Exemple #1
0
		$template_list.="<a href='templates.php?id=".$row['id']."'><div class='tempate_editor_list".($row['archived'] > 0 ? " archived" : "")."'>".$row['template_name']."</div></a>";	
	}
		
		
	//template set-up for selected template.
if($_GET['id']>=0)
{
	$namer="";
	$arch=0;
	
	if($_GET['id'] > 0)
	{
		$sql = "
			select * 
			from templates
			where id='".sql_friendly($_GET['id'])."'
		";
		$data=simple_query($sql);
		while($row=mysqli_fetch_array($data))	
		{
			$namer="".$row['template_name']."";
			$arch=$row['archived'];	
		}
	}	
	
	$template_form.="
		<div class='mrr_sector_container'>
			<input type='hidden' name='template_id' id='template_id' value='".$_GET['id']."'>
			<table cellpadding='0' cellspacing='0' border='0' style='width:100%'>			
			<tbody>	
			<tr>					
Exemple #2
0
					
				where id='".sql_friendly($row['id'])."' 
					and username='******'username'])."'
			";
			simple_query($sql);
			
		}
		else
		{	//bad login or failure delay from bad login attempts.
			
			$sql="
				update users set 
					linedate_failed=NOW(),
					failed_logins=(failed_logins + 1)					
					
				where username='******'username'])."'
			";
			simple_query($sql);
			
			
			$error = $lang['login_error0'];
			$invalid_password = $_POST['pword'];
			$use_userid = 0;
			$use_location=0;
			
			unset($_COOKIE['uuid']);
			setcookie("uuid", 'novalue', $mrr_cookie_bake);		//reset the cookie with 60 seconds	
			
			unset($_COOKIE['user']);
			setcookie("user", '0', $mrr_cookie_bake);			//reset the cookie with 60 seconds	
		}
				where id = '$row[id]'
			";
			simple_query($sql);
		}
		
		if($row['tmp_filename'] == '') 
		{
			$file_uuid = createuuid();
			$file_ext = get_file_ext($row['attachment']);
			
			$tmp_filename = "$file_uuid.$file_ext";
			
			$sql = "
				update log_email
				set tmp_filename = '".sql_friendly($tmp_filename)."'
				where id = '".sql_friendly($row['id'])."'
			";
			simple_query($sql);
			
		} 
		else 
		{
			$tmp_filename = $row['tmp_filename'];
		}		
		copy($row['attachment'], $tmp_dir.'/'.$tmp_filename);
	?>	
	This E-mail was originally sent to: <span style='color:blue'><?php 
echo $row['email_to'];
?>
</span><br>
	Sent on <span style='color:red'><?php 
	if($_POST['date_from']!="")				$filters.=" and log_email_views.linedate_viewed>='".date("Y-m-d",strtotime($_POST['date_from']))." 00:00:00'";
	if($_POST['date_to']!="")				$filters.=" and log_email_views.linedate_viewed<='".date("Y-m-d",strtotime($_POST['date_to']))." 23:59:59'";
	
	$sql = "
		select log_email_views.*,
			attached_files.filename,
			attached_files.public_name,
			users.first_name,
			users.last_name,
			users.username
			
		from log_email_views
			left join attached_files on attached_files.id=log_email_views.file_id
			left join users on users.id=log_email_views.user_id
		where attached_files.deleted=0
			and attached_files.access_level <= '".sql_friendly($_SESSION['view_access_level'])."'
			".$filters."
		order by log_email_views.linedate_viewed desc,id desc
		".(trim($_POST['report_filter_user'])!=""  ? "" : "limit 100")."
		";
	$data = simple_query($sql);          
     while($row = mysqli_fetch_array($data))
     {
     	$result_list.="
     		<tr class='".($cntr%2==0 ? "even" : "odd")."'>
     			<td valign='top' nowrap>".date("m/d/Y H:i", strtotime($row['linedate_viewed']))."</td>
     			<td valign='top'>".($row['public_name']!="" ?  $row['public_name'] : $row['filename'] )."</td>     			
     			<td valign='top'>".$row['first_name']." ".$row['last_name']."</td>
     			<td valign='top'>".$row['username']."</td>  
     			 <td valign='top'>".$row['ip_address']."</td> 			
     		</tr>";	
function mrr_display_quick_links_edit()
{
	$tab="";
	
