function EmailSuppliers() { $EmailText = _('This email has been automatically generated by KwaMoja') . "\n"; $EmailText .= _('You are invited to Tender for the following products to be delivered to') . ' ' . $_SESSION['CompanyRecord']['coyname'] . "\n"; $EmailText .= _('Tender number') . ': ' . $this->TenderId . "\n"; $EmailText .= _(' Quantity ') . ' ' . _(' Unit ') . ' ' . _(' Item Description') . "\n"; foreach ($this->LineItems as $LineItem) { $EmailText .= $LineItem->Quantity . ' ' . $LineItem->Units . ' ' . $LineItem->ItemDescription . "\n"; } $Subject = _('Tender received from') . ' ' . $_SESSION['CompanyRecord']['coyname']; $Headers = 'From: ' . $_SESSION['PurchasingManagerEmail'] . "\r\n" . 'Reply-To: ' . $_SESSION['PurchasingManagerEmail'] . "\r\n" . 'X-Mailer: PHP/' . phpversion(); if ($_SESSION['SmtpSetting'] == 1) { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setText($EmailText); $mail->setSubject($Subject); $mail->setFrom($_SESSION['PurchasingManagerEmail']); $mail->setHeader('Reply-To', $_SESSION['PurchasingManagerEmail']); $mail->setCc($_SESSION['PurchasingManagerEmail']); //Set this as a copy for filing purpose } foreach ($this->Suppliers as $Supplier) { $result = mail($Supplier->EmailAddress, $Subject, $EmailText, $Headers); if ($_SESSION['SmtpSetting'] == 0) { $result = mail($Supplier->EmailAddress, $Subject, $EmailText, $Headers); } else { $result = SendmailBySmtp($mail, array($Supplier->EmailAddress, $_SESSION['PurchasingManagerEmail'])); } } }
$Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true); } $Result = DB_Txn_Commit($db); $ConfirmationText = _('An internal stock request for') . ' ' . $StockID . ' ' . _('has been fulfilled from location') . ' ' . $Location . ' ' . _('for a quantity of') . ' ' . locale_number_format($Quantity, $DecimalPlaces); prnMsg($ConfirmationText, 'success'); if ($_SESSION['InventoryManagerEmail'] != '') { $ConfirmationText = $ConfirmationText . ' ' . _('by user') . ' ' . $_SESSION['UserID'] . ' ' . _('at') . ' ' . Date('Y-m-d H:i:s'); $EmailSubject = _('Internal Stock Request Fulfillment for') . ' ' . $StockID; if ($_SESSION['SmtpSetting'] == 0) { mail($_SESSION['InventoryManagerEmail'], $EmailSubject, $ConfirmationText); } else { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setSubject($EmailSubject); $mail->setText($ConfirmationText); $result = SendmailBySmtp($mail, array($_SESSION['InventoryManagerEmail'])); } } } else { $ConfirmationText = _('An internal stock request for') . ' ' . $StockID . ' ' . _('has been fulfilled from location') . ' ' . $Location . ' ' . _('for a quantity of') . ' ' . locale_number_format($Quantity, $DecimalPlaces) . ' ' . _('cannot be created as there is insufficient stock and your system is configured to not allow negative stocks'); prnMsg($ConfirmationText, 'warn'); } // Check if request can be closed and close if done. if (isset($RequestID)) { $SQL = "SELECT dispatchid\n\t\t\t\t\t\tFROM stockrequestitems\n\t\t\t\t\t\tWHERE dispatchid='" . $RequestID . "'\n\t\t\t\t\t\t\tAND completed=0"; $Result = DB_query($SQL, $db); if (DB_num_rows($Result) == 0) { $SQL = "UPDATE stockrequest\n\t\t\t\t\t\tSET closed=1\n\t\t\t\t\tWHERE dispatchid='" . $RequestID . "'"; $Result = DB_query($SQL, $db); } }
