}
} elseif ($_POST["postback"] == "U") {
$var_title = trim($_POST["txtPerTitle"]);
$var_notes = trim($_POST["txtNotes"]);
$var_refno = trim($_POST["txtRefno"]);
$var_pdate = trim($_POST["txtDate"]);
$var_staff = trim($_POST["txtStaff"]);
$dup_flag = 0;
//check duplicate name department name
$sql = "SELECT nPNId FROM sptbl_personalnotes WHERE vPNTitle='" . mysql_real_escape_string($var_deptname) . "'";
$sql .= " and nPNId !={$var_id}";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
$dup_flag = 1;
}
if (validateUpdation() == true and $dup_flag == 0) {
$sql = "Update sptbl_personalnotes set \r\n\t\t\t\t\t vPNTitle='" . mysql_real_escape_string($var_title) . "',\r\n\t\t\t\t\t tPNDesc='" . mysql_real_escape_string($var_notes) . "',\r\n\t\t\t\t\t dDate =now() \r\n\t\t\t\t\t where nPNId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Personal Notes','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_UPDATED;
$flag_msg = "class='msg_success'";
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = "class='msg_success'";
}
}
function validateDeletion()
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Language','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_langCode = "";
$var_langDesc = "";
$var_id = "";
$var_message = MESSAGE_RECORD_DELETED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
} elseif ($_POST["postback"] == "U") {
$var_langCode = trim($_POST["txtLangCode"]);
$var_langDesc = trim($_POST["txtLangDesc"]);
if (validateUpdation($var_langCode, $var_langDesc) == true and $var_langCode != "en") {
$sql = "Update sptbl_lang set vLangDesc='" . mysql_real_escape_string($var_langDesc) . "' where vLangCode='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Language','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_UPDATED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
}
function validateAddition($var_langCode, $var_langDesc)
$errorcode = MESSAGE_UPLOAD_ERROR_6;
break;
default:
$file_name = $uploadstatus;
break;
}
$sql = "SELECT nDLId FROM sptbl_downloads WHERE vDescription ='" . mysql_real_escape_string($var_desc) . "'";
$sql .= "and nDLId !={$var_id}";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
if ($file_name != "") {
@unlink("../downloads/" . $file_name);
}
$dup_flag = 1;
}
if (validateUpdation() == true and $dup_flag == 0 and $errorcode == "") {
if ($file_name != "") {
$file_name = "downloads/" . $file_name;
$seturlfld = " ,vURL='" . mysql_real_escape_string($file_name) . "' ";
//unlink the old file
$sql = "SELECT vURL FROM sptbl_downloads WHERE nDLId ={$var_id}";
$rs_oldurl = executeSelect($sql, $conn);
$rowoldurl = mysql_fetch_array($rs_oldurl);
$oldurl = $rowoldurl['vURL'];
@unlink("../" . $oldurl);
$var_url = $file_name;
} else {
$seturlfld = " ";
}
$sql = "Update sptbl_downloads set vDescription ='" . mysql_real_escape_string($var_desc) . "',\n\t\t\t\t\t dPostdate =now()";
$sql .= $seturlfld;
$sql = "Delete from sptbl_reminders where nRemId='" . mysql_real_escape_string($var_id) . "' ";
executeQuery($sql, $conn);
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Reminders','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = "<font color=red>" . MESSAGE_RECORD_DELETED . "</font>";
$var_title = "";
$var_desc = "";
$var_alert = date("m-d-Y H:i", time());
$var_id = "";
} else {
$var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . "</font>";
}
} elseif ($_POST["postback"] == "U") {
if (validateUpdation() == true) {
$sql = "Update sptbl_reminders set\r\n vRemTitle='" . mysql_real_escape_string($var_title) . "',\r\n tRemDesc='" . mysql_real_escape_string($var_desc) . "',\r\n dRemAlert='{$var_time}' where nRemId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Reminders','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = "<font color=red>" . MESSAGE_RECORD_UPDATED . "</font>";
} else {
$var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . "</font>";
}
}
function validateAddition()
{
global $var_time;
if (trim($_POST["txtTitle"]) == "" || trim($_POST["txtDesc"]) == "") {
$charr = explode(",", $childlist);
