function prepareUrl($url, $key = "Ra@7757")
{
$url = explode("?", $url, 2);
if (sizeof($url) <= 1) {
return $url;
} else {
return $url[0] . "?params=" . encryptStringArray($url[1], $key);
}
}
include '../functions/az.php';
include '../functions/format_money.php';
global $session, $database;
foreach ($_GET as $key => $value) {
${$key} = $value;
}
$datefrom = sanitize($datefrom);
$dateto = sanitize($dateto);
if ($datefrom == NULL || $dateto == NULL) {
$datey = date('d/m/Y');
$sql = "SELECT TRANS_AMOUNT.TRANS_ID,TRANS_AMOUNT.TRANS_TYPE, TO_CHAR(TRANS_AMOUNT.TRANS_DATE, 'DD.MM.YYYY:HH24:MI:SS'), TRANS_AMOUNT.MEMBER_NO, TRANS_AMOUNT.DOC_NO, TRANS_AMOUNT.FULL_NAME, TRANS_AMOUNT.PORTFOLIO, TRANS_AMOUNT.CANCELREASON, TRANS_AMOUNT.AMOUNT FROM TRANS INNER JOIN TRANS_AMOUNT ON TRANS_AMOUNT.TRANS_ID = TRANS.RECONCILED WHERE TRUNC(trans_amount.trans_date)=TO_DATE('{$datey}','DD/MM/YYYY:HH24:MI:SS') and trans_amount.bnkcode='" . $_SESSION['Branchcode'] . "' AND TRANS_AMOUNT.RECONCILED = 0 AND TRANS.CONFIRMED = 1 AND TRANS.REVERSED = 1 ";
} else {
$sql = "SELECT TRANS_AMOUNT.TRANS_ID,TRANS_AMOUNT.TRANS_TYPE, TO_CHAR(TRANS_AMOUNT.TRANS_DATE, 'DD.MM.YYYY:HH24:MI:SS'), TRANS_AMOUNT.MEMBER_NO, TRANS_AMOUNT.FULL_NAME, TRANS_AMOUNT.DOC_NO, TRANS_AMOUNT.PORTFOLIO,TRANS_AMOUNT.CANCELREASON, TRANS_AMOUNT.AMOUNT FROM TRANS INNER JOIN TRANS_AMOUNT ON TRANS_AMOUNT.TRANS_ID = TRANS.RECONCILED where TRUNC(trans_amount.trans_date) BETWEEN TO_DATE('" . cleanInput($datefrom) . "','DD/MM/YYYY:HH24:MI:SS') AND TO_DATE('" . cleanInput($dateto) . "','DD/MM/YYYY:HH24:MI:SS') and trans_amount.bnkcode='" . $_SESSION['Branchcode'] . "' AND TRANS_AMOUNT.RECONCILED = 0 AND TRANS.CONFIRMED =1 AND TRANS.REVERSED = 1 ORDER BY trans_amount.TRANS_DATE ASC";
}
$result = oci_parse($conn, $sql) or die("");
oci_execute($result, OCI_DEFAULT);
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h4 class="page-header">CANCELLED TRANSACTIONS</h4>
</div>
<!-- /.col-lg-12 -->
</div>
<!-- /.row -->
<div class="row">
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
CANCELLED TRANSACTION REPORTS
</div>
?>
</td>
<td>
<?php
if ($objResult['Status'] == 1) {
echo "<span class='f-green'>เปิดใช้งาน</span>";
} else {
if ($objResult['Status'] == 2) {
echo "<span class='f-red'>ปิดใช้งาน</span>";
}
}
?>
</td>
<td style="border-right:none;">
<a href="?page=editMember&id=<?php
echo encryptStringArray($objResult['MemberID']);
?>
">
<img src="images/edit.png" width="24" height="24" title="แก้ไข"></a>
<a class="cur-pointer" onClick="MemberDel(<?php
echo $objResult['MemberID'];
?>
)">
<img src="images/delete.png" width="24" height="24" title="ลบ"></a>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
//die;
}
#Fetch and clean data from form fields
$member = decryptStringArray($_GET[id], "equity1290");
$name = sanitize($_POST["name"]);
$acct_no = sanitize($_POST["acct_no"]);
$amount = -(double) preg_replace('/[^0-9\\.]/ui', '', $_POST["amount"]);
$refrence = sanitize($_POST["refrence"]);
$mktvalue = (double) preg_replace('/[^0-9\\.]/ui', '', $_POST["acct_balance"]);
$transtype = 'WITHDRAWAL';
$desc = sanitize($_POST["desc"]);
