function mailForm(){
$db=new DBConnection();
$templates=array();
$templates[0]='Select template to use';
$query='SELECT mail_templates_id, mail_template_title FROM mail_templates ORDER BY mail_template_title';
$res=$db->rq($query);
while(($row=$db->fetch($res)) != FALSE) {
$templates[$row['mail_templates_id']]=$row['mail_template_title'];
}
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>Editing Mail Settings</b></div>
<form name="addNewExpDate" method="POST" id="MainForms" action="">
<fieldset class="mainFormHolder" style="width:400px;">
<legend>SMTP Settings</legend>';
$query='SELECT * FROM global_settings WHERE section="mail_assigns"';
$res=$db->rq($query);
while(($row=$db->fetch($res)) != FALSE) {
$pcontent.='
<div class="formsLeft" style="width:150px;">'.$row['variable'].':</div>
<div class="formsRight">
<select name="Assign'.$row['global_settings_id'].'" class="text-input">';
foreach ($templates AS $TemplateID=>$TemplateName) {
$pcontent.='<option value="'.$TemplateID.'"'.(($TemplateID==$row['variable_value'])?' selected':'').'>'.$TemplateName.'</option>';
}
$pcontent.='
</select>
</div>
<br />';
}
$pcontent.='
<input type="hidden" name="_form_submit" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'mails_assigns.php\';" />
</fieldset>
</form>
</div>';
$db->close();
return $pcontent;
}
/**
* Add new admin action
* @param int $admins_id
* @return string
*/
function addNewAdmin($admins_id = 0) {
if ($admins_id && !isset($_POST['_form_submit'])){
$_SESSION['admin']['uedit'] = $admins_id;
$db = new DBConnection();
$query = 'SELECT * FROM ul_logins WHERE id='.($admins_id+0).'';
$res = $db->rq($query);
foreach ($db->fetch($res) as $RowName => $RowValue){
$FormFieldName = str_replace('adm_', '', $RowName);
$_POST[$FormFieldName] = $RowValue;
}
$now = new \DateTime();
$column = new \DateTime($_POST['block_expires']);
if ($column > $now) {
$_POST['status'] = 0;
}
else {
$_POST['status'] = 1;
}
unset($_POST['password']);
$db->close();
}
$view = new App\View\View('admin/add');
$view->admin_id = $admins_id;
$view->data = $_POST;
return $view->render();
}
function addLog($log_area = '', $log_section = '', $log_user = '', $log_admin = '', $log_details = '')
{
$user_ip = GetHostByName($_SERVER["REMOTE_ADDR"]);
$db = new DBConnection();
$query = 'INSERT INTO logs SET
log_area="' . $log_area . '",log_section="' . $log_section . '",log_user="******",log_admin="' . $log_admin . '",log_details="' . $log_details . '",
log_date="' . date('Y-m-d H:i:s', CUSTOMTIME) . '", log_ip="' . $user_ip . '"';
$db->rq($query);
}
function addNewAdvisor($users_advisors_id=0) {
if ($users_advisors_id&&!$_POST['_form_submit']){
$_SESSION['admin']['uedit']=$users_advisors_id;
$db=new DBConnection();
$query='SELECT * FROM users_advisors WHERE users_advisors_id='.($users_advisors_id+0).'';
$res=$db->rq($query);
foreach ($db->fetch($res) as $RowName=>$RowValue){
$FormFieldName=str_replace('advisor_', '', $RowName);
$_POST[$FormFieldName]=$RowValue;
}
$db->close();
}
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($users_advisors_id>0)?'Editing':'Creating New').' Advisor</b></div>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/advisors.js"></script>
<form name="addNewAdvisor" method="POST" id="MainForms" action="">
<fieldset class="mainFormHolder">
<legend>User information</legend>
<div class="formsLeft">REF:</div>
<div class="formsRight">
<input class="text-input" type="text" name="ref" id="ref" value="'.$_POST['ref'].'" />
</div>
<br />
<div class="formsLeft">Names:</div>
<div class="formsRight">
<input class="text-input" name="names" id="names" value="'.$_POST['names'].'" />
</div>
<br />
<div class="formsLeft">Firm:</div>
<div class="formsRight">
<input class="text-input" name="firm" id="firm" value="'.$_POST['firm'].'" />
</div>
<br />
<div class="formsLeft">Contacts:</div>
<div class="formsRight">
<input class="text-input" name="contacts" id="contacts" value="'.$_POST['contacts'].'" />
</div>
<input type="hidden" name="_form_submit" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />
';
if ($users_advisors_id){
$pcontent.='
<input type="hidden" name="advid" value="'.$users_advisors_id.'">
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this advisor?\')) location=\'?action=delete&advid='.($_POST['users_advisors_id']+0).'\';" />';
}
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'users_advisors.php\';" />
</fieldset>
</form>
</div>';
return $pcontent;
}
function addNewExpDate($expiry_dates_id=0){
if($expiry_dates_id&&!$_POST['_form_submit']) {
$_SESSION['admin']['uedit']=$expiry_dates_id;
$db=new DBConnection();
$query='SELECT * FROM expiry_dates WHERE expiry_dates_id='.($expiry_dates_id+0).'';
$res=$db->rq($query);
foreach ($db->fetch($res) AS $RowName=>$RowValue) {
$_POST[$RowName]=$RowValue;
}
$db->close();
}
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($expiry_dates_id>0)?'Editing':'Creating New').' Expiry Date</b></div>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/expiry_dates.js"></script>
<form name="addNewExpDate" method="POST" id="MainForms" action="">
<fieldset class="mainFormHolder">
<legend>Date information</legend>
<div class="formsLeft">Expiry date:</div>
<div class="formsRight">
<input class="text-input" type="text" name="expiry_date" id="expiry_date" value="'.$_POST['expiry_date'].'" autocomplete="off" />
</div>
<input type="hidden" name="_form_submit" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />';
if($expiry_dates_id) {
$pcontent.='
<input type="hidden" name="edid" value="'.$expiry_dates_id.'">
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this expiry date?\')) location=\'?action=delete&edid='.($_POST['expiry_dates_id']+0).'\';" />';
}
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'expiry_dates.php\';" />
</fieldset>
</form>
</div>';
return $pcontent;
}
function addNewTradeSell($tradesSell_id=0) {
$db=new DBConnection();
if ($tradesSell_id&&!$_POST['_form_submit']){
$query='SELECT * FROM trades WHERE trade_ref="'.$tradesSell_id.'"';
$res=$db->rq($query);
$_POST=$db->fetch($res);
$_SESSION['admin']['uedit']=$_POST['trades_id'];
}
$JSCripts=' onchange="setDetails(0);"';
$JSCriptsPremium=' onchange="setDetails(1);"';
if ($_POST['trade_date']=='') $_POST['trade_date']=date('Y-m-d', CUSTOMTIME);
global $tradesSellStatuses;
global $tradesBuyOptions;
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($_GET['action']=='new_sell')?'Adding new':'Editing').' SELL Order</b></div>
<script type="text/javascript" src="../js/jquery.metadata.js"></script>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/tradesSell.js"></script>
<script type="text/javascript">
jQuery(document).ready(
function($) {
var sliderValue = '.$_POST['trade_positions_left'].';
$("#slider").slider( {
min : 1,
max : '.$_POST['trade_positions_left'].',
step : 1,
value : [ sliderValue ],
slide : function(event, ui) {
$("#sliderVal").val(ui.value);
}
});
$("#sliderVal").attr("value", sliderValue);
$("#sliderVal").keyup(function() {
var sliderValue = +this.value;
if (sliderValue >= 1 && sliderValue <= '.$_POST['trade_positions_left'].') {
$("#slider").slider("value", sliderValue);
} else {
alert("Please enter a value between 1 and '.$_POST['trade_positions_left'].'");
$("#slider").slider("value", 1);
$("#sliderVal").attr("value", 1);
}
});
$("#slider, #sliderVal").bind("mousedown mouseup mousemove mouseout mouseover", function() {
setDetails();
});
setDetails();
});
</script>
<form name="addNewTradeBuy" method="POST" id="MainForms" action="">
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Account</legend>
<div class="formsRight">
<select name="user_account_num" id="user_account_num" class="text-input-big" title="Please select user account!" validate="required:true">';
$query='SELECT user_account_num, user_firstname, user_lastname, user_balance FROM users WHERE user_account_num="'.$_POST['user_account_num'].'" LIMIT 1';
$res=$db->rq($query);
while (($row=$db->fetch($res))!=FALSE){
$pcontent.='<option value="'.$row['user_account_num'].'">'.$row['user_account_num'].' ('.$row['user_firstname'].' '.$row['user_lastname'].', $'.$row['user_balance'].')</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Contract</legend>
<div class="formsLeft">Trade Order:</div>
<div class="formsRight">SELL</div>
<br />
<div class="formsLeft">Position(s):</div>
<div class="formsRight">
<div id="slider"><a href="#"></a></div> <input type="text" class="text-input-smallest left" id="sliderVal" name="trade_positions"'.$JSCripts.' />
</div>
<br /><br />
<div class="formsLeft">Option:</div>
<div class="formsRight"><input class="text-input ui-state-default" type="text" name="trade_option" id="trade_option" value="'.$tradesBuyOptions[$_POST['trade_option']].'"></div>
<br />
<div class="formsLeft">Commodity:</div>
<div class="formsRight">';
$query='SELECT * FROM commodities WHERE commodities_id='.($_POST['commodities_id']+0).' LIMIT 1';
$res=$db->rq($query);
$row=$db->fetch($res);
$strToUse=strtotime($_POST['trade_expiry_date']);
$pcontent.='
<input class="text-input ui-state-default" type="text" name="commodities_id" id="commodities_id" value="'.$row['commodities_symbol'].' ('.$row['commodities_name'].')">
</div>
<br />
<div class="formsLeft">Expiry Date:</div>
<div class="formsRight">
<div class="formsRight"><input class="text-input ui-state-default" type="text" name="trade_expiry_date" id="trade_expiry_date" value="'.date('d M y', $strToUse).'"></div>
</div>
<br />
<div class="formsLeft">Strike Price:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_strikeprice" id="trade_strikeprice" value="'.$_POST['trade_strikeprice'].'"'.$JSCripts.' />
</div><br />
<div class="formsLeft">Notes:</div>
<div class="formsRight">
<input type="text" class="text-input left" name="trade_notes" value="'.$_POST['trade_notes'].'"'.$JSCripts.' />
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Trade Details</legend>
<input class="ui-state-default trade-details" type="text" name="trade_details" id="trade_details" value="'.(($_POST['trade_details']!='')?''.$_POST['trade_details'].'':'BUY').'" readonly />
</fieldset>
<div class="clear"></div>';
$totalRelated=0;
$query2='SELECT trade_ref_relatedto FROM trades_related WHERE trade_ref="'.$_POST['trade_ref'].'"';
$res2=$db->rq($query2);
$totalRelated=$db->num_rows($res2);
if ($totalRelated>0){
$row2=$db->fetch($res2);
$getRelatedInfo=$db->getRow('trades','trade_ref="'.$row2['trade_ref_relatedto'].'"','trade_ref, trade_details');
$pcontent.='
<fieldset class="mainFormHolder left">
<legend>Related Trades</legend><br />
