$edate = $mysqli->real_escape_string($_POST["edate"]); $eamount = $mysqli->real_escape_string(clean($_POST["eamount"])); if ($ename == '' or $eamount == '') { $msgBox = alertBox($MessageEmpty); } else { if ($eamount < 0) { $msgBoxExpense = alertBox($NegativeAmount); } else { //add new expense $sql = "INSERT INTO bills (UserId, Title, Dates, CategoryId, AccountId, Amount, Description) VALUES (?,?,?,?,?,?,?)"; if ($statement = $mysqli->prepare($sql)) { //bind parameters for markers, where (s = string, i = integer, d = double, b = blob) $statement->bind_param('issiiss', $euser, $ename, $edate, $ecategory, $eaccount, $eamount, $edescription); $statement->execute(); } $msgBoxExpense = alertBox($SaveMsgExpense); } } } ?> <!-- Page Content --> <div id="page-wrapper"> <div class="row"> <div class="col-lg-12"> <h1 class="page-header"><?php echo $Transaction; ?> </h1> </div>
$paypalEmail = $mysqli->real_escape_string($_POST['paypalEmail']); $stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\t\t\t\tsitesettings\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tenablePayments = ?,\n\t\t\t\t\t\t\t\t\t\tpaymentCurrency = ?,\n\t\t\t\t\t\t\t\t\t\tpaymentCompleteMsg = ?,\n\t\t\t\t\t\t\t\t\t\tpaypalEmail = ?,\n\t\t\t\t\t\t\t\t\t\tpaypalItemName = ?,\n\t\t\t\t\t\t\t\t\t\tpaypalFee = ?\n\t\t\t\t"); $stmt->bind_param('ssssss', $enablePayments, $paymentCurrency, $paymentCompleteMsg, $paypalEmail, $paypalItemName, $paypalFee); $stmt->execute(); $msgBox = alertBox($paymentSettingsSavedMsg, "<i class='fa fa-check-square'></i>", "success"); $stmt->close(); } } } } } } else { $stmt = $mysqli->prepare("UPDATE sitesettings SET enablePayments = ? "); $stmt->bind_param('s', $enablePayments); $stmt->execute(); $msgBox = alertBox($paymentSettingsSavedMsg, "<i class='fa fa-check-square'></i>", "success"); $stmt->close(); } } // Get Data $sqlStmt = "SELECT\n\t\t\t\t\tinstallUrl,\n\t\t\t\t\tlocalization,\n\t\t\t\t\tsiteName,\n\t\t\t\t\tbusinessName,\n\t\t\t\t\tbusinessAddress,\n\t\t\t\t\tbusinessEmail,\n\t\t\t\t\tbusinessPhone,\n\t\t\t\t\tuploadPath,\n\t\t\t\t\ttemplatesPath,\n\t\t\t\t\tfileTypesAllowed,\n\t\t\t\t\tavatarFolder,\n\t\t\t\t\tavatarTypes,\n\t\t\t\t\tallowRegistrations,\n\t\t\t\t\tenablePayments,\n\t\t\t\t\tpaymentCurrency,\n\t\t\t\t\tpaymentCompleteMsg,\n\t\t\t\t\tpaypalEmail,\n\t\t\t\t\tpaypalItemName,\n\t\t\t\t\tpaypalFee\n\t\t\t\tFROM\n\t\t\t\t\tsitesettings"; $res = mysqli_query($mysqli, $sqlStmt) or die('-1' . mysqli_error()); $row = mysqli_fetch_assoc($res); if ($row['localization'] == 'ar') { $ar = 'selected'; } else { $ar = ''; } if ($row['localization'] == 'bg') { $bg = 'selected'; } else {
$statement->execute(); } $msgBox = alertBox($UpdateMsgCategory); } // add new category if (isset($_POST['submit'])) { $category = $mysqli->real_escape_string($_POST["category"]); $level = 2; //add new category $sql = "INSERT INTO category (UserId, CategoryName, Level) VALUES (?,?,?)"; if ($statement = $mysqli->prepare($sql)) { //bind parameters for markers, where (s = string, i = integer, d = double, b = blob) $statement->bind_param('isi', $UserId, $category, $level); $statement->execute(); } $msgBox = alertBox($SaveMsgCategory); } //Get list category $GetList = "SELECT CategoryId, CategoryName FROM category WHERE Level = 2 AND UserId = {$UserId} ORDER BY CategoryName ASC"; $GetListCategory = mysqli_query($mysqli, $GetList); // Search category if (isset($_POST['searchbtn'])) { $SearchTerm = $_POST['search']; $GetList = "SELECT CategoryId, CategoryName FROM category WHERE Level = 2 AND UserId = {$UserId} AND CategoryName\n\t\t\t\tlike '%{$SearchTerm}%' ORDER BY CategoryName ASC"; $GetListCategory = mysqli_query($mysqli, $GetList); } //Include Global page include 'includes/global.php'; ?> <div id="page-wrapper">
if ($_POST['lastName'] == '') { $msgBox = alertBox($yourLastNameReq, "<i class='fa fa-times-circle'></i>", "danger"); } else { $userEmail = htmlspecialchars($_POST['userEmail']); $firstName = htmlspecialchars($_POST['firstName']); $lastName = htmlspecialchars($_POST['lastName']); $receiveEmails = htmlspecialchars($_POST['recEmails']); $stmt = $mysqli->prepare("UPDATE\r\n\t\t\t\t\t\t\t\t\t\tusers\r\n\t\t\t\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t\t\t\tuserEmail = ?,\r\n\t\t\t\t\t\t\t\t\t\tfirstName = ?,\r\n\t\t\t\t\t\t\t\t\t\tlastName = ?,\r\n\t\t\t\t\t\t\t\t\t\trecEmails = ?,\r\n\t\t\t\t\t\t\t\t\t\tlastUpdated = ?\r\n\t\t\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\t\t\tuserId = ?"); $stmt->bind_param('ssssss', $userEmail, $firstName, $lastName, $receiveEmails, $todayDt, $pw_userId); $stmt->execute(); $stmt->close(); // Add Recent Activity $activityType = '9'; $activityTitle = $myProfUpdAct; updateActivity($pw_userId, $activityType, $activityTitle); $msgBox = alertBox($myProfUpdMsg, "<i class='fa fa-check-square'></i>", "success"); } } } } // Get Data $sql = "SELECT * FROM users WHERE userId = " . $pw_userId; $res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error()); $row = mysqli_fetch_assoc($res); if (!empty($row['firstName']) && $row['firstName'] != '') { $firstName = clean($row['firstName']); } else { $firstName = ''; } if (!empty($row['lastName']) && $row['lastName'] != '') { $lastName = clean($row['lastName']);
