function ProcessRequestPassword() { global $tpl, $user, $error_list, $mail, $success; $success = $_REQUEST['success']; $email = $_REQUEST['email']; $process = $_REQUEST['process']; $check_email = $user->CheckEmailExist($email); $i = 0; if ($process == '1') { if ($email == '') { $error_list[$i] = _("Please enter your email address."); $i++; } elseif (!IsEmailAddress($email)) { $error_list[$i] = _("Email is not valid."); $i++; } elseif (!$check_email) { $error_list[$i] = _("Email doesnt exist."); $i++; } else { $username = $check_email['username']; $password = $user->RandomPassword($check_email['user_id']); $firstname = $check_email['firstname']; $lastname = $check_email['lastname']; $from_email = CFG_NOTIFY_EMAIL; $from_name = CFG_NOTIFY_FROM; $mail->RequestPasswordEmail(CFG_SITE_NAME, $username, $password, $firstname, $from_email, $from_name, $email); header("Location: request_password.php?pf=success"); } } }
function GetInvoiceConfiguration() { global $inv_class, $error_list, $company, $contact, $address, $phone, $email, $success; $invoice_config_data = $inv_class->GetInvoiceConfiguration(); $process = $_REQUEST['process']; $i = 0; if ($process == "edit") { $company = stripslashes($_REQUEST['company']); $contact = stripslashes($_REQUEST['contact']); $address = stripslashes($_REQUEST['address']); $phone = $_REQUEST['phone']; $email = $_REQUEST['email']; if ($company == "" || $contact == "" || $address == "" || $phone == "" || $email == "") { if ($company == "") { $error_list[$i] = "Company is requered"; $i++; } if ($contact == "") { $error_list[$i] = "Contact is requered"; $i++; } if ($address == "") { $error_list[$i] = "Address is requered"; $i++; } if ($phone == "") { $error_list[$i] = "Phone is requered"; $i++; } if ($email == "") { $error_list[$i] = "Email is requered"; $i++; } } elseif (!IsEmailAddress($email)) { $error_list[$i] = "Invalid email format"; $i++; } if (!is_array($error_list)) { $inv_class->Update($company, $address, $contact, $phone, $email); $success = true; } } else { $company = $invoice_config_data['company']; $contact = $invoice_config_data['contact']; $address = $invoice_config_data['address']; $phone = $invoice_config_data['phone']; $email = $invoice_config_data['email']; } }
if (isset($_POST['submit'])) { //initialise no input errors assumed initially before we test $InputError = 0; /* actions to take once the user has clicked the submit button ie the page has called itself with some user input */ //first off validate inputs sensible if (isset($_POST['Con_ID']) and !is_long((int) $_POST['Con_ID'])) { $InputError = 1; prnMsg(_('The Contact ID must be an integer.'), 'error'); } elseif (mb_strlen($_POST['ContactName']) > 40) { $InputError = 1; prnMsg(_('The contact name must be forty characters or less long'), 'error'); } elseif (trim($_POST['ContactName']) == '') { $InputError = 1; prnMsg(_('The contact name may not be empty'), 'error'); } elseif (!IsEmailAddress($_POST['ContactEmail']) and mb_strlen($_POST['ContactEmail']) > 0) { $InputError = 1; prnMsg(_('The contact email address is not a valid email address'), 'error'); } if (isset($Id) and ($Id and $InputError != 1)) { $sql = "UPDATE custcontacts SET contactname='" . $_POST['ContactName'] . "',\n\t\t\t\t\t\t\t\t\t\trole='" . $_POST['ContactRole'] . "',\n\t\t\t\t\t\t\t\t\t\tphoneno='" . $_POST['ContactPhone'] . "',\n\t\t\t\t\t\t\t\t\t\tnotes='" . $_POST['ContactNotes'] . "',\n\t\t\t\t\t\t\t\t\t\temail='" . $_POST['ContactEmail'] . "'\n\t\t\t\t\tWHERE debtorno ='" . $DebtorNo . "'\n\t\t\t\t\tAND contid='" . $Id . "'"; $msg = _('Customer Contacts') . ' ' . $DebtorNo . ' ' . _('has been updated'); } elseif ($InputError != 1) { $sql = "INSERT INTO custcontacts (debtorno,\n\t\t\t\t\t\t\t\t\t\tcontactname,\n\t\t\t\t\t\t\t\t\t\trole,\n\t\t\t\t\t\t\t\t\t\tphoneno,\n\t\t\t\t\t\t\t\t\t\tnotes,\n\t\t\t\t\t\t\t\t\t\temail)\n\t\t\t\tVALUES ('" . $DebtorNo . "',\n\t\t\t\t\t\t'" . $_POST['ContactName'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactRole'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactPhone'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactNotes'] . "',\n\t\t\t\t\t\t'" . $_POST['ContactEmail'] . "')"; $msg = _('The contact record has been added'); } if ($InputError != 1) { $result = DB_query($sql, $db); //echo '<br />'.$sql; echo '<br />'; prnMsg($msg, 'success');
<?php /* $Id: MaintenaceReminders.php 4551 2011-04-16 06:20:56Z daintree $*/ //this script can be set to run from cron $AllowAnyone = true; include 'includes/session.inc'; include 'includes/htmlMimeMail.php'; $sql = "SELECT \tdescription,\n\t\t\t\ttaskdescription,\n\t\t\t\tADDDATE(lastcompleted,frequencydays) AS duedate,\n\t\t\t\tuserresponsible,\n\t\t\t\temail\n\t\tFROM fixedassettasks\n\t\tINNER JOIN fixedassets\n\t\tON fixedassettasks.assetid=fixedassets.assetid\n\t\tINNER JOIN www_users\n\t\tON fixedassettasks.userresponsible=www_users.userid\n\t\tWHERE ADDDATE(lastcompleted,frequencydays-10)> CURDATE()\n\t\tORDER BY userresponsible"; $result = DB_query($sql, $db); $LastUserResponsible = ''; while ($myrow = DB_fetch_array($result)) { if (!isset(${'Mail' . $myrow['userresponsible']}) and IsEmailAddress($myrow['email'])) { if ($LastUserResponsible != '') { ${'Mail' . $myrow['userresponsible']}->setText($MailText); $SendResult = ${'Mail' . $myrow['userresponsible']}->send(array($LastUserEmail)); $MailText = _('You have the following maintenance task(s) falling due or over-due:') . "\n"; } $LastUserResponsible = $myrow['userresponsible']; $LastUserEmail = $myrow['email']; ${'Mail' . $myrow['userresponsible']} = new htmlMimeMail(); ${'Mail' . $myrow['userresponsible']}->setSubject('Maintenance Tasks Reminder'); ${'Mail' . $myrow['userresponsible']}->setFrom('Do_not_reply <>'); } $MailText .= "Asset: " . $myrow['description'] . "\nTask: " . $myrow['taskdescription'] . "\nDue: " . ConvertSQLDate($myrow['duedate']); if (Date1GreaterThanDate2(ConvertSQLDate($myrow['duedate']), Date($_SESSION['DefaultDateFormat']))) { $MailText .= _('NB: THIS JOB IS OVERDUE'); } $MailText . "\n\n"; } if (DB_num_rows($result) > 0) { ${'Mail' . $LastUserResponsible}->setText($MailText);
$OnlyDemo = 0; $DualCompany = 0; $NewCompany = 0; if (!empty($_POST['Demo']) and $_POST['Demo'] == 'on') { if (strtolower($DatabaseName) === 'weberpdemo') { //user select to install the weberpdemo $OnlyDemo = 1; } else { $DualCompany = 1; //user choose to install the demo company and production environment } } else { //user only choose to install the new weberp company $NewCompany = 1; } if (!empty($_POST['Email']) and IsEmailAddress($_POST['Email'])) { $Email = trim($_POST['Email']); } else { $InputError = 1; prnMsg(_('You must enter a valid email address for the Administrator.'), 'error'); } if (!empty($_POST['webERPPassword']) and !empty($_POST['PasswordConfirm']) and $_POST['webERPPassword'] == $_POST['PasswordConfirm']) { $AdminPassword = $_POST['webERPPassword']; } else { $InputError = 1; prnMsg(_('Please correct the password. The password is either blank, or the password check does not match.'), 'error'); } if (!empty($_POST['HostName'])) { // As HTTP_HOST is user input, ensure it only contains characters allowed // in hostnames. See RFC 952 (and RFC 2181). // $_SERVER['HTTP_HOST'] is lowercased here per specifications.