$DbgMsg = _('The following SQL to insert the request header record was used'); $Result = DB_query($LineSQL, $ErrMsg, $DbgMsg, true); } $EmailSQL = "SELECT email\n\t\t\t\t\tFROM www_users, departments\n\t\t\t\t\tWHERE departments.authoriser = www_users.userid\n\t\t\t\t\t\tAND departments.departmentid = '" . $_SESSION['Request']->Department . "'"; $EmailResult = DB_query($EmailSQL); if ($myEmail = DB_fetch_array($EmailResult)) { $ConfirmationText = _('An internal stock request has been created and is waiting for your authoritation'); $EmailSubject = _('Internal Stock Request needs your authoritation'); if ($_SESSION['SmtpSetting'] == 0) { mail($myEmail['email'], $EmailSubject, $ConfirmationText); } else { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setSubject($EmailSubject); $mail->setText($ConfirmationText); $result = SendmailBySmtp($mail, array($myEmail['email'])); } } } DB_Txn_Commit(); prnMsg(_('The internal stock request has been entered and now needs to be authorised'), 'success'); echo '<br /><div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '?New=Yes">' . _('Create another request') . '</a></div>'; include 'includes/footer.inc'; unset($_SESSION['Request']); exit; } echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/supplier.png" title="' . _('Dispatch') . '" alt="" />' . ' ' . $Title . '</p>'; if (isset($_GET['Edit'])) { echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">'; echo '<div>'; echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
$MailText .= $myrow['description'] . "\t" . _('Quantity') . ' ' . $myrow['quantity'] . "\t" . _('Price') . ' ' . locale_number_format($myrow['price']) . "\n"; $sql = "DELETE FROM offers WHERE offerid='" . $RejectID . "'"; $result = DB_query($sql); } $mail = new htmlMimeMail(); $mail->setSubject(_('Your offer to') . ' ' . $_SESSION['CompanyRecord']['coyname'] . ' ' . _('has been rejected')); $mail->setText($MailText); $mail->setFrom($_SESSION['CompanyRecord']['coyname'] . ' <' . $_SESSION['CompanyRecord']['email'] . '>'); $Recipients = GetMailList('OffersReceivedResultRecipients'); if (sizeOf($Recipients) == 0) { prnMsg(_('There are no members of the Offers Received Result Recipients email group'), 'warn'); include 'includes/footer.inc'; exit; } array_push($Recipients, $Email); if ($_SESSION['SmtpSetting'] == 0) { $mail->setFrom($_SESSION['CompanyRecord']['coyname'] . ' <' . $_SESSION['CompanyRecord']['email'] . '>'); $result = $mail->send($Recipients); } else { $result = SendmailBySmtp($mail, $Recipients); } if ($result) { prnMsg(_('The rejected offers from') . ' ' . $SupplierName . ' ' . _('have been removed from the system and an email sent to') . ' ' . $Email, 'success'); } else { prnMsg(_('The rejected offers from') . ' ' . $SupplierName . ' ' . _('have been removed from the system and but no email was not sent to') . ' ' . $Email, 'warn'); } } prnMsg(_('All offers have been processed, and emails sent where appropriate'), 'success'); } } include 'includes/footer.inc';
//email the invoice to address supplied include 'includes/htmlMimeMail.php'; $FromTransNo--; //reverse the increment to retain the correct transaction number $FileName = $_SESSION['reports_dir'] . '/' . $_SESSION['DatabaseName'] . '_' . $InvOrCredit . '_' . $_GET['FromTransNo'] . '.pdf'; $pdf->Output($FileName, 'F'); $mail = new htmlMimeMail(); $Attachment = $mail->getFile($FileName); $mail->setText(_('Please find attached') . ' ' . $InvOrCredit . ' ' . $_GET['FromTransNo']); $mail->SetSubject($InvOrCredit . ' ' . $_GET['FromTransNo']); $mail->addAttachment($Attachment, $FileName, 'application/pdf'); if ($_SESSION['SmtpSetting'] == 0) { $mail->setFrom($_SESSION['CompanyRecord']['coyname'] . ' <' . $_SESSION['CompanyRecord']['email'] . '>'); $result = $mail->send(array($_GET['Email'])); } else { $result = SendmailBySmtp($mail, array($_GET['Email'])); } unlink($FileName); //delete the temporary file $Title = _('Emailing') . ' ' . $InvOrCredit . ' ' . _('Number') . ' ' . $FromTransNo; include 'includes/header.inc'; echo '<p>' . $InvOrCredit . ' ' . _('number') . ' ' . $FromTransNo . ' ' . _('has been emailed to') . ' ' . $_GET['Email']; include 'includes/footer.inc'; exit; } else { //its not an email just print the invoice to PDF $pdf->OutputD($_SESSION['DatabaseName'] . '_' . $InvOrCredit . '_' . $FromTransNo . '.pdf'); } $pdf->__destruct(); //Change the language back to the user's language $_SESSION['Language'] = $UserLanguage;
