if ($myrow[1] == $FunctionalCurrency) {
echo '<tr bgcolor=#FFbbbb>';
} elseif ($k == 1) {
echo '<tr class="EvenTableRows">';
$k = 0;
} else {
echo '<tr class="OddTableRows">';
$k++;
}
// Lets show the country flag
$ImageFile = 'flags/' . strtoupper($myrow[1]) . '.gif';
if (!file_exists($ImageFile)) {
$ImageFile = 'flags/blank.gif';
}
if ($myrow[1] != $FunctionalCurrency) {
printf("<td><img src=\"%s\"></td>\n \t\t<td>%s</td>\n\t \t\t\t<td>%s</td>\n\t\t\t\t\t<td>%s</td>\n\t\t\t\t\t<td>%s</td>\n\t\t\t\t\t<td class=number>%s</td>\n\t\t\t\t\t<td class=number>%s</td>\n\t\t\t\t\t<td><a href=\"%s&SelectedCurrency=%s\">%s</a></td>\n\t\t\t\t\t<td><a href=\"%s&SelectedCurrency=%s&delete=1\">%s</a></td>\n\t\t\t\t\t<td><a href=\"%s/ExchangeRateTrend.php?%s\">" . _('Graph') . "</a></td>\n\t\t\t\t\t</tr>", $ImageFile, $myrow[1], $myrow[0], $myrow[2], $myrow[3], number_format($myrow[4], 5), number_format(GetCurrencyRate($myrow[1], $CurrencyRatesArray), 5), $_SERVER['PHP_SELF'] . '?' . SID, $myrow[1], _('Edit'), $_SERVER['PHP_SELF'] . '?' . SID, $myrow[1], _('Delete'), $rootpath, SID . '&CurrencyToShow=' . $myrow[1]);
} else {
printf("<td><img src=\"%s\"></td>\n \t\t<td>%s</td>\n\t \t\t\t<td>%s</td>\n\t\t\t\t\t<td>%s</td>\n\t\t\t\t\t<td>%s</td>\n\t\t\t\t\t<td class=number>%s</td>\n\t\t\t\t\t<td colspan=4>%s</td>\n\t\t\t\t\t</tr>", $ImageFile, $myrow[1], $myrow[0], $myrow[2], $myrow[3], 1, _('Functional Currency'));
}
}
//END WHILE LIST LOOP
echo '</table><br>';
}
//end of ifs and buts!
if (isset($SelectedCurrency)) {
echo '<div class="centre"><a href=' . $_SERVER['PHP_SELF'] . '?' . SID . '>' . _('Show all currency definitions') . '</a></div>';
}
echo '<br>';
if (!isset($_GET['delete'])) {
echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
if (isset($SelectedCurrency) and $SelectedCurrency != '') {
function DoSetup()
{
global $PathPrefix;
if (isset($_SESSION['db']) and $_SESSION['db'] != '') {
include $PathPrefix . 'includes/GetConfig.php';
}
$db = $_SESSION['db'];
// Used a bit in the following.
