function execute()
{
/*
Define form structure
*/
$this->obj_form = new form_input();
$this->obj_form->formname = "support_ticket_add";
$this->obj_form->language = $_SESSION["user"]["lang"];
$this->obj_form->action = "support/edit-process.php";
$this->obj_form->method = "post";
// general
$structure = NULL;
$structure["fieldname"] = "title";
$structure["type"] = "input";
$structure["options"]["req"] = "yes";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "date_start";
$structure["type"] = "date";
$structure["defaultvalue"] = date("Y-m-d");
$structure["options"]["req"] = "yes";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "date_end";
$structure["type"] = "date";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "details";
$structure["type"] = "textarea";
$structure["options"]["width"] = "600";
$structure["options"]["height"] = "100";
$this->obj_form->add_input($structure);
// status + priority
$structure = form_helper_prepare_dropdownfromdb("status", "SELECT id, value as label FROM support_tickets_status");
$structure["options"]["req"] = "yes";
$this->obj_form->add_input($structure);
$structure = form_helper_prepare_dropdownfromdb("priority", "SELECT id, value as label FROM support_tickets_priority");
$this->obj_form->add_input($structure);
// customer/product/project/service ID
// submit section
if (user_permissions_get("support_write")) {
$structure = NULL;
$structure["fieldname"] = "submit";
$structure["type"] = "submit";
$structure["defaultvalue"] = "Save Changes";
$this->obj_form->add_input($structure);
} else {
$structure = NULL;
$structure["fieldname"] = "submit";
$structure["type"] = "message";
$structure["defaultvalue"] = "<p><i>Sorry, you don't have permissions to make changes to support_ticket records.</i></p>";
$this->obj_form->add_input($structure);
}
// define subforms
$this->obj_form->subforms["support_ticket_details"] = array("title", "priority", "details");
$this->obj_form->subforms["support_ticket_status"] = array("status", "date_start", "date_end");
$this->obj_form->subforms["submit"] = array("submit");
// fetch the form data
$this->obj_form->load_data_error();
}
function check_permissions()
{
// only allow namedadmins group members to have access
if (user_permissions_get("namedadmins")) {
return 1;
} else {
log_write("error", "page_output", "You do not have permissions to access this interface, request your administrator to assign you to the namedadmins group");
return 0;
}
}
function check_permissions()
{
if (!user_permissions_get("admin")) {
return 0;
}
if ($GLOBALS["config"]["AUTH_METHOD"] != "sql") {
log_write("error", "page", "User options can only be configured when using local user authentication");
return 0;
}
return 1;
}
function execute()
{
// define basic form details
$this->obj_form = new form_input();
$this->obj_form->formname = "traffic_types_edit";
$this->obj_form->language = $_SESSION["user"]["lang"];
$this->obj_form->action = "services/traffic-types-edit-process.php";
$this->obj_form->method = "post";
// general
$structure = NULL;
$structure["fieldname"] = "type_name";
$structure["type"] = "input";
$structure["options"]["req"] = "yes";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "type_label";
$structure["type"] = "input";
$this->obj_form->add_input($structure);
$structure = NULL;
$structure["fieldname"] = "type_description";
$structure["type"] = "input";
$this->obj_form->add_input($structure);
// hidden fields
$structure = NULL;
$structure["fieldname"] = "id";
$structure["type"] = "hidden";
$structure["defaultvalue"] = $this->obj_traffic_type->id;
$this->obj_form->add_input($structure);
// submit button
$structure = NULL;
$structure["fieldname"] = "submit";
$structure["type"] = "submit";
$structure["defaultvalue"] = "submit";
$this->obj_form->add_input($structure);
// define subforms
$this->obj_form->subforms["traffic_type_view"] = array("type_name", "type_label", "type_description");
$this->obj_form->subforms["hidden"] = array("id");
if (user_permissions_get("services_write") && !$this->locked) {
$this->obj_form->subforms["submit"] = array("submit");
} else {
$this->obj_form->subforms["submit"] = array();
}
// load data
if (error_check()) {
