<?php
session_start();
date_default_timezone_set('EST');
include 'framework.php';
$fw = new framework();
$status = $fw->clean_input($_POST['status']);
$scale_id = $fw->clean_input($_POST['scale_id']);
$fullname = $_SESSION['val_fullname'];
$username = $_SESSION['val_username'];
#echo $status . "<br>";
#echo $scale_id . "<br>";
#echo $fullname . "<br>";
#echo $username . "<br>";
#echo $_SESSION['val_username'];
@($db = new mysqli('localhost', 'root', '', 'brechbuhler'));
if (mysqli_connect_error()) {
$errnum = mysqli_connect_errno();
echo "Error({$errnum}): Could not connect to database. Please try again later.";
exit;
}
#Check if the user is actually an admin
$query_user = "******";
#echo $query_user;
$result_user = $db->query($query_user);
if ($result_user) {
while ($row = $result_user->fetch_assoc()) {
$db_pass = $row['password'];
$db_user = $row['username'];
$db_name = $row['fullname'];
$db_email = $row['email'];
<?php
session_start();
date_default_timezone_set('EST');
if (isset($_SESSION['val_username']) && $_SESSION['val_username'] != "" && isset($_SESSION['val_digest']) && $_SESSION['val_digest'] != "") {
include 'framework.php';
$fw = new framework();
$techname = $_SESSION['val_fullname'];
$username = $_SESSION['val_username'];
$oldpass = $fw->clean_input($_POST['oldPass']);
$newpass1 = $fw->clean_input($_POST['newPass1']);
$newpass2 = $fw->clean_input($_POST['newPass2']);
$date = date('m/d/Y') . " @ " . date('h:i:s A');
@($db = new mysqli('localhost', 'root', '', 'brechbuhler'));
if (mysqli_connect_error()) {
$errnum = mysqli_connect_errno();
echo "Error({$errnum}): Could not connect to database. Please try again later.";
exit;
}
#Check if the scale still exists in the database
$query_user = "******" . $username . "'";
$result_user = $db->query($query_user);
if ($query_user) {
while ($row = $result_user->fetch_assoc()) {
$db_pass = $row['password'];
$db_name = $row['fullname'];
$db_user = $row['username'];
}
if ($db_pass == sha1($oldpass)) {
if ($db_name == $_SESSION['val_fullname'] && $db_user == $_SESSION['val_username']) {
if ($newpass1 == $newpass2 && $newpass1 != $oldpass) {
<?php
session_start();
date_default_timezone_set("America/Fort_Wayne");
include 'framework.php';
$fw = new framework();
$scale_id = $fw->clean_input($_POST['scale_id']);
$tech = $fw->clean_input($_POST['tech']);
$status = $fw->clean_input($_POST['status']);
$stage = $fw->clean_input($_POST['stage']);
$date = date('m/d/Y') . " @ " . date('h:i:s A');
$comments = $fw->clean_input($_POST['comments']);
$digest = md5($_POST['scale_id'] . $_POST['tech'] . $_POST['status'] . $_POST['stage'] . $date);
$sessionDigest = isset($_SESSION['digest']) ? $_SESSION['digest'] : '';
if ($digest != $sessionDigest) {
@($db = new mysqli('localhost', 'root', '', 'brechbuhler'));
if (mysqli_connect_error()) {
$errnum = mysqli_connect_errno();
echo "Error({$errnum}): Could not connect to database. Please try again later.";
exit;
}
#if ( $stage != "Additional Notes" ) {
# $event = "From " . $status . " to " . $stage;
#} else {
$event = $stage;
#}
$query = "insert into events values\r\n" . "('NULL', " . "'" . $date . "', " . "'" . $scale_id . "', " . "'" . $tech . "', " . "'" . $event . "', " . "'" . $comments . "'); ";
$result = $db->query($query);
if ($stage != "Added Additional Notes") {
$query_two = "update scales set status='" . $stage . "' where id='" . $scale_id . "';";
$result_two = $db->query($query_two);
<?php
session_start();
include 'framework.php';
$fw = new framework();
$type = $fw->clean_input($_POST['search_type']);
$criteria = $fw->clean_input($_POST['search_criteria']);
if ($type == "default") {
$_SESSION['search_go'] = 1;
$_SESSION['search_query'] = "select * from scales where status != 'Complete' AND status != 'Non-repairable' AND status != 'Replaced the Scale' AND status != 'Delivered'";
$_SESSION['search_criteria'] = "Based on the default search criteria <br />";
header("Location: showRepairs.php");
die;
} else {
$db = new mysqli('localhost', 'root', '', 'brechbuhler');
if (mysqli_connect_error()) {
$errnum = mysqli_connect_errno();
echo "Error({$errnum}): Could not connect to database. Please try again later.";
exit;
}
if ($type == "id" || $type == "scale_capacity") {
$query = "select * from scales where {$type} = '" . $criteria . "'";
} else {
$query = "select * from scales where {$type} like '%" . $criteria . "%'";
}
$result = $db->query($query);
$_SESSION['search_criteria'] = "\n\t\t\t<table class=\"table-striped\" style=\"max-width: 250px;\">\n\t\t\t\t<thead style=\"background-color: black; color: white;\">\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td colspan=\"2\">Based on this search criteria</td>\n\t\t\t\t\t</tr>\n\t\t\t\t</thead>\n\t\t\t\t<tbody>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>Type</td>\n\t\t\t\t\t\t<td>{$type}</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>Criteria</td>\n\t\t\t\t\t\t<td>{$criteria}</td>\n\t\t\t\t\t</tr>\n\t\t\t\t</tbody>\n\t\t\t</table>";
if ($result) {
$_SESSION['search_go'] = 1;
