function ProcessRequestPassword()
{
global $tpl, $user, $error_list, $mail, $success;
$success = $_REQUEST['success'];
$email = $_REQUEST['email'];
$process = $_REQUEST['process'];
$check_email = $user->CheckEmailExist($email);
$i = 0;
if ($process == '1') {
if ($email == '') {
$error_list[$i] = _("Please enter your email address.");
$i++;
} elseif (!IsEmailAddress($email)) {
$error_list[$i] = _("Email is not valid.");
$i++;
} elseif (!$check_email) {
$error_list[$i] = _("Email doesnt exist.");
$i++;
} else {
$username = $check_email['username'];
$password = $user->RandomPassword($check_email['user_id']);
$firstname = $check_email['firstname'];
$lastname = $check_email['lastname'];
$from_email = CFG_NOTIFY_EMAIL;
$from_name = CFG_NOTIFY_FROM;
$mail->RequestPasswordEmail(CFG_SITE_NAME, $username, $password, $firstname, $from_email, $from_name, $email);
header("Location: request_password.php?pf=success");
}
}
}
function GetInvoiceConfiguration()
{
global $inv_class, $error_list, $company, $contact, $address, $phone, $email, $success;
$invoice_config_data = $inv_class->GetInvoiceConfiguration();
$process = $_REQUEST['process'];
$i = 0;
if ($process == "edit") {
$company = stripslashes($_REQUEST['company']);
$contact = stripslashes($_REQUEST['contact']);
$address = stripslashes($_REQUEST['address']);
$phone = $_REQUEST['phone'];
$email = $_REQUEST['email'];
if ($company == "" || $contact == "" || $address == "" || $phone == "" || $email == "") {
if ($company == "") {
$error_list[$i] = "Company is requered";
$i++;
}
if ($contact == "") {
$error_list[$i] = "Contact is requered";
$i++;
}
if ($address == "") {
$error_list[$i] = "Address is requered";
$i++;
}
if ($phone == "") {
$error_list[$i] = "Phone is requered";
$i++;
}
if ($email == "") {
$error_list[$i] = "Email is requered";
$i++;
}
} elseif (!IsEmailAddress($email)) {
$error_list[$i] = "Invalid email format";
$i++;
}
if (!is_array($error_list)) {
$inv_class->Update($company, $address, $contact, $phone, $email);
$success = true;
}
} else {
$company = $invoice_config_data['company'];
$contact = $invoice_config_data['contact'];
$address = $invoice_config_data['address'];
$phone = $invoice_config_data['phone'];
$email = $invoice_config_data['email'];
}
}
if (isset($_POST['submit'])) {
//initialise no input errors assumed initially before we test
$InputError = 0;
/* actions to take once the user has clicked the submit button
ie the page has called itself with some user input */
//first off validate inputs sensible
if (isset($_POST['Con_ID']) and !is_long((int) $_POST['Con_ID'])) {
$InputError = 1;
prnMsg(_('The Contact ID must be an integer.'), 'error');
} elseif (mb_strlen($_POST['ContactName']) > 40) {
$InputError = 1;
prnMsg(_('The contact name must be forty characters or less long'), 'error');
} elseif (trim($_POST['ContactName']) == '') {
$InputError = 1;
prnMsg(_('The contact name may not be empty'), 'error');
} elseif (!IsEmailAddress($_POST['ContactEmail']) and mb_strlen($_POST['ContactEmail']) > 0) {
$InputError = 1;
prnMsg(_('The contact email address is not a valid email address'), 'error');
}
if (isset($Id) and ($Id and $InputError != 1)) {
$sql = "UPDATE custcontacts SET contactname='" . $_POST['ContactName'] . "',\n\t\t\t\t\t\t\t\t\t\trole='" . $_POST['ContactRole'] . "',\n\t\t\t\t\t\t\t\t\t\tphoneno='" . $_POST['ContactPhone'] . "',\n\t\t\t\t\t\t\t\t\t\tnotes='" . $_POST['ContactNotes'] . "',\n\t\t\t\t\t\t\t\t\t\temail='" . $_POST['ContactEmail'] . "'\n\t\t\t\t\tWHERE debtorno ='" . $DebtorNo . "'\n\t\t\t\t\tAND contid='" . $Id . "'";
$msg = _('Customer Contacts') . ' ' . $DebtorNo . ' ' . _('has been updated');
} elseif ($InputError != 1) {
$sql = "INSERT INTO custcontacts (debtorno,\n\t\t\t\t\t\t\t\t\t\tcontactname,\n\t\t\t\t\t\t\t\t\t\trole,\n\t\t\t\t\t\t\t\t\t\tphoneno,\n\t\t\t\t\t\t\t\t\t\tnotes,\n\t\t\t\t\t\t\t\t\t\temail)\n\t\t\t\tVALUES ('" . $DebtorNo . "',\n\t\t\t\t\t\t'" . $_POST['ContactName'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactRole'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactPhone'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactNotes'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactEmail'] . "')";
$msg = _('The contact record has been added');
}
if ($InputError != 1) {
$result = DB_query($sql, $db);
//echo '<br />'.$sql;
echo '<br />';
prnMsg($msg, 'success');
<?php
/* $Id: MaintenaceReminders.php 4551 2011-04-16 06:20:56Z daintree $*/
//this script can be set to run from cron
$AllowAnyone = true;
include 'includes/session.inc';
include 'includes/htmlMimeMail.php';
$sql = "SELECT \tdescription,\n\t\t\t\ttaskdescription,\n\t\t\t\tADDDATE(lastcompleted,frequencydays) AS duedate,\n\t\t\t\tuserresponsible,\n\t\t\t\temail\n\t\tFROM fixedassettasks\n\t\tINNER JOIN fixedassets\n\t\tON fixedassettasks.assetid=fixedassets.assetid\n\t\tINNER JOIN www_users\n\t\tON fixedassettasks.userresponsible=www_users.userid\n\t\tWHERE ADDDATE(lastcompleted,frequencydays-10)> CURDATE()\n\t\tORDER BY userresponsible";
