function EmailSuppliers()
{
$EmailText = _('This email has been automatically generated by KwaMoja') . "\n";
$EmailText .= _('You are invited to Tender for the following products to be delivered to') . ' ' . $_SESSION['CompanyRecord']['coyname'] . "\n";
$EmailText .= _('Tender number') . ': ' . $this->TenderId . "\n";
$EmailText .= _(' Quantity ') . ' ' . _(' Unit ') . ' ' . _(' Item Description') . "\n";
foreach ($this->LineItems as $LineItem) {
$EmailText .= $LineItem->Quantity . ' ' . $LineItem->Units . ' ' . $LineItem->ItemDescription . "\n";
}
$Subject = _('Tender received from') . ' ' . $_SESSION['CompanyRecord']['coyname'];
$Headers = 'From: ' . $_SESSION['PurchasingManagerEmail'] . "\r\n" . 'Reply-To: ' . $_SESSION['PurchasingManagerEmail'] . "\r\n" . 'X-Mailer: PHP/' . phpversion();
if ($_SESSION['SmtpSetting'] == 1) {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setText($EmailText);
$mail->setSubject($Subject);
$mail->setFrom($_SESSION['PurchasingManagerEmail']);
$mail->setHeader('Reply-To', $_SESSION['PurchasingManagerEmail']);
$mail->setCc($_SESSION['PurchasingManagerEmail']);
//Set this as a copy for filing purpose
}
foreach ($this->Suppliers as $Supplier) {
$result = mail($Supplier->EmailAddress, $Subject, $EmailText, $Headers);
if ($_SESSION['SmtpSetting'] == 0) {
$result = mail($Supplier->EmailAddress, $Subject, $EmailText, $Headers);
} else {
$result = SendmailBySmtp($mail, array($Supplier->EmailAddress, $_SESSION['PurchasingManagerEmail']));
}
}
}
$Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true);
}
$Result = DB_Txn_Commit($db);
$ConfirmationText = _('An internal stock request for') . ' ' . $StockID . ' ' . _('has been fulfilled from location') . ' ' . $Location . ' ' . _('for a quantity of') . ' ' . locale_number_format($Quantity, $DecimalPlaces);
prnMsg($ConfirmationText, 'success');
if ($_SESSION['InventoryManagerEmail'] != '') {
$ConfirmationText = $ConfirmationText . ' ' . _('by user') . ' ' . $_SESSION['UserID'] . ' ' . _('at') . ' ' . Date('Y-m-d H:i:s');
$EmailSubject = _('Internal Stock Request Fulfillment for') . ' ' . $StockID;
if ($_SESSION['SmtpSetting'] == 0) {
mail($_SESSION['InventoryManagerEmail'], $EmailSubject, $ConfirmationText);
} else {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setSubject($EmailSubject);
$mail->setText($ConfirmationText);
$result = SendmailBySmtp($mail, array($_SESSION['InventoryManagerEmail']));
}
}
} else {
$ConfirmationText = _('An internal stock request for') . ' ' . $StockID . ' ' . _('has been fulfilled from location') . ' ' . $Location . ' ' . _('for a quantity of') . ' ' . locale_number_format($Quantity, $DecimalPlaces) . ' ' . _('cannot be created as there is insufficient stock and your system is configured to not allow negative stocks');
prnMsg($ConfirmationText, 'warn');
}
// Check if request can be closed and close if done.
