function checkSecurity() { $querystatement = "\n SELECT\n roleid\n FROM\n tableoptions\n WHERE\n name= 'massemail'\n AND tabledefid = 'tbld:6d290174-8b73-e199-fe6c-bcf3d4b61083'\n "; $queryresult = $this->db->query($querystatement); $therecord = $this->db->fetchArray($queryresult); if (hasRights($therecord["roleid"])) { return true; } else { return false; } }
/** * function checkRight * * Checks report record and current user to make sure they have rights to run this report */ function checkRights() { $querystatement = "\n SELECT\n `roleid`\n FROM\n `reports`\n WHERE\n `uuid` = '" . $this->reportUUID . "'\n "; $queryresult = $this->db->query($querystatement); if ($this->db->numRows($queryresult)) { $therecord = $this->db->fetchArray($queryresult); if (!hasRights($therecord["roleid"])) { goURL(APP_PATH . "noaccess.php"); } } else { $error = new appError(500, "Bad report uuid"); } }
<nav id="site-nav"> <ul class="nav nav-pills"> <li role="presentation"><a href="index.php">Home</a></li> <?php if (hasRights(100)) { ?> <li role="presentation"><a href="admin.php">Admin</a></li> <li role="presentation"><a href="logout.php">Log out</a></li> <?php } else { ?> <li role="presentation"><a href="login.php">Login</a></li> <?php } ?> </ul> </nav>
function processImportPage() { $this->table->getTableInfo(); if (isset($_POST["pageType"])) { $this->pageType = $_POST["pageType"]; } if (isset($_POST["tempFileID"])) { $this->tempFileID = (int) $_POST["tempFileID"]; } if (!isset($_POST["command"])) { //happens upon first coming to page //remove any other temporary csv files in the `files` table //present from previous imports $this->_removeTempCSV(); //check to see if user has the rights to be here. //If not, kick him to the no access page. if (!hasRights($this->table->importroleid)) { goURL(APP_PATH . "noaccess.php"); } } else { //form has been submitted switch ($_POST["command"]) { //cancel button pressed. case "cancel": //Cancel button needs to do different things depending upon which page //its at. if ($this->pageType == "main") { goURL($this->table->backurl); } else { $this->_removeTempCSV($this->tempFileID); $therecord["phpbmsStatus"] = "Record(s) Not Imported"; $this->pageType = "main"; } //end if break; case "upload": //check for valid file upload if (!$_FILES["import"]["error"] && $_FILES["import"]["size"] > 0) { //check and parse the file if ($this->_parseFromData($_FILES["import"]["tmp_name"])) { //start transaction $this->table->db->startTransaction(); $this->importRecords($this->parser->data, $this->parser->titles); //get data for preview purposes $this->_getTransactionData(); //"undo" any inserts $this->table->db->rollbackTransaction(); //DO NOT CALL IN TRANSACTION //ALTER TABLES AUTO COMMIT AND THE FILE NEEDS TO CARRY //OVER. $this->_revertAutoIncrement($this->revertID); $this->_storeTempCSV($_FILES["import"]["tmp_name"]); } //end if } else { $this->docError .= "failed file upload"; } //switch page types $this->pageType = "confirm"; if (!$this->error && !$this->docError) { $therecord["phpbmsStatus"] = "Confirm Import"; } elseif ($this->docError) { $therecord["phpbmsStatus"] = "Import Error: " . $this->docError; $this->pageType = "main"; } else { $therecord["phpbmsStatus"] = "Import Error"; } break; case "import": //get the contents of the stored csv document $CSVcontents = $this->_getTempCSV($this->tempFileID); //parser uses newline character to be able to parse the last line if (substr($CSVcontents, -1, 1) != "\n") { $CSVcontents .= "\n"; } $this->parser->parse($CSVcontents); $this->importRecords($this->parser->data, $this->parser->titles); $this->table->db->commitTransaction(); //DO NOT CALL IN TRANSACTION //get rid of temporary csv document $this->_removeTempCSV($this->tempFileID); $therecord["phpbmsStatus"] = "Record(s) Imported"; //change page type $this->pageType = "main"; break; } //end command switch } // end if //display the title $therecord["title"] = $this->table->displayname . " Import"; return $therecord; }
