$edate = $mysqli->real_escape_string($_POST["edate"]);
$eamount = $mysqli->real_escape_string(clean($_POST["eamount"]));
if ($ename == '' or $eamount == '') {
$msgBox = alertBox($MessageEmpty);
} else {
if ($eamount < 0) {
$msgBoxExpense = alertBox($NegativeAmount);
} else {
//add new expense
$sql = "INSERT INTO bills (UserId, Title, Dates, CategoryId, AccountId, Amount, Description) VALUES (?,?,?,?,?,?,?)";
if ($statement = $mysqli->prepare($sql)) {
//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)
$statement->bind_param('issiiss', $euser, $ename, $edate, $ecategory, $eaccount, $eamount, $edescription);
$statement->execute();
}
$msgBoxExpense = alertBox($SaveMsgExpense);
}
}
}
?>
<!-- Page Content -->
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header"><?php
echo $Transaction;
?>
</h1>
</div>
$paypalEmail = $mysqli->real_escape_string($_POST['paypalEmail']);
$stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\t\t\t\tsitesettings\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tenablePayments = ?,\n\t\t\t\t\t\t\t\t\t\tpaymentCurrency = ?,\n\t\t\t\t\t\t\t\t\t\tpaymentCompleteMsg = ?,\n\t\t\t\t\t\t\t\t\t\tpaypalEmail = ?,\n\t\t\t\t\t\t\t\t\t\tpaypalItemName = ?,\n\t\t\t\t\t\t\t\t\t\tpaypalFee = ?\n\t\t\t\t");
$stmt->bind_param('ssssss', $enablePayments, $paymentCurrency, $paymentCompleteMsg, $paypalEmail, $paypalItemName, $paypalFee);
$stmt->execute();
$msgBox = alertBox($paymentSettingsSavedMsg, "<i class='fa fa-check-square'></i>", "success");
$stmt->close();
}
}
}
}
}
} else {
$stmt = $mysqli->prepare("UPDATE sitesettings SET enablePayments = ? ");
$stmt->bind_param('s', $enablePayments);
$stmt->execute();
$msgBox = alertBox($paymentSettingsSavedMsg, "<i class='fa fa-check-square'></i>", "success");
$stmt->close();
}
}
// Get Data
$sqlStmt = "SELECT\n\t\t\t\t\tinstallUrl,\n\t\t\t\t\tlocalization,\n\t\t\t\t\tsiteName,\n\t\t\t\t\tbusinessName,\n\t\t\t\t\tbusinessAddress,\n\t\t\t\t\tbusinessEmail,\n\t\t\t\t\tbusinessPhone,\n\t\t\t\t\tuploadPath,\n\t\t\t\t\ttemplatesPath,\n\t\t\t\t\tfileTypesAllowed,\n\t\t\t\t\tavatarFolder,\n\t\t\t\t\tavatarTypes,\n\t\t\t\t\tallowRegistrations,\n\t\t\t\t\tenablePayments,\n\t\t\t\t\tpaymentCurrency,\n\t\t\t\t\tpaymentCompleteMsg,\n\t\t\t\t\tpaypalEmail,\n\t\t\t\t\tpaypalItemName,\n\t\t\t\t\tpaypalFee\n\t\t\t\tFROM\n\t\t\t\t\tsitesettings";
$res = mysqli_query($mysqli, $sqlStmt) or die('-1' . mysqli_error());
$row = mysqli_fetch_assoc($res);
if ($row['localization'] == 'ar') {
$ar = 'selected';
} else {
$ar = '';
}
if ($row['localization'] == 'bg') {
$bg = 'selected';
} else {
$statement->execute();
}
$msgBox = alertBox($UpdateMsgCategory);
}
// add new category
if (isset($_POST['submit'])) {
$category = $mysqli->real_escape_string($_POST["category"]);
$level = 2;
//add new category
$sql = "INSERT INTO category (UserId, CategoryName, Level) VALUES (?,?,?)";
if ($statement = $mysqli->prepare($sql)) {
//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)
$statement->bind_param('isi', $UserId, $category, $level);
$statement->execute();
}
$msgBox = alertBox($SaveMsgCategory);
}
//Get list category
$GetList = "SELECT CategoryId, CategoryName FROM category WHERE Level = 2 AND UserId = {$UserId} ORDER BY CategoryName ASC";
$GetListCategory = mysqli_query($mysqli, $GetList);
// Search category
if (isset($_POST['searchbtn'])) {
$SearchTerm = $_POST['search'];
$GetList = "SELECT CategoryId, CategoryName FROM category WHERE Level = 2 AND UserId = {$UserId} AND CategoryName\n\t\t\t\tlike '%{$SearchTerm}%' ORDER BY CategoryName ASC";
$GetListCategory = mysqli_query($mysqli, $GetList);
}
//Include Global page
include 'includes/global.php';
?>
<div id="page-wrapper">
if ($_POST['lastName'] == '') {
$msgBox = alertBox($yourLastNameReq, "<i class='fa fa-times-circle'></i>", "danger");
} else {
$userEmail = htmlspecialchars($_POST['userEmail']);
$firstName = htmlspecialchars($_POST['firstName']);
$lastName = htmlspecialchars($_POST['lastName']);
$receiveEmails = htmlspecialchars($_POST['recEmails']);
$stmt = $mysqli->prepare("UPDATE\r\n\t\t\t\t\t\t\t\t\t\tusers\r\n\t\t\t\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t\t\t\tuserEmail = ?,\r\n\t\t\t\t\t\t\t\t\t\tfirstName = ?,\r\n\t\t\t\t\t\t\t\t\t\tlastName = ?,\r\n\t\t\t\t\t\t\t\t\t\trecEmails = ?,\r\n\t\t\t\t\t\t\t\t\t\tlastUpdated = ?\r\n\t\t\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\t\t\tuserId = ?");
$stmt->bind_param('ssssss', $userEmail, $firstName, $lastName, $receiveEmails, $todayDt, $pw_userId);
$stmt->execute();
$stmt->close();
// Add Recent Activity
$activityType = '9';
$activityTitle = $myProfUpdAct;
updateActivity($pw_userId, $activityType, $activityTitle);
$msgBox = alertBox($myProfUpdMsg, "<i class='fa fa-check-square'></i>", "success");
}
}
}
}
// Get Data
$sql = "SELECT * FROM users WHERE userId = " . $pw_userId;
$res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error());
$row = mysqli_fetch_assoc($res);
if (!empty($row['firstName']) && $row['firstName'] != '') {
$firstName = clean($row['firstName']);
} else {
$firstName = '';
}
if (!empty($row['lastName']) && $row['lastName'] != '') {
$lastName = clean($row['lastName']);
$subject = $newPMEmailSubject . ' ' . $clientFullName;
$message = '<html><body>';
$message .= '<h3>' . $subject . '</h3>';
$message .= '<p>' . $messageText . '</p>';
$message .= '<hr>';
$message .= $emailLink;
$message .= $emailThankYou;
$message .= '</body></html>';
$headers = "From: " . $siteName . " <" . $businessEmail . ">\r\n";
$headers .= "Reply-To: " . $businessEmail . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if (mail($theEmail, $subject, $message, $headers)) {
