function smarty_function_print_if_not_null($params, &$smarty) { if ($params['field'] != null) { $print_if_not_null = "\n <tr>\n <td class='" . htmlsafe($params[class1]) . "'>" . htmlsafe($params[label]) . ":</td>\n\t\t\t\t<td class='" . htmlsafe($params[class2]) . "' colspan='" . htmlsafe($params[colspan]) . "'>" . htmlsafe($params[field]) . "</td>\n </tr>"; echo $print_if_not_null; } }
public static function get_all() { global $dbh; global $LANG; global $auth_session; $customer = null; $sql = "SELECT * FROM " . TB_PREFIX . "customers WHERE domain_id = :domain_id"; $sth = dbQuery($sql, ':domain_id', $auth_session->domain_id) or die(htmlsafe(end($dbh->errorInfo()))); $customers = null; for ($i = 0; $customer = $sth->fetch(); $i++) { if ($customer['enabled'] == 1) { $customer['enabled'] = $LANG['enabled']; } else { $customer['enabled'] = $LANG['disabled']; } #invoice total calc - start $customer['total'] = calc_customer_total($customer['id']); #invoice total calc - end #amount paid calc - start $customer['paid'] = calc_customer_paid($customer['id']); #amount paid calc - end #amount owing calc - start $customer['owing'] = $customer['total'] - $customer['paid']; #amount owing calc - end $customers[$i] = $customer; } return $customers; }
function query($sqlQuery) { //dbQuery($sql); try { //$dbh = $this->connection; //var_dump($this->_db); $argc = func_num_args(); $binds = func_get_args(); //$sth = false; // PDO SQL Preparation $sth = $this->_db->prepare($sqlQuery); if ($argc > 1) { array_shift($binds); for ($i = 0; $i < count($binds); $i++) { $sth->bindValue($binds[$i], $binds[++$i]); } } //var_dump($this->_db); $result = $sth->execute(); //$sth->closeCursor(); if ($sth->errorCode() > '0') { simpleInvoicesError('sql', $sth->errorInfo(), $sqlQuery); } } catch (Exception $e) { echo $e->getMessage(); echo "Dude, what happened to your query?:<br /><br /> " . htmlsafe($sqlQuery) . "<br />" . htmlsafe(end($this->_db->errorInfo())); $sth = NULL; } //$this->connection->closeCursor(); return $sth; #return $result; $sth->closeCursor(); $sth = NULL; }
function grouped($expense_id) { $sql = "select \n t.tax_description as tax_name, \n sum(et.tax_amount) as tax_amount,\n count(*) as count\n from \n si_expense_item_tax et, \n si_expense e,\n si_tax t \n where \n e.id = et.expense_id \n AND \n t.tax_id = et.tax_id \n AND\n e.id = :expense_id\n GROUP BY \n t.tax_id;"; $sth = dbQuery($sql, ':expense_id', $expense_id) or die(htmlsafe(end($dbh->errorInfo()))); $result = $sth->fetchAll(); return $result; }
public function update() { global $db; $sql = "UPDATE ".TB_PREFIX."system_defaults SET value = :value WHERE name = :name"; //dont worry about checking db if were using the core extension if ( $this->extension_name != "core" ) { $SI_EXTENSIONS = new SimpleInvoices_Db_Table_Extensions(); $extension_id = $SI_EXTENSIONS->findByName($extension_name); } else { $extension_id = 0; } if ($extension_id >= 0) { $sql .= " AND extension_id = :extension_id"; } else { die(htmlsafe("Invalid extension name: ".$extension)); } if ($db->query($sql, ':value', $this->value, ':name', $this->name, ':extension_id', $extension_id)) { return true; } return false; }