<div class="ui-state-default trade-details"><a href="trades.php?action=edit_buy&tref='.$getRelatedInfo['trade_ref'].'" style="display:block;">'.$getRelatedInfo['trade_details'].'</a></div><br />
</fieldset>';
}
$pcontent.='
</div>
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Prices</legend>
<div class="formsLeft">Premium:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_premium_price" id="trade_premium_price" value="'.$_POST['trade_premium_price'].'"'.$JSCriptsPremium.' />
</div>
<br />
<div class="formsLeft">Contract Size:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_contract_size" id="trade_contract_size" value="'.$_POST['trade_contract_size'].'" readonly />
</div>
<br />
<div class="formsLeft">Price/contract:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_price_contract" id="trade_price_contract" value="'.$_POST['trade_price_contract'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Trade Value:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_value" id="trade_value" value="'.$_POST['trade_value'].'" readonly />
</div>
<br />
<div class="formsLeft">Fees:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_fees" id="trade_fees" value="'.$_POST['trade_fees'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Total Invoiced:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_invoiced" id="trade_invoiced" value="'.$_POST['trade_invoiced'].'" />
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Settings</legend>
<div class="formsLeft">Value date:</div>
<div class="formsRight"><input class="text-input" type="text" name="trade_date" id="trade_date" value="'.$_POST['trade_date'].'" /></div>
<br />
<div class="formsLeft">Status:</div>
<div class="formsRight">
<select name="trade_status" class="text-input">';
foreach ($tradesSellStatuses as $StatusID=>$StatusName){
$pcontent.='<option value="'.$StatusID.'"'.(($StatusID==$_POST['trade_status'])?' selected':'').'>'.$StatusName.'</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<div class="mainFormHolder left btnsHolder">
<input type="hidden" name="_form_submit" value="1" />
<input type="hidden" name="_add_sell" value="1" />
<input type="hidden" name="trid" value="'.$tradesSell_id.'">
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this SELL?\')) location=\'?action=delete_sell&sellid='.($_POST['trade_ref']).'\';" />
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'trades.php\';" />
</div>
</div>
</form>
</div>';
$db->close();
return $pcontent;
}
function page_header_simple($redirect = 0)
{
if ($_SESSION['user']['is_logged'] == 1) {
$PageTitle = getLang('ptitle_logged');
} else {
$PageTitle = getLang('ptitle_notlogged');
}
echo '<!DOCTYPE html>
<!--[if lt IE 7]> <html lang="en-us" class="no-js ie6"> <![endif]-->
<!--[if IE 7]> <html lang="en-us" class="no-js ie7"> <![endif]-->
<!--[if IE 8]> <html lang="en-us" class="no-js ie8"> <![endif]-->
<!--[if IE 9]> <html lang="en-us" class="no-js ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html lang="en-us" class="no-js"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<title>' . $PageTitle . '</title>
<meta http-equiv="content-type" content="application/xhtml+xml" />
<meta http-equiv="X-UA-Compatible" content="IE=100" />
<meta name="robots" content="NOINDEX,NOFOLLOW" />
<meta name="viewport" content="width=device-width; initial-scale=1; maximum-scale=1;">
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
';
echo '
<link href="adminica/styles/adminica/reset.css" media="all" rel="stylesheet" type="text/css" />
<link href="adminica/styles/plugins/all/plugins.css" media="all" rel="stylesheet" type="text/css" />
<link href="adminica/styles/adminica/all.css" media="all" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="adminica/styles/themes/layout_switcher.php?default=layout_fixed.css" >
<link rel="stylesheet" href="adminica/styles/themes/nav_switcher.php?default=nav_top.css" >
<link rel="stylesheet" href="adminica/styles/themes/skin_switcher.php?default=skin_light.css" >
<link rel="stylesheet" href="adminica/styles/themes/theme_switcher.php?default=theme_blue.css" >
<link rel="stylesheet" href="adminica/styles/themes/bg_switcher.php?default=bg_white_wall.css" >
<link rel="stylesheet" href="adminica/styles/adminica/colours.css">
<link rel="stylesheet" href="css/custom.css">
<link rel="stylesheet" href="css/font-awesome/css/font-awesome.min.css">
<link href="css/validationEngine.jquery.css" media="all" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="adminica/scripts/plugins-min.js"></script>
<script type="text/javascript" src="adminica/scripts/adminica/adminica_all-min.js"></script>
<!--<script type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="js/jquery-ui-1.7.2.custom.min.js"></script>-->
<script type="text/javascript" src="js/scripts.js"></script>';
if ($SelectedTab == 2) {
echo '
<link href="css/jquery.jqplot.css" media="all" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/excanvas.min.js"></script>
<script type="text/javascript" src="js/jquery.jqplot.min.js"></script>
<script type="text/javascript" src="js/plugins/jqplot.dateAxisRenderer.min.js"></script>
<script type="text/javascript" src="js/plugins/jqplot.canvasTextRenderer.min.js"></script>
<script type="text/javascript" src="js/plugins/jqplot.canvasAxisTickRenderer.min.js"></script>
<script type="text/javascript" src="js/plugins/jqplot.categoryAxisRenderer.min.js"></script>
<script type="text/javascript" src="js/plugins/jqplot.barRenderer.js"></script>
';
}
echo '
<style>
.xLabel
{
display: inline-block;
width: 50%;
}
</style>
</head>
<body>
<div id="pjax">';
include 'includes/custom_header.php';
if ($_SESSION['user']['is_logged'] == 1) {
echo '<div id="main_container" class="main_container container_16 clearfix">';
include 'adminica/includes/components/navigation.php';
} else {
$db = new DBConnection();
$UserIP = GetHostByName($_SERVER["REMOTE_ADDR"]);
$query = 'SELECT banned_ips_id FROM banned_ips WHERE banned_ip="' . $UserIP . '" LIMIT 1';
$res = $db->rq($query);
$num_rows = $db->num_rows($res);
$db->close();
if ($num_rows > 0) {
echo '</div><div class="LoginContainer"><h3>' . getLang('lform_publicbanmessage') . '</h3></div>';
} else {
//include('parts/login_box.php');
}
}
}
<?php
require '../vendor/autoload.php';
require_once '../classes/db.class.php';
require_once '../includes/timefix.php';
set_time_limit(900);
$db = new DBConnection();
$today = date('Y-m-d', CUSTOMTIME);
$query = 'UPDATE trades SET trade_status=4 WHERE trade_expiry_date<"' . $today . '" AND trade_status=1';
$db->rq($query);
$query = 'SELECT user_account_num, user_lscp, user_lscp FROM users WHERE user_status=1';
$res = $db->rq($query);
while (($row = $db->fetch($res)) != FALSE) {
$query2 = 'SELECT MIN(trade_strikeprice) AS min_strike FROM trades WHERE trade_status=1 AND trade_option=1 AND user_account_num="' . $row['user_account_num'] . '"';
$res2 = $db->rq($query2);
$row2 = $db->fetch($res2);
if ($row2['min_strike'] < $row['user_lscp'] || $row['user_lscp'] == 0) {
$query3 = 'UPDATE users SET user_lscp="' . ($row2['min_strike'] + 0) . '", user_lastupdate="' . date('Y-m-d H:i:s', CUSTOMTIME) . '"
WHERE user_account_num="' . $row['user_account_num'] . '"';
$db->rq($query3);
}
$query4 = 'SELECT MAX(trade_strikeprice) AS max_strike FROM trades WHERE trade_status=1 AND trade_option=2 AND user_account_num="' . $row['user_account_num'] . '"';
$res4 = $db->rq($query4);
$row4 = $db->fetch($res4);
if ($row4['max_strike'] > $row['user_hpsp'] || $row['user_hpsp'] == 0) {
$query5 = 'UPDATE users SET user_hpsp="' . ($row4['max_strike'] + 0) . '", user_lastupdate="' . date('Y-m-d H:i:s', CUSTOMTIME) . '"
WHERE user_account_num="' . $row['user_account_num'] . '"';
$db->rq($query5);
}
$query6 = 'SELECT COUNT(trades_id) AS total_trades FROM trades WHERE trade_status=1 AND user_account_num="' . $row['user_account_num'] . '"';
$res6 = $db->rq($query6);
function addNewWithdraw($transferID=0) {
$db=new DBConnection();
if ($transferID && !isset($_POST['_form_submit'])){
$query='SELECT * FROM transfers WHERE tr_ref="'.$transferID.'"';
$res=$db->rq($query);
$_POST=$db->fetch($res);
}
$JSCripts=' onkeyup="setDetails();" onchange="setDetails();"';
if (array_get($_GET, 'uid', 0) > 0){
$query='SELECT user_bank_online,user_bank_beneficiary,user_bank_address,user_bank_account,user_bank_name,user_bank_codetype,user_bank_code,
user_bank_moredetails FROM users WHERE user_account_num="'.(array_get($_GET, 'uid', 0)).'"';
$res=$db->rq($query);
$row=$db->fetch($res);
foreach ($row as $Column=>$ColumnValue){
$fixColumnName=str_replace('user_', 'tr_', $Column);
$_POST[$fixColumnName]=$ColumnValue;
}
}
if (!isset($_POST['tr_fees']) || empty($_POST['tr_fees'])){
$_POST['tr_fees']='0.00';
}
if (!isset($_POST['tr_date']) || empty($_POST['tr_date'])){
$_POST['tr_date']=date('Y-m-d', CUSTOMTIME);
}
global $depositOptions;
$userBankCodeTypes=array(1=>'SWIFT Code', 2=>'IBAN Code', 3=>'ABA #', 4=>'BSC Code');
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($transferID>0)?'Editing':'Adding New').' Withdraw</b></div>
<script type="text/javascript" src="../js/jquery.metadata.js"></script>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/transfersWithdraw.js"></script>
<form name="addNewDeposit" method="POST" id="MainForms" action="">
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Account</legend>
<div class="formsRight">
<select name="user_account_num" id="user_account_num" class="text-input-big" title="Please select user account!" validate="required:true">
<option value="">Select account</option>';
$query='SELECT user_account_num, user_firstname, user_lastname, user_balance FROM users ORDER BY user_firstname ASC, user_lastname ASC';
$res=$db->rq($query);
while (($row=$db->fetch($res))!=FALSE){
$pcontent.='<option value="'.$row['user_account_num'].'"'.((array_get($_GET, 'uid') == $row['user_account_num'] || array_get($_POST, 'user_account_num')==$row['user_account_num'])?' selected':'').'>'.$row['user_account_num'].' ('.$row['user_firstname'].' '.$row['user_lastname'].', $'.$row['user_balance'].')</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Bank Details</legend>
<br />
<div class="formsLeft">Beneficiary:</div>
<div class="formsRight">
<input class="text-input" type="text" name="tr_bank_beneficiary" id="tr_bank_beneficiary" value="'.array_get($_POST, 'tr_bank_beneficiary').'" />
</div>
<br />
<div class="formsLeft">Bank Address:</div>
<div class="formsRight">
<textarea class="text-area" name="tr_bank_address" id="tr_bank_address">'.array_get($_POST, 'tr_bank_address').'</textarea>
