function credit_form_export_process($type, $returnpage_error, $returnpage_success) { log_debug("inc_credits_forms", "Executing credit_form_export_process({$type}, {$returnpage_error}, {$returnpage_success})"); /* Start the credit */ $credit = new credit(); $credit->type = $type; /* Fetch all form data */ // get the ID for an edit $credit->id = @security_form_input_predefined("int", "id_credit", 1, ""); // general details $data["formname"] = @security_form_input_predefined("any", "formname", 1, ""); if ($data["formname"] == "credit_export_email") { // send email $data["sender"] = @security_form_input_predefined("any", "sender", 1, ""); $data["subject"] = @security_form_input_predefined("any", "subject", 1, ""); $data["email_to"] = @security_form_input_predefined("multiple_email", "email_to", 1, ""); $data["email_cc"] = @security_form_input_predefined("multiple_email", "email_cc", 0, ""); $data["email_bcc"] = @security_form_input_predefined("multiple_email", "email_bcc", 0, ""); $data["message"] = @security_form_input_predefined("any", "email_message", 1, ""); // check if email sending is permitted if (sql_get_singlevalue("SELECT value FROM config WHERE name='EMAIL_ENABLE'") != "enabled") { log_write("error", "inc_credits_process", "Sorry, the ability to email credits has been disabled. Please contact your system administrator if you require this feature to be enabled."); } } else { // PDF download $data["credit_mark_as_sent"] = @security_form_input_predefined("any", "credit_mark_as_sent", 0, ""); } // make sure that the credit exists $sql_obj = new sql_query(); $sql_obj->string = "SELECT id FROM `account_" . $credit->type . "` WHERE id='" . $credit->id . "'"; $sql_obj->execute(); if (!$sql_obj->num_rows()) { $_SESSION["error"]["message"][] = "The credit you have attempted to edit - " . $credit->id . " - does not exist in this system."; } //// ERROR CHECKING /////////////////////// /// if there was an error, go back to the entry page if (!empty($_SESSION["error"]["message"])) { header("Location: ../../index.php?page={$returnpage_error}&id=" . $credit->id . ""); exit(0); } else { if ($data["formname"] == "credit_export_email") { /* Generate a PDF of the credit and email it to the customer */ // stripslashes from the variables - by default all input variables are quoted for security reasons but // we don't want this going through to the email. $data["subject"] = stripslashes($data["subject"]); $data["message"] = stripslashes($data["message"]); // send email $credit->load_data(); $credit->email_credit($data["sender"], $data["email_to"], $data["email_cc"], $data["email_bcc"], $data["subject"], $data["message"]); $_SESSION["notification"]["message"][] = "Email sent successfully."; } else { /* Mark credit as being sent if user requests it */ if ($data["credit_mark_as_sent"]) { $sql_obj = new sql_query(); $sql_obj->string = "UPDATE account_" . $credit->type . " SET date_sent='" . date("Y-m-d") . "', sentmethod='manual' WHERE id='" . $credit->id . "'"; $sql_obj->execute(); } /* Provide PDF to user's browser */ // generate PDF $credit->load_data(); $credit->generate_pdf(); // PDF headers if ($type == "quotes") { $filename = "/tmp/quote_" . $credit->data["code_quote"] . ".pdf"; } else { $filename = "/tmp/credit_" . $credit->data["code_credit"] . ".pdf"; } // required for IE, otherwise Content-disposition is ignored if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } header("Pragma: public"); // required header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); // required for certain browsers header("Content-Type: application/pdf"); header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\";"); header("Content-Transfer-Encoding: binary"); // output the PDF print $credit->obj_pdf->output; exit(0); } // display updated details header("Location: ../../index.php?page={$returnpage_success}&id=" . $credit->id . ""); exit(0); } // end if passed tests }
function get_credit_pdf($id, $credittype) { log_debug('invoices_manage_soap', "Executing get_creditnote_pdf({$id}, {$credittype})"); // check the credit type if ($credittype != 'ar' && $credittype != 'ap') { throw new SoapFault('Sender', 'INVALID_CREDIT_TYPE'); } if (user_permissions_get('accounts_' . $credittype . '_view')) { $obj_credit = new credit(); $obj_credit->type = $credittype; // sanitise input $obj_credit->id = @security_script_input_predefined('int', $id); if (!$obj_credit->id || $obj_credit->id == 'error') { throw new SoapFault('Sender', 'INVALID_INPUT'); } // load data from DB for this credit note if (!$obj_credit->load_data()) { throw new SoapFault('Sender', 'UNEXPECTED_ACTION_ERROR'); } // generate PDF $obj_credit->generate_pdf(); // return data return base64_encode($obj_credit->obj_pdf->output); } else { throw new SoapFault('Sender', 'ACCESS_DENIED'); } }