array_push($charr, $var_id);
$charr = array_unique($charr);
array_push($charr, $var_parentid);
$cnt_arr1 = count($charr);
$charr = array_unique($charr);
$cnt_arr2 = count($charr);
}
if ($cnt_arr1 != $cnt_arr2) {
$dup_flag = 1;
} else {
if ($var_id == $var_parentid) {
$dup_flag = 1;
}
}
if (validateUpdation($var_id, $var_companyid, $var_parentid) == true and $dup_flag == 0) {
if (!isUniqueEmail($var_email, $var_id, "d")) {
$var_message = MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = 'class="msg_error"';
} else {
//fetch the old parent
$qry = "select * from sptbl_depts where nDeptId='" . $var_id . "'";
$rsgetdept = mysql_query($qry);
$deptrow = mysql_fetch_array($rsgetdept);
$oldparentid = $deptrow['nDeptParent'];
$sql = "Update sptbl_depts set nCompId='" . mysql_real_escape_string($var_companyid) . "',\n\t\t\t\t\t\t\t\tvDeptDesc='" . mysql_real_escape_string($var_deptname) . "',\n\t\t\t\t\t\t\t\tnDeptParent='" . mysql_real_escape_string($var_parentid) . "',\n\t\t\t\t\t\t\t\tvDeptCode='" . mysql_real_escape_string($var_deptcode) . "',\n\t\t\t\t\t\t\t\tvDeptMail='" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\t\t\tnResponseTime='" . mysql_real_escape_string($var_responsetime) . "' \n\t\t\t\t\t\t\t\twhere nDeptId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
$qry = "delete from sptbl_staffdept where nDeptId='" . $var_parentid . "'";
mysql_query($qry);
$updatePop3 = "Update sptbl_pop3settings set vDeptEMail='" . mysql_real_escape_string($var_email) . "', vUserName='******'\n\t\t\t\t\t\t\t\twhere nDeptId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($updatePop3, $conn);
case "IF":
$errorcode = MESSAGE_UPLOAD_ERROR_6;
break;
// case "FE":
// $errorcode=MESSAGE_UPLOAD_ERROR_5;
// break;
// case "FE":
// $errorcode=MESSAGE_UPLOAD_ERROR_5;
// break;
default:
$txticon_Url = $uploadstatus;
break;
}
}
// Upload icon ends
if (validateUpdation($var_prtyid) == true) {
if ($var_oldpriority == 0) {
$var_prtyvalue = 0;
}
$sql = "update sptbl_priorities set nPriorityValue='" . mysql_real_escape_string($var_prtyvalue) . "',";
$sql .= "vPriorityDesc='" . mysql_real_escape_string($var_prtydesc) . "',vTicketColor='" . mysql_real_escape_string($var_prtycolor) . "' ";
if ($txticon_Url != "") {
$sql .= " , vPrioritie_icon='" . mysql_real_escape_string($txticon_Url) . "' ";
$hidioniconename = $_POST['hidioniconename'];
if ($hidioniconename != "") {
$filepath = "" . $hidioniconename;
if (strpos($filepath, "noicon.j") === false) {
if (file_exists($filepath)) {
unlink($filepath);
}
}
$var_staffLogin = trim($_POST["txtStaffLogin"]);
$var_password = $_POST["txtPassword"];
$var_email = $_POST["txtEmail"];
$var_yim = $_POST["txtYim"];
$var_smsMail = $_POST["txtSmsMail"];
$var_mobile = $_POST["txtMobile"];
$var_cssId = $_POST["cmbCssId"];
$var_refreshRate = $_POST["cmbRefresh"];
settype($var_refreshRate, integer);
$var_notifyAssign = $_POST["rdNotifyAssign"] == "1" ? $_POST["rdNotifyAssign"] : "0";
$var_notifyPvtMsg = $_POST["rdNotifyPvtMsg"] == "1" ? $_POST["rdNotifyPvtMsg"] : "0";
$var_notifyKB = $_POST["rdNotifyKB"] == "1" ? $_POST["rdNotifyKB"] : "0";
$var_watcher = $_POST["rdWatcher"] == "1" ? $_POST["rdWatcher"] : "0";
$var_notifyArrival = $_POST["rdNotifyArrival"] == "1" ? $_POST["rdNotifyArrival"] : "0";
$var_signature = $_POST["txtSignature"];
$updationflag = validateUpdation();
if ($updationflag == 1) {
if (!isUniqueEmail($var_email, $var_id, "s")) {
$var_message = MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = 'class="msg_error"';
} else {