$result = DB_query($sql, $db);
$LastUserResponsible = '';
while ($myrow = DB_fetch_array($result)) {
if (!isset(${'Mail' . $myrow['userresponsible']}) and IsEmailAddress($myrow['email'])) {
if ($LastUserResponsible != '') {
${'Mail' . $myrow['userresponsible']}->setText($MailText);
$SendResult = ${'Mail' . $myrow['userresponsible']}->send(array($LastUserEmail));
$MailText = _('You have the following maintenance task(s) falling due or over-due:') . "\n";
}
$LastUserResponsible = $myrow['userresponsible'];
$LastUserEmail = $myrow['email'];
${'Mail' . $myrow['userresponsible']} = new htmlMimeMail();
${'Mail' . $myrow['userresponsible']}->setSubject('Maintenance Tasks Reminder');
${'Mail' . $myrow['userresponsible']}->setFrom('Do_not_reply <>');
}
$MailText .= "Asset: " . $myrow['description'] . "\nTask: " . $myrow['taskdescription'] . "\nDue: " . ConvertSQLDate($myrow['duedate']);
if (Date1GreaterThanDate2(ConvertSQLDate($myrow['duedate']), Date($_SESSION['DefaultDateFormat']))) {
$MailText .= _('NB: THIS JOB IS OVERDUE');
}
$MailText . "\n\n";
}
if (DB_num_rows($result) > 0) {
${'Mail' . $LastUserResponsible}->setText($MailText);
$OnlyDemo = 0;
$DualCompany = 0;
$NewCompany = 0;
if (!empty($_POST['Demo']) and $_POST['Demo'] == 'on') {
if (strtolower($DatabaseName) === 'weberpdemo') {
//user select to install the weberpdemo
$OnlyDemo = 1;
} else {
$DualCompany = 1;
//user choose to install the demo company and production environment
}
} else {
//user only choose to install the new weberp company
$NewCompany = 1;
}
if (!empty($_POST['Email']) and IsEmailAddress($_POST['Email'])) {
$Email = trim($_POST['Email']);
} else {
$InputError = 1;
prnMsg(_('You must enter a valid email address for the Administrator.'), 'error');
}
if (!empty($_POST['webERPPassword']) and !empty($_POST['PasswordConfirm']) and $_POST['webERPPassword'] == $_POST['PasswordConfirm']) {
$AdminPassword = $_POST['webERPPassword'];
} else {
$InputError = 1;
prnMsg(_('Please correct the password. The password is either blank, or the password check does not match.'), 'error');
}
if (!empty($_POST['HostName'])) {
// As HTTP_HOST is user input, ensure it only contains characters allowed
// in hostnames. See RFC 952 (and RFC 2181).
// $_SERVER['HTTP_HOST'] is lowercased here per specifications.
function AddUser()
{
global $tpl, $user, $error_list;
$username = stripslashes($_REQUEST['username']);
$firstname = stripslashes($_REQUEST['firstname']);
$lastname = stripslashes($_REQUEST['lastname']);
$email = stripslashes($_REQUEST['email']);
$address1 = stripslashes($_REQUEST['address1']);
$address2 = stripslashes($_REQUEST['address2']);
$city = stripslashes($_REQUEST['city']);
$state = stripslashes($_REQUEST['state']);
$zip = stripslashes($_REQUEST['zip']);
$phone = stripslashes($_REQUEST['phone']);
$i = 0;
if ($username == "") {
$error_list[$i] = "Username is required";
$i++;
}
if ($firstname == "") {
$error_list[$i] = "Firstname is required";
$i++;
}
if ($lastname == "") {
$error_list[$i] = "Lastname is required";
$i++;
}
if ($email == "") {
$error_list[$i] = "Email is required";
$i++;
}
if ($address1 == "") {
$error_list[$i] = _("Address is required");
$i++;
}
if ($city == "") {
$error_list[$i] = _("City is required");
$i++;
}
if ($state == "") {
$error_list[$i] = _("State is required");
$i++;
}
if ($zip == "") {
$error_list[$i] = _("Zip is required");
$i++;
}
if ($user->CheckUser($username, $email)) {
$error_list[$i] = "Username or email is already exist";
$i++;
} elseif ($repassword != $password) {
$error_list[$i] = "Password does not match";
$i++;
} elseif (!IsEmailAddress($email)) {
$error_list[$i] = "Invalid format email";
$i++;
}
if (!is_array($error_list)) {
$_REQUEST['user_id'] = $user->Add($username, '', $firstname, $lastname, $email, $address1, $address2, $city, $state, $zip, $phone);
$_REQUEST['pf'] = 'detail';
$GLOBALS['user_data'] = $GLOBALS['user']->GetUser($_REQUEST['user_id']);
ShowFormDetailUser();
} else {
ShowFormAddUser();
}
}
function ShowDetailUser()
{
$curr_user = $GLOBALS['user']->CheckUserActive($_SESSION['SESSION_USERNAME']);
$process = $_REQUEST['process'];
$GLOBALS['user_data'] = $GLOBALS['user']->GetUser($curr_user['user_id']);
if ($process == 'edit') {
$username = stripslashes($_REQUEST['username']);
$password = stripslashes($_REQUEST['password']);
$repassword = stripslashes($_REQUEST['repassword']);
$firstname = stripslashes($_REQUEST['firstname']);
$lastname = stripslashes($_REQUEST['lastname']);
$email = stripslashes($_REQUEST['email']);
$address1 = stripslashes($_REQUEST['address1']);
$address2 = stripslashes($_REQUEST['address2']);
$city = stripslashes($_REQUEST['city']);
$state = stripslashes($_REQUEST['state']);
$zip = stripslashes($_REQUEST['zip']);
$phone = stripslashes($_REQUEST['phone']);
if ($username == "") {
$GLOBALS['error_list'][] = _("Username is required");
} elseif ($GLOBALS['user_data']['username'] != $username) {
if ($GLOBALS['user']->CheckUserLogin($username)) {
$GLOBALS['error_list'][] = _("Username already exist");
