public function update($id)
{
if (request::is_ajax() and request::method() == 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$item = $this->item_model->find($id)->as_array();
if (!empty($_FILES['item-image']['name'])) {
$targetPath = 'assets/uploads/items/';
$filename = $_FILES['item-image']['name'];
$tempname = $_FILES['item-image']['tmp_name'];
$temp = explode(".", $filename);
$extension = end($temp);
if (!is_dir($targetPath)) {
mkdir($targetPath, 0700);
$salt = 'items-' . uniqid() . '-';
$targetFile = $targetPath . $salt . $filename;
$this->start_upload($targetFile, $tempname);
} else {
$salt = 'items-' . uniqid() . '-';
$targetFile = $targetPath . $salt . $filename;
$this->start_upload($targetFile, $tempname);
}
} else {
$targetFile = $item['image_file_name'];
}
$post = array("category_id" => $post['item-category'], "code" => $post['item-code'], "name" => $post['item-name'], "quantity" => $item['quantity'], "unit" => $post['item-unit'], "cost" => $post['item-cost'], "price" => $post['item-price'], "description" => $post['item-description'], "image_file_name" => $targetFile);
$this->item_model->update($post, $id);
log_helper::add("1", $this->user_log, $this->user_id, "Updated Item named " . $post['name']);
}
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
log_helper::add("1", $this->user_log, $this->user_id, "Added New Purchase");
$this->purchase_model->insert($post);
}
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$latest = json_helper::convert($this->district_model->insert($post));
echo json_encode($latest);
}
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$officeBudget = arr::remove('currentBudget', $post);
if ($post['status'] == 'Approved') {
$this->budget_model->updateBudget($post['office_id'], $officeBudget);
echo $this->request_model->insert($post);
}
$this->request_model->insert($post);
log_helper::add("1", $this->user_log, $this->user_id, "Added New Request");
}
}
public function contact_info()
{
if (request::is_ajax() && request::method() == 'post') {
$this->auto_render = FALSE;
//$settings = json_decode($this->setting_model->find(1)->configs);
//$this->template->settings = $settings;
$post = security::xss_clean($this->input->post());
$data = array("mobile" => $post["mobile"], "email" => $post["email"], "twitter" => $post["twitter"], "skype" => $post["skype"]);
$json = json_encode($data, TRUE);
$data_contact_info = array("contact_information" => $json);
log_helper::add("2", $this->user_log, $this->user_id, "Profile Contact Information was Successfully Updated");
$this->setting_model->update_user($this->auth->get_user()->id, $data_contact_info);
}
}
public function update($id)
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$changes = "";
$post = security::xss_clean($this->input->post('name'));
$district = $this->district_model->find($id);
$changes .= custom_helper::compare_variable("District Name", $district->name, $post);
if ($changes != "") {
$changes = substr($changes, 0, -2) . '.';
}
$district->name = $post;
log_helper::add("1", $this->user_log, $this->user_id, "Updated a District. " . $changes);
echo json_encode($this->district_model->getOne($district->save($id)));
}
}
public function save_email()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$senderId = $this->auth->get_user()->id;
$receiver = $this->category_model->getOneUser($post['receiverId']);
$decodeUserInfo = json_decode($receiver[0]->user_information, TRUE);
$dataSent = array("email_data" => $post['content'], "subject" => $post['subject'], "receiver_id" => $post['receiverId'], "sender_id" => $senderId, "notif_viewed" => 0, "email_viewed" => 0, "email_deleted" => 0);
//print_r($post);exit;
//$this->auth->get_user()->id
$latest = $this->email_model->insert($dataSent);
log_helper::add("1", $this->user_log, $this->user_id, "Email Sent to " . $decodeUserInfo['fullname'] . ".");
// echo json_encode($latest);
}
}
public function save()
{
if (request::is_ajax() and request::method() === 'post') {
$this->auto_render = FALSE;
$office_id = Auth::instance()->get_user()->office_id;
$post = security::xss_clean($this->input->post());
$post['office_id'] = $office_id;
$post['status'] = 'Received';
$officeBudget = arr::remove('currentBudget', $post);
if ($post['status'] == 'Approved') {
