Exemplo n.º 1
0
$DB = new conn();
$DB->connect();
// Get Contact Types
$sql = "select * from contact_types";
$result = $DB->query($sql);
$types = array();
if ($result) {
    while ($row = mysql_fetch_assoc($result)) {
        $types[] = $row;
    }
}
$firephp->log($types);
// Form Vars
if ($_REQUEST) {
    if (isset($_REQUEST["Action"])) {
        $action = $DB->sanitize($_REQUEST["Action"]);
        $firephp->log($action);
        if ($action == "addNew") {
            $firstname = $DB->sanitize($_REQUEST["FirstName"]);
            $lastname = $DB->sanitize($_REQUEST["LastName"]);
            $displayname = $firstname . " " . $lastname;
            $email = $DB->sanitize($_REQUEST["Email"]);
            $address = $DB->sanitize($_REQUEST["Address"]);
            $address2 = $DB->sanitize($_REQUEST["Address2"]);
            $city = $DB->sanitize($_REQUEST["City"]);
            $state = $DB->sanitize($_REQUEST["State"]);
            $zipcode = $DB->sanitize($_REQUEST["ZipCode"]);
            $country = $DB->sanitize($_REQUEST["Country"]);
            $phone = $DB->sanitize($_REQUEST["Phone"]);
            $phonedetails = $DB->sanitize($_REQUEST["PhoneDetails"]);
            $notes = $DB->sanitize($_REQUEST["Notes"]);
Exemplo n.º 2
0
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditStorage")) {
    AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_REQUEST["Action"]) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
            $description = $DB->sanitize($_REQUEST["Description"]);
            $sql = "INSERT INTO storagelocations (storagelocation_name, description ) VALUES ('" . $StorageLocationName . "', '" . $description . "')";
            $DB->execute_nonquery($sql);
            $DB->addHistory('storagelocations', $_SESSION["user_id"], "insert", "");
            header("Location: ManageStorage.php");
        }
    }
}
$DB->close();
?>
<div class="navMenu" id="navMenu">
	<div id="bullets">
		<div class="navHeaderdiv"><h1>Locations</h1></div>
		<div class="navBulletBorderTop"></div>
		<div class="navBullet navBulletSelected" id="custBullet"><a href="#" id="custBulletLink">Add New Location</a></div>
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Get Parameters
if (!$_REQUEST["startDate"] || !$_REQUEST["endDate"]) {
    header("Location: /{$ROOTPATH}/reports");
}
$params["endDate"] = date("Y/m/d", strtotime($DB->sanitize($_REQUEST["endDate"])));
$params["startDate"] = date("Y/m/d", strtotime($DB->sanitize($_REQUEST["startDate"])));
//$params["user_id"]		= $DB->sanitize($_REQUEST["user_id"]);
// End Parameters
// Get all Reports in range
$sql = "SELECT * from orders join contacts on orders.contact_id = contacts.contact_id  where order_status_id = 5 AND DateCompleted >= '" . $params["startDate"] . "' AND DateCompleted <=  '" . $params["endDate"] . "' ORDER BY order_id";
$result = $DB->query($sql);
if (!$result) {
    $DB->close();
    echo "No Sales Found in that Date Range";
    exit;
}
$orders = array();
while ($orderRow = mysql_fetch_assoc($result)) {
    $orders[$orderRow["order_id"]] = $orderRow;
}
// Get All Users
$sql = "select * from users join teams on users.team_id = teams.team_id";
$result = $DB->query($sql);
$users = array();
while ($userRow = mysql_fetch_assoc($result)) {
Exemplo n.º 4
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
// Get Parameters
$today = date("Y/m/01", strtotime("-1 month", strtotime(date("m/d/Y"))));
//$startDate	= date("Y-m-01", strtotime("today", strtotime(date("Y-m-d"))));
$startDate = date("m/01/Y", strtotime("-1 months", strtotime(date("m/d/Y"))));
$endDate = date("m/01/Y", strtotime("+1 month", strtotime("today")));
$DB = new conn();
$DB->connect();
if (isset($_REQUEST["startDate"])) {
    $startDate = $DB->sanitize($_REQUEST["startDate"]);
}
if (isset($_REQUEST["endDate"])) {
    $endDate = $DB->sanitize($_REQUEST["endDate"]);
}
if (isset($_REQUEST["productType"])) {
    $prodType = $DB->sanitize($_REQUEST["productType"]);
    if ($prodType == "Kirbys") {
        $ProductHeader = "(Kirbys)";
        $sqlProductType = "Product";
    } else {
        if ($prodType == "Accessories") {
            $sqlProductType = "Accessory";
            $ProductHeader = "(Accessories)";
        } else {
            $sqlProductType == "%";
            $ProductHeader = "(All)";
        }
    }
Exemplo n.º 5
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>