$msgBox = alertBox($newPMSentConf, "<i class='fa fa-check-square'></i>", "success");
} else {
$msgBox = alertBox($emailErrorMsg, "<i class='fa fa-times-circle'></i>", "danger");
}
// Clear the Form of values
$_POST['messageTitle'] = $_POST['messageText'] = '';
$stmt->close();
}
}
}
// Include Pagination Class
include 'includes/pagination.php';
// Create new object & pass in the number of pages and an identifier
$pages = new paginator($pagPages, 'p');
// Get the number of total records
$rows = $mysqli->query("\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\tprivatemessages\n\t\t\tLEFT JOIN clients ON privatemessages.clientId = clients.clientId\n\t\t\tLEFT JOIN admins ON privatemessages.adminId = admins.adminId\n\t\tWHERE\n\t\t\tprivatemessages.toClientId = " . $clientId . " AND\n\t\t\tprivatemessages.toDeleted = 0 AND\n\t\t\tprivatemessages.toArchived = 1\n\t");
$total = mysqli_num_rows($rows);
// Pass the number of total records
}
// Clock a Manager Out
if (isset($_POST['submit']) && $_POST['submit'] == 'stopClock') {
$clockId = $mysqli->real_escape_string($_POST['clockId']);
$entryId = $mysqli->real_escape_string($_POST['entryId']);
$endTime = date("Y-m-d H:i:s");
// Stop Clock - Update the timeclock Record
$sqlstmt = $mysqli->prepare("\n\t\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\t\ttimeclock\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\trunning = 0\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tclockId = ?\n\t\t");
$sqlstmt->bind_param('s', $clockId);
$sqlstmt->execute();
$sqlstmt->close();
// Stop Clock - Update the time entry
$stmt = $mysqli->prepare("\n\t\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\t\ttimeentry\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tendTime = ?\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tentryId = ?\n\t\t");
$stmt->bind_param('ss', $endTime, $entryId);
$stmt->execute();
$msgBox = alertBox($mngrClockedOutMsg, "<i class='fa fa-check-square'></i>", "success");
$stmt->close();
}
// Get a list of all the Years
$a = "SELECT clockYear FROM timeclock GROUP BY clockYear";
$b = mysqli_query($mysqli, $a) or die('-1' . mysqli_error());
$yrs = array();
// Set each Year in an array
while ($year = mysqli_fetch_assoc($b)) {
$yrs[] = $year['clockYear'];
}
// Get a list of all the Managers
$c = "SELECT adminId FROM admins WHERE isActive = 1";
$d = mysqli_query($mysqli, $c) or die('-2' . mysqli_error());
// Set each Manager in an array
$mgrs = array();
} else {
if ($_POST['password_r'] == '') {
$msgBox = alertBox($retypeAccountPass, "<i class='fa fa-times-circle'></i>", "danger");
} else {
if ($_POST['password'] != $_POST['password_r']) {
$msgBox = alertBox($accountPassNotMatch, "<i class='fa fa-times-circle'></i>", "danger");
} else {
if (isset($_POST['password']) && $_POST['password'] != "") {
$password = encryptIt($_POST['password']);
} else {
$password = $_POST['passwordOld'];
}
$stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\t\tclients\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tpassword = ?\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\tclientId = ?");
$stmt->bind_param('ss', $password, $clientId);
$stmt->execute();
$msgBox = alertBox($accountPassUpdatedMsg, "<i class='fa fa-check-square'></i>", "success");
$stmt->close();
}
}
}
}
}
}
// Get Data
$query = "SELECT\n\t\t\t\tclientId,\n\t\t\t\tclientEmail,\n\t\t\t\tpassword,\n\t\t\t\tclientFirstName,\n\t\t\t\tclientLastName,\n\t\t\t\tCONCAT(clientFirstName,' ',clientLastName) AS clientName,\n\t\t\t\tclientCompany,\n\t\t\t\tclientBio,\n\t\t\t\tclientAddress,\n\t\t\t\tclientPhone,\n\t\t\t\tclientCell,\n\t\t\t\tclientAvatar,\n\t\t\t\tDATE_FORMAT(lastVisited,'%M %e, %Y at %l:%i %p') AS lastVisited,\n\t\t\t\tDATE_FORMAT(createDate,'%M %d, %Y') AS createDate\n\t\t\tFROM\n\t\t\t\tclients\n\t\t\tWHERE clientId = " . $clientId;
$res = mysqli_query($mysqli, $query) or die('-2' . mysqli_error());
$row = mysqli_fetch_assoc($res);
// Decrypt data
if ($row['clientAddress'] != '') {
$clientAddress = decryptIt($row['clientAddress']);
} else {
}
if ($isFiles != 'true') {
// Delete the DB Record
$stmt = $mysqli->prepare("DELETE FROM projectfolders WHERE folderId = ?");
$stmt->bind_param('s', $deleteId);
$stmt->execute();
// Delete the Folder on the host
if (is_dir($uploadsDir . $folderUrl)) {
rmdir($uploadsDir . $folderUrl);
$msgBox = alertBox("The Project Folder has been Deleted.", "<i class='fa fa-check-square'></i>", "success");
} else {
$msgBox = alertBox($deleteFolderErrorMsg, "<i class='fa fa-times-circle'></i>", "danger");
}
$stmt->close();
} else {
$msgBox = alertBox($foldNotEmptyMsg, "<i class='fa fa-times-circle'></i>", "danger");
}
}
// Include Pagination Class
include 'includes/getpagination.php';
$pages = new paginator($pagPages, 'p');
// Get the number of total records
$rows = $mysqli->query("SELECT * FROM projectfolders WHERE projectId = " . $projectId);
$total = mysqli_num_rows($rows);
// Pass the number of total records
$pages->set_total($total);
// Get Folder Data
$sql = "SELECT\n\t\t\t\tprojectfolders.folderId,\n\t\t\t\tprojectfolders.projectId,\n\t\t\t\tprojectfolders.adminId,\n\t\t\t\tprojectfolders.clientId,\n\t\t\t\tprojectfolders.folderTitle,\n\t\t\t\tprojectfolders.folderDesc,\n\t\t\t\tprojectfolders.folderUrl,\n\t\t\t\tDATE_FORMAT(projectfolders.folderDate,'%M %d, %Y') AS folderDate,\n\t\t\t\tUNIX_TIMESTAMP(projectfolders.folderDate) AS orderDate,\n\t\t\t\tCONCAT(clients.clientFirstName,' ',clients.clientLastName) AS theClient,\n\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\tFROM\n\t\t\t\tprojectfolders\n\t\t\t\tLEFT JOIN clients ON projectfolders.clientId = clients.clientId\n\t\t\t\tLEFT JOIN admins ON projectfolders.adminId = admins.adminId\n\t\t\tWHERE\n\t\t\t\tprojectfolders.projectId = " . $projectId . "\n\t\t\tORDER BY orderDate " . $pages->get_limit();
