function verify($username, $password)
{
$querystatement = "\n\t\t\tSELECT\n\t\t\t\tid,\n\t\t\t\tuuid,\n\t\t\t\tfirstname,\n\t\t\t\tlastname,\n\t\t\t\temail,\n\t\t\t\tphone,\n\t\t\t\tdepartment,\n\t\t\t\temployeenumber,\n\t\t\t\tadmin,\n\t\t\t\tmailer,\n\t\t\t\tsendmail,\n\t\t\t\tsmtpauth,\n\t\t\t\tsmtpsecure,\n\t\t\t\tsmtpport,\n\t\t\t\tsmtpuser,\n\t\t\t\tsmtppass,\n\t\t\t\tsmtphost\n\t\t\tFROM\n\t\t\t\tusers\n\t\t\tWHERE\n\t\t\t\tlogin = '******'\n\t\t\t\tAND password = ENCODE('" . mysql_real_escape_string($password) . "','" . mysql_real_escape_string(ENCRYPTION_SEED) . "')\n\t\t\t\tAND revoked = 0\n\t\t\t\tAND portalaccess = 0";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult)) {
//We found a record that matches in the database
// populate the session and go in
$_SESSION["userinfo"] = $this->db->fetchArray($queryresult);
// Next get the users roles, and populate the session with them
$_SESSION["userinfo"]["roles"] = array();
$querystatement = "\n\t\t\t\tSELECT\n\t\t\t\t\troleid\n\t\t\t\tFROM\n\t\t\t\t\trolestousers\n\t\t\t\tWHERE userid = '" . $_SESSION["userinfo"]["uuid"] . "'";
$rolesqueryresult = $this->db->query($querystatement);
while ($rolerecord = $this->db->fetchArray($rolesqueryresult)) {
$_SESSION["userinfo"]["roles"][] = $rolerecord["roleid"];
}
//Retrieve and Setup User Preferences
$_SESSION["userinfo"]["prefs"] = array();
$querystatement = "\n\t\t\t\tSELECT\n\t\t\t\t\t`name`,\n\t\t\t\t\t`value`\n\t\t\t\tFROM\n\t\t\t\t\t`userpreferences`\n\t\t\t\tWHERE\n\t\t\t\t\t`userid` = " . $_SESSION["userinfo"]["id"];
$queryresult = $this->db->query($querystatement);
while ($prefsrecord = $this->db->fetchArray($queryresult)) {
$_SESSION["userinfo"]["prefs"][$prefsrecord["name"]] = $prefsrecord["value"];
}
//update lastlogin
$ip = $_SERVER["REMOTE_ADDR"];
$updatestatement = "\n\t\t\t\tUPDATE\n\t\t\t\t\tusers\n\t\t\t\tSET\n\t\t\t\t\tmodifieddate = modifieddate,\n\t\t\t\t\tlastlogin = Now(),\n\t\t\t\t\t`lastip` = '" . $ip . "'\n\t\t\t\tWHERE\n\t\t\t\t\tid = " . $_SESSION["userinfo"]["id"];
$this->db->query($updatestatement);
$_SESSION["tableparams"] = array();
goURL(DEFAULT_LOAD_PAGE);
} else {
//log login attempt
$log = new phpbmsLog("Login attempt failed for user '" . $username . "'", "SECURITY");
return "Login Failed";
}
//endif numrows
}
function getTableDef($id)
{
$querystatement = "\n\t\t\t\tSELECT\n\t\t\t\t\ttabledefs.id,\n\t\t\t\t\ttabledefs.uuid,\n\t\t\t\t\tmaintable,\n\t\t\t\t\tquerytable,\n\t\t\t\t\ttabledefs.displayname,\n\t\t\t\t\taddfile,\n\t\t\t\t\teditfile,\n\t\t\t\t\timportfile,\n\t\t\t\t\tdeletebutton,\n\t\t\t\t\ttype,\n\t\t\t\t\tdefaultwhereclause,\n\t\t\t\t\tdefaultsortorder,\n\t\t\t\t\tdefaultsearchtype,\n\t\t\t\t\tdefaultcriteriafindoptions,\n\t\t\t\t\tdefaultcriteriaselection,\n\t\t\t\t\tmodules.name,\n\t\t\t\t\tsearchroleid,\n\t\t\t\t\tadvsearchroleid,\n\t\t\t\t\tviewsqlroleid,\n editroleid,\n addroleid\n\t\t\t\tFROM\n\t\t\t\t\ttabledefs INNER JOIN modules on tabledefs.moduleid = modules.uuid\n\t\t\t\tWHERE\n\t\t\t\t\ttabledefs.uuid= '" . $id . "'";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult) < 1) {
$error = new appError(1, "table definition not found: " . $id);
}
$therecord = $this->db->fetchArray($queryresult);
if (!hasRights($therecord["searchroleid"])) {
goURL(APP_PATH . "noaccess.php");
}
return $therecord;
}
function processImportPage()
{
$this->table->getTableInfo();
if (isset($_POST["pageType"])) {
$this->pageType = $_POST["pageType"];
}
if (isset($_POST["tempFileID"])) {
$this->tempFileID = (int) $_POST["tempFileID"];
}
if (!isset($_POST["command"])) {
//happens upon first coming to page
//remove any other temporary csv files in the `files` table
//present from previous imports
$this->_removeTempCSV();
//check to see if user has the rights to be here.
