function checkSecurity()
{
$querystatement = "\n SELECT\n roleid\n FROM\n tableoptions\n WHERE\n name= 'massemail'\n AND tabledefid = 'tbld:6d290174-8b73-e199-fe6c-bcf3d4b61083'\n ";
$queryresult = $this->db->query($querystatement);
$therecord = $this->db->fetchArray($queryresult);
if (hasRights($therecord["roleid"])) {
return true;
} else {
return false;
}
}
/**
* function checkRight
*
* Checks report record and current user to make sure they have rights to run this report
*/
function checkRights()
{
$querystatement = "\n SELECT\n `roleid`\n FROM\n `reports`\n WHERE\n `uuid` = '" . $this->reportUUID . "'\n ";
$queryresult = $this->db->query($querystatement);
if ($this->db->numRows($queryresult)) {
$therecord = $this->db->fetchArray($queryresult);
if (!hasRights($therecord["roleid"])) {
goURL(APP_PATH . "noaccess.php");
}
} else {
$error = new appError(500, "Bad report uuid");
}
}
<nav id="site-nav">
<ul class="nav nav-pills">
<li role="presentation"><a href="index.php">Home</a></li>
<?php
if (hasRights(100)) {
?>
<li role="presentation"><a href="admin.php">Admin</a></li>
<li role="presentation"><a href="logout.php">Log out</a></li>
<?php
} else {
?>
<li role="presentation"><a href="login.php">Login</a></li>
<?php
}
?>
</ul>
</nav>
function processImportPage()
{
$this->table->getTableInfo();
if (isset($_POST["pageType"])) {
$this->pageType = $_POST["pageType"];
}
if (isset($_POST["tempFileID"])) {
$this->tempFileID = (int) $_POST["tempFileID"];
}
if (!isset($_POST["command"])) {
//happens upon first coming to page
//remove any other temporary csv files in the `files` table
//present from previous imports
$this->_removeTempCSV();
//check to see if user has the rights to be here.
//If not, kick him to the no access page.
if (!hasRights($this->table->importroleid)) {
goURL(APP_PATH . "noaccess.php");
}
} else {
//form has been submitted
switch ($_POST["command"]) {
//cancel button pressed.
case "cancel":
//Cancel button needs to do different things depending upon which page
//its at.
if ($this->pageType == "main") {
goURL($this->table->backurl);
} else {
$this->_removeTempCSV($this->tempFileID);
$therecord["phpbmsStatus"] = "Record(s) Not Imported";
$this->pageType = "main";
}
//end if
break;
case "upload":
//check for valid file upload
if (!$_FILES["import"]["error"] && $_FILES["import"]["size"] > 0) {
//check and parse the file
if ($this->_parseFromData($_FILES["import"]["tmp_name"])) {
//start transaction
$this->table->db->startTransaction();
$this->importRecords($this->parser->data, $this->parser->titles);
//get data for preview purposes
$this->_getTransactionData();
//"undo" any inserts
$this->table->db->rollbackTransaction();
//DO NOT CALL IN TRANSACTION
//ALTER TABLES AUTO COMMIT AND THE FILE NEEDS TO CARRY
//OVER.
$this->_revertAutoIncrement($this->revertID);
$this->_storeTempCSV($_FILES["import"]["tmp_name"]);
}
//end if
} else {
$this->docError .= "failed file upload";
}
//switch page types
$this->pageType = "confirm";
if (!$this->error && !$this->docError) {
$therecord["phpbmsStatus"] = "Confirm Import";
} elseif ($this->docError) {
$therecord["phpbmsStatus"] = "Import Error: " . $this->docError;
$this->pageType = "main";
} else {
$therecord["phpbmsStatus"] = "Import Error";
}
break;
case "import":
//get the contents of the stored csv document
$CSVcontents = $this->_getTempCSV($this->tempFileID);
//parser uses newline character to be able to parse the last line
if (substr($CSVcontents, -1, 1) != "\n") {
$CSVcontents .= "\n";
}
$this->parser->parse($CSVcontents);
$this->importRecords($this->parser->data, $this->parser->titles);
$this->table->db->commitTransaction();
//DO NOT CALL IN TRANSACTION
//get rid of temporary csv document
$this->_removeTempCSV($this->tempFileID);
$therecord["phpbmsStatus"] = "Record(s) Imported";
//change page type
$this->pageType = "main";
break;
}
//end command switch
}
// end if
//display the title
$therecord["title"] = $this->table->displayname . " Import";
return $therecord;
}
<?php
session_start();
echo "Username: "******"<br>";
echo "Password: "******"<br>";
echo "Gebruiker ingelogd: " . returnIngelogd($_COOKIE['gebruikerIngelogd']) . "<br>";
echo "Administrator: " . checkAdministrator($_SESSION['admin']) . "<br>";
echo "<h4>" . hasRights($_COOKIE['gebruikerIngelogd'], $_SESSION['admin']) . "</h4>";
function checkUsername($gebruikerIngelogd, $username)
{
if (returnIngelogd($gebruikerIngelogd) == "Ja") {
return $username;
} else {
return "gast";
}
}
function checkPassword($gebruikerIngelogd, $password)
{
if (returnIngelogd($gebruikerIngelogd) == "Ja") {
return $password;
} else {
return "geen wachtwoord";
}
}
function returnIngelogd($gebruikerIngelogd)
{
if ($gebruikerIngelogd != "") {
return "Ja";
} else {
return "Nee";
}
function prepareVariables($variables)
{
switch ($variables["id"]) {
case "":
case NULL:
case 0:
if (!hasRights("role:de7e6679-8bb2-29ee-4883-2fcd756fb120")) {
unset($this->fields["partnumber"]);
unset($this->fields["partname"]);
unset($this->fields["upc"]);
unset($this->fields["description"]);
unset($this->fields["inactive"]);
unset($this->fields["taxable"]);
unset($this->fields["unitprice"]);
unset($this->fields["unitcost"]);
unset($this->fields["unitofmeasure"]);
unset($this->fields["type"]);
unset($this->fields["categoryid"]);
unset($this->fields["webenabled"]);
unset($this->fields["keywords"]);
unset($this->fields["webdescription"]);
} else {
//user has rights. Let's format everything.