</div>
<br />
<div class="formsLeft">Bank Account:</div>
<div class="formsRight">
<input class="text-input" type="text" name="tr_bank_account" id="tr_bank_account" value="'.array_get($_POST, 'tr_bank_account').'" />
</div>
<br />
<div class="formsLeft">Bank Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="tr_bank_name" id="tr_bank_name" value="'.array_get($_POST, 'tr_bank_name').'" />
</div>
<br />
<div class="formsLeft">
<select name="tr_bank_codetype" class="select-medium">';
foreach ($userBankCodeTypes as $BankCodeID=>$BankCodeType){
$pcontent.='<option value="'.$BankCodeID.'"'.(($BankCodeID==array_get($_POST, 'tr_bank_codetype'))?' selected':'').'>'.$BankCodeType.'</option>';
}
$pcontent.='
</select>
</div>
<div class="formsRight">
<input class="text-input" type="text" name="tr_bank_code" id="tr_bank_code" value="'.array_get($_POST, 'tr_bank_code').'" />
</div>
<br />
<div class="formsLeft">More Bank Details:</div>
<div class="formsRight">
<textarea class="text-area" name="tr_bank_moredetails" id="tr_bank_moredetails">'.array_get($_POST, 'tr_bank_moredetails').'</textarea>
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Notes</legend>
<div class="formsRight" style="height:105px;">
<textarea class="text-area-big" style="height:95px;" name="tr_notes" id="user_notes">'.array_get($_POST, 'tr_notes').'</textarea>
</div>
</fieldset>
</div>
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Transfer</legend>
<div class="formsLeft">Withdraw:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="tr_value" id="tr_value" value="'.array_get($_POST, 'tr_value').'"'.$JSCripts.' autocomplete="off" />
</div>
<br />
<div class="formsLeft">Fees:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="tr_fees" id="tr_fees" value="'.array_get($_POST, 'tr_fees').'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Total Withdraw:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="tr_total" id="tr_total" value="'.array_get($_POST, 'tr_total').'" readonly />
</div>
<br />
<div class="formsLeft">Value date:</div>
<div class="formsRight"><input class="text-input" type="text" name="tr_date" id="trade_date" value="'.array_get($_POST, 'tr_date').'" /></div>
<br />
<div class="formsLeft">Status:</div>
<div class="formsRight">
<select name="tr_status" class="text-input">';
foreach ($depositOptions as $StatusID=>$StatusName){
$pcontent.='<option value="'.$StatusID.'"'.(($StatusID==array_get($_POST, 'tr_status'))?' selected':'').'>'.$StatusName.'</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<div class="mainFormHolder left btnsHolder">
<input type="hidden" name="_add_withdraw" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />';
if ($transferID){
$pcontent.='
<input type="hidden" name="trid" value="'.$transferID.'">
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this withdraw?\')) location=\'?action=delete_withdraw&wtrid='.($_POST['tr_ref']).'\';" />';
}
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="'.((array_get($_GET, 'uid', 0) > 0)?'location=\'users.php\'':'location=\'transfers.php\'').';" />
</div>
</div>
</form>
</div>';
$db->close();
return $pcontent;
}
}
}
$searchFor='';
if ($_GET['sSearch']!=''){
$searchFor.='WHERE ';
foreach ($searchColumns AS $Count=>$columnToSearch) {
$addOr='';
if($Count!=0) $addOr.=' OR ';
$searchFor.=$addOr.$columnToSearch.' LIKE "%'.$db->string_escape($_GET['sSearch']).'%"';
}
}
$searchQuery='SELECT SQL_CALC_FOUND_ROWS * FROM commodities_groups '.$searchFor.' '.$searchOrder.' '.$searchLimit.'';
$rResult=$db->rq($searchQuery);
$query='SELECT FOUND_ROWS() AS frows';
$res=$db->rq($query);
$row=$db->fetch($res);
$iFilteredTotal=$row['frows'];
$query='SELECT COUNT(commodities_groups_id) AS total_groups FROM commodities_groups';
$res=$db->rq($query);
$row=$db->fetch($res);
$iTotal=$row['total_groups'];
$sOutput='{';
$sOutput.='"sEcho": '.$_GET['sEcho'].', ';
$sOutput.='"iTotalRecords": '.$iTotal.', ';
$sOutput.='"iTotalDisplayRecords": '.$iFilteredTotal.', ';
function addNewUser($users_id=0) {
$db=new DBConnection();
if($users_id&&!$_POST['_form_submit']) {
$query='SELECT * FROM users WHERE user_account_num="'.$users_id.'"';
$res=$db->rq($query);
$_POST=$db->fetch($res);
$_SESSION['admin']['uedit']=$_POST['users_id'];
$FullREF=explode('-', $_POST['user_fullref']);
$UserNID=$FullREF[1];
$JSCripts='';
}else {
$JSCripts=' onkeyup="generateAccountInfos();" onblur="generateAccountInfos();"';
$_POST['user_password']='******'.date('d', CUSTOMTIME).'r89';
$_POST['user_app_date']=date('Y-m-d', CUSTOMTIME);
}
global $userTitles;
global $userStatuses;
global $userBankCodeTypes;
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($users_id>0)?'Editing':'Creating New').' User Account</b></div>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/users.js"></script>
<form name="addNewUser" method="POST" id="MainForms" action="">
<div class="left">
<fieldset class="mainFormHolder left minHeight200">
<legend>Contact Information</legend>
<div class="formsLeft">Title:</div>
<div class="formsRight">
<select name="user_title" class="text-input">';
foreach ($userTitles AS $TitleID=>$TitleName) {
$selected='';
if($_POST['user_title']==$TitleID) $selected=' selected';
$pcontent.='<option value="'.$TitleID.'"'.$selected.'>'.$TitleName.'</option>';
}
$pcontent.='
</select>
</div>
<br />
<div class="formsLeft">First Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_firstname" id="user_firstname" value="'.$_POST['user_firstname'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Middle Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_middlename" id="user_middlename" value="'.$_POST['user_middlename'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Last Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_lastname" id="user_lastname" value="'.$_POST['user_lastname'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Email:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_email" id="user_email" value="'.$_POST['user_email'].'" />
</div>
<br />
<div class="formsLeft">Phone:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_phone" id="user_phone" value="'.$_POST['user_phone'].'" />
</div>
<br />
<div class="formsLeft">Mailing Address:</div>
<div class="formsRight">
<textarea class="text-area-small2rows" name="user_mailing_address" id="user_mailing_address" rows="2" cols="1">'.$_POST['user_mailing_address'].'</textarea>
</div>
<br />
<div class="formsLeft">Postal Code/ZIP:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_postal" id="user_postal" value="'.$_POST['user_postal'].'" />
</div>
<br />
<div class="formsLeft">City:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_city" id="user_city" value="'.$_POST['user_city'].'" />
</div>
<br />
<div class="formsLeft">State/Province:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_state" id="user_state" value="'.$_POST['user_state'].'" />
</div>
<br />
<div class="formsLeft">Country:</div>
<div class="formsRight">
<select name="user_country" id="user_country" class="text-input">';
$query='SELECT country_full FROM countries ORDER BY country_full';
$res=$db->rq($query);
while (($row=$db->fetch($res)) != FALSE) {
$selected='';
if($_POST['user_country']==$row['country_full']) $selected=' selected';
$pcontent.='<option value="'.$row['country_full'].'"'.$selected.'>'.$row['country_full'].'</option>';
}
$pcontent.='
</select>
</div>
<br />
<div class="moreRight" id="showMoreDetails">more details »</div>
<span id="moreDetails">
<br />
<div class="formsLeft">Fax:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_fax" id="user_fax" value="'.$_POST['user_fax'].'" />
</div>
<br />
<div class="formsLeft">Secondary Email:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_email2" id="user_email2" value="'.$_POST['user_email2'].'" />
</div>
<br />
<div class="formsLeft">Company:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_company" id="user_company" value="'.$_POST['user_company'].'" />
</div>
<br />
<div class="formsLeft">Web Page:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_web" id="user_web" value="'.$_POST['user_web'].'" />
</div>
</span>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Trading Advisor</legend>
<div class="formsLeft">Advisor 1:</div>
<div class="formsRight">
<select name="user_advisor1" class="text-input">
<option value="0">Select primary advisor</option>';
$query='SELECT * FROM users_advisors ORDER BY advisor_names';
$res=$db->rq($query);
while(($row=$db->fetch($res)) != FALSE) {
$pcontent.='<option value="'.$row['users_advisors_id'].'"'.(($row['users_advisors_id']==$_POST['user_advisor1'])?' selected':'').'>'.$row['advisor_names'].' / '.$row['advisor_ref'].'</option>';
}
$pcontent.='
</select>
</div>
<br />
<div class="formsLeft">Advisor 2:</div>
<div class="formsRight">
<select name="user_advisor2" class="text-input">
<option value="0">Select 2nd advisor</option>';
$query='SELECT * FROM users_advisors ORDER BY advisor_names';
$res=$db->rq($query);
while(($row=$db->fetch($res)) != FALSE) {
$pcontent.='<option value="'.$row['users_advisors_id'].'"'.(($row['users_advisors_id']==$_POST['user_advisor2'])?' selected':'').'>'.$row['advisor_names'].' / '.$row['advisor_ref'].'</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Bank Details</legend>
<div class="moreRight" id="showBankDetails">show bank details »</div>
<span id="moreBankDetails">
<div class="formsLeft">Beneficiary:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_bank_beneficiary" id="user_bank_beneficiary" value="'.$_POST['user_bank_beneficiary'].'" />
</div>
<br />
<div class="formsLeft">Bank Address:</div>
<div class="formsRight">
<textarea class="text-area" name="user_bank_address" id="user_bank_address">'.$_POST['user_bank_address'].'</textarea>
</div>
<br />
<div class="formsLeft">Bank Account:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_bank_account" id="user_bank_account" value="'.$_POST['user_bank_account'].'" />
</div>
<br />
<div class="formsLeft">Bank Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_bank_name" id="user_bank_name" value="'.$_POST['user_bank_name'].'" />
</div>
<br />
<div class="formsLeft">
<select name="user_bank_codetype" class="select-medium">';
foreach ($userBankCodeTypes AS $BankCodeID=>$BankCodeType) {
$pcontent.='<option value="'.$BankCodeID.'"'.(($BankCodeID==$_POST['user_bank_codetype'])?' selected':'').'>'.$BankCodeType.'</option>';
}
$pcontent.='
</select>
</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_bank_code" id="user_bank_code" value="'.$_POST['user_bank_code'].'" />