$sql = "Update sptbl_staffs set vStaffname='" . mysql_real_escape_string($var_staffName) . "',\n\t\t\t\t\t\t" . ($var_password != "" ? "vPassword='******'," : "") . "vMail='" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\tvYIM='" . mysql_real_escape_string($var_yim) . "',\n\t\t\t\t\t\tvSMSMail='" . mysql_real_escape_string($var_smsMail) . "',\n\t\t\t\t\t\tvMobileNo='" . mysql_real_escape_string($var_mobile) . "',\n\t\t\t\t\t\tnCSSId='" . mysql_real_escape_string($var_cssId) . "',\n\t\t\t\t\t\tnRefreshRate='" . mysql_real_escape_string($var_refreshRate) . "',\n\t\t\t\t\t\tnNotifyAssign='" . $var_notifyAssign . "',\n\t\t\t\t\t\tnNotifyPvtMsg='" . $var_notifyPvtMsg . "',\n\t\t\t\t\t\tnNotifyKB='" . $var_notifyKB . "',\n\t\t\t\t\t\tnWatcher='" . $var_watcher . "',\n\t\t\t\t\t\tnNotifyArrival='" . $var_notifyArrival . "',\n\t\t\t\t\t\ttSignature='" . mysql_real_escape_string($var_signature) . "' where nStaffId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Staff','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_UPDATED;
$flag_msg = 'class="msg_success"';
if ($var_password != "") {
$flag_msg = 'class="msg_error"';
}
} elseif ($_POST["postback"] == "U") {
$var_companyName = trim($_POST["txtCompanyName"]);
$var_address1 = trim($_POST["txtAddress1"]);
$var_address2 = trim($_POST["txtAddress2"]);
$var_city = trim($_POST["txtCity"]);
$var_state = trim($_POST["txtState"]);
$var_phone = trim($_POST["txtPhone"]);
$var_fax = trim($_POST["txtFax"]);
$var_email = trim($_POST["txtEmail"]);
$var_zip = trim($_POST["txtZip"]);
$var_contact = trim($_POST["txtContact"]);
$var_country = trim($_POST["cmbCountry"]);
$var_message = "";
if (validateUpdation($var_email, $var_message) == true) {
$sql = "Update sptbl_companies set vCompName='" . mysql_real_escape_string($var_companyName) . "',\r\n\t\t\t\t\tvCompAddress1='" . mysql_real_escape_string($var_address1) . "',\r\n\t\t\t\t\tvCompAddress2='" . mysql_real_escape_string($var_address2) . "',\r\n\t\t\t\t\tvCompCity='" . mysql_real_escape_string($var_city) . "',\r\n\t\t\t\t\tvCompState='" . mysql_real_escape_string($var_state) . "',\r\n\t\t\t\t\tnCompZip='" . mysql_real_escape_string($var_zip) . "',\r\n\t\t\t\t\tvCompCountry='" . mysql_real_escape_string($var_country) . "',\r\n\t\t\t\t\tvCompPhone='" . mysql_real_escape_string($var_phone) . "',\r\n\t\t\t\t vCompFax='" . mysql_real_escape_string($var_fax) . "',\r\n\t\t\t\t vCompMail='" . mysql_real_escape_string($var_email) . "',\r\n\t\t\t\t vCompContact='" . mysql_real_escape_string($var_contact) . "' where nCompId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Company','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_UPDATED;
$flag_msg = 'class="msg_success"';
}
/* else {
$var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . "</font>";
}*/
}
function validateAddition($var_email, &$var_message)
}
} elseif ($_POST["postback"] == "U") {
// Updating Rule
$ruleName = trim($_POST["txtRuleName"]);
$comapny = trim($_POST["txtCompany"]);
$dept = trim($_POST["txtDept"]);
$staff = trim($_POST["txtStaff"]);
$settings = trim($_POST["settings"]);
$txtResponseSetting = trim($_POST["txtResponseSetting"]);
$var_message = "";
$Time_settings = $settings == 'T' ? "Y" : "N";
$Count_settings = $settings == 'C' ? "Y" : "N";
$txtTime = $Time_settings == 'Y' ? $txtResponseSetting : "";
$txtCount = $Count_settings == 'Y' ? $txtResponseSetting : "";
$var_message = "";
if (validateUpdation($ruleName, $var_message) == true) {
$sql = "Update sptbl_escalationrules set vRuleName='" . mysql_real_escape_string($ruleName) . "',\n\t\t\t\t\tnCompId='" . mysql_real_escape_string($comapny) . "',\n\t\t\t\t\tnDeptId='" . mysql_real_escape_string($dept) . "',\n\t\t\t\t\teRespTimeSetting='" . mysql_real_escape_string($Time_settings) . "',\n\t\t\t\t\teRespCountSetting='" . mysql_real_escape_string($Count_settings) . "',\n\t\t\t\t\tnResponseTime='" . mysql_real_escape_string($txtTime) . "',\n\t\t\t\t\tnResponseCount='" . mysql_real_escape_string($txtCount) . "',\n\t\t\t\t\tnStaffId='" . mysql_real_escape_string($staff) . "'\n where nERId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
$var_message = MESSAGE_RECORD_UPDATED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_DUPILCATION;
$flag_msg = 'class="msg_error"';
}
}
function validateAddition($ruleName, &$var_message)
{
global $conn, $flag_msg, $var_message;
if (trim($_POST["txtRuleName"]) == "" || trim($_POST["txtCompany"]) == "" || trim($_POST["txtDept"]) == "" || trim($_POST["txtStaff"]) == "") {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