if (isset($_SESSION['DB_Maintenance'])) {
if ($_SESSION['DB_Maintenance'] != 0) {
if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['DB_Maintenance_LastRun']), 'd') > $_SESSION['DB_Maintenance']) {
/*Do the DB maintenance routing for the DB_type selected */
DB_Maintenance($db);
//purge the audit trail if necessary
if (isset($_SESSION['MonthsAuditTrail'])) {
$sql = "DELETE FROM audittrail\n\t\t\t\t\t\t WHERE transactiondate <= '" . Date('Y-m-d', mktime(0, 0, 0, Date('m') - $_SESSION['MonthsAuditTrail'])) . "'";
$ErrMsg = _('There was a problem deleting expired audit-trail history');
$result = DB_query($sql, $db);
}
$_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d');
}
}
}
/*Check to see if currency rates need to be updated */
if (isset($_SESSION['UpdateCurrencyRatesDaily'])) {
if ($_SESSION['UpdateCurrencyRatesDaily'] != 0) {
if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily']), 'd') > 0) {
$CurrencyRates = GetECBCurrencyRates();
// gets rates from ECB see includes/MiscFunctions.php
/*Loop around the defined currencies and get the rate from ECB */
$CurrenciesResult = DB_query("SELECT currabrev FROM currencies", $db);
while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
$UpdateCurrRateResult = DB_query("UPDATE currencies SET\n\t\t\t\t\t\t\t\t\t\t\t rate='" . GetCurrencyRate($CurrencyRow[0], $CurrencyRates) . "'\n\t\t\t\t\t\t\t\t\t\t\t WHERE currabrev='" . $CurrencyRow[0] . "'", $db);
}
}
$_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d');
$UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'", $db);
}
}
}
}
}
if ($myrow['currabrev'] != $FunctionalCurrency) {
printf('<td><img src="%s" alt="" /></td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td class="number">%s</td>
<td class="centre">%s</td>
<td class="number">%s</td>
<td class="number">%s</td>
<td class="number">%s</td>
<td><a href="%s&SelectedCurrency=%s">%s</a></td>
<td><a href="%s&SelectedCurrency=%s&delete=1" onclick="return confirm(\'' . _('Are you sure you wish to delete this currency?') . '\');">%s</a></td>
<td><a href="%s/ExchangeRateTrend.php?%s">' . _('Graph') . '</a></td>
</tr>', $ImageFile, $myrow['currabrev'], $CurrencyName[$myrow['currabrev']], $myrow['country'], $myrow['hundredsname'], locale_number_format($myrow['decimalplaces'], 0), $ShowInWebText, locale_number_format($myrow['rate'], 8), locale_number_format(1 / $myrow['rate'], 2), locale_number_format(GetCurrencyRate($myrow['currabrev'], $CurrencyRatesArray), 8), htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?', $myrow['currabrev'], _('Edit'), htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?', $myrow['currabrev'], _('Delete'), $RootPath, '&CurrencyToShow=' . $myrow['currabrev']);
} else {
printf('<td><img src="%s" alt="" /></td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td class="number">%s</td>
<td class="centre">%s</td>
<td class="number">%s</td>
<td class="number">%s</td>
<td class="number">%s</td>
<td><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?&SelectedCurrency=' . urlencode($myrow['currabrev']) . '">' . _('Edit') . '</a></td>
<td colspan="2">' . _('Functional Currency') . '</td>
</tr>', $ImageFile, $myrow['currabrev'], $CurrencyName[$myrow['currabrev']], $myrow['country'], $myrow['hundredsname'], locale_number_format($myrow['decimalplaces'], 0), $ShowInWebText, locale_number_format(1, 8), locale_number_format(1, 2), locale_number_format(1, 8), _('Home Currency'));
}
if (!file_exists($ImageFile)) {
$ImageFile = 'flags/blank.gif';
}
if ($myrow[1] != $FunctionalCurrency) {
printf('<td><img src="%s" /></td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td class="number">%s</td>
<td class="number">%s</td>
<td class="number">%s</td>
<td><a href="%s&SelectedCurrency=%s">%s</a></td>
<td><a href="%s&SelectedCurrency=%s&delete=1">%s</a></td>
<td><a href="%s/ExchangeRateTrend.php?%s">' . _('Graph') . '</a></td>
</tr>', $ImageFile, $myrow['currabrev'], $myrow['currency'], $myrow['country'], $myrow['hundredsname'], locale_number_format($myrow['decimalplaces'], 0), locale_number_format($myrow['rate'], 5), locale_number_format(GetCurrencyRate($myrow['currabrev'], $CurrencyRatesArray), 5), htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?', $myrow['currabrev'], _('Edit'), htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?', $myrow['currabrev'], _('Delete'), $rootpath, 'CurrencyToShow=' . $myrow['currabrev']);