</div>
<br />
<div class="formsLeft">More Bank Details:</div>
<div class="formsRight">
<textarea class="text-area" name="user_bank_moredetails" id="user_bank_moredetails">'.$_POST['user_bank_moredetails'].'</textarea>
</div>
</span>
</fieldset>
</div>
<div class="left">
<fieldset class="mainFormHolder left minHeight200">
<legend>Account Information</legend>
<div class="formsLeft">Admin Reference:</div>
<div class="formsRight">
<input class="text-input-smaller" type="text" name="user_ref" id="user_ref" value="'.(($_POST['user_ref']!='')?''.$_POST['user_ref'].'':''.$_SESSION['admin']['refnum'].'').'" readonly />
<input class="text-input-small" type="text" name="user_refid" id="user_refid" value="'.(($UserNID!='')?''.$UserNID.'':''. NID.'').'" readonly />
</div>
<br />
<div class="formsLeft">Account Number:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_account_num" id="user_account_num" value="'.(($users_id!='')?''.$users_id.'':''. NID.'').'" readonly />
</div>
<br />
<div class="formsLeft">Account Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_account_name" id="user_account_name" value="'.$_POST['user_account_name'].'" />
</div>
<br />
<div class="formsLeft">Username:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_username" id="user_username" value="'.$_POST['user_username'].'" />
</div>
<br />
<div class="formsLeft">Password:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_password" id="user_password" value="'.$_POST['user_password'].'" />
</div>
<br />
<div class="formsLeft">Secret question:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_secret_question" id="user_secret_question" value="'.$_POST['user_secret_question'].'" />
</div>
<br />
<div class="formsLeft">Secret answer:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_secret_answer" id="user_secret_answer" value="'.$_POST['user_secret_answer'].'" />
</div>
<br />
<div class="formsLeft">Application Date:</div>
<div class="formsRight">
<input class="text-input" type="text" name="user_app_date" id="user_app_date" value="'.$_POST['user_app_date'].'" />
</div>
<br />
<div class="formsLeft">Status:</div>
<div class="formsRight">
<select name="user_status" class="text-input">';
foreach ($userStatuses AS $StatusID=>$StatusName) {
$pcontent.='<option value="'.$StatusID.'"'.(($StatusID==$_POST['user_status'])?' selected':'').'>'.$StatusName.'</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Notes</legend>
<div class="formsRight">
<textarea class="text-area-big" name="user_notes" id="user_notes">'.$_POST['user_notes'].'</textarea>
</div>
</fieldset>
<div class="clear"></div>
<div class="mainFormHolder left btnsHolder">
<input type="hidden" name="_form_submit" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />';
if($users_id) {
$pcontent.='
<input type="hidden" name="usid" value="'.$users_id.'">
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this user?\')) location=\'?action=delete&uid='.($_POST['user_uid']).'\';" />
<input type="button" name="_logs" value="'.getLang('sform_logsbtn').'" class="submitBtn ui-state-default" onclick="location=\'?action=logs&uid='.($_POST['user_uid']).'\';" />';
}
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'users.php\';" />
</div>
</div>
</form>
</div>';
$db->close();
return $pcontent;
}
if($_SESSION['admin']['is_logged']==1) {
$db=new DBConnection();
$query='DELETE FROM mail_queue WHERE mail_queue_id='.($_GET['mailid']+0);
$db->rq($query);
$db->close();
header('Location: mails_outbox.php');
exit();
}
break;
case 'massdel' :
if($_SESSION['admin']['is_logged']==1) {
$db=new DBConnection();
$query='DELETE FROM mail_queue WHERE is_sent=0';
$db->rq($query);
$db->close();
header('Location: mails_outbox.php');
exit();
}
break;
default :
$page_content=listOutgoingMails();
break;
}
page_header();
echo $page_content;
page_footer();
?>
function addNewCommodity($commodities_id=0) {
if($commodities_id&&!$_POST['_form_submit']) {
$_SESSION['admin']['uedit']=$commodities_id;
$db=new DBConnection();
$query='SELECT * FROM commodities WHERE commodities_id='.($commodities_id+0).'';
$res=$db->rq($query);
foreach ($db->fetch($res) AS $RowName=>$RowValue) {
$_POST[$RowName]=$RowValue;
}
$db->close();
}
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($commodities_id>0)?'Editing':'Creating New').' Commodity</b></div>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/commodities.js"></script>
<form name="addNewCommodity" method="POST" id="MainForms" action="">
<fieldset class="mainFormHolder">
<legend>Commodity information</legend>
<div class="formsLeft">Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="commodities_name" id="commodities_name" value="'.$_POST['commodities_name'].'" />
</div>
<br />
<div class="formsLeft">Group:</div>
<div class="formsRight">
<select name="commodities_groups_id" class="text-input">';
$db=new DBConnection();
$query='SELECT * FROM commodities_groups ORDER BY commodities_groups_name';
$res=$db->rq($query);
while(($row=$db->fetch($res)) != FALSE) {
$pcontent.='<option value="'.$row['commodities_groups_id'].'"'.(($_POST['commodities_groups_id']==$row['commodities_groups_id'])?' selected':'').'>'.$row['commodities_groups_name'].'</option>';
}
$db->close();
$pcontent.='
</select>
</div>
<br />
<div class="formsLeft">Symbol:</div>
<div class="formsRight">
<input class="text-input" name="commodities_symbol" id="commodities_symbol" value="'.$_POST['commodities_symbol'].'" />
</div>
<br />
<div class="formsLeft">Contract size:</div>
<div class="formsRight">
<input class="text-input" name="commodities_contract_size" id="commodities_contract_size" value="'.$_POST['commodities_contract_size'].'" />
</div>
<br />
<div class="formsLeft">Unit:</div>
<div class="formsRight">
<input class="text-input" name="commodities_unit" id="commodities_unit" value="'.$_POST['commodities_unit'].'" />
</div>
<br />
<div class="formsLeft">Default Fees:</div>
<div class="formsRight">
<input class="text-input" name="commodities_def_fee" id="commodities_def_fee" value="'.$_POST['commodities_def_fee'].'" />
</div>
<br />
<div class="formsLeft">Default Premium Price:</div>
<div class="formsRight">
<input class="text-input" name="commodities_def_prem" id="commodities_def_prem" value="'.$_POST['commodities_def_prem'].'" />
</div>
<br />
<div class="formsLeft">Status:</div>
<div class="formsRight">
<select name="commodities_status" class="text-input">
<option value="0"'.(($_POST['commodities_status']==0)?' selected':'').'>Not active</option>
<option value="1"'.(($_POST['commodities_status']==1)?' selected':'').'>Active</option>
</select>
</div>
<br />
<div class="formsLeft">Order priority:</div>
<div class="formsRight">
<input class="text-input" name="commodities_order_priority" id="commodities_order_priority" value="'.$_POST['commodities_order_priority'].'" />
</div>
<input type="hidden" name="_form_submit" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />';
if($commodities_id) {
$pcontent.='
<input type="hidden" name="cid" value="'.$commodities_id.'">
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this commodity?\')) location=\'?action=delete&cid='.($_POST['commodities_id']+0).'\';" />';
}
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'commodities.php\';" />
</fieldset>
</form>
</div>';
return $pcontent;
}
<?php
require_once 'common.php';
check_logged_in();
$PageTitle = getLang('ptitle_logged');
$db = new DBConnection();
$query = 'SELECT user_firstname, trading_type,user_lastname,user_account_num FROM users WHERE user_account_num="' . $_SESSION['user']['user_account_num'] . '" LIMIT 1';
$res = $db->rq($query);
$username = $db->fetch($res);
$total_change = 0;
$total_cost = 0;
$total_value = 0;
$total_profit = 0;
$total_pps_a = 0;
$total_pps_b = 0;
$query = 'SELECT * FROM stock_trades WHERE user_account_num="' . $_SESSION['user']['user_account_num'] . '" AND (trade_type="1" OR trade_type="3") AND trade_status="1" ORDER BY trade_date DESC';
$res = $db->rq($query);
$result = array();
while ($row = $db->fetch($res)) {
$subq = $db->rq("SELECT * FROM stocks WHERE stocks_id='" . $row['stocks_id'] . "' LIMIT 1");
$row['stock'] = $db->fetch($subq);
$subq = $db->rq("SELECT * FROM stock_details WHERE stocks_id='" . $row['stocks_id'] . "' ORDER BY date DESC LIMIT 1");
$row['details'] = $db->fetch($subq);
$total_pps_b += $row['trade_price_share'];
$total_pps_a += $row['details']['value'];
$total_cost += $row['trade_value'];
$row['cur_value'] = $row['details']['value'] * $row['trade_shares_left'];
$total_value += $row['cur_value'];
$row['profit'] = ($row['cur_value'] - $row['trade_value']) / $row['trade_value'] * 100;
if ($row['profit'] > 0) {
$row['profit_class'] = ' class="text-success"';
function addNewTradeShort($tradesSell_id=0) {
$db=new DBConnection();
if ($tradesSell_id && !isset($_POST['_form_submit'])){
$query='SELECT * FROM stock_trades WHERE trade_ref="'.$tradesSell_id.'"';
$res=$db->rq($query);
$_POST=$db->fetch($res);
$_SESSION['admin']['uedit']=$_POST['trades_id'];
$JSCripts=' onchange="setDetails(0);"';
$JSCriptsSelect=' onchange="setDetails(3);"';
$JSCriptsPremium=' onchange="setDetails(1);"';
}else{
$_POST['trade_stockprice']='0.0000';
$_POST['trade_shares']=10;
$JSCripts=' onchange="setDetails(0);"';
$JSCriptsSelect=' onchange="setDetails(3);"';
$JSCriptsPremium=' onchange="setDetails(1);"';
}
if (array_get($_POST, 'trade_date') == ''){
$_POST['trade_date'] = date('Y-m-d', CUSTOMTIME);
}
global $tradesStatuses;
global $tradesBuyOptions;
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($tradesSell_id>0)?'Editing':'Adding New').' SHORT Order</b></div>
<script type="text/javascript" src="../js/jquery.metadata.js"></script>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/stradesShort.js"></script>
<script type="text/javascript">
jQuery(document).ready(
function($) {
var sliderValue = '.$_POST['trade_shares'].';
$("#slider").slider( {
min : 1,
max : 99999,
step : 1,
value : [ sliderValue ],
slide : function(event, ui) {
$("#sliderVal").val(ui.value);
}
});
$("#sliderVal").attr("value", sliderValue);
$("#sliderVal").keyup(function() {
var sliderValue = +this.value;
if (sliderValue >= 1 && sliderValue <= 99999) {
$("#slider").slider("value", sliderValue);
} else {
alert("Please enter a value between 1 and 99999");
$("#slider").slider("value", 1);
$("#sliderVal").attr("value", 1);
}
});
$("#slider, #sliderVal").bind("mousedown mouseup mousemove mouseout mouseover", function() {
setDetails(0);
});
'.((!$tradesSell_id)?'setDetails(3);':'setDetails(4);').'