<?php 
$DB = new conn();
$DB->connect();
if ($_REQUEST) {
    if (isset($_REQUEST["order_id"])) {
        $id = $DB->sanitize($_REQUEST["order_id"]);
        $sql = "SELECT * FROM orders WHERE order_id = '" . $id . "'";
        $firephp->log($sql);
        $result = $DB->query($sql);
        $firephp->log($result);
        if ($result) {
            $order = mysql_fetch_assoc($result);
            $firephp->log($order);
        }
    }
}
$F = new FormElements();
?>
<div style="display: none">
<?php 
echo $F->ddlDealerRoles(false, "baseDealers");
?>
</div>

Exemplo n.º 6
0
$CompanyName = "";
$Address = "";
$City = "";
$State = "";
$ZipCode = "";
$ContactName = "";
$Phone = "";
$Extension = "";
$Email = "";
$Reserve = "0";
$LoanOptions = "";
$Action = "addNew";
// Form Vars
if ($_REQUEST) {
    if (isset($_REQUEST["id"])) {
        $id = $DB->sanitize($_REQUEST["id"]);
        $sql = "SELECT * FROM finance_options WHERE id = '" . $id . "'";
        $result = $DB->query($sql);
        if ($result) {
            $financeDetails = mysql_fetch_assoc($result);
            $CompanyName = $financeDetails["CompanyName"];
            $Address = $financeDetails["Address"];
            $City = $financeDetails["City"];
            $State = $financeDetails["State"];
            $ZipCode = $financeDetails["ZipCode"];
            $ContactName = $financeDetails["ContactName"];
            $Phone = $financeDetails["Phone"];
            $Extension = $financeDetails["Extension"];
            $Email = $financeDetails["Email"];
            $Reserve = $financeDetails["Reserve"];
            $LoanOptions = $financeDetails["LoanOptions"];
Exemplo n.º 7
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$F = new FormElements();
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_POST) {
        if ($_REQUEST["Action"]) {
            $action = $_REQUEST["Action"];
            if ($action == "addNew") {
                // ALL FORM INPUTS MUST BE SANITIZED
                $ProductId = $DB->sanitize($_REQUEST["ProductId"]);
                $LocationId = $DB->sanitize($_REQUEST["LocationId"]);
                $Invoice = $DB->sanitize($_REQUEST["Invoice"]);
                $DateReceived = $DB->sanitize($_REQUEST["receivedDate"]);
                $serials = array();
                foreach ($_REQUEST as $key => $value) {
                    $pos = strpos($key, "Serial");
                    if ($pos !== false) {
                        $serials[] = $DB->sanitize($value);
                    }
                }
                foreach ($serials as $serial) {
                    $sql = "INSERT INTO inventory (product_id, storagelocation_id, invoice, serial, status, status_data, AddedBy, DateReceived) VALUES (" . $ProductId . ", " . $LocationId . ", '" . $Invoice . "', '" . $serial . "', '1', " . $LocationId . ", " . $_SESSION["user_id"] . ", STR_TO_DATE('" . $DateReceived . "', '%m/%d/%Y') )";
                    $newId = $DB->insert($sql);
                    $sql = "SELECT storagelocation_name from storagelocations where storagelocation_id = " . $LocationId;
                    $locText = $DB->query_scalar($sql);
                    $statusdate = date("m/d/y");
Exemplo n.º 8
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Get Parameters
if (!$_REQUEST["user_id"]) {
    header("Location: /{$ROOTPATH}/reports");
}
$params["user_id"] = $DB->sanitize($_REQUEST["user_id"]);
// End Parameters
// Get All Checked Out Inventory
$sql = "SELECT * FROM `inventory` join products on inventory.product_id = products.product_id  WHERE inventory.status = 2 and status_data = " . $params["user_id"];
$result = $DB->query($sql);
if (!$result) {
    $DB->close();
    echo "No Inventory checked out to that user.";
    exit;
}
$inventory = array();
while ($invRow = mysql_fetch_assoc($result)) {
    $inventory[$invRow["inventory_id"]] = $invRow;
}
// Get All Users
$users = getUserHash($DB);
$productHash = getProductHash($DB);
$user_id = $params["user_id"];
echo $users[0]["user_id"];
$firephp->log($users);
$firephp->log($inventory);
Exemplo n.º 9
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_REQUEST["Action"]) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $StorageLocationName = $DB->sanitize($_REQUEST["LocationName"]);
            $sql = "INSERT INTO StorageLocations (storagelocation_name) VALUES ('" . $StorageLocationName . "')";
            $DB->execute_nonquery($sql);
            header("Location: ManageStorage.php");
        }
    }
}
$DB->close();
?>