}
}
if ($firstname == "") {
$GLOBALS['error_list'][] = _("Firstname is required");
}
if ($lastname == "") {
$GLOBALS['error_list'][] = _("Lastname is required");
}
if ($address1 == "") {
$GLOBALS['error_list'][] = _("Address is required");
}
if ($city == "") {
$GLOBALS['error_list'][] = _("City is required");
}
if ($state == "") {
$GLOBALS['error_list'][] = _("State is required");
}
if ($zip == "") {
$GLOBALS['error_list'][] = _("Zip is required");
}
if ($email == "") {
$GLOBALS['error_list'][] = _("Email is required");
} elseif ($GLOBALS['user_data']['email'] != $email) {
if ($GLOBALS['user']->CheckEmailExist($email)) {
$GLOBALS['error_list'][] = _("Email already exist");
}
} elseif (!IsEmailAddress($email)) {
$GLOBALS['error_list'][] = _("email is not valid");
} elseif ($repassword != $password) {
$GLOBALS['error_list'][] = _("password doesnt match");
}
if (!is_array($GLOBALS['error_list'])) {
$GLOBALS['user']->Update($curr_user['user_id'], $username, $password, $firstname, $lastname, $email, $address1, $address2, $city, $state, $zip, $phone);
$GLOBALS['success'] = true;
//refresh from DB
$GLOBALS['user_data'] = $GLOBALS['user']->GetUser($curr_user['user_id']);
} else {
$GLOBALS['user_data']['firstname'] = $firstname;
$GLOBALS['user_data']['lastname'] = $lastname;
$GLOBALS['user_data']['email'] = $email;
$GLOBALS['user_data']['address1'] = $address1;
$GLOBALS['user_data']['address2'] = $address2;
$GLOBALS['user_data']['city'] = $city;
$GLOBALS['user_data']['state'] = $state;
$GLOBALS['user_data']['zip'] = $zip;
$GLOBALS['user_data']['phone'] = $phone;
}
}
}
if ($_SESSION['PO' . $identifier]->DelAdd1 == '' or mb_strlen($_SESSION['PO' . $identifier]->DelAdd1) < 3) {
prnMsg(_('The purchase order cannot be committed to the database because there is no delivery street address specified'), 'error');
$InputError = 1;
} elseif ($_SESSION['PO' . $identifier]->Location == '' or !isset($_SESSION['PO' . $identifier]->Location)) {
prnMsg(_('The purchase order can not be committed to the database because there is no location specified to book any stock items into'), 'error');
$InputError = 1;
} elseif ($_SESSION['PO' . $identifier]->LinesOnOrder <= 0) {
prnMsg(_('The purchase order can not be committed to the database because there are no lines entered on this order'), 'error');
$InputError = 1;
}
/*If all clear then proceed to update the database
*/
if ($InputError != 1) {
$result = DB_Txn_Begin($db);
/*figure out what status to set the order to */
if (IsEmailAddress($_SESSION['UserEmail'])) {
$UserDetails = ' <a href="mailto:' . $_SESSION['UserEmail'] . '">' . $_SESSION['UsersRealName'] . '</a>';
} else {
$UserDetails = ' ' . $_SESSION['UsersRealName'] . ' ';
}
if ($_SESSION['AutoAuthorisePO'] == 1) {
//if the user has authority to authorise the PO then it will automatically be authorised
$AuthSQL = "SELECT authlevel\n\t\t\t\t\t\tFROM purchorderauth\n\t\t\t\t\t\tWHERE userid='" . $_SESSION['UserID'] . "'\n\t\t\t\t\t\tAND currabrev='" . $_SESSION['PO' . $identifier]->CurrCode . "'";
$AuthResult = DB_query($AuthSQL, $db);
$AuthRow = DB_fetch_array($AuthResult);
if (DB_num_rows($AuthResult) > 0 and $AuthRow['authlevel'] > $_SESSION['PO' . $identifier]->Order_Value()) {
//user has authority to authrorise as well as create the order
$StatusComment = date($_SESSION['DefaultDateFormat']) . ' - ' . _('Order Created and Authorised by') . $UserDetails . '<br />' . $_SESSION['PO' . $identifier]->StatusComments . '<br />';
$_SESSION['PO' . $identifier]->AllowPrintPO = 1;
$_SESSION['PO' . $identifier]->Status = 'Authorised';
} else {
<br />
<br />';
include 'includes/footer.inc';
exit;
echo '<div class="centre"><br /><br /><br />' . _('This page must be called with a purchase order number to print');
echo '<br /><a href="' . $rootpath . '/index.php">' . _('Back to the menu') . '</a></div>';
exit;
}
if (isset($_GET['OrderNo'])) {
$OrderNo = $_GET['OrderNo'];
} elseif (isset($_POST['OrderNo'])) {
$OrderNo = $_POST['OrderNo'];
}
$title = _('Print Purchase Order Number') . ' ' . $OrderNo;
if (isset($_POST['PrintOrEmail']) and isset($_POST['EmailTo'])) {
if ($_POST['PrintOrEmail'] == 'Email' and !IsEmailAddress($_POST['EmailTo'])) {
include 'includes/header.inc';
prnMsg(_('The email address entered does not appear to be valid. No emails have been sent.'), 'warn');
include 'includes/footer.inc';
exit;
}
}
$ViewingOnly = 0;
if (isset($_GET['ViewingOnly']) and $_GET['ViewingOnly'] != '') {
$ViewingOnly = $_GET['ViewingOnly'];
} elseif (isset($_POST['ViewingOnly']) and $_POST['ViewingOnly'] != '') {
$ViewingOnly = $_POST['ViewingOnly'];
}
/* If we are previewing the order then we dont want to email it */
if ($OrderNo == 'Preview') {
//OrderNo is set to 'Preview' when just looking at the format of the printed order
} else {
$_POST['company_name'] = Replace_Dodgy_Characters($_POST['company_name']);
}
if (!isset($_POST['timezone']) || $_POST['timezone'] == '') {
set_error('Please enter timezone');
}
// Use KwaMoja logo if none supplied.