//If not, kick him to the no access page.
if (!hasRights($this->table->importroleid)) {
goURL(APP_PATH . "noaccess.php");
}
} else {
//form has been submitted
switch ($_POST["command"]) {
//cancel button pressed.
case "cancel":
//Cancel button needs to do different things depending upon which page
//its at.
if ($this->pageType == "main") {
goURL($this->table->backurl);
} else {
$this->_removeTempCSV($this->tempFileID);
$therecord["phpbmsStatus"] = "Record(s) Not Imported";
$this->pageType = "main";
}
//end if
break;
case "upload":
//check for valid file upload
if (!$_FILES["import"]["error"] && $_FILES["import"]["size"] > 0) {
//check and parse the file
if ($this->_parseFromData($_FILES["import"]["tmp_name"])) {
//start transaction
$this->table->db->startTransaction();
$this->importRecords($this->parser->data, $this->parser->titles);
//get data for preview purposes
$this->_getTransactionData();
//"undo" any inserts
$this->table->db->rollbackTransaction();
//DO NOT CALL IN TRANSACTION
//ALTER TABLES AUTO COMMIT AND THE FILE NEEDS TO CARRY
//OVER.
$this->_revertAutoIncrement($this->revertID);
$this->_storeTempCSV($_FILES["import"]["tmp_name"]);
}
//end if
} else {
$this->docError .= "failed file upload";
}
//switch page types
$this->pageType = "confirm";
if (!$this->error && !$this->docError) {
$therecord["phpbmsStatus"] = "Confirm Import";
} elseif ($this->docError) {
$therecord["phpbmsStatus"] = "Import Error: " . $this->docError;
$this->pageType = "main";
} else {
$therecord["phpbmsStatus"] = "Import Error";
}
break;
case "import":
//get the contents of the stored csv document
$CSVcontents = $this->_getTempCSV($this->tempFileID);
//parser uses newline character to be able to parse the last line
if (substr($CSVcontents, -1, 1) != "\n") {
$CSVcontents .= "\n";
}
$this->parser->parse($CSVcontents);
$this->importRecords($this->parser->data, $this->parser->titles);
$this->table->db->commitTransaction();
//DO NOT CALL IN TRANSACTION
//get rid of temporary csv document
$this->_removeTempCSV($this->tempFileID);
$therecord["phpbmsStatus"] = "Record(s) Imported";
//change page type
$this->pageType = "main";
break;
}
//end command switch
}
// end if
//display the title
$therecord["title"] = $this->table->displayname . " Import";
return $therecord;
}
function massEmail()
{
if (DEMO_ENABLED != "true") {
$_SESSION["emailids"] = $this->idsArray;
goURL("modules/mailchimp/manual_list_sync.php");
} else {
return "mass e-mail feature disabled in demo";
}
}
function donePrinting($backurl)
{
if (!$backurl) {
goURL("search.php?id=" . $this->tableid);
} else {
goURL($backurl);
}
}
if (!isset($_POST["fromdate"])) {
$_POST["fromdate"] = dateToString(strtotime("-1 year"));
}
if (!isset($_POST["todate"])) {
$_POST["todate"] = dateToString(mktime());
}
if (!isset($_POST["status"])) {
$_POST["status"] = "Orders and Invoices";
}
if (!isset($_POST["command"])) {
$_POST["command"] = "show";
}
if ($_POST["command"] == "print") {
$_SESSION["printing"]["whereclause"] = "clients.id=" . $_GET["id"];
$_SESSION["printing"]["dataprint"] = "Single Record";
goURL("report/clients_purchasehistory.php?rid=" . urlencode("rpt:1908b03c-cacc-f03a-6d22-21fdef123f65") . "&tid=" . urlencode("tbld:6d290174-8b73-e199-fe6c-bcf3d4b61083") . "&status=" . urlencode($_POST["status"]) . "&fromdate=" . urlencode($_POST["fromdate"]) . "&todate=" . urlencode($_POST["todate"]));
} else {
$pageTitle = "Client Purchase History: ";
if ($clientrecord["company"] == "") {
$pageTitle .= $clientrecord["firstname"] . " " . $clientrecord["lastname"];
} else {
$pageTitle .= $clientrecord["company"];
}
$thestatus = "(invoices.type =\"";
switch ($_POST["status"]) {
case "Orders and Invoices":
$thestatus .= "Order\" or invoices.type=\"Invoice\")";
break;
case "Invoices":
$thestatus .= "Invoice\")";
break;
<input type="submit" name="go" value="Đến"/>
</td>
<td id="next">' . $url['next'] . '</td>
</tr>
</table>
</form>
</div>
<div class="tips">
<img src="icon/tips.png"/>
<span>Ấn tiếp tục để lưu lại ở lại trang và ấn lưu để lưu lại và quay về danh sách dòng</span>
</div>
<div class="title">Chức năng</div>
<ul class="list">