} /*end while there are message lines to parse and substitute vbles for */ fclose($fp); /*close the file at the end of each transaction */ DB_query("UPDATE debtortrans SET EDISent=1 WHERE ID=" . $TransDetails['id']); /*Now send the file using the customer transport */ if ($CustDetails['editransport'] == 'email') { $mail = new htmlMimeMail(); $attachment = $mail->getFile("EDI_INV_" . $TransNo . ".txt"); $mail->SetSubject('EDI Invoice/Credit Note ' . $TransNo); $mail->addAttachment($attachment, 'EDI_INV_' . $TransNo . '.txt', 'application/txt'); if ($_SESSION['SmtpSetting'] == 0) { $mail->setFrom($_SESSION['CompanyRecord']['coyname'] . '<' . $_SESSION['CompanyRecord']['email'] . '>'); $MessageSent = $mail->send(array($CustDetails['ediaddress'])); } else { $MessageSent = SendmailBySmtp($mail, array($CustDetails['ediaddress'])); } if ($MessageSent == True) { echo '<BR><BR>'; prnMsg(_('EDI Message') . ' ' . $TransNo . ' ' . _('was sucessfully emailed'), 'success'); } else { echo '<BR><BR>'; prnMsg(_('EDI Message') . ' ' . $TransNo . _('could not be emailed to') . ' ' . $CustDetails['ediaddress'], 'error'); } } else { /*it must be ftp transport */ //Godaddy limitations make it impossible to sftp using ssl or curl, so save to EDI_Sent file and 'rsynch' back to sftp server /* set up basic connection $conn_id = ftp_connect($CustDetails['ediaddress']); // login with username and password $login_result = ftp_login($conn_id, $CustDetails['ediserveruser'], $CustDetails['ediserverpwd']); // check connection if ((!$conn_id) || (!$login_result)) {
$pdf->Output($_SESSION['reports_dir'] . '/' . $PdfFileName, 'F'); $pdf->__destruct(); include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $attachment = $mail->getFile($_SESSION['reports_dir'] . '/' . $PdfFileName); $mail->setText(_('Please find herewith our purchase order number') . ' ' . $OrderNo); $mail->setSubject(_('Purchase Order Number') . ' ' . $OrderNo); $mail->addAttachment($attachment, $PdfFileName, 'application/pdf'); //since sometime the mail server required to verify the users, so must set this information. if ($_SESSION['SmtpSetting'] == 0) { //use the mail service provice by the server. $mail->setFrom($_SESSION['CompanyRecord']['coyname'] . '<' . $_SESSION['CompanyRecord']['email'] . '>'); $Success = $mail->send(array($_POST['EmailTo'])); } else { if ($_SESSION['SmtpSetting'] == 1) { $Success = SendmailBySmtp($mail, array($_POST['EmailTo'])); } else { prnMsg(_('The SMTP settings are wrong, please ask administrator for help'), 'error'); exit; include 'includes/footer.inc'; } } if ($Success == 1) { $Title = _('Email a Purchase Order'); include 'includes/header.inc'; echo '<div class="centre"><br /><br /><br />'; prnMsg(_('Purchase Order') . ' ' . $OrderNo . ' ' . _('has been emailed to') . ' ' . $_POST['EmailTo'] . ' ' . _('as directed'), 'success'); } else { //email failed $Title = _('Email a Purchase Order'); include 'includes/header.inc';
} /*end of new page header */ } /* end of while there are customer receipts in the batch to print */ $YPos -= $line_height; $LeftOvers = $pdf->addTextWrap($Left_Margin, $YPos, 60, $FontSize, locale_number_format($TotalCheques, 2), 'right'); $LeftOvers = $pdf->addTextWrap($Left_Margin + 65, $YPos, 300, $FontSize, _('TOTAL') . ' ' . $Currency . ' ' . _('CHEQUES'), 'left'); $ReportFileName = $_SESSION['DatabaseName'] . '_ChequeListing_' . date('Y-m-d') . '.pdf'; $pdf->Output($_SESSION['reports_dir'] . '/' . $ReportFileName, 'F'); $pdf->OutputD($ReportFileName); $pdf->__destruct(); if ($_POST['Email'] == 'Yes') { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $attachment = $mail->getFile($_SESSION['reports_dir'] . '/' . $ReportFileName); $mail->setSubject(_('Payments check list')); $mail->setText(_('Please find herewith payments listing from') . ' ' . $_POST['FromDate'] . ' ' . _('to') . ' ' . $_POST['ToDate']); $mail->addAttachment($attachment, 'PaymentListing.pdf', 'application/pdf'); $ChkListingRecipients = GetMailList('ChkListingRecipients'); if (sizeOf($ChkListingRecipients) == 0) { prnMsg(_('There are no member in Check Listing Recipients email group, no mail will be sent'), 'error'); include 'includes/footer.inc'; exit; } if ($_SESSION['SmtpSetting'] == 0) { $mail->setFrom(array('"' . $_SESSION['CompanyRecord']['coyname'] . '" <' . $_SESSION['CompanyRecord']['email'] . '>')); $result = $mail->send($ChkListingRecipients); } else { $result = SendmailBySmtp($mail, $ChkListingRecipients); } }
} //end while there are line items to print out } /*end if there are order details to show on the order*/ $MailMessage .= '</table> </body> </html>'; // echo $MailMessage . "=mailMessage<br />"; if ($_SESSION['SmtpSetting'] == 0) { $result = mail($MailTo, $MailSubject, $MailMessage, $headers); } else { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setSubject($mailSubject); $mail->setHTML($MailMessage); $result = SendmailBySmtp($mail, array($MailTo)); } if ($result) { echo ' ' . _('The following E-Mail was sent to') . ' ' . $MailTo . ' :'; } echo '<html> <head> <title>' . _('Email Confirmation') . '</title> </head> <body> <table width="60%"> <tr>. <td align="center" colspan="4"><img src="' . $RootPath . '/' . $_SESSION['LogoFile'] . '" alt="Logo" width="500" height="100" align="center" border="0" /></td> </tr> <tr> <td align="center" colspan="4"><h2>' . _('Order Acknowledgement') . '</h2></td>
function EmailOffer() { $Subject = _('Offer received from') . ' ' . $this->GetSupplierName(); $Message = _('This email is automatically generated by webERP') . "\n" . _('You have received the following offer from') . ' ' . $this->GetSupplierName() . "\n\n" . $this->OfferMailText; $Headers = 'From: ' . $this->GetSupplierEmail() . "\r\n" . 'Reply-To: ' . $this->GetSupplierEmail() . "\r\n" . 'X-Mailer: PHP/' . phpversion(); if ($_SESSION['SmtpSetting'] == 1) { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setText($Message); $mail->setSubject($Subject); $mail->setFrom($this->GetSupplierEmail()); $mail->setHeader('Reply-To', $this->GetSupplierEmail()); $mail->setCc($this->GetSupplierEmail()); } if ($_SESSION['SmtpSetting'] == 0) { $result = mail($_SESSION['PurchasingManagerEmail'], $Subject, $Message, $Headers); } else { $result = SendmailBySmtp($mail, array($Supplier->EmailAddress, $_SESSION['PurchasingManagerEmail'])); } return $result; }
$Recipients[$i] = "'" . $SysAdminsRow['realname'] . "' <" . $SysAdminsRow['email'] . ">"; $i++; } } $TryNextFile = False; /*reset the abort to false before hit next file*/ $mail->setSubject(_('EDI Order Message Error')); } else { $mail->setSubject(_('EDI Order Message') . ' ' . $Order->CustRef); $EDICustServPerson = $_SESSION['PurchasingManagerEmail']; $Recipients = array($EDICustServPerson); } if ($_SESSION['SmtpSetting'] == 0) { $MessageSent = $mail->send($Recipients); } else { $MessageSent = SendmailBySmtp($mail, $Recipients); } echo $EmailText; } /* nothing in the email text to send - the message file is a complete dud - maybe directory */ /*Now create the order from the $Order object and commit to the DB*/ } /*end of the loop around all the incoming order files in the incoming orders directory */ include 'includes/footer.inc'; function StripTrailingComma($StringToStrip) { if (strrpos($StringToStrip, "'")) { return mb_substr($StringToStrip, 0, strrpos($StringToStrip, "'")); } else { return $StringToStrip; }