} else {
printf('<td><img src="%s" /></td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td>%s</td>
<td class="number">%s</td>
<td class="number">%s</td>
<td colspan="2">%s</td>
<td><a href="%s&SelectedCurrency=%s">%s</a></td>
<td><a href="%s/ExchangeRateTrend.php?%s">' . _('Graph') . '</a></td>
</tr>', $ImageFile, $myrow['currabrev'], $myrow['currency'], $myrow['country'], $myrow['hundredsname'], $myrow['decimalplaces'], 1, _('Functional Currency'), htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?', $myrow['currabrev'], _('Edit'), htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?', $myrow['currabrev'], _('Delete'), $rootpath, 'CurrencyToShow=' . $myrow['currabrev']);
}
}
//END WHILE LIST LOOP
function userLogin($Name, $Password, $SysAdminEmail = '', $db)
{
global $debug;
global $PathPrefix;
if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') {
/* if not logged in */
$_SESSION['AccessLevel'] = '';
$_SESSION['CustomerID'] = '';
$_SESSION['UserBranch'] = '';
$_SESSION['SalesmanLogin'] = '';
$_SESSION['Module'] = '';
$_SESSION['PageSize'] = '';
$_SESSION['UserStockLocation'] = '';
$_SESSION['AttemptsCounter']++;
// Show login screen
if (!isset($Name) or $Name == '') {
$_SESSION['DatabaseName'] = '';
$_SESSION['CompanyName'] = '';
return UL_SHOWLOGIN;
}
/* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */
$sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$ErrMsg = _('Could not retrieve user details on login because');
$debug = 1;
$PasswordVerified = false;
$Auth_Result = DB_query($sql, $ErrMsg);
if (DB_num_rows($Auth_Result) > 0) {
$myrow = DB_fetch_array($Auth_Result);
if (VerifyPass($Password, $myrow['password'])) {
$PasswordVerified = true;
} elseif (isset($GLOBALS['CryptFunction'])) {
/*if the password stored in the DB was compiled the old way,
* the previous comparison will fail,
* try again with the old hashing algorithm,
* then re-hash the password using the new algorithm.
* The next version should not have $CryptFunction any more for new installs.
*/
switch ($GLOBALS['CryptFunction']) {
case 'sha1':
if ($myrow['password'] == sha1($Password)) {
$PasswordVerified = true;
}
break;
case 'md5':
if ($myrow['password'] == md5($Password)) {
$PasswordVerified = true;
}
break;
default:
if ($myrow['password'] == $Password) {
$PasswordVerified = true;
}
}
if ($PasswordVerified) {
$sql = "UPDATE www_users SET password = '******'" . " WHERE userid = '" . $Name . "';";
DB_query($sql);
}
}
}
// Populate session variables with data base results
if ($PasswordVerified) {
if ($myrow['blocked'] == 1) {
//the account is blocked
return UL_BLOCKED;
}
/*reset the attempts counter on successful login */
$_SESSION['UserID'] = $myrow['userid'];
$_SESSION['AttemptsCounter'] = 0;
$_SESSION['AccessLevel'] = $myrow['fullaccess'];
$_SESSION['CustomerID'] = $myrow['customerid'];
$_SESSION['UserBranch'] = $myrow['branchcode'];
$_SESSION['DefaultPageSize'] = $myrow['pagesize'];
$_SESSION['UserStockLocation'] = $myrow['defaultlocation'];
$_SESSION['UserEmail'] = $myrow['email'];
$_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']);
$_SESSION['UsersRealName'] = $myrow['realname'];
$_SESSION['Theme'] = $myrow['theme'];
$_SESSION['Language'] = $myrow['language'];
$_SESSION['SalesmanLogin'] = $myrow['salesman'];
$_SESSION['CanCreateTender'] = $myrow['cancreatetender'];
$_SESSION['AllowedDepartment'] = $myrow['department'];
$_SESSION['ShowDashboard'] = $myrow['showdashboard'];
if (isset($myrow['pdflanguage'])) {
$_SESSION['PDFLanguage'] = $myrow['pdflanguage'];
} else {
$_SESSION['PDFLanguage'] = '0';
//default to latin western languages
}
if ($myrow['displayrecordsmax'] > 0) {
$_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax'];
} else {
$_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax'];
// default comes from config.php
}
$sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql);
/*get the security tokens that the user has access to */
$sql = "SELECT tokenid\n\t\t\t\t\tFROM securitygroups\n\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'";