<form name="theForm" method="post" action="<?php 
echo $_SERVER['PHP_SELF'];
?>
">

   <ul class="form">
Exemplo n.º 10
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
$DB = new conn();
$DB->connect();
// Get Parameters
$order_id = $DB->sanitize($_REQUEST["OrderID"]);
// End Parameters
// Construct Query
$sql = "SELECT * from orders";
$sql .= " join contacts on orders.contact_id = contacts.contact_id";
$sql .= " join order_status on orders.order_status_id = order_status.order_status_id";
$sql .= " where order_id = " . $order_id;
$result = mysql_query($sql);
$row = "";
if ($result) {
    $row = mysql_fetch_assoc($result);
    // Just 1
}
$firephp->log($row);
$roles = json_decode($row["dealerArray"], true);
$products = json_decode($row["ProductsArray"], true);
$products = $products["products"];
$accessories = json_decode($row["AccessoriesArray"], true);
$accessories = $accessories["products"];
$commissions = json_decode($row["CommStructure"], true);
$commissions = $commissions["elements"];
$payments = json_decode($row["PaymentArray"], true);
$payments = $payments["paymentMethods"];
// Get Users
Exemplo n.º 11
0
    $result = mysql_query($sql);
    while ($row = mysql_fetch_assoc($result)) {
        $row["sql"] = $sql;
        $retArray[] = $row;
        $output = $retArray;
    }
    $DB->close();
}
if ($id == "addTemplateToDatabase") {
    if (!UserMay("Admin_EditComm")) {
        AccessDenied();
    }
    $DB = new conn();
    $DB->connect();
    if (isset($_REQUEST["maximum"])) {
        $max = $DB->sanitize($_REQUEST["maximum"]);
    } else {
        $max = 9999999;
    }
    if (isset($_REQUEST["minimum"])) {
        $min = $DB->sanitize($_REQUEST["minimum"]);
    } else {
        $success = "failure";
        return false;
    }
    if (isset($_REQUEST["templateName"])) {
        $name = $DB->sanitize($_REQUEST["templateName"]);
    } else {
        $success = "failure";
        return false;
    }
Exemplo n.º 12
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/class_inc.php";
$DB = new conn();
$DB->connect();
$sql = "select data from reports where id = " . $DB->sanitize($_REQUEST["report_id"]);
$result = $DB->query_scalar($sql);
$time = time();
$css = "<link rel=\"StyleSheet\" href=\"" . $FQDN . "/" . $ROOTPATH . "/CSS/main.css.php?" . $time . "/>";
// Get Querystring params
$output = $DB->sanitize($_REQUEST["output"]);
$footer = $DB->sanitize($_REQUEST["footer"]);
$orient = $DB->sanitize($_REQUEST["orient"]);
$result = str_replace("<HTML><HEAD></HEAD>", "<HTML><HEAD>" . $css . "</HEAD>", $result);
require_once "wk.php";
$pdf = new WKPDF();
$pdf->set_html($result);
if ($footer) {
    $pdf->set_footer("Page [page] of [toPage]");
}
if ($orient) {
    $pdf->set_orientation($orient);
}
$pdf->render();
if ($output) {
    if ($output == "pdf") {
    }
    $pdf->output(WKPDF::$PDF_DOWNLOAD, 'sample.pdf');
} else {
    $pdf->output(WKPDF::$PDF_EMBEDDED, 'sample.pdf');
Exemplo n.º 13
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>

