$DB = new conn();
$DB->connect();
// Get Contact Types
$sql = "select * from contact_types";
$result = $DB->query($sql);
$types = array();
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
$types[] = $row;
}
}
$firephp->log($types);
// Form Vars
if ($_REQUEST) {
if (isset($_REQUEST["Action"])) {
$action = $DB->sanitize($_REQUEST["Action"]);
$firephp->log($action);
if ($action == "addNew") {
$firstname = $DB->sanitize($_REQUEST["FirstName"]);
$lastname = $DB->sanitize($_REQUEST["LastName"]);
$displayname = $firstname . " " . $lastname;
$email = $DB->sanitize($_REQUEST["Email"]);
$address = $DB->sanitize($_REQUEST["Address"]);
$address2 = $DB->sanitize($_REQUEST["Address2"]);
$city = $DB->sanitize($_REQUEST["City"]);
$state = $DB->sanitize($_REQUEST["State"]);
$zipcode = $DB->sanitize($_REQUEST["ZipCode"]);
$country = $DB->sanitize($_REQUEST["Country"]);
$phone = $DB->sanitize($_REQUEST["Phone"]);
$phonedetails = $DB->sanitize($_REQUEST["PhoneDetails"]);
$notes = $DB->sanitize($_REQUEST["Notes"]);
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditStorage")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
$description = $DB->sanitize($_REQUEST["Description"]);
$sql = "INSERT INTO storagelocations (storagelocation_name, description ) VALUES ('" . $StorageLocationName . "', '" . $description . "')";
$DB->execute_nonquery($sql);
$DB->addHistory('storagelocations', $_SESSION["user_id"], "insert", "");
header("Location: ManageStorage.php");
}
}
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
<div id="bullets">
<div class="navHeaderdiv"><h1>Locations</h1></div>
<div class="navBulletBorderTop"></div>
<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Location</a></div>
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Get Parameters
if (!$_REQUEST["startDate"] || !$_REQUEST["endDate"]) {
header("Location: /{$ROOTPATH}/reports");
}
$params["endDate"] = date("Y/m/d", strtotime($DB->sanitize($_REQUEST["endDate"])));
$params["startDate"] = date("Y/m/d", strtotime($DB->sanitize($_REQUEST["startDate"])));
//$params["user_id"] = $DB->sanitize($_REQUEST["user_id"]);
// End Parameters
// Get all Reports in range
$sql = "SELECT * from orders join contacts on orders.contact_id = contacts.contact_id where order_status_id = 5 AND DateCompleted >= '" . $params["startDate"] . "' AND DateCompleted <= '" . $params["endDate"] . "' ORDER BY order_id";
$result = $DB->query($sql);
if (!$result) {
$DB->close();
echo "No Sales Found in that Date Range";
exit;
}
$orders = array();
while ($orderRow = mysql_fetch_assoc($result)) {
$orders[$orderRow["order_id"]] = $orderRow;
}
// Get All Users
$sql = "select * from users join teams on users.team_id = teams.team_id";
$result = $DB->query($sql);
$users = array();
while ($userRow = mysql_fetch_assoc($result)) {
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
// Get Parameters
$today = date("Y/m/01", strtotime("-1 month", strtotime(date("m/d/Y"))));
//$startDate = date("Y-m-01", strtotime("today", strtotime(date("Y-m-d"))));
$startDate = date("m/01/Y", strtotime("-1 months", strtotime(date("m/d/Y"))));
$endDate = date("m/01/Y", strtotime("+1 month", strtotime("today")));
$DB = new conn();
$DB->connect();
if (isset($_REQUEST["startDate"])) {
$startDate = $DB->sanitize($_REQUEST["startDate"]);
}
if (isset($_REQUEST["endDate"])) {
$endDate = $DB->sanitize($_REQUEST["endDate"]);
}
if (isset($_REQUEST["productType"])) {
$prodType = $DB->sanitize($_REQUEST["productType"]);
if ($prodType == "Kirbys") {
$ProductHeader = "(Kirbys)";
$sqlProductType = "Product";
} else {
if ($prodType == "Accessories") {
$sqlProductType = "Accessory";
$ProductHeader = "(Accessories)";
} else {
$sqlProductType == "%";