$variables = $this->_commonPrepareVariables($variables);
}
//end if
if ($variables["packagesperitem"]) {
$variables["packagesperitem"] = 1 / $variables["packagesperitem"];
}
break;
default:
$variables = $this->_commonPrepareVariables($variables);
if (isset($variables["packagesperitem"])) {
if ($variables["packagesperitem"]) {
$variables["packagesperitem"] = 1 / $variables["packagesperitem"];
}
}
break;
}
//end switch
return $variables;
}
function updateRecord($variables, $modifiedby = NULL, $useUuid = false)
{
//can't modify an invoice
if (isset($variables["oldType"])) {
if ($variables["oldType"] == "Invoice") {
return false;
}
}
//can't modify payment information if you do not have sales rights
if (!hasRights("role:de7e6679-8bb2-29ee-4883-2fcd756fb120")) {
unset($this->fields["paymentmethodid"]);
unset($this->fields["checkno"]);
unset($this->fields["bankname"]);
unset($this->fields["ccnumber"]);
unset($this->fields["ccexpiration"]);
unset($this->fields["accountnumber"]);
unset($this->fields["routingnumber"]);
unset($this->fields["transactionid"]);
} else {
if (ENCRYPT_PAYMENT_FIELDS && (isset($variables["ccnumber"]) || isset($variables["ccexpiration"]) || isset($variables["ccverification"]) || isset($variables["accountnumber"]) || isset($variables["routingnumber"]))) {
if ($useUuid) {
$whereclause = "`uuid` = '" . mysql_real_escape_string($variables["uuid"]) . "'";
} else {
$whereclause = "`id` = '" . (int) $variables["id"] . "'";
}
$querystatement = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\t`invoices`\n\t\t\t\t\tSET ";
$fieldlist = "";
if (isset($variables["ccnumber"])) {
$variables["ccnumber"] = mysql_real_escape_string($variables["ccnumber"]);
$fieldlist .= ", `ccnumber` = " . $this->db->encrypt("'" . $variables["ccnumber"] . "'");
}
//end if
if (isset($variables["ccexpiration"])) {
$variables["ccexpiration"] = mysql_real_escape_string($variables["ccexpiration"]);
$fieldlist .= ", `ccexpiration` = " . $this->db->encrypt("'" . $variables["ccexpiration"] . "'");
}
//end if
if (isset($variables["ccverification"])) {
$variables["ccverification"] = mysql_real_escape_string($variables["ccverification"]);
$fieldlist .= ", `ccverification` = " . $this->db->encrypt("'" . $variables["ccverification"] . "'");
}
//end if
if (isset($variables["accountnumber"])) {
$variables["accountnumber"] = mysql_real_escape_string($variables["accountnumber"]);
$fieldlist .= ", `accountnumber` = " . $this->db->encrypt("'" . $variables["accountnumber"] . "'");
}
//end if
if (isset($variables["routingnumber"])) {
$variables["routingnumber"] = mysql_real_escape_string($variables["routingnumber"]);
$fieldlist .= ", `routingnumber` = " . $this->db->encrypt("'" . $variables["routingnumber"] . "'");
}
//end if
$fieldlist = substr($fieldlist, 1);
$querystatement .= $fieldlist . " WHERE `type` != 'Invoice' AND `type` != 'VOID' AND " . $whereclause;
$this->db->query($querystatement);
}
//end if
}
//end if
if (parent::updateRecord($variables, $modifiedby, $useUuid)) {
if (!isset($variables["id"])) {
$variables["id"] = getId($this->db, $this->uuid, $variables["uuid"]);
}
if ($variables["lineitemschanged"] == 1) {
if ($this->lineitems === NULL) {
$this->lineitems = new lineitems($this->db, $variables["id"]);
} else {
$this->lineitems->invoiceid = $variables["id"];
}
$this->lineitems->set($variables["thelineitems"], $modifiedby);
}
//endif
if ($variables["statuschanged"] == 1) {
$this->updateStatus($variables["id"], $variables["statusid"], $variables["statusdate"], $variables["assignedtoid"]);
}
// Check to see if we need to update/create the client addresses from the
// billing address
if (!isset($variables["billingsaveoptions"])) {
$variables["billingsaveoptions"] = NULL;
}
if (!isset($variables["shiptosaveoptions"])) {
$variables["shiptosaveoptions"] = NULL;
}
if ($variables["billingsaveoptions"] != "orderOnly" || $variables["shiptosaveoptions"] != "orderOnly") {
require_once "addresses.php";