<?php 
if (!isset($_REQUEST["product_id"])) {
    echo "Product ID not specified";
} else {
    $DB = new conn();
    $DB->connect();
    $product_id = $DB->sanitize($_REQUEST["product_id"]);
    if (!is_numeric($product_id)) {
        die("Invalid Product_ID");
    }
    // Make sure product_id is a number
    // Actions
    if (isset($_REQUEST["Action"])) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "Delete") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $ProductID = $DB->sanitize($_REQUEST["hProduct_ID"]);
            $AccessoryID = $DB->sanitize($_REQUEST["hAccessory_ID"]);
            $sql = "DELETE from relproducts_accessories WHERE Product_ID = " . $ProductID . " AND Accessory_ID = " . $AccessoryID;
            $DB->execute_nonquery($sql);
            //header("Location: ManageProducts.php");
        }
        if ($action == "add") {
            // ALL FORM INPUTS MUST BE SANITIZED
Exemplo n.º 14
0
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditTeams")) {
    AccessDenied();
}
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_REQUEST["Action"]) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $TeamName = $DB->sanitize($_REQUEST["tbTeamName"]);
            $TeamLeader = $DB->sanitize($_REQUEST["ddlTeamLeader"]);
            $sql = "INSERT INTO teams (team_name, team_leader) VALUES ('" . $TeamName . "', " . $TeamLeader . ")";
            $DB->execute_nonquery($sql);
            $DB->addHistory('teams', $_SESSION["user_id"], "insert", "");
            header("Location: ManageTeams.php");
        }
    }
}
$users = $DB->getUsers();
$DB->close();
?>


<div class="navMenu" id="navMenu">
	<div id="bullets">
Exemplo n.º 15
0
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>

<?php 
$DB = new conn();
$DB->connect();
// Form Vars
if ($_REQUEST) {
    if ($_REQUEST["Action"]) {
        $action = $_REQUEST["Action"];
        //echo $action;
        if ($action == "addNew") {
            // ALL FORM INPUTS MUST BE SANITIZED
            $ProductType = $DB->sanitize($_REQUEST["ProductType"]);
            $ProductName = $DB->sanitize($_REQUEST["ProductName"]);
            $ProductModel = $DB->sanitize($_REQUEST["ProductModel"]);
            $ProductDescription = $DB->sanitize($_REQUEST["ProductDescription"]);
            $sql = "INSERT INTO PRODUCTS (product_type, product_name, product_model, product_description) VALUES ('" . $ProductType . "', '" . $ProductName . "', '" . $ProductModel . "', '" . $ProductDescription . "')";
            $DB->execute_nonquery($sql);
            header("Location: ManageProducts.php");
        }
    }
}
$DB->close();
?>