$res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error());
$query = "SELECT clientId, projectName FROM clientprojects WHERE projectId = " . $projectId;
$result = mysqli_query($mysqli, $query) or die('-2' . mysqli_error());
<?php
$pagPages = '10';
// Delete Manager Account
if (isset($_POST['submit']) && $_POST['submit'] == 'deleteAdmin') {
$adminId = $mysqli->real_escape_string($_POST['adminId']);
$stmt = $mysqli->prepare("DELETE FROM admins WHERE adminId = ?");
$stmt->bind_param('s', $adminId);
$stmt->execute();
$stmt->close();
$msgBox = alertBox($managerDeletedMsg, "<i class='fa fa-check-square'></i>", "success");
}
// Include Pagination Class
include 'includes/pagination.php';
// Create new object & pass in the number of pages and an identifier
$pages = new paginator($pagPages, 'p');
// Get the number of total records
$rows = $mysqli->query("SELECT * FROM clients WHERE isActive = 1");
$total = mysqli_num_rows($rows);
// Pass the number of total records
$pages->set_total($total);
// Get Data
$query = "SELECT\n\t\t\t\tadminId,\n\t\t\t\tadminEmail,\n\t\t\t\tCONCAT(adminFirstName,' ',adminLastName) AS theAdmin,\n\t\t\t\tadminPhone,\n\t\t\t\tisAdmin,\n\t\t\t\tadminRole,\n\t\t\t\tisArchived,\n\t\t\t\tDATE_FORMAT(archiveDate,'%M %e, %Y') AS archiveDate\n\t\t\tFROM\n\t\t\t\tadmins\n\t\t\tWHERE\n\t\t\t\tisActive = 0 AND\n\t\t\t\tisAdmin = 0\n\t\t\tORDER BY\n\t\t\t\tadminId " . $pages->get_limit();
$res = mysqli_query($mysqli, $query) or die('-1' . mysqli_error());
include 'includes/navigation.php';
if ($isAdmin != '1') {
?>
<div class="content">
<h3><?php
echo $accessErrorHeader;
?>
$message .= '<p>' . $resetPassEmail2 . '</p>';
$message .= '<p>' . $resetPassEmail3 . '</p>';
$message .= '<p>' . $emailThankYou . '</p>';
$message .= '</body></html>';
$headers = "From: " . $siteName . " <" . $businessEmail . ">\r\n";
$headers .= "Reply-To: " . $businessEmail . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if (mail($theEmail, $subject, $message, $headers)) {
$msgBox = alertBox($passwordResetMsg, "<i class='fa fa-check-square-o'></i>", "success");
$isReset = 'true';
$stmt->close();
}
} else {
// No account found
$msgBox = alertBox($noAccountFoundMsg, "<i class='fa fa-warning'></i>", "warning");
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php
echo $set['siteName'];
?>
· <?php
$entryUsername = null;
}
if ($_POST['entryUrl'] != '') {
$entryUrl = encodeIt($_POST['entryUrl']);
} else {
$entryUrl = null;
}
$stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\t\tentries\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tcatId = ?,\n\t\t\t\t\t\t\t\t\t\tentryTitle = ?,\n\t\t\t\t\t\t\t\t\t\tentryDesc = ?,\n\t\t\t\t\t\t\t\t\t\tentryUsername = ?,\n\t\t\t\t\t\t\t\t\t\tentryUrl = ?,\n\t\t\t\t\t\t\t\t\t\tentryNotes = ?,\n\t\t\t\t\t\t\t\t\t\tlastUpdated = ?\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\tentryId = ?");
$stmt->bind_param('ssssssss', $catId, $entryTitle, $entryDesc, $entryUsername, $entryUrl, $entryNotes, $todayDt, $entryId);
$stmt->execute();
$stmt->close();
// Add Recent Activity
$activityType = '8';
$activityTitle = $theEntryText . ' "' . $entryTitleOld . '" ' . $wasUpdatedText;
updateActivity($pw_userId, $activityType, $activityTitle);
$msgBox = alertBox($theEntryText . " \"" . $entryTitleOld . "\" " . $theCatUpdMsg2, "<i class='fa fa-check-square'></i>", "success");
}
}
}
// Get Entry Data
$sql = "SELECT\n\t\t\t\tentries.*,\n\t\t\t\tcategories.catId,\n\t\t\t\tcategories.catTitle,\n\t\t\t\tCONCAT(users.firstName,' ',users.lastName) AS entOwner\n\t\t\tFROM\n\t\t\t\tentries\n\t\t\t\tLEFT JOIN categories ON entries.catId = categories.catId\n\t\t\t\tLEFT JOIN users ON entries.userId = users.userId\n\t\t\tWHERE entries.entryId = " . $entryId;
$res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error());
$row = mysqli_fetch_assoc($res);
if (!empty($row['entryUsername']) && $row['entryUsername'] != '') {
$entryUsername = '******' . decodeIt($row['entryUsername']) . '<span>';
$entryUser = decodeIt($row['entryUsername']);
} else {
$entryUsername = $entryUser = '';
}
if (!empty($row['entryNotes']) && $row['entryNotes'] != '') {
$entryNotes = decodeIt($row['entryNotes']);
$msgBox = alertBox($catTitleReq, "<i class='fa fa-times-circle'></i>", "danger");
} else {
if ($_POST['catDesc'] == '') {
$msgBox = alertBox($catDescReq, "<i class='fa fa-times-circle'></i>", "danger");
} else {
$catTitle = htmlspecialchars($_POST['catTitle']);
$catDesc = htmlspecialchars($_POST['catDesc']);
$stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\tcategories(\n\t\t\t\t\t\t\t\t\t\tuserId,\n\t\t\t\t\t\t\t\t\t\tcatTitle,\n\t\t\t\t\t\t\t\t\t\tcatDesc,\n\t\t\t\t\t\t\t\t\t\tcatDate,\n\t\t\t\t\t\t\t\t\t\tipAddress\n\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t)\n\t\t\t");
$stmt->bind_param('sssss', $pw_userId, $catTitle, $catDesc, $todayDt, $actIp);
$stmt->execute();
$stmt->close();
// Add Recent Activity
$activityType = '7';
$activityTitle = $newCatNavLink . ' "' . $catTitle . ' ' . $createdText;
updateActivity($pw_userId, $activityType, $activityTitle);
$msgBox = alertBox($newcatMsg1 . " " . $catTitle . " " . $newcatMsg2, "<i class='fa fa-check-square'></i>", "success");
// Clear the Form of values
$_POST['catTitle'] = $_POST['catDesc'] = '';
}
}
}
$catsPage = 'true';
$pageTitle = $newCatNavLink;
include 'includes/header.php';
?>
<h3 class="mb-20">Create a <?php
echo $pageTitle;
?>
</h3>
<?php
