function find($search)
{
global $conn, $users;
$search = $search;
$sql = "select userid,fname,sname,loginname,pass,phone,mobile,fax,email,countrycode,admin,\n\t\tguest,reservation,booking,agents,rooms,billing,rates,lookup,reports\n\t\tFrom users where userid='{$search}'";
$results = mkr_query($sql, $conn);
$users = fetch_object($results);
}
function find($search)
{
global $conn, $agent;
$search = $search;
$sql = "Select agentname,agents_ac_no,contact_person,telephone,fax,email,billing_address,town,postal_code,road_street,building From agents where agents_ac_no='{$search}'";
$results = mkr_query($sql, $conn);
$agent = fetch_object($results);
}
function Login()
{
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$conn = mysql_connect(HOST, USER, PASS) or die("Whoops");
// Connect to the database, or if connection fails print error message.
$password = md5($password);
// encode submited password with MD5 encryption and store it back in the same variable. If not on a windows box, I suggest you use crypt()
$sql = "select * from users where loginname='{$username}'";
// query statment that gets the username/password from 'login' where the username is the same as the one you submited
$r = mysql_db_query(DB, $sql);
// Execute Query
// if no rows for that database come up, redirect.
if (!mysql_num_rows($r)) {
mysql_close($conn);
header("Location: index.php");
// This is the redirection, notice it uses $SCRIPT_NAME which is a predefined variable with the name of the script in it.
} else {
$passed = @mysql_connect(HOST, USER, PASS);
}
mysql_select_db(DB);
if (!$passed) {
//echo 'Could not connect: ' . mysql_error();
echo "<center><font color=\"#FF0000\"><b>Invalid User Name or Password</b></font></center>";
$_SESSION["logged"] = 0;
$_SESSION["userid"] = "";
} else {
//$sql="select pass('$password') as pass, fname, sname from users";
$sql = "select pass, fname, sname, loginname, userid from users where loginname='{$username}'";
$password = mkr_query($sql, $passed);
$password = mysql_fetch_array($password);
$_SESSION["employee"] = $password['fname'] . " " . $password['sname'];
$_SESSION["loginname"] = $password['loginname'];
$_SESSION["userid"] = $password['userid'];
$password = $password['pass'];
//******************************************************************
//*Not the best option but produce the required results - unencrypted password saved to a cookie
//******************************************************************
setcookie("data_login", "{$username} {$password}", time() + 60 * 30);
// Set the cookie named 'candle_login' with the value of the username (in plain text) and the password (which has been encrypted and serialized.)
$_SESSION["logged"] = 1;
// set variable $msg with an HTML statement that basically says redirect to the next page. The reason we didn't use header() is that using setcookie() and header() at the sametime isn't 100% compatible with all browsers, this is more compatible.
$msg = "<meta http-equiv=\"Refresh\" content=\"0;url=./index.php\">";
//put index.php
}
} else {
echo "<center><font color=\"#FF0000\"><b>Enter your UserName and Password to login on to the system</b></font></center>";
$_SESSION["logged"] = 0;
}
if ($msg) {
echo $msg;
}
//if $msg is set echo it, resulting in a redirect to the next page.