if (isset($RequestID)) {
$SQL = "SELECT dispatchid\n\t\t\t\t\t\tFROM stockrequestitems\n\t\t\t\t\t\tWHERE dispatchid='" . $RequestID . "'\n\t\t\t\t\t\t\tAND completed=0";
$Result = DB_query($SQL, $db);
if (DB_num_rows($Result) == 0) {
$SQL = "UPDATE stockrequest\n\t\t\t\t\t\tSET closed=1\n\t\t\t\t\tWHERE dispatchid='" . $RequestID . "'";
$Result = DB_query($SQL, $db);
}
}
$DbgMsg = _('The following SQL to insert the request header record was used');
$Result = DB_query($LineSQL, $ErrMsg, $DbgMsg, true);
}
$EmailSQL = "SELECT email\n\t\t\t\t\tFROM www_users, departments\n\t\t\t\t\tWHERE departments.authoriser = www_users.userid\n\t\t\t\t\t\tAND departments.departmentid = '" . $_SESSION['Request']->Department . "'";
$EmailResult = DB_query($EmailSQL);
if ($myEmail = DB_fetch_array($EmailResult)) {
$ConfirmationText = _('An internal stock request has been created and is waiting for your authoritation');
$EmailSubject = _('Internal Stock Request needs your authoritation');
if ($_SESSION['SmtpSetting'] == 0) {
mail($myEmail['email'], $EmailSubject, $ConfirmationText);
} else {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setSubject($EmailSubject);
$mail->setText($ConfirmationText);
$result = SendmailBySmtp($mail, array($myEmail['email']));
}
}
}
DB_Txn_Commit();
prnMsg(_('The internal stock request has been entered and now needs to be authorised'), 'success');
echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?New=Yes">' . _('Create another request') . '</a></div>';
include 'includes/footer.inc';
unset($_SESSION['Request']);
exit;
}
echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/supplier.png" title="' . _('Dispatch') . '" alt="" />' . ' ' . $Title . '</p>';
if (isset($_GET['Edit'])) {
echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
echo '<div>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
$MailText .= $myrow['description'] . "\t" . _('Quantity') . ' ' . $myrow['quantity'] . "\t" . _('Price') . ' ' . locale_number_format($myrow['price']) . "\n";
$sql = "DELETE FROM offers WHERE offerid='" . $RejectID . "'";
$result = DB_query($sql);
}
$mail = new htmlMimeMail();
$mail->setSubject(_('Your offer to') . ' ' . $_SESSION['CompanyRecord']['coyname'] . ' ' . _('has been rejected'));
$mail->setText($MailText);
$mail->setFrom($_SESSION['CompanyRecord']['coyname'] . ' <' . $_SESSION['CompanyRecord']['email'] . '>');
$Recipients = GetMailList('OffersReceivedResultRecipients');
if (sizeOf($Recipients) == 0) {
prnMsg(_('There are no members of the Offers Received Result Recipients email group'), 'warn');
include 'includes/footer.inc';
exit;
}
array_push($Recipients, $Email);
if ($_SESSION['SmtpSetting'] == 0) {
$mail->setFrom($_SESSION['CompanyRecord']['coyname'] . ' <' . $_SESSION['CompanyRecord']['email'] . '>');
$result = $mail->send($Recipients);
} else {
$result = SendmailBySmtp($mail, $Recipients);
}
if ($result) {
prnMsg(_('The rejected offers from') . ' ' . $SupplierName . ' ' . _('have been removed from the system and an email sent to') . ' ' . $Email, 'success');
} else {
prnMsg(_('The rejected offers from') . ' ' . $SupplierName . ' ' . _('have been removed from the system and but no email was not sent to') . ' ' . $Email, 'warn');
}
}
prnMsg(_('All offers have been processed, and emails sent where appropriate'), 'success');
}
}
include 'includes/footer.inc';
//email the invoice to address supplied
include 'includes/htmlMimeMail.php';
$FromTransNo--;
//reverse the increment to retain the correct transaction number