// Check if the user has entered a correct path
if (!file_exists($path_to_root . '/sql/mysql/kwamoja-demo.sql')) {
set_error('It appears the Absolute path that you entered is incorrect');
}
// Get admin email and validate it
if (!isset($_POST['admin_email']) || $_POST['admin_email'] == '') {
set_error('Please enter an email for the Administrator account');
} else {
if (IsEmailAddress($_POST['admin_email']) == false) {
set_error('Please enter a valid email address for the Administrator account');
}
}
// Get the two admin passwords entered, and check that they match
if (!isset($_POST['admin_password']) || $_POST['admin_password'] == '') {
set_error('Please enter a password for the Administrator account');
}
if (!isset($_POST['admin_repassword']) || $_POST['admin_repassword'] == '') {
set_error('Please make sure you re-enter the password for the Administrator account');
}
if ($_POST['admin_password'] != $_POST['admin_repassword']) {
// Zero BOTH passwords before returning form to user.
$_POST['admin_password'] = '';
$_POST['admin_repassword'] = '';
set_error('The two Administrator account passwords you entered do not match');
function ShowConfig()
{
global $tpl, $pf, $error_list, $site_name, $site_url, $site_mail, $protect_path, $protect_url, $notify_email, $notify_from, $notify_expire, $success;
$pf = $_REQUEST['pf'];
$process = $_REQUEST['process'];
if ($process == 'edit') {
$site_name = stripslashes($_REQUEST['site_name']);
$site_mail = stripslashes($_REQUEST['site_mail']);
$protect_path = stripslashes($_REQUEST['protect_path']);
$protect_url = stripslashes($_REQUEST['protect_url']);
$notify_email = stripslashes($_REQUEST['notify_email']);
$notify_from = stripslashes($_REQUEST['notify_from']);
$notify_expire = stripslashes($_REQUEST['notify_expire']);
$i = 0;
if ($site_name == "" || $site_mail == "" || $protect_path == "" || $protect_url == "" || $notify_email == "" || $notify_from == "") {
if ($site_name == "") {
$error_list[$i] = "Site name is required";
$i++;
}
if ($site_mail == "") {
$error_list[$i] = "Site email is required";
$i++;
}
if ($protect_path == "") {
$error_list[$i] = "Protected path is required";
$i++;
}
if ($protect_url == "") {
$error_list[$i] = "Protected url is required";
$i++;
}
if ($notify_from == "") {
$error_list[$i] = "Notify from is required";
$i++;
}
if ($notify_email == "") {
$error_list[$i] = "Notify email is required";
$i++;
}
} elseif (!IsDigit($notify_expire)) {
$error_list[$i] = "Notify expire must be digit";
$i++;
} elseif (!IsEmailAddress($site_mail)) {
$error_list[$i] = "Site email is not valid format";
$i++;
} elseif (!IsEmailAddress($notify_email)) {
$error_list[$i] = "Notify email is not valid format";
$i++;
}
if (!is_array($error_list)) {
UpdateConfig($site_name, "site_name");
UpdateConfig($site_mail, "site_mail");
UpdateConfig($protect_path, "protect_path");
UpdateConfig($protect_url, "protect_url");
UpdateConfig($notify_email, "notify_email");
UpdateConfig($notify_from, "notify_from");
UpdateConfig($notify_expire, "notify_expire");
$success = true;
}
} else {
$site_name = CFG_SITE_NAME;
$site_mail = CFG_SITE_MAIL;
$protect_path = CFG_PROTECT_PATH;
$protect_url = CFG_PROTECT_URL;
$notify_email = CFG_NOTIFY_EMAIL;
$notify_from = CFG_NOTIFY_FROM;
$notify_expire = CFG_NOTIFY_EXPIRE;
}
}
} elseif (strlen($_POST['Phone']) > 25) {
$InputError = 1;
prnMsg(_('The telephone number must be 25 characters or less long'), 'error');
$Errors[$i] = 'Telephone';
$i++;
} elseif (strlen($_POST['Fax']) > 25) {
$InputError = 1;
prnMsg(_('The fax number must be 25 characters or less long'), 'error');
$Errors[$i] = 'Fax';
$i++;
} elseif (strlen($_POST['Email']) > 55) {
$InputError = 1;
prnMsg(_('The email address must be 55 characters or less long'), 'error');
$Errors[$i] = 'Email';
$i++;
} elseif (strlen($_POST['Email']) > 0 and !IsEmailAddress($_POST['Email'])) {
$InputError = 1;
prnMsg(_('The email address is not correctly formed'), 'error');
$Errors[$i] = 'Email';
$i++;
}
if ($InputError != 1) {
$sql = "SELECT typeabbrev FROM salestypes";
$result = DB_query($sql, $db);
$myrow = DB_fetch_array($result);
$SalesType = $myrow['typeabbrev'];
$InsuranceTypeID = $_POST['InsuranceType'];
if (!isset($_POST['New'])) {
$sql = "SELECT count(id)\n\t\t\t\t\t FROM debtortrans\n\t\t\t\t\twhere debtorno = '" . $_POST['DebtorNo'] . "'";
$result = DB_query($sql, $db);
$myrow = DB_fetch_array($result);
<?php
/* $Revision: 1.8 $ */
/* $Id$*/
include 'includes/session.inc';
include 'includes/SQL_CommonFunctions.inc';
if ($_GET['InvOrCredit'] == 'Invoice') {
$TransactionType = _('Invoice');
$TypeCode = 10;
} else {
$TransactionType = _('Credit Note');
$TypeCode = 11;
}
$title = _('Email') . ' ' . $TransactionType . ' ' . _('Number') . ' ' . $_GET['FromTransNo'];
if (isset($_POST['DoIt']) and IsEmailAddress($_POST['EmailAddr'])) {
if ($_SESSION['InvoicePortraitFormat'] == 0) {
echo '<meta http-equiv="Refresh" content=\'0; url=' . $rootpath . '/PrintCustTrans.php?FromTransNo=' . $_POST['TransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . "'>";
