function zen_get_admin_menu_for_user()
{
global $db;
if (zen_is_superuser()) {
// get all registered admin pages that should appear in the menu
$retVal = zen_get_admin_pages(TRUE);
} else {
// get only those registered pages allowed by the current user's profile
$retVal = array();
$sql = "SELECT ap.menu_key, ap.page_key, ap.main_page, ap.page_params, ap.language_key as pageName\n FROM " . TABLE_ADMIN . " a\n LEFT JOIN " . TABLE_ADMIN_PAGES_TO_PROFILES . " ap2p ON ap2p.profile_id = a.admin_profile\n LEFT JOIN " . TABLE_ADMIN_PAGES . " ap ON ap.page_key = ap2p.page_key\n LEFT JOIN " . TABLE_ADMIN_MENUS . " am ON am.menu_key = ap.menu_key\n WHERE a.admin_id = :user:\n AND ap.display_on_menu = 'Y'\n ORDER BY am.sort_order, ap.sort_order";
$sql = $db->bindVars($sql, ':user:'******'admin_id'], 'integer');
$result = $db->Execute($sql);
while (!$result->EOF) {
$retVal[$result->fields['menu_key']][$result->fields['page_key']] = array('name' => constant($result->fields['pageName']), 'file' => constant($result->fields['main_page']), 'params' => $result->fields['page_params']);
$result->MoveNext();
}
}
return $retVal;
}
if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_ALERT_PAGE . '.php') {
if (substr(DIR_WS_ADMIN, -7) == '/admin/' || substr(DIR_WS_HTTPS_ADMIN, -7) == '/admin/') {
zen_redirect(zen_href_link(FILENAME_ALERT_PAGE));
}
$check_path = dirname($_SERVER['SCRIPT_FILENAME']) . '/../zc_install';
if (is_dir($check_path)) {
zen_redirect(zen_href_link(FILENAME_ALERT_PAGE));
}
}
}
if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_ALERT_PAGE . '.php') {
if (strpos(strtolower($PHP_SELF), FILENAME_PASSWORD_FORGOTTEN . '.php') !== FALSE && substr_count(strtolower($PHP_SELF), '.php') > 1) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (!(basename($PHP_SELF) == FILENAME_LOGIN . ".php")) {
$page = basename($PHP_SELF, ".php");
if (!isset($_SESSION['admin_id'])) {
if (!(basename($PHP_SELF) == FILENAME_PASSWORD_FORGOTTEN . '.php')) {
zen_redirect(zen_href_link(FILENAME_LOGIN, 'camefrom=' . basename($PHP_SELF) . '&' . zen_get_all_get_params(), 'SSL'));
}
}
if (!in_array($page, array(FILENAME_DEFAULT, FILENAME_ADMIN_ACCOUNT, FILENAME_LOGOFF, FILENAME_ALERT_PAGE, FILENAME_PASSWORD_FORGOTTEN, FILENAME_DENIED, FILENAME_ALT_NAV)) && !zen_is_superuser()) {
if (check_page($page, $_GET) == FALSE) {
zen_redirect(zen_href_link(FILENAME_DENIED, '', 'SSL'));
}
}
}
if (basename($PHP_SELF) == FILENAME_LOGIN . '.php' && (substr_count(dirname($PHP_SELF), '//') > 0 || substr_count(dirname($PHP_SELF), '.php') > 0)) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
}
while (!$counter->EOF) {
$counter_startdate = $counter->fields['startdate'];
$counter_startdate_formatted = strftime(DATE_FORMAT_SHORT, mktime(0, 0, 0, substr($counter_startdate, 4, 2), substr($counter_startdate, -2), substr($counter_startdate, 0, 4)));
echo ' <div class="row"><span class="left">' . $counter_startdate_formatted . '</span><span class="rigth"> ' . $counter->fields['session_counter'] . ' - ' . $counter->fields['counter'] . '</span> </div>' . "\n";
$counter->MoveNext();
}
?>
</div>
<?php
}
?>
</div>
<div id="colthree">
<?php
if (zen_is_superuser() || check_page(FILENAME_ORDERS, array())) {
?>
<div class="reportBox">
<div class="header"><?php
echo BOX_ENTRY_NEW_ORDERS;
?>
</div>
<?php
$orders = $db->Execute("select o.orders_id as orders_id, o.customers_name as customers_name, o.customers_id, o.date_purchased as date_purchased, o.currency, o.currency_value, ot.class, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id and class = 'ot_total') order by orders_id DESC limit 20");
while (!$orders->EOF) {
// COWOA+ check for full account status
$COWOA_query = "select COWOA_account from " . TABLE_CUSTOMERS . " WHERE customers_id = " . $orders->fields['customers_id'] . " limit 1;";
$COWOA_result = $db->Execute($COWOA_query);
echo ' <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_ORDERS, 'oID=' . $orders->fields['orders_id'] . '&origin=' . FILENAME_DEFAULT, 'NONSSL') . '" class="contentlink"> ' . $orders->fields['customers_name'] . '</a></span><span class="center">' . $orders->fields['order_total'] . '</span><span class="rigth">' . "\n";
echo zen_date_short($orders->fields['date_purchased']);
// COWOA+