require_once "addresstorecord.php";
$this->addressUpdate($variables, $variables["id"], $modifiedby, "billing");
$this->addressUpdate($variables, $variables["id"], $modifiedby, "shipping");
}
//end if
}
//end if
if ($variables["clienttype"] == "prospect" && $variables["type"] == "Order") {
$this->prospectToClient($variables["clientid"]);
}
//reset field after updating (if unset by rights management)
$this->getTableInfo();
}
function display()
{
?>
<div id="menu">
<h1><a href="<?php
echo APP_PATH . DEFAULT_LOAD_PAGE;
?>
" title="<?php
echo htmlQuotes(APPLICATION_NAME);
?>
" name="toptop"><span><?php
echo APPLICATION_NAME;
?>
</span></a></h1>
<div id="menuRighthand"><?php
echo htmlQuotes(trim($_SESSION["userinfo"]["firstname"] . " " . $_SESSION["userinfo"]["lastname"]));
?>
</div>
<ul id="menuBar">
<?php
$submenustring = "";
while ($menurecord = $this->db->fetchArray($this->menuresult)) {
if (hasRights($menurecord["roleid"])) {
if ($menurecord["link"]) {
if (strpos($menurecord["link"], "http") !== 0 && strpos($menurecord["link"], "javascript") !== 0) {
$menurecord["link"] = APP_PATH . $menurecord["link"];
}
?>
<li class="firstLevel"><a href="<?php
echo $menurecord["link"];
?>
"><?php
echo $menurecord["name"];
?>
</a></li><?php
} else {
?>
<li class="firstLevel"><a href="#toptop" class="topMenus" id="menu<?php
echo $menurecord["id"];
?>
"><?php
echo $menurecord["name"];
?>
</a></li><li class="submenusli"><ul class="submenuitems" id="submenu<?php
echo $menurecord["id"];
?>
"><?php
$subitemsquery = $this->getSubItems($menurecord["uuid"]);
if ($subitemsquery) {
$sep = false;
while ($subrecord = $this->db->fetchArray($subitemsquery)) {
if ($subrecord["name"] == "----") {
$sep = true;
} else {
if (hasRights($subrecord["roleid"])) {
if (strpos($subrecord["link"], "http") !== 0 && strpos($subrecord["link"], "javascript") !== 0) {
$subrecord["link"] = APP_PATH . $subrecord["link"];
}
if (strpos($subrecord["link"], "javascript") === 0) {
$subrecord["link"] = "#\" onclick=\"" . str_replace("javascript:", "", $subrecord["link"]);
}
?>
<li <?php
if ($sep) {
echo " class=\"menuSep\" ";
}
?>
><a href="<?php
echo $subrecord["link"];
?>
"> <?php
echo $subrecord["name"];
?>
</a></li><?php
$sep = false;
}
//end if
}
//end if
}
//end while
}
//end if
?>
</ul></li><?php
}
//end if
}
//end if
}
//end while
?>
</ul></div><?php
}
$tempwhere = substr($tempwhere, 3);
$displayTable->querywhereclause = $tempwhere;
break;
case "advanced search":
if (!hasRights($displayTable->thetabledef["advsearchroleid"])) {
goURL(APP_PATH . "noaccess.php");
}
$displayTable->recordoffset = 0;
$displayTable->querywhereclause = stripslashes($_POST["advancedsearch"]);
$displayTable->querytype = "advanced search";
break;
case "run search":
/**
* Run a loaded search
*/
if (!hasRights($displayTable->thetabledef["advsearchroleid"])) {
/**
* Need to load search from id, because the
* person does not have rights to override loaded
* searches
*/
$querystatement = "\n SELECT\n sqlclause\n FROM\n usersearches\n WHERE id=" . (int) $_POST["LSList"];
$queryresult = $db->query($querystatement);
$therecord = $db->fetchArray($queryresult);
$_POST["LSSQL"] = $therecord["sqlclause"];
}
//endif
$displayTable->recordoffset = 0;
$displayTable->querywhereclause = stripslashes($_POST["LSSQL"]);
$displayTable->querytype = "advanced search";
break;
/**
* displays the load box for saved searches
*
* @param integer $tabledefid id of tabledef
* @param string $userid uuid of user
* @param string $securitywhere additional security based where clause to pass
*/
function showLoad($tabledefid, $userid, $securitywhere)
{
$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
$querystatement = "\n SELECT\n id,\n name,\n userid\n FROM\n usersearches\n WHERE\n tabledefid = '" . $uuid . "'\n AND type='SCH'\n AND (\n (userid = '' " . $securitywhere . ")\n OR userid = '" . $userid . "')\n ORDER BY\n userid,\n name";
$queryresult = $this->db->query($querystatement);
if (!$queryresult) {