$FileName = $_SESSION['reports_dir'] . '/' . $_SESSION['DatabaseName'] . '_' . $InvOrCredit . '_' . $_GET['FromTransNo'] . '.pdf';
$pdf->Output($FileName, 'F');
$mail = new htmlMimeMail();
$Attachment = $mail->getFile($FileName);
$mail->setText(_('Please find attached') . ' ' . $InvOrCredit . ' ' . $_GET['FromTransNo']);
$mail->SetSubject($InvOrCredit . ' ' . $_GET['FromTransNo']);
$mail->addAttachment($Attachment, $FileName, 'application/pdf');
if ($_SESSION['SmtpSetting'] == 0) {
$mail->setFrom($_SESSION['CompanyRecord']['coyname'] . ' <' . $_SESSION['CompanyRecord']['email'] . '>');
$result = $mail->send(array($_GET['Email']));
} else {
$result = SendmailBySmtp($mail, array($_GET['Email']));
}
unlink($FileName);
//delete the temporary file
$Title = _('Emailing') . ' ' . $InvOrCredit . ' ' . _('Number') . ' ' . $FromTransNo;
include 'includes/header.inc';
echo '<p>' . $InvOrCredit . ' ' . _('number') . ' ' . $FromTransNo . ' ' . _('has been emailed to') . ' ' . $_GET['Email'];
include 'includes/footer.inc';
exit;
} else {
//its not an email just print the invoice to PDF
$pdf->OutputD($_SESSION['DatabaseName'] . '_' . $InvOrCredit . '_' . $FromTransNo . '.pdf');
}
$pdf->__destruct();
//Change the language back to the user's language
$_SESSION['Language'] = $UserLanguage;
}
/*end while there are message lines to parse and substitute vbles for */
fclose($fp);
/*close the file at the end of each transaction */
DB_query("UPDATE debtortrans SET EDISent=1 WHERE ID=" . $TransDetails['id']);
/*Now send the file using the customer transport */
if ($CustDetails['editransport'] == 'email') {
$mail = new htmlMimeMail();
$attachment = $mail->getFile("EDI_INV_" . $TransNo . ".txt");
$mail->SetSubject('EDI Invoice/Credit Note ' . $TransNo);
$mail->addAttachment($attachment, 'EDI_INV_' . $TransNo . '.txt', 'application/txt');
if ($_SESSION['SmtpSetting'] == 0) {
$mail->setFrom($_SESSION['CompanyRecord']['coyname'] . '<' . $_SESSION['CompanyRecord']['email'] . '>');
$MessageSent = $mail->send(array($CustDetails['ediaddress']));
} else {
$MessageSent = SendmailBySmtp($mail, array($CustDetails['ediaddress']));
}
if ($MessageSent == True) {
echo '<BR><BR>';
prnMsg(_('EDI Message') . ' ' . $TransNo . ' ' . _('was sucessfully emailed'), 'success');
} else {
echo '<BR><BR>';
prnMsg(_('EDI Message') . ' ' . $TransNo . _('could not be emailed to') . ' ' . $CustDetails['ediaddress'], 'error');
}
} else {
/*it must be ftp transport */
//Godaddy limitations make it impossible to sftp using ssl or curl, so save to EDI_Sent file and 'rsynch' back to sftp server
/* set up basic connection
$conn_id = ftp_connect($CustDetails['ediaddress']); // login with username and password
$login_result = ftp_login($conn_id, $CustDetails['ediserveruser'], $CustDetails['ediserverpwd']); // check connection
if ((!$conn_id) || (!$login_result)) {
$pdf->Output($_SESSION['reports_dir'] . '/' . $PdfFileName, 'F');
$pdf->__destruct();
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$attachment = $mail->getFile($_SESSION['reports_dir'] . '/' . $PdfFileName);
$mail->setText(_('Please find herewith our purchase order number') . ' ' . $OrderNo);
$mail->setSubject(_('Purchase Order Number') . ' ' . $OrderNo);
$mail->addAttachment($attachment, $PdfFileName, 'application/pdf');
//since sometime the mail server required to verify the users, so must set this information.
if ($_SESSION['SmtpSetting'] == 0) {
//use the mail service provice by the server.