function smarty_function_online_payment_link($params, &$smarty) { global $LANG; $domain_id = domain_id::get($params['domain_id']); $url = getURL(); if (in_array("paypal", explode(",", $params['type']))) { $link = "<a \n\t\t\t\thref=\"https://www.paypal.com/xclick/?business=" . urlencode($params['business']) . "&item_name=" . urlencode($params['item_name']) . "&invoice=" . urlencode($params['invoice']) . "&amount=" . urlencode(number_format($params['amount'], 2, '.', '')) . "¤cy_code=" . urlencode($params['currency_code']) . "¬ify_url=" . urlencode($params['notify_url']) . "&return=" . urlencode($params['return_url']) . "&no_shipping=1&no_note=1&custom=domain_id:" . urlencode($domain_id) . "; \">"; if ($params['include_image'] == "true") { $link .= "<img border='0' src='" . urlsafe($url) . "/images/common/pay_with_paypal.gif'/>"; } else { $link .= htmlsafe($params['link_wording']); } $link .= "</a>"; echo $link; } if (in_array("eway_shared", explode(",", $params['type']))) { $link = "<a \n\t\t\t\thref=\"https://www.paypal.com/xclick/?business=" . urlencode($params['business'] . "\n\t\t\t\t&item_name=" . urlencode($params['item_name']) . "&invoice=" . urlencode($params['invoice']) . "\n\t\t\t\t&amount=" . urlencode(number_format($params['amount'], 2, '.', '')) . "¤cy_code=" . $params['currency_code']) . "\n\t\t\t\t&return=http://vcsweb.com.au&no_shipping=1&no_note=1\">"; if ($params['include_image'] == "true") { $link .= "<img border='0' src='" . urlsafe($url) . "/images/common/pay_with_eway.gif'/>"; } else { $link .= htmlsafe($params['link_wording']); } $link .= "</a>"; echo $link; } }
public function insert() { global $db; global $auth_session; global $dbh; $domain_id = domain_id::get($this->domain_id); $sql = "INSERT INTO ".TB_PREFIX."payment_types ( pt_description, pt_enabled, domain_id ) VALUES ( :pt_description, :pt_enabled, :domain_id )"; $sth = $db->query($sql, ':pt_description',$this->pt_description, ':pt_enabled',$this->pt_enabled, ':domain_id',$domain_id ) or die(htmlsafe(end($dbh->errorInfo()))); return $sth; }
function printInputField($id,$itemId) { $description = $this->getDescription($id); $name = $this->getFormName($id); if($itemId != "") { $value = $this->getFieldValue($id,$itemId); } else { $last = $this->getLastValue(); $year = date("Y"); if(preg_match("/([0-9]+)-([0-9]{4})/",$last,$match)) { if($year == $match[2]) { $number = $match[1]+1; $value = $number."-".$year; } else { $value = "1-".$year; } } else { $value = "1-".$year; } } echo "<tr><td>".htmlsafe($description)."</td><td><input name='".htmlsafe($name)."' value='".htmlsafe($value)."' type='hidden'>".htmlsafe($value)."</td></tr>"; }
public function check() { global $db; global $dbh; $domain_id = domain_id::get($this->domain_id); $run_date = empty($this->run_date) ? $today : $this->run_date; $sql = "SELECT count(*) as count FROM ".TB_PREFIX."cron_log WHERE domain_id = :domain_id AND cron_id = :cron_id AND run_date = :run_date"; $sth = $db->query($sql, ':domain_id',$domain_id, ':cron_id',$this->cron_id, ':run_date',$run_date ) or die(htmlsafe(end($dbh->errorInfo()))); return $sth->fetchColumn(); }
public static function get($id) { global $db; global $auth_session; global $dbh; $sql = "SELECT * FROM ".TB_PREFIX."expense WHERE domain_id = :domain_id and id = :id"; /*$sql = "SELECT * FROM ".TB_PREFIX."expense e LEFT OUTER JOIN ".TB_PREFIX."expense_item_tax et ON (e.id = et.expense_id) WHERE e.domain_id = :domain_id and e.id = :id ";*/ $sth = $db->query($sql,':domain_id',$auth_session->domain_id ,':id',$id) or die(htmlsafe(end($dbh->errorInfo()))); return $sth->fetch(); }
function printInputField($id,$itemId) { $description = $this->getDescription($id); $value = rand(); $name = $this->getFormName($id); echo "<tr><input type='hidden' name='".htmlsafe($name)."' value='".htmlsafe($value)."'><td>".htmlsafe($description).":</td><td>".htmlsafe($value)."</td></tr>"; }