$this->budget_model->updateBudget($post['office_id'], $officeBudget);
echo $this->request_model->insert($post);
}
log_helper::add("1", $this->user_log, $this->user_id, "Requested a Budget");
$this->request_model->insert($post);
}
}
public function update($id)
{
if (request::is_ajax() && request::method() == 'post') {
$this->auto_render = FALSE;
$changes = "";
$post = security::xss_clean($this->input->post());
$category = $this->category_model->find($id);
$changes .= custom_helper::compare_variable("Category Name", $category->name, $post['name']);
$changes .= custom_helper::compare_variable("Category Description", $category->description, $post['description']);
if ($changes != "") {
$changes = substr($changes, 0, -2) . '.';
}
//print_r($changes);exit;
$category->name = $post['name'];
$category->description = $post['description'];
log_helper::add("1", $this->user_log, $this->user_id, "Updated a Category. " . $changes);
echo $category->save();
}
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$request_id = arr::remove('request_id', $post);
foreach ($post as $key => $value) {
$this->transaction_model->{$key} = $value;
}
$budget = $this->budget_model->where('office_id', $post['office_id'])->find();
$budget_left = (double) $budget->amount_left - (double) $post['amount_paid'];
$this->budget_model->updateBudget($post['office_id'], $budget_left);
$request = $this->request_model->find($request_id);
$request->grand_total = $post['amount_left'];
$request->save();
log_helper::add("1", $this->user_log, $this->user_id, "Added New Transaction.");
echo $this->transaction_model->save();
}
}
public function update($id)
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$office = $this->office_model->with('district')->find($id);
$district = $this->district_model->find($post['district_id']);
$changes = "";
$changes .= custom_helper::compare_variable("Office Name", $office->name, $post['name']);
$changes .= custom_helper::compare_variable("District Name", $office->district->name, $district->name);
if ($changes != "") {
$changes = substr($changes, 0, -2) . '.';
}
$office->district_id = $post['district_id'];
$office->name = $post['name'];
log_helper::add("1", $this->user_log, $this->user_id, "Updated an Office. " . $changes);
echo json_encode($office->save()->as_array());
}
}
public function save()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$items = $post['items'];
arr::remove('items', $post);
foreach ($post as $key => $value) {
$this->purchase_model->{$key} = $value;
}
$last_purchase = $this->purchase_model->save();
if ($last_purchase->id) {
$i = 0;
foreach ($items as $key => $value) {
$items[$key]['purchase_id'] = $last_purchase->id;
$this->item_stock_model->insert($items[$i]);
$i++;
}
}
}
}
public function update($id)
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$supplier = $this->supplier_model->find($id);
$changes = "";
$changes .= custom_helper::compare_variable("Supplier Name", $supplier->name, $post['name']);
$changes .= custom_helper::compare_variable("Supplier Representative", $supplier->representative, $post['representative']);
$changes .= custom_helper::compare_variable("Supplier Contact Number", $supplier->contact_number, $post['contact_number']);
$changes .= custom_helper::compare_variable("Supplier Email", $supplier->email, $post['email']);
$changes .= custom_helper::compare_variable("Supplier Address", $supplier->address, $post['address']);
if ($changes != "") {
$changes = substr($changes, 0, -2) . '.';
}
foreach ($post as $key => $value) {
$supplier->{$key} = $value;
}
log_helper::add("1", $this->user_log, $this->user_id, "Updated a Supplier. " . $changes);
echo $supplier->save();
}
}
public function index()
{
$requested_url = $this->session->get('requested_url');
$this->template->content = new View('login/login_view');
$user = ORM::factory('user');
if ($this->auth->auto_login()) {
if (isset($requested_url)) {
url::redirect($requested_url);
}
url::redirect('/dashboard');
}
if ($_POST) {
$remember = FALSE;
$credentials = security::xss_clean($this->input->post());
if ($user->username_exists($credentials['username'])) {
if (isset($credentials['remember'])) {
$remember = TRUE;
}
if ($this->auth->login($credentials['username'], $credentials['password'], $remember)) {