function userLogin($Name, $Password, $SysAdminEmail = '', $db) { global $debug; if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') { /* if not logged in */ $_SESSION['AccessLevel'] = ''; $_SESSION['CustomerID'] = ''; $_SESSION['UserBranch'] = ''; $_SESSION['SalesmanLogin'] = ''; $_SESSION['Module'] = ''; $_SESSION['PageSize'] = ''; $_SESSION['UserStockLocation'] = ''; $_SESSION['AttemptsCounter']++; // Show login screen if (!isset($Name) or $Name == '') { $_SESSION['DatabaseName'] = ''; $_SESSION['CompanyName'] = ''; return UL_SHOWLOGIN; } /* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */ $sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'\n\t\t\t\tAND (www_users.password='******'\n\t\t\t\tOR www_users.password='******')"; $ErrMsg = _('Could not retrieve user details on login because'); $debug = 1; $Auth_Result = DB_query($sql, $db, $ErrMsg); // Populate session variables with data base results if (DB_num_rows($Auth_Result) > 0) { $myrow = DB_fetch_array($Auth_Result); if ($myrow['blocked'] == 1) { //the account is blocked return UL_BLOCKED; } /*reset the attempts counter on successful login */ $_SESSION['UserID'] = $myrow['userid']; $_SESSION['AttemptsCounter'] = 0; $_SESSION['AccessLevel'] = $myrow['fullaccess']; $_SESSION['CustomerID'] = $myrow['customerid']; $_SESSION['UserBranch'] = $myrow['branchcode']; $_SESSION['DefaultPageSize'] = $myrow['pagesize']; $_SESSION['UserStockLocation'] = $myrow['defaultlocation']; $_SESSION['UserEmail'] = $myrow['email']; $_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']); $_SESSION['UsersRealName'] = $myrow['realname']; $_SESSION['Theme'] = $myrow['theme']; $_SESSION['Language'] = $myrow['language']; $_SESSION['SalesmanLogin'] = $myrow['salesman']; $_SESSION['CanCreateTender'] = $myrow['cancreatetender']; $_SESSION['AllowedDepartment'] = $myrow['department']; if (isset($myrow['pdflanguage'])) { $_SESSION['PDFLanguage'] = $myrow['pdflanguage']; } else { $_SESSION['PDFLanguage'] = '0'; //default to latin western languages } if ($myrow['displayrecordsmax'] > 0) { $_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax']; } else { $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php } $sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); /*get the security tokens that the user has access to */ $sql = "SELECT tokenid FROM securitygroups\n\t\t\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'"; $Sec_Result = DB_query($sql, $db); $_SESSION['AllowedPageSecurityTokens'] = array(); if (DB_num_rows($Sec_Result) == 0) { return UL_CONFIGERR; } else { $i = 0; $UserIsSysAdmin = FALSE; while ($myrow = DB_fetch_row($Sec_Result)) { if ($myrow[0] == 15) { $UserIsSysAdmin = TRUE; } $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0]; $i++; } } // check if only maintenance users can access webERP $sql = "SELECT confvalue FROM config WHERE confname = 'DB_Maintenance'"; $Maintenance_Result = DB_query($sql, $db); if (DB_num_rows($Maintenance_Result) == 0) { return UL_CONFIGERR; } else { $myMaintenanceRow = DB_fetch_row($Maintenance_Result); if ($myMaintenanceRow[0] == -1 and $UserIsSysAdmin == FALSE) { // the configuration setting has been set to -1 ==> Allow SysAdmin Access Only // the user is NOT a SysAdmin return UL_MAINTENANCE; } } } else { // Incorrect password // 5 login attempts, show failed login screen if (!isset($_SESSION['AttemptsCounter'])) { $_SESSION['AttemptsCounter'] = 0; } elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) { /*User blocked from future accesses until sysadmin releases */ $sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); if ($SysAdminEmail != '') { $EmailSubject = _('User access blocked') . ' ' . $Name; $EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.'); if ($_SESSION['SmtpSetting'] == 0) { mail($SysAdminEmail, $EmailSubject, $EmailText); } else { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setSubject($EmailSubject); $mail->setText($EmailText); $result = SendmailBySmtp($mail, array($SysAdminEmail)); } } return UL_BLOCKED; } return UL_NOTVALID; } } // End of userid/password check // Run with debugging messages for the system administrator(s) but not anyone else return UL_OK; /* All is well */ }