function AddUser() { global $tpl, $user, $error_list; $username = stripslashes($_REQUEST['username']); $firstname = stripslashes($_REQUEST['firstname']); $lastname = stripslashes($_REQUEST['lastname']); $email = stripslashes($_REQUEST['email']); $address1 = stripslashes($_REQUEST['address1']); $address2 = stripslashes($_REQUEST['address2']); $city = stripslashes($_REQUEST['city']); $state = stripslashes($_REQUEST['state']); $zip = stripslashes($_REQUEST['zip']); $phone = stripslashes($_REQUEST['phone']); $i = 0; if ($username == "") { $error_list[$i] = "Username is required"; $i++; } if ($firstname == "") { $error_list[$i] = "Firstname is required"; $i++; } if ($lastname == "") { $error_list[$i] = "Lastname is required"; $i++; } if ($email == "") { $error_list[$i] = "Email is required"; $i++; } if ($address1 == "") { $error_list[$i] = _("Address is required"); $i++; } if ($city == "") { $error_list[$i] = _("City is required"); $i++; } if ($state == "") { $error_list[$i] = _("State is required"); $i++; } if ($zip == "") { $error_list[$i] = _("Zip is required"); $i++; } if ($user->CheckUser($username, $email)) { $error_list[$i] = "Username or email is already exist"; $i++; } elseif ($repassword != $password) { $error_list[$i] = "Password does not match"; $i++; } elseif (!IsEmailAddress($email)) { $error_list[$i] = "Invalid format email"; $i++; } if (!is_array($error_list)) { $_REQUEST['user_id'] = $user->Add($username, '', $firstname, $lastname, $email, $address1, $address2, $city, $state, $zip, $phone); $_REQUEST['pf'] = 'detail'; $GLOBALS['user_data'] = $GLOBALS['user']->GetUser($_REQUEST['user_id']); ShowFormDetailUser(); } else { ShowFormAddUser(); } }
function ShowDetailUser() { $curr_user = $GLOBALS['user']->CheckUserActive($_SESSION['SESSION_USERNAME']); $process = $_REQUEST['process']; $GLOBALS['user_data'] = $GLOBALS['user']->GetUser($curr_user['user_id']); if ($process == 'edit') { $username = stripslashes($_REQUEST['username']); $password = stripslashes($_REQUEST['password']); $repassword = stripslashes($_REQUEST['repassword']); $firstname = stripslashes($_REQUEST['firstname']); $lastname = stripslashes($_REQUEST['lastname']); $email = stripslashes($_REQUEST['email']); $address1 = stripslashes($_REQUEST['address1']); $address2 = stripslashes($_REQUEST['address2']); $city = stripslashes($_REQUEST['city']); $state = stripslashes($_REQUEST['state']); $zip = stripslashes($_REQUEST['zip']); $phone = stripslashes($_REQUEST['phone']); if ($username == "") { $GLOBALS['error_list'][] = _("Username is required"); } elseif ($GLOBALS['user_data']['username'] != $username) { if ($GLOBALS['user']->CheckUserLogin($username)) { $GLOBALS['error_list'][] = _("Username already exist"); } } if ($firstname == "") { $GLOBALS['error_list'][] = _("Firstname is required"); } if ($lastname == "") { $GLOBALS['error_list'][] = _("Lastname is required"); } if ($address1 == "") { $GLOBALS['error_list'][] = _("Address is required"); } if ($city == "") { $GLOBALS['error_list'][] = _("City is required"); } if ($state == "") { $GLOBALS['error_list'][] = _("State is required"); } if ($zip == "") { $GLOBALS['error_list'][] = _("Zip is required"); } if ($email == "") { $GLOBALS['error_list'][] = _("Email is required"); } elseif ($GLOBALS['user_data']['email'] != $email) { if ($GLOBALS['user']->CheckEmailExist($email)) { $GLOBALS['error_list'][] = _("Email already exist"); } } elseif (!IsEmailAddress($email)) { $GLOBALS['error_list'][] = _("email is not valid"); } elseif ($repassword != $password) { $GLOBALS['error_list'][] = _("password doesnt match"); } if (!is_array($GLOBALS['error_list'])) { $GLOBALS['user']->Update($curr_user['user_id'], $username, $password, $firstname, $lastname, $email, $address1, $address2, $city, $state, $zip, $phone); $GLOBALS['success'] = true; //refresh from DB $GLOBALS['user_data'] = $GLOBALS['user']->GetUser($curr_user['user_id']); } else { $GLOBALS['user_data']['firstname'] = $firstname; $GLOBALS['user_data']['lastname'] = $lastname; $GLOBALS['user_data']['email'] = $email; $GLOBALS['user_data']['address1'] = $address1; $GLOBALS['user_data']['address2'] = $address2; $GLOBALS['user_data']['city'] = $city; $GLOBALS['user_data']['state'] = $state; $GLOBALS['user_data']['zip'] = $zip; $GLOBALS['user_data']['phone'] = $phone; } } }