prnMsg(_('The transaction should have been emailed off') . '. ' . _('If this does not happen') . ' (' . _('if the browser does not support META Refresh') . ')' . '<a href="' . $rootpath . '/PrintCustTrans.php?FromTransNo=' . $_POST['FromTransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . '">' . _('click here') . '</a> ' . _('to email the customer transaction'), 'success');
} else {
echo '<meta http-equiv="Refresh" content=\'0; url=' . $rootpath . '/PrintCustTransPortrait.php?FromTransNo=' . $_POST['TransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . '">';
prnMsg(_('The transaction should have been emailed off. If this does not happen (perhaps the browser does not support META Refresh)') . '<a href="' . $rootpath . '/PrintCustTransPortrait.php?FromTransNo=' . $_POST['FromTransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . '">' . _('click here') . '</a> ' . _('to email the customer transaction'), 'success');
}
exit;
} elseif (isset($_POST['DoIt'])) {
$_GET['InvOrCredit'] = $_POST['InvOrCredit'];
$_GET['FromTransNo'] = $_POST['FromTransNo'];
prnMsg(_('The email address does not appear to be a valid email address. The transaction was not emailed'), 'warn');
}
include 'includes/header.inc';
echo '<p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/email.gif" title="' . _('Contract') . '" alt="" /> ' . $title . '</p>';
echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
} elseif (strlen($_POST['X_PageLength']) > 3 || !is_numeric($_POST['X_PageLength']) || $_POST['X_PageLength'] < 1) {
$InputError = 1;
prnMsg(_('Lines per page must be greater than 1'), 'error');
} elseif (strlen($_POST['X_MonthsAuditTrail']) > 2 || !is_numeric($_POST['X_MonthsAuditTrail']) || $_POST['X_MonthsAuditTrail'] < 0) {
$InputError = 1;
prnMsg(_('The number of months of audit trail to keep must be zero or a positive number less than 100 months'), 'error');
} elseif (strlen($_POST['X_DefaultTaxCategory']) > 1 || !is_numeric($_POST['X_DefaultTaxCategory']) || $_POST['X_DefaultTaxCategory'] < 1) {
$InputError = 1;
prnMsg(_('DefaultTaxCategory must be between 1 and 9'), 'error');
} elseif (strlen($_POST['X_DefaultDisplayRecordsMax']) > 3 || !is_numeric($_POST['X_DefaultDisplayRecordsMax']) || $_POST['X_DefaultDisplayRecordsMax'] < 1) {
$InputError = 1;
prnMsg(_('Default maximum number of records to display must be between 1 and 500'), 'error');
} elseif (strlen($_POST['X_MaxImageSize']) > 3 || !is_numeric($_POST['X_MaxImageSize']) || $_POST['X_MaxImageSize'] < 1) {
$InputError = 1;
prnMsg(_('The maximum size of item image files must be between 50 and 500 (NB this figure refers to KB)'), 'error');
} elseif (!IsEmailAddress($_POST['X_FactoryManagerEmail'])) {
$InputError = 1;
prnMsg(_('The Factory Manager Email address does not appear to be valid'), 'error');
} elseif (strlen($_POST['X_FrequentlyOrderedItems']) > 2 || !is_numeric($_POST['X_FrequentlyOrderedItems'])) {
$InputError = 1;
prnMsg(_('The number of frequently ordered items to display must be numeric'), 'error');
}
if ($InputError != 1) {
$sql = array();
if ($_SESSION['DefaultDateFormat'] != $_POST['X_DefaultDateFormat']) {
$sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultDateFormat'] . "' WHERE confname = 'DefaultDateFormat'";
}
if ($_SESSION['DefaultTheme'] != $_POST['X_DefaultTheme']) {
$sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultTheme'] . "' WHERE confname = 'DefaultTheme'";
}
if ($_SESSION['PastDueDays1'] != $_POST['X_PastDueDays1']) {
} elseif (mb_strlen($_POST['X_DefaultTaxCategory']) > 1 or !is_numeric($_POST['X_DefaultTaxCategory']) or $_POST['X_DefaultTaxCategory'] < 1) {
$InputError = 1;
prnMsg(_('DefaultTaxCategory must be between 1 and 9'), 'error');
} elseif (mb_strlen($_POST['X_DefaultDisplayRecordsMax']) > 3 or !is_numeric($_POST['X_DefaultDisplayRecordsMax']) or $_POST['X_DefaultDisplayRecordsMax'] < 1) {
$InputError = 1;
prnMsg(_('Default maximum number of records to display must be between 1 and 500'), 'error');
} elseif (mb_strlen($_POST['X_MaxImageSize']) > 3 or !is_numeric($_POST['X_MaxImageSize']) or $_POST['X_MaxImageSize'] < 1) {
$InputError = 1;
prnMsg(_('The maximum size of item image files must be between 50 and 500 (NB this figure refers to KB)'), 'error');
} elseif (!IsEmailAddress($_POST['X_FactoryManagerEmail'])) {
$InputError = 1;
prnMsg(_('The Factory Manager Email address does not appear to be valid'), 'error');
} elseif (!IsEmailAddress($_POST['X_PurchasingManagerEmail'])) {
$InputError = 1;
prnMsg(_('The Purchasing Manager Email address does not appear to be valid'), 'error');
} elseif (!IsEmailAddress($_POST['X_InventoryManagerEmail']) and $_POST['X_InventoryManagerEmail'] != '') {
$InputError = 1;
prnMsg(_('The Inventory Manager Email address does not appear to be valid'), 'error');
} elseif (mb_strlen($_POST['X_FrequentlyOrderedItems']) > 2 or !is_numeric($_POST['X_FrequentlyOrderedItems'])) {
$InputError = 1;
prnMsg(_('The number of frequently ordered items to display must be numeric'), 'error');
} elseif (strlen($_POST['X_SmtpSetting']) != 1 or !is_numeric($_POST['X_SmtpSetting'])) {
$InputError = 1;
prnMsg(_('The SMTP setting should be selected as Yes or No'), 'error');
} elseif (strlen($_POST['X_QualityLogSamples']) != 1 or !is_numeric($_POST['X_QualityLogSamples'])) {
