/** * Fetch products data from the database * possibility to mix search, filter and order * @param int $manufacuture_id * @param string $search_string * @param strong $order * @param string $order_type * @param int $limit_start * @param int $limit_end * @return array */ public function get_products($member_id = null, $search_string = null, $order = null, $order_type = 'Asc', $limit_start, $limit_end) { if (!is_admin()) { $member_id = getUID(); } $this->db->select('products.*'); $this->db->select('products.description'); $this->db->select('products.stock'); $this->db->select('products.cost_price'); $this->db->select('products.sell_price'); $this->db->select('products.member_id'); $this->db->select('membership.name as vendor_name'); $this->db->from('products'); if ($member_id != null && $member_id != 0) { $this->db->where('vendor_id', $member_id); } if ($search_string) { $this->db->like('products.name', $search_string); } $this->db->join('membership', 'products.vendor_id = membership.id', 'left'); $this->db->group_by('products.id'); if ($order) { $this->db->order_by($order, $order_type); } else { $this->db->order_by('id', $order_type); } $this->db->limit($limit_start, $limit_end); //$this->db->limit('4', '4'); $query = $this->db->get(); return $query->result_array(); }
function showVotes($db_handle, $db_found) { $func_message = ""; $username = $_SESSION['username']; $uid = getUID($db_handle, $username); if ($db_found) { //next query to find all files UID has voted on $SQL_stmt = "SELECT images_voted FROM users WHERE uid = '{$uid}'"; $query_result = mysqli_query($db_handle, $SQL_stmt); if ($query_result) { $actual_result = mysqli_fetch_assoc($query_result); $images_voted = $actual_result['images_voted']; if ($images_voted != '') { $image_array = explode(',', $images_voted); foreach ($image_array as $image_id) { $SQL_stmt = "SELECT fname FROM files WHERE fid = '{$image_id}'"; $query_result2 = mysqli_query($db_handle, $SQL_stmt); $actual_result2 = mysqli_fetch_assoc($query_result2); //echo $actual_result2['fname'] . "<br>"; echo "<a href='imageload.php?image=" . $actual_result2['fname'] . "'>" . $actual_result2['fname'] . " </a><br>"; } } else { $func_message = "No files found"; } } else { $func_message = "Error querying database"; } mysqli_close($db_handle); } else { $func_message = "Error connecting to database"; } return $func_message; }
public function get_vouchers($member_id = null, $search_string = null, $order = null, $order_type = 'Asc', $limit_start, $limit_end) { if (!is_admin()) { $member_id = getUID(); } $this->db->select('deal_voucher.*'); $this->db->select('membership.name as vendor_name'); $this->db->select('o.customer_firstname as customer_firstname'); $this->db->select('o.customer_lastname as customer_lastname'); $this->db->select('i.name as product_name'); $this->db->from('deal_voucher'); $this->db->join('sales_flat_order as o', 'deal_voucher.order_id = o.entity_id', 'left'); $this->db->join('sales_flat_order_item as i', 'deal_voucher.order_id = i.order_id', 'left'); if ($member_id != null && $member_id != 0) { $this->db->where('vendor_id', $member_id); } if ($search_string) { $this->db->like('order_increment_id', $search_string); } $this->db->join('membership', 'deal_voucher.vendor_id = membership.id', 'left'); $this->db->group_by('deal_voucher.entity_id'); if ($order) { $this->db->order_by($order, $order_type); } else { $this->db->order_by('entity_id', $order_type); } $this->db->limit($limit_start, $limit_end); //$this->db->limit('4', '4'); $query = $this->db->get(); return $query->result_array(); }