//}
}
function find($search)
{
global $conn, $guests;
$search = $search;
$strOffSet = !empty($_POST["strOffSet"]) ? $_POST["strOffSet"] : 0;
//check on wether search is being done on idno/ppno/guestid/guestname
$sql = "Select guests.guestid,concat_ws(' ',guests.firstname,guests.middlename,guests.lastname) as guest,guests.pp_no,\n\t\tguests.idno,guests.countrycode,guests.pobox,guests.town,guests.postal_code,guests.phone,\n\t\tguests.email,guests.mobilephone,countries.country\n\t\tFrom guests\n\t\tInner Join countries ON guests.countrycode = countries.countrycode where guests.guestid='{$search}'\n\t\tLIMIT {$strOffSet},1";
$results = mkr_query($sql, $conn);
$guests = fetch_object($results);
}
function getdata()
{
global $sql, $conn;
$results = mkr_query($sql, $conn);
/*$totRows = mysql_query("SELECT FOUND_ROWS()"); //get total number of records in the select query irrespective of the LIMIT clause
$totRows = mysql_result($totRows , 0);
$_SESSION["nRecords"]=$totRows;
$_SESSION["totPages"]=ceil($totRows/$strRows);
$_SESSION["RowsDisplayed"]=$strRows;*/
echo "<table align=\"center\">";
//get field names to create the column header
echo "<tr bgcolor=\"#009999\">\n\t\t<th>Action</th>";
while ($i < mysql_num_fields($results)) {
$meta = mysql_fetch_field($results, $i);
$field = $meta->name;
echo "<th>" . $field . "</th>";
$i++;
}
"</tr>";
//end of field header
if ((int) $results !== 0) {
//get data from selected table on the selected fields
while ($row = fetch_object($results)) {
//alternate row colour
$j++;
if ($j % 2 == 1) {
echo "<tr id=\"row{$j}\" onmouseover=\"javascript:setColor('{$j}')\" onmouseout=\"javascript:origColor('{$j}')\" bgcolor=\"#CCCCCC\">";
} else {
echo "<tr id=\"row{$j}\" onmouseover=\"javascript:setColor('{$j}')\" onmouseout=\"javascript:origColor('{$j}')\" bgcolor=\"#EEEEF8\">";
}
echo "<td><a href=\"reportqueries.php?search={$row->ID}\"><img src=\"images/button_view.png\" width=\"16\" height=\"16\" border=\"0\" title=\"view\"/></a></td>";
$i = 0;
while ($i < mysql_num_fields($results)) {
$meta = mysql_fetch_field($results, $i);
$field = $meta->name;
echo "<td>" . $row->{$field} . "</td>";
$i++;
}
//
echo "</tr>";
//end of - data rows
}
//end of while row
echo "</table>";
}
free_result($results);
}
function updatebill()
{
$billno = !empty($_POST['search']) ? $_POST['search'] : 0;
//$billno=!empty($_POST['billid']) ? $_POST['billid'] : 1;
$sql = "Select transactions.doc_date,details.item,transactions.dr,transactions.cr,transactions.doc_no,transactions.doc_type,details.itemid\n\t\tFrom transactions\n\t\tInner Join details ON transactions.details = details.itemid\n\t\tWhere transactions.billno = '{$search}'";
$results = mkr_query($sql, $conn);
echo "<table width=\"100%\" border=\"0\" cellpadding=\"1\">\n\t <tr bgcolor=\"#FF9900\">\n\t\t<th></th>\n\t\t<th>Date</th>\n\t\t<th>Details</th>\n\t\t<th>DR</th>\n\t\t<th>CR</th>\n\t\t<th>Balance</th>\n\t\t<th>Doc. No. </th>\n\t\t<th>Doc. Type</th>\n\t </tr>";
//get data from selected table on the selected fields
while ($trans = fetch_object($results)) {
$balance = $balance - $trans->cr + $trans->dr;
//alternate row colour
$j++;
if ($j % 2 == 1) {
echo "<tr id=\"row{$j}\" onmouseover=\"javascript:setColor('{$j}')\" onmouseout=\"javascript:origColor('{$j}')\" bgcolor=\"#CCCCCC\">";
} else {
echo "<tr id=\"row{$j}\" onmouseover=\"javascript:setColor('{$j}')\" onmouseout=\"javascript:origColor('{$j}')\" bgcolor=\"#EEEEF8\">";
}
echo "<td><a href=\"billings.php?search={$guest->guestid}&action=search\"><img src=\"images/button_signout.png\" width=\"16\" height=\"16\" border=\"0\" title=\"bill guest\"/></a></td>";
echo "<td>" . $trans->doc_date . "</td>";
echo "<td>" . $trans->item . "</td>";
echo "<td>" . $trans->dr . "</td>";
echo "<td>" . $trans->cr . "</td>";
echo "<td>" . $balance . "</td>";
echo "<td>" . $trans->doc_no . "</td>";
echo "<td>" . $trans->doc_type . "</td>";
//calucate running balance
echo "</tr>";
//end of - data rows
}
//end of while row
echo "<tr><td colspan=\"3\" align=\"center\"><b>TOTAL</b></td><td><b>DR Total</b></td><td><b>CR Total</b></td><td><b>Total Bal.</b></td><tr>";
echo "</table>";
}
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program;
if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA or
check for license.txt at the root folder
/*****************************************************************************
For any details please feel free to contact me at taifa@users.sourceforge.net
Or for snail mail. P. O. Box 938, Kilifi-80108, East Africa-Kenya.