<?php session_start(); echo "Username: "******"<br>"; echo "Password: "******"<br>"; echo "Gebruiker ingelogd: " . returnIngelogd($_COOKIE['gebruikerIngelogd']) . "<br>"; echo "Administrator: " . checkAdministrator($_SESSION['admin']) . "<br>"; echo "<h4>" . hasRights($_COOKIE['gebruikerIngelogd'], $_SESSION['admin']) . "</h4>"; function checkUsername($gebruikerIngelogd, $username) { if (returnIngelogd($gebruikerIngelogd) == "Ja") { return $username; } else { return "gast"; } } function checkPassword($gebruikerIngelogd, $password) { if (returnIngelogd($gebruikerIngelogd) == "Ja") { return $password; } else { return "geen wachtwoord"; } } function returnIngelogd($gebruikerIngelogd) { if ($gebruikerIngelogd != "") { return "Ja"; } else { return "Nee"; }
function prepareVariables($variables) { switch ($variables["id"]) { case "": case NULL: case 0: if (!hasRights("role:de7e6679-8bb2-29ee-4883-2fcd756fb120")) { unset($this->fields["partnumber"]); unset($this->fields["partname"]); unset($this->fields["upc"]); unset($this->fields["description"]); unset($this->fields["inactive"]); unset($this->fields["taxable"]); unset($this->fields["unitprice"]); unset($this->fields["unitcost"]); unset($this->fields["unitofmeasure"]); unset($this->fields["type"]); unset($this->fields["categoryid"]); unset($this->fields["webenabled"]); unset($this->fields["keywords"]); unset($this->fields["webdescription"]); } else { //user has rights. Let's format everything. $variables = $this->_commonPrepareVariables($variables); } //end if if ($variables["packagesperitem"]) { $variables["packagesperitem"] = 1 / $variables["packagesperitem"]; } break; default: $variables = $this->_commonPrepareVariables($variables); if (isset($variables["packagesperitem"])) { if ($variables["packagesperitem"]) { $variables["packagesperitem"] = 1 / $variables["packagesperitem"]; } } break; } //end switch return $variables; }
function updateRecord($variables, $modifiedby = NULL, $useUuid = false) { //can't modify an invoice if (isset($variables["oldType"])) { if ($variables["oldType"] == "Invoice") { return false; } } //can't modify payment information if you do not have sales rights if (!hasRights("role:de7e6679-8bb2-29ee-4883-2fcd756fb120")) { unset($this->fields["paymentmethodid"]); unset($this->fields["checkno"]); unset($this->fields["bankname"]); unset($this->fields["ccnumber"]); unset($this->fields["ccexpiration"]); unset($this->fields["accountnumber"]); unset($this->fields["routingnumber"]); unset($this->fields["transactionid"]); } else { if (ENCRYPT_PAYMENT_FIELDS && (isset($variables["ccnumber"]) || isset($variables["ccexpiration"]) || isset($variables["ccverification"]) || isset($variables["accountnumber"]) || isset($variables["routingnumber"]))) { if ($useUuid) { $whereclause = "`uuid` = '" . mysql_real_escape_string($variables["uuid"]) . "'"; } else { $whereclause = "`id` = '" . (int) $variables["id"] . "'"; } $querystatement = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`invoices`\n\t\t\t\t\tSET "; $fieldlist = ""; if (isset($variables["ccnumber"])) { $variables["ccnumber"] = mysql_real_escape_string($variables["ccnumber"]); $fieldlist .= ", `ccnumber` = " . $this->db->encrypt("'" . $variables["ccnumber"] . "'"); } //end if if (isset($variables["ccexpiration"])) { $variables["ccexpiration"] = mysql_real_escape_string($variables["ccexpiration"]); $fieldlist .= ", `ccexpiration` = " . $this->db->encrypt("'" . $variables["ccexpiration"] . "'"); } //end if if (isset($variables["ccverification"])) { $variables["ccverification"] = mysql_real_escape_string($variables["ccverification"]); $fieldlist .= ", `ccverification` = " . $this->db->encrypt("'" . $variables["ccverification"] . "'"); } //end if if (isset($variables["accountnumber"])) { $variables["accountnumber"] = mysql_real_escape_string($variables["accountnumber"]); $fieldlist .= ", `accountnumber` = " . $this->db->encrypt("'" . $variables["accountnumber"] . "'"); } //end if if (isset($variables["routingnumber"])) { $variables["routingnumber"] = mysql_real_escape_string($variables["routingnumber"]); $fieldlist .= ", `routingnumber` = " . $this->db->encrypt("'" . $variables["routingnumber"] . "'"); } //end if $fieldlist = substr($fieldlist, 1); $querystatement .