$this->obj_form->load_data_error();
} else {
$this->obj_traffic_type->load_data();
$this->obj_form->structure["type_name"]["defaultvalue"] = $this->obj_traffic_type->data["type_name"];
$this->obj_form->structure["type_label"]["defaultvalue"] = $this->obj_traffic_type->data["type_label"];
$this->obj_form->structure["type_description"]["defaultvalue"] = $this->obj_traffic_type->data["type_description"];
}
}
function render_html()
{
// Title + Summary
print "<h3>SERVICE JOURNAL</h3><br>";
print "<p>The journal is a place where you can put your own notes, files and view the history of this service.</p>";
if (user_permissions_get("services_write")) {
print "<p><a class=\"button\" href=\"index.php?page=services/journal-edit.php&type=text&id=" . $this->id . "\">Add new journal entry</a> <a class=\"button\" href=\"index.php?page=services/journal-edit.php&type=file&id=" . $this->id . "\">Upload File</a></p>";
}
// display options form
$this->obj_journal->render_options_form();
// display journal
$this->obj_journal->render_journal();
}
function check_permissions()
{
if (user_permissions_get("projects_timegroup")) {
// accept user if they have access to all staff
if (user_permissions_get("timekeeping_all_view")) {
return 1;
}
// select the IDs that the user does have access to
if ($this->access_staff_ids = user_permissions_staff_getarray("timereg_view")) {
return 1;
}
}
}
function render_html()
{
// display header
print "<h3>CUSTOMER JOURNAL</h3><br>";
print "<p>The journal is a place where you can put your own notes, files and view the history of this customer account.</p>";
if (user_permissions_get("customers_write")) {
print "<p><b><a class=\"button\" href=\"index.php?page=customers/journal-edit.php&type=text&id=" . $this->id . "\">Add new journal entry</a> <a class=\"button\" href=\"index.php?page=customers/journal-edit.php&type=file&id=" . $this->id . "\">Upload File</a></b></p>";
}
// display options form
$this->obj_journal->render_options_form();
// display journal
$this->obj_journal->render_journal();
}
function render_html()
{
// Title + Summapy
print "<h3>INVOICE JOURNAL</h3><br>";
print "<p>The journal is a place where you can put your own notes, files and view the history of this invoice.</p>";
if (user_permissions_get("accounts_ap_write")) {
print "<p><a class=\"button\" href=\"index.php?page=accounts/ap/journal-edit.php&type=text&id=" . $this->id . "\">Add new journal entry</a> <a class=\"button\" href=\"index.php?page=accounts/ap/journal-edit.php&type=file&id=" . $this->id . "\">Upload File</a></p>";
} else {
format_msgbox("locked", "<p>Note: your permissions limit you to read-only access to the journal</p>");
}
// display options form
$this->obj_journal->render_options_form();
// display the journal
$this->obj_journal->render_journal();
}
function check_permissions()
{
if (user_permissions_get("projects_view")) {
// accept user if they have access to all staff
if (user_permissions_get("timekeeping_all_view")) {
return 1;
}
// select the IDs that the user does have access to
if ($this->access_staff_ids = user_permissions_staff_getarray("timereg_view")) {
return 1;
} else {
log_render("error", "page", "Before you can view project hours, your administrator must configure the staff accounts you may access, or set the timekeeping_all_view permission.");
}
}
}
function set_usage_record($collector, $id_service_customer, $date, $usage1, $usage2 = NULL)
{
log_debug("services_usage", "Executing set_usage_record");
if (user_permissions_get("services_write_usage")) {
// sanitise input
$data["collector"] = @security_script_input_predefined("any", $collector);
$data["id_service_customer"] = @security_script_input_predefined("int", $id_service_customer);
$data["date"] = @security_script_input_predefined("date", $date);
$data["usage1"] = @security_script_input_predefined("int", $usage1);
$data["usage2"] = @security_script_input_predefined("int", $usage2);
foreach (array_keys($data) as $key) {
if ($data[$key] == "error") {
throw new SoapFault("Sender", "INVALID_INPUT");
}
}
/*
Verify that id_service_customer exists - this may seem unnessacary, but should be done
to prevent data being inserted to IDs that don't yet belong - but may do in future.