<li><img src="icon/delete.png"/> <a href="delete_line.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '&line=' . $line . $page['paramater_1'] . '">Xóa dòng</a></li>
<li><img src="icon/edit_text_line.png"/> <a href="edit_text_line.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . $page['paramater_1'] . '#line_number_' . $line . '">Sửa theo dòng</a></li>
<li><img src="icon/edit.png"/> <a href="edit_text.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Sửa văn bản</a></li>
<li><img src="icon/download.png"/> <a href="file_download.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Tải về</a></li>
<li><img src="icon/info.png"/> <a href="file.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Thông tin</a></li>
<li><img src="icon/rename.png"/> <a href="file_rename.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Đổi tên</a></li>
<li><img src="icon/copy.png"/> <a href="file_copy.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Sao chép</a></li>
<li><img src="icon/move.png"/> <a href="file_move.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Di chuyển</a></li>
<li><img src="icon/delete.png"/> <a href="file_delete.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Xóa</a></li>
<li><img src="icon/access.png"/> <a href="file_chmod.php?dir=' . $dirEncode . '&name=' . $name . $pages['paramater_1'] . '">Chmod</a></li>
<li><img src="icon/list.png"/> <a href="index.php?dir=' . $dirEncode . $pages['paramater_1'] . '">Danh sách</a></li>
</ul>';
}
}
} else {
goURL('login.php');
}
include_once 'footer.php';
<?php
if (!$GO_MODULES->write_permissions) {
goURL('index.php');
}
?>
<form name="frmProduct" method="post" enctype="multipart/form-data">
<input name="id" type="hidden" value="<?php
echo $_POST['id'];
?>
">
<input name="task" type="hidden">
<input name="close_win" type="hidden">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="1%" nowrap>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="1%" align="right" nowrap><?php
echo $sc_product_name;
?>
: </td>
<td><input type="text" class="textbox" name="product" value="<?php
echo $name;
?>
"></td>
</tr>
<tr>
<td width="1%" align="right" nowrap><?php
echo $sc_part_number;
| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
+-------------------------------------------------------------------------+
*/
require_once "../../include/session.php";
require_once "include/fields.php";
foreach ($phpbms->modules as $module => $moduleinfo) {
if ($module != "base" && file_exists("../" . $module . "/adminsettings.php")) {
include "modules/" . $module . "/adminsettings.php";
}
}
require_once "modules/base/include/adminsettings_include.php";
$settings = new settings($db);
if (!hasRights("Admin")) {
goURL(APP_PATH . "noaccess.php");
}
if (isset($_POST["command"])) {
$statusmessage = $settings->processForm($_POST);
}
$therecord = $settings->getSettings();
$pageTitle = "Configuration";
$phpbms->cssIncludes[] = "pages/base/adminsettings.css";
$phpbms->jsIncludes[] = "modules/base/javascript/adminsettings.js";
foreach ($phpbms->modules as $module => $moduleinfo) {
if ($module != "base" && file_exists("../" . $module . "/javascript/adminsettings.js")) {
$phpbms->jsIncludes[] = "modules/" . $module . "/javascript/adminsettings.js";
}
}
//Form Elements
//==============================================================
function run_aging()
{
goURL("modules/bms/aritems_aging.php");
}
//convert any checked records to an array of ids
foreach ($HTTP_POST_VARS as $key => $value) {
if (substr($key, 0, 5) == "check") {
$theids[] = $value;
}
}
//Search Options Command Process
//=====================================================================================================
switch ($command) {
case "new":
// relocate to new screen
//=====================================================================================================
$theurl = getAddEditFile($db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1") . "?reftable=" . $reftable . "&refid=" . $_GET["refid"] . "&backurl=" . $backurl;
goURL($theurl);
break;
case "delete":
//a bit more complicated so we'll put it in it's own function?