$ProductHeader = "(All)";
}
}
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>
<?php
$DB = new conn();
$DB->connect();
if ($_REQUEST) {
if (isset($_REQUEST["order_id"])) {
$id = $DB->sanitize($_REQUEST["order_id"]);
$sql = "SELECT * FROM orders WHERE order_id = '" . $id . "'";
$firephp->log($sql);
$result = $DB->query($sql);
$firephp->log($result);
if ($result) {
$order = mysql_fetch_assoc($result);
$firephp->log($order);
}
}
}
$F = new FormElements();
?>
<div style="display: none">
<?php
echo $F->ddlDealerRoles(false, "baseDealers");
?>
</div>
$CompanyName = "";
$Address = "";
$City = "";
$State = "";
$ZipCode = "";
$ContactName = "";
$Phone = "";
$Extension = "";
$Email = "";
$Reserve = "0";
$LoanOptions = "";
$Action = "addNew";
// Form Vars
if ($_REQUEST) {
if (isset($_REQUEST["id"])) {
$id = $DB->sanitize($_REQUEST["id"]);
$sql = "SELECT * FROM finance_options WHERE id = '" . $id . "'";
$result = $DB->query($sql);
if ($result) {
$financeDetails = mysql_fetch_assoc($result);
$CompanyName = $financeDetails["CompanyName"];
$Address = $financeDetails["Address"];
$City = $financeDetails["City"];
$State = $financeDetails["State"];
$ZipCode = $financeDetails["ZipCode"];
$ContactName = $financeDetails["ContactName"];
$Phone = $financeDetails["Phone"];
$Extension = $financeDetails["Extension"];
$Email = $financeDetails["Email"];
$Reserve = $financeDetails["Reserve"];
$LoanOptions = $financeDetails["LoanOptions"];
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$F = new FormElements();
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_POST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$ProductId = $DB->sanitize($_REQUEST["ProductId"]);
$LocationId = $DB->sanitize($_REQUEST["LocationId"]);
$Invoice = $DB->sanitize($_REQUEST["Invoice"]);
$DateReceived = $DB->sanitize($_REQUEST["receivedDate"]);
$serials = array();
foreach ($_REQUEST as $key => $value) {
$pos = strpos($key, "Serial");
if ($pos !== false) {
$serials[] = $DB->sanitize($value);
}
}
foreach ($serials as $serial) {
$sql = "INSERT INTO inventory (product_id, storagelocation_id, invoice, serial, status, status_data, AddedBy, DateReceived) VALUES (" . $ProductId . ", " . $LocationId . ", '" . $Invoice . "', '" . $serial . "', '1', " . $LocationId . ", " . $_SESSION["user_id"] . ", STR_TO_DATE('" . $DateReceived . "', '%m/%d/%Y') )";
$newId = $DB->insert($sql);
$sql = "SELECT storagelocation_name from storagelocations where storagelocation_id = " . $LocationId;
$locText = $DB->query_scalar($sql);
$statusdate = date("m/d/y");
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Get Parameters
if (!$_REQUEST["user_id"]) {
header("Location: /{$ROOTPATH}/reports");
}
$params["user_id"] = $DB->sanitize($_REQUEST["user_id"]);
// End Parameters
// Get All Checked Out Inventory
$sql = "SELECT * FROM `inventory` join products on inventory.product_id = products.product_id WHERE inventory.status = 2 and status_data = " . $params["user_id"];
$result = $DB->query($sql);
if (!$result) {
$DB->close();
echo "No Inventory checked out to that user.";
exit;
}
$inventory = array();
while ($invRow = mysql_fetch_assoc($result)) {
$inventory[$invRow["inventory_id"]] = $invRow;
}
// Get All Users
$users = getUserHash($DB);
$productHash = getProductHash($DB);
$user_id = $params["user_id"];
echo $users[0]["user_id"];
$firephp->log($users);
$firephp->log($inventory);
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
$sql = "INSERT INTO StorageLocations (storagelocation_name) VALUES ('" . $StorageLocationName . "')";
$DB->execute_nonquery($sql);
header("Location: ManageStorage.php");
}
}
}
$DB->close();
?>
<form name="theForm" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<ul class="form">