$subject = $newPMEmailSubject . ' ' . $clientFullName; $message = '<html><body>'; $message .= '<h3>' . $subject . '</h3>'; $message .= '<p>' . $messageText . '</p>'; $message .= '<hr>'; $message .= $emailLink; $message .= $emailThankYou; $message .= '</body></html>'; $headers = "From: " . $siteName . " <" . $businessEmail . ">\r\n"; $headers .= "Reply-To: " . $businessEmail . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; if (mail($theEmail, $subject, $message, $headers)) { $msgBox = alertBox($newPMSentConf, "<i class='fa fa-check-square'></i>", "success"); } else { $msgBox = alertBox($emailErrorMsg, "<i class='fa fa-times-circle'></i>", "danger"); } // Clear the Form of values $_POST['messageTitle'] = $_POST['messageText'] = ''; $stmt->close(); } } } // Include Pagination Class include 'includes/pagination.php'; // Create new object & pass in the number of pages and an identifier $pages = new paginator($pagPages, 'p'); // Get the number of total records $rows = $mysqli->query("\n\t\tSELECT\n\t\t\t*\n\t\tFROM\n\t\t\tprivatemessages\n\t\t\tLEFT JOIN clients ON privatemessages.clientId = clients.clientId\n\t\t\tLEFT JOIN admins ON privatemessages.adminId = admins.adminId\n\t\tWHERE\n\t\t\tprivatemessages.toClientId = " . $clientId . " AND\n\t\t\tprivatemessages.toDeleted = 0 AND\n\t\t\tprivatemessages.toArchived = 1\n\t"); $total = mysqli_num_rows($rows); // Pass the number of total records
} // Clock a Manager Out if (isset($_POST['submit']) && $_POST['submit'] == 'stopClock') { $clockId = $mysqli->real_escape_string($_POST['clockId']); $entryId = $mysqli->real_escape_string($_POST['entryId']); $endTime = date("Y-m-d H:i:s"); // Stop Clock - Update the timeclock Record $sqlstmt = $mysqli->prepare("\n\t\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\t\ttimeclock\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\trunning = 0\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tclockId = ?\n\t\t"); $sqlstmt->bind_param('s', $clockId); $sqlstmt->execute(); $sqlstmt->close(); // Stop Clock - Update the time entry $stmt = $mysqli->prepare("\n\t\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\t\ttimeentry\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tendTime = ?\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tentryId = ?\n\t\t"); $stmt->bind_param('ss', $endTime, $entryId); $stmt->execute(); $msgBox = alertBox($mngrClockedOutMsg, "<i class='fa fa-check-square'></i>", "success"); $stmt->close(); } // Get a list of all the Years $a = "SELECT clockYear FROM timeclock GROUP BY clockYear"; $b = mysqli_query($mysqli, $a) or die('-1' . mysqli_error()); $yrs = array(); // Set each Year in an array while ($year = mysqli_fetch_assoc($b)) { $yrs[] = $year['clockYear']; } // Get a list of all the Managers $c = "SELECT adminId FROM admins WHERE isActive = 1"; $d = mysqli_query($mysqli, $c) or die('-2' . mysqli_error()); // Set each Manager in an array $mgrs = array();
} else { if ($_POST['password_r'] == '') { $msgBox = alertBox($retypeAccountPass, "<i class='fa fa-times-circle'></i>", "danger"); } else { if ($_POST['password'] != $_POST['password_r']) { $msgBox = alertBox($accountPassNotMatch, "<i class='fa fa-times-circle'></i>", "danger"); } else { if (isset($_POST['password']) && $_POST['password'] != "") { $password = encryptIt($_POST['password']); } else { $password = $_POST['passwordOld']; } $stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\t\tclients\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tpassword = ?\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\tclientId = ?"); $stmt->bind_param('ss', $password, $clientId); $stmt->execute(); $msgBox = alertBox($accountPassUpdatedMsg, "<i class='fa fa-check-square'></i>", "success"); $stmt->close(); } } } } } } // Get Data $query = "SELECT\n\t\t\t\tclientId,\n\t\t\t\tclientEmail,\n\t\t\t\tpassword,\n\t\t\t\tclientFirstName,\n\t\t\t\tclientLastName,\n\t\t\t\tCONCAT(clientFirstName,' ',clientLastName) AS clientName,\n\t\t\t\tclientCompany,\n\t\t\t\tclientBio,\n\t\t\t\tclientAddress,\n\t\t\t\tclientPhone,\n\t\t\t\tclientCell,\n\t\t\t\tclientAvatar,\n\t\t\t\tDATE_FORMAT(lastVisited,'%M %e, %Y at %l:%i %p') AS lastVisited,\n\t\t\t\tDATE_FORMAT(createDate,'%M %d, %Y') AS createDate\n\t\t\tFROM\n\t\t\t\tclients\n\t\t\tWHERE clientId = " . $clientId; $res = mysqli_query($mysqli, $query) or die('-2' . mysqli_error()); $row = mysqli_fetch_assoc($res); // Decrypt data if ($row['clientAddress'] != '') { $clientAddress = decryptIt($row['clientAddress']); } else {
} if ($isFiles != 'true') { // Delete the DB Record $stmt = $mysqli->prepare("DELETE FROM projectfolders WHERE folderId = ?"); $stmt->bind_param('s', $deleteId); $stmt->execute(); // Delete the Folder on the host if (is_dir($uploadsDir . $folderUrl)) { rmdir($uploadsDir . $folderUrl); $msgBox = alertBox("The Project Folder has been Deleted.", "<i class='fa fa-check-square'></i>", "success"); } else { $msgBox = alertBox($deleteFolderErrorMsg, "<i class='fa fa-times-circle'></i>", "danger"); } $stmt->close(); } else { $msgBox = alertBox($foldNotEmptyMsg, "<i class='fa fa-times-circle'></i>", "danger"); } } // Include Pagination Class include 'includes/getpagination.php'; $pages = new paginator($pagPages, 'p'); // Get the number of total records $rows = $mysqli->query("SELECT * FROM projectfolders WHERE projectId = " . $projectId); $total = mysqli_num_rows($rows); // Pass the number of total records $pages->set_total($total); // Get Folder Data $sql = "SELECT\n\t\t\t\tprojectfolders.folderId,\n\t\t\t\tprojectfolders.projectId,\n\t\t\t\tprojectfolders.adminId,\n\t\t\t\tprojectfolders.clientId,\n\t\t\t\tprojectfolders.folderTitle,\n\t\t\t\tprojectfolders.folderDesc,\n\t\t\t\tprojectfolders.folderUrl,\n\t\t\t\tDATE_FORMAT(projectfolders.folderDate,'%M %d, %Y') AS folderDate,\n\t\t\t\tUNIX_TIMESTAMP(projectfolders.folderDate) AS orderDate,\n\t\t\t\tCONCAT(clients.clientFirstName,' ',clients.clientLastName) AS theClient,\n\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\tFROM\n\t\t\t\tprojectfolders\n\t\t\t\tLEFT JOIN clients ON projectfolders.clientId = clients.clientId\n\t\t\t\tLEFT JOIN admins ON projectfolders.adminId = admins.adminId\n\t\t\tWHERE\n\t\t\t\tprojectfolders.projectId = " . $projectId . "\n\t\t\tORDER BY orderDate " . $pages->get_limit(); $res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error()); $query = "SELECT clientId, projectName FROM clientprojects WHERE projectId = " . $projectId; $result = mysqli_query($mysqli, $query) or die('-2' . mysqli_error());