function smarty_function_merge_address($params, &$smarty) { global $LANG; $skip_section = false; $ma = ''; // If any among city, state or zip is present with no street at all if (($params['field1'] != null or $params['field2'] != null or $params['field3'] != null) and ($params['street1'] == null and $params['street2'] == null)) { $ma .= "\n\t\t<tr>\n\t\t\t\t<td class='" . htmlsafe($params[class1]) . "'>{$LANG['address']}:</td>\n\t\t\t\t<td class='" . htmlsafe($params[class2]) . "' colspan='" . htmlsafe($params[colspan]) . "'>"; $skip_section = true; } // If any among city, state or zip is present with atleast one street value if (($params['field1'] != null or $params['field2'] != null or $params['field3'] != null) and !$skip_section) { $ma .= "\n\t\t<tr>\n\t\t\t\t<td class='" . htmlsafe($params[class1]) . "'></td>\n\t\t\t\t<td class='" . htmlsafe($params[class2]) . "' colspan='" . htmlsafe($params[colspan]) . "'>"; } if ($params['field1'] != null) { $ma .= htmlsafe($params[field1]); } if ($params['field1'] != null and $params['field2'] != null) { $ma .= ", "; } if ($params['field2'] != null) { $ma .= htmlsafe($params[field2]); } if (($params['field1'] != null or $params['field2'] != null) and $params['field3'] != null) { $ma .= ", "; } if ($params['field3'] != null) { $ma .= htmlsafe($params[field3]); } $ma .= "</td>\n\t\t</tr>"; echo $ma; }
function getInvoiceItems($id) { $sql = "SELECT * FROM " . TB_PREFIX . "invoice_items WHERE invoice_id = :id"; $sth = dbQuery($sql, ':id', $id); $invoiceItems = null; for ($i = 0; $invoiceItem = $sth->fetch(); $i++) { $invoiceItem['quantity'] = $invoiceItem['quantity']; $invoiceItem['unit_price'] = $invoiceItem['unit_price']; $invoiceItem['tax_amount'] = $invoiceItem['tax_amount']; $invoiceItem['gross_total'] = $invoiceItem['gross_total']; $invoiceItem['total'] = $invoiceItem['total']; $sql = "SELECT * FROM " . TB_PREFIX . "products WHERE id = :id"; $tth = dbQuery($sql, ':id', $invoiceItem['product_id']) or die(htmlsafe(end($dbh->errorInfo()))); $invoiceItem['product'] = $tth->fetch(); $attr_sql = "select \r\n CONCAT(a.display_name, '-',v.value) as display,\r\n\t\t\t\t\tCONCAT(p.id, '-', a.id, '-', v.id) as id, \r\n\t\t\t\t\ta.id as aid \r\n from\r\n si_products_attributes a,\r\n si_products_values v,\r\n\t\t\t\t\tsi_products_matrix m,\r\n\t\t\t\t\tsi_products p\r\n where\r\n\t\t\t\t\tp.id = m.product_id \r\n\t\t\t\t\tand \r\n\t\t\t\t\ta.id = m.attribute_id \r\n\t\t\t\t\tand \r\n a.id = v.attribute_id\r\n\t\t\t\t\tand\r\n\t\t\t\t\tp.id = :pid\r\n and\r\n v.id = :attr_id"; $attr_all_sql = "select \r\n CONCAT(a.display_name, '-',v.value) as display,\r\n\t\t\t\t\tCONCAT(p.id, '-', a.id, '-', v.id) as id \r\n\t\t\t\t\r\n from\r\n si_products_attributes a,\r\n si_products_values v,\r\n\t\t\t\t\tsi_products_matrix m,\r\n\t\t\t\t\tsi_products p\r\n where\r\n\t\t\t\t\tp.id = m.product_id \r\n\t\t\t\t\tand \r\n\t\t\t\t\ta.id = m.attribute_id \r\n\t\t\t\t\tand \r\n a.id = v.attribute_id\r\n\t\t\t\t\tand\r\n\t\t\t\t\tp.id = :pid\r\n and\r\n m.attribute_id = :aid\r\n and\r\n v.id != :attr_id"; $attr1 = dbQuery($attr_sql, ':attr_id', $invoiceItem['attribute_1'], ':pid', $invoiceItem['product_id']) or die(htmlsafe(end($dbh->errorInfo()))); $invoiceItem['attr1'] = $attr1->fetch(); $attr_all_1 = dbQuery($attr_all_sql, ':attr_id', $invoiceItem['attribute_1'], ':pid', $invoiceItem['product_id'], ':aid', $invoiceItem['attr1']['aid']) or die(htmlsafe(end($dbh->errorInfo()))); $invoiceItem['attr_all_1'] = $attr_all_1->fetchAll(); $attr2 = dbQuery($attr_sql, ':attr_id', $invoiceItem['attribute_2'], ':pid', $invoiceItem['product_id']) or die(htmlsafe(end($dbh->errorInfo()))); $invoiceItem['attr2'] = $attr2->fetch(); $attr_all_2 = dbQuery($attr_all_sql, ':attr_id', $invoiceItem['attribute_2'], ':pid', $invoiceItem['product_id'], ':aid', $invoiceItem['attr2']['aid']) or die(htmlsafe(end($dbh->errorInfo()))); $invoiceItem['attr_all_2'] = $attr_all_2->fetchAll(); $attr3 = dbQuery($attr_sql, ':attr_id', $invoiceItem['attribute_3'], ':pid', $invoiceItem['product_id']) or die(htmlsafe(end($dbh->errorInfo()))); $invoiceItem['attr3'] = $attr3->fetch(); $attr_all_3 = dbQuery($attr_all_sql, ':attr_id', $invoiceItem['attribute_3'], ':pid', $invoiceItem['product_id'], ':aid', $invoiceItem['attr2']['aid']) or die(htmlsafe(end($dbh->errorInfo()))); $invoiceItem['attr_all_3'] = $attr_all_3->fetchAll(); $invoiceItems[$i] = $invoiceItem; } return $invoiceItems; }