if ($_SESSION['PO' . $identifier]->DelAdd1 == '' or mb_strlen($_SESSION['PO' . $identifier]->DelAdd1) < 3) { prnMsg(_('The purchase order cannot be committed to the database because there is no delivery street address specified'), 'error'); $InputError = 1; } elseif ($_SESSION['PO' . $identifier]->Location == '' or !isset($_SESSION['PO' . $identifier]->Location)) { prnMsg(_('The purchase order can not be committed to the database because there is no location specified to book any stock items into'), 'error'); $InputError = 1; } elseif ($_SESSION['PO' . $identifier]->LinesOnOrder <= 0) { prnMsg(_('The purchase order can not be committed to the database because there are no lines entered on this order'), 'error'); $InputError = 1; } /*If all clear then proceed to update the database */ if ($InputError != 1) { $result = DB_Txn_Begin($db); /*figure out what status to set the order to */ if (IsEmailAddress($_SESSION['UserEmail'])) { $UserDetails = ' <a href="mailto:' . $_SESSION['UserEmail'] . '">' . $_SESSION['UsersRealName'] . '</a>'; } else { $UserDetails = ' ' . $_SESSION['UsersRealName'] . ' '; } if ($_SESSION['AutoAuthorisePO'] == 1) { //if the user has authority to authorise the PO then it will automatically be authorised $AuthSQL = "SELECT authlevel\n\t\t\t\t\t\tFROM purchorderauth\n\t\t\t\t\t\tWHERE userid='" . $_SESSION['UserID'] . "'\n\t\t\t\t\t\tAND currabrev='" . $_SESSION['PO' . $identifier]->CurrCode . "'"; $AuthResult = DB_query($AuthSQL, $db); $AuthRow = DB_fetch_array($AuthResult); if (DB_num_rows($AuthResult) > 0 and $AuthRow['authlevel'] > $_SESSION['PO' . $identifier]->Order_Value()) { //user has authority to authrorise as well as create the order $StatusComment = date($_SESSION['DefaultDateFormat']) . ' - ' . _('Order Created and Authorised by') . $UserDetails . '<br />' . $_SESSION['PO' . $identifier]->StatusComments . '<br />'; $_SESSION['PO' . $identifier]->AllowPrintPO = 1; $_SESSION['PO' . $identifier]->Status = 'Authorised'; } else {
<br /> <br />'; include 'includes/footer.inc'; exit; echo '<div class="centre"><br /><br /><br />' . _('This page must be called with a purchase order number to print'); echo '<br /><a href="' . $rootpath . '/index.php">' . _('Back to the menu') . '</a></div>'; exit; } if (isset($_GET['OrderNo'])) { $OrderNo = $_GET['OrderNo']; } elseif (isset($_POST['OrderNo'])) { $OrderNo = $_POST['OrderNo']; } $title = _('Print Purchase Order Number') . ' ' . $OrderNo; if (isset($_POST['PrintOrEmail']) and isset($_POST['EmailTo'])) { if ($_POST['PrintOrEmail'] == 'Email' and !IsEmailAddress($_POST['EmailTo'])) { include 'includes/header.inc'; prnMsg(_('The email address entered does not appear to be valid. No emails have been sent.'), 'warn'); include 'includes/footer.inc'; exit; } } $ViewingOnly = 0; if (isset($_GET['ViewingOnly']) and $_GET['ViewingOnly'] != '') { $ViewingOnly = $_GET['ViewingOnly']; } elseif (isset($_POST['ViewingOnly']) and $_POST['ViewingOnly'] != '') { $ViewingOnly = $_POST['ViewingOnly']; } /* If we are previewing the order then we dont want to email it */ if ($OrderNo == 'Preview') { //OrderNo is set to 'Preview' when just looking at the format of the printed order
} else { $_POST['company_name'] = Replace_Dodgy_Characters($_POST['company_name']); } if (!isset($_POST['timezone']) || $_POST['timezone'] == '') { set_error('Please enter timezone'); } // Use KwaMoja logo if none supplied. // Check if the user has entered a correct path if (!file_exists($path_to_root . '/sql/mysql/kwamoja-demo.sql')) { set_error('It appears the Absolute path that you entered is incorrect'); } // Get admin email and validate it if (!isset($_POST['admin_email']) || $_POST['admin_email'] == '') { set_error('Please enter an email for the Administrator account'); } else { if (IsEmailAddress($_POST['admin_email']) == false) { set_error('Please enter a valid email address for the Administrator account'); } } // Get the two admin passwords entered, and check that they match if (!isset($_POST['admin_password']) || $_POST['admin_password'] == '') { set_error('Please enter a password for the Administrator account'); } if (!isset($_POST['admin_repassword']) || $_POST['admin_repassword'] == '') { set_error('Please make sure you re-enter the password for the Administrator account'); } if ($_POST['admin_password'] != $_POST['admin_repassword']) { // Zero BOTH passwords before returning form to user. $_POST['admin_password'] = ''; $_POST['admin_repassword'] = ''; set_error('The two Administrator account passwords you entered do not match');