if ($msgBox) {
$stmt->close();
} else {
$msgBox = alertBox($mngrStatusError1, "<i class='fa fa-warning'></i>", "warning");
}
} else {
$msgBox = alertBox($mngrStatusError2, "<i class='fa fa-warning'></i>", "warning");
}
}
// Update Manager Type
if (isset($_POST['submit']) && $_POST['submit'] == 'managerType') {
$superuser = $mysqli->real_escape_string($_POST['superuser']);
$adminRole = $mysqli->real_escape_string($_POST['adminRole']);
$stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\tadmins\n\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\tisAdmin = ?,\n\t\t\t\t\t\t\t\t\tadminRole = ?\n\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\tadminId = ?");
$stmt->bind_param('sss', $superuser, $adminRole, $aId);
$stmt->execute();
$msgBox = alertBox($mngrTypeUpdatedMsg, "<i class='fa fa-check-square'></i>", "success");
$stmt->close();
}
// Get Data
$query = "SELECT\n\t\t\t\tadminId,\n\t\t\t\tadminEmail,\n\t\t\t\tpassword,\n\t\t\t\tadminFirstName,\n\t\t\t\tadminLastName,\n\t\t\t\tCONCAT(adminFirstName,' ',adminLastName) AS theAdmin,\n\t\t\t\tadminBio,\n\t\t\t\tadminAddress,\n\t\t\t\tadminPhone,\n\t\t\t\tadminCell,\n\t\t\t\tadminAvatar,\n\t\t\t\tadminNotes,\n\t\t\t\tDATE_FORMAT(lastVisited,'%M %e, %Y at %l:%i %p') AS lastVisited,\n\t\t\t\tDATE_FORMAT(createDate,'%M %d, %Y') AS createDate,\n\t\t\t\tisAdmin,\n\t\t\t\tadminRole,\n\t\t\t\tisActive,\n\t\t\t\tisArchived,\n\t\t\t\tDATE_FORMAT(archiveDate,'%M %d, %Y') AS archiveDate\n\t\t\tFROM\n\t\t\t\tadmins\n\t\t\tWHERE adminId = " . $aId;
$res = mysqli_query($mysqli, $query) or die('-1' . mysqli_error());
$row = mysqli_fetch_assoc($res);
// Decrypt data
if ($row['adminAddress'] != '') {
$adminAddress = decryptIt($row['adminAddress']);
} else {
$adminAddress = '';
}
if ($row['adminPhone'] != '') {
$adminPhone = decryptIt($row['adminPhone']);
} else {
$msgBox = alertBox("Please enter a valid email for the Primary Admin. Email addresses are used as your account login.", "<i class='fa fa-times-circle'></i>", "danger");
} else {
if ($_POST['password'] == '') {
$msgBox = alertBox("Please enter a password for the Primary Admin's Account.", "<i class='fa fa-times-circle'></i>", "danger");
} else {
if ($_POST['r-password'] == '') {
$msgBox = alertBox("Please re-enter the password for the Primary Admin's Account.", "<i class='fa fa-times-circle'></i>", "danger");
} else {
if ($_POST['password'] != $_POST['r-password']) {
$msgBox = alertBox("The password for the Primary Admin's Account does not match.", "<i class='fa fa-times-circle'></i>", "danger");
} else {
if ($_POST['adminFirstName'] == '') {
$msgBox = alertBox("Please enter the Primary Admin's First Name.", "<i class='fa fa-times-circle'></i>", "danger");
} else {
if ($_POST['adminLastName'] == '') {
$msgBox = alertBox("Please enter the Primary Admin's Last Name.", "<i class='fa fa-times-circle'></i>", "danger");
} else {
$installUrl = $mysqli->real_escape_string($_POST['installUrl']);
$siteName = $mysqli->real_escape_string($_POST['siteName']);
$businessName = $mysqli->real_escape_string($_POST['businessName']);
$businessAddress = $_POST['businessAddress'];
$businessEmail = $mysqli->real_escape_string($_POST['businessEmail']);
$businessPhone = $mysqli->real_escape_string($_POST['businessPhone']);
$uploadPath = $mysqli->real_escape_string($_POST['uploadPath']);
$templatesPath = $mysqli->real_escape_string($_POST['templatesPath']);
$fileTypesAllowed = $mysqli->real_escape_string($_POST['fileTypesAllowed']);
$avatarFolder = $mysqli->real_escape_string($_POST['avatarFolder']);
$avatarTypes = $mysqli->real_escape_string($_POST['avatarTypes']);
// Add data to the siteSettings Table
$stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tsitesettings(\n\t\t\t\t\t\t\t\t\t\t\tinstallUrl,\n\t\t\t\t\t\t\t\t\t\t\tsiteName,\n\t\t\t\t\t\t\t\t\t\t\tbusinessName,\n\t\t\t\t\t\t\t\t\t\t\tbusinessAddress,\n\t\t\t\t\t\t\t\t\t\t\tbusinessEmail,\n\t\t\t\t\t\t\t\t\t\t\tbusinessPhone,\n\t\t\t\t\t\t\t\t\t\t\tuploadPath,\n\t\t\t\t\t\t\t\t\t\t\ttemplatesPath,\n\t\t\t\t\t\t\t\t\t\t\tfileTypesAllowed,\n\t\t\t\t\t\t\t\t\t\t\tavatarFolder,\n\t\t\t\t\t\t\t\t\t\t\tavatarTypes\n\t\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t\t)");
$stmt->bind_param('sssssssssss', $installUrl, $siteName, $businessName, $businessAddress, $businessEmail, $businessPhone, $uploadPath, $templatesPath, $fileTypesAllowed, $avatarFolder, $avatarTypes);
<?php
require_once './session_login.inc.php';
function alertBox($alerttext)
{
echo '<script type="text/javascript">alert("' . $alerttext . '");window.history.back();</script>';
}
$class = $_REQUEST['class'];
if (empty($class)) {
alertBox("Error!!!:Please check value of class in URL");
} else {
if (!($class == "1" || $class == "2" || $class == "3" || $class == "4" || $class == "wifi")) {
alertBox("Error!!!:Please check value of class in URL");
}
}
$servername = "localhost";
$username = "******";
$password = "******";
$dbname = "dhcp";
$con = mysql_connect($servername, $username, $password) or die(mysql_error("Error connect"));
mysql_select_db($dbname) or die(mysql_error("Error database"));
$query_all_data = 'SELECT * FROM `class' . $class . '`';
$all_data = mysql_query($query_all_data);
$query_range = 'SELECT * FROM `class_range` WHERE `class` = ' . $class;
$range = mysql_query($query_range);
while ($ip_range = mysql_fetch_array($range)) {
$ip_start = $ip_range["ip_start"];
$ip_end = $ip_range["ip_end"];
}
?>
<!DOCTYPE html>
$message .= '<p>' . $invNotes . '</p>';
$message .= '<hr>';
$message .= '<p>' . $emailLink . '</p>';
$message .= '<p>' . $emailThankYou . '</p>';
$message .= '</body></html>';