function smarty_function_inv_itemised_cf($params, &$smarty) { //$print_cf ="testsd"; if ($params['field'] != null) { $print_cf .= "<td width=50%>".htmlsafe($params[label]).": ".htmlsafe($params[field])."</td>"; echo $print_cf; } }
public function select() { global $LANG; global $db; $sql = "SELECT\n\t\t\t\tiv.*,\n p.description\n\t\t\tFROM \n\t\t\t\t" . TB_PREFIX . "products p,\n\t\t\t\t" . TB_PREFIX . "inventory iv\n\t\t\t WHERE \n\t\t\t\tiv.domain_id = :domain_id\n\t\t\t\tand\n p.id = iv.product_id\n\t\t\t\tand\n iv.id = :id;"; $sth = $db->query($sql, ':domain_id', domain_id::get($this->domain_id), ':id', $this->id) or die(htmlsafe(end($dbh->errorInfo()))); return $sth->fetch(); }
function smarty_function_print_if_not_null($params, &$smarty) { if ($params['field'] != null) { $print_if_not_null = " <tr> <td class='".htmlsafe($params['class1'])."'>".htmlsafe($params['label']).":</td> <td class='".htmlsafe($params['class2'])."' colspan='".htmlsafe($params['colspan'])."'>".htmlsafe($params['field'])."</td> </tr>"; echo $print_if_not_null; } }
function printInputField($id, $itemId) { $name = $this->getFormName($id); if ($itemId != "") { $value = $this->getList($this->getFieldValue($id, $itemId), $name); } else { $value = $this->getList("", $name); } echo "<tr><td>" . htmlsafe($description) . "</td><td>" . htmlsafe($value) . "</td></tr>"; }
public static function rewind() { global $db; global $auth_session; if ($sub_node != "") { $subnode = "and sub_node = " . $sub_node; } $sql = "update\n si_index \n set \n id = (id - 1) \n where\n node = :node\n and\n domain_id = :domain_id\n " . $subnode; $sth = $db->query($sql, ':node', $node, ':domain_id', $auth_session->domain_id) or die(htmlsafe(end($dbh->errorInfo()))); return $sth; }
function sql($type = '', $dir, $sort, $rp, $page) { global $config; global $auth_session; //SC: Safety checking values that will be directly subbed in if (intval($start) != $start) { $start = 0; } if (intval($limit) != $limit) { $limit = 25; } if (!preg_match('/^(asc|desc)$/iD', $dir)) { $dir = 'DESC'; } $query = $_POST['query']; $qtype = $_POST['qtype']; /*SQL Limit - start*/ $start = ($page - 1) * $rp; $limit = "LIMIT {$start}, {$rp}"; if ($type == "count") { unset($limit); } /*SQL Limit - end*/ $where = ""; if ($query) { $where = " AND {$qtype} LIKE '%{$query}%' "; } /*Check that the sort field is OK*/ $validFields = array('ap.id', 'ac_inv_id', 'description', 'unit_price', 'enabled'); if (in_array($sort, $validFields)) { $sort = $sort; } else { $sort = "ap.id"; } $query = null; #if coming from another page where you want to filter by just one invoice if (!empty($_GET['id'])) { $id = $_GET['id']; //$query = getInvoicePayments($_GET['id']); //$sql = "SELECT ap.*, c.name as cname, b.name as bname from ".TB_PREFIX."payment ap, ".TB_PREFIX."invoices iv, ".TB_PREFIX."customers c, ".TB_PREFIX."biller b where ap.ac_inv_id = iv.id and iv.customer_id = c.id and iv.biller_id = b.id and ap.ac_inv_id = :id ORDER BY ap.id DESC"; $sql = "SELECT \r\n\t\t\t\t\tap.