$mail->setFrom($_SESSION['CompanyRecord']['coyname'] . '<' . $_SESSION['CompanyRecord']['email'] . '>');
$Success = $mail->send(array($_POST['EmailTo']));
} else {
if ($_SESSION['SmtpSetting'] == 1) {
$Success = SendmailBySmtp($mail, array($_POST['EmailTo']));
} else {
prnMsg(_('The SMTP settings are wrong, please ask administrator for help'), 'error');
exit;
include 'includes/footer.inc';
}
}
if ($Success == 1) {
$Title = _('Email a Purchase Order');
include 'includes/header.inc';
echo '<div class="centre"><br /><br /><br />';
prnMsg(_('Purchase Order') . ' ' . $OrderNo . ' ' . _('has been emailed to') . ' ' . $_POST['EmailTo'] . ' ' . _('as directed'), 'success');
} else {
//email failed
$Title = _('Email a Purchase Order');
include 'includes/header.inc';
}
/*end of new page header */
}
/* end of while there are customer receipts in the batch to print */
$YPos -= $line_height;
$LeftOvers = $pdf->addTextWrap($Left_Margin, $YPos, 60, $FontSize, locale_number_format($TotalCheques, 2), 'right');
$LeftOvers = $pdf->addTextWrap($Left_Margin + 65, $YPos, 300, $FontSize, _('TOTAL') . ' ' . $Currency . ' ' . _('CHEQUES'), 'left');
$ReportFileName = $_SESSION['DatabaseName'] . '_ChequeListing_' . date('Y-m-d') . '.pdf';
$pdf->Output($_SESSION['reports_dir'] . '/' . $ReportFileName, 'F');
$pdf->OutputD($ReportFileName);
$pdf->__destruct();
if ($_POST['Email'] == 'Yes') {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$attachment = $mail->getFile($_SESSION['reports_dir'] . '/' . $ReportFileName);
$mail->setSubject(_('Payments check list'));
$mail->setText(_('Please find herewith payments listing from') . ' ' . $_POST['FromDate'] . ' ' . _('to') . ' ' . $_POST['ToDate']);
$mail->addAttachment($attachment, 'PaymentListing.pdf', 'application/pdf');
$ChkListingRecipients = GetMailList('ChkListingRecipients');
if (sizeOf($ChkListingRecipients) == 0) {
prnMsg(_('There are no member in Check Listing Recipients email group, no mail will be sent'), 'error');
include 'includes/footer.inc';
exit;
}
if ($_SESSION['SmtpSetting'] == 0) {
$mail->setFrom(array('"' . $_SESSION['CompanyRecord']['coyname'] . '" <' . $_SESSION['CompanyRecord']['email'] . '>'));
$result = $mail->send($ChkListingRecipients);
} else {
$result = SendmailBySmtp($mail, $ChkListingRecipients);
}
}
}
//end while there are line items to print out
}
/*end if there are order details to show on the order*/
$MailMessage .= '</table>
</body>
</html>';
// echo $MailMessage . "=mailMessage<br />";
if ($_SESSION['SmtpSetting'] == 0) {
$result = mail($MailTo, $MailSubject, $MailMessage, $headers);
} else {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setSubject($mailSubject);
$mail->setHTML($MailMessage);
$result = SendmailBySmtp($mail, array($MailTo));
}
if ($result) {
echo ' ' . _('The following E-Mail was sent to') . ' ' . $MailTo . ' :';
}
echo '<html>
<head>
<title>' . _('Email Confirmation') . '</title>
</head>
<body>
<table width="60%">
<tr>.
<td align="center" colspan="4"><img src="' . $RootPath . '/' . $_SESSION['LogoFile'] . '" alt="Logo" width="500" height="100" align="center" border="0" /></td>
</tr>
<tr>
<td align="center" colspan="4"><h2>' . _('Order Acknowledgement') . '</h2></td>
function EmailOffer()
{
$Subject = _('Offer received from') . ' ' . $this->GetSupplierName();
$Message = _('This email is automatically generated by webERP') . "\n" . _('You have received the following offer from') . ' ' . $this->GetSupplierName() . "\n\n" . $this->OfferMailText;
$Headers = 'From: ' . $this->GetSupplierEmail() . "\r\n" . 'Reply-To: ' . $this->GetSupplierEmail() . "\r\n" . 'X-Mailer: PHP/' . phpversion();
if ($_SESSION['SmtpSetting'] == 1) {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setText($Message);
$mail->setSubject($Subject);
$mail->setFrom($this->GetSupplierEmail());
$mail->setHeader('Reply-To', $this->GetSupplierEmail());
$mail->setCc($this->GetSupplierEmail());
}
if ($_SESSION['SmtpSetting'] == 0) {
$result = mail($_SESSION['PurchasingManagerEmail'], $Subject, $Message, $Headers);
} else {