function getUID() { return getUID(); }
function updateConnection($text, $array) { $player = getUID($text); if ($player == "BOT") { return; } echo "Player: " . $player . "<br>"; if (preg_match('/connected, address/', $text)) { $time = getTime($text); $array[$player] = $time; } }
include_once $FANNIE_ROOT . 'auth/login.php'; if (!validateUserQuiet('editmembers') && !validateUserQuiet('editmembers_csc') && !validateUserQuiet('viewmembers')) { $url = $FANNIE_URL . 'auth/ui/loginform.php?redirect=' . $_SERVER['PHP_SELF']; header('Location: ' . $url); return; } //include('../db.php'); include 'memAddress.php'; $username = validateUserQuiet('editmembers'); if (isset($_GET['memNum'])) { $memID = $_GET['memNum']; } else { $memID = $_POST['memNum']; } /* audit logging */ $uid = getUID($username); $auditQ = "insert custUpdate select " . $sql->now() . ",{$uid},1,\n CardNo,personNum,LastName,FirstName,\n CashBack,Balance,Discount,ChargeLimit,ChargeOK,\n WriteChecks,StoreCoupons,Type,memType,staff,SSI,Purchases,\n NumberOfChecks,memCoupons,blueLine,Shown,id from custdata where cardno={$memID}"; //$auditR = $sql->query($auditQ); $MI_FIELDS = array(); $memNum = $_POST['memNum']; $MI_FIELDS['street'] = $_POST['address1'] . (!empty($_POST['address2']) ? "\n" . $_POST['address2'] : ''); $MI_FIELDS['city'] = $_POST['city']; $MI_FIELDS['state'] = $_POST['state']; $MI_FIELDS['zip'] = $_POST['zip']; $MI_FIELDS['phone'] = $_POST['phone']; $MI_FIELDS['email_2'] = $_POST['phone2']; $MI_FIELDS['email_1'] = $_POST['email']; $MI_FIELDS['ads_OK'] = $_POST['mailflag']; $cust = new CustdataModel($dbc); $cust->CardNo($memNum); $cust->personNum(1);
<?php include '../../config.php'; include $FANNIE_ROOT . 'auth/login.php'; $uid = 1005; $user = validateUserQuiet('delete_items'); if (!$user) { header("Location: {$FANNIE_URL}auth/ui/loginform.php?redirect={$FANNIE_URL}legacy/queries/listDel.php?upc={$_GET['upc']}&description={$_GET['description']}"); return; } $uid = getUID($user); ?> <html> <body bgcolor=#dd0000 text=#ccccff> <?php include '../db.php'; if (isset($_POST['Yes'])) { $upc = $_POST['upc']; $gatherQ = ''; $args = array(); if (isset($_POST['description'])) { $desc = base64_decode($_POST['description']); $sql->prepare($gatherQ = "select upc,description,normal_price,department,tax,foodstamp,scale,modified,qttyenforced,discount,inuse from products where upc=? and description=?"); $args = array($upc, $desc); } else { $gatherQ = $sql->prepare("select upc,description,normal_price,department,tax,foodstamp,scale,modified,qttyenforced,discount,inuse from products where upc=?"); $args = array($upc); } $gatherR = $sql->execute($gatherQ, $args); $gatherRow = $sql->fetch_row($gatherR); $query = '';