//=====================================================================================================
include_once "modules/base/include/notes.php";
$searchFunctions = new notesSearchFunctions($db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1", $theids);
$statusmessage = $searchFunctions->delete_record();
break;
case "edit/view":
// relocate to edit screen
//=====================================================================================================
goURL(getAddEditFile($db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1") . "?id=" . $theids[0] . "&refid=" . $_GET["refid"] . "&backurl=" . $backurl);
break;
}
//end switch
}
//end if
if (!isset($_POST["todate"])) {
$_POST["todate"] = dateToString(mktime());
}
if (!isset($_POST["status"])) {
$_POST["status"] = "Orders and Invoices";
}
if (!isset($_POST["command"])) {
$_POST["command"] = "show";
}
if (!isset($_POST["date_order"])) {
$_POST["date_order"] = "DESC";
}
if ($_POST["command"] == "print") {
$_SESSION["printing"]["whereclause"] = "products.id=" . $_GET["id"];
$_SESSION["printing"]["dataprint"] = "Single Record";
goURL("report/products_saleshistory.php?rid=" . urlencode("rpt:a278af28-9c34-da2e-d81b-4caa36dfa29f") . "&tid=" . urlencode("tbld:7a9e87ed-d165-c4a4-d9b9-0a4adc3c5a34") . "&status=" . urlencode($_POST["status"]) . "&fromdate=" . urlencode($_POST["fromdate"]) . "&todate=" . urlencode($_POST["todate"]));
} else {
$thestatus = "(invoices.type =\"";
switch ($_POST["status"]) {
case "Orders and Invoices":
$thestatus .= "Order\" or invoices.type=\"Invoice\")";
$searchdate = "orderdate";
break;
case "Invoices":
$thestatus .= "Invoice\")";
$searchdate = "invoicedate";
break;
case "Orders":
$thestatus .= "Order\")";
$searchdate = "orderdate";
break;
$phpbmsSession->loadDBSettings(APP_DEBUG);
if (!APP_DEBUG) {
$phpbmsSession->checkForInstallDirs();
}
//start database
include_once "include/db.php";
$db = new db();
$phpbmsSession->db = $db;
//load application settings from table
$phpbmsSession->loadSettings($sqlEncoding);
include_once "common_functions.php";
$phpbms = new phpbms($db);
if (!isset($noSession)) {
$phpbmsSession->startSession();
}
if (!isset($_SESSION["userinfo"]) && $scriptname != "index.php") {
if (isset($loginNoKick)) {
if (!isset($loginNoDisplayError)) {
exit;
}
} else {
goURL(APP_PATH . "index.php");
}
//endif
}
//endif iseet userinfo
}
//endif
$db->stopOnError = true;
}
//end if
</p>
<p align="right">
<input name="command" type="submit" class="Buttons" id="done" value="done"/>
</p>
</div>
</form>
<?php
include "footer.php";
}
}
//end class clientConsolidator
/**
* PROCESSING ==================================================================
*/
if (!isset($noOutput)) {
require_once "../../include/session.php";
$consolidator = new clientConsolidator($db);
$_POST = addSlashesToArray($_POST);
if (!isset($_POST["command"])) {
$error = new appError(200, "passed parameters are not set");
}
if ($_POST["command"] === "cancel" || $_POST["command"] === "done") {
goURL("../../search.php?id=tbld:6d290174-8b73-e199-fe6c-bcf3d4b61083");
}
if (!isset($_POST["consolidateTo"]) || !isset($_POST["uuidsArray"])) {
$error = new appError(200, "passed parameters are not set");
}
$consolidator->consolidate($_POST["consolidateTo"], $_POST["uuidsArray"]);
}
//endif
}
$db->query("DELETE FROM ab_config WHERE page = '{$page}' AND user_id = '{$user}'");
if (!empty($order_all)) {
$db->query("INSERT INTO ab_config VALUES('{$page}', '{$user}', '{$com}', '{$order_all}')");
}
case 'return_to':
require_once $GO_CONFIG->root_path . 'lib/tkdlib.php';
switch ($page) {
case $constContactsPage:
goURL("index.php?post_action=browse&addressbook_id=" . $_REQUEST['addressbook_id']);
break;
case $constCompaniesPage:
goURL("index.php?post_action=companies&addressbook_id=" . $_REQUEST['addressbook_id'] . "&first=" . $_REQUEST['first'] . "&max_rows=" . $_REQUEST['max_rows'] . "&treeview=" . $_REQUEST['treeview']);