function ShowConfig() { global $tpl, $pf, $error_list, $site_name, $site_url, $site_mail, $protect_path, $protect_url, $notify_email, $notify_from, $notify_expire, $success; $pf = $_REQUEST['pf']; $process = $_REQUEST['process']; if ($process == 'edit') { $site_name = stripslashes($_REQUEST['site_name']); $site_mail = stripslashes($_REQUEST['site_mail']); $protect_path = stripslashes($_REQUEST['protect_path']); $protect_url = stripslashes($_REQUEST['protect_url']); $notify_email = stripslashes($_REQUEST['notify_email']); $notify_from = stripslashes($_REQUEST['notify_from']); $notify_expire = stripslashes($_REQUEST['notify_expire']); $i = 0; if ($site_name == "" || $site_mail == "" || $protect_path == "" || $protect_url == "" || $notify_email == "" || $notify_from == "") { if ($site_name == "") { $error_list[$i] = "Site name is required"; $i++; } if ($site_mail == "") { $error_list[$i] = "Site email is required"; $i++; } if ($protect_path == "") { $error_list[$i] = "Protected path is required"; $i++; } if ($protect_url == "") { $error_list[$i] = "Protected url is required"; $i++; } if ($notify_from == "") { $error_list[$i] = "Notify from is required"; $i++; } if ($notify_email == "") { $error_list[$i] = "Notify email is required"; $i++; } } elseif (!IsDigit($notify_expire)) { $error_list[$i] = "Notify expire must be digit"; $i++; } elseif (!IsEmailAddress($site_mail)) { $error_list[$i] = "Site email is not valid format"; $i++; } elseif (!IsEmailAddress($notify_email)) { $error_list[$i] = "Notify email is not valid format"; $i++; } if (!is_array($error_list)) { UpdateConfig($site_name, "site_name"); UpdateConfig($site_mail, "site_mail"); UpdateConfig($protect_path, "protect_path"); UpdateConfig($protect_url, "protect_url"); UpdateConfig($notify_email, "notify_email"); UpdateConfig($notify_from, "notify_from"); UpdateConfig($notify_expire, "notify_expire"); $success = true; } } else { $site_name = CFG_SITE_NAME; $site_mail = CFG_SITE_MAIL; $protect_path = CFG_PROTECT_PATH; $protect_url = CFG_PROTECT_URL; $notify_email = CFG_NOTIFY_EMAIL; $notify_from = CFG_NOTIFY_FROM; $notify_expire = CFG_NOTIFY_EXPIRE; } }
} elseif (strlen($_POST['Phone']) > 25) { $InputError = 1; prnMsg(_('The telephone number must be 25 characters or less long'), 'error'); $Errors[$i] = 'Telephone'; $i++; } elseif (strlen($_POST['Fax']) > 25) { $InputError = 1; prnMsg(_('The fax number must be 25 characters or less long'), 'error'); $Errors[$i] = 'Fax'; $i++; } elseif (strlen($_POST['Email']) > 55) { $InputError = 1; prnMsg(_('The email address must be 55 characters or less long'), 'error'); $Errors[$i] = 'Email'; $i++; } elseif (strlen($_POST['Email']) > 0 and !IsEmailAddress($_POST['Email'])) { $InputError = 1; prnMsg(_('The email address is not correctly formed'), 'error'); $Errors[$i] = 'Email'; $i++; } if ($InputError != 1) { $sql = "SELECT typeabbrev FROM salestypes"; $result = DB_query($sql, $db); $myrow = DB_fetch_array($result); $SalesType = $myrow['typeabbrev']; $InsuranceTypeID = $_POST['InsuranceType']; if (!isset($_POST['New'])) { $sql = "SELECT count(id)\n\t\t\t\t\t FROM debtortrans\n\t\t\t\t\twhere debtorno = '" . $_POST['DebtorNo'] . "'"; $result = DB_query($sql, $db); $myrow = DB_fetch_array($result);
<?php /* $Revision: 1.8 $ */ /* $Id$*/ include 'includes/session.inc'; include 'includes/SQL_CommonFunctions.inc'; if ($_GET['InvOrCredit'] == 'Invoice') { $TransactionType = _('Invoice'); $TypeCode = 10; } else { $TransactionType = _('Credit Note'); $TypeCode = 11; } $title = _('Email') . ' ' . $TransactionType . ' ' . _('Number') . ' ' . $_GET['FromTransNo']; if (isset($_POST['DoIt']) and IsEmailAddress($_POST['EmailAddr'])) { if ($_SESSION['InvoicePortraitFormat'] == 0) { echo '<meta http-equiv="Refresh" content=\'0; url=' . $rootpath . '/PrintCustTrans.php?FromTransNo=' . $_POST['TransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . "'>"; prnMsg(_('The transaction should have been emailed off') . '. ' . _('If this does not happen') . ' (' . _('if the browser does not support META Refresh') . ')' . '<a href="' . $rootpath . '/PrintCustTrans.php?FromTransNo=' . $_POST['FromTransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . '">' . _('click here') . '</a> ' . _('to email the customer transaction'), 'success'); } else { echo '<meta http-equiv="Refresh" content=\'0; url=' . $rootpath . '/PrintCustTransPortrait.php?FromTransNo=' . $_POST['TransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . '">'; prnMsg(_('The transaction should have been emailed off. If this does not happen (perhaps the browser does not support META Refresh)') . '<a href="' . $rootpath . '/PrintCustTransPortrait.php?FromTransNo=' . $_POST['FromTransNo'] . '&PrintPDF=Yes&InvOrCredit=' . $_POST['InvOrCredit'] . '&Email=' . $_POST['EmailAddr'] . '">' . _('click here') . '</a> ' . _('to email the customer transaction'), 'success'); } exit; } elseif (isset($_POST['DoIt'])) { $_GET['InvOrCredit'] = $_POST['InvOrCredit']; $_GET['FromTransNo'] = $_POST['FromTransNo']; prnMsg(_('The email address does not appear to be a valid email address. The transaction was not emailed'), 'warn'); } include 'includes/header.inc'; echo '<p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/email.gif" title="' . _('Contract') . '" alt="" /> ' . $title . '</p>'; echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '" method="post">';