$headers = "From: " . $siteName . " <" . $businessEmail . ">\r\n";
$headers .= "Reply-To: " . $businessEmail . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if (mail($clientEmail, $subject, $message, $headers)) {
$msgBox = alertBox($invCreatedEmailSent, "<i class='fa fa-check-square'></i>", "success");
} else {
$msgBox = alertBox($emailErrorMsg, "<i class='fa fa-warning'></i>", "warning");
}
} else {
$msgBox = alertBox($invCreatedNoEmail, "<i class='fa fa-check-square'></i>", "success");
}
// Clear the Form of values
$_POST['invoiceDue'] = $_POST['invoiceTitle'] = $_POST['invoiceNotes'] = '';
}
}
}
}
// Include Pagination Class
include 'includes/pagination.php';
// Create new object & pass in the number of pages and an identifier
$pages = new paginator($pagPages, 'p');
// Get the number of total records
$cols = $mysqli->query("SELECT * FROM invoices");
$total = mysqli_num_rows($cols);
// Pass the number of total records
<?php
// Mark all active Logs as Deleted
if (isset($_POST['submit']) && $_POST['submit'] == 'deleteLogs') {
$stmt = $mysqli->prepare("UPDATE activity SET markDeleted = 1 WHERE markDeleted = 0");
$stmt->execute();
$stmt->close();
// Add Recent Activity
$activityType = '10';
$activityTitle = $delLogsAct;
updateActivity($pw_userId, $activityType, $activityTitle);
$msgBox = alertBox($delLogsMsg, "<i class='fa fa-check-square'></i>", "success");
}
// Get Data
$sql = "SELECT\n\t\t\t\tactivity.*,\n\t\t\t\tusers.userEmail,\n\t\t\t\tCONCAT(users.firstName,' ',users.lastName) AS activityBy\n\t\t\tFROM\n\t\t\t\tactivity\n\t\t\t\tLEFT JOIN users ON activity.userId = users.userId\n\t\t\tWHERE markDeleted = 0";
$res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error());
$mngPage = 'true';
$pageTitle = $activityLogsPageTitle;
$addCss = '<link href="css/dataTables.css" rel="stylesheet">';
$dataTables = 'true';
$jsFile = 'activityLogs';
include 'includes/header.php';
if ($pw_superUser != '') {
?>
<h3 class="mb-20"><?php
echo $pageTitle;
?>
</h3>
<?php
if ($msgBox) {
echo $msgBox;
$GetAccountId = "SELECT AccountId FROM assets WHERE UserId = {$UserId} and AssetsId = {$IncomeIds}";
$AccountId = mysqli_query($mysqli, $GetAccountId);
$ColId = mysqli_fetch_array($AccountId);
$AccId = $ColId['AccountId'];
//Delete Income
$Delete = "DELETE FROM assets WHERE AssetsId = {$IncomeIds}";
$DeleteI = mysqli_query($mysqli, $Delete);
//Update Total Income
$TotalIncome = "UPDATE totals SET totals.Totals = (SELECT SUM(Amount) FROM assets where assets.UserId = {$UserId} AND assets.AccountId = totals.AccountId) \n" . "\tWHERE totals.UserId = {$UserId} AND totals.AccountId = {$AccId}";
$UpdateTotalIncome = mysqli_query($mysqli, $TotalIncome);
if (!$UpdateTotalIncome) {
$Gagal = "QUERY ERROR";
$msgBox = alertBox($Gagal);
}
//$msgBox = alertBox($AccId);
$msgBox = alertBox($DeleteIncome);
}
//Get Report bills History
$GetExpenseHistory = "SELECT * from bills left join category on bills.CategoryId = category.CategoryId left join account on bills.AccountId = account.AccountId where bills.UserId = {$UserId} ORDER BY bills.Dates DESC";
$ExpenseHistory = mysqli_query($mysqli, $GetExpenseHistory);
// Get all Expense
$GetAllBillsOverall = "SELECT SUM(Amount) AS Amount FROM bills WHERE UserId = {$UserId} ";
$GetABillsOverall = mysqli_query($mysqli, $GetAllBillsOverall);
$BillsColOverall = mysqli_fetch_assoc($GetABillsOverall);
$BillsOverall = $BillsColOverall['Amount'];
// Get all by month Expense
$GetAllBillsDate = "SELECT SUM(Amount) AS Amount FROM bills WHERE UserId = {$UserId} AND MONTH(Dates) = MONTH (CURRENT_DATE())";
$GetABillsDate = mysqli_query($mysqli, $GetAllBillsDate);
$BillsColDate = mysqli_fetch_assoc($GetABillsDate);
$BillThisMonth = $BillsColDate['Amount'];
// Get all by today Expense
$msgBox = alertBox($PwdNotSame);
} else {
// Set new account
$Email = $mysqli->real_escape_string($_POST['email']);
$Password = encryptIt($_POST['password']);
$FirstName = $mysqli->real_escape_string($_POST['firstname']);
$LastName = $mysqli->real_escape_string($_POST['lastname']);
$Currency = $mysqli->real_escape_string($_POST['currency']);
// add new account
$sql = "UPDATE user SET FirstName = ?, LastName = ?, Email = ?, Password = ?, Currency = ? WHERE UserId = {$UserId}";
if ($statement = $mysqli->prepare($sql)) {
//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)
$statement->bind_param('sssss', $FirstName, $LastName, $Email, $Password, $Currency);
$statement->execute();
}
$msgBox = alertBox($SuccessAccountUpdate);
}
}
}
// Get User Info
$GetUsers = "SELECT FirstName, LastName, Email, Currency, Password from user WHERE UserId = {$UserId}";
$GetUserq = mysqli_query($mysqli, $GetUsers);
$UserInfos = mysqli_fetch_assoc($GetUserq);
//Include Global page
include 'includes/global.php';
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header"><?php
} else {
if ($squid_c == "2") {
if ($l != 4) {
alertBox("Please check syntax of bandwidth shaping");
$checkE2 = FALSE;
}
} else {
if ($squid_c == "3") {
if ($l != 6) {
alertBox("Please check syntax of bandwidth shaping");
$checkE2 = FALSE;
}
} else {
if ($squid_c == "4") {
if ($l != 8) {
alertBox("Please check syntax of bandwidth shaping");
$checkE2 = FALSE;
}
} else {
if ($squid_c == "5") {
//if($l != 2) {alertBox("Please check syntax of bandwidth shaping");}
}
}
}
}
}
}
if ($checkE1 && $checkE2) {
$query_update = 'UPDATE `class_squid` SET `class`=' . $squid_c . ' , `bw` = ' . $bw . 'WHERE user_class=' . $user_c;
mysql_query($query_update) or die(mysql_error());
header('Location: squid.php');
$dateIn = sanitize_text_field($_POST['dateIn']);
$timeIn = sanitize_text_field($_POST['timeIn']);
$dateOut = sanitize_text_field($_POST['dateOut']);