$role = $this->auth->get_user()->roles[1]->name;
if ($role === 'admin') {
if (isset($requested_url)) {
return url::redirect($requested_url);
}
return url::redirect('/dashboard');
} else {
return url::redirect('/office/dashboard');
}
} else {
$this->session->set_flash('error', 'Username/Password incorrect.');
url::redirect('/auth');
}
} else {
$this->session->set_flash('error', 'Username does not exist! Contact your administrator.');
url::redirect('/auth');
}
}
}
public function update($id)
{
if (request::is_ajax() and request::method() === 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
$officeBudget = $this->budget_model->find($id);
$transactionTotal = $this->transaction_model->getTransactionTotal($officeBudget->office_id);
if ($transactionTotal) {
$transactionTotal = (double) $transactionTotal[0]->sum;
$amount_given = (double) $post['amount_given'];
if ($amount_given > $transactionTotal) {
$post['amount_left'] = $amount_given - $transactionTotal;
} else {
echo -1;
return;
}
}
foreach ($post as $key => $value) {
$officeBudget->{$key} = $value;
}
log_helper::add("2", $this->user_log, $this->user_id, "Updated an Office Budget.");
echo $officeBudget->save();
}
}
/**
* Helper function to fetch and optionally paginate the list of
* incidents/reports via the Incident Model using one or all of the
* following URL parameters
* - category
* - location bounds
* - incident mode
* - media
* - location radius
* JP: added one additional URL parameter:
* - search
*
* @param bool $paginate Optionally paginate the incidents - Default is FALSE
* @param int $items_per_page No. of items to show per page
* @return Database_Result
*/
public static function fetch_incidents($paginate = FALSE, $items_per_page = 0)
{
// Reset the paramters
self::$params = array();
// Initialize the category id
$category_id = 0;
$table_prefix = Kohana::config('database.default.table_prefix');
// Fetch the URL data into a local variable
$url_data = $_GET;
// Split selected parameters on ","
// For simplicity, always turn them into arrays even theres just one value
$exclude_params = array('c', 'v', 'm', 'mode', 'sw', 'ne', 'start_loc');
foreach ($url_data as $key => $value) {
if (in_array($key, $exclude_params) and !is_array($value)) {
$url_data[$key] = explode(",", $value);
}
}
//> BEGIN PARAMETER FETCH
//
// Check for the category parameter
//
if (isset($url_data['c']) and is_array($url_data['c'])) {
// Sanitize each of the category ids
$category_ids = array();
foreach ($url_data['c'] as $c_id) {
if (intval($c_id) > 0) {
$category_ids[] = intval($c_id);
}
}
// Check if there are any category ids
if (count($category_ids) > 0) {
$category_ids = implode(",", $category_ids);
array_push(self::$params, '(c.id IN (' . $category_ids . ') OR c.parent_id IN (' . $category_ids . '))', 'c.category_visible = 1');
}
}
//
// Incident modes
//
if (isset($url_data['mode']) and is_array($url_data['mode'])) {
$incident_modes = array();
// Sanitize the modes
foreach ($url_data['mode'] as $mode) {
if (intval($mode) > 0) {
$incident_modes[] = intval($mode);
}
}
// Check if any modes exist and add them to the parameter list
if (count($incident_modes) > 0) {
array_push(self::$params, 'i.incident_mode IN (' . implode(",", $incident_modes) . ')');
}
}
//
// Location bounds parameters
//
if (isset($url_data['sw']) and isset($url_data['ne'])) {
$southwest = $url_data['sw'];
$northeast = $url_data['ne'];
if (count($southwest) == 2 and count($northeast) == 2) {
$lon_min = (double) $southwest[0];
$lon_max = (double) $northeast[0];
$lat_min = (double) $southwest[1];
$lat_max = (double) $northeast[1];
// Add the location conditions to the parameter list
array_push(self::$params, 'l.latitude >= ' . $lat_min, 'l.latitude <= ' . $lat_max, 'l.longitude >= ' . $lon_min, 'l.longitude <= ' . $lon_max);
}
}
//
// Location bounds - based on start location and radius
//
if (isset($url_data['radius']) and isset($url_data['start_loc'])) {
//if $url_data['start_loc'] is just comma delimited strings, then make it into an array
if (intval($url_data['radius']) > 0 and is_array($url_data['start_loc'])) {
$bounds = $url_data['start_loc'];
if (count($bounds) == 2 and is_numeric($bounds[0]) and is_numeric($bounds[1])) {
