function prepareUrl($url, $key = "Ra@7757") { $url = explode("?", $url, 2); if (sizeof($url) <= 1) { return $url; } else { return $url[0] . "?params=" . encryptStringArray($url[1], $key); } }
include '../functions/az.php'; include '../functions/format_money.php'; global $session, $database; foreach ($_GET as $key => $value) { ${$key} = $value; } $datefrom = sanitize($datefrom); $dateto = sanitize($dateto); if ($datefrom == NULL || $dateto == NULL) { $datey = date('d/m/Y'); $sql = "SELECT TRANS_AMOUNT.TRANS_ID,TRANS_AMOUNT.TRANS_TYPE, TO_CHAR(TRANS_AMOUNT.TRANS_DATE, 'DD.MM.YYYY:HH24:MI:SS'), TRANS_AMOUNT.MEMBER_NO, TRANS_AMOUNT.DOC_NO, TRANS_AMOUNT.FULL_NAME, TRANS_AMOUNT.PORTFOLIO, TRANS_AMOUNT.CANCELREASON, TRANS_AMOUNT.AMOUNT FROM TRANS INNER JOIN TRANS_AMOUNT ON TRANS_AMOUNT.TRANS_ID = TRANS.RECONCILED WHERE TRUNC(trans_amount.trans_date)=TO_DATE('{$datey}','DD/MM/YYYY:HH24:MI:SS') and trans_amount.bnkcode='" . $_SESSION['Branchcode'] . "' AND TRANS_AMOUNT.RECONCILED = 0 AND TRANS.CONFIRMED = 1 AND TRANS.REVERSED = 1 "; } else { $sql = "SELECT TRANS_AMOUNT.TRANS_ID,TRANS_AMOUNT.TRANS_TYPE, TO_CHAR(TRANS_AMOUNT.TRANS_DATE, 'DD.MM.YYYY:HH24:MI:SS'), TRANS_AMOUNT.MEMBER_NO, TRANS_AMOUNT.FULL_NAME, TRANS_AMOUNT.DOC_NO, TRANS_AMOUNT.PORTFOLIO,TRANS_AMOUNT.CANCELREASON, TRANS_AMOUNT.AMOUNT FROM TRANS INNER JOIN TRANS_AMOUNT ON TRANS_AMOUNT.TRANS_ID = TRANS.RECONCILED where TRUNC(trans_amount.trans_date) BETWEEN TO_DATE('" . cleanInput($datefrom) . "','DD/MM/YYYY:HH24:MI:SS') AND TO_DATE('" . cleanInput($dateto) . "','DD/MM/YYYY:HH24:MI:SS') and trans_amount.bnkcode='" . $_SESSION['Branchcode'] . "' AND TRANS_AMOUNT.RECONCILED = 0 AND TRANS.CONFIRMED =1 AND TRANS.REVERSED = 1 ORDER BY trans_amount.TRANS_DATE ASC"; } $result = oci_parse($conn, $sql) or die(""); oci_execute($result, OCI_DEFAULT); ?> <div id="page-wrapper"> <div class="row"> <div class="col-lg-12"> <h4 class="page-header">CANCELLED TRANSACTIONS</h4> </div> <!-- /.col-lg-12 --> </div> <!-- /.row --> <div class="row"> <div class="col-lg-12"> <div class="panel panel-default"> <div class="panel-heading"> CANCELLED TRANSACTION REPORTS </div>
?> </td> <td> <?php if ($objResult['Status'] == 1) { echo "<span class='f-green'>เปิดใช้งาน</span>"; } else { if ($objResult['Status'] == 2) { echo "<span class='f-red'>ปิดใช้งาน</span>"; } } ?> </td> <td style="border-right:none;"> <a href="?page=editMember&id=<?php echo encryptStringArray($objResult['MemberID']); ?> "> <img src="images/edit.png" width="24" height="24" title="แก้ไข"></a> <a class="cur-pointer" onClick="MemberDel(<?php echo $objResult['MemberID']; ?> )"> <img src="images/delete.png" width="24" height="24" title="ลบ"></a> </td> </tr> <?php } ?> </tbody> </table>