$timeOut = sanitize_text_field($_POST['timeOut']);
$startTime = $dateIn . ' ' . $timeIn . ':00';
$endTime = $dateOut . ' ' . $timeOut . ':00';
$entryType = '3';
// Edit the Record
$wpdb->update($table_name_timeentry, array('startTime' => $startTime, 'endTime' => $endTime, 'entryType' => $entryType), array('entryId' => $entryId));
$editReason = sanitize_text_field($_POST['editReason']);
$editedDate = date("Y-m-d H:i:s");
$origStartTime = sanitize_text_field($_POST['origStartTime']);
$origEndTime = sanitize_text_field($_POST['origEndTime']);
// Add a record of the Edit
$wpdb->insert($table_name_timeedits, array('entryId' => $entryId, 'editedBy' => $user_id, 'editedDate' => $editedDate, 'origStartTime' => $origStartTime, 'origEndTime' => $origEndTime, 'editedStartTime' => $startTime, 'editedEndTime' => $endTime, 'editReason' => $editReason));
$msgBox = alertBox($timeRecUpdatedMsg, "<i class='fa fa-check-square'></i>", "success");
// Clear the Form of values
$_POST['editReason'] = '';
}
}
}
}
}
}
// Get Data
$row = $wpdb->get_row($query = "SELECT\r\n\t\t\t\t{$table_name_timeentry}.entryId,\r\n\t\t\t\t{$table_name_timeentry}.clockId,\r\n\t\t\t\t{$table_name_timeentry}.user_id,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.entryDate,'%M %d, %Y') AS entryDate,\r\n\t\t\t\t{$table_name_timeentry}.startTime,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%Y-%m-%d') AS startDate,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%M %d, %Y') AS dateStarted,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%h:%i %p') AS hourStarted,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%H:%i') AS hourIn,\r\n\t\t\t\t{$table_name_timeentry}.endTime,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%Y-%m-%d') AS endDate,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%M %d, %Y') AS dateEnded,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%h:%i %p') AS hourEnded,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%H:%i') AS hourOut,\r\n\t\t\t\t{$table_name_timeentry}.entryType,\r\n\t\t\t\t{$table_name_timeclock}.weekNo,\r\n\t\t\t\t{$table_name_timeclock}.clockYear,\r\n\t\t\t\t{$table_name_timeclock}.running,\r\n\t\t\t\tCONCAT({$table_name_employees}.user_id,' ','user') AS theEmp\r\n\t\t\tFROM\r\n\t\t\t\t{$table_name_timeentry}\r\n\t\t\t\tLEFT JOIN {$table_name_timeclock} ON {$table_name_timeentry}.clockId = {$table_name_timeclock}.clockId\r\n\t\t\t\tLEFT JOIN {$table_name_employees} ON {$table_name_timeentry}.user_id = {$table_name_employees}.user_id\r\n\t\t\tWHERE\r\n\t\t\t\t{$table_name_timeentry}.entryId = {$entryId}", ARRAY_A);
if ($row['entryType'] == '1') {
$entryType = $entryType1;
} else {
if ($row['entryType'] == '2') {
$entryType = $entryType2;
$texttoalert = $texttoalert . 'At line ' . $line . ' Change MAC Address between 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF\\n';
}
if (preg_match("/^[a-zA-Z0-9]+\$/", $objArr[1]) == 0) {
$statusQuery6 = FALSE;
$texttoalert = $texttoalert . 'At line ' . $line . ' Name can have only A-Z a-z 0-9\\n';
}
if ($ip_cur_long < $ip_start_long or $ip_cur_long > $ip_end_long) {
$statusQuery7 = FALSE;
$texttoalert = $texttoalert . 'At line ' . $line . ' IP Address in Class ' . $class . ' is between ' . $ip_start . '-' . $ip_end . '\\n';
}
if (empty($ip_cur_long)) {
$statusQuery8 = FALSE;
$texttoalert = $texttoalert . 'At line ' . $line . ' Check IP Address\\n';
}
if ($statusQuery && $statusQuery2 && $statusQuery3 && $statusQuery4 && $statusQuery5 && $statusQuery6 && $statusQuery7 && $statusQuery8) {
$strSQL = "INSERT INTO `dhcp`.`class1` (hw,name,ip,expire) VALUES ('{$objArr['0']}','{$objArr['1']}','{$objArr['2']}','{$objArr['3']}')";
$objQuery = mysql_query($strSQL);
if (!$objQuery) {
$texttoalert = die(mysql_error());
alertBox($texttoalert);
}
} else {
alertBox($texttoalert);
}
}
shell_exec("/var/www/html/oak2/manage_dhcp.rb");
shell_exec('/var/www/html/oak2/restart_service_dhcp.sh');
mysql_close($con);
fclose($objCSV);
backalertBox();
}
if (isset($_POST['expense'])) {
$ExpenseId = $row['BillsId'];
$iuser = $_SESSION['UserId'];
$iname = $mysqli->real_escape_string($_POST["iname"]);
$icategory = $mysqli->real_escape_string($_POST["icategory"]);
$iaccount = $mysqli->real_escape_string($_POST["iaccount"]);
$idescription = $mysqli->real_escape_string($_POST["idescription"]);
$idate = $mysqli->real_escape_string($_POST["idate"]);
$iamount = $mysqli->real_escape_string(clean($_POST["iamount"]));
$sql = "UPDATE bills SET Title = ?, Dates = ?, CategoryId = ?, AccountId = ?, Amount = ?, Description = ? WHERE BillsId = {$ExpenseId}";
if ($statement = $mysqli->prepare($sql)) {
//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)
$statement->bind_param('ssiiss', $iname, $idate, $icategory, $iaccount, $iamount, $idescription);
$statement->execute();
}
$msgBox = alertBox($UpdateMsgExpense);
}
// Get new data after update
$EditExpense = "SELECT a.BillsId, a.Title, a.Dates, a.Amount, a.Description, c.CategoryName, c.CategoryId, ac.AccountId, ac.AccountName from bills a, category c, account ac where a.CategoryId = c.CategoryId \n\t\t\t\t\tAND a.AccountId = ac.AccountId AND c.Level = 2 AND a.UserId = {$UserId} AND a.BillsId = {$ExpenseId}";
if ($ExpenseEdit = mysqli_query($mysqli, $EditExpense)) {
$row = mysqli_fetch_assoc($ExpenseEdit);
}
?>
<!-- Page Content -->
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header"><?php
echo $ManageExpense;
}
if ($_POST['entryUrl'] != '') {
$entryUrl = encodeIt($_POST['entryUrl']);
} else {
$entryUrl = null;
}
$password1 = encodeIt($_POST['password1']);