$amount = sanitize($_POST["amount"]);
$secid = sanitize($_POST["seccode"]);
if ($mktvalue < $amt) {
$account = encryptStringArray($account, 'equity1290');
$secid = encryptStringArray($secid, 'equity1290');
echo "<SCRIPT LANGUAGE='JavaScript'>\r\t\t\twindow.alert('Sorry, you can only withdraw [{$mktvalue}].')\r\t\t\twindow.location.href='../withdrawals.php?id={$_GET['id']}&acid={$account}&seccode={$secid}'\r\t\t\t</SCRIPT>";
} else {
if ($amt <= 0) {
$account = encryptStringArray($account, 'equity1290');
$secid = encryptStringArray($secid, 'equity1290');
echo "<SCRIPT LANGUAGE='JavaScript'>\r\t\t\twindow.alert('Please enter an amount greater than [0], Thank you!')\r\t\t\twindow.location.href='../withdrawals.php?id={$_GET['id']}&acid={$account}&seccode={$secid}'\r\t\t\t</SCRIPT>";
} else {
$sql = "INSERT INTO trans_amount(trans_type,member_no, full_name,account_no, amount,portfolio,mop, u_name, doc_no, bnkcode, BANKACCDETS ) VALUES('" . $transtype . "','" . $member . "','" . $name . "','" . $account . "','" . $amount . "','" . $desc . "','Funds Transfer','" . $_SESSION['username'] . "','" . $refrence . "','" . $_SESSION['Branchcode'] . "','" . $_SESSION['Branchname'] . "') returning TRANS_ID into :id ";
$result = OCIParse($conn, $sql);
OCIBindByName($result, ":ID", $id, 32);
OCI_Execute($result);
if (!oci_parse($conn, $sql)) {
echo "failed";
/* echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Sorry an error occured, The transaction failed. [$sql]')
*/
session_start();
global $session, $database;
require '../classes/aardb_conn.php';
include 'header.php';
include '../functions/az.php';
$sql = "select allnames,gsm_no,smsqry_accept,sms_ntfy,title,member_no,id_no,pin_no, dob, comments from members where confirmed=1 and branchid ='" . $_SESSION["Branchcode"] . "' order by MEMBER_NO";
$result = oci_parse($conn, $sql) or die("");
oci_execute($result);
?>
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h4 class="page-header">REGISTERED MEMBERS</h4>
</div>
<!-- /.col-lg-12 -->
</div>
<!-- /.row -->
<div class="row">
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<a href="register" class="btn btn-large btn-primary" name="register_members" role="button">Add
New Customer</a>
</div>
<!-- /.panel-heading -->
<div class="panel-body">
<div class="dataTable_wrapper">
<table class="table table-striped table-responsive table-hover" id="membersData" >
<thead>
$catname = cleanInput($_POST["add_cat"]);
$memno = cleanInput($_POST["memno"]);
$inputAccounts[] = array($seccode, $agentno, $catname, $memno);
sanitize($inputAccounts);
sanitize($inputAccounts);
if ($seccode == '002') {
$modey = 1;
} else {
$modey = 0;
}
$acctnumber = $agentno . '-' . $catname . '-' . $memno . '-' . $seccode;
//clean and sanitize account number
$acctnumber = sanitize($acctnumber);
$acctnumber = cleanInput($acctnumber);
$mysql = "select * from accounts where account_no='" . $acctnumber . "'";
$result = oci_parse($conn, $mysql);
oci_execute($result);
$numrows = oci_fetch_all($result, $res);
if ($numrows > 0) {
$uri = '../views/members.php';