	$cur_user=$_SESSION['selected_user_id'];
	$cur_cust=$_SESSION['selected_merchant_id'];
	$cur_store=$_SESSION['selected_store_id'];
	
	if($cur_user==0)		$cur_user=$_SESSION['user_id'];
	
	$merch_adder="";
	if($cur_cust > 0)
	{
		$merch_adder="
			 and (
			 	quick_links.merchant_id=0
			 	or
			 	quick_links.merchant_id='".sql_friendly($cur_cust)."'
			 	or
			 	LOCATE(',".sql_friendly($cur_cust).",',merchant_id_list) >0
			 )
		";	
	}
	
	$store_adder="";
	if($cur_cust > 0)
	{
		$store_adder="
			 and (
			 	quick_links.store_id=0
			 	or
			 	quick_links.store_id='".sql_friendly($cur_store)."'
			 	or
			 	LOCATE(',".sql_friendly($cur_store).",',store_id_list) >0
			 )
		";	
	}	
	
	$tab.="<div id='cce_quick_links_editor'><div id='cce_quick_links_editor_pad' style='display:none;'>";
	
	//new quick link form...
	
	//get_merchant_select_box($field,$pre=0,$cd=0,$prompt="",$classy="")
     $selbox1=get_merchant_select_box('quick_link_0_cust',$cur_cust,0,"ALL"," class='all_quick_link_input'");          
     
     //get_store_select_box($field,$pre=0,$merchant=0,$cd=0,$prompt="",$classy="")
     $selbox2=get_store_select_box('quick_link_0_store',$cur_store,$cur_cust,0,"ALL"," class='all_quick_link_input'");    
	
	$tab.="<div id='quick_links_0_block' class='all_quick_link_edits'>";
	$tab.=	"<div>
				&nbsp;
				&nbsp;
				&nbsp;				
				<span class='mrr_quick_links_spacer' style='color:#e19918;'>NEW</span>&nbsp;
			</div>";		
	$tab.=	"<span>Link Name</span> <input type='text' name='quick_link_0_name' id='quick_link_0_name' value=\"\" class='all_quick_link_input'>";
	$tab.=	"<span>Web Address</span> <input type='text' name='quick_link_0_url' id='quick_link_0_url' value=\"\" class='all_quick_link_input'><br>";
	$tab.=	"<span>Customer</span> ".$selbox1."<br>";	
	$tab.=	"<span>Store</span> ".$selbox2."<br>";		
	$tab.=	"<span>&nbsp;</span> <label>Make Private <input type='checkbox' name='quick_link_0_private' id='quick_link_0_private' value=\"1\"></label>";
	$tab.="</div>";
	
	
	$sql="
		select quick_links.*
		from quick_links		
		where quick_links.deleted=0
			".$merch_adder."
			".$store_adder."
			and (
				quick_links.private_link=0
				or
				(quick_links.private_link=1 && quick_links.user_id='".sql_friendly($cur_user)."')
			)
		order by quick_links.position_id asc,
			quick_links.row_num asc, 
			quick_links.col_num asc, 
			quick_links.link_name asc, 
			quick_links.id asc
		";
	$data=simple_query($sql);	
	while($row = mysqli_fetch_array($data))
	{		
		$allow_removal="";
		if($row['user_id']==$_SESSION['user_id'] || $row['access_level'] <= $_SESSION['access_level'])
		{
			$allow_removal="<i class='fa fa-trash' style='color:#e19918; font-size:14px;' title='Click to remove this merchant' onClick='edit_quick_links(".$row['id'].",3);'></i>";	
		}
		
