AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
$description = $DB->sanitize($_REQUEST["Description"]);
$sql = "INSERT INTO storagelocations (storagelocation_name, description ) VALUES ('" . $StorageLocationName . "', '" . $description . "')";
$DB->execute_nonquery($sql);
$DB->addHistory('storagelocations', $_SESSION["user_id"], "insert", "");
header("Location: ManageStorage.php");
}
}
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
<div id="bullets">
<div class="navHeaderdiv"><h1>Locations</h1></div>
<div class="navBulletBorderTop"></div>
<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Location</a></div>
<div class="navBulletBorderBottom"></div>
</div>
<div class="navPageSpacing"></div>
</div>
$ContactCity = $DB->sanitize($_REQUEST["ContactCity"]);
$ContactState = $DB->sanitize($_REQUEST["ContactState"]);
$ContactZipCode = $DB->sanitize($_REQUEST["ContactZipCode"]);
$ContactPhone = $DB->sanitize($_REQUEST["ContactPhone"]);
$ContactCell = $DB->sanitize($_REQUEST["ContactCell"]);
$dtoffice = "";
$firephp->log($_REQUEST["dtoffice"]);
if (isset($_REQUEST["dtoffice"])) {
$firephp->log("DT Set");
$dtoffice = $DB->sanitize($_REQUEST["dtoffice"]);
}
if ($action == "addNew" && !$user_id) {
$sql = "INSERT INTO users (Username, user_password, FirstName, LastName, permission_role, team_id, License, Social, BirthDate, Address, Address2, HomeType, City, State, ZipCode, Phone, Cell, ContactFirstName, ContactLastName, ContactAddress, ContactAddress2, ContactCity, ContactState, ContactZipCode, ContactPhone, ContactCell, dtoffice) VALUES ('" . $Username . "', MD5('" . $Password . "'), '" . $FirstName . "', '" . $LastName . "', '" . $Role . "', " . $Team . ", '" . $License . "', '" . $Social . "', '" . $BirthDate . "', '" . $Address1 . "', '" . $Address2 . "', '" . $HomeType . "', '" . $City . "', '" . $State . "', '" . $ZipCode . "', '" . $Phone . "', '" . $Cell . "', '" . $ContactFirstName . "', '" . $ContactLastName . "', '" . $ContactAddress1 . "', '" . $ContactAddress2 . "', '" . $ContactCity . "', '" . $ContactState . "', '" . $ContactZipCode . "', '" . $ContactPhone . "', '" . $ContactCell . "', '" . $dtoffice . "')";
$firephp->log($sql);
$DB->execute_nonquery($sql);
$DB->addHistory('users', $_SESSION["user_id"], "insert", "");
header("Location: ManageUsers.php");
}
if ($action == "update") {
$Action = "update";
$sql = "UPDATE users SET FirstName = '" . $FirstName . "', LastName = '" . $LastName . "', permission_role = '" . $Role . "', team_id = '" . $Team . "', License = '" . $License . "', Social = '" . $Social . "', BirthDate = '" . $BirthDate . "', Address = '" . $Address1 . "', Address2 = '" . $Address2 . "', HomeType = '" . $HomeType . "', City = '" . $City . "', State = '" . $State . "', ZipCode = '" . $ZipCode . "', Phone = '" . $Phone . "', Cell = '" . $Cell . "', ContactFirstName = '" . $ContactFirstName . "', ContactLastName = '" . $ContactLastName . "', ContactAddress = '" . $ContactAddress1 . "', ContactAddress2 = '" . $ContactAddress2 . "', ContactCity = '" . $ContactCity . "', ContactState = '" . $ContactState . "', ContactZipCode = '" . $ContactZipCode . "', ContactPhone = '" . $ContactPhone . "', ContactCell = '" . $ContactCell . "', dtoffice = '" . $dtoffice . "' WHERE user_id = " . $user_id;
$DB->execute_nonquery($sql);
$DB->addHistory('users', $_SESSION["user_id"], "update", "");
if ($Password && $Password != "dummytext") {
$sql = "UPDATE users SET user_password = MD5('" . $Password . "') WHERE user_id = " . $user_id;
$DB->execute_nonquery($sql);
$DB->addHistory('users', $_SESSION["user_id"], "update", "");
}
header("Location: ManageUsers.php");
}
}
$LastName = $DB->sanitize($_REQUEST["LastName"]);
$user_id = $DB->sanitize($_REQUEST["user_id"]);
$team_id = $DB->sanitize($_REQUEST["team_id"]);
$status = $DB->sanitize($_REQUEST["Status"]);
$perm = $DB->sanitize($_REQUEST["perm"]);
$sender = $DB->sanitize($_REQUEST["sender"]);
$sql = "UPDATE users SET Username = '******', FirstName = '" . $FirstName . "', LastName = '" . $LastName . "', team_id = " . $team_id . ", Status='" . $status . "', permission_role = " . $perm . " WHERE user_id = " . $user_id;
$DB->execute_nonquery($sql);
$sql = "SELECT users.*, teams.team_name from users left outer join teams on users.team_id = teams.team_id where user_id = " . $user_id . " and users.status != 'deleted'";
$error = $sql;
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
$retArray[] = $row;
$output = $retArray;
}
$DB->addHistory('users', $sender, "update", $username);
$DB->close();
}
if ($id == "updateInventoryStatus") {
if (!UserMay("EditInventory")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
$date = $DB->sanitize($_REQUEST["date"]);
$inventory_id = $DB->sanitize($_REQUEST["inventory_id"]);
$status = $DB->sanitize($_REQUEST["status"]);
$statusdata = $DB->sanitize($_REQUEST["statusdata"]);
$statusdate = $DB->sanitize($_REQUEST["date"]);
$receivedDate = $DB->sanitize($_REQUEST["receivedDate"]);
$statusdatatext = '';
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if (isset($_REQUEST["Action"])) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$ProductType = $DB->sanitize($_REQUEST["ProductType"]);
$ProductName = $DB->sanitize($_REQUEST["ProductName"]);
$ProductModel = $DB->sanitize($_REQUEST["ProductModel"]);
$ProductDescription = $DB->sanitize($_REQUEST["ProductDescription"]);
$sql = "INSERT INTO products (product_type, product_name, product_model, product_description) VALUES ('" . $ProductType . "', '" . $ProductName . "', '" . $ProductModel . "', '" . $ProductDescription . "')";
$DB->execute_nonquery($sql);
$DB->addHistory('products', $_SESSION["user_id"], "insert", "");
header("Location: ManageProducts.php");
}
}
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
<div id="bullets">
<div class="navHeaderdiv"><h1>Products</h1></div>
<div class="navBulletBorderTop"></div>
<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Product</a></div>
<div class="navBulletBorderBottom"></div>
</div>
<div class="navPageSpacing"></div>
AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$TeamName = $DB->sanitize($_REQUEST["tbTeamName"]);
$TeamLeader = $DB->sanitize($_REQUEST["ddlTeamLeader"]);
$sql = "INSERT INTO teams (team_name, team_leader) VALUES ('" . $TeamName . "', " . $TeamLeader . ")";
$DB->execute_nonquery($sql);
$DB->addHistory('teams', $_SESSION["user_id"], "insert", "");
header("Location: ManageTeams.php");
}
}
}
$users = $DB->getUsers();
$DB->close();
?>
<div class="navMenu" id="navMenu">
<div id="bullets">
<div class="navHeaderdiv"><h1>Teams</h1></div>
<div class="navBulletBorderTop"></div>
<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Team</a></div>
<div class="navBulletBorderBottom"></div>