= $fieldlist . " WHERE `type` != 'Invoice' AND `type` != 'VOID' AND " . $whereclause; $this->db->query($querystatement); } //end if } //end if if (parent::updateRecord($variables, $modifiedby, $useUuid)) { if (!isset($variables["id"])) { $variables["id"] = getId($this->db, $this->uuid, $variables["uuid"]); } if ($variables["lineitemschanged"] == 1) { if ($this->lineitems === NULL) { $this->lineitems = new lineitems($this->db, $variables["id"]); } else { $this->lineitems->invoiceid = $variables["id"]; } $this->lineitems->set($variables["thelineitems"], $modifiedby); } //endif if ($variables["statuschanged"] == 1) { $this->updateStatus($variables["id"], $variables["statusid"], $variables["statusdate"], $variables["assignedtoid"]); } // Check to see if we need to update/create the client addresses from the // billing address if (!isset($variables["billingsaveoptions"])) { $variables["billingsaveoptions"] = NULL; } if (!isset($variables["shiptosaveoptions"])) { $variables["shiptosaveoptions"] = NULL; } if ($variables["billingsaveoptions"] != "orderOnly" || $variables["shiptosaveoptions"] != "orderOnly") { require_once "addresses.php"; require_once "addresstorecord.php"; $this->addressUpdate($variables, $variables["id"], $modifiedby, "billing"); $this->addressUpdate($variables, $variables["id"], $modifiedby, "shipping"); } //end if } //end if if ($variables["clienttype"] == "prospect" && $variables["type"] == "Order") { $this->prospectToClient($variables["clientid"]); } //reset field after updating (if unset by rights management) $this->getTableInfo(); }
function display() { ?> <div id="menu"> <h1><a href="<?php echo APP_PATH . DEFAULT_LOAD_PAGE; ?> " title="<?php echo htmlQuotes(APPLICATION_NAME); ?> " name="toptop"><span><?php echo APPLICATION_NAME; ?> </span></a></h1> <div id="menuRighthand"><?php echo htmlQuotes(trim($_SESSION["userinfo"]["firstname"] . " " . $_SESSION["userinfo"]["lastname"])); ?> </div> <ul id="menuBar"> <?php $submenustring = ""; while ($menurecord = $this->db->fetchArray($this->menuresult)) { if (hasRights($menurecord["roleid"])) { if ($menurecord["link"]) { if (strpos($menurecord["link"], "http") !== 0 && strpos($menurecord["link"], "javascript") !== 0) { $menurecord["link"] = APP_PATH . $menurecord["link"]; } ?> <li class="firstLevel"><a href="<?php echo $menurecord["link"]; ?> "><?php echo $menurecord["name"]; ?> </a></li><?php } else { ?> <li class="firstLevel"><a href="#toptop" class="topMenus" id="menu<?php echo $menurecord["id"]; ?> "><?php echo $menurecord["name"]; ?> </a></li><li class="submenusli"><ul class="submenuitems" id="submenu<?php echo $menurecord["id"]; ?> "><?php $subitemsquery = $this->getSubItems($menurecord["uuid"]); if ($subitemsquery) { $sep = false; while ($subrecord = $this->db->fetchArray($subitemsquery)) { if ($subrecord["name"] == "----") { $sep = true; } else { if (hasRights($subrecord["roleid"])) { if (strpos($subrecord["link"], "http") !== 0 && strpos($subrecord["link"], "javascript") !== 0) { $subrecord["link"] = APP_PATH . $subrecord["link"]; } if (strpos($subrecord["link"], "javascript") === 0) { $subrecord["link"] = "#\" onclick=\"" . str_replace("javascript:", "", $subrecord["link"]); } ?> <li <?php if ($sep) { echo " class=\"menuSep\" "; } ?> ><a href="<?php echo $subrecord["link"]; ?> "> <?php echo $subrecord["name"]; ?> </a></li><?php $sep = false; } //end if } //end if } //end while } //end if ?> </ul></li><?php } //end if } //end if } //end while ?> </ul></div><?php }
$tempwhere = substr($tempwhere, 3); $displayTable->querywhereclause = $tempwhere; break; case "advanced search": if (!hasRights($displayTable->thetabledef["advsearchroleid"])) { goURL(APP_PATH . "noaccess.php"); } $displayTable->recordoffset = 0; $displayTable->querywhereclause = stripslashes($_POST["advancedsearch"]); $displayTable->querytype = "advanced search"; break; case "run search": /** * Run a loaded search */ if (!hasRights($displayTable->thetabledef["advsearchroleid"])) { /** * Need to load search from id, because the * person does not have rights to override loaded * searches */ $querystatement = "\n SELECT\n sqlclause\n FROM\n usersearches\n WHERE id=" . (int) $_POST["LSList"]; $queryresult = $db->query($querystatement); $therecord = $db->fetchArray($queryresult); $_POST["LSSQL"] = $therecord["sqlclause"]; } //endif $displayTable->recordoffset = 0; $displayTable->querywhereclause = stripslashes($_POST["LSSQL"]); $displayTable->querytype = "advanced search"; break;