		$selbox1=get_merchant_select_box('quick_link_'.$row['id'].'_cust',$cur_cust,0,"ALL"," class='all_quick_link_input' onChange='edit_quick_links(".$row['id'].",6);'");          
          $selbox2=get_store_select_box('quick_link_'.$row['id'].'_store',$cur_store,$cur_cust,0,"ALL"," class='all_quick_link_input' onChange='edit_quick_links(".$row['id'].",7);'");    
		
		$tab.="<div id='quick_links_".$row['id']."_block' class='all_quick_link_edits'>";
		$tab.=	"<div>
					<img src='common/images/prev_orange.png' alt='' border='0' style='cursor:pointer;height:16px' onClick='edit_quick_links(".$row['id'].",1);'>
					".$row['position_id']." 
					<img src='common/images/next_orange.png' alt='' border='0' style='cursor:pointer;;height:16px' onClick='edit_quick_links(".$row['id'].",2);'>
					<span class='mrr_quick_links_spacer'>".$allow_removal."</span>&nbsp;
				</div>";		
		$tab.=	"<span>Link Name</span> <input type='text' name='quick_link_".$row['id']."_name' id='quick_link_".$row['id']."_name' value=\"".$row['link_name']."\" class='all_quick_link_input' onBlur='edit_quick_links(".$row['id'].",4);'>";
		$tab.=	"<span>Web Address</span> <input type='text' name='quick_link_".$row['id']."_url' id='quick_link_".$row['id']."_url' value=\"".$row['link_url']."\" class='all_quick_link_input' onBlur='edit_quick_links(".$row['id'].",5);'><br>";
		$tab.=	"<span>Customer</span> ".$selbox1."<br>";		//".$row['merchant_id'].": ".$row['merchant_id_list']."
		$tab.=	"<span>Store</span> ".$selbox2."<br>";			//".$row['store_id'].": ".$row['store_id_list']."
		$tab.=	"<span>&nbsp;</span> <label>Make Private <input type='checkbox' name='quick_link_".$row['id']."_private' id='quick_link_".$row['id']."_private' value=\"1\"".($row['private_link'] > 0 ? " checked" : "")." onClick='edit_quick_links(".$row['id'].",8);'></label>";
		$tab.="</div>";
		
		//<input type='text' name='quick_link_".$row['id']."_cust' id='quick_link_".$row['id']."_cust' value=\"".$row['merchant_id'].": ".$row['merchant_id_list']."\">
		//<input type='text' name='quick_link_".$row['id']."_store' id='quick_link_".$row['id']."_store' value=\"".$row['store_id'].": ".$row['store_id_list']."\">
	}     
	$tab.="</div></div>";
	return $tab;
}
Exemple #6
0
     $view_user_access=0;
     if(isset($_SESSION['access_level']))		$user_access=$_SESSION['access_level'];
     if(isset($_SESSION['view_access_level']))	$view_user_access=$_SESSION['view_access_level'];
     
     if(isset($_GET['id']))		$_POST['id']=$_GET['id'];
     if(isset($_POST['id']))		$_GET['id']=$_POST['id'];
     
     if(!isset($_GET['id']))		$_GET['id']=0;
     if(!isset($_POST['id']))		$_POST['id']=0;
     