$stmt = $mysqli->prepare("\r\n\t\t\t\t\t\t\t\tINSERT INTO\r\n\t\t\t\t\t\t\t\t\tentries(\r\n\t\t\t\t\t\t\t\t\t\tcatId,\r\n\t\t\t\t\t\t\t\t\t\tuserId,\r\n\t\t\t\t\t\t\t\t\t\tentryTitle,\r\n\t\t\t\t\t\t\t\t\t\tentryDesc,\r\n\t\t\t\t\t\t\t\t\t\tentryUsername,\r\n\t\t\t\t\t\t\t\t\t\tentryPass,\r\n\t\t\t\t\t\t\t\t\t\tentryUrl,\r\n\t\t\t\t\t\t\t\t\t\tentryNotes,\r\n\t\t\t\t\t\t\t\t\t\tentryDate,\r\n\t\t\t\t\t\t\t\t\t\tipAddress\r\n\t\t\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?\r\n\t\t\t\t\t\t\t\t\t)\r\n\t\t\t");
$stmt->bind_param('ssssssssss', $catId, $pw_userId, $entryTitle, $entryDesc, $entryUsername, $password1, $entryUrl, $entryNotes, $todayDt, $actIp);
$stmt->execute();
$stmt->close();
// Add Recent Activity
$activityType = '8';
$activityTitle = $newEntryNavLink . ' "' . $entTitle . ' ' . $createdText;
updateActivity($pw_userId, $activityType, $activityTitle);
$msgBox = alertBox($theNewEntryText . " \"" . $entTitle . "\" " . $newcatMsg2, "<i class='fa fa-check-square'></i>", "success");
// Clear the Form of values
$_POST['entryTitle'] = $_POST['entryDesc'] = $_POST['entryNotes'] = $_POST['entryUsername'] = $_POST['entryUrl'] = '';
}
}
}
}
}
}
$pageTitle = $newEntryNavLink;
$jsFile = 'newEntry';
include 'includes/header.php';
?>
<h3 class="mb-20"><?php
echo $addAText;
?>
$msgBox = alertBox($updUsrLastReq, "<i class='fa fa-times-circle'></i>", "danger");
} else {
$userEmail = htmlspecialchars($_POST['userEmail']);
$firstName = htmlspecialchars($_POST['firstName']);
$lastName = htmlspecialchars($_POST['lastName']);
$receiveEmails = htmlspecialchars($_POST['recEmails']);
$isActive = htmlspecialchars($_POST['isActive']);
$stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\t\tusers\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tuserEmail = ?,\n\t\t\t\t\t\t\t\t\t\tfirstName = ?,\n\t\t\t\t\t\t\t\t\t\tlastName = ?,\n\t\t\t\t\t\t\t\t\t\trecEmails = ?,\n\t\t\t\t\t\t\t\t\t\tisActive = ?,\n\t\t\t\t\t\t\t\t\t\tlastUpdated = ?\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\tuserId = ?");
$stmt->bind_param('sssssss', $userEmail, $firstName, $lastName, $receiveEmails, $isActive, $todayDt, $userId);
$stmt->execute();
$stmt->close();
// Add Recent Activity
$activityType = '12';
$activityTitle = $updUsrAccAct . ' ' . $firstName . ' ' . $lastName;
updateActivity($pw_userId, $activityType, $activityTitle);
$msgBox = alertBox($updUsrAccMsg . " " . $firstName . " " . $lastName . " " . $theCatUpdMsg2, "<i class='fa fa-check-square'></i>", "success");
}
}
}
}
// Get Data
$qry = "SELECT\n\t\t\t\tusers.*,\n\t\t\t\t(SELECT COUNT(*) FROM categories WHERE categories.userId = users.userId) AS totalCats,\n\t\t\t\t(SELECT COUNT(*) FROM entries WHERE entries.userId = users.userId) AS totalEntries\n\t\t\tFROM\n\t\t\t\tusers\n\t\t\tWHERE users.userId = " . $userId;
$res = mysqli_query($mysqli, $qry) or die('-1' . mysqli_error());
$row = mysqli_fetch_assoc($res);
if (!empty($row['firstName']) && $row['firstName'] != '') {
$firstName = clean($row['firstName']);
} else {
$firstName = '';
}
if (!empty($row['lastName']) && $row['lastName'] != '') {
$lastName = clean($row['lastName']);
$stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\ttasks(\n\t\t\t\t\t\t\t\t\t\tprojectId,\n\t\t\t\t\t\t\t\t\t\tadminId,\n\t\t\t\t\t\t\t\t\t\ttaskTitle,\n\t\t\t\t\t\t\t\t\t\ttaskDesc,\n\t\t\t\t\t\t\t\t\t\ttaskPriority,\n\t\t\t\t\t\t\t\t\t\ttaskStatus,\n\t\t\t\t\t\t\t\t\t\ttaskStart,\n\t\t\t\t\t\t\t\t\t\ttaskDue\n\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t)\n\t\t\t");
$stmt->bind_param('ssssssss', $projectId, $adminId, $taskTitle, $taskDesc, $taskPriority, $taskStatus, $taskStart, $taskDue);
$stmt->execute();
$stmt->close();
if (isset($_POST['addCal']) && $_POST['addCal'] == '1') {
$startDate = $endDate = $taskDue . ' 00:00:00';
$eventTitle = 'Task: ' . $taskTitle;
$eventDesc = $mysqli->real_escape_string($_POST['taskDesc']);
$eventColor = '#91c04a';
$stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tadminevents(\n\t\t\t\t\t\t\t\t\t\t\tadminId,\n\t\t\t\t\t\t\t\t\t\t\tstartDate,\n\t\t\t\t\t\t\t\t\t\t\tendDate,\n\t\t\t\t\t\t\t\t\t\t\teventTitle,\n\t\t\t\t\t\t\t\t\t\t\teventDesc,\n\t\t\t\t\t\t\t\t\t\t\teventColor\n\t\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t");
$stmt->bind_param('ssssss', $adminId, $startDate, $endDate, $eventTitle, $eventDesc, $eventColor);
$stmt->execute();
$stmt->close();
$msgBox = alertBox($newTaskAddedCalMsg, "<i class='fa fa-check-square'></i>", "success");
} else {
$msgBox = alertBox($newTaskAddedMsg, "<i class='fa fa-check-square'></i>", "success");
}
// Clear the Form of values
$_POST['taskTitle'] = $_POST['taskDesc'] = $_POST['taskPriority'] = $_POST['taskStatus'] = $_POST['taskDue'] = '';
}
}
}
}
}
}
// Include Pagination Class
include 'includes/pagination.php';
// Create new object & pass in the number of pages and an identifier
$pages = new paginator($pagPages, 'p');
// Get the number of total records
$rows = $mysqli->query("SELECT * FROM tasks WHERE adminId = " . $adminId . " AND isClosed != 0");
}
}
// Delete Discussion
if (isset($_POST['submit']) && $_POST['submit'] == 'deletedisc') {
$deleteId = $mysqli->real_escape_string($_POST['deleteId']);
// Delete the Discussion Topic
$stmt = $mysqli->prepare("DELETE FROM projectdiscus WHERE discussionId = ?");
$stmt->bind_param('s', $_POST['deleteId']);
$stmt->execute();
$stmt->close();
// Delete all of the comments associated with the Discussion Topic
$stmt = $mysqli->prepare("DELETE FROM replies WHERE discussionId = ?");
$stmt->bind_param('s', $_POST['deleteId']);
$stmt->execute();
$stmt->close();
$msgBox = alertBox($discThreadDeletedMsg, "<i class='fa fa-check-square'></i>", "success");
}
// Include Pagination Class