self::$params['radius'] = array('distance' => intval($url_data['radius']), 'latitude' => $bounds[0], 'longitude' => $bounds[1]);
}
}
}
//
// Check for incident date range parameters
//
if (!empty($url_data['from'])) {
// Add hours/mins/seconds so we still get reports if from and to are the same day
$date_from = date('Y-m-d 00:00:00', strtotime($url_data['from']));
array_push(self::$params, 'i.incident_date >= "' . $date_from . '"');
}
if (!empty($url_data['to'])) {
// Add hours/mins/seconds so we still get reports if from and to are the same day
$date_to = date('Y-m-d 23:59:59', strtotime($url_data['to']));
array_push(self::$params, 'i.incident_date <= "' . $date_to . '"');
}
// Additional checks for date parameters specified in timestamp format
// This only affects those submitted from the main page
// Start Date
if (isset($_GET['s']) and intval($_GET['s']) > 0) {
$start_date = intval($_GET['s']);
array_push(self::$params, 'i.incident_date >= "' . date("Y-m-d H:i:s", $start_date) . '"');
}
// End Date
if (isset($_GET['e']) and intval($_GET['e'])) {
$end_date = intval($_GET['e']);
array_push(self::$params, 'i.incident_date <= "' . date("Y-m-d H:i:s", $end_date) . '"');
}
//
// Check for media type parameter
//
if (isset($url_data['m']) and is_array($url_data['m'])) {
// An array of media filters has been specified
// Validate the media types
$media_types = array();
foreach ($url_data['m'] as $media_type) {
if (intval($media_type) > 0) {
$media_types[] = intval($media_type);
}
}
if (count($media_types) > 0) {
array_push(self::$params, 'i.id IN (SELECT DISTINCT incident_id FROM ' . $table_prefix . 'media WHERE media_type IN (' . implode(",", $media_types) . '))');
}
}
//
// Check if the verification status has been specified
//
if (isset($url_data['v']) and is_array($url_data['v'])) {
$verified_status = array();
foreach ($url_data['v'] as $verified) {
if (intval($verified) >= 0) {
$verified_status[] = intval($verified);
}
}
if (count($verified_status) > 0) {
array_push(self::$params, 'i.incident_verified IN (' . implode(",", $verified_status) . ')');
}
}
//Search for Keyword in all Custom Form Fields
if (isset($url_data['custom_field_0'])) {
$keywords = $url_data['custom_field_0'];
$db = new Database();
$rows = $db->query('SELECT DISTINCT incident_id FROM ' . $table_prefix . 'form_response WHERE form_response LIKE "%' . $keywords . '%"');
$incident_ids = '';
foreach ($rows as $row) {
if ($incident_ids != '') {
$incident_ids .= ',';
}
$incident_ids .= $row->incident_id;
}
//make sure there are IDs found
if ($incident_ids != '') {
array_push(self::$params, 'i.id IN (' . $incident_ids . ')');
} else {
array_push(self::$params, 'i.id IN (0)');
}
}
// End of handling cff
//
// Check if they're filtering over custom form fields
//
if (isset($url_data['cff']) and is_array($url_data['cff'])) {
$where_text = "";
$i = 0;
foreach ($url_data['cff'] as $field) {
$field_id = $field[0];
if (intval($field_id) < 1) {
continue;
}
$field_value = $field[1];
if (is_array($field_value)) {
$field_value = implode(",", $field_value);
}
$i++;
if ($i > 1) {
$where_text .= " OR ";
}
$where_text .= "(form_field_id = " . intval($field_id) . " AND form_response LIKE '%" . Database::instance()->escape_str(trim($field_value)) . "%')";
}
// Make sure there was some valid input in there
if ($i > 0) {
// Get the valid IDs - faster in a separate query as opposed
// to a subquery within the main query
$db = new Database();
$rows = $db->query('SELECT DISTINCT incident_id FROM ' . $table_prefix . 'form_response WHERE ' . $where_text);
$incident_ids = '';
foreach ($rows as $row) {
if ($incident_ids != '') {
$incident_ids .= ',';
}
$incident_ids .= $row->incident_id;
}
//make sure there are IDs found
if ($incident_ids != '') {
array_push(self::$params, 'i.id IN (' . $incident_ids . ')');
} else {
array_push(self::$params, 'i.id IN (0)');
}
}
}
// End of handling cff
// JP: Check if the reports are being filtered via search.
if (isset($url_data['q']) and is_string($url_data['q'])) {
$filter_search_query = $url_data['q'];
if (!empty($filter_search_query)) {
$search_query = "";
$keyword_string = "";
$where_string = "";
$plus = "";
$or = "";
$search_info = "";
$html = "";
$pagination = "";
// Stop words that we won't search for
// Add words as needed!!