     $message="";
     $sql = "
     	select *
     	
     	from users
     	where id = '".sql_friendly($_SESSION['user_id'])."'
     ";
     $data_columns = simple_query($sql);
?>
<?
	//echo "<br>U".$_SESSION['selected_user_id']."M".$_SESSION['selected_merchant_id']."S".$_SESSION['selected_store_id']." ... U".$_SESSION['user_id']."M".$_SESSION['merchant_id']."S".$_SESSION['store_id']."<br>";
?>
<div class="column move_box_left">
		<div class="portlet left_col sort_tbl" id='portlet_SearchBox'>
			<div class="Table_sort_main">
     			<div class="search_box">
     				<div class="input-group">
     					<input type="text" class="form-control" name='search_cust' id='search_cust' value="<?php 
echo $_POST['search_cust'];
?>
" placeholder="Search...">
Exemple #7
0
	function remove_logo_list()
	{
		if($_POST['cust_id'] > 0)
		{
			$sql = "
			update attached_files set
				deleted='1' 
			where xref_id='".sql_friendly($_SESSION['selected_merchant_id'])."' 
				and section_id='".SECTION_LOGO_CUST."'
			";
			simple_query($sql);
		}	
		elseif($_POST['store_id'] > 0)
		{
			$sql = "
			update attached_files set
				deleted='1' 
			where xref_id='".sql_friendly($_SESSION['selected_store_id'])."' 
				and section_id='".SECTION_LOGO_STORE."'
			";
			simple_query($sql);
		}
		elseif($_POST['user_id'] > 0)
		{
			$sql = "
			update attached_files set
				deleted='1' 
			where xref_id='".sql_friendly($_SESSION['selected_user_id'])."' 
				and section_id='".SECTION_AVATAR."'
			";
			simple_query($sql);
		}
		display_xml_response("<rslt>1</rslt>");
	}
Exemple #8
0
    $use_store_id = 0;
    if ($_SESSION['store_id'] == 0 && $_SESSION['selected_store_id'] > 0) {
        $use_store_id = $_SESSION['selected_store_id'];
    } elseif ($_SESSION['store_id'] > 0) {
        $use_store_id = $_SESSION['store_id'];
    }
    if (move_uploaded_file($_FILES['upl_' . $upcounter]['tmp_name'], $move_destination)) {
        if ((substr_count($finfo['extension'], "pdf") > 0 || substr_count($finfo['extension'], "PDF") > 0) && $public == 1) {
            $move_destination_png = $move_destination;
            $move_destination_png = str_replace(".pdf", ".png", $move_destination_png);
            $move_destination_png = str_replace(".PDF", ".png", $move_destination_png);
            $imagick = new Imagick();
            $imagick->setResolution(300, 300);
            $imagick->readImage($move_destination);
            $imagick->setImageFormat("png");
            $imagick->writeImage($move_destination_png);
            $new_filename = $move_destination_png;
        }
        $sql = "\n\t\t\tinsert into attached_files\n\t\t\t\t(xref_id,\n\t\t\t\tfilename,\n\t\t\t\tfilesize,\n\t\t\t\tlinedate_added,\n\t\t\t\tsection_id,\n\t\t\t\taccess_level,\n\t\t\t\tdeleted,\n\t\t\t\tuser_id,\n\t\t\t\tmerchant_id,\n\t\t\t\tstore_id,\n\t\t\t\tpublic_name,\n\t\t\t\tpublic_flag)\n\t\t\t\t\n\t\t\tvalues ('" . sql_friendly($_SESSION['upload_params'][$upcounter]['xref_id']) . "',\n\t\t\t\t'" . sql_friendly($new_filename) . "',\n\t\t\t\t0,\n\t\t\t\tnow(),\n\t\t\t\t'" . sql_friendly($_SESSION['upload_params'][$upcounter]['section_id']) . "',\n\t\t\t\t'" . sql_friendly($_SESSION['access_level']) . "',\n\t\t\t\t0,\n\t\t\t\t'" . sql_friendly($_SESSION['user_id']) . "',\n\t\t\t\t'" . sql_friendly($use_merchant_id) . "',\n\t\t\t\t'" . sql_friendly($use_store_id) . "',\n\t\t\t\t'" . sql_friendly(get_filename_without_unique($new_filename)) . "',\n\t\t\t\t'" . sql_friendly($public) . "')\n\t\t";
        simple_query($sql);
        $rslt['status_code'] = 1;
        $rslt['msg'] = 'success!';
        $rslt['filename_new'] = $new_filename;
        $rslt['filename_original'] = $_FILES['upl_' . $upcounter]['name'];
        $rslt['extra_params'] = $_SESSION['upload_params'][$upcounter]['extra_params'];
        return_result($rslt);
    }
}
$rslt['status_code'] = 0;
$rslt['msg'] = 'No files found.';
return_result($rslt);
	$cntr=0;
	