include 'includes/getpagination.php';
$pages = new paginator($pagPages, 'p');
// Get the number of total records
$rows = $mysqli->query("SELECT * FROM projectdiscus WHERE projectId = " . $projectId);
$total = mysqli_num_rows($rows);
// Pass the number of total records
$pages->set_total($total);
// Get Project Discussions
$sql = "SELECT\n\t\t\t\tprojectdiscus.discussionId,\n\t\t\t\tprojectdiscus.projectId,\n\t\t\t\tprojectdiscus.adminId,\n\t\t\t\tprojectdiscus.clientId,\n\t\t\t\tprojectdiscus.discussionTitle,\n\t\t\t\tprojectdiscus.discussionText,\n\t\t\t\tDATE_FORMAT(projectdiscus.discussionDate,'%W, %M %e, %Y') AS discussionDate,\n\t\t\t\tUNIX_TIMESTAMP(projectdiscus.discussionDate) AS orderDate,\n\t\t\t\tDATE_FORMAT(projectdiscus.lastUpdated,'%W, %M %e, %Y') AS lastUpdated,\n\t\t\t\tCONCAT(clients.clientFirstName,' ',clients.clientLastName) AS theClient,\n\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\tFROM\n\t\t\t\tprojectdiscus\n\t\t\t\tLEFT JOIN clients ON projectdiscus.clientId = clients.clientId\n\t\t\t\tLEFT JOIN admins ON projectdiscus.adminId = admins.adminId\n\t\t\tWHERE\n\t\t\t\tprojectdiscus.projectId = " . $projectId . "\n\t\t\tORDER BY orderDate " . $pages->get_limit();
$res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error());
// Only allow access to the Assigned Manager or Admins
$qry = "SELECT\n\t\t\t\tassignedprojects.assignedTo,\n\t\t\t\tclientprojects.projectName\n\t\t\tFROM\n\t\t\t\tassignedprojects\n\t\t\t\tLEFT JOIN clientprojects ON assignedprojects.projectId = clientprojects.projectId\n\t\t\tWHERE assignedprojects.projectId = " . $projectId;
$result = mysqli_query($mysqli, $qry) or die('-2' . mysqli_error());
$LastName = $mysqli->real_escape_string($_POST['lastname']);
$Currency = $mysqli->real_escape_string($_POST['currency']);
//Check if already register
$sql = "Select Email from user Where Email = '{$Email}'";
$c = mysqli_query($mysqli, $sql);
if (mysqli_num_rows($c) >= 1) {
$msgBox = alertBox($AlreadyRegister);
} else {
// add new account
$sql = "INSERT INTO user (FirstName, LastName, Email, Password, Currency) VALUES (?,?,?,?,?)";
if ($statement = $mysqli->prepare($sql)) {
//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)
$statement->bind_param('sssss', $FirstName, $LastName, $Email, $Password, $Currency);
$statement->execute();
}
$msgBox = alertBox($SuccessAccount);
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<?php
$validReport = '';
// Server Side validation
if ($_POST['invFromDate'] == "") {
$msgBox = alertBox($reportError2, "<i class='fa fa-warning'></i>", "warning");
$validReport = 'false';
} else {
if ($_POST['invToDate'] == "") {
$msgBox = alertBox($reportError3, "<i class='fa fa-warning'></i>", "warning");
$validReport = 'false';
} else {
// Report Options
if (!empty($_POST['invFromDate'])) {
$invFromDate = $mysqli->real_escape_string($_POST['invFromDate']);
$fdate = date('F d, Y', strtotime($invFromDate));
}
if (!empty($_POST['invToDate'])) {
$invToDate = $mysqli->real_escape_string($_POST['invToDate']);
$tdate = date('F d, Y', strtotime($invToDate));
}
$sql = "SELECT\n\t\t\t\t\tinvoices.invoiceId,\n\t\t\t\t\tinvoices.projectId,\n\t\t\t\t\tinvoices.adminId,\n\t\t\t\t\tinvoices.clientId,\n\t\t\t\t\tinvoices.invoiceTitle,\n\t\t\t\t\tDATE_FORMAT(invoices.invoiceDate,'%M %d, %Y') AS invoiceDate,\n\t\t\t\t\tUNIX_TIMESTAMP(invoices.invoiceDue) AS orderDate,\n\t\t\t\t\tinvoices.isPaid,\n\t\t\t\t\tDATE_FORMAT(invoices.lastUpdated,'%M %d, %Y') AS lastUpdated,\n\t\t\t\t\tclientprojects.projectName,\n\t\t\t\t\tCONCAT(clients.clientFirstName,' ',clients.clientLastName) AS theClient,\n\t\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\t\tFROM\n\t\t\t\t\tinvoices\n\t\t\t\t\tLEFT JOIN clientprojects ON invoices.projectId = clientprojects.projectId\n\t\t\t\t\tLEFT JOIN clients ON invoices.clientId = clients.clientId\n\t\t\t\t\tLEFT JOIN admins ON invoices.adminId = admins.adminId\n\t\t\t\tWHERE\n\t\t\t\t\tinvoices.isPaid = 1 AND\n\t\t\t\t\tinvoices.invoiceDate >= '" . $invFromDate . "' AND invoices.invoiceDate <= '" . $invToDate . "'\n\t\t\t\tORDER BY orderDate";
$res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error());
$totalRecs = mysqli_num_rows($res);
}
}
include 'includes/navigation.php';
?>
<div class="content last">
<h4><?php
echo $pageName;
<?php
$validReport = '';
// Server Side validation
if ($_POST['task'] == "...") {
$msgBox = alertBox($reportError4, "<i class='fa fa-warning'></i>", "default");
$validReport = 'false';
} else {
// Report Options
$projectId = $mysqli->real_escape_string($_POST['task']);
$projectName = $mysqli->real_escape_string($_POST['taskFullName']);
// Get Data
$query = "SELECT\n\t\t\t\t\ttasks.taskId,\n\t\t\t\t\ttasks.projectId,\n\t\t\t\t\ttasks.adminId,\n\t\t\t\t\ttasks.taskTitle,\n\t\t\t\t\ttasks.taskPriority,\n\t\t\t\t\ttasks.taskStatus,\n\t\t\t\t\tDATE_FORMAT(tasks.taskDue,'%M %d, %Y') AS taskDue,\n\t\t\t\t\tUNIX_TIMESTAMP(tasks.taskDue) AS orderDate,\n\t\t\t\t\ttasks.isClosed,\n\t\t\t\t\tDATE_FORMAT(tasks.dateClosed,'%M %d, %Y') AS dateClosed,\n\t\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\t\tFROM\n\t\t\t\t\ttasks\n\t\t\t\t\tLEFT JOIN admins ON tasks.adminId = admins.adminId\n\t\t\t\tWHERE\n\t\t\t\t\ttasks.projectId = " . $projectId . "\n\t\t\t\tORDER BY tasks.isClosed, orderDate";
$res = mysqli_query($mysqli, $query) or die('-1' . mysqli_error());
$totalRecs = mysqli_num_rows($res);
}
include 'includes/navigation.php';
?>
<div class="content last">
<h4><?php
echo $pageName;
?>
</h4>
<?php
if ($validReport == '') {
?>
<p>
<span class="label label-default preview-label">
<?php
echo $projectText;
?>