$Sec_Result = DB_query($sql);
$_SESSION['AllowedPageSecurityTokens'] = array();
if (DB_num_rows($Sec_Result) == 0) {
return UL_CONFIGERR;
} else {
$i = 0;
$UserIsSysAdmin = FALSE;
while ($myrow = DB_fetch_row($Sec_Result)) {
if ($myrow[0] == 15) {
$UserIsSysAdmin = TRUE;
}
$_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
$i++;
}
}
/*User is logged in so get configuration parameters - save in session*/
include $PathPrefix . 'includes/GetConfig.php';
if (isset($_SESSION['DB_Maintenance'])) {
if ($_SESSION['DB_Maintenance'] > 0) {
//run the DB maintenance script
if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['DB_Maintenance_LastRun']), 'd') >= $_SESSION['DB_Maintenance']) {
/*Do the DB maintenance routing for the DB_type selected */
DB_Maintenance();
$_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d');
/* Audit trail purge only runs if DB_Maintenance is enabled */
if (isset($_SESSION['MonthsAuditTrail'])) {
$sql = "DELETE FROM audittrail\n\t\t\t\t\t\t\t\t\tWHERE transactiondate <= '" . Date('Y-m-d', mktime(0, 0, 0, Date('m') - $_SESSION['MonthsAuditTrail'])) . "'";
$ErrMsg = _('There was a problem deleting expired audit-trail history');
$result = DB_query($sql);
}
}
}
}
/*Check to see if currency rates need to be updated */
if (isset($_SESSION['UpdateCurrencyRatesDaily'])) {
if ($_SESSION['UpdateCurrencyRatesDaily'] != 0) {
/* Only run the update to currency rates if today is after the last update i.e. only runs once a day */
if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily']), 'd') > 0) {
if ($_SESSION['ExchangeRateFeed'] == 'ECB') {
$CurrencyRates = GetECBCurrencyRates();
// gets rates from ECB see includes/MiscFunctions.php
/*Loop around the defined currencies and get the rate from ECB */
if ($CurrencyRates != false) {
$CurrenciesResult = DB_query("SELECT currabrev FROM currencies");
while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
$UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . GetCurrencyRate($CurrencyRow[0], $CurrencyRates) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db);
}
}
}
} else {
$CurrenciesResult = DB_query("SELECT currabrev FROM currencies");
while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
$UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . google_currency_rate($CurrencyRow[0]) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db);
}
}
}
$_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d');
$UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'");
}
}
}
/* Set the logo if not yet set.
* will be done only once per session and each time
* we are not in session (i.e. before login)
*/
if (empty($_SESSION['LogoFile'])) {
/* find a logo in companies/CompanyDir */
if (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.png')) {
$_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.png';
} elseif (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg')) {
$_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg';
}
}
if (!isset($_SESSION['DB_Maintenance'])) {
return UL_CONFIGERR;
} else {
if ($_SESSION['DB_Maintenance'] == -1 and !in_array(15, $_SESSION['AllowedPageSecurityTokens'])) {
// the configuration setting has been set to -1 ==> Allow SysAdmin Access Only
// the user is NOT a SysAdmin
return UL_MAINTENANCE;
}
}
} else {
// Incorrect password
// 5 login attempts, show failed login screen
if (!isset($_SESSION['AttemptsCounter'])) {
$_SESSION['AttemptsCounter'] = 0;
} elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) {
/*User blocked from future accesses until sysadmin releases */
$sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql);
if ($SysAdminEmail != '') {
$EmailSubject = _('User access blocked') . ' ' . $Name;
$EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.');
if ($_SESSION['SmtpSetting'] == 0) {
mail($SysAdminEmail, $EmailSubject, $EmailText);
} else {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setSubject($EmailSubject);
$mail->setText($EmailText);
$result = SendmailBySmtp($mail, array($SysAdminEmail));
}
}
return UL_BLOCKED;
}
return UL_NOTVALID;
}
}
// End of userid/password check
// Run with debugging messages for the system administrator(s) but not anyone else
return UL_OK;
/* All is well */
}