$template_list.="<a href='templates.php?id=".$row['id']."'><div class='tempate_editor_list".($row['archived'] > 0 ? " archived" : "")."'>".$row['template_name']."</div></a>"; } //template set-up for selected template. if($_GET['id']>=0) { $namer=""; $arch=0; if($_GET['id'] > 0) { $sql = " select * from templates where id='".sql_friendly($_GET['id'])."' "; $data=simple_query($sql); while($row=mysqli_fetch_array($data)) { $namer="".$row['template_name'].""; $arch=$row['archived']; } } $template_form.=" <div class='mrr_sector_container'> <input type='hidden' name='template_id' id='template_id' value='".$_GET['id']."'> <table cellpadding='0' cellspacing='0' border='0' style='width:100%'> <tbody> <tr>
where id='".sql_friendly($row['id'])."' and username='******'username'])."' "; simple_query($sql); } else { //bad login or failure delay from bad login attempts. $sql=" update users set linedate_failed=NOW(), failed_logins=(failed_logins + 1) where username='******'username'])."' "; simple_query($sql); $error = $lang['login_error0']; $invalid_password = $_POST['pword']; $use_userid = 0; $use_location=0; unset($_COOKIE['uuid']); setcookie("uuid", 'novalue', $mrr_cookie_bake); //reset the cookie with 60 seconds unset($_COOKIE['user']); setcookie("user", '0', $mrr_cookie_bake); //reset the cookie with 60 seconds }
where id = '$row[id]' "; simple_query($sql); } if($row['tmp_filename'] == '') { $file_uuid = createuuid(); $file_ext = get_file_ext($row['attachment']); $tmp_filename = "$file_uuid.$file_ext"; $sql = " update log_email set tmp_filename = '".sql_friendly($tmp_filename)."' where id = '".sql_friendly($row['id'])."' "; simple_query($sql); } else { $tmp_filename = $row['tmp_filename']; } copy($row['attachment'], $tmp_dir.'/'.$tmp_filename); ?> This E-mail was originally sent to: <span style='color:blue'><?php echo $row['email_to']; ?> </span><br> Sent on <span style='color:red'><?php
if($_POST['date_from']!="") $filters.=" and log_email_views.linedate_viewed>='".date("Y-m-d",strtotime($_POST['date_from']))." 00:00:00'"; if($_POST['date_to']!="") $filters.=" and log_email_views.linedate_viewed<='".date("Y-m-d",strtotime($_POST['date_to']))." 23:59:59'"; $sql = " select log_email_views.*, attached_files.filename, attached_files.public_name, users.first_name, users.last_name, users.username from log_email_views left join attached_files on attached_files.id=log_email_views.file_id left join users on users.id=log_email_views.user_id where attached_files.deleted=0 and attached_files.access_level <= '".sql_friendly($_SESSION['view_access_level'])."' ".$filters." order by log_email_views.linedate_viewed desc,id desc ".(trim($_POST['report_filter_user'])!="" ? "" : "limit 100")." "; $data = simple_query($sql); while($row = mysqli_fetch_array($data)) { $result_list.=" <tr class='".($cntr%2==0 ? "even" : "odd")."'> <td valign='top' nowrap>".date("m/d/Y H:i", strtotime($row['linedate_viewed']))."</td> <td valign='top'>".($row['public_name']!="" ? $row['public_name'] : $row['filename'] )."</td> <td valign='top'>".$row['first_name']." ".$row['last_name']."</td> <td valign='top'>".$row['username']."</td> <td valign='top'>".$row['ip_address']."</td> </tr>";