$SQL = "INSERT INTO debtortrans (\n\t\t\t\t\t\t\t\t\t\ttransno,\n\t\t\t\t\t\t\t\t\t\ttype,\n\t\t\t\t\t\t\t\t\t\tdebtorno,\n\t\t\t\t\t\t\t\t\t\tbranchcode,\n\t\t\t\t\t\t\t\t\t\ttrandate,\n\t\t\t\t\t\t\t\t\t\tinputdate,\n\t\t\t\t\t\t\t\t\t\tprd,\n\t\t\t\t\t\t\t\t\t\treference,\n\t\t\t\t\t\t\t\t\t\ttpe,\n\t\t\t\t\t\t\t\t\t\torder_,\n\t\t\t\t\t\t\t\t\t\tovamount,\n\t\t\t\t\t\t\t\t\t\tovgst,\n\t\t\t\t\t\t\t\t\t\tovfreight,\n\t\t\t\t\t\t\t\t\t\trate,\n\t\t\t\t\t\t\t\t\t\tinvtext,\n\t\t\t\t\t\t\t\t\t\tshipvia)\n\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t'" . $InvoiceNo . "',\n\t\t\t\t\t\t\t\t\t\t10,\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['debtorno'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['branchcode'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $DelDate . "',\n\t\t\t\t\t\t\t\t\t\t'" . date('Y-m-d H-i-s') . "',\n\t\t\t\t\t\t\t\t\t\t'" . $PeriodNo . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['customerref'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['sales_type'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $OrderNo . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($TotalFXNetInvoice) . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($TotalFXTax) . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($RecurrOrderRow['freightcost']) . "',\n\t\t\t\t\t\t\t\t\t\t'" . filter_number_format($CurrencyRate) . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['comments'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . $RecurrOrderRow['shipvia'] . "')"; $ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The debtor transaction record could not be inserted because'); $DbgMsg = _('The following SQL to insert the debtor transaction record was used'); $Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true); $DebtorTransID = DB_Last_Insert_ID($db, 'debtortrans', 'id'); $SQL = "INSERT INTO debtortranstaxes (debtortransid,\n\t\t\t\t\t\t\ttaxauthid,\n\t\t\t\t\t\t\ttaxamount)\n\t\t\t\tVALUES ('" . $DebtorTransID . "',\n\t\t\t\t\t'" . $TaxAuthID . "',\n\t\t\t\t\t'" . filter_number_format($Tax['FXAmount'] / $CurrencyRate) . "')"; $ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The debtor transaction taxes records could not be inserted because'); $DbgMsg = _('The following SQL to insert the debtor transaction taxes record was used'); $Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true); $Result = DB_Txn_Commit($db); prnMsg(_('Invoice number') . ' ' . $InvoiceNo . ' ' . _('processed'), 'success'); $EmailText .= "\n" . _('This recurring order was set to produce the invoice automatically on invoice number') . ' ' . $InvoiceNo; } /*end if the recurring order is set to auto invoice */ if (IsEmailAddress($RecurrOrderRow['email'])) { $mail = new htmlMimeMail(); $mail->setText($EmailText); $mail->setSubject(_('Recurring Order Created Advice')); if ($_SESSION['SmtpSetting'] == 0) { $mail->setFrom($_SESSION['CompanyRecord']['coyname'] . "<" . $_SESSION['CompanyRecord']['email'] . ">"); $result = $mail->send(array($RecurrOrderRow['email'])); } else { $result = SendmailBySmtp($mail, array($RecurrOrderRow['email'])); } unset($mail); } else { prnMsg(_('No email advice was sent for this order because the location has no email contact defined with a valid email address'), 'warn'); } } /*end while there are recurring orders due to have a new order created */ include 'includes/footer.inc';