$_SESSION['search_query'] = $query;
//$result->free();
<?php
session_start();
date_default_timezone_set('EST');
include 'framework.php';
$fw = new framework();
$techname = $fw->clean_input($_POST['techname']);
$companyname = $fw->clean_input($_POST['companyname']);
$street = $fw->clean_input($_POST['street']);
$city = $fw->clean_input($_POST['city']);
$state = $fw->clean_input($_POST['state']);
$zipcode = $fw->clean_input($_POST['zipcode']);
$indicator_tag = $fw->clean_input($_POST['indicator_tag']);
$indicator_manu = $fw->clean_input($_POST['indicator_manu']);
$indicator_model = $fw->clean_input($_POST['indicator_model']);
$indicator_serial = $fw->clean_input($_POST['indicator_serial']);
$scale_manu = $fw->clean_input($_POST['scale_manu']);
$scale_model = $fw->clean_input($_POST['scale_model']);
$scale_serial = $fw->clean_input($_POST['scale_serial']);
$scale_capacity = $fw->clean_input($_POST['scale_capacity']);
$scale_divisions = $fw->clean_input($_POST['scale_divisions']);
$units = $fw->clean_input($_POST['units']);
$date = date('m/d/Y') . " @ " . date('h:i:s A');
$comments = $fw->clean_input($_POST['comments']);
$status = $fw->clean_input($_POST['status']);
if ($state == "NU") {
$state == "IN";
}
$digest = md5($_POST['techname'] . $_POST['companyname'] . $_POST['street'] . $_POST['city'] . $_POST['state'] . $_POST['indicator_manu'] . $_POST['indicator_model'] . $_POST['indicator_serial'] . $_POST['scale_manu'] . $_POST['scale_model'] . $_POST['scale_serial'] . $_POST['scale_capacity'] . $_POST['scale_divisions'] . date('m') . "/" . date('d') . "/" . date('Y'));
$sessionDigest = isset($_SESSION['digest']) ? $_SESSION['digest'] : '';
//echo "Digest: " . $digest . "<br />";
<?php
session_start();
date_default_timezone_set('EST');
include 'framework.php';
$fw = new framework();
$username = $fw->clean_input($_POST['username']);
$password = $fw->clean_input($_POST['password']);
@($db = new mysqli('localhost', 'root', '', 'brechbuhler'));
if (mysqli_connect_error()) {
$errnum = mysqli_connect_errno();
echo "Error({$errnum}): Could not connect to database. Please try again later.";
exit;
}
$query = "select * from users where username like '%" . $username . "%'";
$result = $db->query($query);
if ($result) {
while ($row = $result->fetch_assoc()) {
$db_id = $row['id'];
$db_username = $row['username'];
$db_pass = $row['password'];
$db_fullname = $row['fullname'];
$db_email = $row['email'];
$db_user = $row['is_user'];
$db_admin = $row['is_admin'];
$db_superadmin = $row['is_superadmin'];
}
if (sha1($password) == $db_pass) {
$digest = md5($db_id . $db_username . $db_fullname . $db_pass . $db_email . $db_user . $db_admin . $db_superadmin);
} else {
header("Location: login.php?result=1");
<?php
session_start();
date_default_timezone_set('EST');
if (isset($_SESSION['val_username']) && $_SESSION['val_username'] != "" && isset($_SESSION['val_digest']) && $_SESSION['val_digest'] != "") {
include 'framework.php';
$fw = new framework();
$techname = $_SESSION['val_fullname'];
$scale_id = $fw->clean_input($_POST['scale_id']);
$companyname = $fw->clean_input($_POST['companyname']);
$street = $fw->clean_input($_POST['street']);
$city = $fw->clean_input($_POST['city']);
$state = $fw->clean_input($_POST['state']);
$zipcode = $fw->clean_input($_POST['zipcode']);
$indicator_tag = $fw->clean_input($_POST['indicator_tag']);
$indicator_manu = $fw->clean_input($_POST['indicator_manu']);
$indicator_model = $fw->clean_input($_POST['indicator_model']);
$indicator_serial = $fw->clean_input($_POST['indicator_serial']);
$scale_manu = $fw->clean_input($_POST['scale_manu']);
$scale_model = $fw->clean_input($_POST['scale_model']);
$scale_serial = $fw->clean_input($_POST['scale_serial']);
$scale_capacity = $fw->clean_input($_POST['scale_capacity']);
$scale_divisions = $fw->clean_input($_POST['scale_divisions']);
$units = $fw->clean_input($_POST['units']);
$date = date('m/d/Y') . " @ " . date('h:i:s A');
$old = array('companyname' => $fw->clean_input($_POST['old_companyname']), 'street' => $fw->clean_input($_POST['old_street']), 'city' => $fw->clean_input($_POST['old_city']), 'state' => $fw->clean_input($_POST['old_state']), 'zipcode' => $fw->clean_input($_POST['old_zipcode']), 'indicator_tag' => $fw->clean_input($_POST['old_indicator_tag']), 'indicator_manu' => $fw->clean_input($_POST['old_indicator_manu']), 'indicator_model' => $fw->clean_input($_POST['old_indicator_model']), 'indicator_serial' => $fw->clean_input($_POST['old_indicator_serial']), 'scale_manu' => $fw->clean_input($_POST['old_scale_manu']), 'scale_model' => $fw->clean_input($_POST['old_scale_model']), 'scale_serial' => $fw->clean_input($_POST['old_scale_serial']), 'scale_capacity' => $fw->clean_input($_POST['old_scale_capacity']), 'scale_divisions' => $fw->clean_input($_POST['old_scale_divisions']));
$comments = "";
if ($old) {
if ($companyname != $old['companyname']) {
$comments .= "Changed customer name from " . $old['companyname'] . " to " . $companyname . " <br />\n";
}