/** * logging出力 */ function logging($arglog, $argLogName = NULL, $argConsolEchoFlag = FALSE) { static $pdate = NULL; static $phour = NULL; static $loggingLineNum = 1; $logpath = dirname(dirname(dirname(dirname(__FILE__)))) . '/log/'; if (class_exists('Configure', FALSE) && NULL !== constant('Configure::LOG_PATH')) { $logpath = Configure::LOG_PATH; } if (class_exists('Configure', FALSE) && NULL !== constant('Configure::DEBUG_ENABLED')) { $debugFlag = Configure::DEBUG_ENABLED; } // XXX ログローテートの実行 if (NULL === $argLogName) { $argLogName = 'process'; } if (NULL === $pdate) { $deftimezone = @date_default_timezone_get(); date_default_timezone_set('Asia/Tokyo'); $dateins = new DateTime(); $pdate = $dateins->format('Y-m-d H:i:s') . ' [UDate:' . microtime(TRUE) . ']'; $phour = $dateins->format('H'); date_default_timezone_set($deftimezone); } if (is_array($arglog) || is_object($arglog)) { $arglog = var_export($arglog, TRUE); } if (isset($_SERVER['REQUEST_URI'])) { $arglog = '[URI:' . $_SERVER['REQUEST_URI'] . ']' . $arglog; } $logstr = $pdate . '[logging' . $loggingLineNum . '][SID:' . getSessionID() . '][UID:' . getUID() . ']' . $arglog; // 改行コードは\rだけにして、一行で表現出来るようにする $logstr = str_replace(PHP_CR, '[EOL]', $logstr); $logstr = str_replace(PHP_LF, '[EOL]', $logstr); if ('process' !== $argLogName) { // process_logは常に出す if (!is_file($logpath . 'process_log')) { @touch($logpath . 'process_log'); @chmod($logpath . 'process_log', 0666); } if (!is_file($logpath . 'process_' . $phour . '.log')) { @touch($logpath . 'process_' . $phour . '.log'); @chmod($logpath . 'process_' . $phour . '.log', 0666); } @file_put_contents($logpath . 'process_log', $logstr . PHP_EOL, FILE_APPEND); @file_put_contents($logpath . 'process_' . $phour . '.log', $logstr . PHP_EOL, FILE_APPEND); } if (!is_file($logpath . $argLogName . '_log')) { @touch($logpath . $argLogName . '_log'); @chmod($logpath . $argLogName . '_log', 0666); } if (!is_file($logpath . $argLogName . '_' . $phour . '.log')) { @touch($logpath . $argLogName . '_' . $phour . '.log'); @chmod($logpath . $argLogName . '_' . $phour . '.log', 0666); } @file_put_contents($logpath . $argLogName . '_log', $logstr . PHP_EOL, FILE_APPEND); @file_put_contents($logpath . $argLogName . '_' . $phour . '.log', $logstr . PHP_EOL, FILE_APPEND); // $debugFlagが有効だったらdebugログに必ず出力 if (isset($debugFlag) && 1 === (int) $debugFlag && isset($_SERVER['REQUEST_URI']) && 'debug' != $argLogName) { debug($arglog); } // XXX consolは画面に出力 if (TRUE === $argConsolEchoFlag && isset($debugFlag) && TRUE == $debugFlag && !isset($_SERVER['REQUEST_URI'])) { echo $logstr . PHP_EOL; } $loggingLineNum++; }
protected function showPairedBatchDisplay($id, $name) { global $FANNIE_SERVER_DBMS; $dbc = $this->connection; $uid = getUID($this->current_user); $uid = ltrim($uid, '0'); $ret = ""; $ret .= sprintf('<input type="hidden" id="currentBatchID" value="%d" />', $id); $ret .= "<b>Batch name</b>: {$name}<br />"; $ret .= "<a href=\"BatchListPage.php\">Back to batch list</a> | "; $ret .= "<a href=\"\" onclick=\"forceNow({$id}); return false;\">Force batch</a>"; $ret .= " | No limit"; $ret .= " <span id=\"currentLimit\" style=\"color:#000;\"></span>"; $q = $dbc->prepare_statement("SELECT b.discounttype,salePrice,\n CASE WHEN l.pricemethod IS NULL THEN 4 ELSE l.pricemethod END as pricemethod,\n CASE WHEN l.quantity IS NULL THEN 1 ELSE l.quantity END as quantity\n FROM batches AS b LEFT JOIN batchList AS l \n ON b.batchID=l.batchID WHERE b.batchID=? ORDER BY l.pricemethod"); $r = $dbc->exec_statement($q, array($id)); $w = $dbc->fetch_row($r); if (!empty($w['salePrice'])) { $ret .= "<div class=\"well\">Add all items before fiddling with these settings\n or they'll tend to go haywire</div>"; $ret .= '<div id="paired-fields"> <div class="form-group form-inline">'; $ret .