<?php $pagPages = '10'; // Delete Manager Account if (isset($_POST['submit']) && $_POST['submit'] == 'deleteAdmin') { $adminId = $mysqli->real_escape_string($_POST['adminId']); $stmt = $mysqli->prepare("DELETE FROM admins WHERE adminId = ?"); $stmt->bind_param('s', $adminId); $stmt->execute(); $stmt->close(); $msgBox = alertBox($managerDeletedMsg, "<i class='fa fa-check-square'></i>", "success"); } // Include Pagination Class include 'includes/pagination.php'; // Create new object & pass in the number of pages and an identifier $pages = new paginator($pagPages, 'p'); // Get the number of total records $rows = $mysqli->query("SELECT * FROM clients WHERE isActive = 1"); $total = mysqli_num_rows($rows); // Pass the number of total records $pages->set_total($total); // Get Data $query = "SELECT\n\t\t\t\tadminId,\n\t\t\t\tadminEmail,\n\t\t\t\tCONCAT(adminFirstName,' ',adminLastName) AS theAdmin,\n\t\t\t\tadminPhone,\n\t\t\t\tisAdmin,\n\t\t\t\tadminRole,\n\t\t\t\tisArchived,\n\t\t\t\tDATE_FORMAT(archiveDate,'%M %e, %Y') AS archiveDate\n\t\t\tFROM\n\t\t\t\tadmins\n\t\t\tWHERE\n\t\t\t\tisActive = 0 AND\n\t\t\t\tisAdmin = 0\n\t\t\tORDER BY\n\t\t\t\tadminId " . $pages->get_limit(); $res = mysqli_query($mysqli, $query) or die('-1' . mysqli_error()); include 'includes/navigation.php'; if ($isAdmin != '1') { ?> <div class="content"> <h3><?php echo $accessErrorHeader; ?>
$message .= '<p>' . $resetPassEmail2 . '</p>'; $message .= '<p>' . $resetPassEmail3 . '</p>'; $message .= '<p>' . $emailThankYou . '</p>'; $message .= '</body></html>'; $headers = "From: " . $siteName . " <" . $businessEmail . ">\r\n"; $headers .= "Reply-To: " . $businessEmail . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; if (mail($theEmail, $subject, $message, $headers)) { $msgBox = alertBox($passwordResetMsg, "<i class='fa fa-check-square-o'></i>", "success"); $isReset = 'true'; $stmt->close(); } } else { // No account found $msgBox = alertBox($noAccountFoundMsg, "<i class='fa fa-warning'></i>", "warning"); } } } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title><?php echo $set['siteName']; ?> · <?php
$entryUsername = null; } if ($_POST['entryUrl'] != '') { $entryUrl = encodeIt($_POST['entryUrl']); } else { $entryUrl = null; } $stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\t\tentries\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tcatId = ?,\n\t\t\t\t\t\t\t\t\t\tentryTitle = ?,\n\t\t\t\t\t\t\t\t\t\tentryDesc = ?,\n\t\t\t\t\t\t\t\t\t\tentryUsername = ?,\n\t\t\t\t\t\t\t\t\t\tentryUrl = ?,\n\t\t\t\t\t\t\t\t\t\tentryNotes = ?,\n\t\t\t\t\t\t\t\t\t\tlastUpdated = ?\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\tentryId = ?"); $stmt->bind_param('ssssssss', $catId, $entryTitle, $entryDesc, $entryUsername, $entryUrl, $entryNotes, $todayDt, $entryId); $stmt->execute(); $stmt->close(); // Add Recent Activity $activityType = '8'; $activityTitle = $theEntryText . ' "' . $entryTitleOld . '" ' . $wasUpdatedText; updateActivity($pw_userId, $activityType, $activityTitle); $msgBox = alertBox($theEntryText . " \"" . $entryTitleOld . "\" " . $theCatUpdMsg2, "<i class='fa fa-check-square'></i>", "success"); } } } // Get Entry Data $sql = "SELECT\n\t\t\t\tentries.*,\n\t\t\t\tcategories.catId,\n\t\t\t\tcategories.catTitle,\n\t\t\t\tCONCAT(users.firstName,' ',users.lastName) AS entOwner\n\t\t\tFROM\n\t\t\t\tentries\n\t\t\t\tLEFT JOIN categories ON entries.catId = categories.catId\n\t\t\t\tLEFT JOIN users ON entries.userId = users.userId\n\t\t\tWHERE entries.entryId = " . $entryId; $res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error()); $row = mysqli_fetch_assoc($res); if (!empty($row['entryUsername']) && $row['entryUsername'] != '') { $entryUsername = '******' . decodeIt($row['entryUsername']) . '<span>'; $entryUser = decodeIt($row['entryUsername']); } else { $entryUsername = $entryUser = ''; } if (!empty($row['entryNotes']) && $row['entryNotes'] != '') { $entryNotes = decodeIt($row['entryNotes']);
$msgBox = alertBox($catTitleReq, "<i class='fa fa-times-circle'></i>", "danger"); } else { if ($_POST['catDesc'] == '') { $msgBox = alertBox($catDescReq, "<i class='fa fa-times-circle'></i>", "danger"); } else { $catTitle = htmlspecialchars($_POST['catTitle']); $catDesc = htmlspecialchars($_POST['catDesc']); $stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\tcategories(\n\t\t\t\t\t\t\t\t\t\tuserId,\n\t\t\t\t\t\t\t\t\t\tcatTitle,\n\t\t\t\t\t\t\t\t\t\tcatDesc,\n\t\t\t\t\t\t\t\t\t\tcatDate,\n\t\t\t\t\t\t\t\t\t\tipAddress\n\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t)\n\t\t\t"); $stmt->bind_param('sssss', $pw_userId, $catTitle, $catDesc, $todayDt, $actIp); $stmt->execute(); $stmt->close(); // Add Recent Activity $activityType = '7'; $activityTitle = $newCatNavLink . ' "' . $catTitle . ' ' . $createdText; updateActivity($pw_userId, $activityType, $activityTitle); $msgBox = alertBox($newcatMsg1 . " " . $catTitle . " " . $newcatMsg2, "<i class='fa fa-check-square'></i>", "success"); // Clear the Form of values $_POST['catTitle'] = $_POST['catDesc'] = ''; } } } $catsPage = 'true'; $pageTitle = $newCatNavLink; include 'includes/header.php'; ?> <h3 class="mb-20">Create a <?php echo $pageTitle; ?> </h3> <?php if ($msgBox) {
