Exemplo n.º 1
0
    AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_REQUEST["Action"]) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
            $description = $DB->sanitize($_REQUEST["Description"]);
            $sql = "INSERT INTO storagelocations (storagelocation_name, description ) VALUES ('" . $StorageLocationName . "', '" . $description . "')";
            $DB->execute_nonquery($sql);
            $DB->addHistory('storagelocations', $_SESSION["user_id"], "insert", "");
            header("Location: ManageStorage.php");
        }
    }
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
	<div id="bullets">
		<div class="navHeaderdiv"><h1>Locations</h1></div>
		<div class="navBulletBorderTop"></div>
		<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Location</a></div>
		<div class="navBulletBorderBottom"></div>
	</div>
	<div class="navPageSpacing"></div>
</div>
Exemplo n.º 2
0
     $ContactCity = $DB->sanitize($_REQUEST["ContactCity"]);
     $ContactState = $DB->sanitize($_REQUEST["ContactState"]);
     $ContactZipCode = $DB->sanitize($_REQUEST["ContactZipCode"]);
     $ContactPhone = $DB->sanitize($_REQUEST["ContactPhone"]);
     $ContactCell = $DB->sanitize($_REQUEST["ContactCell"]);
     $dtoffice = "";
     $firephp->log($_REQUEST["dtoffice"]);
     if (isset($_REQUEST["dtoffice"])) {
         $firephp->log("DT Set");
         $dtoffice = $DB->sanitize($_REQUEST["dtoffice"]);
     }
     if ($action == "addNew" && !$user_id) {
         $sql = "INSERT INTO users (Username, user_password, FirstName, LastName, permission_role, team_id, License, Social, BirthDate, Address, Address2, HomeType, City, State, ZipCode, Phone, Cell, ContactFirstName, ContactLastName, ContactAddress, ContactAddress2, ContactCity, ContactState, ContactZipCode, ContactPhone, ContactCell, dtoffice) VALUES ('" . $Username . "', MD5('" . $Password . "'), '" . $FirstName . "', '" . $LastName . "', '" . $Role . "', " . $Team . ", '" . $License . "', '" . $Social . "', '" . $BirthDate . "', '" . $Address1 . "', '" . $Address2 . "', '" . $HomeType . "', '" . $City . "', '" . $State . "', '" . $ZipCode . "', '" . $Phone . "', '" . $Cell . "', '" . $ContactFirstName . "', '" . $ContactLastName . "', '" . $ContactAddress1 . "', '" . $ContactAddress2 . "', '" . $ContactCity . "', '" . $ContactState . "', '" . $ContactZipCode . "', '" . $ContactPhone . "', '" . $ContactCell . "', '" . $dtoffice . "')";
         $firephp->log($sql);
         $DB->execute_nonquery($sql);
         $DB->addHistory('users', $_SESSION["user_id"], "insert", "");
         header("Location: ManageUsers.php");
     }
     if ($action == "update") {
         $Action = "update";
         $sql = "UPDATE users SET FirstName = '" . $FirstName . "', LastName = '" . $LastName . "', permission_role = '" . $Role . "', team_id = '" . $Team . "', License = '" . $License . "', Social = '" . $Social . "', BirthDate = '" . $BirthDate . "', Address = '" . $Address1 . "', Address2 = '" . $Address2 . "', HomeType = '" . $HomeType . "', City = '" . $City . "', State = '" . $State . "', ZipCode = '" . $ZipCode . "', Phone = '" . $Phone . "', Cell = '" . $Cell . "', ContactFirstName = '" . $ContactFirstName . "', ContactLastName = '" . $ContactLastName . "', ContactAddress = '" . $ContactAddress1 . "', ContactAddress2 = '" . $ContactAddress2 . "', ContactCity = '" . $ContactCity . "', ContactState = '" . $ContactState . "', ContactZipCode = '" . $ContactZipCode . "', ContactPhone = '" . $ContactPhone . "', ContactCell = '" . $ContactCell . "', dtoffice = '" . $dtoffice . "' WHERE user_id = " . $user_id;
         $DB->execute_nonquery($sql);
         $DB->addHistory('users', $_SESSION["user_id"], "update", "");
         if ($Password && $Password != "dummytext") {