/** * displays the load box for saved searches * * @param integer $tabledefid id of tabledef * @param string $userid uuid of user * @param string $securitywhere additional security based where clause to pass */ function showLoad($tabledefid, $userid, $securitywhere) { $uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid); $querystatement = "\n SELECT\n id,\n name,\n userid\n FROM\n usersearches\n WHERE\n tabledefid = '" . $uuid . "'\n AND type='SCH'\n AND (\n (userid = '' " . $securitywhere . ")\n OR userid = '" . $userid . "')\n ORDER BY\n userid,\n name"; $queryresult = $this->db->query($querystatement); if (!$queryresult) { $error = new appError(500, "Cannot retrieve saved search information"); } $querystatement = "\n SELECT\n advsearchroleid\n FROM\n tabledefs\n WHERE id= '" . $tabledefid . "'"; $tabledefresult = $this->db->query($querystatement); if (!$tabledefresult) { $error = new appError(500, "Cannot retrieve table definition information."); } $tableinfo = $this->db->fetchArray($tabledefresult); ?> <table border="0" cellpadding="0" cellspacing="0"> <tr> <td valign="top"> <p> <label for="LSList">saved searches</label><br /> <?php $this->showSavedSearchList($queryresult); ?> </p> </td> <td valign="top" width="100%"> <p> <label for="LSSelectedSearch">name</label><br /> <input type="text" id="LSSelectedSearch" size="10" readonly="readonly" class="uneditable" /> </p> <p> <textarea id="LSSQL" name="LSSQL" rows="8" cols="10" <?php if (!hasRights($tableinfo["advsearchroleid"])) { echo ' readonly="readonly"'; } ?> ></textarea> </p> </td> <td valign="top"> <p><br/><input id="LSLoad" type="submit" name="command" class="Buttons" disabled="disabled" value="run search"/></p> <p><input id="LSDelete" type="button" onclick="LSDeleteSearch('<?php echo APP_PATH; ?> ')" class="Buttons" disabled="disabled" value="delete"/></p> <div id="LSResults"> </div> </td> </tr> </table> <?php }
<?php require_once 'includes/db-connect.php'; require_once 'includes/functions.php'; if (!hasRights(100)) { header('Location: index.php'); exit; } if (isset($_POST['title'])) { extract($_POST); if (!empty($title) && !empty($teaser) && !empty($content)) { if (!isset($_GET['edit'])) { $statement = $conn->prepare("INSERT INTO articles(title, teaser, content, postedOn, teaserIMG) VALUES(:title, :teaser, :content, :postedOn, :teaserIMG\n )"); $statement->execute(array(':title' => $title, ':teaser' => $teaser, ':content' => $content, ':postedOn' => time(), ':teaserIMG' => '')); $id = $conn->lastInsertId(); $feedback = getFeedback("Your article has been posted. See it <a href='article.php?id={$id}'>here</a>.", 'success'); } else { $statement = $conn->prepare("UPDATE articles SET\n title = :title,\n teaser = :teaser,\n content = :content\n WHERE id = :id"); $statement->execute(array(':title' => $title, ':teaser' => $teaser, ':content' => $content, ':id' => $_GET['edit'])); $feedback = getFeedback("Your article has been updated. See it <a href='article.php?id={$_GET['edit']}'>here</a>.", 'success'); } } else { $feedback = getFeedback('Please add a title, teaser and image to your blog post.', 'warning'); } } if (isset($_GET['deleteId'])) { $statement = $conn->prepare("DELETE FROM articles WHERE id = :id"); $statement->execute(array(':id' => $_GET['deleteId'])); $feedback = getFeedback('Your Post has been deleted.', 'success'); } if (isset($_GET['edit'])) { $statement = $conn->prepare("SELECT * FROM articles WHERE id = :id");
function displayQueryButtons() { global $phpbms; ?> <div id="resultInfoDiv"><?php if (!isset($this->tableoptions["new"])) { $this->tableoptions["new"]["allowed"] = 0; $this->tableoptions["new"]["roleid"] = 0; $this->tableoptions["new"]["needselect"] = 0; } if (!isset($this->tableoptions["select"])) { $this->tableoptions["select"]["allowed"] = 0; $this->tableoptions["select"]["roleid"] = 0; $this->tableoptions["select"]["needselect"] = 0; } if (!isset($this->tableoptions["edit"])) { $this->tableoptions["edit"]["allowed"] = 0; $this->tableoptions["edit"]["roleid"] = 0; $this->tableoptions["edit"]["needselect"] = 0; } if (!isset($this->tableoptions["printex"])) { $this->tableoptions["printex"]["allowed"] = 0; $this->tableoptions["printex"]["roleid"] = 0; $this->tableoptions["printex"]["needselect"] = 0; } if (!isset($this->tableoptions["import"])) { $this->tableoptions["import"]["allowed"] = 0; $this->tableoptions["import"]["roleid"] = 0; $this->tableoptions["import"]["needselect"] = 0; } if (!isset($this->tableoptions["othercommands"])) { $this->tableoptions["othercommands"] = false; } // If they have rights to see the SQL statement, spit it out here. if (hasRights($this->thetabledef["viewsqlroleid"])) { ?