Would be nasty to have a lot of data sitting in the table waiting for a new customer to
appear whom the ID matches too.
Of course, this check does nothing to prevent data for one customer being accidently filed
against another customer due to an incorrect ID.
*/
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM services_customers WHERE id='" . $data["id_service_customer"] . "' LIMIT 1";
$sql_obj->execute();
if (!$sql_obj->num_rows()) {
throw new SoapFault("Sender", "INVALID_SERVICES_CUSTOMERS_ID");
}
unset($sql_obj);
// add new row to DB
$sql_obj = new sql_query();
$sql_obj->string = "INSERT INTO service_usage_records (" . "id_service_customer, " . "date, " . "usage1, " . "usage2" . ") VALUES (" . "'" . $data["id_service_customer"] . "', " . "'" . $data["date"] . "', " . "'" . $data["usage1"] . "', " . "'" . $data["usage2"] . "'" . ")";
if (!$sql_obj->execute()) {
throw new SoapFault("Sender", "UNEXPECTED_DB_ERROR");
}
return 1;
} else {
throw new SoapFault("Sender", "ACCESS_DENIED");
}
}
function check_permissions()
{
if (user_permissions_get("timekeeping")) {
// check if user has permissions to view the selected employee
if ($this->employeeid) {
if (!user_permissions_staff_get("timereg_view", $this->employeeid)) {
log_write("error", "page_output", "Sorry, you do not have permissions to view the timesheet for the selected employee");
// we unset the session variable, this prevents issues when the admin has disabled access to an employee
// for a specific user, and the session keeping the older user number stuck in memory forces
// the user to have to logout.
$_SESSION["form"]["timereg"]["employeeid"] = 0;
return 0;
}
}
// accept user if they have access to all staff
if (user_permissions_get("timekeeping_all_view")) {
return 1;
}
// select the IDs that the user does have access to
if ($this->access_staff_ids = user_permissions_staff_getarray("timereg_view")) {
return 1;
}
}
}
<?php
/*
projects/phase-edit-process.php
access: projects_write
Allows new phases to be added to projects, or existing phases to be modified
*/
// includes
include_once "../include/config.php";
include_once "../include/amberphplib/main.php";
if (user_permissions_get('projects_write')) {
/////////////////////////
$projectid = @security_form_input_predefined("int", "projectid", 1, "");
$phaseid = @security_form_input_predefined("int", "phaseid", 0, "");
$data["name_phase"] = @security_form_input_predefined("any", "name_phase", 1, "You must set a phase name.");
$data["description"] = @security_form_input_predefined("any", "description", 0, "");
//// VERIFY PROJECT/PHASE IDS /////////////
// check that the specified project actually exists
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM `projects` WHERE id='{$projectid}' LIMIT 1";
$sql_obj->execute();
if (!$sql_obj->num_rows()) {
log_write("error", "process", "The project you have attempted to edit - {$projectid} - does not exist in this system.");
} else {
if ($phaseid) {
$mode = "edit";
// are we editing an existing phase? make sure it exists and belongs to this project
$sql_obj = new sql_query();
$sql_obj->string = "SELECT projectid FROM `project_phases` WHERE id='{$phaseid}' LIMIT 1";
function check_permissions()
{
return user_permissions_get("admin");
}
function check_permissions()
{
return user_permissions_get("accounts_charts_write");
}
function check_permissions()
{
return user_permissions_get("namedadmins");
}
function check_permissions()
{
return user_permissions_get("projects_write");
}
function render_html()
{
// title
print "<h3>CUSTOMER PORTAL OPTIONS</h3><br>";
print "<p>There are various options for the customer portal which can be configured and defined here, such as the customer's login password.</p>";
// display the form
$this->obj_form->render_form();
if (!user_permissions_get("customers_write")) {
format_msgbox("locked", "<p>Sorry, you do not have permission to edit this customer</p>");
}
}
$sql_obj->string = "INSERT INTO users_options (userid, name, value) VALUES ({$id}, 'default_employeeid', '" . $data["option_default_employeeid"] . "')";
$sql_obj->execute();
//themes