} elseif (strlen($_POST['X_PageLength']) > 3 || !is_numeric($_POST['X_PageLength']) || $_POST['X_PageLength'] < 1) { $InputError = 1; prnMsg(_('Lines per page must be greater than 1'), 'error'); } elseif (strlen($_POST['X_MonthsAuditTrail']) > 2 || !is_numeric($_POST['X_MonthsAuditTrail']) || $_POST['X_MonthsAuditTrail'] < 0) { $InputError = 1; prnMsg(_('The number of months of audit trail to keep must be zero or a positive number less than 100 months'), 'error'); } elseif (strlen($_POST['X_DefaultTaxCategory']) > 1 || !is_numeric($_POST['X_DefaultTaxCategory']) || $_POST['X_DefaultTaxCategory'] < 1) { $InputError = 1; prnMsg(_('DefaultTaxCategory must be between 1 and 9'), 'error'); } elseif (strlen($_POST['X_DefaultDisplayRecordsMax']) > 3 || !is_numeric($_POST['X_DefaultDisplayRecordsMax']) || $_POST['X_DefaultDisplayRecordsMax'] < 1) { $InputError = 1; prnMsg(_('Default maximum number of records to display must be between 1 and 500'), 'error'); } elseif (strlen($_POST['X_MaxImageSize']) > 3 || !is_numeric($_POST['X_MaxImageSize']) || $_POST['X_MaxImageSize'] < 1) { $InputError = 1; prnMsg(_('The maximum size of item image files must be between 50 and 500 (NB this figure refers to KB)'), 'error'); } elseif (!IsEmailAddress($_POST['X_FactoryManagerEmail'])) { $InputError = 1; prnMsg(_('The Factory Manager Email address does not appear to be valid'), 'error'); } elseif (strlen($_POST['X_FrequentlyOrderedItems']) > 2 || !is_numeric($_POST['X_FrequentlyOrderedItems'])) { $InputError = 1; prnMsg(_('The number of frequently ordered items to display must be numeric'), 'error'); } if ($InputError != 1) { $sql = array(); if ($_SESSION['DefaultDateFormat'] != $_POST['X_DefaultDateFormat']) { $sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultDateFormat'] . "' WHERE confname = 'DefaultDateFormat'"; } if ($_SESSION['DefaultTheme'] != $_POST['X_DefaultTheme']) { $sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultTheme'] . "' WHERE confname = 'DefaultTheme'"; } if ($_SESSION['PastDueDays1'] != $_POST['X_PastDueDays1']) {
} elseif (mb_strlen($_POST['X_DefaultTaxCategory']) > 1 or !is_numeric($_POST['X_DefaultTaxCategory']) or $_POST['X_DefaultTaxCategory'] < 1) { $InputError = 1; prnMsg(_('DefaultTaxCategory must be between 1 and 9'), 'error'); } elseif (mb_strlen($_POST['X_DefaultDisplayRecordsMax']) > 3 or !is_numeric($_POST['X_DefaultDisplayRecordsMax']) or $_POST['X_DefaultDisplayRecordsMax'] < 1) { $InputError = 1; prnMsg(_('Default maximum number of records to display must be between 1 and 500'), 'error'); } elseif (mb_strlen($_POST['X_MaxImageSize']) > 3 or !is_numeric($_POST['X_MaxImageSize']) or $_POST['X_MaxImageSize'] < 1) { $InputError = 1; prnMsg(_('The maximum size of item image files must be between 50 and 500 (NB this figure refers to KB)'), 'error'); } elseif (!IsEmailAddress($_POST['X_FactoryManagerEmail'])) { $InputError = 1; prnMsg(_('The Factory Manager Email address does not appear to be valid'), 'error'); } elseif (!IsEmailAddress($_POST['X_PurchasingManagerEmail'])) { $InputError = 1; prnMsg(_('The Purchasing Manager Email address does not appear to be valid'), 'error'); } elseif (!IsEmailAddress($_POST['X_InventoryManagerEmail']) and $_POST['X_InventoryManagerEmail'] != '') { $InputError = 1; prnMsg(_('The Inventory Manager Email address does not appear to be valid'), 'error'); } elseif (mb_strlen($_POST['X_FrequentlyOrderedItems']) > 2 or !is_numeric($_POST['X_FrequentlyOrderedItems'])) { $InputError = 1; prnMsg(_('The number of frequently ordered items to display must be numeric'), 'error'); } elseif (strlen($_POST['X_SmtpSetting']) != 1 or !is_numeric($_POST['X_SmtpSetting'])) { $InputError = 1; prnMsg(_('The SMTP setting should be selected as Yes or No'), 'error'); } elseif (strlen($_POST['X_QualityLogSamples']) != 1 or !is_numeric($_POST['X_QualityLogSamples'])) { $InputError = 1; prnMsg(_('The Quality Log Samples setting should be selected as Yes or No'), 'error'); } elseif (mb_strstr($_POST['X_QualityProdSpecText'], "'") or mb_strlen($_POST['X_QualityProdSpecText']) > 5000) { $InputError = 1; prnMsg(_('The Quality ProdSpec Text may not contain single quotes and may not be longer than 5000 chars'), 'error'); } elseif (mb_strstr($_POST['X_QualityCOAText'], "'") or mb_strlen($_POST['X_QualityCOAText']) > 5000) {