$InputError = 1;
prnMsg(_('The Quality Log Samples setting should be selected as Yes or No'), 'error');
} elseif (mb_strstr($_POST['X_QualityProdSpecText'], "'") or mb_strlen($_POST['X_QualityProdSpecText']) > 5000) {
$InputError = 1;
prnMsg(_('The Quality ProdSpec Text may not contain single quotes and may not be longer than 5000 chars'), 'error');
} elseif (mb_strstr($_POST['X_QualityCOAText'], "'") or mb_strlen($_POST['X_QualityCOAText']) > 5000) {
function ProcessFormRegister()
{
global $tpl, $user, $error_list, $order, $mail, $product, $coupon, $pay_class, $currency_code, $currency_unit;
$product_id = $_REQUEST['product_id'];
$username = stripslashes($_REQUEST['username']);
$password = stripslashes($_REQUEST['password']);
$repassword = stripslashes($_REQUEST['repassword']);
$firstname = stripslashes($_REQUEST['firstname']);
$lastname = stripslashes($_REQUEST['lastname']);
$email = stripslashes($_REQUEST['email']);
$address1 = stripslashes($_REQUEST['address1']);
$address2 = stripslashes($_REQUEST['address2']);
$city = stripslashes($_REQUEST['city']);
$state = stripslashes($_REQUEST['state']);
$zip = stripslashes($_REQUEST['zip']);
$phone = stripslashes($_REQUEST['phone']);
$payment_gateway = $_REQUEST['payment_gateway'];
$products = $product->GetProduct($product_id);
$date_order_mo = $_REQUEST['date_order'];
//figure out what the timestamp for the month should be
if ($date_order_mo < date('m')) {
//year+1
$date_order = strtotime(date('Y') + 1 . '/' . $date_order_mo . '/1');
} else {
$date_order = strtotime(date('Y') . '/' . $date_order_mo . '/1');
}
$i = 0;
if ($product_id == "") {
$error_list[$i] = "Please select membership type";
$i++;
}
if ($username == "") {
$error_list[$i] = "Username is required";
$i++;
}
if ($password == "") {
$error_list[$i] = "Password is required";
$i++;
}
if ($repassword == "") {
$error_list[$i] = "Retype password is required";
$i++;
}
if ($firstname == "") {
$error_list[$i] = "Firstname is required";
$i++;
}
if ($lastname == "") {
$error_list[$i] = "Lastname is required";
$i++;
}
if ($email == "") {
$error_list[$i] = "Email is required";
$i++;
}
if ($address1 == "") {
$error_list[$i] = _("Address is required");
$i++;
}
if ($city == "") {
$error_list[$i] = _("City is required");
$i++;
}
if ($state == "") {
$error_list[$i] = _("State is required");
$i++;
}
if ($zip == "") {
$error_list[$i] = _("Zip is required");
$i++;
}
if ($payment_gateway == "" && $products['price'] > 0) {
$error_list[$i] = "Please select payment gateway";
$i++;
}
if ($user->CheckUser($username, $email)) {
$error_list[$i] = "Username or email already exist";
$i++;
}
if ($repassword != $password) {
$error_list[$i] = "password doesnt match";
$i++;
}
if (!IsEmailAddress($email)) {
$error_list[$i] = "email is not valid";
$i++;
}
if (!is_array($error_list)) {
$product_id = $_REQUEST['product_id'];
$price = $products['price'];
$name = $products['name'];
$description = $products['description'];
$item_name = $name . " ( " . $description . " )";
$invoice_id = getInvoiceId();
//**** for coupon ****//
if ($coupon_code != "") {
$discount_data = $coupon->CheckProductDiscount($coupon_code, $product_id);
if (!$discount_data) {
} else {
$percentage = strrpos($discount_data['coupon_value'], "%");
if ($percentage) {
$percent = str_replace("%", "", $discount_data['coupon_value']);
$coupon_value_type = "percentage";
$percentage_coupon_value = $percent;
$net_price = $discount_data['price'] - $discount_data['price'] * ($percent / 100);
} else {
$coupon_value_type = "price";
$price_coupon_value = $discount_data['coupon_value'];
$net_price = $discount_data['price'] - $discount_data['coupon_value'];
}
$price = $net_price;
if ($price < 0) {
$price = 0;
}
}
}
if ($price == 0) {
$user_id = $user->Add($username, $password, $firstname, $lastname, $email, $address1, $address2, $city, $state, $zip, $phone);
$order_id = $order->AddOrder($user_id, $product_id, $date_order);
$order_data = $order->GetOrder($order_id);
$product_name = $order_data['name'];
$product_desc = $order_data['description'];
$product_price = $order_data['price'];
$product_expire = date("Y-m-d", $order_data['date_expire']);
$from_email = CFG_NOTIFY_EMAIL;
$from_name = CFG_NOTIFY_FROM;
$mail->ConfirmOrderEmail(CFG_SITE_NAME, $firstname, $lastname, $from_email, $from_name, $product_name, $product_desc, $product_price, $product_expire, $email);
$mail->ReceivedOrderEmail(CFG_SITE_NAME, $firstname, $lastname, $from_email, $from_name, $product_name, $product_desc, $product_price, $date_order, $product_expire, CFG_SITE_MAIL);
$order->UpdateLastEmailSent($order_id, time());
$login = $user->Login($username, $password, $expire);
header("Location: index.php");
} else {
$firstname = $_REQUEST['firstname'];
$lastname = $_REQUEST['lastname'];
$email = $_REQUEST['email'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$currency_code = $currency_code;
//$currency_unit ===== GLOBAL VARIABLE
$return_url = CFG_SITE_URL;
$cancel_url = CFG_SITE_URL;
$total = $price;
$custom = "{$product_id}&{$email}&{$username}&{$password}&{$firstname}&{$lastname}&{$coupon_code}&{$date_order}";
if ($payment_gateway == "co" || $payment_gateway == "co_subscribe") {