//die; } #Fetch and clean data from form fields $member = decryptStringArray($_GET[id], "equity1290"); $name = sanitize($_POST["name"]); $acct_no = sanitize($_POST["acct_no"]); $amount = -(double) preg_replace('/[^0-9\\.]/ui', '', $_POST["amount"]); $refrence = sanitize($_POST["refrence"]); $mktvalue = (double) preg_replace('/[^0-9\\.]/ui', '', $_POST["acct_balance"]); $transtype = 'WITHDRAWAL'; $desc = sanitize($_POST["desc"]); $amount = sanitize($_POST["amount"]); $secid = sanitize($_POST["seccode"]); if ($mktvalue < $amt) { $account = encryptStringArray($account, 'equity1290'); $secid = encryptStringArray($secid, 'equity1290'); echo "<SCRIPT LANGUAGE='JavaScript'>\r\t\t\twindow.alert('Sorry, you can only withdraw [{$mktvalue}].')\r\t\t\twindow.location.href='../withdrawals.php?id={$_GET['id']}&acid={$account}&seccode={$secid}'\r\t\t\t</SCRIPT>"; } else { if ($amt <= 0) { $account = encryptStringArray($account, 'equity1290'); $secid = encryptStringArray($secid, 'equity1290'); echo "<SCRIPT LANGUAGE='JavaScript'>\r\t\t\twindow.alert('Please enter an amount greater than [0], Thank you!')\r\t\t\twindow.location.href='../withdrawals.php?id={$_GET['id']}&acid={$account}&seccode={$secid}'\r\t\t\t</SCRIPT>"; } else { $sql = "INSERT INTO trans_amount(trans_type,member_no, full_name,account_no, amount,portfolio,mop, u_name, doc_no, bnkcode, BANKACCDETS ) VALUES('" . $transtype . "','" . $member . "','" . $name . "','" . $account . "','" . $amount . "','" . $desc . "','Funds Transfer','" . $_SESSION['username'] . "','" . $refrence . "','" . $_SESSION['Branchcode'] . "','" . $_SESSION['Branchname'] . "') returning TRANS_ID into :id "; $result = OCIParse($conn, $sql); OCIBindByName($result, ":ID", $id, 32); OCI_Execute($result); if (!oci_parse($conn, $sql)) { echo "failed"; /* echo ("<SCRIPT LANGUAGE='JavaScript'> window.alert('Sorry an error occured, The transaction failed. [$sql]')
*/ session_start(); global $session, $database; require '../classes/aardb_conn.php'; include 'header.php'; include '../functions/az.php'; $sql = "select allnames,gsm_no,smsqry_accept,sms_ntfy,title,member_no,id_no,pin_no, dob, comments from members where confirmed=1 and branchid ='" . $_SESSION["Branchcode"] . "' order by MEMBER_NO"; $result = oci_parse($conn, $sql) or die(""); oci_execute($result); ?> <div id="page-wrapper"> <div class="row"> <div class="col-lg-12"> <h4 class="page-header">REGISTERED MEMBERS</h4> </div> <!-- /.col-lg-12 --> </div> <!-- /.row --> <div class="row"> <div class="col-lg-12"> <div class="panel panel-default"> <div class="panel-heading"> <a href="register" class="btn btn-large btn-primary" name="register_members" role="button">Add New Customer</a> </div> <!-- /.panel-heading --> <div class="panel-body"> <div class="dataTable_wrapper"> <table class="table table-striped table-responsive table-hover" id="membersData" > <thead>
$catname = cleanInput($_POST["add_cat"]); $memno = cleanInput($_POST["memno"]); $inputAccounts[] = array($seccode, $agentno, $catname, $memno); sanitize($inputAccounts); sanitize($inputAccounts); if ($seccode == '002') { $modey = 1; } else { $modey = 0; } $acctnumber = $agentno . '-' . $catname . '-' . $memno . '-' . $seccode; //clean and sanitize account number $acctnumber = sanitize($acctnumber); $acctnumber = cleanInput($acctnumber); $mysql = "select * from accounts where account_no='" . $acctnumber . "'"; $result = oci_parse($conn, $mysql); oci_execute($result); $numrows = oci_fetch_all($result, $res); if ($numrows > 0) { $uri = '../views/members.php'; echo "<script>javascript:alert('Sorry, that account already exists'); window.location = '" . $uri . "'</script>"; } else { $acsql = "INSERT INTO accounts(member_no,catname,account_no,agent_no,security_code,modey, UNAME) VALUES('" . cleanInput($memno) . "','" . cleanInput($catname) . "','" . cleanInput($acctnumber) . "','" . $agentno . "','" . $seccode . "',{$modey},'" . $_SESSION['username'] . "')"; $result = oci_parse($conn, $acsql); oci_execute($result); if (!oci_parse($conn, $sql)) { echo "<SCRIPT LANGUAGE='JavaScript'>\r window.alert('Sorry an error occured, The transaction failed. [{$sql}]')\r </SCRIPT>"; } else { header("location:../views/view_ind_account.php?id=" . encryptStringArray($memno, 'equity1290')); } }
#if (!isset($_SESSION['username']) and !isset($_SESSION['userid']) and !isset($_SESSION['branchid']) and #!isset($_SESSION['branchname']) ) # { # header("location:../index.html"); #} include '../Classes/aardb_conn.php'; include '../functions/az.php'; include '../functions/sanitize.php'; include '../functions/valid_date.php'; include '../functions/format_money.php'; #code for user access page log details //Sanitize the POST values #Fetch and clean data from form fields foreach ($_POST as $key => $value) { ${$key} = $value; //echo "$key=$value"; //die; } $member = decryptStringArray($_GET[id], "equity1290"); $name = sanitize($_POST["name"]); $acct_no = sanitize($_POST["acct_no"]); $myacct = encryptStringArray($acct_no, 'equity1290'); $amount = sanitize($_POST["amount"]); $refrence = sanitize($_POST["refrence"]); $transtype = 'PURCHASE'; $desc = sanitize($_POST["desc"]); $bid = $_SESSION['Branchcode']; $agent_no = sanitize($_POST['agent']); //echo $account; //$amount_fmted = formatMoney($amount, TRUE); $sql = "SELECT * FROM TRANS WHERE ACCOUNT_NO='{$acct_no}' AND CONFIRMED IS NOT NULL AND DELETED IS NULL AND REVERSED IS NULL"; $querytrans = oci_parse($conn, $sql);
</tr> <tr bgcolor="#FFFFFF"> <td width="39%" align="right" valign="middle" class="alert-dismissable">Full Name </td> <td width="1%" align="center" class="formsBodyText"><strong>:</strong></td> <td width="60%" align="left"><?php echo $mrow[1]; ?> </td> </tr> <tr bgcolor="#FFFFFF"> <td width="39%" align="right" valign="middle" class="alert-dismissable">ID Number </td> <td width="1%" align="center" class="formsBodyText"><strong>:</strong></td> <td width="60%" align="left"><?php echo $mrow[2]; ?> </td> </tr> <tr bgcolor="#FFFFFF"> <td width="17%" align="right" valign="middle" class="alert-dismissable">Mobile No </td> <td width="1%" align="center" class="formsBodyText"><strong>:</strong></td> <td width="82%" align="left"><?php echo $mrow[3]; ?>
<th>#</th> <th>รหัสงาน</th> <th>เลขที่สัญญา</th> <th>ประเภทนิติกรรม</th> <th >ชื่อลูกค้าสถาบัน/ลูกค้า</th> <th>สถานะปัจจุบัน</th> <th class="txt-center">ปัญหา</th> <th style="border-right:none;"></th> </tr> </thead> <tbody> <?php $sqlDocDetail = "SELECT * FROM document WHERE IsDelete = 0"; $docQuery = mysql_db_query($dbname, $sqlDocDetail); while ($objR = mysql_fetch_array($docQuery)) { $DocID = encryptStringArray($objR['DocID']); ?> <tr> <td align="center"><?php echo $objR['ListNo']; ?> </td> <td><a href="?page=detailDoc&id=<?php echo $DocID; ?> "><?php echo $objR['WorkCode']; ?> </a></td> <td><?php echo $objR['ContractNo'];