$error = new appError(500, "Cannot retrieve saved search information");
}
$querystatement = "\n SELECT\n advsearchroleid\n FROM\n tabledefs\n WHERE id= '" . $tabledefid . "'";
$tabledefresult = $this->db->query($querystatement);
if (!$tabledefresult) {
$error = new appError(500, "Cannot retrieve table definition information.");
}
$tableinfo = $this->db->fetchArray($tabledefresult);
?>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top">
<p>
<label for="LSList">saved searches</label><br />
<?php
$this->showSavedSearchList($queryresult);
?>
</p>
</td>
<td valign="top" width="100%">
<p>
<label for="LSSelectedSearch">name</label><br />
<input type="text" id="LSSelectedSearch" size="10" readonly="readonly" class="uneditable" />
</p>
<p>
<textarea id="LSSQL" name="LSSQL" rows="8" cols="10" <?php
if (!hasRights($tableinfo["advsearchroleid"])) {
echo ' readonly="readonly"';
}
?>
></textarea>
</p>
</td>
<td valign="top">
<p><br/><input id="LSLoad" type="submit" name="command" class="Buttons" disabled="disabled" value="run search"/></p>
<p><input id="LSDelete" type="button" onclick="LSDeleteSearch('<?php
echo APP_PATH;
?>
')" class="Buttons" disabled="disabled" value="delete"/></p>
<div id="LSResults"> </div>
</td>
</tr>
</table>
<?php
}
<?php
require_once 'includes/db-connect.php';
require_once 'includes/functions.php';
if (!hasRights(100)) {
header('Location: index.php');
exit;
}
if (isset($_POST['title'])) {
extract($_POST);
if (!empty($title) && !empty($teaser) && !empty($content)) {
if (!isset($_GET['edit'])) {
$statement = $conn->prepare("INSERT INTO articles(title, teaser, content, postedOn, teaserIMG) VALUES(:title, :teaser, :content, :postedOn, :teaserIMG\n )");
$statement->execute(array(':title' => $title, ':teaser' => $teaser, ':content' => $content, ':postedOn' => time(), ':teaserIMG' => ''));
$id = $conn->lastInsertId();
$feedback = getFeedback("Your article has been posted. See it <a href='article.php?id={$id}'>here</a>.", 'success');
} else {
$statement = $conn->prepare("UPDATE articles SET\n title = :title,\n teaser = :teaser,\n content = :content\n WHERE id = :id");
$statement->execute(array(':title' => $title, ':teaser' => $teaser, ':content' => $content, ':id' => $_GET['edit']));
$feedback = getFeedback("Your article has been updated. See it <a href='article.php?id={$_GET['edit']}'>here</a>.", 'success');
}
} else {
$feedback = getFeedback('Please add a title, teaser and image to your blog post.', 'warning');
}
}
if (isset($_GET['deleteId'])) {
$statement = $conn->prepare("DELETE FROM articles WHERE id = :id");
$statement->execute(array(':id' => $_GET['deleteId']));
$feedback = getFeedback('Your Post has been deleted.', 'success');
}
if (isset($_GET['edit'])) {
$statement = $conn->prepare("SELECT * FROM articles WHERE id = :id");
function displayQueryButtons()
{
global $phpbms;
?>
<div id="resultInfoDiv"><?php
if (!isset($this->tableoptions["new"])) {
$this->tableoptions["new"]["allowed"] = 0;
$this->tableoptions["new"]["roleid"] = 0;
$this->tableoptions["new"]["needselect"] = 0;
}
if (!isset($this->tableoptions["select"])) {
$this->tableoptions["select"]["allowed"] = 0;
$this->tableoptions["select"]["roleid"] = 0;
$this->tableoptions["select"]["needselect"] = 0;
}
if (!isset($this->tableoptions["edit"])) {
$this->tableoptions["edit"]["allowed"] = 0;
$this->tableoptions["edit"]["roleid"] = 0;
$this->tableoptions["edit"]["needselect"] = 0;
}
if (!isset($this->tableoptions["printex"])) {
$this->tableoptions["printex"]["allowed"] = 0;
$this->tableoptions["printex"]["roleid"] = 0;
$this->tableoptions["printex"]["needselect"] = 0;
}
if (!isset($this->tableoptions["import"])) {
$this->tableoptions["import"]["allowed"] = 0;
$this->tableoptions["import"]["roleid"] = 0;
$this->tableoptions["import"]["needselect"] = 0;
}
if (!isset($this->tableoptions["othercommands"])) {
$this->tableoptions["othercommands"] = false;
}
// If they have rights to see the SQL statement, spit it out here.
