function invoice_form_export_process($type, $returnpage_error, $returnpage_success) { log_debug("inc_invoices_forms", "Executing invoice_form_export_process({$type}, {$returnpage_error}, {$returnpage_success})"); /* Start the invoice */ $invoice = new invoice(); $invoice->type = $type; /* Fetch all form data */ // get the ID for an edit $invoice->id = @security_form_input_predefined("int", "id_invoice", 1, ""); // general details $data["formname"] = @security_form_input_predefined("any", "formname", 1, ""); if ($data["formname"] == "invoice_export_email") { // send email $data["sender"] = @security_form_input_predefined("any", "sender", 1, ""); $data["subject"] = @security_form_input_predefined("any", "subject", 1, ""); $data["email_to"] = @security_form_input_predefined("multiple_email", "email_to", 1, ""); $data["email_cc"] = @security_form_input_predefined("multiple_email", "email_cc", 0, ""); $data["email_bcc"] = @security_form_input_predefined("multiple_email", "email_bcc", 0, ""); $data["message"] = @security_form_input_predefined("any", "email_message", 1, ""); // check if email sending is permitted if (sql_get_singlevalue("SELECT value FROM config WHERE name='EMAIL_ENABLE'") != "enabled") { log_write("error", "inc_invoices_process", "Sorry, the ability to email invoices has been disabled. Please contact your system administrator if you require this feature to be enabled."); } } else { // PDF download $data["invoice_mark_as_sent"] = @security_form_input_predefined("any", "invoice_mark_as_sent", 0, ""); } // make sure that the invoice exists $sql_obj = new sql_query(); $sql_obj->string = "SELECT id FROM `account_" . $invoice->type . "` WHERE id='" . $invoice->id . "'"; $sql_obj->execute(); if (!$sql_obj->num_rows()) { $_SESSION["error"]["message"][] = "The invoice you have attempted to edit - " . $invoice->id . " - does not exist in this system."; } //// ERROR CHECKING /////////////////////// /// if there was an error, go back to the entry page if (!empty($_SESSION["error"]["message"])) { header("Location: ../../index.php?page={$returnpage_error}&id=" . $invoice->id . ""); exit(0); } else { if ($data["formname"] == "invoice_export_email") { /* Generate a PDF of the invoice and email it to the customer */ // stripslashes from the variables - by default all input variables are quoted for security reasons but // we don't want this going through to the email. $data["subject"] = stripslashes($data["subject"]); $data["message"] = stripslashes($data["message"]); // send email $invoice->load_data(); $invoice->email_invoice($data["sender"], $data["email_to"], $data["email_cc"], $data["email_bcc"], $data["subject"], $data["message"]); $_SESSION["notification"]["message"][] = "Email sent successfully."; } else { /* Mark invoice as being sent if user requests it */ if ($data["invoice_mark_as_sent"]) { $sql_obj = new sql_query(); $sql_obj->string = "UPDATE account_" . $invoice->type . " SET date_sent='" . date("Y-m-d") . "', sentmethod='manual' WHERE id='" . $invoice->id . "'"; $sql_obj->execute(); } /* Provide PDF to user's browser */ // generate PDF $invoice->load_data(); $invoice->generate_pdf(); // PDF headers if ($type == "quotes") { $filename = "/tmp/quote_" . $invoice->data["code_quote"] . ".pdf"; } else { $filename = "/tmp/invoice_" . $invoice->data["code_invoice"] . ".pdf"; } // required for IE, otherwise Content-disposition is ignored if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } header("Pragma: public"); // required header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); // required for certain browsers header("Content-Type: application/pdf"); header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\";"); header("Content-Transfer-Encoding: binary"); // output the PDF print $invoice->obj_pdf->output; exit(0); } // display updated details header("Location: ../../index.php?page={$returnpage_success}&id=" . $invoice->id . ""); exit(0); } // end if passed tests }
function get_invoice_pdf($id, $invoicetype) { log_debug("invoices_manage_soap", "Executing get_invoice_pdf({$id}, {$invoicetype})"); // check the invoice type if ($invoicetype != "ar" && $invoicetype != "ap") { throw new SoapFault("Sender", "INVALID_INVOICE_TYPE"); } if (user_permissions_get("accounts_" . $invoicetype . "_view")) { $obj_invoice = new invoice(); $obj_invoice->type = $invoicetype; // sanitise input $obj_invoice->id = @security_script_input_predefined("int", $id); if (!$obj_invoice->id || $obj_invoice->id == "error") { throw new SoapFault("Sender", "INVALID_INPUT"); } // verify that the invoice is valid if (!$obj_invoice->verify_invoice()) { throw new SoapFault("Sender", "INVALID_INVOICE"); } // load data from DB for this invoice if (!$obj_invoice->load_data()) { throw new SoapFault("Sender", "UNEXPECTED_ACTION_ERROR"); } // generate PDF $obj_invoice->generate_pdf(); // return data return base64_encode($obj_invoice->obj_pdf->output); } else { throw new SoapFault("Sender", "ACCESS_DENIED"); } }