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Get Parameters
$order_id = $DB->sanitize($_REQUEST["OrderID"]);
// End Parameters
// Construct Query
$sql = "SELECT * from orders";
$sql .= " join contacts on orders.contact_id = contacts.contact_id";
$sql .= " join order_status on orders.order_status_id = order_status.order_status_id";
$sql .= " where order_id = " . $order_id;
$result = mysql_query($sql);
$row = "";
if ($result) {
$row = mysql_fetch_assoc($result);
// Just 1
}
$firephp->log($row);
$roles = json_decode($row["dealerArray"], true);
$products = json_decode($row["ProductsArray"], true);
$products = $products["products"];
$accessories = json_decode($row["AccessoriesArray"], true);
$accessories = $accessories["products"];
$commissions = json_decode($row["CommStructure"], true);
$commissions = $commissions["elements"];
$payments = json_decode($row["PaymentArray"], true);
$payments = $payments["paymentMethods"];
// Get Users
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
$row["sql"] = $sql;
$retArray[] = $row;
$output = $retArray;
}
$DB->close();
}
if ($id == "addTemplateToDatabase") {
if (!UserMay("Admin_EditComm")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
if (isset($_REQUEST["maximum"])) {
$max = $DB->sanitize($_REQUEST["maximum"]);
} else {
$max = 9999999;
}
if (isset($_REQUEST["minimum"])) {
$min = $DB->sanitize($_REQUEST["minimum"]);
} else {
$success = "failure";
return false;
}
if (isset($_REQUEST["templateName"])) {
$name = $DB->sanitize($_REQUEST["templateName"]);
} else {
$success = "failure";
return false;
}
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/class_inc.php";
$DB = new conn();
$DB->connect();
$sql = "select data from reports where id = " . $DB->sanitize($_REQUEST["report_id"]);
$result = $DB->query_scalar($sql);
$time = time();
$css = "<link rel=\"StyleSheet\" href=\"" . $FQDN . "/" . $ROOTPATH . "/CSS/main.css.php?" . $time . "/>";
// Get Querystring params
$output = $DB->sanitize($_REQUEST["output"]);
$footer = $DB->sanitize($_REQUEST["footer"]);
$orient = $DB->sanitize($_REQUEST["orient"]);
$result = str_replace("<HTML><HEAD></HEAD>", "<HTML><HEAD>" . $css . "</HEAD>", $result);
require_once "wk.php";
$pdf = new WKPDF();
$pdf->set_html($result);
if ($footer) {
$pdf->set_footer("Page [page] of [toPage]");
}
if ($orient) {
$pdf->set_orientation($orient);
}
$pdf->render();
if ($output) {
if ($output == "pdf") {
}
$pdf->output(WKPDF::$PDF_DOWNLOAD, 'sample.pdf');
} else {
$pdf->output(WKPDF::$PDF_EMBEDDED, 'sample.pdf');
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>
<?php
if (!isset($_REQUEST["product_id"])) {
echo "Product ID not specified";
} else {
$DB = new conn();
$DB->connect();
$product_id = $DB->sanitize($_REQUEST["product_id"]);
if (!is_numeric($product_id)) {
die("Invalid Product_ID");
}
// Make sure product_id is a number
// Actions
if (isset($_REQUEST["Action"])) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "Delete") {
// ALL FORM INPUTS MUST BE SANITIZED
$ProductID = $DB->sanitize($_REQUEST["hProduct_ID"]);
$AccessoryID = $DB->sanitize($_REQUEST["hAccessory_ID"]);
$sql = "DELETE from relproducts_accessories WHERE Product_ID = " . $ProductID . " AND Accessory_ID = " . $AccessoryID;
$DB->execute_nonquery($sql);
//header("Location: ManageProducts.php");
}
if ($action == "add") {
// ALL FORM INPUTS MUST BE SANITIZED
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditTeams")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$TeamName = $DB->sanitize($_REQUEST["tbTeamName"]);
$TeamLeader = $DB->sanitize($_REQUEST["ddlTeamLeader"]);
$sql = "INSERT INTO teams (team_name, team_leader) VALUES ('" . $TeamName . "', " . $TeamLeader . ")";
