Exemplo n.º 1
0
if (UserMay("Admin_EditTeams")) {
    ?>
					<th style="width:40px"></th>
					<?php 
}
?>
					<th>Team_id</th>
					<th>Leader</th>
					<th style="width:100px">Team Name</th>
					<th>Users</th>
					<th>Date Added</th>
				</TR>

				<TR id="filterRow" class="filterRow">
				<?php 
if (UserMay("Admin_EditTeams")) {
    ?>
					<td></td>
					<?php 
}
?>
					
					<td>
						<input id="tbTeamIdH" Type="TEXT">
					</td>
					<td><Input id="tbNameH" TYPE="TEXT"></TD>
					<td>
						<SELECT id="ddlTeamH" style="width:100%">
							<OPTION value="%">Any</OPTION>
							<?php 
$teams = $DB->getTeams();
Exemplo n.º 2
0
    ?>
				<th style="width:40px"></th>
				<?php 
}
?>
				<th style="width:80px">UserName</th>
				<th style="width:80px">First</th>
				<th style="width:80px">Last</th>
				<th style="width:70px">Team</th>
				<th>Perms</th>
				<th>Status</th>
				</TR>

				<TR id="filterRow" class="filterRow">
					<?php 
if (UserMay("Admin_EditUsers")) {
    ?>
					<td></td>
					<?php 
}
?>
					<TD>
						<Input id="tbUsernameH" TYPE="TEXT">
					</TD>
					<td><Input id="tbFirstH" TYPE="TEXT"></TD>
					<TD><INPUT id="tbLastH" TYPE="TEXT"></TD>
					<td>
						<SELECT id="ddlTeamH" style="width:100%">
							<OPTION value="%">Any</OPTION>
							<?php 
$teams = $DB->getTeams();
Exemplo n.º 3
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin")) {
    AccessDenied();
}
$DB = new conn();
$DB->connect();
$sql = "select count(*) from users where status != 'deleted'";
$usercount = $DB->query_scalar($sql, 0);
$sql = "select * from admin_history join users on admin_history.user_id = users.user_id WHERE table_name = 'users' ORDER BY datetime DESC LIMIT 1";
$result = $DB->query($sql);
if ($result) {
    while ($row = mysql_fetch_assoc($result)) {
        $users_username = $row["Username"];
        $users_firstname = $row["FirstName"];
        $users_lastname = $row["LastName"];
        $users_date = $row["datetime"];
    }
}
$sql = "select count(*) from teams where status = 'Active'";
$teamcount = $DB->query_scalar($sql, 0);
$sql = "select * from admin_history join users on admin_history.user_id = users.user_id WHERE table_name = 'teams' ORDER BY datetime DESC LIMIT 1";
$result = $DB->query($sql);
if ($result) {
    while ($row = mysql_fetch_assoc($result)) {
        $teams_username = $row["Username"];
        $teams_firstname = $row["FirstName"];
        $teams_lastname = $row["LastName"];
        $teams_date = $row["datetime"];
Exemplo n.º 4
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditStorage")) {
    AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_REQUEST["Action"]) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
            $description = $DB->sanitize($_REQUEST["Description"]);
            $sql = "INSERT INTO storagelocations (storagelocation_name, description ) VALUES ('" . $StorageLocationName . "', '" . $description . "')";
            $DB->execute_nonquery($sql);
            $DB->addHistory('storagelocations', $_SESSION["user_id"], "insert", "");
            header("Location: ManageStorage.php");
        }
    }
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
	<div id="bullets">
		<div class="navHeaderdiv"><h1>Locations</h1></div>
		<div class="navBulletBorderTop"></div>
Exemplo n.º 5
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditProducts")) {
    AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if (isset($_REQUEST["Action"])) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $ProductType = $DB->sanitize($_REQUEST["ProductType"]);
            $ProductName = $DB->sanitize($_REQUEST["ProductName"]);
            $ProductModel = $DB->sanitize($_REQUEST["ProductModel"]);
            $ProductDescription = $DB->sanitize($_REQUEST["ProductDescription"]);
            $sql = "INSERT INTO products (product_type, product_name, product_model, product_description) VALUES ('" . $ProductType . "', '" . $ProductName . "', '" . $ProductModel . "', '" . $ProductDescription . "')";
            $DB->execute_nonquery($sql);
            $DB->addHistory('products', $_SESSION["user_id"], "insert", "");
            header("Location: ManageProducts.php");
        }
    }
}
$DB->close();
?>