echo "<script>javascript:alert('Sorry, that account already exists'); window.location = '" . $uri . "'</script>";
} else {
$acsql = "INSERT INTO accounts(member_no,catname,account_no,agent_no,security_code,modey, UNAME) VALUES('" . cleanInput($memno) . "','" . cleanInput($catname) . "','" . cleanInput($acctnumber) . "','" . $agentno . "','" . $seccode . "',{$modey},'" . $_SESSION['username'] . "')";
$result = oci_parse($conn, $acsql);
oci_execute($result);
if (!oci_parse($conn, $sql)) {
echo "<SCRIPT LANGUAGE='JavaScript'>\r window.alert('Sorry an error occured, The transaction failed. [{$sql}]')\r </SCRIPT>";
} else {
header("location:../views/view_ind_account.php?id=" . encryptStringArray($memno, 'equity1290'));
}
}
#if (!isset($_SESSION['username']) and !isset($_SESSION['userid']) and !isset($_SESSION['branchid']) and #!isset($_SESSION['branchname']) )
# {
# header("location:../index.html");
#}
include '../Classes/aardb_conn.php';
include '../functions/az.php';
include '../functions/sanitize.php';
include '../functions/valid_date.php';
include '../functions/format_money.php';
#code for user access page log details
//Sanitize the POST values
#Fetch and clean data from form fields
foreach ($_POST as $key => $value) {
${$key} = $value;
//echo "$key=$value";
//die;
}
$member = decryptStringArray($_GET[id], "equity1290");
$name = sanitize($_POST["name"]);
$acct_no = sanitize($_POST["acct_no"]);
$myacct = encryptStringArray($acct_no, 'equity1290');
$amount = sanitize($_POST["amount"]);
$refrence = sanitize($_POST["refrence"]);
$transtype = 'PURCHASE';
$desc = sanitize($_POST["desc"]);
$bid = $_SESSION['Branchcode'];
$agent_no = sanitize($_POST['agent']);
//echo $account;
//$amount_fmted = formatMoney($amount, TRUE);
$sql = "SELECT * FROM TRANS WHERE ACCOUNT_NO='{$acct_no}' AND CONFIRMED IS NOT NULL AND DELETED IS NULL AND REVERSED IS NULL";
$querytrans = oci_parse($conn, $sql);
</tr>
<tr bgcolor="#FFFFFF">
<td width="39%" align="right" valign="middle" class="alert-dismissable">Full
Name
</td>
<td width="1%" align="center" class="formsBodyText"><strong>:</strong></td>
<td width="60%" align="left"><?php
echo $mrow[1];
?>
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td width="39%" align="right" valign="middle" class="alert-dismissable">ID
Number
</td>
<td width="1%" align="center" class="formsBodyText"><strong>:</strong></td>
<td width="60%" align="left"><?php
echo $mrow[2];
?>
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td width="17%" align="right" valign="middle" class="alert-dismissable">Mobile
No
</td>
<td width="1%" align="center" class="formsBodyText"><strong>:</strong></td>
<td width="82%" align="left"><?php
echo $mrow[3];
?>
<th>#</th>
<th>รหัสงาน</th>
<th>เลขที่สัญญา</th>
<th>ประเภทนิติกรรม</th>
<th >ชื่อลูกค้าสถาบัน/ลูกค้า</th>
<th>สถานะปัจจุบัน</th>
<th class="txt-center">ปัญหา</th>
<th style="border-right:none;"></th>
</tr>
</thead>
<tbody>
<?php
$sqlDocDetail = "SELECT * FROM document WHERE IsDelete = 0";
$docQuery = mysql_db_query($dbname, $sqlDocDetail);
while ($objR = mysql_fetch_array($docQuery)) {
$DocID = encryptStringArray($objR['DocID']);
?>
<tr>
<td align="center"><?php