include '../../functions/sanitize.php'; include_once '../../classes/Functions.class.php'; foreach (cleanInput($_POST) as $key => $value) { ${$key} = $value; //echo $key = $value; } //die; $empcode = sanitize($empcode); $email = sanitize($email); $check = "SELECT * FROM USERSETUP WHERE USER_ID = '" . $empcode . "' OR EMAIL = '" . $email . "'"; $result_set = oci_parse($conn, $check) or die(oci_error()); oci_execute($result_set); $checked = oci_fetch_row($result_set); /*echo $check; die;*/ if ($checked > 0) { echo "Sorry, a user with the same details has already been registered in the system."; } else { $empcode = sanitize($_POST["empcode"]); $myempid = encryptStringArray($empcode, 'equity1290'); cleanInput($_POST); $empcode = sanitize($_POST["empcode"]); $username = sanitize($_POST["username"]); $empSurname = sanitize($_POST["empSurname"]); $email = sanitize($_POST["email"]); $usertype = sanitize($_POST["usertype"]); $branchid = sanitize($_POST["branchid"]); $branch_name = sanitize($_POST['txt_holder']); $reg_date = date('d/M/yy'); $email = filter_var($email, FILTER_VALIDATE_EMAIL); // $value_date = valid_date();
//include('../functions/functions.php'); include '../functions/az.php'; include '../functions/sanitize.php'; #code for user access page log details //$fn='Add new account'; //$ac='Added a new account name'; //userlog($fn,$ac); //Sanitize the POST values #Fetch and clean data from form fields if (isset($_POST['submit'])) { $input = cleanInput($_POST); } $member = decryptStringArray($_GET[id], "equity1290"); $name = sanitize($_POST["name"]); $acct_no = sanitize($_POST["acct_no"]); $myacct = encryptStringArray($account, 'equity1290'); $amount = sanitize($_POST["amount"]); $refrence = sanitize($_POST["refrence"]); $transtype = 'PURCHASE'; $desc = sanitize($_POST["desc"]); $bid = $_SESSION['Branchcode']; $sql = "SELECT * FROM TRANS WHERE ACCOUNT_NO='{$acct_no}' AND CONFIRMED IS NOT NULL AND DELETED IS NULL AND REVERSED IS NULL"; $querytrans = oci_parse($conn, $sql); oci_execute($querytrans); echo $sql; die; $numrows = oci_fetch_all($querytrans, $res); if ($numrows <= 0 && $amount < 1000) { echo "deposit"; /* echo ("<SCRIPT LANGUAGE='JavaScript'>
$sqlSolution = "SELECT SolutionName from solution Where SolutionID = '" . $_POST['SolutionID'] . "'"; $solutionQuery = mysql_db_query($dbname, $sqlSolution); $dataSolution = mysql_fetch_array($solutionQuery); $SolutionName = $dataSolution['SolutionName']; } $sqlDocProbLog = "INSERT INTO documentproblemlog VALUES('',\n\t'" . $_POST['MacPlateNo'] . "',\n\t'" . $DocID . "',\n\t'" . $_POST['ProblemID'] . "',\n\t'" . $ProblemName . "',\n\t'" . $_POST['SolutionID'] . "',\n\t'" . $SolutionName . "',\n\tNOW(),\n\tNOW(),\n\t'" . $_SESSION['MemberID'] . "', \n\tNOW(),\n\t'" . $_SESSION['MemberID'] . "')"; $ProbLogQuery = mysql_db_query($dbname, $sqlDocProbLog); } if (count($_POST['MachineName']) > 0) { for ($i = 0; $i < count($_POST['MachineName']); $i++) { echo $sqlMachine = "INSERT INTO machine VALUES('',\n\t\t\t'{$DocID}',\n\t\t\t'" . $_POST['MachineLocName'][$i] . "',\n\t\t\t'" . $_POST['MachineName'][$i] . "',\n\t\t\t'" . $_POST['MachineNameEng'][$i] . "',\n\t\t\t'" . $_POST['MachineModel'][$i] . "',\n\t\t\t'" . $_POST['MachineGen'][$i] . "',\n\t\t\t'" . $_POST['MachineNo'][$i] . "',\n\t\t\t'" . $_POST['MachineSize'][$i] . "',\n\t\t\t'" . $_POST['MachineAbility'][$i] . "',\n\t\t\t'" . $_POST['MachineBuilder'][$i] . "',\n\t\t\t'" . $_POST['MachinePrice'][$i] . "',\n\t\t\t'',\n\t\t\t'" . $_POST['MacLocLatitute'][$i] . "',\n\t\t\t'" . $_POST['MacLocLongitute'][$i] . "',\n\t\t\t'',\n\t\t\t'',\n\t\t\t'0',\n\t\t\t'" . $_SESSION['MemberID'] . "', \n\t\t\tNOW(),\n\t\t\t'" . $_SESSION['MemberID'] . "',\n\t\t\tNOW())"; $machineQuery = mysql_db_query($dbname, $sqlMachine); $MachineID = mysql_insert_id(); //echo $_FILES["FileWord"]["tmp_name"][$i]; if ($_FILES['FileWord']["name"][$i] != "") { $filename = md5(date("dmyhis") + rand(0, 9999999)); $extension = pathinfo($_FILES['FileWord']['type'][$i], PATHINFO_EXTENSION); if (copy($_FILES["FileWord"]["tmp_name"][$i], "../machine_doc/" . $filename . "." . $extension)) { $updateFileWord = "UPDATE machine SET FileWord = '" . $filename . "' WHERE MachineID = '{$MachineID}'"; $objQuery = mysql_query($updateFileWord); } } } } if ($sqlQuery) { $json = array('IsResult' => true, 'DocID' => encryptStringArray($DocID)); } else { $json = array('IsResult' => flase); } header('Content-type: application/json'); echo json_encode($json);
/** * Created by PhpStorm. * User: Allan Wiz * Date: 5/2/15 * Time: 12:05 PM */ //start sessions session_start(); global $session, $database; //call the database connection include '../../classes/aardb_conn.php'; include '../../functions/az.php'; include '../../functions/sanitize.php'; //Obtain the user input foreach ($_POST as $key => $value) { ${$key} = $value; } $sasa = sanitize($criteria); $srchvalue = sanitize($srchvalue); $sql = "SELECT EMPCODE,\r FULLNAMES,\r IDNO,\r DOB,\r GENDER,\r DEMPLOYED,\r HTEL,\r EMAIL\r FROM EMPLOYEE\r WHERE CONFIRMED = 1 and upper(" . cleanInput($sasa) . ") like upper('%" . cleanInput($srchvalue) . "%') order by {$sasa}"; //$sql = "select title, member_no, allnames, gsm_no, smsqry_accept, sms_ntfy, id_no, pin_no, branchid from members where confirmed=1 and upper($sasa) like upper('%$srchvalue%') order by $sasa"; $result = oci_parse($conn, $sql) or die(" "); oci_execute($result); $display = "<table class='table table-condensed table-responsive table-bordered'>\r <tr class='success'>\r <th>EMP CODE</th>\r <th>Full Name</th>\r <th>ID Number</th>\r <th>DOB</th>\r <th>Gender</th>\r <th>D. Employed</th>\r <th>Mobile Number</th>\r <th>Email</th>\r <th>Action</th>\r\r </tr>"; while ($get = oci_fetch_array($result)) { //print_r($get); $emp_code = $get[0]; $display .= "<tr class='warning'>\r <td>{$get[0]}</td>\r <td>{$get[1]}</td>\r <td>{$get[2]}</td>\r <td>{$get[3]}</td>\r <td>{$get[4]}</td>\r <td>{$get[5]}</td>\r <td>{$get[6]}</td>\r <td>{$get[7]}</td>\r <td><a href='add_as_user.php?emp_code='" . encryptStringArray($emp_code, "equity1290") . "' > <span class='glyphicon glyphicon-remove'></span></a></td>\r\r\r\r </tr>"; } $display .= "</table>"; echo $display;