> <div id="sqlstatement"> <fieldset> <legend>SQL Statement</legend> <div id="theSqlText" class="mono small"><?php echo stripslashes(htmlQuotes($this->querystatement)); ?> </div> </fieldset><?php if ($this->sqlerror) { ?> <fieldset> <legend><span style="text-transform:capitalize">SQL</span> Error</legend> <div><?php echo $this->sqlerror; ?> </div> </fieldset><?php } ?> </div> <?php } ?> <div id="commandSet"><?php if ($this->numrows) { ?> <div id="numCount" align="right" class="small"><input type="hidden" id="deleteCommand" name="deleteCommand" value="" /><?php if ($this->truecount <= RECORD_LIMIT) { echo "<div>records: " . $this->numrows . "</div>"; } else { ?> <input name="offset" type="hidden" value="" /><select name="offsetselector" onchange="this.form.offset.value=this.value;this.form.submit();"> <?php $displayedoffset = 0; while ($displayedoffset < $this->truecount) { ?> <option value="<?php echo $displayedoffset; ?> " <?php if ($displayedoffset == $this->recordoffset) { echo "selected=\"selected\""; } ?> ><?php echo $displayedoffset + 1; ?> -<?php if ($displayedoffset + RECORD_LIMIT < $this->truecount) { echo $displayedoffset + RECORD_LIMIT; } else { echo $this->truecount; } ?> </option><?php $displayedoffset += RECORD_LIMIT; } ?> </select> of <?php echo $this->truecount; if ($this->recordoffset > 0) { ?> <button type="button" class="graphicButtons buttonRew" onclick="document.search.offset.value=<?php echo $this->recordoffset - RECORD_LIMIT; ?> ;document.search.submit();"><span>prev.</span></button><?php } if ($this->numrows + $this->recordoffset < $this->truecount) { ?> <button type="button" class="graphicButtons buttonFF" onclick="document.search.offset.value=<?php echo $this->recordoffset + RECORD_LIMIT; ?> ;document.search.submit();"><span>next</span></button><?php } } //end if ?> </div><?php } //end if ?> <ul id="recordCommands"> <?php $showFirst = ' id="firstToolbarItem" '; if ($this->tableoptions["new"]["allowed"] && hasRights($this->tableoptions["new"]["roleid"])) { ?> <li <?php echo $showFirst; ?> > <a href="#" id="newRecord" class="newRecord" accesskey="n" title="new record (alt + n)" onclick="addRecord();return false;"><span>new</span></a> </li><?php $showFirst = NULL; } if ($this->numrows) { if ($this->tableoptions["edit"]["allowed"] && hasRights($this->tableoptions["edit"]["roleid"])) { ?> <li <?php echo $showFirst; ?> > <a href="#" id="editRecord" class="editRecordDisabled" accesskey="e" onclick="return editButton();" title="edit record (alt + e)"><span>edit</span></a> </li> <?php $showFirst = NULL; } //end if if ($this->thetabledef["deletebutton"] == "delete") { ?> <li <?php echo $showFirst; ?> > <a href="#" id="deleteRecord" class="deleteRecordDisabled" accesskey="d" onclick="confirmDelete('delete');return false" title="delete record (alt + d)"><span>delete</span></a> </li> <?php $showFirst = NULL; } //end if if ($this->tableoptions["printex"]["allowed"] && hasRights($this->tableoptions["printex"]["roleid"])) { ?> <li <?php echo $showFirst; ?> > <a href="#" id="print" class="print" accesskey="p" onclick="doPrint();return false" title="print report (alt + p)"><span>print</span></a> <input type="hidden" id="doprint" name="doprint" value="no" /> </li> <?php $showFirst = NULL; } //end if } //end if --numrows-- if ($this->tableoptions["othercommands"] || $this->tableoptions["import"]["allowed"] && hasRights($this->tableoptions["import"]["roleid"]) || $this->thetabledef["deletebutton"] != "delete" && $this->thetabledef["deletebutton"] != "NA") { ?> <li <?php echo $showFirst; ?> > <a href="#" id="otherCommandButton" class="otherCommands" onclick="showDropDown('otherDropDown');return false" title="other commands"><span>other commands</span></a> <div id="otherDropDown" class="toolbarDropDowns" style="display:none"> <ul> <?php if ($this->thetabledef["deletebutton"] != "delete" && $this->thetabledef["deletebutton"] != "NA") { ?> <li><a class="needselectDisabled" href="#" title="(alt + d)" onclick="chooseOtherCommand('-1','<?php echo $this->thetabledef["deletebutton"]; ?> ',this); return false;"><strong><?php echo $this->thetabledef["deletebutton"]; ?> </strong></a></li> <?php $displayOrder = -1; } else { $displayOrder = 0; } if ($this->tableoptions["import"]["allowed"] && hasRights($this->tableoptions["import"]["roleid"])) { $class = ''; if ($this->tableoptions["import"]["needselect"]) { $class = 'class="needselectDisabled"'; } ?