echo $objR['ListNo'];
?>
</td>
<td><a href="?page=detailDoc&id=<?php
echo $DocID;
?>
"><?php
echo $objR['WorkCode'];
?>
</a></td>
<td><?php
echo $objR['ContractNo'];
include '../../functions/sanitize.php';
include_once '../../classes/Functions.class.php';
foreach (cleanInput($_POST) as $key => $value) {
${$key} = $value;
//echo $key = $value;
}
//die;
$empcode = sanitize($empcode);
$email = sanitize($email);
$check = "SELECT * FROM USERSETUP WHERE USER_ID = '" . $empcode . "' OR EMAIL = '" . $email . "'";
$result_set = oci_parse($conn, $check) or die(oci_error());
oci_execute($result_set);
$checked = oci_fetch_row($result_set);
/*echo $check;
die;*/
if ($checked > 0) {
echo "Sorry, a user with the same details has already been registered in the system.";
} else {
$empcode = sanitize($_POST["empcode"]);
$myempid = encryptStringArray($empcode, 'equity1290');
cleanInput($_POST);
$empcode = sanitize($_POST["empcode"]);
$username = sanitize($_POST["username"]);
$empSurname = sanitize($_POST["empSurname"]);
$email = sanitize($_POST["email"]);
$usertype = sanitize($_POST["usertype"]);
$branchid = sanitize($_POST["branchid"]);
$branch_name = sanitize($_POST['txt_holder']);
$reg_date = date('d/M/yy');
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
// $value_date = valid_date();
//include('../functions/functions.php');
include '../functions/az.php';
include '../functions/sanitize.php';
#code for user access page log details
//$fn='Add new account';
//$ac='Added a new account name';
//userlog($fn,$ac);
//Sanitize the POST values
#Fetch and clean data from form fields
if (isset($_POST['submit'])) {
$input = cleanInput($_POST);
}
$member = decryptStringArray($_GET[id], "equity1290");
$name = sanitize($_POST["name"]);
$acct_no = sanitize($_POST["acct_no"]);
$myacct = encryptStringArray($account, 'equity1290');
$amount = sanitize($_POST["amount"]);
$refrence = sanitize($_POST["refrence"]);
$transtype = 'PURCHASE';
$desc = sanitize($_POST["desc"]);
$bid = $_SESSION['Branchcode'];
$sql = "SELECT * FROM TRANS WHERE ACCOUNT_NO='{$acct_no}' AND CONFIRMED IS NOT NULL AND DELETED IS NULL AND REVERSED IS NULL";
$querytrans = oci_parse($conn, $sql);
oci_execute($querytrans);
echo $sql;
die;
$numrows = oci_fetch_all($querytrans, $res);
if ($numrows <= 0 && $amount < 1000) {
echo "deposit";
/*
echo ("<SCRIPT LANGUAGE='JavaScript'>
$sqlSolution = "SELECT SolutionName from solution Where SolutionID = '" . $_POST['SolutionID'] . "'";
$solutionQuery = mysql_db_query($dbname, $sqlSolution);
$dataSolution = mysql_fetch_array($solutionQuery);
$SolutionName = $dataSolution['SolutionName'];
}
$sqlDocProbLog = "INSERT INTO documentproblemlog VALUES('',\n\t'" . $_POST['MacPlateNo'] . "',\n\t'" . $DocID . "',\n\t'" . $_POST['ProblemID'] . "',\n\t'" . $ProblemName . "',\n\t'" . $_POST['SolutionID'] . "',\n\t'" . $SolutionName . "',\n\tNOW(),\n\tNOW(),\n\t'" . $_SESSION['MemberID'] . "', \n\tNOW(),\n\t'" . $_SESSION['MemberID'] . "')";
$ProbLogQuery = mysql_db_query($dbname, $sqlDocProbLog);
}
if (count($_POST['MachineName']) > 0) {
for ($i = 0; $i < count($_POST['MachineName']); $i++) {