/*****************************************************************************/
error_reporting(E_ALL & ~E_NOTICE);
include_once "queryfunctions.php";
include_once "functions.php";
$loginname = $_SESSION["loginname"];
$sql = "select userid,admin,guest,reservation,booking,agents,rooms,billing,rates,lookup,reports from users where loginname='{$loginname}'";
$conn = db_connect(HOST, USER, PASS, DB, PORT);
$results = mkr_query($sql, $conn);
$msg[0] = "";
$msg[1] = "";
AddSuccess($results, $conn, $msg);
$access = fetch_object($results);
//will be used to set access on pages
/*if !isset($_SESSION["access"]){
$_SESSION["access"]
}*/
if ($access->admin == 1) {
echo "<tr><td><a href=\"admin.php\">Admin</a></td></tr>";
}
if ($access->guest == 1) {
echo "<tr><td><a href=\"guests.php\">Guests</a></td></tr>";
}
if ($access->reservation == 1) {
function find($search)
{
global $conn, $bookings;
$search = $search;
$strOffSet = !empty($_POST["strOffSet"]) ? $_POST["strOffSet"] : 0;
//offset value peacked on all pages with pagination - logical error
//check on wether search is being done on idno/ppno/guestid/guestname
$sql = "Select guests.guestid,concat_ws(' ',guests.firstname,guests.middlename,guests.lastname) as guest,guests.pp_no,\n\t\tguests.idno,guests.countrycode,guests.pobox,guests.town,guests.postal_code,guests.phone,guests.email,guests.mobilephone,\n\t\tcountries.country,booking.book_id,booking.guestid,booking.booking_type,booking.meal_plan,booking.no_adults,booking.no_child,\n\t\tbooking.checkin_date,booking.checkout_date,booking.residence_id,booking.payment_mode,booking.agents_ac_no,booking.roomid,\n\t\tbooking.checkedin_by,booking.invoice_no,booking.billed,booking.checkoutby,booking.codatetime,DATEDIFF(booking.checkout_date,booking.checkin_date) as no_nights\n\t\tFrom guests\n\t\tInner Join countries ON guests.countrycode = countries.countrycode\n\t\tInner Join booking ON guests.guestid = booking.guestid\n\t\twhere booking.book_id='{$search}'";
$results = mkr_query($sql, $conn);
$bookings = fetch_object($results);
}
function findguest($search)
{
global $conn, $guests;
$search = $search;
//check on wether search is being done on idno/ppno/guestid/guestname
$sql = "Select guests.guestid,guests.lastname,guests.firstname,guests.middlename,guests.pp_no,\n\t\tguests.idno,guests.countrycode,guests.pobox,guests.town,guests.postal_code,guests.phone,\n\t\tguests.email,guests.mobilephone,countries.country\n\t\tFrom guests\n\t\tInner Join countries ON guests.countrycode = countries.countrycode where guests.guestid='{$search}'";
$results = mkr_query($sql, $conn);
$guests = fetch_object($results);
}
function find($search)
{
global $conn, $bill;
$search = $search;
//search on booking
//check on wether search is being done on idno/ppno/guestid/guestname
$sql = "Select bills.bill_id,bills.book_id,bills.date_billed,bills.billno,bills.`status`,bills.date_checked,\n\t\tconcat_ws(' ',guests.firstname,guests.middlename,guests.lastname) as guest,guests.pobox,guests.town,guests.postal_code,\n\t\tbooking.checkin_date,booking.checkout_date,booking.roomid,rooms.roomno\n\t\tFrom bills\n\t\tInner Join booking ON bills.book_id = booking.book_id\n\t\tInner Join guests ON booking.guestid = guests.guestid\n\t\tInner Join rooms ON booking.roomid = rooms.roomid where bills.bill_id='{$search}'";
//need a search on reservation - todo not (tested)
/*$sql="Select bills.bill_id,bills.book_id,bills.date_billed,bills.billno,bills.`status`,bills.date_checked,
concat_ws(' ',guests.firstname,guests.middlename,guests.lastname) as guest,guests.pobox,guests.town,guests.postal_code,
reservation.reserve_checkindate,reservation.reserve_checkoutdate,reservation.roomid,rooms.roomno
From bills
Inner Join reservation ON bills.book_id = reservation.reservation_id
Inner Join guests ON reservation.guestid = guests.guestid
Inner Join rooms ON reservation.roomid = rooms.roomid where bills.bill_id='$search'";*/
$results = mkr_query($sql, $conn);
$bill = fetch_object($results);
}