function userLogin($Name, $Password, $SysAdminEmail = '', $db) { global $debug; global $PathPrefix; if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') { /* if not logged in */ $_SESSION['AccessLevel'] = ''; $_SESSION['CustomerID'] = ''; $_SESSION['UserBranch'] = ''; $_SESSION['SalesmanLogin'] = ''; $_SESSION['Module'] = ''; $_SESSION['PageSize'] = ''; $_SESSION['UserStockLocation'] = ''; $_SESSION['AttemptsCounter']++; // Show login screen if (!isset($Name) or $Name == '') { $_SESSION['DatabaseName'] = ''; $_SESSION['CompanyName'] = ''; return UL_SHOWLOGIN; } /* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */ $sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $ErrMsg = _('Could not retrieve user details on login because'); $debug = 1; $PasswordVerified = false; $Auth_Result = DB_query($sql, $ErrMsg); if (DB_num_rows($Auth_Result) > 0) { $myrow = DB_fetch_array($Auth_Result); if (VerifyPass($Password, $myrow['password'])) { $PasswordVerified = true; } elseif (isset($GLOBALS['CryptFunction'])) { /*if the password stored in the DB was compiled the old way, * the previous comparison will fail, * try again with the old hashing algorithm, * then re-hash the password using the new algorithm. * The next version should not have $CryptFunction any more for new installs. */ switch ($GLOBALS['CryptFunction']) { case 'sha1': if ($myrow['password'] == sha1($Password)) { $PasswordVerified = true; } break; case 'md5': if ($myrow['password'] == md5($Password)) { $PasswordVerified = true; } break; default: if ($myrow['password'] == $Password) { $PasswordVerified = true; } } if ($PasswordVerified) { $sql = "UPDATE www_users SET password = '******'" . " WHERE userid = '" . $Name . "';"; DB_query($sql); } } } // Populate session variables with data base results if ($PasswordVerified) { if ($myrow['blocked'] == 1) { //the account is blocked return UL_BLOCKED; } /*reset the attempts counter on successful login */ $_SESSION['UserID'] = $myrow['userid']; $_SESSION['AttemptsCounter'] = 0; $_SESSION['AccessLevel'] = $myrow['fullaccess']; $_SESSION['CustomerID'] = $myrow['customerid']; $_SESSION['UserBranch'] = $myrow['branchcode']; $_SESSION['DefaultPageSize'] = $myrow['pagesize']; $_SESSION['UserStockLocation'] = $myrow['defaultlocation']; $_SESSION['UserEmail'] = $myrow['email']; $_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']); $_SESSION['UsersRealName'] = $myrow['realname']; $_SESSION['Theme'] = $myrow['theme']; $_SESSION['Language'] = $myrow['language']; $_SESSION['SalesmanLogin'] = $myrow['salesman']; $_SESSION['CanCreateTender'] = $myrow['cancreatetender']; $_SESSION['AllowedDepartment'] = $myrow['department']; $_SESSION['ShowDashboard'] = $myrow['showdashboard']; if (isset($myrow['pdflanguage'])) { $_SESSION['PDFLanguage'] = $myrow['pdflanguage']; } else { $_SESSION['PDFLanguage'] = '0'; //default to latin western languages } if ($myrow['displayrecordsmax'] > 0) { $_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax']; } else { $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php } $sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql); /*get the security tokens that the user has access to */ $sql = "SELECT tokenid\n\t\t\t\t\tFROM securitygroups\n\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'"; $Sec_Result = DB_query($sql); $_SESSION['AllowedPageSecurityTokens'] = array(); if (DB_num_rows($Sec_Result) == 0) { return UL_CONFIGERR; } else { $i = 0; $UserIsSysAdmin = FALSE; while ($myrow = DB_fetch_row($Sec_Result)) { if ($myrow[0] == 15) { $UserIsSysAdmin = TRUE; } $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0]; $i++; } } /*User is logged in so get configuration parameters - save in session*/ include $PathPrefix . 