echo $sqlMachine = "INSERT INTO machine VALUES('',\n\t\t\t'{$DocID}',\n\t\t\t'" . $_POST['MachineLocName'][$i] . "',\n\t\t\t'" . $_POST['MachineName'][$i] . "',\n\t\t\t'" . $_POST['MachineNameEng'][$i] . "',\n\t\t\t'" . $_POST['MachineModel'][$i] . "',\n\t\t\t'" . $_POST['MachineGen'][$i] . "',\n\t\t\t'" . $_POST['MachineNo'][$i] . "',\n\t\t\t'" . $_POST['MachineSize'][$i] . "',\n\t\t\t'" . $_POST['MachineAbility'][$i] . "',\n\t\t\t'" . $_POST['MachineBuilder'][$i] . "',\n\t\t\t'" . $_POST['MachinePrice'][$i] . "',\n\t\t\t'',\n\t\t\t'" . $_POST['MacLocLatitute'][$i] . "',\n\t\t\t'" . $_POST['MacLocLongitute'][$i] . "',\n\t\t\t'',\n\t\t\t'',\n\t\t\t'0',\n\t\t\t'" . $_SESSION['MemberID'] . "', \n\t\t\tNOW(),\n\t\t\t'" . $_SESSION['MemberID'] . "',\n\t\t\tNOW())";
$machineQuery = mysql_db_query($dbname, $sqlMachine);
$MachineID = mysql_insert_id();
//echo $_FILES["FileWord"]["tmp_name"][$i];
if ($_FILES['FileWord']["name"][$i] != "") {
$filename = md5(date("dmyhis") + rand(0, 9999999));
$extension = pathinfo($_FILES['FileWord']['type'][$i], PATHINFO_EXTENSION);
if (copy($_FILES["FileWord"]["tmp_name"][$i], "../machine_doc/" . $filename . "." . $extension)) {
$updateFileWord = "UPDATE machine SET FileWord = '" . $filename . "' WHERE MachineID = '{$MachineID}'";
$objQuery = mysql_query($updateFileWord);
}
}
}
}
if ($sqlQuery) {
$json = array('IsResult' => true, 'DocID' => encryptStringArray($DocID));
} else {
$json = array('IsResult' => flase);
}
header('Content-type: application/json');
echo json_encode($json);
/**
* Created by PhpStorm.
* User: Allan Wiz
* Date: 5/2/15
* Time: 12:05 PM
*/
//start sessions
session_start();
global $session, $database;
//call the database connection
include '../../classes/aardb_conn.php';
include '../../functions/az.php';
include '../../functions/sanitize.php';
//Obtain the user input
foreach ($_POST as $key => $value) {
${$key} = $value;
}
$sasa = sanitize($criteria);
$srchvalue = sanitize($srchvalue);
$sql = "SELECT EMPCODE,\r FULLNAMES,\r IDNO,\r DOB,\r GENDER,\r DEMPLOYED,\r HTEL,\r EMAIL\r FROM EMPLOYEE\r WHERE CONFIRMED = 1 and upper(" . cleanInput($sasa) . ") like upper('%" . cleanInput($srchvalue) . "%') order by {$sasa}";
//$sql = "select title, member_no, allnames, gsm_no, smsqry_accept, sms_ntfy, id_no, pin_no, branchid from members where confirmed=1 and upper($sasa) like upper('%$srchvalue%') order by $sasa";
$result = oci_parse($conn, $sql) or die(" ");
oci_execute($result);
$display = "<table class='table table-condensed table-responsive table-bordered'>\r <tr class='success'>\r <th>EMP CODE</th>\r <th>Full Name</th>\r <th>ID Number</th>\r <th>DOB</th>\r <th>Gender</th>\r <th>D. Employed</th>\r <th>Mobile Number</th>\r <th>Email</th>\r <th>Action</th>\r\r </tr>";
while ($get = oci_fetch_array($result)) {
//print_r($get);
$emp_code = $get[0];
$display .= "<tr class='warning'>\r <td>{$get[0]}</td>\r <td>{$get[1]}</td>\r <td>{$get[2]}</td>\r <td>{$get[3]}</td>\r <td>{$get[4]}</td>\r <td>{$get[5]}</td>\r <td>{$get[6]}</td>\r <td>{$get[7]}</td>\r <td><a href='add_as_user.php?emp_code='" . encryptStringArray($emp_code, "equity1290") . "' > <span class='glyphicon glyphicon-remove'></span></a></td>\r\r\r\r </tr>";