= '<label>Member only sale <input type="checkbox" name="member" value="1" ' . ($w['discounttype'] == 2 ? 'checked' : '') . ' /> </label>'; $ret .= ' | '; $ret .= '<label>Split discount <input type="checkbox" name="split" value="1" ' . ($w['pricemethod'] == 4 ? '' : 'checked') . ' /> </label>'; $ret .= '</div>'; $ret .= '<div class="form-group form-inline">'; $ret .= '<label>Qualifiers Required</label> '; $ret .= sprintf('<input type="number" class="form-control" value="%d" name="qualifiers" />', $w['quantity'] - 1); $ret .= ' <label>Discount</label> '; $ret .= sprintf('<div class="input-group"> <span class="input-group-addon">$</span> <input type="text" class="form-control" value="%.2f" name="discount" /></div>', empty($w['salePrice']) ? '' : abs($w['salePrice'])); $ret .= sprintf(' <button type="submit" class="btn btn-default" onclick="savePairedPricing(%d); return false;">Update Pricing</button>', $id); $ret .= '</div>'; $ret .= '</div>'; // end #paired-fields } else { $ret .= "<div class=\"alert alert-warning\">Add items first</div>"; } $fetchQ = $dbc->prepare_statement("\n SELECT b.upc,\n case when l.likeCode is null then p.description else l.likeCodeDesc end as description,\n p.normal_price,\n b.salePrice,\n b.batchID\n FROM batchList AS b \n " . DTrans::joinProducts('b') . "\n LEFT JOIN likeCodes as l on b.upc = concat('LC'+convert(l.likeCode,char))\n WHERE b.batchID = ? \n AND b.salePrice >= 0"); if ($FANNIE_SERVER_DBMS == "MSSQL") { $fetchQ = $dbc->prepare_statement("select b.upc,\n case when l.likecode is null then p.description\n else l.likecodedesc end as description,\n p.normal_price,b.salePrice\n from batchList as b \n " . DTrans::joinProducts('b') . "\n left join likeCodes as l on\n b.upc = 'LC'+convert(varchar,l.likecode)\n where b.batchID = ? AND b.salePrice >= 0"); } $fetchR = $dbc->exec_statement($fetchQ, array($id)); $ret .= '<table class="table" id="qualifier-table">'; $ret .= '<tr><th colspan="4">Qualifying Item(s)</th></tr>'; $ret .= $this->pairedTableBody($dbc, $fetchR); $ret .= "</table>"; $fetchQ = $dbc->prepare_statement("\n SELECT b.upc,\n case when l.likeCode is null then p.description else l.likeCodeDesc end as description,\n p.normal_price,\n b.salePrice,\n b.batchID\n FROM batchList AS b \n " . DTrans::joinProducts('b') . "\n LEFT JOIN likeCodes as l on b.upc = concat('LC'+convert(l.likeCode,char))\n WHERE b.batchID = ? \n AND b.salePrice < 0"); if ($FANNIE_SERVER_DBMS == "MSSQL") { $fetchQ = $dbc->prepare_statement("select b.upc,\n case when l.likecode is null then p.description\n else l.likecodedesc end as description,\n p.normal_price,b.salePrice\n from batchList as b \n " . DTrans::joinProducts('b') . "\n left join likeCodes as l on\n b.upc = 'LC'+convert(varchar,l.likecode)\n where b.batchID = ? AND b.salePrice < 0"); } $fetchR = $dbc->exec_statement($fetchQ, array($id)); $ret .= '<table class="table" id="discount-table">'; $ret .= '<tr><th colspan="4">Discount Item(s)</th></tr>'; $ret .= $this->pairedTableBody($dbc, $fetchR); $ret .= "</table>"; return $ret; }