if (hasRights($this->thetabledef["viewsqlroleid"])) {
?>
<div id="sqlstatement">
<fieldset>
<legend>SQL Statement</legend>
<div id="theSqlText" class="mono small"><?php
echo stripslashes(htmlQuotes($this->querystatement));
?>
</div>
</fieldset><?php
if ($this->sqlerror) {
?>
<fieldset>
<legend><span style="text-transform:capitalize">SQL</span> Error</legend>
<div><?php
echo $this->sqlerror;
?>
</div>
</fieldset><?php
}
?>
</div>
<?php
}
?>
<div id="commandSet"><?php
if ($this->numrows) {
?>
<div id="numCount" align="right" class="small"><input type="hidden" id="deleteCommand" name="deleteCommand" value="" /><?php
if ($this->truecount <= RECORD_LIMIT) {
echo "<div>records: " . $this->numrows . "</div>";
} else {
?>
<input name="offset" type="hidden" value="" /><select name="offsetselector" onchange="this.form.offset.value=this.value;this.form.submit();">
<?php
$displayedoffset = 0;
while ($displayedoffset < $this->truecount) {
?>
<option value="<?php
echo $displayedoffset;
?>
" <?php
if ($displayedoffset == $this->recordoffset) {
echo "selected=\"selected\"";
}
?>
><?php
echo $displayedoffset + 1;
?>
-<?php
if ($displayedoffset + RECORD_LIMIT < $this->truecount) {
echo $displayedoffset + RECORD_LIMIT;
} else {
echo $this->truecount;
}
?>
</option><?php
$displayedoffset += RECORD_LIMIT;
}
?>
</select> of <?php
echo $this->truecount;
if ($this->recordoffset > 0) {
?>
<button type="button" class="graphicButtons buttonRew" onclick="document.search.offset.value=<?php
echo $this->recordoffset - RECORD_LIMIT;
?>
;document.search.submit();"><span>prev.</span></button><?php
}
if ($this->numrows + $this->recordoffset < $this->truecount) {
?>
<button type="button" class="graphicButtons buttonFF" onclick="document.search.offset.value=<?php
echo $this->recordoffset + RECORD_LIMIT;
?>
;document.search.submit();"><span>next</span></button><?php
}
}
//end if
?>
</div><?php
}
//end if
?>
<ul id="recordCommands">
<?php
$showFirst = ' id="firstToolbarItem" ';
if ($this->tableoptions["new"]["allowed"] && hasRights($this->tableoptions["new"]["roleid"])) {
?>
<li <?php
echo $showFirst;
?>
>
<a href="#" id="newRecord" class="newRecord" accesskey="n" title="new record (alt + n)" onclick="addRecord();return false;"><span>new</span></a>
</li><?php
$showFirst = NULL;
}
if ($this->numrows) {
if ($this->tableoptions["edit"]["allowed"] && hasRights($this->tableoptions["edit"]["roleid"])) {
?>
<li <?php
echo $showFirst;
?>
>
<a href="#" id="editRecord" class="editRecordDisabled" accesskey="e" onclick="return editButton();" title="edit record (alt + e)"><span>edit</span></a>
</li>
<?php
$showFirst = NULL;
}
//end if
if ($this->thetabledef["deletebutton"] == "delete") {
?>
<li <?php
echo $showFirst;
?>
>
<a href="#" id="deleteRecord" class="deleteRecordDisabled" accesskey="d" onclick="confirmDelete('delete');return false" title="delete record (alt + d)"><span>delete</span></a>
</li>
<?php
$showFirst = NULL;
}
//end if
if ($this->tableoptions["printex"]["allowed"] && hasRights($this->tableoptions["printex"]["roleid"])) {
?>
<li <?php
echo $showFirst;
?>
>
<a href="#" id="print" class="print" accesskey="p" onclick="doPrint();return false" title="print report (alt + p)"><span>print</span></a>
<input type="hidden" id="doprint" name="doprint" value="no" />
</li>
<?php
$showFirst = NULL;
}
//end if
}
//end if --numrows--
if ($this->tableoptions["othercommands"] || $this->tableoptions["import"]["allowed"] && hasRights($this->tableoptions["import"]["roleid"]) || $this->thetabledef["deletebutton"] != "delete" && $this->thetabledef["deletebutton"] != "NA") {
?>
<li <?php
echo $showFirst;
?>
>
<a href="#" id="otherCommandButton" class="otherCommands" onclick="showDropDown('otherDropDown');return false" title="other commands"><span>other commands</span></a>
<div id="otherDropDown" class="toolbarDropDowns" style="display:none">
<ul>
<?php
if ($this->thetabledef["deletebutton"] != "delete" && $this->thetabledef["deletebutton"] != "NA") {
?>
<li><a class="needselectDisabled" href="#" title="(alt + d)" onclick="chooseOtherCommand('-1','<?php
echo $this->thetabledef["deletebutton"];
?>
',this); return false;"><strong><?php
echo $this->thetabledef["deletebutton"];
?>
</strong></a></li>
<?php
$displayOrder = -1;
} else {
$displayOrder = 0;
}
if ($this->tableoptions["import"]["allowed"] && hasRights($this->tableoptions["import"]["roleid"])) {