function mrr_display_quick_links_edit() { $tab=""; $cur_user=$_SESSION['selected_user_id']; $cur_cust=$_SESSION['selected_merchant_id']; $cur_store=$_SESSION['selected_store_id']; if($cur_user==0) $cur_user=$_SESSION['user_id']; $merch_adder=""; if($cur_cust > 0) { $merch_adder=" and ( quick_links.merchant_id=0 or quick_links.merchant_id='".sql_friendly($cur_cust)."' or LOCATE(',".sql_friendly($cur_cust).",',merchant_id_list) >0 ) "; } $store_adder=""; if($cur_cust > 0) { $store_adder=" and ( quick_links.store_id=0 or quick_links.store_id='".sql_friendly($cur_store)."' or LOCATE(',".sql_friendly($cur_store).",',store_id_list) >0 ) "; } $tab.="<div id='cce_quick_links_editor'><div id='cce_quick_links_editor_pad' style='display:none;'>"; //new quick link form... //get_merchant_select_box($field,$pre=0,$cd=0,$prompt="",$classy="") $selbox1=get_merchant_select_box('quick_link_0_cust',$cur_cust,0,"ALL"," class='all_quick_link_input'"); //get_store_select_box($field,$pre=0,$merchant=0,$cd=0,$prompt="",$classy="") $selbox2=get_store_select_box('quick_link_0_store',$cur_store,$cur_cust,0,"ALL"," class='all_quick_link_input'"); $tab.="<div id='quick_links_0_block' class='all_quick_link_edits'>"; $tab.= "<div> <span class='mrr_quick_links_spacer' style='color:#e19918;'>NEW</span> </div>"; $tab.= "<span>Link Name</span> <input type='text' name='quick_link_0_name' id='quick_link_0_name' value=\"\" class='all_quick_link_input'>"; $tab.= "<span>Web Address</span> <input type='text' name='quick_link_0_url' id='quick_link_0_url' value=\"\" class='all_quick_link_input'><br>"; $tab.= "<span>Customer</span> ".$selbox1."<br>"; $tab.= "<span>Store</span> ".$selbox2."<br>"; $tab.= "<span> </span> <label>Make Private <input type='checkbox' name='quick_link_0_private' id='quick_link_0_private' value=\"1\"></label>"; $tab.="</div>"; $sql=" select quick_links.* from quick_links where quick_links.deleted=0 ".$merch_adder." ".$store_adder." and ( quick_links.private_link=0 or (quick_links.private_link=1 && quick_links.user_id='".sql_friendly($cur_user)."') ) order by quick_links.position_id asc, quick_links.row_num asc, quick_links.col_num asc, quick_links.link_name asc, quick_links.id asc "; $data=simple_query($sql); while($row = mysqli_fetch_array($data)) { $allow_removal=""; if($row['user_id']==$_SESSION['user_id'] || $row['access_level'] <= $_SESSION['access_level']) { $allow_removal="<i class='fa fa-trash' style='color:#e19918; font-size:14px;' title='Click to remove this merchant' onClick='edit_quick_links(".$row['id'].",3);'></i>"; } $selbox1=get_merchant_select_box('quick_link_'.$row['id'].'_cust',$cur_cust,0,"ALL"," class='all_quick_link_input' onChange='edit_quick_links(".$row['id'].",6);'"); $selbox2=get_store_select_box('quick_link_'.$row['id'].'_store',$cur_store,$cur_cust,0,"ALL"," class='all_quick_link_input' onChange='edit_quick_links(".$row['id'].",7);'"); $tab.="<div id='quick_links_".$row['id']."_block' class='all_quick_link_edits'>"; $tab.= "<div> <img src='common/images/prev_orange.png' alt='' border='0' style='cursor:pointer;height:16px' onClick='edit_quick_links(".$row['id'].",1);'> ".$row['position_id']." <img src='common/images/next_orange.png' alt='' border='0' style='cursor:pointer;;height:16px' onClick='edit_quick_links(".$row['id'].",2);'> <span class='mrr_quick_links_spacer'>".$allow_removal."</span> </div>"; $tab.= "<span>Link Name</span> <input type='text' name='quick_link_".$row['id']."_name' id='quick_link_".$row['id']."_name' value=\"".$row['link_name']."\" class='all_quick_link_input' onBlur='edit_quick_links(".$row['id'].",4);'>"; $tab.= "<span>Web Address</span> <input type='text' name='quick_link_".