$stmt->close(); } else { $msgBox = alertBox($mngrStatusError1, "<i class='fa fa-warning'></i>", "warning"); } } else { $msgBox = alertBox($mngrStatusError2, "<i class='fa fa-warning'></i>", "warning"); } } // Update Manager Type if (isset($_POST['submit']) && $_POST['submit'] == 'managerType') { $superuser = $mysqli->real_escape_string($_POST['superuser']); $adminRole = $mysqli->real_escape_string($_POST['adminRole']); $stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\tadmins\n\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\tisAdmin = ?,\n\t\t\t\t\t\t\t\t\tadminRole = ?\n\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\tadminId = ?"); $stmt->bind_param('sss', $superuser, $adminRole, $aId); $stmt->execute(); $msgBox = alertBox($mngrTypeUpdatedMsg, "<i class='fa fa-check-square'></i>", "success"); $stmt->close(); } // Get Data $query = "SELECT\n\t\t\t\tadminId,\n\t\t\t\tadminEmail,\n\t\t\t\tpassword,\n\t\t\t\tadminFirstName,\n\t\t\t\tadminLastName,\n\t\t\t\tCONCAT(adminFirstName,' ',adminLastName) AS theAdmin,\n\t\t\t\tadminBio,\n\t\t\t\tadminAddress,\n\t\t\t\tadminPhone,\n\t\t\t\tadminCell,\n\t\t\t\tadminAvatar,\n\t\t\t\tadminNotes,\n\t\t\t\tDATE_FORMAT(lastVisited,'%M %e, %Y at %l:%i %p') AS lastVisited,\n\t\t\t\tDATE_FORMAT(createDate,'%M %d, %Y') AS createDate,\n\t\t\t\tisAdmin,\n\t\t\t\tadminRole,\n\t\t\t\tisActive,\n\t\t\t\tisArchived,\n\t\t\t\tDATE_FORMAT(archiveDate,'%M %d, %Y') AS archiveDate\n\t\t\tFROM\n\t\t\t\tadmins\n\t\t\tWHERE adminId = " . $aId; $res = mysqli_query($mysqli, $query) or die('-1' . mysqli_error()); $row = mysqli_fetch_assoc($res); // Decrypt data if ($row['adminAddress'] != '') { $adminAddress = decryptIt($row['adminAddress']); } else { $adminAddress = ''; } if ($row['adminPhone'] != '') { $adminPhone = decryptIt($row['adminPhone']); } else {
$msgBox = alertBox("Please enter a valid email for the Primary Admin. Email addresses are used as your account login.", "<i class='fa fa-times-circle'></i>", "danger"); } else { if ($_POST['password'] == '') { $msgBox = alertBox("Please enter a password for the Primary Admin's Account.", "<i class='fa fa-times-circle'></i>", "danger"); } else { if ($_POST['r-password'] == '') { $msgBox = alertBox("Please re-enter the password for the Primary Admin's Account.", "<i class='fa fa-times-circle'></i>", "danger"); } else { if ($_POST['password'] != $_POST['r-password']) { $msgBox = alertBox("The password for the Primary Admin's Account does not match.", "<i class='fa fa-times-circle'></i>", "danger"); } else { if ($_POST['adminFirstName'] == '') { $msgBox = alertBox("Please enter the Primary Admin's First Name.", "<i class='fa fa-times-circle'></i>", "danger"); } else { if ($_POST['adminLastName'] == '') { $msgBox = alertBox("Please enter the Primary Admin's Last Name.", "<i class='fa fa-times-circle'></i>", "danger"); } else { $installUrl = $mysqli->real_escape_string($_POST['installUrl']); $siteName = $mysqli->real_escape_string($_POST['siteName']); $businessName = $mysqli->real_escape_string($_POST['businessName']); $businessAddress = $_POST['businessAddress']; $businessEmail = $mysqli->real_escape_string($_POST['businessEmail']); $businessPhone = $mysqli->real_escape_string($_POST['businessPhone']); $uploadPath = $mysqli->real_escape_string($_POST['uploadPath']); $templatesPath = $mysqli->real_escape_string($_POST['templatesPath']); $fileTypesAllowed = $mysqli->real_escape_string($_POST['fileTypesAllowed']); $avatarFolder = $mysqli->real_escape_string($_POST['avatarFolder']); $avatarTypes = $mysqli->real_escape_string($_POST['avatarTypes']); // Add data to the siteSettings Table $stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tsitesettings(\n\t\t\t\t\t\t\t\t\t\t\tinstallUrl,\n\t\t\t\t\t\t\t\t\t\t\tsiteName,\n\t\t\t\t\t\t\t\t\t\t\tbusinessName,\n\t\t\t\t\t\t\t\t\t\t\tbusinessAddress,\n\t\t\t\t\t\t\t\t\t\t\tbusinessEmail,\n\t\t\t\t\t\t\t\t\t\t\tbusinessPhone,\n\t\t\t\t\t\t\t\t\t\t\tuploadPath,\n\t\t\t\t\t\t\t\t\t\t\ttemplatesPath,\n\t\t\t\t\t\t\t\t\t\t\tfileTypesAllowed,\n\t\t\t\t\t\t\t\t\t\t\tavatarFolder,\n\t\t\t\t\t\t\t\t\t\t\tavatarTypes\n\t\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t\t)"); $stmt->bind_param('sssssssssss', $installUrl, $siteName, $businessName, $businessAddress, $businessEmail, $businessPhone, $uploadPath, $templatesPath, $fileTypesAllowed, $avatarFolder, $avatarTypes);
<?php require_once './session_login.inc.php'; function alertBox($alerttext) { echo '<script type="text/javascript">alert("' . $alerttext . '");window.history.back();</script>'; } $class = $_REQUEST['class']; if (empty($class)) { alertBox("Error!!!:Please check value of class in URL"); } else { if (!($class == "1" || $class == "2" || $class == "3" || $class == "4" || $class == "wifi")) { alertBox("Error!!!:Please check value of class in URL"); } } $servername = "localhost"; $username = "******"; $password = "******"; $dbname = "dhcp"; $con = mysql_connect($servername, $username, $password) or die(mysql_error("Error connect")); mysql_select_db($dbname) or die(mysql_error("Error database")); $query_all_data = 'SELECT * FROM `class' . $class . '`'; $all_data = mysql_query($query_all_data); $query_range = 'SELECT * FROM `class_range` WHERE `class` = ' . $class; $range = mysql_query($query_range); while ($ip_range = mysql_fetch_array($range)) { $ip_start = $ip_range["ip_start"]; $ip_end = $ip_range["ip_end"]; } ?> <!DOCTYPE html>