	if($_POST['report_filter_user']!="")		$filters.=" and (users.username like '%".sql_friendly($_POST['report_filter_user'])."%' or CONCAT(users.first_name, ' ', users.last_name) like '%".sql_friendly($_POST['report_filter_user'])."%')";
	
	if($_POST['date_from']!="")				$filters.=" and log_login.linedate_added>='".date("Y-m-d",strtotime($_POST['date_from']))." 00:00:00'";
	if($_POST['date_to']!="")				$filters.=" and log_login.linedate_added<='".date("Y-m-d",strtotime($_POST['date_to']))." 23:59:59'";
	
	$sql = "
		select log_login.*,
			users.first_name,
			users.last_name,
			users.username
			
		from log_login
			left join users on users.id=log_login.user_id
		where users.access_level <= '".sql_friendly($_SESSION['view_access_level'])."'
			".$filters."
		order by linedate_added desc,id desc
		limit 100
		";
	$data = simple_query($sql);          
     while($row = mysqli_fetch_array($data))
     {
     	$result_list.="
     		<tr class='".($cntr%2==0 ? "even" : "odd")."'>
     			<td valign='top' nowrap>".date("m/d/Y H:i", strtotime($row['linedate_added']))."</td>
     			<td valign='top'>".(trim($row['invalid_password'])!="" ? "<span class='alert'>Failed Login</span>" : "")."</td>     			
     			<td valign='top'>".$row['first_name']."</td>
     			<td valign='top'>".$row['last_name']."</td>
     			<td valign='top'>".$row['username']."</td>  
     			<td valign='top'>".$row['ip_address']."</td>  			
Exemple #10
0
					echo "<hr>";
					
					$temp_id=0;
                    	$mrr_adder=" and template_id=1";		//default to master template
                    	
                    	//find merchant template first...acts as a default.
                    	if($_SESSION['merchant_id'] > 0)
                    	{
                    		$temp_id=mrr_get_merchant_template_id($_SESSION['merchant_id']);     		
                    		if($temp_id > 0)	$mrr_adder=" and template_id='".sql_friendly($temp_id)."'";
                    	}
                    	//find store template next...override merchant if set.
                    	if($_SESSION['store_id'] > 0)
                    	{
                    		$temp_id=mrr_get_merchant_template_id($_SESSION['store_id']);     		
                    		if($temp_id > 0)	$mrr_adder=" and template_id='".sql_friendly($temp_id)."'";
                    	}
					$sql = "
                    		select * 
                    		from template_items
                    		where deleted=0			
                    			".$mrr_adder."  
                    			 and sub_group_id = 0	
                    		order by zorder asc,item_label asc
                    	";
                    	$data=simple_query($sql);
                    	while($row=mysqli_fetch_array($data))
                    	{
                    		$namer="".$row['item_label']."";	
                    		$namer2=str_replace(" ","_",$namer);
                    		
Exemple #11
0
		
	order by linedate_reminder2 asc
";	//and linedate_reminder2>='".date("Y-m-d",time())." 00:00:00'  
$data=simple_query($sql);	
while($row = mysqli_fetch_array($data))
{	
	$date=date("M j, Y",strtotime($row['linedate']));
	$sub=trim($row['date_description']);	
	
	$remind=date("M j, Y",strtotime($row['linedate_reminder2']));
	$email=trim($row['email_reminder2']);
	$message=trim($row['msg_reminder2']);
	
	//$email="*****@*****.**";
	
	$sqlu="update important_dates set sent_reminder2=1 where id='".sql_friendly($row['id'])."'";
	simple_query($sqlu);
	
	$found_requests.="<br>To: ".$email.". Date: ".$date.". Topic: ".$sub.". Reminder Date: ".$remind.". Msg: ".$message.".";
	sendMail($From,$FromName,$email,$email,$sub,strip_tags($message),"<b>".$sub."</b><br><br>".$message,'', '','') ;	
}

echo '<br><b>Email Reminders Sent:</b> <br>'.$found_requests.'.<br>';