$sql_obj->string = "INSERT INTO users_options (userid, name, value) VALUES ({$id}, 'theme', '" . $data["option_theme"] . "')";
$sql_obj->execute();
// administrator-only options
if (user_permissions_get("admin")) {
// debugging
$sql_obj->string = "INSERT INTO users_options (userid, name, value) VALUES ({$id}, 'debug', '" . $data["option_debug"] . "')";
$sql_obj->execute();
// concurrent logins
$sql_obj->string = "INSERT INTO users_options (userid, name, value) VALUES ({$id}, 'concurrent_logins', '" . $data["option_concurrent_logins"] . "')";
$sql_obj->execute();
}
//translate options
if (user_permissions_get("devel_translate")) {
$sql_obj->string = "INSERT INTO users_options (userid, name, value) VALUES ({$id}, 'translation', '" . $data["option_translation"] . "')";
$sql_obj->execute();
}
/*
Complete
*/
if (!$_SESSION["error"]["message"]) {
$sql_obj->trans_commit();
log_write("notification", "process", "Account changes applied successfully.");
journal_quickadd_event("users", $id, "User changed account options");
/*
Apply changes to active session
*/
$sql_obj->string = "SELECT name, value FROM users_options WHERE userid='{$id}'";
$sql_obj->execute();
function check_permissions()
{
return user_permissions_get('services_write');
}
function render_html()
{
// calcuate next/previous week/year
if ($this->date_selected_weekofyear == 1) {
$date_option_previousyear = $this->date_selected_year - 1;
$date_option_previousweek = 52;
$date_option_nextyear = $this->date_selected_year;
$date_option_nextweek = 2;
} elseif ($this->date_selected_weekofyear == 52) {
$date_option_previousyear = $this->date_selected_year;
$date_option_previousweek = 51;
$date_option_nextyear = $this->date_selected_year + 1;
$date_option_nextweek = 1;
} else {
$date_option_previousyear = $this->date_selected_year;
$date_option_previousweek = $this->date_selected_weekofyear - 1;
$date_option_nextyear = $this->date_selected_year;
$date_option_nextweek = $this->date_selected_weekofyear + 1;
}
// Week view header
print "<h3>TIME REGISTRATION</h3><br><br>";
/*
Unbilled Time
*/
if (user_permissions_get("projects_timegroup")) {
/*
Create an array of all unbilled time records. We need to do the following to create this list:
1. Exclude any internal_only projects.
2. Include time which belongs to a time_group, but ONLY if the time group has not been added to an invoice.
*/
$unbilled_ids = array();
// select non-internal projects
$sql_projects_obj = new sql_query();
$sql_projects_obj->string = "SELECT projects.id as projectid, project_phases.id as phaseid FROM project_phases LEFT JOIN projects ON projects.id = project_phases.projectid WHERE projects.internal_only='0'";
$sql_projects_obj->execute();
if ($sql_projects_obj->num_rows()) {
$sql_projects_obj->fetch_array();
foreach ($sql_projects_obj->data as $project_data) {
// select non-group time records
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM timereg WHERE groupid='0' AND phaseid='" . $project_data["phaseid"] . "'";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
foreach ($sql_obj->data as $data_tmp) {
// we store the ID inside an array key, since they are unique
// and this will prevent us needed to check for the existance of
// the ID already.
$unbilled_ids[$data_tmp["id"]] = "on";
}
}
unset($sql_obj);
// select unpaid group IDs
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM time_groups WHERE projectid='" . $project_data["projectid"] . "' AND invoiceid='0'";
$sql_obj->execute();
if ($sql_obj->num_rows()) {
$sql_obj->fetch_array();
foreach ($sql_obj->data as $data_group) {
// fetch all the time reg IDs belonging this group, but only select time entries marked as billable - we
// don't want to report a timegroup with unbillable time as being billed!
$sql_reg_obj = new sql_query();
$sql_reg_obj->string = "SELECT id FROM timereg WHERE groupid='" . $data_group["id"] . "' AND billable='1'";
$sql_reg_obj->execute();
if ($sql_reg_obj->num_rows()) {
$sql_reg_obj->fetch_array();
foreach ($sql_reg_obj->data as $data_tmp) {
// we store the ID inside an array key, since they are unique
// and this will prevent us needed to check for the existance of
// the ID already.