$gateway_data = $pay_class->GetPaymentGatewayDetail("2" . $payment_gateway);
} else {
$gateway_data = $pay_class->GetPaymentGatewayDetail($payment_gateway);
}
if ($payment_gateway == "paypal_payments") {
$notify_url = CFG_SITE_URL . '/payment/paypal.ipn.php';
$paypal_payments_email = $gateway_data['payment_gateway_account'];
$paypal_email = $paypal_payments_email;
include 'payment/paypal.php';
} elseif ($payment_gateway == "paypal_subscribe") {
$notify_url = CFG_SITE_URL . '/payment/paypal-subscribe.ipn.php';
$paypal_subscribe_email = $gateway_data['payment_gateway_account'];
$listing_period = $products['duration'];
$listing_period_code = strtoupper($products['duration_unit']);
$paypal_email = $paypal_subscribe_email;
include 'payment/paypal-subscribe.php';
} elseif ($payment_gateway == "co") {
$notify_url = CFG_SITE_URL . '/payment/2co.ipn.php';
$co_account = $gateway_data['payment_gateway_account'];
$list_co_account = explode("&", $co_account);
$co_sid = $list_co_account[0];
$co_secret = $list_co_account[1];
$co_recurring = 0;
//set subscribe
include 'payment/2co.php';
} elseif ($payment_gateway == "co_subscribe") {
$notify_url = CFG_SITE_URL . '/payment/2co-subscribe.ipn.php';
$co_account = $gateway_data['payment_gateway_account'];
$list_co_account = explode("&", $co_account);
$co_sid = $list_co_account[0];
$co_secret = $list_co_account[1];
$co_recurring = 1;
//set subscribe
$co_prod_id = $product_id;
include 'payment/2co-subscribe.php';
} elseif ($payment_gateway == "alertpay") {
$notify_url = CFG_SITE_URL . '/payment/alertpay.ipn.php';
$alertpay_account = $gateway_data['payment_gateway_account'];
$list_alertpay_account = explode("&", $alertpay_account);
$payalert_email = $list_alertpay_account[0];
$payalert_security_code = $list_alertpay_account[1];
$ap_currency = $currency_code;
$ap_purchasetype = "service";
//lainnya subscription & service
include 'payment/alertpay.php';
} elseif ($payment_gateway == "alertpay_subscribe") {
$notify_url = CFG_SITE_URL . '/payment/alertpay.ipn.php';
$alertpay_subscribe_account = $gateway_data['payment_gateway_account'];
$list_alertpay_subscribe_account = explode("&", $alertpay_subscribe_account);
$payalert_email = $list_alertpay_subscribe_account[0];
$payalert_security_code = $list_alertpay_subscribe_account[1];
$ap_currency = $currency_code;
$ap_purchasetype = "Subscription";
//lainnya subscription & service
if (strtolower($products['duration_unit']) == "d") {
$ap_timeunit = "Day";
} elseif (strtolower($products['duration_unit']) == "m") {
$ap_timeunit = "Month";
} elseif (strtolower($products['duration_unit']) == "y") {
$ap_timeunit = "Year";
}
$ap_periodlength = $products['duration'];
include 'payment/alertpay-subscribe.php';
} elseif ($payment_gateway == "moneybookers") {
$notify_url = CFG_SITE_URL . '/payment/moneybookers.ipn.php';
$moneybookers_email = $gateway_data['payment_gateway_account'];
include 'payment/moneybookers.php';
}
}
} else {
ShowFormRegister();
}
}
function SendMailBySmtp(&$mail, $To)
{
if (IsEmailAddress($_SESSION['SMTPSettings']['username'])) {
//user has set the fully mail address as user name
$SendFrom = $_SESSION['SMTPSettings']['username'];
} else {
//user only set it's name instead of fully mail address
if (strpos($_SESSION['SMTPSettings']['host'], 'mail') !== false) {
$SubStr = 'mail';
} elseif (strpos($_SESSION['SMTPSettings']['host'], 'smtp') !== false) {
$SubStr = 'smtp';
}
$Domain = substr($_SESSION['SMTPSettings']['host'], strpos($_SESSION['SMTPSettings']['host'], $SubStr) + 5);
$SendFrom = $_SESSION['SMTPSettings']['username'] . '@' . $Domain;
}
$mail->setFrom($SendFrom);
$result = $mail->send($To, 'smtp');
return $result;
}
$Errors[$i] = 'Telephone';
$i++;
}
if (mb_strlen($_POST['Fax']) > 25) {
$InputError = 1;
prnMsg(_('The fax number must be 25 characters or less long'), 'error');
$Errors[$i] = 'Fax';
$i++;
}
if (mb_strlen($_POST['Email']) > 55) {
$InputError = 1;
prnMsg(_('The email address must be 55 characters or less long'), 'error');
$Errors[$i] = 'Email';
$i++;
}
if (mb_strlen($_POST['Email']) > 0 and !IsEmailAddress($_POST['Email'])) {
$InputError = 1;
prnMsg(_('The email address is not correctly formed'), 'error');
$Errors[$i] = 'Email';
$i++;
}
if (mb_strlen($_POST['BankRef']) > 12) {
$InputError = 1;
prnMsg(_('The bank reference text must be less than 12 characters long'), 'error');
$Errors[$i] = 'BankRef';
$i++;
}
if (!Is_Date($_POST['SupplierSince'])) {
$InputError = 1;
prnMsg(_('The supplier since field must be a date in the format') . ' ' . $_SESSION['DefaultDateFormat'], 'error');
$Errors[$i] = 'SupplierSince';
} elseif (isset($_POST['SelectedContact'])) {
$SelectedContact = $_POST['SelectedContact'];
}
if (isset($_POST['submit'])) {
//initialise no input errors assumed initially before we test
$InputError = 0;
/* actions to take once the user has clicked the submit button
ie the page has called itself with some user input */
//first off validate inputs sensible
if (mb_strlen($_POST['Contact']) == 0) {
$InputError = 1;
prnMsg(_('The contact name must be at least one character long'), 'error');
echo '<br />';
}
if (mb_strlen($_POST['Email'])) {