<?php session_start(); $message = ''; //only logged in users can vote if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) { $message = "Log in to vote"; } require 'db_connect.php'; require 'getUID.php'; require 'getTotalVotes.php'; if ($message == '') { $username = $_SESSION['username']; $modified_username = mysqli_real_escape_string($db_handle, $username . ', '); $uid = getUID($db_handle, $_SESSION['username']); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $image_id = $_POST['image_id']; $modified_image_id = mysqli_real_escape_string($db_handle, $image_id . ','); //check if user has voted (optimize this to mysqli_multi_query in future) $SQL_stmt = "SELECT fusers_voted FROM files WHERE fid = '{$image_id}'"; $SQL_stmt2 = "SELECT images_voted FROM users WHERE uid = '{$uid}'"; //first query $query_result = mysqli_query($db_handle, $SQL_stmt); $actual_result = mysqli_fetch_assoc($query_result); $fusers_voted = mysqli_real_escape_string($db_handle, $actual_result['fusers_voted']); //second query $query_result = mysqli_query($db_handle, $SQL_stmt2); $actual_result = mysqli_fetch_assoc($query_result); $images_voted = mysqli_real_escape_string($db_handle, $actual_result['images_voted']); //if yes, then remove vote if (checkVoted($fusers_voted, $username)) {
/** * Delete product by his id * @return void */ public function delete() { //product id $id = $this->uri->segment(4); $p = $this->vouchers_model->get_product_by_id($id); if (isset($p[0]) && $p[0]['vendor_id'] != getUID()) { if (!is_admin()) { redirect('admin/vouchers'); } } $this->vouchers_model->delete_product($id); redirect('admin/vouchers'); }
return (int) $matches[1]; } $query = "SELECT * FROM war_audit_add_user"; $uidfile = GWF_CORE_PATH . 'module/Audit/ruth/lastwcid'; if (false === ($result = $db->queryRead($query))) { die('DB ERROR 1'); } while (false !== ($row = $db->fetchAssoc($result))) { $username = $row['username']; if (!preg_match('/^[a-z][a-z0-9_]{0,31}$/iD', $username)) { GWF_Cronjob::error('Username invalid: ' . $username); continue; } $create = false; $crypt_pass = escapeshellarg($row['password']); if (false === ($uid = getUID($username))) { $nextuid = trim(file_get_contents($uidfile)); $nextuid++; $uid = $nextuid; file_put_contents($uidfile, $uid); $create = true; } if ($uid > 3000) { if ($create) { system(GWF_PATH . 'core/module/Audit/ruth/adduser.sh' . " {$uid} {$username} {$crypt_pass}"); } else { system("/usr/sbin/usermod -p {$crypt_pass} {$username}"); } GWF_File::filewalker(GWF_CORE_PATH . 'module/Audit/challs', 'setup_chall', true, true, $username); if ($create) { $dirname = "/home/user/{$username}/level";
public function resetPassword($username) { if (!empty($username)) { if ($uid = getUID($username)) { $query = sprintf("SELECT time FROM tokens WHERE affects = %d AND type = %d", $this->sql->sanitize($uid), $this->sql->sanitize(USER_RESETPW)); $this->sql->query($query, SQL_FIRST); if (NULL == $this->sql->error) { if (!empty($this->sql->record[0])) { $this->error = "A reset request for this user has already been sent."; return FALSE; } $passwordHash = $this->crypto->genPassword(); $passwordHash = explode(':::::', $passwordHash); if ("" != ($email = $this->get($uid, USER_EMAIL))) { $token = $this->crypto->genUniqueID(); $query = sprintf("INSERT INTO tokens (id, type, time, affects) values ('%s', %d, %d, %d", $this->sql->sanitize($token), $this->sql->sanitize(USER_RESETPW), $this->sql->sanitize(time()), $this->sql->sanitize($uid)); $this->sql->query($query); if (NULL == $this->sql->error) { $envelope = array('dest' => $email, 'subject' => 'Your password has been reset.', 'message' => 'To retrieve your new password and disable your old' . 