             $sql = "UPDATE users SET user_password = MD5('" . $Password . "') WHERE user_id = " . $user_id;
             $DB->execute_nonquery($sql);
             $DB->addHistory('users', $_SESSION["user_id"], "update", "");
         }
         header("Location: ManageUsers.php");
     }
 }
Exemplo n.º 3
0
    $LastName = $DB->sanitize($_REQUEST["LastName"]);
    $user_id = $DB->sanitize($_REQUEST["user_id"]);
    $team_id = $DB->sanitize($_REQUEST["team_id"]);
    $status = $DB->sanitize($_REQUEST["Status"]);
    $perm = $DB->sanitize($_REQUEST["perm"]);
    $sender = $DB->sanitize($_REQUEST["sender"]);
    $sql = "UPDATE users SET Username = '******', FirstName = '" . $FirstName . "', LastName = '" . $LastName . "', team_id = " . $team_id . ", Status='" . $status . "', permission_role = " . $perm . " WHERE user_id = " . $user_id;
    $DB->execute_nonquery($sql);
    $sql = "SELECT users.*, teams.team_name from users left outer join teams on users.team_id = teams.team_id where user_id = " . $user_id . "  and users.status != 'deleted'";
    $error = $sql;
    $result = mysql_query($sql);
    while ($row = mysql_fetch_assoc($result)) {
        $retArray[] = $row;
        $output = $retArray;
    }
    $DB->addHistory('users', $sender, "update", $username);
    $DB->close();
}
if ($id == "updateInventoryStatus") {
    if (!UserMay("EditInventory")) {
        AccessDenied();
    }
    $DB = new conn();
    $DB->connect();
    $date = $DB->sanitize($_REQUEST["date"]);
    $inventory_id = $DB->sanitize($_REQUEST["inventory_id"]);
    $status = $DB->sanitize($_REQUEST["status"]);
    $statusdata = $DB->sanitize($_REQUEST["statusdata"]);
    $statusdate = $DB->sanitize($_REQUEST["date"]);
    $receivedDate = $DB->sanitize($_REQUEST["receivedDate"]);
    $statusdatatext = '';
Exemplo n.º 4
0
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if (isset($_REQUEST["Action"])) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $ProductType = $DB->sanitize($_REQUEST["ProductType"]);
            $ProductName = $DB->sanitize($_REQUEST["ProductName"]);
            $ProductModel = $DB->sanitize($_REQUEST["ProductModel"]);
            $ProductDescription = $DB->sanitize($_REQUEST["ProductDescription"]);
            $sql = "INSERT INTO products (product_type, product_name, product_model, product_description) VALUES ('" . $ProductType . "', '" . $ProductName . "', '" . $ProductModel . "', '" . $ProductDescription . "')";
            $DB->execute_nonquery($sql);
            $DB->addHistory('products', $_SESSION["user_id"], "insert", "");
            header("Location: ManageProducts.php");
        }
    }
}
$DB->close();
?>

<div class="navMenu" id="navMenu">
	<div id="bullets">
		<div class="navHeaderdiv"><h1>Products</h1></div>
		<div class="navBulletBorderTop"></div>
		<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Product</a></div>
		<div class="navBulletBorderBottom"></div>
	</div>
	<div class="navPageSpacing"></div>
Exemplo n.º 5
0
    AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_REQUEST["Action"]) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $TeamName = $DB->sanitize($_REQUEST["tbTeamName"]);
            $TeamLeader = $DB->sanitize($_REQUEST["ddlTeamLeader"]);
            $sql = "INSERT INTO teams (team_name, team_leader) VALUES ('" . $TeamName . "', " . $TeamLeader . ")";
            $DB->execute_nonquery($sql);
            $DB->addHistory('teams', $_SESSION["user_id"], "insert", "");
            header("Location: ManageTeams.php");
        }
    }
}
$users = $DB->getUsers();
$DB->close();
?>


<div class="navMenu" id="navMenu">
	<div id="bullets">
		<div class="navHeaderdiv"><h1>Teams</h1></div>
		<div class="navBulletBorderTop"></div>
		<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Team</a></div>
		<div class="navBulletBorderBottom"></div>