$row['id']."_url' id='quick_link_".$row['id']."_url' value=\"".$row['link_url']."\" class='all_quick_link_input' onBlur='edit_quick_links(".$row['id'].",5);'><br>"; $tab.= "<span>Customer</span> ".$selbox1."<br>"; //".$row['merchant_id'].": ".$row['merchant_id_list']." $tab.= "<span>Store</span> ".$selbox2."<br>"; //".$row['store_id'].": ".$row['store_id_list']." $tab.= "<span> </span> <label>Make Private <input type='checkbox' name='quick_link_".$row['id']."_private' id='quick_link_".$row['id']."_private' value=\"1\"".($row['private_link'] > 0 ? " checked" : "")." onClick='edit_quick_links(".$row['id'].",8);'></label>"; $tab.="</div>"; //<input type='text' name='quick_link_".$row['id']."_cust' id='quick_link_".$row['id']."_cust' value=\"".$row['merchant_id'].": ".$row['merchant_id_list']."\"> //<input type='text' name='quick_link_".$row['id']."_store' id='quick_link_".$row['id']."_store' value=\"".$row['store_id'].": ".$row['store_id_list']."\"> } $tab.="</div></div>"; return $tab; }
$view_user_access=0; if(isset($_SESSION['access_level'])) $user_access=$_SESSION['access_level']; if(isset($_SESSION['view_access_level'])) $view_user_access=$_SESSION['view_access_level']; if(isset($_GET['id'])) $_POST['id']=$_GET['id']; if(isset($_POST['id'])) $_GET['id']=$_POST['id']; if(!isset($_GET['id'])) $_GET['id']=0; if(!isset($_POST['id'])) $_POST['id']=0; $message=""; $sql = " select * from users where id = '".sql_friendly($_SESSION['user_id'])."' "; $data_columns = simple_query($sql); ?> <? //echo "<br>U".$_SESSION['selected_user_id']."M".$_SESSION['selected_merchant_id']."S".$_SESSION['selected_store_id']." ... U".$_SESSION['user_id']."M".$_SESSION['merchant_id']."S".$_SESSION['store_id']."<br>"; ?> <div class="column move_box_left"> <div class="portlet left_col sort_tbl" id='portlet_SearchBox'> <div class="Table_sort_main"> <div class="search_box"> <div class="input-group"> <input type="text" class="form-control" name='search_cust' id='search_cust' value="<?php echo $_POST['search_cust']; ?> " placeholder="Search...">
function remove_logo_list() { if($_POST['cust_id'] > 0) { $sql = " update attached_files set deleted='1' where xref_id='".sql_friendly($_SESSION['selected_merchant_id'])."' and section_id='".SECTION_LOGO_CUST."' "; simple_query($sql); } elseif($_POST['store_id'] > 0) { $sql = " update attached_files set deleted='1' where xref_id='".sql_friendly($_SESSION['selected_store_id'])."' and section_id='".SECTION_LOGO_STORE."' "; simple_query($sql); } elseif($_POST['user_id'] > 0) { $sql = " update attached_files set deleted='1' where xref_id='".sql_friendly($_SESSION['selected_user_id'])."' and section_id='".SECTION_AVATAR."' "; simple_query($sql); } display_xml_response("<rslt>1</rslt>"); }
$use_store_id = 0; if ($_SESSION['store_id'] == 0 && $_SESSION['selected_store_id'] > 0) { $use_store_id = $_SESSION['selected_store_id']; } elseif ($_SESSION['store_id'] > 0) { $use_store_id = $_SESSION['store_id']; } if (move_uploaded_file($_FILES['upl_' . $upcounter]['tmp_name'], $move_destination)) { if ((substr_count($finfo['extension'], "pdf") > 0 || substr_count($finfo['extension'], "PDF") > 0) && $public == 1) { $move_destination_png = $move_destination; $move_destination_png = str_replace(".pdf", ".png", $move_destination_png); $move_destination_png = str_replace(".PDF", ".png", $move_destination_png); $imagick = new Imagick(); $imagick->setResolution(300, 