$stop_words = array('the', 'and', 'a', 'to', 'of', 'in', 'i', 'is', 'that', 'it', 'on', 'you', 'this', 'for', 'but', 'with', 'are', 'have', 'be', 'at', 'or', 'as', 'was', 'so', 'if', 'out', 'not');
// Phase 1 - Fetch the search string and perform initial sanitization
$keyword_raw = preg_replace('#/\\w+/#', '', $filter_search_query);
// Phase 2 - Strip the search string of any HTML and PHP tags that may be present for additional safety
$keyword_raw = strip_tags($keyword_raw);
// Phase 3 - Apply Kohana's XSS cleaning mechanism
$keyword_raw = security::xss_clean($keyword_raw);
// Database instance
$db = new Database();
$keywords = explode(' ', $keyword_raw);
if (is_array($keywords) and !empty($keywords)) {
array_change_key_case($keywords, CASE_LOWER);
$i = 0;
foreach ($keywords as $value) {
if (!in_array($value, $stop_words) and !empty($value)) {
// Escape the string for query safety
$chunk = $db->escape_str($value);
if ($i > 0) {
$plus = ' + ';
$or = ' OR ';
}
$where_string = $where_string . $or . "(incident_title LIKE '%{$chunk}%' OR incident_description LIKE '%{$chunk}%')";
$i++;
}
}
if (!empty($keyword_string) and !empty($where_string)) {
// Limit the result set to only those reports that have been approved
$where_string = '(' . $where_string . ') AND incident_active = 1';
$search_query = "SELECT *, (" . $keyword_string . ") AS relevance FROM " . $table_prefix . "incident " . "WHERE " . $where_string . " " . "ORDER BY relevance DESC LIMIT ?, ?";
}
}
$rows = $db->query('SELECT DISTINCT id FROM ' . $table_prefix . 'incident WHERE ' . $where_string);
$incident_ids = '';
foreach ($rows as $row) {
if ($incident_ids != '') {
$incident_ids .= ',';
}
$incident_ids .= $row->id;
}
//make sure there are IDs found
if ($incident_ids != '') {
array_push(self::$params, 'i.id IN (' . $incident_ids . ')');
} else {
array_push(self::$params, 'i.id IN (0)');
}
}
}
// In case a plugin or something wants to get in on the parameter fetching fun
Event::run('ushahidi_filter.fetch_incidents_set_params', self::$params);
//> END PARAMETER FETCH
// Check for order and sort params
$order_field = NULL;
$sort = NULL;
$order_options = array('title' => 'i.incident_title', 'date' => 'i.incident_date', 'id' => 'i.id');
if (isset($url_data['order']) and isset($order_options[$url_data['order']])) {
$order_field = $order_options[$url_data['order']];
}
if (isset($url_data['sort'])) {
$sort = strtoupper($url_data['sort']) == 'ASC' ? 'ASC' : 'DESC';
}
if ($paginate) {
// Fetch incident count
$incident_count = Incident_Model::get_incidents(self::$params, false, $order_field, $sort, TRUE);
// Set up pagination
$page_limit = intval($items_per_page) > 0 ? $items_per_page : intval(Kohana::config('settings.items_per_page'));
$total_items = $incident_count->current() ? $incident_count->current()->report_count : 0;
$pagination = new Pagination(array('style' => 'front-end-reports', 'query_string' => 'page', 'items_per_page' => $page_limit, 'total_items' => $total_items));
Event::run('ushahidi_filter.pagination', $pagination);
self::$pagination = $pagination;
// Return paginated results
return Incident_Model::get_incidents(self::$params, self::$pagination, $order_field, $sort);
} else {
// Return
return Incident_Model::get_incidents(self::$params, false, $order_field, $sort);
}
}
private function _security($data)
{
// Remove malicious javascript
$data = security::xss_clean($data);
// Remove image tags
$data = security::strip_image_tags($data);
// Remove php code
$data = security::encode_php_tags($data);
return $data;
}
public function get_purchases()
{
if (request::is_ajax() && request::method() === 'post') {
$this->auto_render = FALSE;
$more_total = array();
$more_supp_name = array();
$post = security::xss_clean($this->input->post());
$monthFrom = date("n", strtotime($post['monthFrom']));
$monthTo = date("n", strtotime($post['monthTo']));
$year = $post['year'];
$suppliers = $this->supplier_model->find_all();
foreach ($suppliers as $supplier) {
$purchaseData = $this->purchase_model->get_sum_purchases($monthFrom, $monthTo, $year, $supplier->id)->current();
if (!empty($purchaseData->total)) {
$total = round($purchaseData->total, 2);
} else {
$total = 0;
}
// $total = 0;
// foreach($purchaseData as $purchases){
// $total += $purchases->grand_total;
// }
array_push($more_total, $total);
array_push($more_supp_name, $supplier->name);
}
$arrays = array($more_supp_name, $more_total);
//print_r(json_encode($arrays));exit;
echo json_encode($arrays);
}
}
public function save_email()
{
if (request::is_ajax() && request::method() == 'post') {
$this->auto_render = FALSE;
$post = security::xss_clean($this->input->post());
print_r($post);
exit;
}
}