});
</script>
<form name="addNewTradeShort" method="POST" id="MainForms" action="">
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Account</legend>
<div class="formsRight">
<select name="user_account_num" id="user_account_num" class="text-input-big" title="Please select user account!" validate="required:true"'.$JSCripts.'>
<option value="">Select account</option>';
$query='SELECT user_account_num, user_firstname, user_lastname, user_balance FROM users ORDER BY user_firstname ASC, user_lastname ASC';
$res=$db->rq($query);
while (($row=$db->fetch($res))!=FALSE){
$pcontent.='<option value="'.$row['user_account_num'].'"'.((array_get($_GET, 'uid')==$row['user_account_num']||array_get($_POST, 'user_account_num')==$row['user_account_num'])?' selected':'').'>'.$row['user_account_num'].' ('.$row['user_firstname'].' '.$row['user_lastname'].', $'.$row['user_balance'].')</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Transaction</legend>
<div class="formsLeft">Trade Order:</div>
<div class="formsRight">SHORT SELL</div>
<br />
<div class="formsLeft">Share(s):</div>
<div class="formsRight">
<div id="slider"><a href="#"></a></div> <input type="text" class="text-input-smallest left" id="sliderVal" name="trade_shares"'.$JSCripts.' />
</div>
<br /><br />
<div class="formsLeft">Stock:</div>
<div class="formsRight">
<select name="stocks_id" id="stocks_id" class="text-input"'.$JSCriptsSelect.'>';
$query='SELECT stocks_id, stocks_symbol, stocks_name FROM stocks ORDER BY stocks_symbol ASC';
$res=$db->rq($query);
while($row = $db->fetch($res)) {
$subq=$db->rq('SELECT value FROM stock_details WHERE stocks_id='.$row['stocks_id'].' ORDER BY date DESC LIMIT 1');
$subrow=$db->fetch($subq);
$pcontent.='<option value="'.$row['stocks_id'].'_'.$subrow['value'].'_'.$row['stocks_symbol'].'"'.(($row['stocks_id']==array_get($_POST, 'stocks_id'))?' selected':'').'>'.$row['stocks_symbol'].' ('.$row['stocks_name'].')</option>';
}
$pcontent.='
</select>
</div><br />
<div class="formsLeft">Notes:</div>
<div class="formsRight">
<input type="text" class="text-input left" name="trade_notes" value="'.array_get($_POST, 'trade_notes').'"'.$JSCripts.' />
</div>
<br /><br />
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Trade Details</legend>
<input class="ui-state-default trade-details" type="text" name="trade_details" id="trade_details" value="'.array_get($_POST, 'trade_details', 'SHORT').'" readonly />
</fieldset>';
$totalRelated=0;
$query2='SELECT trade_details, stock_trades.trade_ref FROM trades_related tr LEFT JOIN stock_trades ON tr.trade_ref=stock_trades.trade_ref WHERE trade_ref_relatedto="'.array_get($_POST, 'trade_ref').'"';
$res2=$db->rq($query2);
$totalRelated=$db->num_rows($res2);
if ($totalRelated>0){
$pcontent.='
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Related Trades</legend><br />';
while (($row2=$db->fetch($res2))!=FALSE){
$pcontent.='<div class="ui-state-default trade-details"><a href="strades.php?action=edit_sell&tref='.$row2['trade_ref'].'" style="display:block;">'.$row2['trade_details'].'</a></div><br />';
}
$pcontent.='
</fieldset>';
}
$pcontent.='
</div>
<div class="left">
<fieldset class="mainFormHolder left">
<legend>Prices</legend>
<div class="formsLeft">Price/share:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_price_share" id="trade_price_share" value="'.array_get($_POST, 'trade_price_share').'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Trade Value:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_value" id="trade_value" value="'.array_get($_POST, 'trade_value').'" readonly />
</div>
<br />
<div class="formsLeft">Fees:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="trade_fees" id="trade_fees" value="'.array_get($_POST, 'trade_fees').'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Total Invoiced:</div>
<div class="formsRight">
<input class="text-input align-right ui-state-default" type="text" name="trade_invoiced" id="trade_invoiced" value="'.array_get($_POST, 'trade_invoiced').'" />
</div>
</fieldset>
<div class="clear"></div>
<fieldset class="mainFormHolder left">
<legend>Settings</legend>
<div class="formsLeft">Value date:</div>
<div class="formsRight">
<input class="text-input" type="text" name="trade_date" id="trade_date" value="'.array_get($_POST, 'trade_date').'" />
</div>
<br />
<div class="formsLeft">Status:</div>
<div class="formsRight">
<select name="trade_status" class="text-input">';
foreach ($tradesStatuses as $StatusID=>$StatusName){
$pcontent.='<option value="'.$StatusID.'"'.(($StatusID==array_get($_POST, 'trade_status'))?' selected':'').'>'.$StatusName.'</option>';
}
$pcontent.='
</select>
</div>
</fieldset>
<div class="clear"></div>
<div class="mainFormHolder left btnsHolder">';
if ($totalRelated==0){
$pcontent.='
<input type="hidden" name="_form_submit" value="1" />
<input type="hidden" name="_add_short" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />';
if ($tradesSell_id){
$pcontent.='
<input type="hidden" name="tref" value="'.$tradesSell_id.'">
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this BUY?\')) location=\'?action=delete_buy&buyid='.($_POST['trade_ref']).'\';" />';
}
}else{
$pcontent.='
<div class="ui-state-error bold" style="width:300px; margin:auto; padding:5px;">
These BUY trade have been partially or totally sold and therefore cannot be updated.