<form name="theForm" method="post" action="<?php 
Exemplo n.º 16
0
include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
if (!UserMay("Admin_EditUsers")) {
    AccessDenied();
}
$DB = new conn();
$DB->connect();
$UsernameDisabled = 0;
$user_id = "";
$dummytext = "";
// Form Vars
$Action = "addNew";
if ($_REQUEST) {
    $firephp->log($_REQUEST);
    if (isset($_REQUEST["id"])) {
        $user_id = $DB->sanitize($_REQUEST["id"]);
        $sql = "SELECT * FROM users WHERE user_id = '" . $user_id . "'";
        $result = $DB->query($sql);
        if ($result) {
            $user = mysql_fetch_assoc($result);
            $firephp->log($user);
            $UsernameDisabled = 1;
            $dummytext = "dummytext";
        }
        $Action = "update";
    }
    if (isset($_REQUEST["user_id"])) {
        $Action = "update";
        $user_id = $DB->sanitize($_REQUEST["user_id"]);
    }
    if (isset($_REQUEST["Action"])) {
Exemplo n.º 17
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>

<?php 
if ($_REQUEST) {
    if (isset($_REQUEST["Action"])) {
        if ($_REQUEST["Action"] == "insertCustomer") {
            $DB = new conn();
            $DB->connect();
            $firstname = $DB->sanitize($_REQUEST["FirstName"]);
            $lastname = $DB->sanitize($_REQUEST["LastName"]);
            $displayname = $firstname . " " . $lastname;
            $email = $DB->sanitize($_REQUEST["Email"]);
            $address = $DB->sanitize($_REQUEST["Address"]);
            $city = $DB->sanitize($_REQUEST["City"]);
            $state = $DB->sanitize($_REQUEST["State"]);
            $zipcode = $DB->sanitize($_REQUEST["ZipCode"]);
            $country = $DB->sanitize($_REQUEST["Country"]);
            $phone = $DB->sanitize($_REQUEST["Phone"]);
            $phonedetails = $DB->sanitize($_REQUEST["PhoneDetails"]);
            $notes = $DB->sanitize($_REQUEST["Notes"]);
            $contacttype = $DB->sanitize($_REQUEST["ContactType"]);
            $county = $DB->sanitize($_REQUEST["County"]);
            $newCustomer = $DB->addContact($firstname, $lastname, $displayname, $email, $address, $city, $state, $zipcode, $country, $phone, $phonedetails, $notes, $contacttype, $county);
        }
    }
}
?>
Exemplo n.º 18
0
<?php

include "./findconfig.php";
include $_SERVER['DOCUMENT_ROOT'] . "/" . $ROOTPATH . "/Includes/Top.php";
?>


<?php 
if ($_REQUEST) {
    if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
        // ALL FORM VARS MUST BE VALIDATED
        $DB = new conn();
        $DB->connect();
        $username = $DB->sanitize($_REQUEST["username"]);
        $password = $DB->sanitize($_REQUEST["password"]);
        $url = "/{$ROOTPATH}/index.php";
        if (isset($_REQUEST["ReturnUrl"])) {
            $url = $DB->sanitize($_REQUEST["ReturnUrl"]);
        }
        $DB->close();
        if ($DB->validateUser($username, md5($password))) {
            $sql = "select users.*, permission_roles.permission, permission_roles.roleid from users join permission_roles on users.permission_role = permission_roles.id where username = '******' and user_password = '******'";
            $DB->connect();
            $result = $DB->query($sql);
            $userInfo = mysql_fetch_assoc($result);
            $firstname = $userInfo["FirstName"];
            $lastname = $userInfo["LastName"];
            $user_id = $userInfo["user_id"];
            $permLevel = $userInfo["permission"];
            $roleid = $userInfo["roleid"];
            $_SESSION["username"] = $username;