<div class="navMenu" id="navMenu">
Exemplo n.º 6
0
                    }
                }
            }
            $row["dts"] = $dts;
            #see if user can see this
            if ($user["dtoffice"] == "" || $user["dtoffice"] == "_" || in_array($user["dtoffice"], $dts)) {
                $retArray[] = $row;
            }
        }
    }
    $output = $retArray;
    //$output = $sql;
    $DB->close();
}
if ($id == "getNewInventoryTable") {
    if (!UserMay("ViewInventory")) {
        AccessDenied();
    }
    $DB = new conn();
    $DB->connect();
    $user = getLoggedUser($DB);
    $sql = <<<SQLEND
\t\t\tselect inventory.inventory_id, inventory.product_id, inventory.invoice, inventory.dtoffice, products.product_model, products.product_name, inventory.serial, inventory.status, inventory.status_date, inventory.status_data, inventory.storagelocation_id, sl.storagelocation_name as slname, inventory_status.status_name, inventory_status.preposition, inventory.status_data_text, inventory.DateAdded, inventory.DateReceived, users.username AS AddedByName
\t\t\tfrom inventory
\t\t\tjoin products on inventory.product_id = products.product_id
\t\t\tjoin storagelocations sl on inventory.storagelocation_id = sl.storagelocation_id
\t\t\tjoin inventory_status on inventory.status = inventory_status.status_id
\t\t\tjoin users on inventory.AddedBy = users.User_ID
SQLEND;
    $and = false;
    if (isset($_POST["productID"])) {
Exemplo n.º 7
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditComm")) {
    AccessDenied();
}
$F = new FormElements();
?>
<div class="navMenu" id="navMenu">
	<div id="bullets">
		<div class="navHeaderdiv"><h1>Templates</h1></div>
		<div class="navBulletBorderTop"></div>
		<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Template</a></div>
		<div class="navBulletBorderBottom"></div>
	</div>
	<div class="navPageSpacing"></div>
</div>


<div class="pageContent" id="pageContent">

	<div class="contentHeaderDiv">
	</div>



<div class="commandBox" style="background-color: #EDECDC">
<h1>Add Template Element</h1>
<FORM ID="templateForm" method="POST" ACTION="">
	<div style="float: left; width: 43%;">
Exemplo n.º 8
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_ViewTax")) {
    AccessDenied();
}
?>

<?php 
$DB = new conn();
$F = new FormElements();
?>




<div class="navMenu">
	<div class="navHeaderdiv"><h1>Manage Tax Rates</h1></div>
	<div id="bullets"  style="height:auto;" class="navContent">
		<div id="bulletManageInventory" style="height:auto;" class="navContent">
			<div class="divFilters">
				<div>
					<label>Company:</label>
					<INPUT style="width:100%" id="tbFilterCompanyV">
				</div>
				<input id="btnSubmit" type="submit" value="Submit">
				<input id="btnReset" type="submit" value="Reset">


			</div>
Exemplo n.º 9
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditFinance")) {
    AccessDenied();
}
$DB = new conn();
$DB->connect();
$F = new FormElements();
$CompanyName = "";
$Address = "";
$City = "";
$State = "";
$ZipCode = "";
$ContactName = "";
$Phone = "";
$Extension = "";
$Email = "";
$Reserve = "0";
$LoanOptions = "";
$Action = "addNew";
// Form Vars
if ($_REQUEST) {
    if (isset($_REQUEST["id"])) {
        $id = $DB->sanitize($_REQUEST["id"]);
        $sql = "SELECT * FROM finance_options WHERE id = '" . $id . "'";
        $result = $DB->query($sql);
        if ($result) {
            $financeDetails = mysql_fetch_assoc($result);
            $CompanyName = $financeDetails["CompanyName"];