if (!IsEmailAddress($_POST['Email'])) {
$InputError = 1;
prnMsg(_('The email address entered does not appear to be a valid email address'), 'error');
echo '<br />';
}
}
if (isset($SelectedContact) and $InputError != 1) {
/*SelectedContact could also exist if submit had not been clicked this code would not run in this case 'cos submit is false of course see the delete code below*/
$sql = "UPDATE suppliercontacts SET position='" . $_POST['Position'] . "',\n\t\t\t\t\t\t\t\t\t\t\ttel='" . $_POST['Tel'] . "',\n\t\t\t\t\t\t\t\t\t\t\tfax='" . $_POST['Fax'] . "',\n\t\t\t\t\t\t\t\t\t\t\temail='" . $_POST['Email'] . "',\n\t\t\t\t\t\t\t\t\t\t\tmobile = '" . $_POST['Mobile'] . "'\n\t\t\t\tWHERE contact='" . $SelectedContact . "'\n\t\t\t\tAND supplierid='" . $SupplierID . "'";
$msg = _('The supplier contact information has been updated');
} elseif ($InputError != 1) {
/*Selected contact is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new supplier contacts form */
$sql = "INSERT INTO suppliercontacts (supplierid,\n\t\t\t\t\t\t\t\t\t\t\tcontact,\n\t\t\t\t\t\t\t\t\t\t\tposition,\n\t\t\t\t\t\t\t\t\t\t\ttel,\n\t\t\t\t\t\t\t\t\t\t\tfax,\n\t\t\t\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\t\t\t\tmobile)\n\t\t\t\tVALUES ('" . $SupplierID . "',\n\t\t\t\t\t'" . $_POST['Contact'] . "',\n\t\t\t\t\t'" . $_POST['Position'] . "',\n\t\t\t\t\t'" . $_POST['Tel'] . "',\n\t\t\t\t\t'" . $_POST['Fax'] . "',\n\t\t\t\t\t'" . $_POST['Email'] . "',\n\t\t\t\t\t'" . $_POST['Mobile'] . "')";
$msg = _('The new supplier contact has been added to the database');
}
//run the SQL from either of the above possibilites
$DbgMsg = _('The following SQL to insert the debtor transaction record was used');
$Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true);
$DebtorTransID = DB_Last_Insert_ID($db, 'debtortrans', 'id');
$SQL = 'INSERT INTO debtortranstaxes (debtortransid,
taxauthid,
taxamount)
VALUES (' . $DebtorTransID . ',
' . $TaxAuthID . ',
' . $Tax['FXAmount'] / $CurrencyRate . ')';
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The debtor transaction taxes records could not be inserted because');
$DbgMsg = _('The following SQL to insert the debtor transaction taxes record was used');
$Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true);
$SQL = 'COMMIT';
$Result = DB_query($SQL, $db);
echo _('Invoice number') . ' ' . $InvoiceNo . ' ' . _('processed') . '<BR>';
$EmailText .= "\n" . _('This recurring order was set to produce the invoice automatically on invoice number') . ' ' . $InvoiceNo;
}
/*end if the recurring order is set to auto invoice */
if (IsEmailAddress($RecurrOrderRow['email'])) {
$mail = new htmlMimeMail();
$mail->setText($EmailText);
$mail->setSubject(_('Recurring Order Created Advice'));
$mail->setFrom($_SESSION['CompanyRecord']['coyname'] . "<" . $_SESSION['CompanyRecord']['email'] . ">");
$result = $mail->send(array($RecurrOrderRow['email']));
unset($mail);
} else {
prnMsg(_('No email advice was sent for this order because the location has no email contact defined with a valid email address'), 'warn');
}
}
/*end while there are recurring orders due to have a new order created */
include 'includes/footer.inc';
} elseif (strlen($_POST['X_MonthsAuditTrail']) > 2 || !is_numeric($_POST['X_MonthsAuditTrail']) || $_POST['X_MonthsAuditTrail'] < 0) {
$InputError = 1;
prnMsg(_('The number of months of audit trail to keep must be zero or a positive number less than 100 months'), 'error');
} elseif (strlen($_POST['X_DefaultTaxCategory']) > 1 || !is_numeric($_POST['X_DefaultTaxCategory']) || $_POST['X_DefaultTaxCategory'] < 1) {
$InputError = 1;
prnMsg(_('DefaultTaxCategory must be between 1 and 9'), 'error');
} elseif (strlen($_POST['X_DefaultDisplayRecordsMax']) > 3 || !is_numeric($_POST['X_DefaultDisplayRecordsMax']) || $_POST['X_DefaultDisplayRecordsMax'] < 1) {
$InputError = 1;
prnMsg(_('Default maximum number of records to display must be between 1 and 500'), 'error');
} elseif (strlen($_POST['X_MaxImageSize']) > 3 || !is_numeric($_POST['X_MaxImageSize']) || $_POST['X_MaxImageSize'] < 1) {
$InputError = 1;
prnMsg(_('The maximum size of item image files must be between 50 and 500 (NB this figure refers to KB)'), 'error');
} elseif (!IsEmailAddress($_POST['X_FactoryManagerEmail'])) {
$InputError = 1;
prnMsg(_('The Factory Manager Email address does not appear to be valid'), 'error');
} elseif (!IsEmailAddress($_POST['X_PurchasingManagerEmail'])) {
$InputError = 1;
prnMsg(_('The Purchasing Manager Email address does not appear to be valid'), 'error');
}
if ($InputError != 1) {
$sql = array();
if ($_SESSION['DefaultDateFormat'] != $_POST['X_DefaultDateFormat']) {
$sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultDateFormat'] . "' WHERE confname = 'DefaultDateFormat'";
}
if ($_SESSION['DefaultTheme'] != $_POST['X_DefaultTheme']) {
$sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultTheme'] . "' WHERE confname = 'DefaultTheme'";
}
if ($_SESSION['PastDueDays1'] != $_POST['X_PastDueDays1']) {
$sql[] = "UPDATE config SET confvalue = '" . $_POST['X_PastDueDays1'] . "' WHERE confname = 'PastDueDays1'";
}
if ($_SESSION['PastDueDays2'] != $_POST['X_PastDueDays2']) {