$unbilled_ids[$data_tmp["id"]] = "on";
}
}
unset($sql_reg_obj);
}
}
unset($sql_obj);
}
}
// fetch amount of unbilled time
$sql_obj = new sql_query();
$sql_obj->prepare_sql_settable("timereg");
$sql_obj->prepare_sql_addfield("timebooked", "SUM(timereg.time_booked)");
if ($this->access_staff_ids) {
$sql_obj->prepare_sql_addwhere("employeeid IN (" . format_arraytocommastring($this->access_staff_ids) . ")");
}
$sql_obj->prepare_sql_addjoin("LEFT JOIN time_groups ON timereg.groupid = time_groups.id");
// provide list of valid IDs
$unbilled_ids_keys = array_keys($unbilled_ids);
$unbilled_ids_count = count($unbilled_ids_keys);
$unbilled_ids_sql = "";
if ($unbilled_ids_count) {
$i = 0;
foreach ($unbilled_ids_keys as $id) {
$i++;
if ($i == $unbilled_ids_count) {
$unbilled_ids_sql .= "timereg.id='{$id}' ";
} else {
$unbilled_ids_sql .= "timereg.id='{$id}' OR ";
}
}
$sql_obj->prepare_sql_addwhere("({$unbilled_ids_sql})");
$sql_obj->generate_sql();
$sql_obj->execute();
$sql_obj->fetch_array();
list($unbilled_time_hours, $unbilled_time_mins) = explode(":", time_format_hourmins($sql_obj->data[0]["timebooked"]));
if ($unbilled_time_hours > 0 && $unbilled_time_mins > 0) {
$message = "There are currently {$unbilled_time_hours} hours and {$unbilled_time_mins} minutes of unbilled time to be processed. Click here to view.";
} elseif ($unbilled_time_hours > 0) {
$message = "There are currently {$unbilled_time_hours} hours of unbilled time to be processed. Click here to view.";
} elseif ($unbilled_time_mins > 0) {
$message = "There are currently {$unbilled_time_mins} minutes of unbilled time to be processed. Click here to view.";
}
} else {
$message = "There is no unbilled time to be processed.";
}
// display
print "<br>";
format_linkbox("default", "index.php?page=timekeeping/unbilled.php", "<p><b>UNBILLED TIME</b></p><p>{$message}</p>");
}
/*end unbilled time*/
print "<br />";
/*
Time booked
*/
// fetch amount of time booked for today
$sql_obj = new sql_query();
$sql_obj->prepare_sql_settable("timereg");
$sql_obj->prepare_sql_addfield("timebooked", "SUM(timereg.time_booked)");
$sql_obj->prepare_sql_addwhere("date='" . date("Y-m-d") . "'");
if ($this->access_staff_ids) {
$sql_obj->prepare_sql_addwhere("employeeid IN (" . format_arraytocommastring($this->access_staff_ids) . ")");
}
$sql_obj->generate_sql();
$sql_obj->execute();
$sql_obj->fetch_array();
list($booked_time_hours, $booked_time_mins) = explode(":", time_format_hourmins($sql_obj->data[0]["timebooked"]));
if ($booked_time_hours > 0 && $booked_time_mins > 0) {
$message = "<b>Time booked for today: {$booked_time_hours} hours and {$booked_time_mins} minutes.</b><br />Click here to add more time.";
} elseif ($booked_time_hours > 0) {
$message = "<b>Time booked for today: {$booked_time_hours} hours.</b><br />Click here to add more time.";
} elseif ($booked_time_mins > 0) {
$message = "<b>Time booked for today: {$booked_time_mins} minutes.</b><br />Click here to add more time.";
} else {
$message = "<b>No time has been booked for today</b><br />Click here to add time.</b>";
}
format_linkbox("default", "index.php?page=timekeeping/timereg-day-edit.php", "<p>{$message}</p>");
print "<br />";
print "<table class=\"table_highlight\" width=\"100%\"><tr>";
// Week selection links
print "<td width=\"70%\">";
print "<b>WEEK " . $this->date_selected_weekofyear . ", " . $this->date_selected_year . "</b><br>";
print "(" . time_format_humandate($this->date_selected_start) . " to " . time_format_humandate($this->date_selected_end) . ")<br>";
print "<br>";
print "<p><b>";
print "<a class=\"button\" href=\"index.php?page=timekeeping/timereg.php&employeeid=" . $this->employeeid . "&weekofyear=" . $date_option_previousweek . "&year=" . $date_option_previousyear . "\"><< Previous Week</a>";
// check for date in the future
if ($this->config_timesheet_booktofuture == "disabled") {