'passwords, please visit the following link: ' . WEBSITE_URL . '?module=auth&action=confirm&id=' . $token); if (emailAdmin($envelope)) { return TRUE; } else { $this->error = "There was a problem sending the confirmation e-mail."; return FALSE; } } } else { $this->error = "There is no e-mail assoiated with that user."; return FALSE; } } $this->error = "Query error."; return FALSE; } else { $this->error = "Invalid username."; return FALSE; } } else { $this->error = "You must enter a username."; return FALSE; } }
function deleteLogin($name) { if (!isAlphanumeric($name)) { return false; } if (!validateUser('admin')) { return false; } $sql = dbconnect(); $uid = getUID($name); $delQ = $sql->prepare_statement("delete from userPrivs where uid=?"); $delR = $sql->exec_statement($delQ, array($uid)); $deleteQ = $sql->prepare_statement("delete from Users where name=?"); $deleteR = $sql->exec_statement($deleteQ, array($name)); $groupQ = $sql->prepare_statement("DELETE FROM userGroups WHERE username=?"); $groupR = $sql->exec_statement($groupQ, array($name)); return true; }
<?php if (basename(__FILE__) != basename($_SERVER['PHP_SELF'])) { return; } include dirname(__FILE__) . '/../../../config.php'; if (!function_exists('validateUserQuiet')) { require $FANNIE_ROOT . 'auth/login.php'; } $all = validateUserQuiet('view_all_hours'); $name = checkLogin(); if ($all) { header("Location: WfcHtMenuPage.php"); } elseif ($name) { header("Location: WfcHtViewEmpPage.php?id=" . getUID($name)); } else { header("Location: {$FANNIE_URL}auth/ui/loginform.php?redirect={$_SERVER['PHP_SELF']}"); }
public function jianbaoList() { $uid = getUID(); $date = $this->_param('date'); if (!$uid) { $this->ajaxReturn(0, '请登录', 0); } $mode = M(); if (!isset($date)) { $query = "SELECT a.id,a.today,a.tomorrow,a.create_date,b.name,b.leader FROM `iqianjin_daily_group` as a left join `iqianjin_group` as b on a.group_id = b.id where to_days(a.create_date) = to_days(now())"; } else { $query = "SELECT a.id,a.today,a.tomorrow,a.create_date,b.name,b.leader FROM `iqianjin_daily_group` as a left join `iqianjin_group` as b on a.group_id = b.id where to_days(a.create_date) = to_days({$date})"; } $list = $mode->query($query); if ($list) { $this->ajaxReturn($list, 'ok', 1); } else { $this->ajaxReturn(0, 'fail', 0); } }
function activate($memNum) { global $sql; $model = new CustomerAccountSuspensionsModel($sql); $model->card_no($memNum); $username = checkLogin(); $uid = getUID($username); $auditQ = "insert custUpdate select now(),{$uid},1,* from custdata where cardno={$memNum}"; //$auditR = $sql->query($auditQ); $query = $sql->prepare("select type,memtype1,memtype2,discount,chargelimit,mailflag from suspensions where cardno=?"); $result = $sql->execute($query, array($memNum)); $row = $sql->fetch_array($result); // type S shouldn't exist any more, in here to deal with historical rows $mQ = $sql->prepare("update meminfo set ads_OK=? where card_no=?"); $cQ = $sql->prepare("update custdata set memType=?, Type=?,ChargeOk=1,Discount=?,MemDiscountLimit=?,ChargeLimit=?