class='info'>{$row['id']}</a></td>";
echo "<td><a href=\"javascript:incident_details_window('{$row['id']}','incident{$row['id']}')\" class='info'>{$row['title']}</a></td>";
echo "<td>" . date($CONFIG['dateformat_datetime'], $row['opened']) . "</td>";
if ($row['status'] != 2) {
echo "<td>{$strCurrentlyOpen}</td>";
} else {
echo "<td>" . date($CONFIG['dateformat_datetime'], $row['closed']) . "</td>";
}
echo "<td>" . user_realname($row['owner']) . "</td>";
$sql = "SELECT c.forenames, c.surname, s.name ";
$sql .= "FROM `{$dbContacts}` AS c, `{$dbSites}` AS s ";
$sql .= "WHERE s.id = c.siteid AND c.id = {$row['contact']}";
$contactResult = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
$contact = mysql_fetch_array($contactResult);
echo "<td>{$contact['forenames']} {$contact['surname']}</td>";
echo "<td>{$contact['name']}</td>";
echo "</tr>\n";
}
echo "</table>\n";
} else {
echo user_alert($strNoRecords, E_USER_WARNING);
}
}
if (mysql_num_rows($result) > 0) {
$errors = 1;
$errors_string .= user_alert("A contact can only be listed once per support contract", E_USER_ERROR);
}
// add maintenance support contact if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbSupportContacts}` (maintenanceid, contactid) VALUES ({$maintid}, {$contactid})";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
// show error message if addition failed
if (!$result) {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo user_alert("Addition of support contact failed", E_USER_WARNING);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
if ($context == 'contact') {
html_redirect("contact_details.php?id={$contactid}");
} else {
html_redirect("contract_details.php?id={$maintid}");
}
}
} else {
// show error message if errors
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo $errors_string;
echo "<p align='center'><a href='contract_details.php?id={$maintid}'>Return</a></p>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
$additional = cleanvar($_POST['additional']);
$references = cleanvar($_POST['references']);
$wait = cleanvar($_POST['wait']);
$send_email = cleanvar($_POST['send_email']);
$send_engineer_email = cleanvar($_POST['send_engineer_email']);
// Close the incident
$errors = 0;
echo "<script src='{$CONFIG['application_webpath']}scripts/webtrack.js' type='text/javascript'></script>\n";
// check for blank closing status field
if ($closingstatus == 0) {
$errors = 1;
$error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strClosingStatus}'"), E_USER_ERROR);
}
if ($_REQUEST['summary'] == '' && $_REQUEST['solution'] == '') {
$errors = 1;
$error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSummary}' / '{$strSolution}'"), E_USER_ERROR);
}
plugin_do('pre_incident_closing');
if ($errors == 0) {
$addition_errors = 0;
// update incident
if ($wait == 'yes') {
// mark incident as awaiting closure
$sql = "SELECT params FROM `{$dbScheduler}` WHERE action = 'CloseIncidents' LIMIT 1";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
$closure_delay = 554400;
} else {
list($closure_delay) = mysql_fetch_row($result);
}
$site = cleanvar($_POST['site']);
$tags = cleanvar($_POST['tags']);
$active = cleanvar($_POST['active']);
// Edit site, update the database
$errors = 0;
if ($name == '') {
$errors = 1;
$errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR);
}
if ($email == '') {
$errors = 1;
$errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR);
}
if ($telephone == '') {
$errors = 1;
$errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strTelephone}'"), E_USER_ERROR);
}
// edit site if no errors
if ($errors == 0) {
replace_tags(3, $site, $tags);
if (isset($licenserx)) {
$licenserx = '1';
} else {
$licenserx = '0';
}
// update site
if ($active == 'true') {
$activeStr = 'true';
} else {
$activeStr = 'false';
}
}
$percent = number_format($average / $maxscore * 100, 0);
$totalresult += $average;
$qanswer[$qrow->taborder] += $average;
$qavgavg = $qanswer[$qrow->taborder];
}
$prevcontactid = $mrow->contactid;
}
echo "<h2>{$strSummary}</h2><p>{$strShowPositivityGraph}:</p>";
$adjust = 13;
$min = 4;
for ($i = 0; $i <= 10; $i++) {
if ($countcontacts > 0) {
$weighted = number_format($counter[$i] / $countcontacts * 100, 0);
} else {
$weighted = 0;
}
echo "<div style='background: #B";
echo dechex(floor($i * 1.5));
echo "0; color: #FFF; float:left; width: " . ($min + $weighted * $adjust) . "px;'> </div> ";
echo $i * 10;
if ($i < 10) {
echo " - ";
echo $i * 10 + 9;
}
echo "% ({$weighted}%)<br />";
}
} else {
echo user_alert($strNoFeedbackFound, E_USER_WARNING);
}
echo "</div>\n";
echo "</form>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
// FIXME these errors need tidying INL 9Jun08
// Add product information
$errors = 0;
include APPLICATION_INCPATH . 'htmlheader.inc.php';
// check for blank product
if ($product == 0) {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProduct}'"), E_USER_ERROR);
}
// check for blank information
if ($information == '') {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strQuestion}'"), E_USER_ERROR);
}
// add product information if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbProductInfo}` (productid, information, moreinformation) ";