if (time_date_to_timestamp(time_calculate_weekstart($date_option_nextweek, $date_option_nextyear)) < time()) {
// end date is in not in the future
print " <a class=\"button\" href=\"index.php?page=timekeeping/timereg.php&employeeid=" . $this->employeeid . "&weekofyear=" . $date_option_nextweek . "&year=" . $date_option_nextyear . "\">Next Week >></a>";
}
} else {
print " <a class=\"button\" href=\"index.php?page=timekeeping/timereg.php&employeeid=" . $this->employeeid . "&weekofyear=" . $date_option_nextweek . "&year=" . $date_option_nextyear . "\">Next Week >></a>";
}
print "</b></p>";
print "</td>";
// goto date form
print "<td width=\"30%\">";
print "<form method=\"get\" action=\"index.php\" class=\"form_standard\">";
$this->obj_form_goto->render_field("date");
print "<br>";
$this->obj_form_goto->render_field("page");
$this->obj_form_goto->render_field("submit");
print "</form>";
print "</td>";
print "</tr></table><br>";
// Employee selection form
//
// we use a custom form display method here, since the normal form
// class will draw a fully styled form in a table.
//
if ($this->employeeid) {
print "<table class=\"table_highlight\" width=\"100%\"><tr><td width=\"100%\">";
} else {
print "<table class=\"table_highlight_important\" width=\"100%\"><tr><td width=\"100%\">";
}
print "<form method=\"get\" action=\"index.php\" class=\"form_standard\">";
print "<p><b>Select an employee to view:</b></p>";
$this->obj_form_employee->render_field("employeeid");
$this->obj_form_employee->render_field("weekofyear");
$this->obj_form_employee->render_field("year");
$this->obj_form_employee->render_field("page");
$this->obj_form_employee->render_field("submit");
print "</form>";
print "</td></tr></table><br>";
if ($this->employeeid) {
// custom labels and links
if ($this->config_timesheet_booktofuture == "disabled") {
if (time_date_to_timestamp($this->date_selected_daysofweek[0]) < time()) {
$this->obj_table_week->custom_column_link("monday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[0] . "");
}
if (time_date_to_timestamp($this->date_selected_daysofweek[1]) < time()) {
$this->obj_table_week->custom_column_link("tuesday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[1] . "");
}
if (time_date_to_timestamp($this->date_selected_daysofweek[2]) < time()) {
$this->obj_table_week->custom_column_link("wednesday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[2] . "");
}
if (time_date_to_timestamp($this->date_selected_daysofweek[3]) < time()) {
$this->obj_table_week->custom_column_link("thursday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[3] . "");
}
if (time_date_to_timestamp($this->date_selected_daysofweek[4]) < time()) {
$this->obj_table_week->custom_column_link("friday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[4] . "");
}
if (time_date_to_timestamp($this->date_selected_daysofweek[5]) < time()) {
$this->obj_table_week->custom_column_link("saturday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[5] . "");
}
if (time_date_to_timestamp($this->date_selected_daysofweek[6]) < time()) {
$this->obj_table_week->custom_column_link("sunday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[6] . "");
}
} else {
// add links
$this->obj_table_week->custom_column_link("monday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[0] . "");
$this->obj_table_week->custom_column_link("tuesday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[1] . "");
$this->obj_table_week->custom_column_link("wednesday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[2] . "");
$this->obj_table_week->custom_column_link("thursday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[3] . "");
$this->obj_table_week->custom_column_link("friday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[4] . "");
$this->obj_table_week->custom_column_link("saturday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[5] . "");