\n where CardNo=?"); if ($row[0] == 'I' || $row[0] == 'T' || $row[0] == 'S') { $mR = $sql->execute($mQ, array($row['mailflag'], $memNum)); $cR = $sql->execute($cQ, array($row['memtype1'], $row['memtype2'], $row['discount'], $row['chargelimit'], $row['chargelimit'], $memNum)); } else { if ($row[0] == 'X') { $mR = $sql->execute($mQ, array($row['mailflag'], $memNum)); $cR = $sql->execute($cQ, array($row['memtype1'], $row['memtype2'], $row['discount'], $row['chargelimit'], $row['chargelimit'], $memNum)); } } $query = $sql->prepare("delete from suspensions where cardno=?"); $result = $sql->execute($query, array($memNum)); $username = validateUserQuiet('editmembers'); $now = date("Y-m-d h:i:s"); $query = $sql->prepare("insert into suspension_history (username, postdate, post, cardno, reasoncode)\n values (?,?,'Account reactivated',?,-1)"); $result = $sql->execute($query, array($username, $now, $memNum)); // add record to denote account was activated // this record is not considered "active" because // the account is not suspended $model->reasonCode(0); $model->suspensionTypeID(0); $model->username($username); $model->tdate($now); $model->active(0); $model->save(); $model->reset(); $model->card_no($memNum); $model->active(1); foreach ($model->find() as $obj) { $obj->active(0); $obj->save(); } }
function syncUserLDAP($name, $uid, $fullname) { $currentUID = getUID($name); $sql = dbconnect(); if (!$currentUID) { $addQ = $sql->prepare_statement("INSERT INTO Users \n (name,password,salt,uid,session_id,real_name)\n VALUES (?,'','',?,'',?)"); $sql->exec_statement($addQ, array($name, $uid, $fullname)); } else { $upQ1 = $sql->prepare_statement("UPDATE Users SET real_name=?\n WHERE name=?"); $sql->exec_statement($upQ1, array($fullname, $name)); } }
if ($currentW[$column] != trim($new_value, "'")) { $CHANGES[$column] = array('old' => $currentW[$column], 'new' => trim($new_value, "'")); } } $sR = $dbc->query("SELECT superID FROM MasterSuperDepts WHERE dept_ID=" . $up_array['department']); $sID = 0; if ($dbc->num_rows($sR) > 0) { $sID = array_pop($dbc->fetch_row($sR)); } /* 1. Validate credentials of the operator. */ $uid = 0; if (!$validatedUser && !$auditedUser && $logged_in) { $validatedUser = validateUserQuiet('pricechange', $subdepartment); } if ($validatedUser) { $validatedUID = getUID($validatedUser); $uid = $validatedUID; } elseif ($auditedUser) { /* 2el. Notify dept manager of the new values. */ if (!empty($likeCode)) { \COREPOS\Fannie\API\lib\AuditLib::itemUpdate($upc, $likeCode); } else { \COREPOS\Fannie\API\lib\AuditLib::itemUpdate($upc); } } /* 2. Insert or update per-coop products data */ /* For WEFC_Toronto only * Store the raw versions of products.description and productUser.description in products_WEFC_Toronto. */ if (isset($FANNIE_COOP_ID) && $FANNIE_COOP_ID == "WEFC_Toronto") { $table_name = "products_{$FANNIE_COOP_ID}";
they don't have permission to change prices on all items. So get the sub department and check that. */ $deptSubQ = $sql->prepare("select superID from MasterSuperDepts where dept_ID = ?"); $deptSubR = $sql->execute($deptSubQ, array($dept)); $deptSubW = $sql->fetch_array($deptSubR); $deptSub = $deptSubW[0]; if (!$validatedUser && !$auditedUser && $logged_in) { $validatedUser = validateUserQuiet('pricechange', $deptSub); } $uid = 1005; if ($validatedUser) { $validatedUID = getUID($validatedUser); $uid = $validatedUID; } elseif ($auditedUser) { $auditedUID = getUID($auditedUser); $uid = $auditedUID; include '../../item/audit.php'; if (!empty($likeCode)) { audit($deptSub, $auditedUser, $upc, $descript, $price, $tax, $FS, $Scale, $NoDisc, $likeCode); } else { audit($deptSub, $auditedUser, $upc, $descript, $price, $tax, $FS, $Scale, $NoDisc); } } if (!$validatedUser && !$auditedUser && substr($upc, 0, 3) != "002") { echo "Please "; echo "<a href=/auth/ui/loginform.php?redirect=/queries/productTest.php?upc={$upc}>"; echo "login</a> to add new items"; return; } $price_method = 0;