*, \r\n\t\t\t\t\tc.name as cname, \r\n\t\t\t\t\t(SELECT CONCAT(p.pref_inv_wording,' ',iv.index_id)) as index_name,\r\n\t\t\t\t\tb.name as bname,\r\n\t\t\t\t\tpt.pt_description AS description,\r\n\t\t\t\t\tac_notes AS notes,\r\n\t\t\t\t\tDATE_FORMAT(ac_date,'%Y-%m-%d') AS date\r\n\t\t\tfrom \r\n\t\t\t\t" . TB_PREFIX . "payment ap,\r\n\t\t\t\t" . TB_PREFIX . "invoices iv,\r\n\t\t\t\t" . TB_PREFIX . "customers c,\r\n\t\t\t\t" . TB_PREFIX . "preferences p,\r\n\t\t\t\t" . TB_PREFIX . "biller b ,\r\n\t\t\t\t" . TB_PREFIX . "payment_types pt \r\n\t\t\twhere \r\n\t\t\t\tap.ac_inv_id = iv.id \r\n\t\t\t\tand \r\n\t\t\t\tiv.customer_id = c.id \r\n\t\t\t\tand \r\n\t\t\t\tiv.biller_id = b.id \r\n\t\t\t\tand\r\n\t\t\t\tap.ac_payment_type = pt.pt_id \r\n\t\t\t\tand \r\n\t\t\t\tap.ac_inv_id = :invoice_id\r\n\t\t\t\tand \r\n\t\t\t\tap.domain_id = :domain_id\r\n\t\t\t\tand \r\n\t\t\t\tiv.preference_id = p.pref_id\r\n\t\t\t\t{$where}\r\n\t\t\tORDER BY \r\n\t\t\t\t{$sort} {$dir} \r\n\t\t\t\t{$limit}"; $result = dbQuery($sql, ':domain_id', $auth_session->domain_id, ':invoice_id', $_GET['id']) or die(htmlsafe(end($dbh->errorInfo()))); } elseif (!empty($_GET['c_id'])) { //$query = getCustomerPayments($_GET['c_id']); $id = $_GET['c_id']; $sql = "SELECT \r\n\t\t\t\t\tap.*, \r\n\t\t\t\t\tc.name as cname, \r\n\t\t\t\t\t(SELECT CONCAT(p.pref_inv_wording,' ',iv.index_id)) as index_name,\r\n\t\t\t\t\tb.name as bname,\r\n\t\t\t\t\tpt.pt_description AS description,\r\n\t\t\t\t\tac_notes AS notes,\r\n\t\t\t\t\tDATE_FORMAT(ac_date,'%Y-%m-%d') AS date\r\n\t\t\t\tfrom \r\n\t\t\t\t\t" . TB_PREFIX . "payment ap, \r\n\t\t\t\t\t" . TB_PREFIX . "invoices iv, \r\n\t\t\t\t\t" . TB_PREFIX . "customers c, \r\n\t\t\t\t\t" . TB_PREFIX . "preferences p,\r\n\t\t\t\t\t" . TB_PREFIX . "biller b ,\r\n\t\t\t\t\t" . TB_PREFIX . "payment_types pt \r\n\t\t\t\twhere \r\n\t\t\t\t\tap.ac_inv_id = iv.id \r\n\t\t\t\t\tand \r\n\t\t\t\t\tiv.customer_id = c.id \r\n\t\t\t\t\tand \r\n\t\t\t\t\tiv.biller_id = b.id \r\n\t\t\t\t\tand\r\n\t\t\t\t\tap.ac_payment_type = pt.pt_id \r\n\t\t\t\t\tand \r\n\t\t\t\t\tc.id = :id \r\n\t\t\t\t\tand \r\n\t\t\t\t\tiv.preference_id = p.pref_id\r\n\t\t\t\tORDER BY \r\n\t\t\t\t{$sort} {$dir} \r\n\t\t\t\t{$limit}"; $result = dbQuery($sql, ':id', $id) or die(htmlsafe(end($dbh->errorInfo()))); } else { //$query = getPayments(); $sql = "SELECT \r\n\t\t\t\t\tap.*, \r\n\t\t\t\t\tc.name as cname, \r\n\t\t\t\t\tb.name as bname,\r\n\t\t\t\t\tpt.pt_description AS description,\r\n\t\t\t\t\tac_notes AS notes,\r\n\t\t\t\t\t(SELECT CONCAT(p.pref_inv_wording,' ',iv.index_id)) as index_name,\r\n\t\t\t\t\tDATE_FORMAT(ac_date,'%Y-%m-%d') AS date\r\n\t\t\t\tFROM \r\n\t\t\t\t\t" . TB_PREFIX . "payment ap, \r\n\t\t\t\t\t" . TB_PREFIX . "invoices iv, \r\n\t\t\t\t\t" . TB_PREFIX . "customers c, \r\n\t\t\t\t\t" . TB_PREFIX . "biller b ,\r\n\t\t\t\t\t" . TB_PREFIX . "preferences p,\r\n\t\t\t\t\t" . TB_PREFIX . "payment_types pt \r\n\t\t\t\tWHERE \r\n\t\t\t\t\tap.ac_inv_id = iv.id \r\n\t\t\t\t\tAND \r\n\t\t\t\t\t\tiv.customer_id = c.id \r\n\t\t\t\t\tAND \r\n\t\t\t\t\t\tiv.biller_id = b.id \r\n\t\t\t\t\tAND\r\n\t\t\t\t\t\tap.ac_payment_type = pt.pt_id \r\n\t\t\t\t\tAND\r\n\t\t\t\t\t\tap.domain_id = :domain_id\r\n\t\t\t\t\tand \r\n\t\t\t\t\tiv.preference_id = p.pref_id\r\n\t\t\t\t\t{$where}\r\n\t\t\t\tORDER BY \r\n\t\t\t\t\t{$sort} {$dir} \r\n\t\t\t\t{$limit}\r\n\t\t\t\t\t"; $result = dbQuery($sql, ':domain_id', $auth_session->domain_id) or die(end($dbh->errorInfo())); } return $result; }
function smarty_function_do_tr($params, &$smarty) { if ($params['number'] == 2) { $new_tr = "</tr><tr class='" . htmlsafe($params['class']) . "'>"; return $new_tr; } if ($params['number'] == 4) { $new_tr = "</tr><tr class='" . htmlsafe($params['class']) . "'>"; return $new_tr; } }