$result = SendmailBySmtp($mail, array($Supplier->EmailAddress, $_SESSION['PurchasingManagerEmail']));
}
return $result;
}
$Recipients[$i] = "'" . $SysAdminsRow['realname'] . "' <" . $SysAdminsRow['email'] . ">";
$i++;
}
}
$TryNextFile = False;
/*reset the abort to false before hit next file*/
$mail->setSubject(_('EDI Order Message Error'));
} else {
$mail->setSubject(_('EDI Order Message') . ' ' . $Order->CustRef);
$EDICustServPerson = $_SESSION['PurchasingManagerEmail'];
$Recipients = array($EDICustServPerson);
}
if ($_SESSION['SmtpSetting'] == 0) {
$MessageSent = $mail->send($Recipients);
} else {
$MessageSent = SendmailBySmtp($mail, $Recipients);
}
echo $EmailText;
}
/* nothing in the email text to send - the message file is a complete dud - maybe directory */
/*Now create the order from the $Order object and commit to the DB*/
}
/*end of the loop around all the incoming order files in the incoming orders directory */
include 'includes/footer.inc';
function StripTrailingComma($StringToStrip)
{
if (strrpos($StringToStrip, "'")) {
return mb_substr($StringToStrip, 0, strrpos($StringToStrip, "'"));
} else {
return $StringToStrip;
}
function userLogin($Name, $Password, $SysAdminEmail = '', $db)
{
global $debug;
if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') {
/* if not logged in */
$_SESSION['AccessLevel'] = '';
$_SESSION['CustomerID'] = '';
$_SESSION['UserBranch'] = '';
$_SESSION['SalesmanLogin'] = '';
$_SESSION['Module'] = '';
$_SESSION['PageSize'] = '';
$_SESSION['UserStockLocation'] = '';
$_SESSION['AttemptsCounter']++;
// Show login screen
if (!isset($Name) or $Name == '') {
$_SESSION['DatabaseName'] = '';
$_SESSION['CompanyName'] = '';
return UL_SHOWLOGIN;
}
/* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */
$sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'\n\t\t\t\tAND (www_users.password='******'\n\t\t\t\tOR www_users.password='******')";
$ErrMsg = _('Could not retrieve user details on login because');
$debug = 1;
$Auth_Result = DB_query($sql, $db, $ErrMsg);
// Populate session variables with data base results
if (DB_num_rows($Auth_Result) > 0) {
$myrow = DB_fetch_array($Auth_Result);
if ($myrow['blocked'] == 1) {
//the account is blocked
return UL_BLOCKED;
}
/*reset the attempts counter on successful login */
$_SESSION['UserID'] = $myrow['userid'];
$_SESSION['AttemptsCounter'] = 0;
$_SESSION['AccessLevel'] = $myrow['fullaccess'];
$_SESSION['CustomerID'] = $myrow['customerid'];
$_SESSION['UserBranch'] = $myrow['branchcode'];
$_SESSION['DefaultPageSize'] = $myrow['pagesize'];
$_SESSION['UserStockLocation'] = $myrow['defaultlocation'];
$_SESSION['UserEmail'] = $myrow['email'];
$_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']);
$_SESSION['UsersRealName'] = $myrow['realname'];
$_SESSION['Theme'] = $myrow['theme'];
$_SESSION['Language'] = $myrow['language'];
$_SESSION['SalesmanLogin'] = $myrow['salesman'];
$_SESSION['CanCreateTender'] = $myrow['cancreatetender'];
$_SESSION['AllowedDepartment'] = $myrow['department'];
if (isset($myrow['pdflanguage'])) {
$_SESSION['PDFLanguage'] = $myrow['pdflanguage'];
} else {
$_SESSION['PDFLanguage'] = '0';
//default to latin western languages
}
if ($myrow['displayrecordsmax'] > 0) {
$_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax'];
} else {
$_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax'];
// default comes from config.php
}
$sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql, $db);
/*get the security tokens that the user has access to */
$sql = "SELECT tokenid FROM securitygroups\n\t\t\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'";
$Sec_Result = DB_query($sql, $db);
$_SESSION['AllowedPageSecurityTokens'] = array();
if (DB_num_rows($Sec_Result) == 0) {
return UL_CONFIGERR;
} else {
$i = 0;
$UserIsSysAdmin = FALSE;
while ($myrow = DB_fetch_row($Sec_Result)) {
if ($myrow[0] == 15) {
$UserIsSysAdmin = TRUE;
}
$_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
$i++;
}
}
// check if only maintenance users can access webERP
$sql = "SELECT confvalue FROM config WHERE confname = 'DB_Maintenance'";
$Maintenance_Result = DB_query($sql, $db);