> <li><a <?php echo $class; ?> href="#" title="" onclick="chooseOtherCommand('-2','', this); return false;">import</a></li> <?php $displayOrder = -1; } else { $displayOrder = $displayOrder != -1 ? 0 : -1; } if ($this->tableoptions["othercommands"]) { foreach ($this->tableoptions["othercommands"] as $command) { if (hasRights($command["roleid"])) { $aclass = ""; $liclass = ""; if ($command["displayorder"] != $displayOrder) { $liclass = ' class="menuSep"'; $displayOrder = $command["displayorder"]; } if ($command["needselect"]) { $aclass = ' class="needselectDisabled"'; } ?> <li<?php echo $liclass; ?> ><a<?php echo $aclass; ?> href="#" onclick="chooseOtherCommand('<?php echo $command["id"]; ?> ','',this); return false;"><?php echo $command["name"]; ?> </a></li> <?php } //end if } //endforeach } //end if ?> </ul> </div><input id="othercommands" name="othercommands" type="hidden"/> </li> <?php $showFirst = NULL; } //end if if ($this->numrows) { if ($this->tableoptions["select"]["allowed"] && hasRights($this->tableoptions["select"]["roleid"])) { ?> <li <?php echo $showFirst; ?> > <a href="#" id="searchSelection" class="searchSelection" onclick="showDropDown('searchSelectionDropDown');return false" title="selection"><span>selection</span></a> <div id="searchSelectionDropDown" class="toolbarDropDowns" style="display:none"> <ul> <li><a href="#" onclick="performToSelection('selectall');return false;" accesskey="a" title="select all (alt + a)">select all</a></li> <li><a href="#" onclick="performToSelection('selectnone');return false;" accesskey="x" title="select none (alt + x)">select none</a></li> <li class="menuSep"><a href="#" onclick="performToSelection('keepselected');return false;" accesskey="k" title="keep selected (alt + k)">show only selected records</a></li> <li><a href="#" onclick="performToSelection('omitselected');return false;" accesskey="o" title="omit selected (alt + o)">remove selected records from view</a></li> </ul> </div> </li> <?php $showFirst = NULL; } //end if } //end if numrows if (hasRights($this->thetabledef["viewsqlroleid"])) { ?> <li> <a href="#" id="showSQLButton" class="sqlUp" onclick="return false;" title="Show SQL Statement"><span>show SQL</span></a> </li> <?php } //end rights ?> </ul> </div></div> <?php $phpbms->bottomJS[] = ' var addFile = "' . APP_PATH . $this->thetabledef["addfile"] . '"'; $phpbms->bottomJS[] = ' var editFile = "' . APP_PATH . $this->thetabledef["editfile"] . '"'; //for the import page, "" == the general page instead. $import = $this->thetabledef["importfile"] ? $this->thetabledef["importfile"] : "modules/base/general_import.php?id=" . urlencode($this->thetabledef["uuid"]); $phpbms->bottomJS[] = ' var importFile = "' . APP_PATH . $import . '"'; }
<p> <label for="trackingno">tracking number</label><br /> <input id="trackingno" name="trackingno" type="text" value="<?php echo htmlQuotes($therecord["trackingno"]); ?> " size="40" maxlength="64" /> </p> </fieldset> </div> <div id="vContent4" class="vContent"> <fieldset> <legend>Payment</legend> <?php if (hasRights("role:de7e6679-8bb2-29ee-4883-2fcd756fb120")) { ?> <p> <label for="paymentmethodid">payment method</label><br /> <?php $thetable->showPaymentSelect($therecord["paymentmethodid"], $paymentMethods); $paymentButtonDisable = ""; if ($therecord["paymentmethodid"] == 0) { $paymentButtonDisable = "Disabled"; } else { if ($paymentMethods[$therecord["paymentmethodid"]]["onlineprocess"] == 0) { $paymentButtonDisable = "Disabled"; } } ?> <button id="paymentProcessButton" type="button" class="graphicButtons buttonMoney<?php
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A | | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | | +-------------------------------------------------------------------------+ */ include "../../include/session.php"; include "include/fields.php"; if (!hasRights("role:259ead9f-100b-55b5-508a-27e33a6216bf")) { goURL(APP_PATH . "noaccess.php"); } if (!isset($_POST["fromdate"])) { $_POST["fromdate"] = dateToString(strtotime("-1 year")); } if (!isset($_POST["todate"])) { $_POST["todate"] = dateToString(mktime()); } if (!isset($_POST["status"])) { $_POST["status"] = "Orders and Invoices"; } if (!isset($_POST["command"])) { $_POST["command"] = "show"; } if (!isset($_POST["date_order"])) {