break;
case $constMembersPage:
goURL("index.php?post_action=members&addressbook_id=" . $_REQUEST['addressbook_id']);
break;
}
}
$db->query("SELECT order_fields, order_all FROM ab_config WHERE page = '{$page}' AND user_id = '{$user}'");
if ($db->next_record()) {
$com = explode(",", $db->f('order_fields'));
$s = $db->f('order_all');
if (!empty($s)) {
$order_all = explode(",", $db->f('order_all'));
}
}
if ($db->num_rows() == 0) {
switch ($page) {
case $constContactsPage:
$com[] = "email";
$script = function_exists('getenv') ? getenv('SCRIPT_NAME') : $_SERVER['SCRIPT_NAME'];
$script = strpos($script, '/') !== false ? dirname($script) : null;
$script = str_replace('\\', '/', $script);
define('IS_INSTALL_ROOT_DIRECTORY', $script == '.' || $script == '/');
define('IS_ACCESS_FILE_IN_FILE_MANAGER', defined('INDEX') && isset($_GET['not']));
define('DIRECTORY_FILE_MANAGER', strpos($script, '/') !== false ? @substr($script, strrpos($script, '/') + 1) : null);
define('PATH_FILE_MANAGER', str_replace('\\', '/', strtolower($_SERVER['DOCUMENT_ROOT'] . $script)));
define('NAME_DIRECTORY_INSTALL_FILE_MANAGER', !IS_INSTALL_ROOT_DIRECTORY ? preg_replace('#(\\/+|/\\+)(.+?)#s', '$2', $script) : null);
define('PARENT_PATH_FILE_MANAGER', substr(PATH_FILE_MANAGER, 0, strlen(PATH_FILE_MANAGER) - (NAME_DIRECTORY_INSTALL_FILE_MANAGER == null ? 0 : strlen(NAME_DIRECTORY_INSTALL_FILE_MANAGER) + 1)));
if (IS_INSTALL_ROOT_DIRECTORY || IS_ACCESS_FILE_IN_FILE_MANAGER || $script != '.' && $script != '/' && isPathNotPermission(processDirectory($dir)) || $script != '.' && $script != '/' && $name != null && isPathNotPermission(processDirectory($dir . '/' . $name))) {
define('NOT_PERMISSION', true);
} else {
define('NOT_PERMISSION', false);
}
if (!defined('INDEX') && !defined('LOGIN') && NOT_PERMISSION) {
goURL('index.php?not');
}
if (NOT_PERMISSION) {
$dir = null;
$dirEncode = null;
}
if ($dir != null) {
define('IS_ACCESS_PARENT_PATH_FILE_MANAGER', strtolower(processDirectory($dir)) == strtolower(processDirectory(PARENT_PATH_FILE_MANAGER)));
} else {
define('IS_ACCESS_PARENT_PATH_FILE_MANAGER', strtolower(processDirectory(PARENT_PATH_FILE_MANAGER)) == strtolower(processDirectory($_SERVER['DOCUMENT_ROOT'])));
}
function isPathNotPermission($path, $isUseName = false)
{
if ($path != null && empty($path) == false) {
$reg = $isUseName ? NAME_DIRECTORY_INSTALL_FILE_MANAGER : PATH_FILE_MANAGER;
$reg = $reg != null ? strtolower($reg) : null;
/**
* function checkRight
*
* Checks report record and current user to make sure they have rights to run this report
*/
function checkRights()
{
$querystatement = "\n SELECT\n `roleid`\n FROM\n `reports`\n WHERE\n `uuid` = '" . $this->reportUUID . "'\n ";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult)) {
$therecord = $this->db->fetchArray($queryresult);
if (!hasRights($therecord["roleid"])) {
goURL(APP_PATH . "noaccess.php");
}
} else {
$error = new appError(500, "Bad report uuid");
}
}
}
//end class
//Processor
//===========================================================================
if (!isset($noOutput)) {
include_once "../../include/session.php";
$aging = new arAging($db);
if (isset($_POST["command"])) {
switch ($_POST["command"]) {
case "run":
if (!isset($_POST["agingdate"])) {
$error = new appError(200, "passed parameters not set");
}
$aging->run($_POST["agingdate"]);
if (isset($_POST["printStatements"])) {
$aging->printClientStatements = true;
}
if (isset($_POST["printSummary"])) {
$aging->printSummary = true;
}
$aging->showResults();
break;
case "cancel":
goURL(APP_PATH . "search.php?id=tbld%3Ac595dbe7-6c77-1e02-5e81-c2e215736e9c");
}
//endswitch
} else {
$aging->showDialog();
}
}
//end if
function processAddEditPage()
{
// no command parameter present?