$class = '';
if ($this->tableoptions["import"]["needselect"]) {
$class = 'class="needselectDisabled"';
}
?>
<li><a <?php
echo $class;
?>
href="#" title="" onclick="chooseOtherCommand('-2','', this); return false;">import</a></li>
<?php
$displayOrder = -1;
} else {
$displayOrder = $displayOrder != -1 ? 0 : -1;
}
if ($this->tableoptions["othercommands"]) {
foreach ($this->tableoptions["othercommands"] as $command) {
if (hasRights($command["roleid"])) {
$aclass = "";
$liclass = "";
if ($command["displayorder"] != $displayOrder) {
$liclass = ' class="menuSep"';
$displayOrder = $command["displayorder"];
}
if ($command["needselect"]) {
$aclass = ' class="needselectDisabled"';
}
?>
<li<?php
echo $liclass;
?>
><a<?php
echo $aclass;
?>
href="#" onclick="chooseOtherCommand('<?php
echo $command["id"];
?>
','',this); return false;"><?php
echo $command["name"];
?>
</a></li>
<?php
}
//end if
}
//endforeach
}
//end if
?>
</ul>
</div><input id="othercommands" name="othercommands" type="hidden"/>
</li>
<?php
$showFirst = NULL;
}
//end if
if ($this->numrows) {
if ($this->tableoptions["select"]["allowed"] && hasRights($this->tableoptions["select"]["roleid"])) {
?>
<li <?php
echo $showFirst;
?>
>
<a href="#" id="searchSelection" class="searchSelection" onclick="showDropDown('searchSelectionDropDown');return false" title="selection"><span>selection</span></a>
<div id="searchSelectionDropDown" class="toolbarDropDowns" style="display:none">
<ul>
<li><a href="#" onclick="performToSelection('selectall');return false;" accesskey="a" title="select all (alt + a)">select all</a></li>
<li><a href="#" onclick="performToSelection('selectnone');return false;" accesskey="x" title="select none (alt + x)">select none</a></li>
<li class="menuSep"><a href="#" onclick="performToSelection('keepselected');return false;" accesskey="k" title="keep selected (alt + k)">show only selected records</a></li>
<li><a href="#" onclick="performToSelection('omitselected');return false;" accesskey="o" title="omit selected (alt + o)">remove selected records from view</a></li>
</ul>
</div>
</li>
<?php
$showFirst = NULL;
}
//end if
}
//end if numrows
if (hasRights($this->thetabledef["viewsqlroleid"])) {
?>
<li>
<a href="#" id="showSQLButton" class="sqlUp" onclick="return false;" title="Show SQL Statement"><span>show SQL</span></a>
</li>
<?php
}
//end rights
?>
</ul>
</div></div>
<?php
$phpbms->bottomJS[] = ' var addFile = "' . APP_PATH . $this->thetabledef["addfile"] . '"';
$phpbms->bottomJS[] = ' var editFile = "' . APP_PATH . $this->thetabledef["editfile"] . '"';
//for the import page, "" == the general page instead.
$import = $this->thetabledef["importfile"] ? $this->thetabledef["importfile"] : "modules/base/general_import.php?id=" . urlencode($this->thetabledef["uuid"]);
$phpbms->bottomJS[] = ' var importFile = "' . APP_PATH . $import . '"';
}
<p>
<label for="trackingno">tracking number</label><br />
<input id="trackingno" name="trackingno" type="text" value="<?php
echo htmlQuotes($therecord["trackingno"]);
?>
" size="40" maxlength="64" />
</p>
</fieldset>
</div>
<div id="vContent4" class="vContent">
<fieldset>
<legend>Payment</legend>
<?php
if (hasRights("role:de7e6679-8bb2-29ee-4883-2fcd756fb120")) {
?>
<p>
<label for="paymentmethodid">payment method</label><br />
<?php
$thetable->showPaymentSelect($therecord["paymentmethodid"], $paymentMethods);
$paymentButtonDisable = "";
if ($therecord["paymentmethodid"] == 0) {
$paymentButtonDisable = "Disabled";
} else {
if ($paymentMethods[$therecord["paymentmethodid"]]["onlineprocess"] == 0) {
$paymentButtonDisable = "Disabled";
}
}
?>
<button id="paymentProcessButton" type="button" class="graphicButtons buttonMoney<?php
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A |
| PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
+-------------------------------------------------------------------------+
*/
include "../../include/session.php";
include "include/fields.php";
if (!hasRights("role:259ead9f-100b-55b5-508a-27e33a6216bf")) {
goURL(APP_PATH . "noaccess.php");
}
if (!isset($_POST["fromdate"])) {
$_POST["fromdate"] = dateToString(strtotime("-1 year"));
}
if (!isset($_POST["todate"])) {
$_POST["todate"] = dateToString(mktime());
}
if (!isset($_POST["status"])) {
$_POST["status"] = "Orders and Invoices";
}