$DB->execute_nonquery($sql);
$DB->addHistory('teams', $_SESSION["user_id"], "insert", "");
header("Location: ManageTeams.php");
}
}
}
$users = $DB->getUsers();
$DB->close();
?>
<div class="navMenu" id="navMenu">
<div id="bullets">
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>
<?php
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$ProductType = $DB->sanitize($_REQUEST["ProductType"]);
$ProductName = $DB->sanitize($_REQUEST["ProductName"]);
$ProductModel = $DB->sanitize($_REQUEST["ProductModel"]);
$ProductDescription = $DB->sanitize($_REQUEST["ProductDescription"]);
$sql = "INSERT INTO PRODUCTS (product_type, product_name, product_model, product_description) VALUES ('" . $ProductType . "', '" . $ProductName . "', '" . $ProductModel . "', '" . $ProductDescription . "')";
$DB->execute_nonquery($sql);
header("Location: ManageProducts.php");
}
}
}
$DB->close();
?>
<form name="theForm" method="post" action="<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditUsers")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
$UsernameDisabled = 0;
$user_id = "";
$dummytext = "";
// Form Vars
$Action = "addNew";
if ($_REQUEST) {
$firephp->log($_REQUEST);
if (isset($_REQUEST["id"])) {
$user_id = $DB->sanitize($_REQUEST["id"]);
$sql = "SELECT * FROM users WHERE user_id = '" . $user_id . "'";
$result = $DB->query($sql);
if ($result) {
$user = mysql_fetch_assoc($result);
$firephp->log($user);
$UsernameDisabled = 1;
$dummytext = "dummytext";
}
$Action = "update";
}
if (isset($_REQUEST["user_id"])) {
$Action = "update";
$user_id = $DB->sanitize($_REQUEST["user_id"]);
}
if (isset($_REQUEST["Action"])) {
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>
<?php
if ($_REQUEST) {
if (isset($_REQUEST["Action"])) {
if ($_REQUEST["Action"] == "insertCustomer") {
$DB = new conn();
$DB->connect();
$firstname = $DB->sanitize($_REQUEST["FirstName"]);
$lastname = $DB->sanitize($_REQUEST["LastName"]);
$displayname = $firstname . " " . $lastname;
$email = $DB->sanitize($_REQUEST["Email"]);
$address = $DB->sanitize($_REQUEST["Address"]);
$city = $DB->sanitize($_REQUEST["City"]);
$state = $DB->sanitize($_REQUEST["State"]);
$zipcode = $DB->sanitize($_REQUEST["ZipCode"]);
$country = $DB->sanitize($_REQUEST["Country"]);
$phone = $DB->sanitize($_REQUEST["Phone"]);
$phonedetails = $DB->sanitize($_REQUEST["PhoneDetails"]);
$notes = $DB->sanitize($_REQUEST["Notes"]);
$contacttype = $DB->sanitize($_REQUEST["ContactType"]);
$county = $DB->sanitize($_REQUEST["County"]);
$newCustomer = $DB->addContact($firstname, $lastname, $displayname, $email, $address, $city, $state, $zipcode, $country, $phone, $phonedetails, $notes, $contacttype, $county);
}
}
}
?>
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>
<?php
if ($_REQUEST) {
if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
// ALL FORM VARS MUST BE VALIDATED
$DB = new conn();
$DB->connect();
$username = $DB->sanitize($_REQUEST["username"]);
$password = $DB->sanitize($_REQUEST["password"]);
$url = "/{$ROOTPATH}/index.php";
if (isset($_REQUEST["ReturnUrl"])) {
$url = $DB->sanitize($_REQUEST["ReturnUrl"]);
}
$DB->close();
if ($DB->validateUser($username, md5($password))) {
$sql = "select users.*, permission_roles.permission, permission_roles.roleid from users join permission_roles on users.permission_role = permission_roles.id where username = '******' and user_password = '******'";
$DB->connect();
$result = $DB->query($sql);
$userInfo = mysql_fetch_assoc($result);
$firstname = $userInfo["FirstName"];
$lastname = $userInfo["LastName"];
$user_id = $userInfo["user_id"];
$permLevel = $userInfo["permission"];
$roleid = $userInfo["roleid"];
$_SESSION["username"] = $username;