</div>';
}
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'strades.php\';" />
</div>
</div>
</form>
</div>';
$db->close();
return $pcontent;
}
header('Location: users.php');
}
exit();
}
if(array_get($_GET, 'noheader')==1) {
page_header(0);
}else{
page_header();
}
$db=new DBConnection();
$userDetails=$db->getRow('users','user_account_num="'.$_GET['uid'].'"','user_email, user_firstname, user_lastname, user_username, user_account_num, user_balance');
if(isset($_GET['buyref'])) {
$query='SELECT mail_templates_id FROM mail_templates mt LEFT JOIN global_settings gs ON mt.mail_templates_id=gs.variable_value WHERE variable="Buy Confirmation"';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0) {
$row=$db->fetch($res);
$_POST['mail_templates_id']=$row['mail_templates_id'];
}
}elseif(isset($_GET['sellref'])) {
$query='SELECT mail_templates_id FROM mail_templates mt LEFT JOIN global_settings gs ON mt.mail_templates_id=gs.variable_value WHERE variable="Sell Confirmation"';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0) {
$row=$db->fetch($res);
$_POST['mail_templates_id']=$row['mail_templates_id'];
}
}elseif(isset($_GET['tdref'])) {
$query='SELECT mail_templates_id FROM mail_templates mt LEFT JOIN global_settings gs ON mt.mail_templates_id=gs.variable_value WHERE variable="Deposit Confirmation"';
function addNewValue($details_id=0) {
$JSCripts=' onchange="setDetails();"';
$db=new DBConnection();
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>Adding New Stock Values</b></div>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/forms/stockValues.js"></script>
<form name="addNewStockValue" method="POST" id="MainForms" action="">';
$query='SELECT * FROM stocks ORDER BY stocks_name ASC';
$res=$db->rq($query);
$num = 1;
$pcontent.='<div class="left">';
while (($row=$db->fetch($res))!=FALSE){
if($details_id > 0) {
$details_id = $db->string_escape($details_id);
$curval = $db->getRow('stock_details','stocks_id="'.$row['stocks_id'].'" AND details_ref="'.$details_id.'"','value, volume, date');
} else {
$curval = $db->getRow('stock_details','stocks_id="'.$row['stocks_id'].'" ORDER BY date DESC','value, volume');
}
if($curval){
$date = array_get($curval, 'date');
$pcontent.='<fieldset class="mainFormHolder">
<legend>Share</legend>
<div class="formsLeft">Share:</div>
<div class="formsRight">
<select name="stocks_id_'.$num.'" id="stocks_id_'.$num.'" class="text-input">';
$pcontent.='<option value="'.$row['stocks_id'].'">'.$row['stocks_symbol'].' ('.$row['stocks_name'].')</option>';
$pcontent.='
</select>
</div><br />
<div class="formsLeft">Value:</div>
<div class="formsRight">
<input class="required text-input align-right" type="text" name="value_'.$num.'" id="value_'.$num.'" value="'.$curval['value'].'"'.$JSCripts.' />
</div>
<br />
<div class="formsLeft">Volume:</div>
<div class="formsRight">
<input class="text-input align-right" type="text" name="volume_'.$num.'" id="volume_'.$num.'" value="'.$curval['volume'].'"'.$JSCripts.' />
</div><br />
</fieldset>';
}
$num++;
}
$pcontent.='</div><div class="left"><fieldset class="mainFormHolder">
<legend>Date</legend>
<div class="formsLeft">Value date:</div>
<div class="formsRight"><input class="text-input" type="text" name="date_value" id="date_value" value="'.$date.'" /></div>
<br />';
if($details_id) {
$pcontent.='<input type="hidden" name="trade_ref" value="'.$details_id.'" />';
$pcontent.='<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete the values from this date?\')) location=\'?action=delete_values&sid='.($details_id).'\';" />';
}
$pcontent.='<input type="hidden" name="_form_submit" value="1" />
<input type="hidden" name="_new_value" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />
';
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'stocks.php\';" />
</fieldset></div>
</form>
</div>';
return $pcontent;
}
function addNewMailTemplate($mail_templates_id=0) {
$db=new DBConnection();
if($mail_templates_id&&!$_POST['_form_submit']) {
$_SESSION['admin']['uedit']=$mail_templates_id;
$query='SELECT * FROM mail_templates WHERE mail_templates_id='.($mail_templates_id+0).'';
$res=$db->rq($query);
foreach ($db->fetch($res) AS $RowName=>$RowValue) {
$_POST[$RowName]=$RowValue;
}
}
$settingsModel = new App\Model\Settings($db, 'mail_settings');
$settings = $settingsModel->getAll();
$API_KEY = $settings['sendwithus_key'];
$options = array();
$api = new API($API_KEY, $options);
$response = $api->emails();
$tags = explode(',', trim($settings['sendwithus_tags']));
$selectTemplateHtml = '<option value="">Empty</option>';
foreach($response as $template)
{
$matched = count(array_filter($tags)) == 0;
foreach($tags as $tag){
if (isset($template->tags) && in_array(trim($tag), $template->tags)) {
$matched = true;
break;
}
}
if($matched){
$selectTemplateHtml .= "<option value='". $template->id ."' ".(isset($_POST['mail_external_id']) && $_POST['mail_external_id'] == "$template->id" ? "selected='selected'" : "") .">". $template->name ."</option>";
}
}
// End
$db->close();
$templateVariables = Array(
'mail_template_title',
'user_first_name',
'user_username',
'user_last_name',
'user_account_num',
'user_password',
'user_password_org',
'trade_details',
'trade_date',
'trade_sell_status',
'trade_buy_status',
'trade_value',
'transfer_value',
'transfer_date',
'thanks',
'company_name',
'site_url',
'funding_overviews',
'trading_overviews',
'trade_ref',
'user_account_name',
'user_admin_ref',
'user_phone',
'user_email',
'user_mailing_address',
'user_city',
'user_state',
'user_postal',
'user_country',
'user_advisor1',
'user_advisor2',
'user_app_date'
);
sort($templateVariables);
$templateVariablesContent = '';
if(count($templateVariables) == 0){
$templateVariablesContent = '<p>Variables are not defined for this template type.</p>';
}else{
$templateVariablesContent .= '<ul class="variable_list">';
foreach($templateVariables as $var){
$templateVariablesContent .= "<li>{{$var}}</li>";
}
$templateVariablesContent .= '</ul>';
}
$pcontent='';
$pcontent.='
<div class="mainHolder">
<div class="hintHolder ui-state-default"><b>'.(($mail_templates_id>0)?'Editing':'Creating New').' Mail Template</b></div>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script type="text/javascript" src="js/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript" src="js/jquery.simplemodal-1.3.3.min.js"></script>
<link type="text/css" href="css/basic.css" rel="stylesheet" media="screen" />
<script type="text/javascript">
jQuery(function ($) {
$(".basic").click(function (e) {
var themeId = $("#MailTemplate").val();
var contentBody = tinyMCE.get("mail_html").getContent();
$.ajax({
type:"post",
url: "ajax_theme.php",
data: {action: "GetTemplateById" ,themeId : themeId, contentBody:contentBody },
success: function(data) {
$(".mailTArea").html(data);
tinyMCE.get("mail_html").setContent(data);
}
})
return false;
});
});
$(document).ready(function(){
ShowTemplate();
});
$(document).ready(function(){
$("#MailTemplate").change(function(){
tinyMCE.get("mail_html").setContent("loading...", {format : "raw"});
$(".mailTArea").html("loading...");
ShowTemplate();
});
});
function ShowTemplate(){
var externalId = $("#MailTemplate").val();
$.ajax({
type:"post",
url: "ajax_theme.php",
dataType: "json",
data: {action: "GetTemplateById" ,templateId : externalId },
success: function(data) {
tinyMCE.get("mail_html").setContent(data.html, {format : "raw"});
$(".mailTArea").html(data.text);
$("#template_name").val(data.name);
$("#template_version").val(data.id);
}
});
}
tinyMCE.init({
// General options
mode : "textareas",
theme : "advanced",
editor_selector : "mceEditor",
readonly : true,
visual: false
});
</script>
<div id="basic-modal-content" style="display:none">
</div>
<form name="addNewMailTemplate" method="POST" id="MainForms" action="">
<fieldset class="mainFormHolder left" style="width:800px;">
<legend>Template information</legend>
<div class="formsLeft">Title:</div>
<div class="formsRight">
<input class="text-input" type="text" name="mail_template_title" id="mail_template_title" value="'.$_POST['mail_template_title'].'" />
(used in admin area only)
</div>
<br />
<div class="formsLeft">Mail From:</div>
<div class="formsRight">
<input class="text-input" type="text" name="mail_from_mail" id="mail_from_mail" value="'.$_POST['mail_from_mail'].'" />
(ex: noreply@site.com)
</div>
<br />
<div class="formsLeft">Mail BCC:</div>
<div class="formsRight">
<input class="text-input" type="text" name="mail_bcc" id="mail_bcc" value="'.$_POST['mail_bcc'].'" />
(ex: noreply@site.com)
</div>
<br />
<div class="formsLeft">Mail From Name:</div>
<div class="formsRight">
<input class="text-input" type="text" name="mail_from" id="mail_from" value="'.$_POST['mail_from'].'" />
(ex: John Doe)
</div>
<br />
<div class="formsLeft">Mail Subject:</div>
<div class="formsRight">
<input class="text-input" type="text" name="mail_subject" id="mail_subject" value="'.$_POST['mail_subject'].'" />
</div>
<br />
<div class="formsLeft">Auto Mail?:</div>
<div class="formsRight">
<select name="mail_single" class="text-input">
<option value="1"'.(($_POST['mail_single']==1)?' selected':'').'>No</option>
<option value="0"'.(($_POST['mail_single']==0)?' selected':'').'>Yes</option>
</select>
</div>
<br />
<div class="formsLeft">Theme:</div>
<div class="formsRight">
<select name="mail_external_id" id="MailTemplate" class="text-input">'.$selectTemplateHtml.'</select>
</div>
<br />
<div class="formsLeft">HTML Content:</div>
<div class="formsRight">
<br />
<textarea name="mail_html" style="width:100%" class="mceEditor">Loading...</textarea>
</div>
<br />
<div class="formsLeft">Plain Text Content:</div>
<div class="formsRight">
<br />
<textarea name="mail_plain" style="width:100%" class="mailTArea">Loading...</textarea>
</div>
<input type="hidden" id="template_name" name="template_name" value="" />
<input type="hidden" id="template_version" name="template_version" value="" />
<input type="hidden" name="_form_submit" value="1" />
<input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" />';
if($mail_templates_id) {
$pcontent.='
<input type="hidden" name="mtid" value="'.$mail_templates_id.'">
<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete this mail template?\')) location=\'?action=delete&mtid='.($_POST['mail_templates_id']+0).'\';" />';
}
$pcontent.='
<input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'mails_templates.php\';" />
</fieldset>
<fieldset class="mainFormHolder left" style="width: 300px;">
<legend>Variables</legend>
'.$templateVariablesContent.'