public static function select($id) { global $dbh; global $auth_session; $sql = "SELECT * FROM ".TB_PREFIX."expense_account WHERE domain_id = :domain_id and id = :id"; $sth = dbQuery($sql,':domain_id',$auth_session->domain_id, ':id', $id) or die(htmlsafe(end($dbh->errorInfo()))); return $sth->fetch(); }
public static function select($id) { global $LANG; global $db; global $auth_session; $sql = "SELECT * FROM " . TB_PREFIX . "biller WHERE domain_id = :domain_id AND id = :id"; $sth = $db->query($sql, ':domain_id', $auth_session->domain_id, ':id', $id) or die(htmlsafe(end($dbh->errorInfo()))); $biller = $sth->fetch(); $biller['wording_for_enabled'] = $biller['enabled'] == 1 ? $LANG['enabled'] : $LANG['disabled']; return $biller; #return $sth->fetch(); }
function printInputField($id, $itemId) { $description = $this->getDescription($id); $name = $this->getFormName($id); if ($itemId != "") { //Sould be replace by customFieldId and Itemid $value = $this->getFieldValue($id, $itemId); } else { $value = ""; } echo "<tr><td>" . htmlsafe($description) . "</td><td><input name='" . htmlsafe($name) . "' value='" . htmlsafe($value) . "' type='hidden'>" . htmlsafe($value) . "</td></tr>"; }
function smarty_function_online_payment_link($params, &$smarty) { global $LANG; global $siUrl; global $config; global $siUrl; $domain_id = domain_id::get($params['domain_id']); $url = getURL(); if (in_array("paypal", explode(",", $params['type']))) { $link = "<a \n href=\"https://www.paypal.com/xclick/?business=" . urlencode($params['business']) . "&item_name=" . urlencode($params['item_name']) . "&invoice=" . urlencode($params['invoice']) . "&amount=" . urlencode(number_format($params['amount'], 2, '.', '')) . "¤cy_code=" . urlencode($params['currency_code']) . "¬ify_url=" . urlencode($params['notify_url']) . "&return=" . urlencode($params['return_url']) . "&no_shipping=1&no_note=1&custom=domain_id:" . urlencode($domain_id) . "; \">"; if ($params['include_image'] == "true") { $link .= "<img border='0' src='" . urlsafe($url) . "/images/common/pay_with_paypal.gif'/>"; } else { $link .= htmlsafe($params['link_wording']); } $link .= "</a>"; echo $link; } if (in_array("eway_shared", explode(",", $params['type']))) { $link = "<a \n href=\"https://www.paypal.com/xclick/?business=" . urlencode($params['business'] . "\n &item_name=" . urlencode($params['item_name']) . "&invoice=" . urlencode($params['invoice']) . "\n &amount=" . urlencode(number_format($params['amount'], 2, '.', '')) . "¤cy_code=" . $params['currency_code']) . "\n &return=http://vcsweb.com.au&no_shipping=1&no_note=1\">"; if ($params['include_image'] == "true") { $link .= "<img border='0' src='" . urlsafe($url) . "/images/common/pay_with_eway.gif'/>"; } else { $link .= htmlsafe($params['link_wording']); } $link .= "</a>"; echo $link; } if (in_array("paymentsgateway", explode(",", $params['type']))) { // $today = date('Y-m-d',$x); /* $datetime1 = new DateTime('0001-01-01'); $datetime2 = new DateTime('now', new DateTimeZone('UTC')); $interval = $datetime1->diff($datetime2); //$interval->format('%a %h %i %s ') ; $seconds = ( $interval->format('%a') * 24 * 60 * 60) + ( $interval->format('%h') * 60 * 60 )+ ($interval->format('%i') * 60) + ( $interval->format('%s') ) ; */ //$time = time() + 62135596800; //$seconds = $time . '0000000'; //get biller secure trans key here // $hash_info = $params['api_id'] ."|1|1.0|". number_format($params['amount'], 2, '.', '') ."