$message .= '<p>' . $invNotes . '</p>'; $message .= '<hr>'; $message .= '<p>' . $emailLink . '</p>'; $message .= '<p>' . $emailThankYou . '</p>'; $message .= '</body></html>'; $headers = "From: " . $siteName . " <" . $businessEmail . ">\r\n"; $headers .= "Reply-To: " . $businessEmail . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; if (mail($clientEmail, $subject, $message, $headers)) { $msgBox = alertBox($invCreatedEmailSent, "<i class='fa fa-check-square'></i>", "success"); } else { $msgBox = alertBox($emailErrorMsg, "<i class='fa fa-warning'></i>", "warning"); } } else { $msgBox = alertBox($invCreatedNoEmail, "<i class='fa fa-check-square'></i>", "success"); } // Clear the Form of values $_POST['invoiceDue'] = $_POST['invoiceTitle'] = $_POST['invoiceNotes'] = ''; } } } } // Include Pagination Class include 'includes/pagination.php'; // Create new object & pass in the number of pages and an identifier $pages = new paginator($pagPages, 'p'); // Get the number of total records $cols = $mysqli->query("SELECT * FROM invoices"); $total = mysqli_num_rows($cols); // Pass the number of total records
<?php // Mark all active Logs as Deleted if (isset($_POST['submit']) && $_POST['submit'] == 'deleteLogs') { $stmt = $mysqli->prepare("UPDATE activity SET markDeleted = 1 WHERE markDeleted = 0"); $stmt->execute(); $stmt->close(); // Add Recent Activity $activityType = '10'; $activityTitle = $delLogsAct; updateActivity($pw_userId, $activityType, $activityTitle); $msgBox = alertBox($delLogsMsg, "<i class='fa fa-check-square'></i>", "success"); } // Get Data $sql = "SELECT\n\t\t\t\tactivity.*,\n\t\t\t\tusers.userEmail,\n\t\t\t\tCONCAT(users.firstName,' ',users.lastName) AS activityBy\n\t\t\tFROM\n\t\t\t\tactivity\n\t\t\t\tLEFT JOIN users ON activity.userId = users.userId\n\t\t\tWHERE markDeleted = 0"; $res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error()); $mngPage = 'true'; $pageTitle = $activityLogsPageTitle; $addCss = '<link href="css/dataTables.css" rel="stylesheet">'; $dataTables = 'true'; $jsFile = 'activityLogs'; include 'includes/header.php'; if ($pw_superUser != '') { ?> <h3 class="mb-20"><?php echo $pageTitle; ?> </h3> <?php if ($msgBox) { echo $msgBox;
$GetAccountId = "SELECT AccountId FROM assets WHERE UserId = {$UserId} and AssetsId = {$IncomeIds}"; $AccountId = mysqli_query($mysqli, $GetAccountId); $ColId = mysqli_fetch_array($AccountId); $AccId = $ColId['AccountId']; //Delete Income $Delete = "DELETE FROM assets WHERE AssetsId = {$IncomeIds}"; $DeleteI = mysqli_query($mysqli, $Delete); //Update Total Income $TotalIncome = "UPDATE totals SET totals.Totals = (SELECT SUM(Amount) FROM assets where assets.UserId = {$UserId} AND assets.AccountId = totals.AccountId) \n" . "\tWHERE totals.UserId = {$UserId} AND totals.AccountId = {$AccId}"; $UpdateTotalIncome = mysqli_query($mysqli, $TotalIncome); if (!$UpdateTotalIncome) { $Gagal = "QUERY ERROR"; $msgBox = alertBox($Gagal); } //$msgBox = alertBox($AccId); $msgBox = alertBox($DeleteIncome); } //Get Report bills History $GetExpenseHistory = "SELECT * from bills left join category on bills.CategoryId = category.CategoryId left join account on bills.AccountId = account.AccountId where bills.UserId = {$UserId} ORDER BY bills.Dates DESC"; $ExpenseHistory = mysqli_query($mysqli, $GetExpenseHistory); // Get all Expense $GetAllBillsOverall = "SELECT SUM(Amount) AS Amount FROM bills WHERE UserId = {$UserId} "; $GetABillsOverall = mysqli_query($mysqli, $GetAllBillsOverall); $BillsColOverall = mysqli_fetch_assoc($GetABillsOverall); $BillsOverall = $BillsColOverall['Amount']; // Get all by month Expense $GetAllBillsDate = "SELECT SUM(Amount) AS Amount FROM bills WHERE UserId = {$UserId} AND MONTH(Dates) = MONTH (CURRENT_DATE())"; $GetABillsDate = mysqli_query($mysqli, $GetAllBillsDate); $BillsColDate = mysqli_fetch_assoc($GetABillsDate); $BillThisMonth = $BillsColDate['Amount']; // Get all by today Expense
$msgBox = alertBox($PwdNotSame); } else { // Set new account $Email = $mysqli->real_escape_string($_POST['email']); $Password = encryptIt($_POST['password']); $FirstName = $mysqli->real_escape_string($_POST['firstname']); $LastName = $mysqli->real_escape_string($_POST['lastname']); $Currency = $mysqli->real_escape_string($_POST['currency']); // add new account $sql = "UPDATE user SET FirstName = ?, LastName = ?, Email = ?, Password = ?, Currency = ? WHERE UserId = {$UserId}"; if ($statement = $mysqli->prepare($sql)) { //bind parameters for markers, where (s = string, i = integer, d = double, b = blob) $statement->bind_param('sssss', $FirstName, $LastName, $Email, $Password, $Currency); $statement->execute(); } $msgBox = alertBox($SuccessAccountUpdate); } } } // Get User Info $GetUsers = "SELECT FirstName, LastName, Email, Currency, Password from user WHERE UserId = {$UserId}"; $GetUserq = mysqli_query($mysqli, $GetUsers); $UserInfos = mysqli_fetch_assoc($GetUserq); //Include Global page include 'includes/global.php'; ?> <div id="page-wrapper"> <div class="row"> <div class="col-lg-12"> <h1 class="page-header"><?php
} else { if ($squid_c == "2") { if ($l != 4) { alertBox("Please check syntax of bandwidth shaping"); $checkE2 = FALSE; } } else { if ($squid_c == "3") { if ($l != 6) { alertBox("Please check syntax of bandwidth shaping"); $checkE2 = FALSE; } } else { if ($squid_c == "4") { if ($l != 8) { alertBox("Please check syntax of bandwidth shaping"); $checkE2 = FALSE; } } else { if ($squid_c == "5") { //if($l != 2) {alertBox("Please check syntax of bandwidth shaping");} } } } } } } if ($checkE1 && $checkE2) { $query_update = 'UPDATE `class_squid` SET `class`=' . $squid_c . ' , `bw` = ' . $bw . 'WHERE user_class=' . $user_c; mysql_query($query_update) or die(mysql_error()); header('Location: squid.php');