if (!isset($_POST["command"])) {
$_POST["command"] = "show";
}
if (!isset($_POST["date_order"])) {
/**
* Generates and displays tabs based on a tab group name
*
* @param string $groupname The name of the tab grup to display
* @param string $currenttabid The UUID of the currentl selected tab
* @param string $recordid id of the current record
*/
function showTabs($tabgroup, $currenttabid, $recordid = 0)
{
$querystatement = "\n SELECT\n `uuid`,\n `name`,\n `location`,\n `enableonnew`,\n `notificationsql`,\n `tooltip`,\n `roleid`\n FROM\n `tabs`\n WHERE\n `tabgroup` ='" . $tabgroup . "'\n ORDER BY\n `displayorder`";
$queryresult = $this->db->query($querystatement);
?>
<ul class="tabs"><?php
while ($therecord = $this->db->fetchArray($queryresult)) {
if (hasRights($therecord["roleid"])) {
?>
<li <?php
if ($therecord["uuid"] == $currenttabid) {
echo "class=\"tabsSel\"";
}
?>
><?php
if ($therecord["uuid"] == $currenttabid || $recordid == 0 && $therecord["enableonnew"] == 0) {
$opener = "<div>";
$closer = "</div>";
} else {
$opener = "<a href=\"" . APP_PATH . $therecord["location"] . "?id=" . urlencode($recordid) . "\">";
$closer = "</a>";
}
//endif
if ($therecord["notificationsql"] != "") {
$therecord["notificationsql"] = str_replace("{{id}}", (int) $recordid, $therecord["notificationsql"]);
$notificationresult = $this->db->query($therecord["notificationsql"]);
if ($this->db->numRows($notificationresult) != 0) {
$notificationrecord = $this->db->fetchArray($notificationresult);
if (isset($notificationrecord["theresult"])) {
if ($notificationrecord["theresult"] > 0) {
$opener .= "<span>";
$closer = "</span>" . $closer;
}
}
//endif
}
//endif
}
//endif
echo $opener . $therecord["name"] . $closer;
?>
</li><?php
}
//endif hasRights
}
//end whilt
?>
</ul><?php
}
| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
+-------------------------------------------------------------------------+
*/
require_once "../../include/session.php";
require_once "include/fields.php";
foreach ($phpbms->modules as $module => $moduleinfo) {
if ($module != "base" && file_exists("../" . $module . "/adminsettings.php")) {
include "modules/" . $module . "/adminsettings.php";
}
}
require_once "modules/base/include/adminsettings_include.php";
$settings = new settings($db);
if (!hasRights("Admin")) {
goURL(APP_PATH . "noaccess.php");
}
if (isset($_POST["command"])) {
$statusmessage = $settings->processForm($_POST);
}
$therecord = $settings->getSettings();
$pageTitle = "Configuration";
$phpbms->cssIncludes[] = "pages/base/adminsettings.css";
$phpbms->jsIncludes[] = "modules/base/javascript/adminsettings.js";
foreach ($phpbms->modules as $module => $moduleinfo) {
if ($module != "base" && file_exists("../" . $module . "/javascript/adminsettings.js")) {
$phpbms->jsIncludes[] = "modules/" . $module . "/javascript/adminsettings.js";
}
}
//Form Elements
function processAddEditPage()
{
// no command parameter present?
if (!isset($_POST["command"])) {
// assuming just entered the page (no POST)
// presence of a GET id means editing an existing record
// (vs. creating a new)
if (isset($_GET["id"])) {
//editing... make sure they have access to edit
if (!hasRights($this->editroleid)) {
goURL(APP_PATH . "noaccess.php");
} else {
$this->getCustomFieldInfo();
return $this->getRecord((int) $_GET["id"]);
}
//endif
} else {
//creating new record
if (!hasRights($this->addroleid)) {
goURL(APP_PATH . "noaccess.php");
} else {
$this->getCustomFieldInfo();
return $this->getDefaults();
}
//endif
}
//end if GET-id
} else {
// command present
switch ($_POST["command"]) {
//pressed the cancel button
case "cancel":
// if we needed to do any clean up (deleteing temp line items)
if (!isset($_POST["id"])) {
$_POST["id"] = 0;
}
$theurl = $this->backurl;
if (isset($_POST["id"])) {
$theurl .= "#" . (int) $_POST["id"];
}
goURL($theurl);
break;
case "save":
if (!hasRights($this->editroleid)) {
goURL(APP_PATH . "noaccess.php");
}
$variables = $this->prepareVariables($_POST);
$errorArray = $this->verifyVariables($variables);
if ($_POST["id"]) {
$theid = $variables["id"];
if (!count($errorArray)) {
$this->updateRecord($variables);
if (isset($variables["getid"])) {
if (is_numeric($variables["getid"])) {
$theid = (int) $variables["getid"];
}
}
// special variable to override the
//id for get record
//get record
$this->getCustomFieldInfo();
