<?php
require "globals.php5";
define(PG_SIZE, 50);
require "cookies.php5";
$mesg = '';
if ($UUID && $ACCESS >= 200) {
try {
// do stuff
$db = db_career();
if ($_POST['submit'] && $_POST['extype']) {
// extype C (300+) masters 1/0, E exyear1, D (400+) exyear2, L exlist (=lid)
// filename (optional)
$filename = stripslashes(trim(str_replace('"', "'", $_POST['filename'])));
if (empty($filename)) {
$filename = 'export-' . time() . '.csv';
}
if (strpos($filename, '.') === false) {
$filename .= '.csv';
}
// trivial check
$extype = $_POST['extype'];
if ($extype === 'C' && $ACCESS >= 300) {
// customers raw data dump
$sql = 'select `uid`, `email`, `firstname`, `lastname`, `mrmsdr`, `phone`, `fax`, `title`, `company`, `addr1`, `addr2`, `city`, `state`, `zip`, `acct`, `master_acct`, `subaccts`, `exp_date`, `status`, `subscription`, `specs`, `tc_agreed` from clients';
if ($_POST['masters']) {
$sql .= ' where `master_acct` = 1';
}
$res = $db->query($sql);
if ($res && $res->num_rows) {
header('Content-type: text/plain');
list($docid) = $result->fetch_row();
$redir = "showdocpc.php?lid=0&pos=0&id={$docid}";
} else {
$redir = "results.php?id=0";
}
if ($verboz) {
$_SESSION['verboz'] = $verboz;
}
// lid 0 verbose descr
$okmesg = "{$totres} results found. One monent, please. You will be redirected <a href='{$redir}'>here</a>.";
} catch (Exception $e) {
$mesg = 'Search failed: ' . $e->getMessage() . ' (' . $e->getCode() . ')<br>';
}
}
if (!isset($resdb)) {
$resdb = db_career();
}
$style = new OperPage('Advanced Search', $UUID, 'residents', 'ressearch', $redir ? "2; URL={$redir}" : '');
///// JavaScriplet below
$scrip = <<<TryMe
var subwind;
function showregions() {
\tsubwind = window.open("regions.php",
\t\t\t"regions","menubar=0,toolbar=0,width=450,resizable=0,location=0,height=400,scrollbars=yes");
\tsetTimeout("subwind.focus()",60);
}
TryMe;
$scrip2 = "<script language=\"JavaScript\" type=\"text/JavaScript\"><!--\n" . $scrip . "// -->\n</script>\n<script type=\"text/javascript\" src=\"calendarDateInput.js\"></script>\n";
$style->Output($scrip2);
function __construct($na, $de = NULL, $act = 0, $sha = 0, $nuid = 0)
{
// name, year, desc, [account, shared - for customers]
global $UUID;
global $ACCESS;
if (!$nuid || $ACCESS != 500) {
$nuid = $UUID;
}
$this->name = substr(addslashes(trim($na)), 0, 50);
if (strlen($this->name) == 50) {
$this->name[49] = '-';
}
// to prevent unfinished escapes
$this->desc = substr(addslashes(trim($de)), 0, 255);
if (strlen($this->desc) == 255) {
$this->desc[254] = '-';
}
// to prevent unfinished escapes
$db = db_career();
$newlid = 10;
$result = $db->query("select listid from custlistdesc where listid between 10 and 127 and uid = {$nuid}");
if (!$result) {
throw new Exception('Can not insert new list', __LINE__);
}
for ($i = $newlid; $i < 128 && $result->num_rows; $i++) {
list($lid) = $result->fetch_row();
if ($i != $lid) {
$newlid = $i;
break;
}
}
$result->free();
$this->id = $newlid;
if ($this->id < 10) {
$this->id = 10;
}
// 1-10 are reserved
if ($this->id > 127) {
throw new Exception('Maximum number of 127 lists reached', __LINE__);
}
$this->shared = $sha;
$this->acct = $act;
$result = $db->query("insert into custlistdesc values ({$nuid},{$this->id},2005,'{$this->desc}','{$this->name}',{$act},{$sha},NULL)");
if (!$result) {
throw new Exception('Can not insert new list', __LINE__);
}
$this->cdb = $db;
}
<?php
require "globals.php5";
require "cookies.php5";
$referrer = $_SERVER['HTTP_REFERER'];
$noteid = $_SESSION['delete_note'];
$qstr = $_SESSION['delete_note_str'];
$yr = $_SESSION['delete_note_yr'];
if ($UUID && $noteid) {
try {
$db = $yr == 2005 ? db_notes() : db_career();
$sql = $ACCESS != 500 ? sprintf("delete from notes where note_id = '%s' and uid = %d", $noteid, $UUID) : sprintf("delete from notes where note_id = '%s'", $noteid);
$result = $db->query($sql);
} catch (Exception $e) {
// $mesg = 'Error found: '.$e->getMessage().' ('.$e->getCode().')';
// NOTHING, REALLY
}
}
if (strpos($referrer, '?') === false) {
$referrer .= '?' . $qstr;
}
unset($_SESSION['delete_note']);
header("Location: {$referrer}");
function SearchRes($year, $wher, $joins = '')
{
// searches residents, returns number of rows. Throws exceptions.
// year parameter is deprecated
global $UUID;
if (empty($wher)) {
throw new Exception('Search: Required parameters are missing', __LINE__);
}
$resdb = db_career();
$resdb->query("delete from custlistsus where owneruid = {$UUID} and listid=0");
$result = $resdb->query("insert into custlistsus select {$UUID},ph_id,0 from physicians {$joins} where {$wher}");
if (!$result) {
throw new Exception(DEBUG ? "Problem with query: {$wher}" : 'Program Error', __LINE__);
}
return $resdb->affected_rows;
}