is in that department */ $validated = false; $sql = hours_dbconnect(); $depts = array(10, 11, 12, 13, 20, 21, 30, 40, 41, 50, 60, 998); $checkQ = $sql->prepare_statement("select department from employees where empID=?"); $checkR = $sql->exec_statement($checkQ, array($empID)); $checkW = $sql->fetch_row($checkR); if (validateUserQuiet('view_all_hours', $checkW['department'])) { $validated = true; } /* no access permissions found, so only allow the logged in user to see themself */ if (!$validated) { $empID = getUID($name); } } echo "<html><head><title>View</title>"; echo "<style type=text/css>\n#payperiods {\n margin-top: 50px;\n}\n\n#payperiods td {\n text-align: right;\n}\n\n#payperiods th {\n text-align: center;\n}\n\n#payperiods td.left {\n text-align: left;\n}\n\n#payperiods th.left {\n text-align: left;\n}\n\n#payperiods th.right {\n text-align: right;\n}\n\ntr.one td {\n background: #ffffcc;\n}\ntr.one th {\n background: #ffffcc;\n text-align: right;\n}\n\ntr.two td {\n background: #ffffff;\n}\ntr.two th {\n background: #ffffff;\n text-align: right;\n}\na {\n color: blue;\n}\n\n#temptable th {\n text-align: left;\n}\n#temptable td {\n text-align: right;\n padding-left: 2em;\n}\n\n#temptable {\n font-size: 125%;\n}\n\n#newtable th{\n text-align: left;\n}\n#newtable td{\n text-align: right;\n}\n\n</style>"; echo "</head><body>"; echo "<h3>Salary Employee PTO Status</h3>"; $sql = hours_dbconnect(); $infoQ = $sql->prepare_statement("select e.name,e.adpID,\n s.totalTaken as daysTaken\n from employees as e left join\n salarypto_ytd as s on e.empID=s.empID\n where e.empID=?"); $infoR = $sql->exec_statement($infoQ, array($empID)); $infoW = $sql->fetch_row($infoR); echo "<h2>{$infoW['0']} [ <a href={$FANNIE_URL}auth/ui/loginform.php?logout=yes>Logout</a> ]</h2>"; echo "<table cellspacing=0 cellpadding=4 border=1 id=newtable>"; echo "<tr class=one><th>PTO Allocation</th><td>{$infoW['1']}</td></tr>"; echo "<tr class=two><th>PTO Taken, YTD</th><td>{$infoW['2']}</td></tr>"; echo "<tr class=one><th>PTO Remaining</th><td>" . ($infoW[1] - $infoW[2]) . "</td></tr>";
<?php include '../../../config.php'; require $FANNIE_ROOT . 'auth/login.php'; $all = validateUserQuiet('view_all_hours'); $name = checkLogin(); if ($all) { header("Location: menu.php"); } elseif ($name) { header("Location: viewEmployee.php?id=" . getUID($name)); } else { header("Location: {$FANNIE_URL}auth/ui/loginform.php?redirect={$FANNIE_URL}legacy/it/hours/"); }
function checkAuth($name, $auth_class, $sub = 'all') { if (init_check()) { return 'init'; } if (!isAlphanumeric($name) or !isAlphanumeric($auth_class) or !isAlphanumeric($sub)) { return false; } $uid = getUID($name); if (!$uid) { return false; } $sql = dbconnect(); $checkQ = $sql->prepare_statement("select * from userPrivs where uid=? and auth_class=? and\n ((? between sub_start and sub_end) or (sub_start='all' and sub_end='all'))"); $checkR = $sql->exec_statement($checkQ, array($uid, $auth_class, $sub)); if ($sql->num_rows($checkR) == 0) { return false; } return true; }