} if ($resident == "Yes") { $resident = 1; } else { $resident = 0; } if ($taxable == "Yes") { $taxable = 1; } else { $taxable = 0; } if ($emp == "Yes") { $emp = 1; } else { $emp = 0; } $sql = "INSERT INTO members(member_no, title,firstname, allnames, surname, othernames,gsm_no, id_no, pin_no,occupation,resident,taxexempt, phys_address, country,town, post_address, dob,employed,employer,hse_no,confirmed, branchid, branchname, comments, e_mail ) VALUES('" . $memberno . "','" . $title . "','" . $fname . "','" . $flnm . "', '" . $sname . "', '" . $oname . "','" . $phone . "', '" . $idno . "', '" . $pin . "','" . $industry . "',{$resident},{$taxable}, '" . $location . "', '" . $country . "','" . $town . "', '" . $address . "', TO_DATE('{$dob}','dd/mm/yyyy'),{$emp},'" . $employer . "','Single Member',1,'" . $_SESSION['Branchcode'] . "','" . $_SESSION['Branchname'] . "','" . $memcif . "','" . $email . "') "; $result = oci_parse($conn, $sql); oci_execute($result); if (!oci_parse($conn, $sql)) { echo "The transaction failed {$sql} "; die; } else { oci_free_statement($sql); oci_close($conn); header("location:../acct.php?id=" . encryptStringArray($memberno, 'equity1290')); } } else { $membernum = encryptStringArray($membernum, 'equity1290'); echo "<SCRIPT LANGUAGE='JavaScript'>\r alert('Sorry, That Customer has already been registered.')\r window.location.href='../indaccnt.php?id={$membernum}'\t\r </SCRIPT>"; }
require '../makeSecure.php'; include '../header.php'; include '../menu.php'; include '../az.php'; //Sanitize the POST values Fetch and clean data from form fields if (isset($_POST['msubmit'])) { $input = cleanInput($_POST); } $memnum = sanitize($_POST["memno"]); $acctnum = sanitize($_POST["acctnum"]); $fullname = sanitize($_POST["fullname"]); $acctname = sanitize($_POST["acctname"]); $brachid = sanitize($_POST["branchid"]); $branchname = sanitize($_POST["branchname"]); $mysql = "select MEMBERNO, FULLNAMES ACCOUNTNAME from MEMBERSBANKDETAILS where ACCOUNTNO='" . $acctnum . "'"; $resbank = oci_parse($conn, $mysql) or die(" "); oci_execute($resbank); $numrows = oci_fetch_all($resbank, $res); if ($numrows == 0) { $banksql = "INSERT INTO MEMBERSBANKDETAILS(MEMBERNO, BANKNAME, BANKCODE, FULLNAMES, BRANCH, BRANCH_ID, ACCOUNTNAME, ACCOUNTNO) VALUES('" . $memnum . "','Equity','68','" . $fullname . "', '" . $branchname . "', '" . $brachid . "', '" . $acctname . "','" . $acctnum . "') "; $result = oci_parse($conn, $banksql); oci_execute($result); if (!oci_parse($conn, $banksql)) { echo "<SCRIPT LANGUAGE='JavaScript'>\r window.alert('Sorry, the transaction failed {$banksql} ')\r window.location.href='../acct.php?id='.encryptStringArray({$memnum},'equity1290')';\r </SCRIPT>"; exit; } else { header("location:../addAccount.php?memno=" . encryptStringArray($memnum, 'equity1290')); } } else { echo "<SCRIPT LANGUAGE='JavaScript'>\r window.alert('Sorry the Account Number already Exists for [{$resbank['1']}]. Please try another CIF ID!')\r </SCRIPT>"; }