</fieldset>
<br class="clear" />
</form>
</div>';
return $pcontent;
}
<?php
require_once 'template.php';
page_header(2);
if ($_SESSION['user']['is_logged'] == 1) {
$db = new DBConnection();
$line = array();
$line2 = array();
$query = $db->rq("SELECT value_change, stocks_id FROM stock_details ORDER BY date DESC, value_change DESC LIMIT 2");
while ($details = $db->fetch($query)) {
$subq = $db->rq("SELECT stocks_symbol, stocks_name FROM stocks WHERE stocks_id='" . $details['stocks_id'] . "' LIMIT 1");
$stock = $db->fetch($subq);
$stock['stocks_name'] = stripslashes($stock['stocks_name']);
$line[$stock['stocks_name']] = $details['value_change'];
}
$query = $db->rq("SELECT value_change, stocks_id FROM stock_details ORDER BY date DESC, value_change ASC LIMIT 2");
while ($details = $db->fetch($query)) {
$subq = $db->rq("SELECT stocks_symbol, stocks_name FROM stocks WHERE stocks_id='" . $details['stocks_id'] . "' LIMIT 1");
$stock = $db->fetch($subq);
$stock['stocks_name'] = stripslashes($stock['stocks_name']);
$line2[$stock['stocks_name']] = $details['value_change'];
}
?>
<script type="text/javascript">
$(document).ready(function(){
var line1 = [
$searchOrder.=$addComma.fnColumnToField($db->string_escape($_GET['iSortCol_'.$i])).' '.$db->string_escape($_GET['iSortDir_'.$i]).'';
}
}
$searchFor='';
if ($_GET['sSearch']!=''){
$searchFor.='WHERE ';
foreach ($searchColumns AS $Count=>$columnToSearch) {
$addOr='';
if($Count!=0) $addOr.=' OR ';
$searchFor.=$addOr.$columnToSearch.' LIKE "%'.$db->string_escape($_GET['sSearch']).'%"';
}
}
$searchQuery='SELECT SQL_CALC_FOUND_ROWS * FROM stocks '.$searchFor.' '.$searchOrder.' '.$searchLimit.'';
$rResult=$db->rq($searchQuery);
$query='SELECT FOUND_ROWS() AS frows';
$res=$db->rq($query);
$row=$db->fetch($res);
$iFilteredTotal=$row['frows'];
$query='SELECT COUNT(stocks_id) AS total_stocks FROM stocks';
$res=$db->rq($query);
$row=$db->fetch($res);
$iTotal=$row['total_stocks'];
$sOutput='{';
$sOutput.='"sEcho": '.$_GET['sEcho'].', ';
$sOutput.='"iTotalRecords": '.$iTotal.', ';
$sOutput.='"iTotalDisplayRecords": '.$iFilteredTotal.', ';
exit();
}
}
break;
case 'delete_sell' :
if ($_SESSION['admin']['is_logged']==1){
$exp="/[^a-zA-Z0-9]/i";
$check=preg_match($exp, $_GET['sellid']);
if (($check+0)==1||$_GET['sellid']==''){
header('Location: strades.php');
exit();
}
$db=new DBConnection();
$query='SELECT * FROM stock_trades WHERE trade_ref="'.($_GET['sellid']+0).'"';
$res=$db->rq($query);
$row=$db->fetch($res);
$query2='SELECT * FROM trades_related WHERE trade_ref="'.($_GET['sellid']+0).'"';
$res2=$db->rq($query2);
$row2=$db->fetch($res2);
$query3='UPDATE stock_trades SET trade_shares_left=(trade_shares_left+'.($row['trade_shares']+0).')
WHERE trade_ref="'.$row2['trade_ref_relatedto'].'"';
$db->rq($query3);
$checkPositions=$db->getRow('stock_trades','trade_ref="'.$row2['trade_ref_relatedto'].'"','trade_shares_left');
if($checkPositions['trade_shares_left']>0) {
$query4='UPDATE stock_trades SET trade_status=1 WHERE trade_ref="'.$row2['trade_ref_relatedto'].'"';
$db->rq($query4);
}
public function resetPasswordAnswer()
{
$db = new DBConnection();
$return = array();
$query = 'SELECT * FROM users WHERE user_email="' . $db->string_escape($_POST['rform_email']) . '" LIMIT 1';
$res = $db->rq($query);
$row = $db->fetch($res);
if (!isset($row['user_secret_answer'])) {
$return['error'] = getLang('reset_noansw');
} else {
if (strtolower(trim($_POST['rform_answer'])) == strtolower(trim($row['user_secret_answer']))) {
$pattern = '/^[\\_]*([a-z0-9]+(\\.|\\_*)?)+@([a-z][a-z0-9\\-]+(\\.|\\-*\\.))+[a-z]{2,6}$/i';
$check = preg_match($pattern, $_POST['rform_email']);
if ($check == 0) {
$return['error'] = getLang('reset_invalid_email');
} else {
$db = new DBConnection();
$query = 'SELECT u.*, ua1.advisor_names as user_advisor1, ua2.advisor_names as user_advisor2 FROM users u
left join users_advisors ua1 on u.user_advisor1 = ua1.users_advisors_id
left join users_advisors ua2 on u.user_advisor2 = ua2.users_advisors_id
WHERE u.user_email="' . $_POST['rform_email'] . '" LIMIT 1';
$res = $db->rq($query);
$num_rows = $db->num_rows($res);
if ($num_rows > 0) {
$row = $db->fetch($res);
addLog('Front-end', 'Login', '' . $row['user_firstname'] . ' ' . $row['user_lastname'] . ' (' . $row['user_account_num'] . ')', 0, 'Password reset request.');
/*$possible = '0123456789abcdfghjklmnopqrstuvwxyzABCDFGHJKLMNOPQRSTUVWXYZ';
$newpass = '';
$i = 0;
for($i=0;$i<8;$i++) {
$newpass.= substr($possible, mt_rand(0, strlen($possible)-1), 1);
}
$query2='UPDATE users SET user_password="******", user_passisset=0 WHERE users_id='.($row['users_id']+0).'';
$db->rq($query2);
*/
$query3 = 'SELECT * FROM mail_templates mt LEFT JOIN global_settings gs ON mt.mail_templates_id=gs.variable_value WHERE variable="Forgot password"';
$res3 = $db->rq($query3);
$num_rows3 = $db->num_rows($res3);
if ($num_rows3 > 0) {
$row3 = $db->fetch($res3);
$query4 = 'SELECT * FROM global_settings WHERE section="mail_settings"';
$res4 = $db->rq($query4);
while (($row4 = $db->fetch($res4)) != FALSE) {
if ($row4['variable'] == 'mail_mandrill_host' && $row4['variable_value'] != '') {
$smtp_host = $row4['variable_value'];
}
if ($row4['variable'] == 'mail_mandrill_port' && $row4['variable_value'] != '') {
$smtp_port = $row4['variable_value'];
}
if ($row4['variable'] == 'mail_mandrill_user' && $row4['variable_value'] != '') {
$smtp_user = $row4['variable_value'];
}
if ($row4['variable'] == 'mail_mandrill_password' && $row4['variable_value'] != '') {
$smtp_password = $row4['variable_value'];
}
}
include 'nomad_mimemail.inc.php';
$mimemail = new nomad_mimemail();
$mimemail->set_charset("UTF-8");
if ($row3['mail_from'] != '') {
$mimemail->set_from($row3['mail_from_mail'], $row3['mail_from']);
$mimemail->set_reply_to($row3['mail_from_mail'], $row3['mail_from']);
} else {
$mimemail->set_from($row3['mail_from_mail']);
$mimemail->set_reply_to($row3['mail_from_mail']);
}
$search_for = array('{user_first_name}', '{user_last_name}', '{user_username}', '{user_password}', '{user_password_org}', '{user_account_num}', '{user_account_name}', '{user_admin_ref}', '{user_phone}', '{user_email}', '{user_mailing_address}', '{user_city}', '{user_state}', '{user_postal}', '{user_country}', '{user_advisor1}', '{user_advisor2}', '{user_app_date}');
$replace_with = array($row['user_firstname'], $row['user_lastname'], $row['user_username'], $row['user_password'], $row['user_password'], $row['user_account_num'], $row['user_account_name'], $row['user_ref'], $row['user_phone'], $row['user_email'], $row['user_mailing_address'], $row['user_city'], $row['user_state'], $row['user_postal'], $row['user_country'], $row['user_advisor1'], $row['user_advisor2'], $row['user_app_date']);
$row3['mail_html'] = str_replace($search_for, $replace_with, $row3['mail_html']);
$row3['mail_plain'] = str_replace($search_for, $replace_with, $row3['mail_plain']);
$t_search_for = array('{thanks}');
$t_replace_with_html = array(getLang('mails_thanks_html'));
$t_replace_with_plain = array(getLang('mails_thanks_plain'));
$row3['mail_html'] = str_replace($t_search_for, $t_replace_with_html, $row3['mail_html']);
$row3['mail_plain'] = str_replace($t_search_for, $t_replace_with_plain, $row3['mail_plain']);
$mimemail->set_subject($row3['mail_subject']);
$mimemail->set_html($row3['mail_html']);
$mimemail->set_text($row3['mail_plain']);
$mimemail->set_to($_POST['rform_email'], '' . $row['user_firstname'] . ' ' . $row['user_lastname'] . '');
if ($row3['mail_bcc']) {
$mimemail->set_bcc($row3['mail_bcc']);
}
$mimemail->set_smtp_host($smtp_host, $smtp_port);
$mimemail->set_smtp_auth($smtp_user, $smtp_password);
$mimemail->send();
}
$db->close();
$return['success'] = getLang('rform_newpass');
} else {
$return['error'] = getLang('reset_noemail');
}
}
} else {
$return['error'] = getLang('reset_wrong');
}
}
if (isset($return['error'])) {
$return['error'] = strip_tags($return['error']);
}
echo json_encode($return);
}
<?php
require '../vendor/autoload.php';
require_once '../classes/db.class.php';
require_once '../classes/simplehtmldom/simple_html_dom.php';
require_once '../includes/timefix.php';
include '../includes/nomad_mimemail.inc.php';
set_time_limit(900);
$db = new DBConnection();
$today = date('Y-m-d', CUSTOMTIME);
$detRef = hexdec(substr(uniqid(''), 0, 10)) - 81208208208.0;
$query = $db->rq("SELECT stocks_symbol, stocks_id FROM stocks ORDER BY stocks_symbol ASC");
while ($row = $db->fetch($query)) {
$subq = $db->rq("SELECT value FROM stock_details WHERE stocks_id='" . $row['stocks_id'] . "' and date!='" . $today . "' ORDER BY date DESC LIMIT 1");
$subrow = $db->fetch($subq);
$past_price = $subrow['value'];
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://www.marketwatch.com/investing/stock/' . $row['stocks_symbol'] . '/');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
$str = curl_exec($curl);
curl_close($curl);
$html = str_get_html($str);
$pricewrap = $html->find('div.pricewrap');
if ($pricewrap) {
$current_price = $pricewrap[0]->find('p[class="data bgLast"]');
$curprice = $current_price[0]->innertext;
if ($past_price) {
$change = ($curprice - $past_price) / $past_price * 100;
$change = round($change, 2);
} else {
<?php
require_once 'common.php';
check_logged_in();
if (isset($_SESSION['user']) && $_SESSION['user']['is_logged'] == 1) {
$PageTitle = getLang('ptitle_logged');
} else {
$PageTitle = getLang('ptitle_notlogged');
}
$db = new DBConnection();
$query = 'SELECT user_firstname, trading_type,user_lastname,user_account_num FROM users WHERE user_account_num="' . $_SESSION['user']['user_account_num'] . '" LIMIT 1';