$this->obj_table_week->custom_column_link("sunday", "index.php?page=timekeeping/timereg-day.php&date=" . $this->date_selected_daysofweek[6] . "");
}
// column labels
$this->obj_table_week->custom_column_label("monday", "Monday<br><font style=\"font-size: 8px;\">(" . time_format_humandate($this->date_selected_daysofweek[0]) . ")</font>");
$this->obj_table_week->custom_column_label("tuesday", "Tuesday<br><font style=\"font-size: 8px;\">(" . time_format_humandate($this->date_selected_daysofweek[1]) . ")</font>");
$this->obj_table_week->custom_column_label("wednesday", "Wednesday<br><font style=\"font-size: 8px;\">(" . time_format_humandate($this->date_selected_daysofweek[2]) . ")</font>");
$this->obj_table_week->custom_column_label("thursday", "Thursday<br><font style=\"font-size: 8px;\">(" . time_format_humandate($this->date_selected_daysofweek[3]) . ")</font>");
$this->obj_table_week->custom_column_label("friday", "Friday<br><font style=\"font-size: 8px;\">(" . time_format_humandate($this->date_selected_daysofweek[4]) . ")</font>");
$this->obj_table_week->custom_column_label("saturday", "Saturday<br><font style=\"font-size: 8px;\">(" . time_format_humandate($this->date_selected_daysofweek[5]) . ")</font>");
$this->obj_table_week->custom_column_label("sunday", "Sunday<br><font style=\"font-size: 8px;\">(" . time_format_humandate($this->date_selected_daysofweek[6]) . ")</font>");
// display week time table
$this->obj_table_week->render_table_html();
print "<table width=\"100%\">";
// add time link
if (user_permissions_staff_get("timereg_write", $this->employeeid)) {
print "<td align=\"left\" valign=\"top\"><p><a class=\"button\" href=\"index.php?page=timekeeping/timereg-day-edit.php\">Add new time entry</a></p></td>";
} else {
print "<p><i>You have read-only access to this employee and therefore can not add any more time.</i></p>";
}
// display CSV/PDF download link
print "<td align=\"right\">";
print "<p><a class=\"button_export\" href=\"index-export.php?mode=csv&page=timekeeping/timereg.php\">Export as CSV</a></p>";
print "<p><a class=\"button_export\" href=\"index-export.php?mode=pdf&page=timekeeping/timereg.php\">Export as PDF</a></p>";
print "</td>";
print "</table>";
}
}
function check_permissions()
{
return user_permissions_get("customers_view");
}
function delete_tax($id)
{
log_debug("taxes", "Executing delete_tax_details({$id}, values...)");
if (user_permissions_get("accounts_taxes_write")) {
$obj_tax = new tax();
/*
Load SOAP Data
*/
$obj_tax->id = @security_script_input_predefined("int", $id);
if (!$obj_tax->id || $obj_tax->id == "error") {
throw new SoapFault("Sender", "INVALID_INPUT");
}
/*
Error Handling
*/
// verify tax ID
if (!$obj_tax->verify_id()) {
throw new SoapFault("Sender", "INVALID_ID");
}
// check that the tax can be safely deleted
if ($obj_tax->check_delete_lock()) {
throw new SoapFault("Sender", "LOCKED");
}
/*
Perform Changes
*/
if ($obj_tax->action_delete()) {
return 1;
} else {
throw new SoapFault("Sender", "UNEXPECTED_ACTION_ERROR");
}
} else {
throw new SoapFault("Sender", "ACCESS DENIED");
}
}
function check_permissions()
{
return user_permissions_get('accounts_gl_view');
}
<?php
/*
services/plan-edit-process.php
access: services_write
Adjusts the service plan configuration.
*/
// includes
require "../include/config.php";
require "../include/amberphplib/main.php";
// custom includes
require "../include/services/inc_services_process.php";
if (user_permissions_get('services_write')) {
/////////////////////////
service_form_plan_process();
/////////////////////////
} else {
// user does not have perms to view this page/isn't logged on
error_render_noperms();
header("Location: ../index.php?page=message.php");
exit(0);
}
function check_permissions()
{
return user_permissions_get("products_view");
}
<?php
/*
customers/portal-process.php
access: customers_write
Allows adjustments of the customer's portal interface.