|". $seconds. "|". $params['invoice'] ; //$hash = hash_hmac('md5', $hash_info, $params['transaction_password']) ; $link = "<a \n href='https://swp.paymentsgateway.net/co/default.aspx?pg_api_login_id=" . urlencode($params['api_id']) . "&pg_billto_postal_name_company=" . urlencode($params['customer']['name']) . "&pg_version_number=1.0&pg_total_amount=" . urlencode(number_format($params['amount'], 2, '.', '')) . "&pg_transaction_order_number=" . urlencode($params['invoice']) . "&pg_billto_postal_name_first=" . urlencode($params['customer']['attention']) . "&pg_billto_postal_name_last=-&pg_billto_postal_street_line1=" . urlencode($params['customer']['street_address']) . "&pg_billto_postal_street_line2=" . urlencode($params['customer']['street_address2']) . "&pg_billto_postal_city=" . urlencode($params['customer']['city']) . "&pg_billto_postal_stateprov=" . urlencode($params['customer']['state']) . "&pg_billto_postal_postalcode=" . urlencode($params['customer']['zip_code']) . "&pg_billto_telecom_phone_number=" . urlencode($params['customer']['phone']) . "&pg_billto_online_email=" . $params['customer']['email'] . "&pg_consumerorderid=" . $params['invoice'] . "&pg_return_url=" . $siUrl . "/api-ach&pg_save_client=2'>"; if ($params['include_image'] == "true") { $link .= "<img border='0' src='" . urlsafe($url) . "/images/common/pay_with_ach.gif'/>"; } else { $link .= htmlsafe($params['link_wording']); } $link .= "</a>"; echo $link; } }
function getExtensions() { global $LANG; global $dbh; global $auth_session; $sql = "SELECT * FROM si_extensions WHERE domain_id = 0 OR domain_id = :domain_id ORDER BY name"; $sth = dbQuery($sql, ':domain_id', $auth_session->domain_id) or die(htmlsafe(end($dbh->errorInfo()))); $exts = null; for ($i = 0; $ext = $sth->fetch(); $i++) { $exts[$i] = $ext; } return $exts; }
function smarty_function_markup_percentage($params, &$smarty) { $subtotal_tax = 0; $subtotal_total = 0; foreach ($params['cost'] as $key => $value) { if ($value['product']['custom_field1'] == $params['group']) { $subtotal_tax = $value['tax_amount'] + $subtotal_tax; $subtotal_total = $value['gross_total'] + $subtotal_total; } } $subtotal = round($subtotal_tax / $subtotal_total * 100, 0); //$subtotal = siLocal::number($subtotal); return htmlsafe($subtotal); }
function getSubCustomer($parent_customer_id = '') { global $dbh; global $db_server; global $auth_session; $sql = "SELECT * FROM " . TB_PREFIX . "customers WHERE parent_customer_id = :parent_customer_id and domain_id = :domain_id ;"; $sth = dbQuery($sql, ':domain_id', $auth_session->domain_id, ':parent_customer_id', $parent_customer_id) or die(htmlsafe(end($dbh->errorInfo()))); $code = $sth->fetchAll(); $code_description[] = ''; $output .= "<option value=''></option>"; foreach ($code as $key => $value) { $output .= "<option value='" . $value['id'] . "'>" . $value['name'] . "</option>"; } echo json_encode($output); exit; }
public static function xml($array, $level = 1) { $xml = ''; if ($level == 1) { $xml .= '<?xml version="1.0" encoding="ISO-8859-1"?>' . "\n<array>\n"; } foreach ($array as $key => $value) { $key = strtolower($key); if (is_array($value)) { $multi_tags = false; foreach ($value as $key2 => $value2) { if (is_array($value2)) { $xml .= str_repeat("\t", $level) . "<{$key}>\n"; $xml .= array_to_xml($value2, $level + 1); $xml .= str_repeat("\t", $level) . "</{$key}>\n"; $multi_tags = true; } else { if (trim($value2) != '') { if (htmlsafe($value2) != $value2) { $xml .= str_repeat("\t", $level) . "<{$key}><![CDATA[{$value2}]]>" . "</{$key}>\n"; } else { $xml .= str_repeat("\t", $level) . "<{$key}>{$value2}</{$key}>\n"; } } $multi_tags = true; } } if (!$multi_tags and count($value) > 0) { $xml .= str_repeat("\t", $level) . "<{$key}>\n"; $xml .= array_to_xml($value, $level + 1); $xml .= str_repeat("\t", $level) . "</{$key}>\n"; } } else { if (trim($value) != '') { if (htmlsafe($value) != $value) { $xml .= str_repeat("\t", $level) . "<{$key}>" . "<![CDATA[{$value}]]></{$key}>\n"; } else { $xml .= str_repeat("\t", $level) . "<{$key}>{$value}</{$key}>\n"; } } } } if ($level == 1) { $xml .= "</array>\n"; } return $xml; }