if (DB_num_rows($Maintenance_Result) == 0) {
return UL_CONFIGERR;
} else {
$myMaintenanceRow = DB_fetch_row($Maintenance_Result);
if ($myMaintenanceRow[0] == -1 and $UserIsSysAdmin == FALSE) {
// the configuration setting has been set to -1 ==> Allow SysAdmin Access Only
// the user is NOT a SysAdmin
return UL_MAINTENANCE;
}
}
} else {
// Incorrect password
// 5 login attempts, show failed login screen
if (!isset($_SESSION['AttemptsCounter'])) {
$_SESSION['AttemptsCounter'] = 0;
} elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) {
/*User blocked from future accesses until sysadmin releases */
$sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql, $db);
if ($SysAdminEmail != '') {
$EmailSubject = _('User access blocked') . ' ' . $Name;
$EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.');
if ($_SESSION['SmtpSetting'] == 0) {
mail($SysAdminEmail, $EmailSubject, $EmailText);
} else {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setSubject($EmailSubject);
$mail->setText($EmailText);
$result = SendmailBySmtp($mail, array($SysAdminEmail));
}
}
return UL_BLOCKED;
}
return UL_NOTVALID;
}
}
// End of userid/password check
// Run with debugging messages for the system administrator(s) but not anyone else
return UL_OK;
/* All is well */
}
$SQL = "INSERT INTO debtortrans (\n\t\t\t\t\t\t\t\t\t\ttransno,\n\t\t\t\t\t\t\t\t\t\ttype,\n\t\t\t\t\t\t\t\t\t\tdebtorno,\n\t\t\t\t\t\t\t\t\t\tbranchcode,\n\t\t\t\t\t\t\t\t\t\ttrandate,\n\t\t\t\t\t\t\t\t\t\tinputdate,\n\t\t\t\t\t\t\t\t\t\tprd,\n\t\t\t\t\t\t\t\t\t\treference,\n\t\t\t\t\t\t\t\t\t\ttpe,\n\t\t\t\t\t\t\t\t\t\torder_,\n\t\t\t\t\t\t\t\t\t\tovamount,\n\t\t\t\t\t\t\t\t\t\tovgst,\n\t\t\t\t\t\t\t\t\t\tovfreight,\n\t\t\t\t\t\t\t\t\t\trate,\n\t\t\t\t\t\t\t\t\t\tinvtext,\n\t\t\t\t\t\t\t\t\t\tshipvia)\n\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t'" . $InvoiceNo . "',\n\t\t\t\t\t\t\t\t\t\t10,\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['debtorno'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['branchcode'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $DelDate . "',\n\t\t\t\t\t\t\t\t\t\t'" . date('Y-m-d H-i-s') . "',\n\t\t\t\t\t\t\t\t\t\t'" . $PeriodNo . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['customerref'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['sales_type'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $OrderNo . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($TotalFXNetInvoice) . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($TotalFXTax) . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($RecurrOrderRow['freightcost']) . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($CurrencyRate) . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['comments'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['shipvia'] . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The debtor transaction record could not be inserted because');
$DbgMsg = _('The following SQL to insert the debtor transaction record was used');
$Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true);
$DebtorTransID = DB_Last_Insert_ID($db, 'debtortrans', 'id');
$SQL = "INSERT INTO debtortranstaxes (debtortransid,\n\t\t\t\t\t\t\ttaxauthid,\n\t\t\t\t\t\t\ttaxamount)\n\t\t\t\tVALUES ('" . $DebtorTransID . "',\n\t\t\t\t\t'" . $TaxAuthID . "',\n\t\t\t\t\t'" . filter_number_format($Tax['FXAmount'] / $CurrencyRate) . "')";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The debtor transaction taxes records could not be inserted because');
$DbgMsg = _('The following SQL to insert the debtor transaction taxes record was used');
$Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true);
$Result = DB_Txn_Commit($db);
prnMsg(_('Invoice number') . ' ' . $InvoiceNo . ' ' . _('processed'), 'success');
$EmailText .= "\n" . _('This recurring order was set to produce the invoice automatically on invoice number') . ' ' . $InvoiceNo;
}
/*end if the recurring order is set to auto invoice */
if (IsEmailAddress($RecurrOrderRow['email'])) {
$mail = new htmlMimeMail();
$mail->setText($EmailText);
