// Ordering $columns = $db->getCustomerColumnsToBeShownInCustomerList($customer_type); $sorting = array(); if (isset($_GET[CRM_CUSTOMER_DATATABLE_SORT_COLUMN . "0"])) { for ($i = 0; $i < intval($_GET[CRM_CUSTOMER_DATATABLE_SORT_COLUMNS]); $i++) { if ($_GET[CRM_CUSTOMER_DATATABLE_IS_SORTABLE . intval($_GET[CRM_CUSTOMER_DATATABLE_SORT_COLUMN . $i])] == "true") { $columnToSort = $columns[intval($_GET[CRM_CUSTOMER_DATATABLE_SORT_COLUMN . $i])]; $sortType = $_GET[CRM_CUSTOMER_DATATABLE_SORT_DIRECTION . $i] === 'asc' ? 'asc' : 'Desc'; $sorting[$columnToSort] = $sortType; } } } // filtering $filtering = array(); if (isset($_GET[CRM_CUSTOMER_DATATABLE_SEARCH]) && $_GET[CRM_CUSTOMER_DATATABLE_SEARCH] != "") { $wordToSearch = $db->escape_string($_GET[CRM_CUSTOMER_DATATABLE_SEARCH]); for ($i = 0; $i < count($columns); $i++) { if (isset($_GET[CRM_CUSTOMER_DATATABLE_SEARCHABLE . $i]) && $_GET[CRM_CUSTOMER_DATATABLE_SEARCHABLE . $i] == "true") { $columnToSearch = $columns[$i]; $filtering[$columnToSearch] = $wordToSearch; } } } // get data $result = $db->getAllCustomersOfType($customer_type, $numRows, $sorting, $filtering); if (!isset($result)) { fatal_error("Error retrieving data from the database."); } // data set length after filtering: $filteredRows = $db->unlimitedRowCount(); // total data set length
} } } else { $reason = $lh->translationFor("image_file_is_not_image"); $validated = 0; } } if ($validated == 1) { $db = new \creamy\DbHandler(); // collect new user data. $modifyid = $_POST["modifyid"]; $name = NULL; if (isset($_POST["name"])) { $name = $_POST["name"]; $name = stripslashes($name); $name = $db->escape_string($name); } $phone = NULL; if (isset($_POST["phone"])) { $phone = $_POST["phone"]; $phone = stripslashes($phone); $phone = $db->escape_string($phone); } $avatar = NULL; if (!empty($avatarOrigin)) { $imageHandler = new \creamy\ImageHandler(); $avatar = $imageHandler->generateAvatarFileAndReturnURL($avatarOrigin, $imageFileType); if (empty($avatar)) { $lh->translateText("unable_generate_user_image"); return; }
$validated = 1; if (!isset($_POST["name"])) { $validated = 0; } if (!isset($_POST["customer_type"])) { $validated = 0; } if (!isset($_POST["customerid"])) { $validated = 0; } if ($validated == 1) { $db = new \creamy\DbHandler(); // get name (mandatory), customer id and customer type $name = $_POST["name"]; $name = stripslashes($name); $name = $db->escape_string($name); $customerid = $_POST["customerid"]; $customerid = stripslashes($customerid); $customerid = $db->escape_string($customerid); $customerType = $_POST["customer_type"]; $customerType = stripslashes($customerType); $customerType = $db->escape_string($customerType); $createdByUser = $user->getUserId(); // email $email = NULL; if (isset($_POST["email"])) { $email = $_POST["email"]; $email = stripslashes($email); $email = $db->escape_string($email); } // phone
// Starting Session $lh = \creamy\LanguageHandler::getInstance(); $error = ''; // Variable To Store Error Message if (isset($_POST['submit'])) { if (empty($_POST['username']) || empty($_POST['password'])) { $error = $lh->translationFor("insert_valid_login_password"); } else { $db = new \creamy\DbHandler(); // Define $username and $password $username = $_POST['username']; $password = $_POST['password']; // To protect MySQL injection for Security purpose $username = stripslashes($username); $password = stripslashes($password); $username = $db->escape_string($username); $password = $db->escape_string($password); // Check password and redirect accordingly $result = null; if (filter_var($username, FILTER_VALIDATE_EMAIL)) { // valid email address $result = $db->checkLoginByEmail($username, $password); } else { // not an email. User name? $result = $db->checkLoginByName($username, $password); } if ($result == NULL) { // login failed $error = $lh->translationFor("invalid_login_password"); } else { $_SESSION["userid"] = $result["id"];
$validated = 0; } else { $avatarOrigin = $_FILES["avatar"]["tmp_name"]; } } } else { $reason = $lh->translationFor("image_file_is_not_image"); $validated = 0; } } if ($validated == 1) { $db = new \creamy\DbHandler(); // check password $name = $_POST["name"]; $name = stripslashes($name); $name = $db->escape_string($name); $password1 = $_POST["password1"]; $password2 = $_POST["password2"]; if ($password1 !== $password2) { $lh->translateText("passwords_dont_match"); exit; } $email = NULL; if (isset($_POST["email"])) { $email = $_POST["email"]; $email = stripslashes($email); $email = $db->escape_string($email); } $phone = NULL; if (isset($_POST["phone"])) { $phone = $_POST["phone"];
$lh = \creamy\LanguageHandler::getInstance(); // check required fields $validated = 1; if (!isset($_POST["taskDescription"])) { $validated = 0; } if (!isset($_POST["userid"]) && !isset($_POST["touserid"])) { $validated = 0; } if ($validated == 1) { $db = new \creamy\DbHandler(); // check password $userid = isset($_POST["touserid"]) ? $_POST["touserid"] : $_POST["userid"]; $taskDescription = $_POST["taskDescription"]; $taskDescription = stripslashes($taskDescription); $taskDescription = $db->escape_string($taskDescription); $taskInitialProgress = 0; $result = $db->createTask($userid, $taskDescription, $taskInitialProgress); if ($result === true) { // if the task was assigned to the user by another user, send the receiver a message. $user = \creamy\CreamyUser::currentUser(); if (isset($user)) { $myId = $user->getUserId(); if ($myId != $userid) { // I'm creating a task for another user. Mail that user. require_once 'MailHandler.php'; $mh = \creamy\MailHandler::getInstance(); $mh->sendNewTaskMailToUser($myId, $userid, $taskDescription); } } // return result