300); $imagick->readImage($move_destination); $imagick->setImageFormat("png"); $imagick->writeImage($move_destination_png); $new_filename = $move_destination_png; } $sql = "\n\t\t\tinsert into attached_files\n\t\t\t\t(xref_id,\n\t\t\t\tfilename,\n\t\t\t\tfilesize,\n\t\t\t\tlinedate_added,\n\t\t\t\tsection_id,\n\t\t\t\taccess_level,\n\t\t\t\tdeleted,\n\t\t\t\tuser_id,\n\t\t\t\tmerchant_id,\n\t\t\t\tstore_id,\n\t\t\t\tpublic_name,\n\t\t\t\tpublic_flag)\n\t\t\t\t\n\t\t\tvalues ('" . sql_friendly($_SESSION['upload_params'][$upcounter]['xref_id']) . "',\n\t\t\t\t'" . sql_friendly($new_filename) . "',\n\t\t\t\t0,\n\t\t\t\tnow(),\n\t\t\t\t'" . sql_friendly($_SESSION['upload_params'][$upcounter]['section_id']) . "',\n\t\t\t\t'" . sql_friendly($_SESSION['access_level']) . "',\n\t\t\t\t0,\n\t\t\t\t'" . sql_friendly($_SESSION['user_id']) . "',\n\t\t\t\t'" . sql_friendly($use_merchant_id) . "',\n\t\t\t\t'" . sql_friendly($use_store_id) . "',\n\t\t\t\t'" . sql_friendly(get_filename_without_unique($new_filename)) . "',\n\t\t\t\t'" . sql_friendly($public) . "')\n\t\t"; simple_query($sql); $rslt['status_code'] = 1; $rslt['msg'] = 'success!'; $rslt['filename_new'] = $new_filename; $rslt['filename_original'] = $_FILES['upl_' . $upcounter]['name']; $rslt['extra_params'] = $_SESSION['upload_params'][$upcounter]['extra_params']; return_result($rslt); } } $rslt['status_code'] = 0; $rslt['msg'] = 'No files found.'; return_result($rslt);
$cntr=0; if($_POST['report_filter_user']!="") $filters.=" and (users.username like '%".sql_friendly($_POST['report_filter_user'])."%' or CONCAT(users.first_name, ' ', users.last_name) like '%".sql_friendly($_POST['report_filter_user'])."%')"; if($_POST['date_from']!="") $filters.=" and log_login.linedate_added>='".date("Y-m-d",strtotime($_POST['date_from']))." 00:00:00'"; if($_POST['date_to']!="") $filters.=" and log_login.linedate_added<='".date("Y-m-d",strtotime($_POST['date_to']))." 23:59:59'"; $sql = " select log_login.*, users.first_name, users.last_name, users.username from log_login left join users on users.id=log_login.user_id where users.access_level <= '".sql_friendly($_SESSION['view_access_level'])."' ".$filters." order by linedate_added desc,id desc limit 100 "; $data = simple_query($sql); while($row = mysqli_fetch_array($data)) { $result_list.=" <tr class='".($cntr%2==0 ? "even" : "odd")."'> <td valign='top' nowrap>".date("m/d/Y H:i", strtotime($row['linedate_added']))."</td> <td valign='top'>".(trim($row['invalid_password'])!="" ? "<span class='alert'>Failed Login</span>" : "")."</td> <td valign='top'>".$row['first_name']."</td> <td valign='top'>".$row['last_name']."</td> <td valign='top'>".$row['username']."</td> <td valign='top'>".$row['ip_address']."</td>
echo "<hr>"; $temp_id=0; $mrr_adder=" and template_id=1"; //default to master template //find merchant template first...acts as a default. if($_SESSION['merchant_id'] > 0) { $temp_id=mrr_get_merchant_template_id($_SESSION['merchant_id']); if($temp_id > 0) $mrr_adder=" and template_id='".sql_friendly($temp_id)."'"; } //find store template next...override merchant if set. if($_SESSION['store_id'] > 0) { $temp_id=mrr_get_merchant_template_id($_SESSION['store_id']); if($temp_id > 0) $mrr_adder=" and template_id='".sql_friendly($temp_id)."'"; } $sql = " select * from template_items where deleted=0 ".$mrr_adder." and sub_group_id = 0 order by zorder asc,item_label asc "; $data=simple_query($sql); while($row=mysqli_fetch_array($data)) { $namer="".$row['item_label'].""; $namer2=str_replace(" ","_",$namer);