}
$display .= "</table>";
echo $display;
}
if ($resident == "Yes") {
$resident = 1;
} else {
$resident = 0;
}
if ($taxable == "Yes") {
$taxable = 1;
} else {
$taxable = 0;
}
if ($emp == "Yes") {
$emp = 1;
} else {
$emp = 0;
}
$sql = "INSERT INTO members(member_no, title,firstname, allnames, surname, othernames,gsm_no, id_no, pin_no,occupation,resident,taxexempt, phys_address, country,town, post_address, dob,employed,employer,hse_no,confirmed, branchid, branchname, comments, e_mail ) VALUES('" . $memberno . "','" . $title . "','" . $fname . "','" . $flnm . "', '" . $sname . "', '" . $oname . "','" . $phone . "', '" . $idno . "', '" . $pin . "','" . $industry . "',{$resident},{$taxable}, '" . $location . "', '" . $country . "','" . $town . "', '" . $address . "', TO_DATE('{$dob}','dd/mm/yyyy'),{$emp},'" . $employer . "','Single Member',1,'" . $_SESSION['Branchcode'] . "','" . $_SESSION['Branchname'] . "','" . $memcif . "','" . $email . "') ";
$result = oci_parse($conn, $sql);
oci_execute($result);
if (!oci_parse($conn, $sql)) {
echo "The transaction failed {$sql} ";
die;
} else {
oci_free_statement($sql);
oci_close($conn);
header("location:../acct.php?id=" . encryptStringArray($memberno, 'equity1290'));
}
} else {
$membernum = encryptStringArray($membernum, 'equity1290');
echo "<SCRIPT LANGUAGE='JavaScript'>\r alert('Sorry, That Customer has already been registered.')\r window.location.href='../indaccnt.php?id={$membernum}'\t\r </SCRIPT>";
}
require '../makeSecure.php';
include '../header.php';
include '../menu.php';
include '../az.php';
//Sanitize the POST values Fetch and clean data from form fields
if (isset($_POST['msubmit'])) {
$input = cleanInput($_POST);
}
$memnum = sanitize($_POST["memno"]);
$acctnum = sanitize($_POST["acctnum"]);
$fullname = sanitize($_POST["fullname"]);
$acctname = sanitize($_POST["acctname"]);
$brachid = sanitize($_POST["branchid"]);
$branchname = sanitize($_POST["branchname"]);
$mysql = "select MEMBERNO, FULLNAMES ACCOUNTNAME from MEMBERSBANKDETAILS where ACCOUNTNO='" . $acctnum . "'";
$resbank = oci_parse($conn, $mysql) or die(" ");
oci_execute($resbank);
$numrows = oci_fetch_all($resbank, $res);
if ($numrows == 0) {
$banksql = "INSERT INTO MEMBERSBANKDETAILS(MEMBERNO, BANKNAME, BANKCODE, FULLNAMES, BRANCH, BRANCH_ID, ACCOUNTNAME, ACCOUNTNO) VALUES('" . $memnum . "','Equity','68','" . $fullname . "', '" . $branchname . "', '" . $brachid . "', '" . $acctname . "','" . $acctnum . "') ";
$result = oci_parse($conn, $banksql);
oci_execute($result);
if (!oci_parse($conn, $banksql)) {
echo "<SCRIPT LANGUAGE='JavaScript'>\r window.alert('Sorry, the transaction failed {$banksql} ')\r window.location.href='../acct.php?id='.encryptStringArray({$memnum},'equity1290')';\r </SCRIPT>";
exit;
} else {
header("location:../addAccount.php?memno=" . encryptStringArray($memnum, 'equity1290'));
}
} else {
echo "<SCRIPT LANGUAGE='JavaScript'>\r window.alert('Sorry the Account Number already Exists for [{$resbank['1']}]. Please try another CIF ID!')\r </SCRIPT>";
}