'includes/GetConfig.php'; if (isset($_SESSION['DB_Maintenance'])) { if ($_SESSION['DB_Maintenance'] > 0) { //run the DB maintenance script if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['DB_Maintenance_LastRun']), 'd') >= $_SESSION['DB_Maintenance']) { /*Do the DB maintenance routing for the DB_type selected */ DB_Maintenance(); $_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d'); /* Audit trail purge only runs if DB_Maintenance is enabled */ if (isset($_SESSION['MonthsAuditTrail'])) { $sql = "DELETE FROM audittrail\n\t\t\t\t\t\t\t\t\tWHERE transactiondate <= '" . Date('Y-m-d', mktime(0, 0, 0, Date('m') - $_SESSION['MonthsAuditTrail'])) . "'"; $ErrMsg = _('There was a problem deleting expired audit-trail history'); $result = DB_query($sql); } } } } /*Check to see if currency rates need to be updated */ if (isset($_SESSION['UpdateCurrencyRatesDaily'])) { if ($_SESSION['UpdateCurrencyRatesDaily'] != 0) { /* Only run the update to currency rates if today is after the last update i.e. only runs once a day */ if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily']), 'd') > 0) { if ($_SESSION['ExchangeRateFeed'] == 'ECB') { $CurrencyRates = GetECBCurrencyRates(); // gets rates from ECB see includes/MiscFunctions.php /*Loop around the defined currencies and get the rate from ECB */ if ($CurrencyRates != false) { $CurrenciesResult = DB_query("SELECT currabrev FROM currencies"); while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) { if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) { $UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . GetCurrencyRate($CurrencyRow[0], $CurrencyRates) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db); } } } } else { $CurrenciesResult = DB_query("SELECT currabrev FROM currencies"); while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) { if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) { $UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . google_currency_rate($CurrencyRow[0]) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db); } } } $_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d'); $UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'"); } } } /* Set the logo if not yet set. * will be done only once per session and each time * we are not in session (i.e. before login) */ if (empty($_SESSION['LogoFile'])) { /* find a logo in companies/CompanyDir */ if (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.png')) { $_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.png'; } elseif (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg')) { $_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg'; } } if (!isset($_SESSION['DB_Maintenance'])) { return UL_CONFIGERR; } else { if ($_SESSION['DB_Maintenance'] == -1 and !in_array(15, $_SESSION['AllowedPageSecurityTokens'])) { // the configuration setting has been set to -1 ==> Allow SysAdmin Access Only // the user is NOT a SysAdmin return UL_MAINTENANCE; } } } else { // Incorrect password // 5 login attempts, show failed login screen if (!isset($_SESSION['AttemptsCounter'])) { $_SESSION['AttemptsCounter'] = 0; } elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) { /*User blocked from future accesses until sysadmin releases */ $sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql); if ($SysAdminEmail != '') { $EmailSubject = _('User access blocked') . ' ' . $Name; $EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.'); if ($_SESSION['SmtpSetting'] == 0) { mail($SysAdminEmail, $EmailSubject, $EmailText); } else { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setSubject($EmailSubject); $mail->setText($EmailText); $result = SendmailBySmtp($mail, array($SysAdminEmail)); } } return UL_BLOCKED; } return UL_NOTVALID; } } // End of userid/password check // Run with debugging messages for the system administrator(s) but not anyone else return UL_OK; /* All is well */ }