/** * Generates and displays tabs based on a tab group name * * @param string $groupname The name of the tab grup to display * @param string $currenttabid The UUID of the currentl selected tab * @param string $recordid id of the current record */ function showTabs($tabgroup, $currenttabid, $recordid = 0) { $querystatement = "\n SELECT\n `uuid`,\n `name`,\n `location`,\n `enableonnew`,\n `notificationsql`,\n `tooltip`,\n `roleid`\n FROM\n `tabs`\n WHERE\n `tabgroup` ='" . $tabgroup . "'\n ORDER BY\n `displayorder`"; $queryresult = $this->db->query($querystatement); ?> <ul class="tabs"><?php while ($therecord = $this->db->fetchArray($queryresult)) { if (hasRights($therecord["roleid"])) { ?> <li <?php if ($therecord["uuid"] == $currenttabid) { echo "class=\"tabsSel\""; } ?> ><?php if ($therecord["uuid"] == $currenttabid || $recordid == 0 && $therecord["enableonnew"] == 0) { $opener = "<div>"; $closer = "</div>"; } else { $opener = "<a href=\"" . APP_PATH . $therecord["location"] . "?id=" . urlencode($recordid) . "\">"; $closer = "</a>"; } //endif if ($therecord["notificationsql"] != "") { $therecord["notificationsql"] = str_replace("{{id}}", (int) $recordid, $therecord["notificationsql"]); $notificationresult = $this->db->query($therecord["notificationsql"]); if ($this->db->numRows($notificationresult) != 0) { $notificationrecord = $this->db->fetchArray($notificationresult); if (isset($notificationrecord["theresult"])) { if ($notificationrecord["theresult"] > 0) { $opener .= "<span>"; $closer = "</span>" . $closer; } } //endif } //endif } //endif echo $opener . $therecord["name"] . $closer; ?> </li><?php } //endif hasRights } //end whilt ?> </ul><?php }
| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | | +-------------------------------------------------------------------------+ */ require_once "../../include/session.php"; require_once "include/fields.php"; foreach ($phpbms->modules as $module => $moduleinfo) { if ($module != "base" && file_exists("../" . $module . "/adminsettings.php")) { include "modules/" . $module . "/adminsettings.php"; } } require_once "modules/base/include/adminsettings_include.php"; $settings = new settings($db); if (!hasRights("Admin")) { goURL(APP_PATH . "noaccess.php"); } if (isset($_POST["command"])) { $statusmessage = $settings->processForm($_POST); } $therecord = $settings->getSettings(); $pageTitle = "Configuration"; $phpbms->cssIncludes[] = "pages/base/adminsettings.css"; $phpbms->jsIncludes[] = "modules/base/javascript/adminsettings.js"; foreach ($phpbms->modules as $module => $moduleinfo) { if ($module != "base" && file_exists("../" . $module . "/javascript/adminsettings.js")) { $phpbms->jsIncludes[] = "modules/" . $module . "/javascript/adminsettings.js"; } } //Form Elements
function processAddEditPage() { // no command parameter present? if (!isset($_POST["command"])) { // assuming just entered the page (no POST) // presence of a GET id means editing an existing record // (vs. creating a new) if (isset($_GET["id"])) { //editing... make sure they have access to edit if (!hasRights($this->editroleid)) { goURL(APP_PATH . "noaccess.php"); } else { $this->getCustomFieldInfo(); return $this->getRecord((int) $_GET["id"]); } //endif } else { //creating new record if (!hasRights($this->addroleid)) { goURL(APP_PATH . "noaccess.php"); } else { $this->getCustomFieldInfo(); return $this->getDefaults(); } //endif } //end if GET-id } else { // command present switch ($_POST["command"]) { //pressed the cancel button case "cancel": // if we needed to do any clean up (deleteing temp line items) if (!isset($_POST["id"])) { $_POST["id"] = 0; } $theurl = $this->backurl; if (isset($_POST["id"])) { $theurl .