//Remove older Temp Files....
echo '<br><b>Purging /TEMP/ Files</b><br>';
$path = "".$defaultsarray['base_path']."public_html/temp/";	
if($handle = opendir($path)) 
{
     while(false !== ($file = readdir($handle))) 
Exemple #12
0
?>
'></td></tr>						
								</tbody>
							</table>
						</td>
						
						<?
          				if($_SESSION['selected_merchant_id'] > 0 && trim($namer) != "Compliance Officer")
          				{
          					echo "<td valign='top' class='pos_rel co_photo mrr_cust_info'>CO CERTIFICATE<br>";
          					
          					$xref_id=0;
          					$sql="
          						select co_user_id 
          						from merchants
          						where id='".sql_friendly($_SESSION['selected_merchant_id'])."'
          					";
               				$data=simple_query($sql);
               				if($row=mysqli_fetch_array($data))		$xref_id=$row['co_user_id'];
          					
          					if($xref_id > 0 && $_SESSION['access_level']>=60)
          					{
          						$co_tab=create_uploader_section('cert_image_holder',"",SECTION_CERTIFICATES,$xref_id,'show_user_cert2', 'Upload Certificate');
          						echo $co_tab;
          					}
          					echo "</td>";
          				}
          				elseif(trim($namer) == "Compliance Officer")
          				{
          					echo "<td valign='top' class='pos_rel co_photo mrr_cust_info'>&nbsp;</td>";
          				}
Exemple #13
0
    if (!file_exists($new_folder)) {
        mkdir($new_folder);
    }
    $file_ext = get_file_ext($_FILES['Filedata']['name']);
    $new_filename = get_unique_filename($new_folder, $_FILES['Filedata']['name']);
    $curdate = 0;
    if (move_uploaded_file($_FILES['Filedata']['tmp_name'], $new_folder . $new_filename)) {
        $curdate = mrr_pull_image_created_date($new_folder . $new_filename);
        $rslt = 1;
    } else {
        $rslt = 0;
    }
    $user_id = 0;
    $store_id = 0;
    $merchant_id = 0;
    if (isset($_SESSION['user_id'])) {
        $user_id = $_SESSION['user_id'];
    }
    if (isset($_SESSION['store_id'])) {
        $store_id = $_SESSION['store_id'];
    }
    if (isset($_SESSION['merchant_id'])) {
        $merchant_id = $_SESSION['merchant_id'];
    }
    //log that file was uploaded...
    $sql = "\r\n\t\tinsert into attached_files\r\n\t\t\t(linedate_added,\r\n\t\t\tlinedate_created,\r\n\t\t\tfilename,\r\n\t\t\tfilesize,\r\n\t\t\tsection_id,\r\n\t\t\txref_id,\r\n\t\t\tdeleted,\r\n\t\t\taccess_level,\r\n\t\t\tuuid,\r\n\t\t\tmerchant_id,\r\n\t\t\tstore_id,\r\n\t\t\tuser_id)\r\n\t\t\t\r\n\t\tvalues (now(),\r\n\t\t\t'" . sql_friendly($curdate) . "',\r\n\t\t\t'" . sql_friendly($new_filename) . "',\r\n\t\t\t'" . sql_friendly($_FILES['Filedata']['size']) . "',\r\n\t\t\t'" . sql_friendly($_POST['section_id']) . "',\r\n\t\t\t'" . sql_friendly($_POST['xref_id']) . "',\r\n\t\t\t0,\r\n\t\t\t'" . sql_friendly($def_access) . "',\r\n\t\t\t'" . createuuid() . "',\r\n\t\t\t'" . sql_friendly($merchant_id) . "',\r\n\t\t\t'" . sql_friendly($store_id) . "',\r\n\t\t\t'" . sql_friendly($user_id) . "')\r\n\t";
    simple_query($sql);
    //$iid=mysql_insert_id();
}
?>
1