$dateIn = sanitize_text_field($_POST['dateIn']); $timeIn = sanitize_text_field($_POST['timeIn']); $dateOut = sanitize_text_field($_POST['dateOut']); $timeOut = sanitize_text_field($_POST['timeOut']); $startTime = $dateIn . ' ' . $timeIn . ':00'; $endTime = $dateOut . ' ' . $timeOut . ':00'; $entryType = '3'; // Edit the Record $wpdb->update($table_name_timeentry, array('startTime' => $startTime, 'endTime' => $endTime, 'entryType' => $entryType), array('entryId' => $entryId)); $editReason = sanitize_text_field($_POST['editReason']); $editedDate = date("Y-m-d H:i:s"); $origStartTime = sanitize_text_field($_POST['origStartTime']); $origEndTime = sanitize_text_field($_POST['origEndTime']); // Add a record of the Edit $wpdb->insert($table_name_timeedits, array('entryId' => $entryId, 'editedBy' => $user_id, 'editedDate' => $editedDate, 'origStartTime' => $origStartTime, 'origEndTime' => $origEndTime, 'editedStartTime' => $startTime, 'editedEndTime' => $endTime, 'editReason' => $editReason)); $msgBox = alertBox($timeRecUpdatedMsg, "<i class='fa fa-check-square'></i>", "success"); // Clear the Form of values $_POST['editReason'] = ''; } } } } } } // Get Data $row = $wpdb->get_row($query = "SELECT\r\n\t\t\t\t{$table_name_timeentry}.entryId,\r\n\t\t\t\t{$table_name_timeentry}.clockId,\r\n\t\t\t\t{$table_name_timeentry}.user_id,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.entryDate,'%M %d, %Y') AS entryDate,\r\n\t\t\t\t{$table_name_timeentry}.startTime,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%Y-%m-%d') AS startDate,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%M %d, %Y') AS dateStarted,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%h:%i %p') AS hourStarted,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.startTime,'%H:%i') AS hourIn,\r\n\t\t\t\t{$table_name_timeentry}.endTime,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%Y-%m-%d') AS endDate,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%M %d, %Y') AS dateEnded,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%h:%i %p') AS hourEnded,\r\n\t\t\t\tDATE_FORMAT({$table_name_timeentry}.endTime,'%H:%i') AS hourOut,\r\n\t\t\t\t{$table_name_timeentry}.entryType,\r\n\t\t\t\t{$table_name_timeclock}.weekNo,\r\n\t\t\t\t{$table_name_timeclock}.clockYear,\r\n\t\t\t\t{$table_name_timeclock}.running,\r\n\t\t\t\tCONCAT({$table_name_employees}.user_id,' ','user') AS theEmp\r\n\t\t\tFROM\r\n\t\t\t\t{$table_name_timeentry}\r\n\t\t\t\tLEFT JOIN {$table_name_timeclock} ON {$table_name_timeentry}.clockId = {$table_name_timeclock}.clockId\r\n\t\t\t\tLEFT JOIN {$table_name_employees} ON {$table_name_timeentry}.user_id = {$table_name_employees}.user_id\r\n\t\t\tWHERE\r\n\t\t\t\t{$table_name_timeentry}.entryId = {$entryId}", ARRAY_A); if ($row['entryType'] == '1') { $entryType = $entryType1; } else { if ($row['entryType'] == '2') { $entryType = $entryType2;
$texttoalert = $texttoalert . 'At line ' . $line . ' Change MAC Address between 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF\\n'; } if (preg_match("/^[a-zA-Z0-9]+\$/", $objArr[1]) == 0) { $statusQuery6 = FALSE; $texttoalert = $texttoalert . 'At line ' . $line . ' Name can have only A-Z a-z 0-9\\n'; } if ($ip_cur_long < $ip_start_long or $ip_cur_long > $ip_end_long) { $statusQuery7 = FALSE; $texttoalert = $texttoalert . 'At line ' . $line . ' IP Address in Class ' . $class . ' is between ' . $ip_start . '-' . $ip_end . '\\n'; } if (empty($ip_cur_long)) { $statusQuery8 = FALSE; $texttoalert = $texttoalert . 'At line ' . $line . ' Check IP Address\\n'; } if ($statusQuery && $statusQuery2 && $statusQuery3 && $statusQuery4 && $statusQuery5 && $statusQuery6 && $statusQuery7 && $statusQuery8) { $strSQL = "INSERT INTO `dhcp`.`class1` (hw,name,ip,expire) VALUES ('{$objArr['0']}','{$objArr['1']}','{$objArr['2']}','{$objArr['3']}')"; $objQuery = mysql_query($strSQL); if (!$objQuery) { $texttoalert = die(mysql_error()); alertBox($texttoalert); } } else { alertBox($texttoalert); } } shell_exec("/var/www/html/oak2/manage_dhcp.rb"); shell_exec('/var/www/html/oak2/restart_service_dhcp.sh'); mysql_close($con); fclose($objCSV); backalertBox(); }
if (isset($_POST['expense'])) { $ExpenseId = $row['BillsId']; $iuser = $_SESSION['UserId']; $iname = $mysqli->real_escape_string($_POST["iname"]); $icategory = $mysqli->real_escape_string($_POST["icategory"]); $iaccount = $mysqli->real_escape_string($_POST["iaccount"]); $idescription = $mysqli->real_escape_string($_POST["idescription"]); $idate = $mysqli->real_escape_string($_POST["idate"]); $iamount = $mysqli->real_escape_string(clean($_POST["iamount"])); $sql = "UPDATE bills SET Title = ?, Dates = ?, CategoryId = ?, AccountId = ?, Amount = ?, Description = ? WHERE BillsId = {$ExpenseId}"; if ($statement = $mysqli->prepare($sql)) { //bind parameters for markers, where (s = string, i = integer, d = double, b = blob) $statement->bind_param('ssiiss', $iname, $idate, $icategory, $iaccount, $iamount, $idescription); $statement->execute(); } $msgBox = alertBox($UpdateMsgExpense); } // Get new data after update $EditExpense = "SELECT a.BillsId, a.Title, a.Dates, a.Amount, a.Description, c.CategoryName, c.CategoryId, ac.AccountId, ac.AccountName from bills a, category c, account ac where a.CategoryId = c.CategoryId \n\t\t\t\t\tAND a.AccountId = ac.AccountId AND c.Level = 2 AND a.UserId = {$UserId} AND a.BillsId = {$ExpenseId}"; if ($ExpenseEdit = mysqli_query($mysqli, $EditExpense)) { $row = mysqli_fetch_assoc($ExpenseEdit); } ?> <!-- Page Content --> <div id="page-wrapper"> <div class="row"> <div class="col-lg-12"> <h1 class="page-header"><?php echo $ManageExpense;