$sql .= "VALUES ('{$product}', '{$information}', '{$moreinformation}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$result) {
echo "<p class='error'>" . sprintf($strAddXfailed, $strProductInformation) . "\n";
} else {
journal(CFG_LOGGING_NORMAL, 'Product Info Added', "Info was added to Product {$product}", CFG_JOURNAL_PRODUCTS, $product);
html_redirect("products.php?productid={$product}");
exit;
// This file is to be included on any portal page that requires authentication
// This file must be included before any page output
// Prevent script from being run directly (ie. it must always be included
if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) {
exit;
}
session_name($CONFIG['session_name']);
session_start();
if (!isset($accesslevel)) {
include APPLICATION_INCPATH . 'portalheader.inc.php';
echo user_alert("{$strPermissionDenied}: \$accesslevel not set", E_USER_ERROR);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
exit;
} elseif ($accesslevel == 'admin' and $_SESSION['usertype'] != 'admin' and $_SESSION['portalauth'] == TRUE) {
include APPLICATION_INCPATH . 'portalheader.inc.php';
echo user_alert($strPermissionDenied, E_USER_ERROR);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
exit;
}
if ($CONFIG['portal'] == FALSE) {
// portal disabled
$_SESSION['portalauth'] = FALSE;
$page = $_SERVER['PHP_SELF'];
if (!empty($_SERVER['QUERY_STRING'])) {
$page .= '?' . $_SERVER['QUERY_STRING'];
}
$page = urlencode($page);
header("Location: {$CONFIG['application_webpath']}index.php?id=2&page={$page}");
exit;
}
// Check session is authenticated, if not redirect to login page
}
}
if (!empty($newpass) and empty($newpass2)) {
$errors++;
$_SESSION['formerrors']['portalcontactdetails'] .= "<p class='error'>{$strYouMustEnterYourNewPasswordTwice}</p>\n";
} elseif ($newpass != $newpass2) {
$errors++;
$_SESSION['formerrors']['portalcontactdetails'] .= "<p class='error'>{$strPasswordsDoNotMatch}</p>";
}
if ($surname == '') {
$errors++;
$_SESSION['formerrors']['portalcontactdetails'] .= "<p class='error'>" . sprintf($strYouMustEnter, $strSurname) . "</p>\n";
}
if ($email == '' or $email == 'none' or $email == 'n/a') {
$errors++;
$_SESSION['formerrors']['portalcontactdetails'] .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR);
}
if ($errors == 0) {
$updatesql = "UPDATE `{$dbContacts}` SET username='******', forenames='{$forenames}', surname='{$surname}', ";
$updatesql .= "department='{$department}', address1='{$address1}', address2='{$address2}', ";
$updatesql .= "county='{$county}', country='{$country}', postcode='{$postcode}', ";
$updatesql .= "phone='{$phone}', mobile='{$mobile}', fax='{$fax}', email='{$email}'";
if ($newpass != '') {
$updatesql .= ", password=MD5('{$newpass}') ";
}
$updatesql .= "WHERE id='{$id}'";
mysql_query($updatesql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
if ($_SESSION['contactid'] != $id) {
} else {
$licence_type = "'{$licence_type}'";
}
// NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0
$sql = "INSERT INTO `{$dbMaintenance}` (site, product, reseller, expirydate, licence_quantity, licence_type, notes, ";
$sql .= "admincontact, servicelevelid, incidentpoolid, incident_quantity, productonly, term, supportedcontacts, allcontactssupported) ";
$sql .= "VALUES ('{$site}', '{$product}', {$reseller}, '{$expirydate}', '{$licence_quantity}', {$licence_type}, '{$notes}', ";
$sql .= "'{$admincontact}', '{$servicelevelid}', '{$incidentpoolid}', '{$incident_quantity}', '{$productonly}', '{$term}', '{$numcontacts}', '{$allcontacts}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$maintid = mysql_insert_id();
if (!$result) {
$addition_errors = 1;
$addition_errors_string .= user_alert($strAdditionFail, E_USER_WARNING);
}
// Add service
$sql = "INSERT INTO `{$dbService}` (contractid, startdate, enddate, creditamount, unitrate, incidentrate, foc) ";
$sql .= "VALUES ('{$maintid}', '{$startdate}', '{$enddate}', '{$amount}', '{$unitrate}', '{$incidentrate}', '{$foc}')";
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_affected_rows() < 1) {
trigger_error("Insert failed", E_USER_ERROR);
}
$serviceid = mysql_insert_id();
update_contract_balance($maintid, $strNewContract, $amount, $serviceid);
if ($addition_errors == 1) {
// show addition error message
// VALIDATION CHECKS */
// check for blank name
if ($surname == '') {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSurname}'"), E_USER_ERROR);
}
// check for blank site
if ($siteid == '') {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSiteName}'"), E_USER_ERROR);
}
// check for blank name
if ($email == '' or $email == 'none' or $email == 'n/a') {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strEmail}'"), E_USER_ERROR);
echo user_alert($strMustEnterEmail, E_USER_ERROR);
}
// check for blank contact id
if ($contact == '') {
$errors = 1;
trigger_error("Something weird has happened, better call technical support", E_USER_ERROR);
}
// edit contact if no errors
if ($errors == 0) {
// update contact
if ($dataprotection_email != '') {
$dataprotection_email = 'Yes';
} else {
$dataprotection_email = 'No';
}
if ($dataprotection_phone != '') {