*/
// includes
require "../include/config.php";
require "../include/amberphplib/main.php";
// custom includes
require "../include/customers/inc_customers.php";
if (user_permissions_get('customers_write')) {
$obj_customer = new customer_portal();
/*
Load POST data
*/
$obj_customer->id = @security_form_input_predefined("int", "id_customer", 1, "");
// check password (if the user has requested to change it)
if ($_POST["password"] || $_POST["password_confirm"]) {
$data["password"] = @security_form_input_predefined("any", "password", 4, "");
$data["password_confirm"] = @security_form_input_predefined("any", "password_confirm", 4, "");
if ($data["password"] != $data["password_confirm"]) {
$_SESSION["error"]["message"][] = "Customer passwords do not match.";
$_SESSION["error"]["password-error"] = 1;
$_SESSION["error"]["password_confirm-error"] = 1;
}
}
/*
<?php
/*
accounts/quotes/journal-edit-process.php
access: accounts_quotes_write
Allows the user to post an entry to the journal or edit an existing journal entry.
*/
// includes
require "../../include/config.php";
require "../../include/amberphplib/main.php";
if (user_permissions_get('accounts_quotes_write')) {
/////////////////////////
// start the journal processing
$journal = new journal_process();
$journal->prepare_set_journalname("account_quotes");
// import form data
$journal->process_form_input();
//// ERROR CHECKING ///////////////////////
// make sure the quote ID submitted really exists
$sql_obj = new sql_query();
$sql_obj->string = "SELECT id FROM account_quotes WHERE id='" . $journal->structure["customid"] . "'";
$sql_obj->execute();
if (!$sql_obj->num_rows()) {
$_SESSION["error"]["message"][] = "Unable to find requested quote/transaction to modify journal for.";
}
/// if there was an error, go back to the entry page
if ($_SESSION["error"]["message"]) {
$_SESSION["error"]["form"]["journal_edit"] = "failed";
header("Location: ../../index.php?page=accounts/quotes/journal.php&id=" . $journal->structure["customid"] . "&journalid=" . $journal->structure["id"] . "&action=" . $journal->structure["action"] . "");
<?php
/*
accounts/ar/credit-items-edit-process.php
access: accounts_credits_write
Allows a user to adjust or create new credit items.
*/
// includes
require "../../include/config.php";
require "../../include/amberphplib/main.php";
// custom includes
require "../../include/accounts/inc_credits.php";
require "../../include/accounts/inc_invoices.php";
require "../../include/accounts/inc_invoices_items.php";
if (user_permissions_get('accounts_ar_write')) {
/*
Let the credits functions do all the work for us
*/
$returnpage_error = "accounts/ar/credit-items-edit.php";
$returnpage_success = "accounts/ar/credit-items.php";
invoice_form_items_process("ar_credit", $returnpage_error, $returnpage_success);
} else {
// user does not have perms to view this page/isn't logged on
error_render_noperms();
header("Location: ../index.php?page=message.php");
exit(0);
}
function check_permissions()
{
if (user_permissions_get('customers_view')) {
return 1;
}
}
<?php
/*
users/journal-download-process.php
access: admin only
Allows the download of a file attached to the journal.
*/
// includes
include_once "../include/config.php";
include_once "../include/amberphplib/main.php";
if (user_permissions_get('admin')) {
$journalid = @security_script_input('/^[0-9]*$/', $_GET["customid"]);
$fileid = @security_script_input('/^[0-9]*$/', $_GET["fileid"]);
// check that the journal entry exists
if (!$journalid) {
$_SESSION["error"]["message"][] = "No journal ID supplied";
}
if (!$fileid) {
$_SESSION["error"]["message"][] = "No file ID supplied";
}
/*
Now we verify that the file belongs to a valid journal, and that the journal
does belong to a user.
This prevent a malicious user from using this page to fetch other files
belonging to other journals or users.
*/
// get the ID of the journal from the file ID
$customid = sql_get_singlevalue("SELECT customid as value FROM file_uploads WHERE id='{$fileid}'");