order by linedate_reminder2 asc "; //and linedate_reminder2>='".date("Y-m-d",time())." 00:00:00' $data=simple_query($sql); while($row = mysqli_fetch_array($data)) { $date=date("M j, Y",strtotime($row['linedate'])); $sub=trim($row['date_description']); $remind=date("M j, Y",strtotime($row['linedate_reminder2'])); $email=trim($row['email_reminder2']); $message=trim($row['msg_reminder2']); //$email="*****@*****.**"; $sqlu="update important_dates set sent_reminder2=1 where id='".sql_friendly($row['id'])."'"; simple_query($sqlu); $found_requests.="<br>To: ".$email.". Date: ".$date.". Topic: ".$sub.". Reminder Date: ".$remind.". Msg: ".$message."."; sendMail($From,$FromName,$email,$email,$sub,strip_tags($message),"<b>".$sub."</b><br><br>".$message,'', '','') ; } echo '<br><b>Email Reminders Sent:</b> <br>'.$found_requests.'.<br>'; //Remove older Temp Files.... echo '<br><b>Purging /TEMP/ Files</b><br>'; $path = "".$defaultsarray['base_path']."public_html/temp/"; if($handle = opendir($path)) { while(false !== ($file = readdir($handle)))
?> '></td></tr> </tbody> </table> </td> <? if($_SESSION['selected_merchant_id'] > 0 && trim($namer) != "Compliance Officer") { echo "<td valign='top' class='pos_rel co_photo mrr_cust_info'>CO CERTIFICATE<br>"; $xref_id=0; $sql=" select co_user_id from merchants where id='".sql_friendly($_SESSION['selected_merchant_id'])."' "; $data=simple_query($sql); if($row=mysqli_fetch_array($data)) $xref_id=$row['co_user_id']; if($xref_id > 0 && $_SESSION['access_level']>=60) { $co_tab=create_uploader_section('cert_image_holder',"",SECTION_CERTIFICATES,$xref_id,'show_user_cert2', 'Upload Certificate'); echo $co_tab; } echo "</td>"; } elseif(trim($namer) == "Compliance Officer") { echo "<td valign='top' class='pos_rel co_photo mrr_cust_info'> </td>"; }
if (!file_exists($new_folder)) { mkdir($new_folder); } $file_ext = get_file_ext($_FILES['Filedata']['name']); $new_filename = get_unique_filename($new_folder, $_FILES['Filedata']['name']); $curdate = 0; if (move_uploaded_file($_FILES['Filedata']['tmp_name'], $new_folder . $new_filename)) { $curdate = mrr_pull_image_created_date($new_folder . $new_filename); $rslt = 1; } else { $rslt = 0; } $user_id = 0; $store_id = 0; $merchant_id = 0; if (isset($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; } if (isset($_SESSION['store_id'])) { $store_id = $_SESSION['store_id']; } if (isset($_SESSION['merchant_id'])) { $merchant_id = $_SESSION['merchant_id']; } //log that file was uploaded... $sql = "\r\n\t\tinsert into attached_files\r\n\t\t\t(linedate_added,\r\n\t\t\tlinedate_created,\r\n\t\t\tfilename,\r\n\t\t\tfilesize,\r\n\t\t\tsection_id,\r\n\t\t\txref_id,\r\n\t\t\tdeleted,\r\n\t\t\taccess_level,\r\n\t\t\tuuid,\r\n\t\t\tmerchant_id,\r\n\t\t\tstore_id,\r\n\t\t\tuser_id)\r\n\t\t\t\r\n\t\tvalues (now(),\r\n\t\t\t'" . sql_friendly($curdate) . "',\r\n\t\t\t'" . sql_friendly($new_filename) . "',\r\n\t\t\t'" . sql_friendly($_FILES['Filedata']['size']) . "',\r\n\t\t\t'" . sql_friendly($_POST['section_id']) . "',\r\n\t\t\t'" . sql_friendly($_POST['xref_id']) . "',\r\n\t\t\t0,\r\n\t\t\t'" . sql_friendly($def_access) . "',\r\n\t\t\t'" . createuuid() . "',\r\n\t\t\t'" . sql_friendly($merchant_id) . "',\r\n\t\t\t'" . sql_friendly($store_id) . "',\r\n\t\t\t'" . sql_friendly($user_id) . "')\r\n\t"; simple_query($sql); //$iid=mysql_insert_id(); } ?> 1