$res = $db->rq($query);
$username = $db->fetch($res);
$userProfile = '';
//---------------------------------------------
$total_trading = 0;
$total_trading2 = 0;
$total_total_fees = 0;
$total_purchase = 0;
$total_sales = 0;
$total_fees = 0;
$query = 'SELECT SUM(trade_value) AS total_purchase FROM trades WHERE trade_type=1 AND trade_status IN (1,4) AND user_account_num="' . $_SESSION['user']['user_account_num'] . '"';
$res = $db->rq($query);
$row = $db->fetch($res);
$total_trading -= $row['total_purchase'];
$total_trading2 -= $row['total_purchase'];
$total_purchase += $row['total_purchase'];
$query = 'SELECT SUM(trade_value) AS total_purchase FROM stock_trades WHERE trade_type=1 AND trade_status IN (1,4) AND user_account_num="' . $_SESSION['user']['user_account_num'] . '"';
$res = $db->rq($query);
$row = $db->fetch($res);
$total_trading -= $row['total_purchase'];
function page_header($showbuttons=1){
if (array_get($_SESSION['admin'], 'is_logged') == 1) {
$PageTitle = getLang('atitle_logged');
} else {
$PageTitle = getLang('atitle_notlogged');
}
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>'.$PageTitle.'</title>
<meta http-equiv="content-type" content="application/xhtml+xml; charset=UTF-8" />
<meta name="robots" content="NOINDEX,NOFOLLOW" />
<meta http-equiv="X-UA-Compatible" content="IE=8" />
<meta http-equiv="content-language" content="en" />
<meta name="language" content="en" />';
if(array_get($_SESSION['admin'], 'is_logged') == true) {
echo '
<link href="../themes/smoothness/jquery-ui-1.7.2.custom.css" media="all" rel="stylesheet" type="text/css" />
<link href="../css/validationEngine.jquery.css" media="all" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="../js/jquery-ui-1.7.2.custom.min.js"></script>
<script type="text/javascript" src="../js/underscore-min.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript">
var AJAX_URL = "' . $_SERVER['REQUEST_URI'] . '";
jQuery(document).ready(function($){
var $tabs = $("#tabs").tabs({
select: function(event, ui){
var url = $.data(ui.tab, "load.tabs");
var tabid = ui.panel.id;
if(url) {
location.href = url;
return false;
}
return true;
}
});
$("#tabs").tabs("select", '.($_SESSION['admin']['selected_tab']+0).');
$("div.TabsHolder").show();
$("#Tab0, #Tab1, #Tab2, #Tab3, #Tab5, #Tab6, #Tab7, #Tab10").click(function() {
location.href = $(this).attr("rel");
return false;
});
$("#expiry_date, #trade_date, #tr_date, #user_app_date, #date_value").datepicker({
changeMonth: true,
changeYear: true,
dateFormat: "yy-mm-dd"
});
});
</script>';
}
echo '
<link href="css/styles.css" media="screen" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="css/font-awesome/css/font-awesome.min.css">
</head>
<body>
<div class="wrapper">';
if(array_get($_SESSION['admin'], 'is_logged') == true) {
$mailsToSend='';
$db=new DBConnection();
if($showbuttons==1) {
$query='SELECT COUNT(*) AS total_mails FROM mail_queue WHERE is_sent=0';
$res=$db->rq($query);
$row=$db->fetch($res);
if($row['total_mails']>0){
$mailsToSend=' ('.$row['total_mails'].')';
}
$usersActive='';
$usersPending='';
$usersDisabled='';
$usersTrades0='';
$usersTrades1='';
$usersTrades2='';
$query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=1';
$res=$db->rq($query);
$row=$db->fetch($res);
if($row['total_num']>0){
$usersActive=' ('.$row['total_num'].')';
}
$query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=2';
$res=$db->rq($query);
$row=$db->fetch($res);
if($row['total_num']>0){
$usersPending=' ('.$row['total_num'].')';
}
$query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=3';
$res=$db->rq($query);
$row=$db->fetch($res);
if($row['total_num']>0){
$usersDisabled=' ('.$row['total_num'].')';
}
$query='SELECT COUNT(trades_id) AS total_num FROM users
LEFT JOIN trades ON users.user_account_num=trades.user_account_num
GROUP BY users.user_account_num
HAVING total_num>=2';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0){
$usersTrades2=' ('.$num_rows.')';
}
$query='SELECT COUNT(trades_id) AS total_num FROM users
LEFT JOIN trades ON users.user_account_num=trades.user_account_num
GROUP BY users.user_account_num
HAVING total_num=1';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0){
$usersTrades1=' ('.$num_rows.')';
}
$query='SELECT COUNT(trades_id) AS total_num FROM users
LEFT JOIN trades ON users.user_account_num=trades.user_account_num
GROUP BY users.user_account_num
HAVING total_num=0';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
if($num_rows>0){
$usersTrades0=' ('.$num_rows.')';
}
$adminType = array_get($_SESSION['admin'], 'type');
echo '
<div class="TabsHolder">
<div id="tabs">
<ul>
<li><a href="#TC-10" id="Tab0" rel="users.php?view=active">Accounts</a></li>
<li><a href="#TC-50" id="Tab1" rel="trades.php">Option Trades</a></li>
<li><a href="#TC-60" id="Tab2" rel="strades.php">Stock Trades</a></li>
<li><a href="#TC-70" id="Tab3" rel="transfers.php">Transfers</a></li>
<li><a href="#TC-65" id="Tab7" rel="stocks.php">Stock Management</a></li>
<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-80" id="Tab4">Back-end Settings</a></li>
<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-81" id="Tab8">Front-end Settings</a></li>
<li><a href="#TC-85" id="Tab5" rel="users_advisors.php">Advisors</a></li>
<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-90" id="Tab6" rel="users_admins.php">Backend users</a></li>
<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-92" id="Tab9">Mails</a></li>
<li><a href="#TC-93" id="Tab10" rel="logs_show.php">Logs</a></li>
<li><a href="index.php?logout=true">Sign out</a></li>
</ul>
<div id="TC-10">
<a href="users.php">List all</a> |
<a href="users.php?action=new">Add new</a> |
<a href="users.php?view=active">Active'.$usersActive.'</a> |
<a href="users.php?view=disabled">Disabled'.$usersPending.'</a> |
<a href="users.php?view=pending">Pending'.$usersDisabled.'</a> |
<a href="users.php?view=trades2">2+ trades'.$usersTrades2.'</a> |
<a href="users.php?view=trades1">1 trade'.$usersTrades1.'</a> |
<a href="users.php?view=trades0">0 trades'.$usersTrades0.'</a>
</div>
<div id="TC-50">
<a href="trades.php?action=new_buy">New BUY order</a> |
<a href="trades.php?action=list_open">New SELL order</a> |
<a href="trades.php">View all orders</a>
</div>
<div id="TC-60">
<a href="strades.php?action=new_buy">New BUY order</a> |
<a href="strades.php?action=list_open">New SELL order</a> |
<a href="strades.php?action=new_short">New SHORT order</a> |
<a href="strades.php?action=new_cover">New COVER order</a> |
<a href="strades.php">View all orders</a>
</div>
<div id="TC-65">
<a href="stocks.php?action=new_value">Add New Values</a> |
<a href="stocks.php?action=list_dates">Edit Values</a> |
<a href="stocks_edit.php">Edit All Values</a> |
<a href="stocks.php?action=new_stock">Add New Stock</a> |
<a href="stocks.php">List all stocks</a> |
<a href="stocks.php?action=force_update">Force Update Values</a>
</div>
<div id="TC-70">
<a href="transfers.php?action=new_deposit">Add new Deposit</a> |
<a href="transfers.php?action=new_withdraw">Add new Withdraw</a> |
<a href="transfers.php">View all transfers</a>
</div>
<div id="TC-85">
<a href="users_advisors.php">List all</a> |
<a href="users_advisors.php?action=new">Add new</a>
</div>
<div id="TC-93">
<a href="logs_show.php">Overview</a>
</div>';
if ($adminType == 'owner') {
echo '
<div id="TC-80">
<a href="settings_css.php">CSS Styles</a> |
<a href="settings_translations.php">Translations</a> |
<a href="commodities.php">Commodities</a> |
<a href="commodities_groups.php">Commodities - groups</a> |
<a href="expiry_dates.php">Commodities - exp. dates</a> |
<a href="settings_pdf.php">PDF Settings</a> |
<a href="pdf_templates.php">PDF Templates</a>
</div>
<div id="TC-81">
<a href="settings_header_front.php">Custom Header</a> |
<a href="settings_footer_front.php">Custom Footer</a> |
<a href="settings_css_front.php">CSS Styles</a> |
<a href="settings_translations_front.php">Translations</a> |
<a href="settings_deposit_text.php">Deposit\'s Text</a> |
<a href="settings_other.php">Other settings</a>
</div>
<div id="TC-90">
<a href="users_admins.php">List all</a> |
<a href="users_admins.php?action=new">Add new</a>
</div>
<div id="TC-92">
<a href="mails_smtp_settings.php">Mail Settings</a> |
<a href="mails_templates.php">Templates</a> |
<a href="mails_assigns.php">Mail Assigns</a> |
<a href="mails_mass.php">Mass mail</a> |
<a href="mails_outbox.php">Outbox Queue'.$mailsToSend.'</a>
</div>
';
}
echo '
</div>
</div>';
}
echo '
<div class="MainContainer">';
}else{
$db=new DBConnection();
$UserIP=GetHostByName($_SERVER["REMOTE_ADDR"]);
$query='SELECT banned_ips_id FROM banned_ips WHERE banned_ip="'.$UserIP.'" LIMIT 1';
$res=$db->rq($query);
$num_rows=$db->num_rows($res);
$db->close();
if($num_rows>0) {
echo '<div class="LoginContainer"><h3>'.getLang('lform_publicbanmessage').'</h3></div>';
}else{
echo '
<div class="LoginContainer">
<h3>'.getLang('aform_title').'</h3>
'.((array_get($_GET, 'error') == 1)?'<div class="errorsHolder">Invalid username or password</div>':'').'
<form name="login_form" method="post">
<div style="float:left;">
<div class="labels">'.getLang('lform_username').':</div><br />
<div class="labels">'.getLang('lform_password').':</div>
</div>
<div style="float:left;">
<input type="text" name="l_username" class="tinputs"><br />
<input type="password" name="l_password" class="tinputs">
</div>
<input type="hidden" id="nonce" name="nonce" value="'. ulNonce::Create('login') .'" />
<br />
<input type="submit" name="_login" class="submitBtn" value="'.getLang('lform_submitbtn').'">
</form>';
}
}
}