$mail->setSubject(_('Recurring Order Created Advice'));
if ($_SESSION['SmtpSetting'] == 0) {
$mail->setFrom($_SESSION['CompanyRecord']['coyname'] . "<" . $_SESSION['CompanyRecord']['email'] . ">");
$result = $mail->send(array($RecurrOrderRow['email']));
} else {
$result = SendmailBySmtp($mail, array($RecurrOrderRow['email']));
}
unset($mail);
} else {
prnMsg(_('No email advice was sent for this order because the location has no email contact defined with a valid email address'), 'warn');
}
}
/*end while there are recurring orders due to have a new order created */
include 'includes/footer.inc';
function userLogin($Name, $Password, $SysAdminEmail = '', $db)
{
global $debug;
global $PathPrefix;
if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') {
/* if not logged in */
$_SESSION['AccessLevel'] = '';
$_SESSION['CustomerID'] = '';
$_SESSION['UserBranch'] = '';
$_SESSION['SalesmanLogin'] = '';
$_SESSION['Module'] = '';
$_SESSION['PageSize'] = '';
$_SESSION['UserStockLocation'] = '';
$_SESSION['AttemptsCounter']++;
// Show login screen
if (!isset($Name) or $Name == '') {
$_SESSION['DatabaseName'] = '';
$_SESSION['CompanyName'] = '';
return UL_SHOWLOGIN;
}
/* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */
$sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$ErrMsg = _('Could not retrieve user details on login because');
$debug = 1;
$PasswordVerified = false;
$Auth_Result = DB_query($sql, $ErrMsg);
if (DB_num_rows($Auth_Result) > 0) {
$myrow = DB_fetch_array($Auth_Result);
if (VerifyPass($Password, $myrow['password'])) {
$PasswordVerified = true;
} elseif (isset($GLOBALS['CryptFunction'])) {
/*if the password stored in the DB was compiled the old way,
* the previous comparison will fail,
* try again with the old hashing algorithm,
* then re-hash the password using the new algorithm.
* The next version should not have $CryptFunction any more for new installs.
*/
switch ($GLOBALS['CryptFunction']) {
case 'sha1':
if ($myrow['password'] == sha1($Password)) {
$PasswordVerified = true;
}
break;
case 'md5':
if ($myrow['password'] == md5($Password)) {
$PasswordVerified = true;
}
break;
default:
if ($myrow['password'] == $Password) {
$PasswordVerified = true;
}
}
if ($PasswordVerified) {
$sql = "UPDATE www_users SET password = '******'" . " WHERE userid = '" . $Name . "';";
DB_query($sql);
}
}
}
// Populate session variables with data base results
if ($PasswordVerified) {
if ($myrow['blocked'] == 1) {
//the account is blocked
return UL_BLOCKED;
}
/*reset the attempts counter on successful login */
$_SESSION['UserID'] = $myrow['userid'];
$_SESSION['AttemptsCounter'] = 0;
$_SESSION['AccessLevel'] = $myrow['fullaccess'];
$_SESSION['CustomerID'] = $myrow['customerid'];
$_SESSION['UserBranch'] = $myrow['branchcode'];
$_SESSION['DefaultPageSize'] = $myrow['pagesize'];
$_SESSION['UserStockLocation'] = $myrow['defaultlocation'];
$_SESSION['UserEmail'] = $myrow['email'];
$_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']);
$_SESSION['UsersRealName'] = $myrow['realname'];
$_SESSION['Theme'] = $myrow['theme'];
$_SESSION['Language'] = $myrow['language'];
$_SESSION['SalesmanLogin'] = $myrow['salesman'];
$_SESSION['CanCreateTender'] = $myrow['cancreatetender'];
$_SESSION['AllowedDepartment'] = $myrow['department'];
$_SESSION['ShowDashboard'] = $myrow['showdashboard'];
if (isset($myrow['pdflanguage'])) {
$_SESSION['PDFLanguage'] = $myrow['pdflanguage'];
} else {
$_SESSION['PDFLanguage'] = '0';
//default to latin western languages
}
if ($myrow['displayrecordsmax'] > 0) {
$_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax'];
} else {
$_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax'];
// default comes from config.php
}
$sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql);
/*get the security tokens that the user has access to */
$sql = "SELECT tokenid\n\t\t\t\t\tFROM securitygroups\n\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'";
$Sec_Result = DB_query($sql);
$_SESSION['AllowedPageSecurityTokens'] = array();
if (DB_num_rows($Sec_Result) == 0) {
return UL_CONFIGERR;
} else {
$i = 0;
$UserIsSysAdmin = FALSE;