} if ($_POST['entryUrl'] != '') { $entryUrl = encodeIt($_POST['entryUrl']); } else { $entryUrl = null; } $password1 = encodeIt($_POST['password1']); $stmt = $mysqli->prepare("\r\n\t\t\t\t\t\t\t\tINSERT INTO\r\n\t\t\t\t\t\t\t\t\tentries(\r\n\t\t\t\t\t\t\t\t\t\tcatId,\r\n\t\t\t\t\t\t\t\t\t\tuserId,\r\n\t\t\t\t\t\t\t\t\t\tentryTitle,\r\n\t\t\t\t\t\t\t\t\t\tentryDesc,\r\n\t\t\t\t\t\t\t\t\t\tentryUsername,\r\n\t\t\t\t\t\t\t\t\t\tentryPass,\r\n\t\t\t\t\t\t\t\t\t\tentryUrl,\r\n\t\t\t\t\t\t\t\t\t\tentryNotes,\r\n\t\t\t\t\t\t\t\t\t\tentryDate,\r\n\t\t\t\t\t\t\t\t\t\tipAddress\r\n\t\t\t\t\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t?\r\n\t\t\t\t\t\t\t\t\t)\r\n\t\t\t"); $stmt->bind_param('ssssssssss', $catId, $pw_userId, $entryTitle, $entryDesc, $entryUsername, $password1, $entryUrl, $entryNotes, $todayDt, $actIp); $stmt->execute(); $stmt->close(); // Add Recent Activity $activityType = '8'; $activityTitle = $newEntryNavLink . ' "' . $entTitle . ' ' . $createdText; updateActivity($pw_userId, $activityType, $activityTitle); $msgBox = alertBox($theNewEntryText . " \"" . $entTitle . "\" " . $newcatMsg2, "<i class='fa fa-check-square'></i>", "success"); // Clear the Form of values $_POST['entryTitle'] = $_POST['entryDesc'] = $_POST['entryNotes'] = $_POST['entryUsername'] = $_POST['entryUrl'] = ''; } } } } } } $pageTitle = $newEntryNavLink; $jsFile = 'newEntry'; include 'includes/header.php'; ?> <h3 class="mb-20"><?php echo $addAText; ?>
$msgBox = alertBox($updUsrLastReq, "<i class='fa fa-times-circle'></i>", "danger"); } else { $userEmail = htmlspecialchars($_POST['userEmail']); $firstName = htmlspecialchars($_POST['firstName']); $lastName = htmlspecialchars($_POST['lastName']); $receiveEmails = htmlspecialchars($_POST['recEmails']); $isActive = htmlspecialchars($_POST['isActive']); $stmt = $mysqli->prepare("UPDATE\n\t\t\t\t\t\t\t\t\t\tusers\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tuserEmail = ?,\n\t\t\t\t\t\t\t\t\t\tfirstName = ?,\n\t\t\t\t\t\t\t\t\t\tlastName = ?,\n\t\t\t\t\t\t\t\t\t\trecEmails = ?,\n\t\t\t\t\t\t\t\t\t\tisActive = ?,\n\t\t\t\t\t\t\t\t\t\tlastUpdated = ?\n\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\tuserId = ?"); $stmt->bind_param('sssssss', $userEmail, $firstName, $lastName, $receiveEmails, $isActive, $todayDt, $userId); $stmt->execute(); $stmt->close(); // Add Recent Activity $activityType = '12'; $activityTitle = $updUsrAccAct . ' ' . $firstName . ' ' . $lastName; updateActivity($pw_userId, $activityType, $activityTitle); $msgBox = alertBox($updUsrAccMsg . " " . $firstName . " " . $lastName . " " . $theCatUpdMsg2, "<i class='fa fa-check-square'></i>", "success"); } } } } // Get Data $qry = "SELECT\n\t\t\t\tusers.*,\n\t\t\t\t(SELECT COUNT(*) FROM categories WHERE categories.userId = users.userId) AS totalCats,\n\t\t\t\t(SELECT COUNT(*) FROM entries WHERE entries.userId = users.userId) AS totalEntries\n\t\t\tFROM\n\t\t\t\tusers\n\t\t\tWHERE users.userId = " . $userId; $res = mysqli_query($mysqli, $qry) or die('-1' . mysqli_error()); $row = mysqli_fetch_assoc($res); if (!empty($row['firstName']) && $row['firstName'] != '') { $firstName = clean($row['firstName']); } else { $firstName = ''; } if (!empty($row['lastName']) && $row['lastName'] != '') { $lastName = clean($row['lastName']);
$stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\ttasks(\n\t\t\t\t\t\t\t\t\t\tprojectId,\n\t\t\t\t\t\t\t\t\t\tadminId,\n\t\t\t\t\t\t\t\t\t\ttaskTitle,\n\t\t\t\t\t\t\t\t\t\ttaskDesc,\n\t\t\t\t\t\t\t\t\t\ttaskPriority,\n\t\t\t\t\t\t\t\t\t\ttaskStatus,\n\t\t\t\t\t\t\t\t\t\ttaskStart,\n\t\t\t\t\t\t\t\t\t\ttaskDue\n\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t)\n\t\t\t"); $stmt->bind_param('ssssssss', $projectId, $adminId, $taskTitle, $taskDesc, $taskPriority, $taskStatus, $taskStart, $taskDue); $stmt->execute(); $stmt->close(); if (isset($_POST['addCal']) && $_POST['addCal'] == '1') { $startDate = $endDate = $taskDue . ' 00:00:00'; $eventTitle = 'Task: ' . $taskTitle; $eventDesc = $mysqli->real_escape_string($_POST['taskDesc']); $eventColor = '#91c04a'; $stmt = $mysqli->prepare("\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tadminevents(\n\t\t\t\t\t\t\t\t\t\t\tadminId,\n\t\t\t\t\t\t\t\t\t\t\tstartDate,\n\t\t\t\t\t\t\t\t\t\t\tendDate,\n\t\t\t\t\t\t\t\t\t\t\teventTitle,\n\t\t\t\t\t\t\t\t\t\t\teventDesc,\n\t\t\t\t\t\t\t\t\t\t\teventColor\n\t\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?,\n\t\t\t\t\t\t\t\t\t\t\t?\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t"); $stmt->bind_param('ssssss', $adminId, $startDate, $endDate, $eventTitle, $eventDesc, $eventColor); $stmt->execute(); $stmt->close(); $msgBox = alertBox($newTaskAddedCalMsg, "<i class='fa fa-check-square'></i>", "success"); } else { $msgBox = alertBox($newTaskAddedMsg, "<i class='fa fa-check-square'></i>", "success"); } // Clear the Form of values $_POST['taskTitle'] = $_POST['taskDesc'] = $_POST['taskPriority'] = $_POST['taskStatus'] = $_POST['taskDue'] = ''; } } } } } } // Include Pagination Class include 'includes/pagination.php'; // Create new object & pass in the number of pages and an identifier $pages = new paginator($pagPages, 'p'); // Get the number of total records $rows = $mysqli->query("SELECT * FROM tasks WHERE adminId = " . $adminId . " AND isClosed != 0");
