if (UserMay("Admin_EditTeams")) {
?>
<th style="width:40px"></th>
<?php
}
?>
<th>Team_id</th>
<th>Leader</th>
<th style="width:100px">Team Name</th>
<th>Users</th>
<th>Date Added</th>
</TR>
<TR id="filterRow" class="filterRow">
<?php
if (UserMay("Admin_EditTeams")) {
?>
<td></td>
<?php
}
?>
<td>
<input id="tbTeamIdH" Type="TEXT">
</td>
<td><Input id="tbNameH" TYPE="TEXT"></TD>
<td>
<SELECT id="ddlTeamH" style="width:100%">
<OPTION value="%">Any</OPTION>
<?php
$teams = $DB->getTeams();
?>
<th style="width:40px"></th>
<?php
}
?>
<th style="width:80px">UserName</th>
<th style="width:80px">First</th>
<th style="width:80px">Last</th>
<th style="width:70px">Team</th>
<th>Perms</th>
<th>Status</th>
</TR>
<TR id="filterRow" class="filterRow">
<?php
if (UserMay("Admin_EditUsers")) {
?>
<td></td>
<?php
}
?>
<TD>
<Input id="tbUsernameH" TYPE="TEXT">
</TD>
<td><Input id="tbFirstH" TYPE="TEXT"></TD>
<TD><INPUT id="tbLastH" TYPE="TEXT"></TD>
<td>
<SELECT id="ddlTeamH" style="width:100%">
<OPTION value="%">Any</OPTION>
<?php
$teams = $DB->getTeams();
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
$sql = "select count(*) from users where status != 'deleted'";
$usercount = $DB->query_scalar($sql, 0);
$sql = "select * from admin_history join users on admin_history.user_id = users.user_id WHERE table_name = 'users' ORDER BY datetime DESC LIMIT 1";
$result = $DB->query($sql);
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
$users_username = $row["Username"];
$users_firstname = $row["FirstName"];
$users_lastname = $row["LastName"];
$users_date = $row["datetime"];
}
}
$sql = "select count(*) from teams where status = 'Active'";
$teamcount = $DB->query_scalar($sql, 0);
$sql = "select * from admin_history join users on admin_history.user_id = users.user_id WHERE table_name = 'teams' ORDER BY datetime DESC LIMIT 1";
$result = $DB->query($sql);
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
$teams_username = $row["Username"];
$teams_firstname = $row["FirstName"];
$teams_lastname = $row["LastName"];
$teams_date = $row["datetime"];
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditStorage")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if ($_REQUEST["Action"]) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
$description = $DB->sanitize($_REQUEST["Description"]);
$sql = "INSERT INTO storagelocations (storagelocation_name, description ) VALUES ('" . $StorageLocationName . "', '" . $description . "')";
$DB->execute_nonquery($sql);
$DB->addHistory('storagelocations', $_SESSION["user_id"], "insert", "");
header("Location: ManageStorage.php");
}
}
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
<div id="bullets">
<div class="navHeaderdiv"><h1>Locations</h1></div>
<div class="navBulletBorderTop"></div>
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditProducts")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
if (isset($_REQUEST["Action"])) {
$action = $_REQUEST["Action"];
//echo $action;
if ($action == "addNew") {
// ALL FORM INPUTS MUST BE SANITIZED
$ProductType = $DB->sanitize($_REQUEST["ProductType"]);
$ProductName = $DB->sanitize($_REQUEST["ProductName"]);
$ProductModel = $DB->sanitize($_REQUEST["ProductModel"]);
$ProductDescription = $DB->sanitize($_REQUEST["ProductDescription"]);
$sql = "INSERT INTO products (product_type, product_name, product_model, product_description) VALUES ('" . $ProductType . "', '" . $ProductName . "', '" . $ProductModel . "', '" . $ProductDescription . "')";
$DB->execute_nonquery($sql);
$DB->addHistory('products', $_SESSION["user_id"], "insert", "");
header("Location: ManageProducts.php");
}
}
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
}
}
}
$row["dts"] = $dts;
#see if user can see this
if ($user["dtoffice"] == "" || $user["dtoffice"] == "_" || in_array($user["dtoffice"], $dts)) {
$retArray[] = $row;
}
}
}
$output = $retArray;
//$output = $sql;
$DB->close();
}
if ($id == "getNewInventoryTable") {
if (!UserMay("ViewInventory")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
$user = getLoggedUser($DB);
$sql = <<<SQLEND
\t\t\tselect inventory.inventory_id, inventory.product_id, inventory.invoice, inventory.dtoffice, products.product_model, products.product_name, inventory.serial, inventory.status, inventory.status_date, inventory.status_data, inventory.storagelocation_id, sl.storagelocation_name as slname, inventory_status.status_name, inventory_status.preposition, inventory.status_data_text, inventory.DateAdded, inventory.DateReceived, users.username AS AddedByName
\t\t\tfrom inventory
\t\t\tjoin products on inventory.product_id = products.product_id
\t\t\tjoin storagelocations sl on inventory.storagelocation_id = sl.storagelocation_id
\t\t\tjoin inventory_status on inventory.status = inventory_status.status_id
\t\t\tjoin users on inventory.AddedBy = users.User_ID
SQLEND;
$and = false;
if (isset($_POST["productID"])) {
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditComm")) {
AccessDenied();
}
$F = new FormElements();
?>
<div class="navMenu" id="navMenu">
<div id="bullets">
<div class="navHeaderdiv"><h1>Templates</h1></div>
<div class="navBulletBorderTop"></div>
<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Template</a></div>
<div class="navBulletBorderBottom"></div>
</div>
<div class="navPageSpacing"></div>
</div>
<div class="pageContent" id="pageContent">
<div class="contentHeaderDiv">
</div>
<div class="commandBox" style="background-color: #EDECDC">
<h1>Add Template Element</h1>
<FORM ID="templateForm" method="POST" ACTION="">
<div style="float: left; width: 43%;">
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_ViewTax")) {
AccessDenied();
}
?>
<?php
$DB = new conn();
$F = new FormElements();
?>
<div class="navMenu">
<div class="navHeaderdiv"><h1>Manage Tax Rates</h1></div>
<div id="bullets" style="height:auto;" class="navContent">
<div id="bulletManageInventory" style="height:auto;" class="navContent">
<div class="divFilters">
<div>
<label>Company:</label>
<INPUT style="width:100%" id="tbFilterCompanyV">
</div>
<input id="btnSubmit" type="submit" value="Submit">
<input id="btnReset" type="submit" value="Reset">
</div>
<?php
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditFinance")) {
AccessDenied();
}
$DB = new conn();
$DB->connect();
$F = new FormElements();
$CompanyName = "";
$Address = "";
$City = "";
$State = "";
$ZipCode = "";
$ContactName = "";
$Phone = "";
$Extension = "";
$Email = "";
$Reserve = "0";
$LoanOptions = "";
$Action = "addNew";
// Form Vars
if ($_REQUEST) {
if (isset($_REQUEST["id"])) {
$id = $DB->sanitize($_REQUEST["id"]);
$sql = "SELECT * FROM finance_options WHERE id = '" . $id . "'";
$result = $DB->query($sql);
if ($result) {
$financeDetails = mysql_fetch_assoc($result);
$CompanyName = $financeDetails["CompanyName"];