while ($myrow = DB_fetch_row($Sec_Result)) {
if ($myrow[0] == 15) {
$UserIsSysAdmin = TRUE;
}
$_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
$i++;
}
}
/*User is logged in so get configuration parameters - save in session*/
include $PathPrefix . 'includes/GetConfig.php';
if (isset($_SESSION['DB_Maintenance'])) {
if ($_SESSION['DB_Maintenance'] > 0) {
//run the DB maintenance script
if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['DB_Maintenance_LastRun']), 'd') >= $_SESSION['DB_Maintenance']) {
/*Do the DB maintenance routing for the DB_type selected */
DB_Maintenance();
$_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d');
/* Audit trail purge only runs if DB_Maintenance is enabled */
if (isset($_SESSION['MonthsAuditTrail'])) {
$sql = "DELETE FROM audittrail\n\t\t\t\t\t\t\t\t\tWHERE transactiondate <= '" . Date('Y-m-d', mktime(0, 0, 0, Date('m') - $_SESSION['MonthsAuditTrail'])) . "'";
$ErrMsg = _('There was a problem deleting expired audit-trail history');
$result = DB_query($sql);
}
}
}
}
/*Check to see if currency rates need to be updated */
if (isset($_SESSION['UpdateCurrencyRatesDaily'])) {
if ($_SESSION['UpdateCurrencyRatesDaily'] != 0) {
/* Only run the update to currency rates if today is after the last update i.e. only runs once a day */
if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily']), 'd') > 0) {
if ($_SESSION['ExchangeRateFeed'] == 'ECB') {
$CurrencyRates = GetECBCurrencyRates();
// gets rates from ECB see includes/MiscFunctions.php
/*Loop around the defined currencies and get the rate from ECB */
if ($CurrencyRates != false) {
$CurrenciesResult = DB_query("SELECT currabrev FROM currencies");
while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
$UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . GetCurrencyRate($CurrencyRow[0], $CurrencyRates) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db);
}
}
}
} else {
$CurrenciesResult = DB_query("SELECT currabrev FROM currencies");
while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
$UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . google_currency_rate($CurrencyRow[0]) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db);
}
}
}
$_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d');
$UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'");
}
}
}
/* Set the logo if not yet set.
* will be done only once per session and each time
* we are not in session (i.e. before login)
*/
if (empty($_SESSION['LogoFile'])) {
/* find a logo in companies/CompanyDir */
if (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.png')) {
$_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.png';
} elseif (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg')) {
$_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg';
}
}
if (!isset($_SESSION['DB_Maintenance'])) {
return UL_CONFIGERR;
} else {
if ($_SESSION['DB_Maintenance'] == -1 and !in_array(15, $_SESSION['AllowedPageSecurityTokens'])) {
// the configuration setting has been set to -1 ==> Allow SysAdmin Access Only
// the user is NOT a SysAdmin
return UL_MAINTENANCE;
}
}
} else {
// Incorrect password
// 5 login attempts, show failed login screen
if (!isset($_SESSION['AttemptsCounter'])) {
$_SESSION['AttemptsCounter'] = 0;
} elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) {
/*User blocked from future accesses until sysadmin releases */
$sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
$Auth_Result = DB_query($sql);
if ($SysAdminEmail != '') {
$EmailSubject = _('User access blocked') . ' ' . $Name;
$EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.');
if ($_SESSION['SmtpSetting'] == 0) {
mail($SysAdminEmail, $EmailSubject, $EmailText);
} else {
include 'includes/htmlMimeMail.php';
$mail = new htmlMimeMail();
$mail->setSubject($EmailSubject);
$mail->setText($EmailText);
$result = SendmailBySmtp($mail, array($SysAdminEmail));
}
}
return UL_BLOCKED;
}
return UL_NOTVALID;
}
}
// End of userid/password check
// Run with debugging messages for the system administrator(s) but not anyone else
return UL_OK;
/* All is well */
}