} } // Delete Discussion if (isset($_POST['submit']) && $_POST['submit'] == 'deletedisc') { $deleteId = $mysqli->real_escape_string($_POST['deleteId']); // Delete the Discussion Topic $stmt = $mysqli->prepare("DELETE FROM projectdiscus WHERE discussionId = ?"); $stmt->bind_param('s', $_POST['deleteId']); $stmt->execute(); $stmt->close(); // Delete all of the comments associated with the Discussion Topic $stmt = $mysqli->prepare("DELETE FROM replies WHERE discussionId = ?"); $stmt->bind_param('s', $_POST['deleteId']); $stmt->execute(); $stmt->close(); $msgBox = alertBox($discThreadDeletedMsg, "<i class='fa fa-check-square'></i>", "success"); } // Include Pagination Class include 'includes/getpagination.php'; $pages = new paginator($pagPages, 'p'); // Get the number of total records $rows = $mysqli->query("SELECT * FROM projectdiscus WHERE projectId = " . $projectId); $total = mysqli_num_rows($rows); // Pass the number of total records $pages->set_total($total); // Get Project Discussions $sql = "SELECT\n\t\t\t\tprojectdiscus.discussionId,\n\t\t\t\tprojectdiscus.projectId,\n\t\t\t\tprojectdiscus.adminId,\n\t\t\t\tprojectdiscus.clientId,\n\t\t\t\tprojectdiscus.discussionTitle,\n\t\t\t\tprojectdiscus.discussionText,\n\t\t\t\tDATE_FORMAT(projectdiscus.discussionDate,'%W, %M %e, %Y') AS discussionDate,\n\t\t\t\tUNIX_TIMESTAMP(projectdiscus.discussionDate) AS orderDate,\n\t\t\t\tDATE_FORMAT(projectdiscus.lastUpdated,'%W, %M %e, %Y') AS lastUpdated,\n\t\t\t\tCONCAT(clients.clientFirstName,' ',clients.clientLastName) AS theClient,\n\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\tFROM\n\t\t\t\tprojectdiscus\n\t\t\t\tLEFT JOIN clients ON projectdiscus.clientId = clients.clientId\n\t\t\t\tLEFT JOIN admins ON projectdiscus.adminId = admins.adminId\n\t\t\tWHERE\n\t\t\t\tprojectdiscus.projectId = " . $projectId . "\n\t\t\tORDER BY orderDate " . $pages->get_limit(); $res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error()); // Only allow access to the Assigned Manager or Admins $qry = "SELECT\n\t\t\t\tassignedprojects.assignedTo,\n\t\t\t\tclientprojects.projectName\n\t\t\tFROM\n\t\t\t\tassignedprojects\n\t\t\t\tLEFT JOIN clientprojects ON assignedprojects.projectId = clientprojects.projectId\n\t\t\tWHERE assignedprojects.projectId = " . $projectId; $result = mysqli_query($mysqli, $qry) or die('-2' . mysqli_error());
$LastName = $mysqli->real_escape_string($_POST['lastname']); $Currency = $mysqli->real_escape_string($_POST['currency']); //Check if already register $sql = "Select Email from user Where Email = '{$Email}'"; $c = mysqli_query($mysqli, $sql); if (mysqli_num_rows($c) >= 1) { $msgBox = alertBox($AlreadyRegister); } else { // add new account $sql = "INSERT INTO user (FirstName, LastName, Email, Password, Currency) VALUES (?,?,?,?,?)"; if ($statement = $mysqli->prepare($sql)) { //bind parameters for markers, where (s = string, i = integer, d = double, b = blob) $statement->bind_param('sssss', $FirstName, $LastName, $Email, $Password, $Currency); $statement->execute(); } $msgBox = alertBox($SuccessAccount); } } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8">
<?php $validReport = ''; // Server Side validation if ($_POST['invFromDate'] == "") { $msgBox = alertBox($reportError2, "<i class='fa fa-warning'></i>", "warning"); $validReport = 'false'; } else { if ($_POST['invToDate'] == "") { $msgBox = alertBox($reportError3, "<i class='fa fa-warning'></i>", "warning"); $validReport = 'false'; } else { // Report Options if (!empty($_POST['invFromDate'])) { $invFromDate = $mysqli->real_escape_string($_POST['invFromDate']); $fdate = date('F d, Y', strtotime($invFromDate)); } if (!empty($_POST['invToDate'])) { $invToDate = $mysqli->real_escape_string($_POST['invToDate']); $tdate = date('F d, Y', strtotime($invToDate)); } $sql = "SELECT\n\t\t\t\t\tinvoices.invoiceId,\n\t\t\t\t\tinvoices.projectId,\n\t\t\t\t\tinvoices.adminId,\n\t\t\t\t\tinvoices.clientId,\n\t\t\t\t\tinvoices.invoiceTitle,\n\t\t\t\t\tDATE_FORMAT(invoices.invoiceDate,'%M %d, %Y') AS invoiceDate,\n\t\t\t\t\tUNIX_TIMESTAMP(invoices.invoiceDue) AS orderDate,\n\t\t\t\t\tinvoices.isPaid,\n\t\t\t\t\tDATE_FORMAT(invoices.lastUpdated,'%M %d, %Y') AS lastUpdated,\n\t\t\t\t\tclientprojects.projectName,\n\t\t\t\t\tCONCAT(clients.clientFirstName,' ',clients.clientLastName) AS theClient,\n\t\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\t\tFROM\n\t\t\t\t\tinvoices\n\t\t\t\t\tLEFT JOIN clientprojects ON invoices.projectId = clientprojects.projectId\n\t\t\t\t\tLEFT JOIN clients ON invoices.clientId = clients.clientId\n\t\t\t\t\tLEFT JOIN admins ON invoices.adminId = admins.adminId\n\t\t\t\tWHERE\n\t\t\t\t\tinvoices.isPaid = 1 AND\n\t\t\t\t\tinvoices.invoiceDate >= '" . $invFromDate . "' AND invoices.invoiceDate <= '" . $invToDate . "'\n\t\t\t\tORDER BY orderDate"; $res = mysqli_query($mysqli, $sql) or die('-1' . mysqli_error()); $totalRecs = mysqli_num_rows($res); } } include 'includes/navigation.php'; ?> <div class="content last"> <h4><?php echo $pageName;
<?php $validReport = ''; // Server Side validation if ($_POST['task'] == "...") { $msgBox = alertBox($reportError4, "<i class='fa fa-warning'></i>", "default"); $validReport = 'false'; } else { // Report Options $projectId = $mysqli->real_escape_string($_POST['task']); $projectName = $mysqli->real_escape_string($_POST['taskFullName']); // Get Data $query = "SELECT\n\t\t\t\t\ttasks.taskId,\n\t\t\t\t\ttasks.projectId,\n\t\t\t\t\ttasks.adminId,\n\t\t\t\t\ttasks.taskTitle,\n\t\t\t\t\ttasks.taskPriority,\n\t\t\t\t\ttasks.taskStatus,\n\t\t\t\t\tDATE_FORMAT(tasks.taskDue,'%M %d, %Y') AS taskDue,\n\t\t\t\t\tUNIX_TIMESTAMP(tasks.taskDue) AS orderDate,\n\t\t\t\t\ttasks.isClosed,\n\t\t\t\t\tDATE_FORMAT(tasks.dateClosed,'%M %d, %Y') AS dateClosed,\n\t\t\t\t\tCONCAT(admins.adminFirstName,' ',admins.adminLastName) AS theAdmin\n\t\t\t\tFROM\n\t\t\t\t\ttasks\n\t\t\t\t\tLEFT JOIN admins ON tasks.adminId = admins.adminId\n\t\t\t\tWHERE\n\t\t\t\t\ttasks.projectId = " . $projectId . "\n\t\t\t\tORDER BY tasks.isClosed, orderDate"; $res = mysqli_query($mysqli, $query) or die('-1' . mysqli_error()); $totalRecs = mysqli_num_rows($res); } include 'includes/navigation.php'; ?> <div class="content last"> <h4><?php echo $pageName; ?> </h4> <?php if ($validReport == '') { ?> <p> <span class="label label-default preview-label"> <?php echo $projectText; ?>