= "#" . (int) $_POST["id"]; } goURL($theurl); break; case "save": if (!hasRights($this->editroleid)) { goURL(APP_PATH . "noaccess.php"); } $variables = $this->prepareVariables($_POST); $errorArray = $this->verifyVariables($variables); if ($_POST["id"]) { $theid = $variables["id"]; if (!count($errorArray)) { $this->updateRecord($variables); if (isset($variables["getid"])) { if (is_numeric($variables["getid"])) { $theid = (int) $variables["getid"]; } } // special variable to override the //id for get record //get record $this->getCustomFieldInfo(); $therecord = $this->getRecord($theid); $therecord["phpbmsStatus"] = "Record Updated"; } else { foreach ($errorArray as $error) { $logError = new appError(-900, $error, "Verification Error"); } //get record $this->getCustomFieldInfo(); $therecord = $this->getRecord($theid); $therecord["phpbmsStatus"] = "Data Verification Error"; } //end if return $therecord; } else { $theid = 0; if (!count($errorArray)) { $theid = $this->insertRecord($variables); //get record $therecord = $this->getRecord($theid); $therecord["phpbmsStatus"] = "<div style=\"float:right;margin-top:-3px;\"><button type=\"button\" accesskey=\"n\" class=\"smallButtons\" onclick=\"document.location='" . str_replace("&", "&", $_SERVER["REQUEST_URI"]) . "'\">add new</button></div>"; $therecord["phpbmsStatus"] .= "Record Created"; } else { foreach ($errorArray as $error) { $logError = new appError(-900, $error, "Verification Error"); } //get record $therecord = $this->getRecord($theid); $therecord["phpbmsStatus"] .= "Data Verification Error"; } //end if return $therecord; } //endif break; } //end command switch } // end if - command present }
function showCustomFields($db, $queryresult) { if (!$queryresult) { return false; } if ($db->numRows($queryresult)) { ?> <fieldset id="customFields"> <legend>Additional Information</legend> <?php while ($fieldInfo = $db->fetchArray($queryresult)) { ?> <p><?php $this->showField($fieldInfo["field"]); ?> <?php //if the field has a gnerator javascript, let's add the button if ($fieldInfo["generator"] && hasRights($fieldInfo["roleid"]) && $fieldInfo["format"] != "list") { ?> <button class="Buttons" type="button" id="<?php echo $fieldInfo["field"]; ?> Button">generate</button><?php } //endif ?> </p><?php } //endwhile ?> </fieldset> <?php } //endif return true; }
include "include/fields.php"; include "include/files.php"; if (!isset($_GET["backurl"])) { $thetable = new files($db, "tbld:80b4f38d-b957-bced-c0a0-ed08a0db6475"); $pageTitle = "File"; } else { include "include/attachments.php"; $backurl = $_GET["backurl"]; if (isset($_GET["refid"])) { $backurl .= "?refid=" . $_GET["refid"]; } $thetable = new attachments($db, "tbld:80b4f38d-b957-bced-c0a0-ed08a0db6475", $backurl); $pageTitle = "File Attachment"; } $therecord = $thetable->processAddEditPage(); if (!hasRights($therecord["roleid"])) { goURL("../../noaccess.php"); } if (isset($therecord["phpbmsStatus"])) { $statusmessage = $therecord["phpbmsStatus"]; } function getAttachments($db, $uuid) { $querystatement = "\n\t\t\tSELECT\n\t\t\t\t`tabledefs`.`displayname`,\n\t\t\t\t`attachments`.`recordid`,\n\t\t\t\t`attachments`.`creationdate`,\n\t\t\t\t`tabledefs`.`editfile`\n\t\t\tFROM\n\t\t\t\t`attachments`INNER JOIN `tabledefs` ON `attachments`.`tabledefid`=`tabledefs`.`uuid`\n\t\t\tWHERE `attachments`.`fileid`='" . $uuid . "'\n\t\t\t"; $queryresult = $db->query($querystatement); return $queryresult; } $phpbms->cssIncludes[] = "pages/files.css"; $phpbms->jsIncludes[] = "modules/base/javascript/file.js"; //Form Elements //==============================================================
/** * function generate * * Generates the SQL Insert statements for each record */ function generate() { $querystatement = "\n SELECT\n *\n FROM\n " . $this->maintable; $querystatement = $this->assembleSQL($querystatement); $queryresult = $this->db->query($querystatement); $num_fields = $this->db->numFields($queryresult); $statementstart = "INSERT INTO `" . $this->maintable . "` ("; for ($i = 0; $i < $num_fields; $i++) { $statementstart .= "`" . $this->db->fieldName($queryresult, $i) . "`, "; } $statementstart = substr($statementstart, 0, strlen($statementstart) - 2) . ") VALUES ("; while ($therecord = $this->db->fetchArray($queryresult)) { $insertstatement = $statementstart; foreach ($therecord as $name => $field) { if ($field === NULL) { $addfield = "NULL, "; } else { $addfield = "'" . mysql_real_escape_string($field) . "', "; } //this is in temp for intallation exporting if (hasRights("Admin")) { switch ($name) { case "createdby": case "modifiedby": $addfield = "1, "; break; case "creationdate": case "modifieddate": $addfield = "NOW(), "; break; } //end switch } //endif $insertstatement .= $addfield; } //endforeach $insertstatement = substr($insertstatement, 0, strlen($insertstatement) - 2) . ");\n"; $this->reportOutput .= $insertstatement; } //endwhile }