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] = "Record Updated";
} else {
foreach ($errorArray as $error) {
$logError = new appError(-900, $error, "Verification Error");
}
//get record
$this->getCustomFieldInfo();
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] = "Data Verification Error";
}
//end if
return $therecord;
} else {
$theid = 0;
if (!count($errorArray)) {
$theid = $this->insertRecord($variables);
//get record
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] = "<div style=\"float:right;margin-top:-3px;\"><button type=\"button\" accesskey=\"n\" class=\"smallButtons\" onclick=\"document.location='" . str_replace("&", "&", $_SERVER["REQUEST_URI"]) . "'\">add new</button></div>";
$therecord["phpbmsStatus"] .= "Record Created";
} else {
foreach ($errorArray as $error) {
$logError = new appError(-900, $error, "Verification Error");
}
//get record
$therecord = $this->getRecord($theid);
$therecord["phpbmsStatus"] .= "Data Verification Error";
}
//end if
return $therecord;
}
//endif
break;
}
//end command switch
}
// end if - command present
}
function showCustomFields($db, $queryresult)
{
if (!$queryresult) {
return false;
}
if ($db->numRows($queryresult)) {
?>
<fieldset id="customFields">
<legend>Additional Information</legend>
<?php
while ($fieldInfo = $db->fetchArray($queryresult)) {
?>
<p><?php
$this->showField($fieldInfo["field"]);
?>
<?php
//if the field has a gnerator javascript, let's add the button
if ($fieldInfo["generator"] && hasRights($fieldInfo["roleid"]) && $fieldInfo["format"] != "list") {
?>
<button class="Buttons" type="button" id="<?php
echo $fieldInfo["field"];
?>
Button">generate</button><?php
}
//endif
?>
</p><?php
}
//endwhile
?>
</fieldset>
<?php
}
//endif
return true;
}
include "include/fields.php";
include "include/files.php";
if (!isset($_GET["backurl"])) {
$thetable = new files($db, "tbld:80b4f38d-b957-bced-c0a0-ed08a0db6475");
$pageTitle = "File";
} else {
include "include/attachments.php";
$backurl = $_GET["backurl"];
if (isset($_GET["refid"])) {
$backurl .= "?refid=" . $_GET["refid"];
}
$thetable = new attachments($db, "tbld:80b4f38d-b957-bced-c0a0-ed08a0db6475", $backurl);
$pageTitle = "File Attachment";
}
$therecord = $thetable->processAddEditPage();
if (!hasRights($therecord["roleid"])) {
goURL("../../noaccess.php");
}
if (isset($therecord["phpbmsStatus"])) {
$statusmessage = $therecord["phpbmsStatus"];
}
function getAttachments($db, $uuid)
{
$querystatement = "\n\t\t\tSELECT\n\t\t\t\t`tabledefs`.`displayname`,\n\t\t\t\t`attachments`.`recordid`,\n\t\t\t\t`attachments`.`creationdate`,\n\t\t\t\t`tabledefs`.`editfile`\n\t\t\tFROM\n\t\t\t\t`attachments`INNER JOIN `tabledefs` ON `attachments`.`tabledefid`=`tabledefs`.`uuid`\n\t\t\tWHERE `attachments`.`fileid`='" . $uuid . "'\n\t\t\t";
$queryresult = $db->query($querystatement);
return $queryresult;
}
$phpbms->cssIncludes[] = "pages/files.css";
$phpbms->jsIncludes[] = "modules/base/javascript/file.js";
//Form Elements
//==============================================================
/**
* function generate
*
* Generates the SQL Insert statements for each record
*/
function generate()
{
$querystatement = "\n SELECT\n *\n FROM\n " . $this->maintable;
$querystatement = $this->assembleSQL($querystatement);
$queryresult = $this->db->query($querystatement);
$num_fields = $this->db->numFields($queryresult);
$statementstart = "INSERT INTO `" . $this->maintable . "` (";
for ($i = 0; $i < $num_fields; $i++) {
$statementstart .= "`" . $this->db->fieldName($queryresult, $i) . "`, ";
}
$statementstart = substr($statementstart, 0, strlen($statementstart) - 2) . ") VALUES (";
while ($therecord = $this->db->fetchArray($queryresult)) {
$insertstatement = $statementstart;
foreach ($therecord as $name => $field) {
if ($field === NULL) {
$addfield = "NULL, ";
} else {
$addfield = "'" . mysql_real_escape_string($field) . "', ";
}
//this is in temp for intallation exporting
if (hasRights("Admin")) {
switch ($name) {
case "createdby":
case "modifiedby":
$addfield = "1, ";
break;
case "creationdate":
case "modifieddate":
$addfield = "NOW(), ";
break;
}
//end switch
}
//endif
$insertstatement .= $addfield;
}
//endforeach
$insertstatement = substr($insertstatement, 0, strlen($insertstatement) - 2) . ");\n";
$this->reportOutput .= $insertstatement;
}
//endwhile
}