function sql($type = '', $dir, $sort, $rp, $page) { global $config; global $LANG; global $auth_session; //SC: Safety checking values that will be directly subbed in if (intval($start) != $start) { $start = 0; } $start = ($page - 1) * $limit; if (intval($limit) != $limit) { $limit = 25; } /*SQL Limit - start*/ $start = ($page - 1) * $rp; $limit = "LIMIT {$start}, {$rp}"; if ($type == "count") { unset($limit); } /*SQL Limit - end*/ if (!preg_match('/^(asc|desc)$/iD', $dir)) { $dir = 'DESC'; } $req = array_merge($_GET, $_POST); $query = $_REQUEST['query']; $qtype = $_REQUEST['qtype']; $where = ""; if ($query != "") { $where = " AND {$qtype} LIKE '%{$query}%' "; } /*Check that the sort field is OK*/ $validFields = array('id', 'status', 'amount', 'expense_account_id', 'biller_id', 'customer_id', 'invoice_id', 'date', 'amount', 'note'); if (in_array($sort, $validFields)) { $sort = $sort; } else { $sort = "id"; } #coalesce(sum(et.tax_amount),0) as ettax #LEFT OUTER JOIN ".TB_PREFIX."expense_item_tax et # ON (et.expense_id = e.id) $sql = "SELECT\n e.id as EID,\n e.status as status,\n e.*,\n i.id as invoice,\n b.name as biller,\n ea.name as expense_account,\n c.name as customer,\n p.description as product,\n (select sum(tax_amount) from si_expense_item_tax where expense_id = EID) as tax,\n (select tax + e.amount) as total,\n (CASE WHEN status = 1 THEN '" . $LANG['paid'] . "'\n WHEN status = 0 THEN '" . $LANG['not_paid'] . "'\n END) AS status_wording\n\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "expense e\n LEFT OUTER JOIN " . TB_PREFIX . "expense_account ea \n ON (e.expense_account_id = ea.id)\n LEFT OUTER JOIN " . TB_PREFIX . "biller b \n ON (e.biller_id = b.id)\n LEFT OUTER JOIN " . TB_PREFIX . "customers c \n ON (e.customer_id = c.id)\n LEFT OUTER JOIN " . TB_PREFIX . "products p \n ON (e.product_id = p.id)\n LEFT OUTER JOIN " . TB_PREFIX . "invoices i \n ON (e.invoice_id = i.id)\n\t\t\t\tWHERE\n e.domain_id = :domain_id\n\t\t\t\t\t{$where}\n\t\t\t\tORDER BY \n\t\t\t\t\t{$sort} {$dir} \n\t\t\t\t{$limit}"; $result = dbQuery($sql, ':domain_id', $auth_session->domain_id) or die(htmlsafe(end($dbh->errorInfo()))); return $result; }
function smarty_function_merge_address($params, &$smarty) { global $LANG; $skip_section = false; $ma = ''; // If any among city, state or zip is present with no street at all if (($params['field1'] != null OR $params['field2'] != null OR $params['field3'] != null) AND ($params['street1'] ==null AND $params['street2'] ==null)) { $ma .= " <tr> <td class='".htmlsafe($params['class1'])."'>$LANG[address]:</td> <td class='".htmlsafe($params['class2'])."' colspan='".htmlsafe($params['colspan'])."'>"; $skip_section = true; } // If any among city, state or zip is present with atleast one street value if (($params['field1'] != null OR $params['field2'] != null OR $params['field3'] != null) AND ( ! $skip_section )) { $ma .= " <tr> <td class='".htmlsafe($params['class1'])."'></td> <td class='".htmlsafe($params['class2'])."' colspan='".htmlsafe($params['colspan'])."'>"; } if ($params['field1'] != null) { $ma .= htmlsafe($params['field1']); } if ($params['field1'] != null AND $params['field2'] != null ) { $ma .= ", "; } if ($params['field2'] != null) { $ma .= htmlsafe($params['field2']); } if (($params['field1'] != null OR $params['field2'] != null) AND ($params['field3'] != null)) { $ma .= ", "; } if ($params['field3'] != null) { $ma .= htmlsafe($params['field3']); } $ma .= "</td> </tr>"; echo $ma; }