if (!isset($_POST["command"])) {
// assuming just entered the page (no POST)
// presence of a GET id means editing an existing record
// (vs. creating a new)
if (isset($_GET["id"])) {
//editing... make sure they have access to edit
if (!hasRights($this->editroleid)) {
goURL(APP_PATH . "noaccess.php");
} else {
$this->getCustomFieldInfo();
return $this->getRecord((int) $_GET["id"]);
}
//endif
} else {
//creating new record
if (!hasRights($this->addroleid)) {
goURL(APP_PATH . "noaccess.php");
} else {
$this->getCustomFieldInfo();
return $this->getDefaults();
}
//endif
}
//end if GET-id
} else {
// command present
switch ($_POST["command"]) {
//pressed the cancel button
case "cancel":
// if we needed to do any clean up (deleteing temp line items)
if (!isset($_POST["id"])) {
$_POST["id"] = 0;
}
$theurl = $this->backurl;
if (isset($_POST["id"])) {
$theurl .= "#" . (int) $_POST["id"];
}
goURL($theurl);
break;
case "save":
if (!hasRights($this->editroleid)) {
goURL(APP_PATH . "noaccess.php");
}
$variables = $this->prepareVariables($_POST);
$errorArray = $this->verifyVariables($variables);
if ($_POST["id"]) {
$theid = $variables["id"];
if (!count($errorArray)) {
$this->updateRecord($variables);
if (isset($variables["getid"])) {
if (is_numeric($variables["getid"])) {
$theid = (int) $variables["getid"];
}
}
// special variable to override the
//id for get record
//get record
$this->getCustomFieldInfo();
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] = "Record Updated";
} else {
foreach ($errorArray as $error) {
$logError = new appError(-900, $error, "Verification Error");
}
//get record
$this->getCustomFieldInfo();
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] = "Data Verification Error";
}
//end if
return $therecord;
} else {
$theid = 0;
if (!count($errorArray)) {
$theid = $this->insertRecord($variables);
//get record
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] = "<div style=\"float:right;margin-top:-3px;\"><button type=\"button\" accesskey=\"n\" class=\"smallButtons\" onclick=\"document.location='" . str_replace("&", "&", $_SERVER["REQUEST_URI"]) . "'\">add new</button></div>";
$therecord["phpbmsStatus"] .= "Record Created";
} else {
foreach ($errorArray as $error) {
$logError = new appError(-900, $error, "Verification Error");
}
//get record
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] .= "Data Verification Error";
}
//end if
return $therecord;
}
//endif
break;
}
//end command switch
}
// end if - command present
}
$pro->get_entire_order($_POST['id'], $order);
while ($pro->next_record()) {
$apid = $pro->f('product_id');
$acate = $pro->f('attach_cate_id');
$order_attach_arr[$apid . $acate] = $pro->f('attach_id');
$order_price_arr[$apid . $acate] = $pro->f('price');
$order_quantity_arr[$apid . $acate] = $pro->f('quantity');
$order_discount_arr[$apid . $acate] = $pro->f('discount');
$order_VAT_arr[$apid . $acate] = $pro->f('VAT');
}
$pro_order = new products();
$list_id = $pro_order->get_order_productid_list($_POST['id']);
$pro_order->get_buy_products($list_id);
require 'templates/edit_update_order.tmp.php';
break;
case 'search':
require 'templates/order_search.tmp.php';
$pro->get_search_orders($_POST['search_fld'], $_POST['search_value']);
require 'templates/list_order.tmp.php';
break;
case 'delete':
$pro->delete_order($_POST['id']);
default:
require 'templates/order_search.tmp.php';
$pro->get_orders(false, '', $_POST['sort_fld'], $_POST['direction']);
require 'templates/list_order.tmp.php';
}
if ($_POST['close_win'] == 'true') {
goURL('order.php');
}
require $GO_THEME->theme_path . "footer.inc";
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
+-------------------------------------------------------------------------+
*/
require_once "include/session.php";
require_once "include/login_include.php";
if (isset($_POST["name"]) && isset($_POST["password"])) {
$login = new login($db);
$failed = $login->verify($_POST["name"], $_POST["password"]);
} else {
$failed = "";
$_POST["name"] = "";
}
//endif
if (isset($_SESSION["userinfo"])) {
goURL(DEFAULT_LOAD_PAGE);
}
$pageTitle = formatVariable(APPLICATION_NAME) . " Log in";
$phpbms->cssIncludes[] = "pages/login.css";
$phpbms->jsIncludes[] = "common/javascript/login.js";
$phpbms->showMenu = false;
$phpbms->showFooter = false;
include "header.php";
?>
<div id="loginbox" class="bodyline" >
<h1><span><?php
echo APPLICATION_NAME;
?>
</span></h1>
$displayTable->querytype = "advanced search";
break;
break;
case "advanced sort":
$displayTable->showGroupings = 0;
$displayTable->recordoffset = 0;
$displayTable->querysortorder = $_POST["advancedsort"];
break;
case "relate records":
include "include/relationships.php";
$theids = explode(",", $_POST["theids"]);
$relationship = new relationship($db, $_POST["relationship"]);
$newURL = $relationship->execute($theids);
$_SESSION["temp_relateto"] = $displayTable->thetabledef["displayname"];
$displayTable->querytype = "relate";
goURL($newURL);
break;
}
//end switch
}
//end if
//on the fly sorting... this needs to be done after command processing or the querystatement will not work.
if (!isset($_POST["newsort"])) {
$_POST["newsort"] = "";
}
if (!isset($_POST["desc"])) {
$_POST["desc"] = "";
}
if ($_POST["newsort"] != "") {
//$displayTable->setSort($_POST["newsort"]);
$displayTable->recordoffset = 0;
include "include/files.php";
if (!isset($_GET["backurl"])) {
$thetable = new files($db, "tbld:80b4f38d-b957-bced-c0a0-ed08a0db6475");
$pageTitle = "File";
} else {
include "include/attachments.php";
$backurl = $_GET["backurl"];
if (isset($_GET["refid"])) {
$backurl .= "?refid=" . $_GET["refid"];
}
$thetable = new attachments($db, "tbld:80b4f38d-b957-bced-c0a0-ed08a0db6475", $backurl);
$pageTitle = "File Attachment";
}
$therecord = $thetable->processAddEditPage();
if (!hasRights($therecord["roleid"])) {
goURL("../../noaccess.php");
}
if (isset($therecord["phpbmsStatus"])) {
$statusmessage = $therecord["phpbmsStatus"];
}
function getAttachments($db, $uuid)
{
$querystatement = "\n\t\t\tSELECT\n\t\t\t\t`tabledefs`.`displayname`,\n\t\t\t\t`attachments`.`recordid`,\n\t\t\t\t`attachments`.`creationdate`,\n\t\t\t\t`tabledefs`.`editfile`\n\t\t\tFROM\n\t\t\t\t`attachments`INNER JOIN `tabledefs` ON `attachments`.`tabledefid`=`tabledefs`.`uuid`\n\t\t\tWHERE `attachments`.`fileid`='" . $uuid . "'\n\t\t\t";
$queryresult = $db->query($querystatement);
return $queryresult;
}
$phpbms->cssIncludes[] = "pages/files.css";
$phpbms->jsIncludes[] = "modules/base/javascript/file.js";
//Form Elements
//==============================================================
$theform = new phpbmsForm();
function massEmail()
{
$_SESSION["emailids"] = $this->idsArray;
goURL("modules/bms/clients_email.php");
}