function ProcessFormRegister() { global $tpl, $user, $error_list, $order, $mail, $product, $coupon, $pay_class, $currency_code, $currency_unit; $product_id = $_REQUEST['product_id']; $username = stripslashes($_REQUEST['username']); $password = stripslashes($_REQUEST['password']); $repassword = stripslashes($_REQUEST['repassword']); $firstname = stripslashes($_REQUEST['firstname']); $lastname = stripslashes($_REQUEST['lastname']); $email = stripslashes($_REQUEST['email']); $address1 = stripslashes($_REQUEST['address1']); $address2 = stripslashes($_REQUEST['address2']); $city = stripslashes($_REQUEST['city']); $state = stripslashes($_REQUEST['state']); $zip = stripslashes($_REQUEST['zip']); $phone = stripslashes($_REQUEST['phone']); $payment_gateway = $_REQUEST['payment_gateway']; $products = $product->GetProduct($product_id); $date_order_mo = $_REQUEST['date_order']; //figure out what the timestamp for the month should be if ($date_order_mo < date('m')) { //year+1 $date_order = strtotime(date('Y') + 1 . '/' . $date_order_mo . '/1'); } else { $date_order = strtotime(date('Y') . '/' . $date_order_mo . '/1'); } $i = 0; if ($product_id == "") { $error_list[$i] = "Please select membership type"; $i++; } if ($username == "") { $error_list[$i] = "Username is required"; $i++; } if ($password == "") { $error_list[$i] = "Password is required"; $i++; } if ($repassword == "") { $error_list[$i] = "Retype password is required"; $i++; } if ($firstname == "") { $error_list[$i] = "Firstname is required"; $i++; } if ($lastname == "") { $error_list[$i] = "Lastname is required"; $i++; } if ($email == "") { $error_list[$i] = "Email is required"; $i++; } if ($address1 == "") { $error_list[$i] = _("Address is required"); $i++; } if ($city == "") { $error_list[$i] = _("City is required"); $i++; } if ($state == "") { $error_list[$i] = _("State is required"); $i++; } if ($zip == "") { $error_list[$i] = _("Zip is required"); $i++; } if ($payment_gateway == "" && $products['price'] > 0) { $error_list[$i] = "Please select payment gateway"; $i++; } if ($user->CheckUser($username, $email)) { $error_list[$i] = "Username or email already exist"; $i++; } if ($repassword != $password) { $error_list[$i] = "password doesnt match"; $i++; } if (!IsEmailAddress($email)) { $error_list[$i] = "email is not valid"; $i++; } if (!is_array($error_list)) { $product_id = $_REQUEST['product_id']; $price = $products['price']; $name = $products['name']; $description = $products['description']; $item_name = $name . " ( " . $description . " )"; $invoice_id = getInvoiceId(); //**** for coupon ****// if ($coupon_code != "") { $discount_data = $coupon->CheckProductDiscount($coupon_code, $product_id); if (!$discount_data) { } else { $percentage = strrpos($discount_data['coupon_value'], "%"); if ($percentage) { $percent = str_replace("%", "", $discount_data['coupon_value']); $coupon_value_type = "percentage"; $percentage_coupon_value = $percent; $net_price = $discount_data['price'] - $discount_data['price'] * ($percent / 100); } else { $coupon_value_type = "price"; $price_coupon_value = $discount_data['coupon_value']; $net_price = $discount_data['price'] - $discount_data['coupon_value']; } $price = $net_price; if ($price < 0) { $price = 0; } } } if ($price == 0) { $user_id = $user->Add($username, $password, $firstname, $lastname, $email, $address1, $address2, $city, $state, $zip, $phone); $order_id = $order->AddOrder($user_id, $product_id, $date_order); $order_data = $order->GetOrder($order_id); $product_name = $order_data['name']; $product_desc = $order_data['description']; $product_price = $order_data['price']; $product_expire = date("Y-m-d", $order_data['date_expire']); $from_email = CFG_NOTIFY_EMAIL; $from_name = CFG_NOTIFY_FROM; $mail->ConfirmOrderEmail(CFG_SITE_NAME, $firstname, $lastname, $from_email, $from_name, $product_name, $product_desc, $product_price, $product_expire, $email); $mail->ReceivedOrderEmail(CFG_SITE_NAME, $firstname, $lastname, $from_email, $from_name, $product_name, $product_desc, $product_price, $date_order, $product_expire, CFG_SITE_MAIL); $order->UpdateLastEmailSent($order_id, time()); $login = $user->Login($username, $password, $expire); header("Location: index.php"); } else { $firstname = $_REQUEST['firstname']; $lastname = $_REQUEST['lastname']; $email = $_REQUEST['email']; $username = $_REQUEST['username']; $password = $_REQUEST['password']; $currency_code = $currency_code; //$currency_unit ===== GLOBAL VARIABLE $return_url = CFG_SITE_URL; $cancel_url = CFG_SITE_URL; $total = $price; $custom = "{$product_id}&{$email}&{$username}&{$password}&{$firstname}&{$lastname}&{$coupon_code}&{$date_order}"; if ($payment_gateway == "co" || $payment_gateway == "co_subscribe") { $gateway_data = $pay_class->GetPaymentGatewayDetail("2" . $payment_gateway); } else { $gateway_data = $pay_class->GetPaymentGatewayDetail($payment_gateway); } if ($payment_gateway == "paypal_payments") { $notify_url = CFG_SITE_URL . '/payment/paypal.ipn.php'; $paypal_payments_email = $gateway_data['payment_gateway_account']; $paypal_email = $paypal_payments_email; include 'payment/paypal.php'; } elseif ($payment_gateway == "paypal_subscribe") { $notify_url = CFG_SITE_URL . '/payment/paypal-subscribe.ipn.php'; $paypal_subscribe_email = $gateway_data['payment_gateway_account']; $listing_period = $products['duration']; $listing_period_code = strtoupper($products['duration_unit']); $paypal_email = $paypal_subscribe_email; include 'payment/paypal-subscribe.php'; } elseif ($payment_gateway == "co") { $notify_url = CFG_SITE_URL . '/payment/2co.ipn.php'; $co_account = $gateway_data['payment_gateway_account']; $list_co_account = explode("&", $co_account); $co_sid = $list_co_account[0]; $co_secret = $list_co_account[1]; $co_recurring = 0; //set subscribe include 'payment/2co.php'; } elseif ($payment_gateway == "co_subscribe") { $notify_url = CFG_SITE_URL . '/payment/2co-subscribe.ipn.php'; $co_account = $gateway_data['payment_gateway_account']; $list_co_account = explode("&", $co_account); $co_sid = $list_co_account[0]; $co_secret = $list_co_account[1]; $co_recurring = 1; //set subscribe $co_prod_id = $product_id; include 'payment/2co-subscribe.php'; } elseif ($payment_gateway == "alertpay") { $notify_url = CFG_SITE_URL . '/payment/alertpay.ipn.php'; $alertpay_account = $gateway_data['payment_gateway_account']; $list_alertpay_account = explode("&", $alertpay_account); $payalert_email = $list_alertpay_account[0]; $payalert_security_code = $list_alertpay_account[1]; $ap_currency = $currency_code; $ap_purchasetype = "service"; //lainnya subscription & service include 'payment/alertpay.php'; } elseif ($payment_gateway == "alertpay_subscribe") { $notify_url = CFG_SITE_URL . '/payment/alertpay.ipn.php'; $alertpay_subscribe_account = $gateway_data['payment_gateway_account']; $list_alertpay_subscribe_account = explode("&", $alertpay_subscribe_account); $payalert_email = $list_alertpay_subscribe_account[0]; $payalert_security_code = $list_alertpay_subscribe_account[1]; $ap_currency = $currency_code; $ap_purchasetype = "Subscription"; //lainnya subscription & service if (strtolower($products['duration_unit']) == "d") { $ap_timeunit = "Day"; } elseif (strtolower($products['duration_unit']) == "m") { $ap_timeunit = "Month"; } elseif (strtolower($products['duration_unit']) == "y") { $ap_timeunit = "Year"; } $ap_periodlength = $products['duration']; include 'payment/alertpay-subscribe.php'; } elseif ($payment_gateway == "moneybookers") { $notify_url = CFG_SITE_URL . '/payment/moneybookers.ipn.php'; $moneybookers_email = $gateway_data['payment_gateway_account']; include 'payment/moneybookers.php'; } } } else { ShowFormRegister(); } }
function SendMailBySmtp(&$mail, $To) { if (IsEmailAddress($_SESSION['SMTPSettings']['username'])) { //user has set the fully mail address as user name $SendFrom = $_SESSION['SMTPSettings']['username']; } else { //user only set it's name instead of fully mail address if (strpos($_SESSION['SMTPSettings']['host'], 'mail') !== false) { $SubStr = 'mail'; } elseif (strpos($_SESSION['SMTPSettings']['host'], 'smtp') !== false) { $SubStr = 'smtp'; } $Domain = substr($_SESSION['SMTPSettings']['host'], strpos($_SESSION['SMTPSettings']['host'], $SubStr) + 5); $SendFrom = $_SESSION['SMTPSettings']['username'] . '@' . $Domain; } $mail->setFrom($SendFrom); $result = $mail->send($To, 'smtp'); return $result; }
$Errors[$i] = 'Telephone'; $i++; } if (mb_strlen($_POST['Fax']) > 25) { $InputError = 1; prnMsg(_('The fax number must be 25 characters or less long'), 'error'); $Errors[$i] = 'Fax'; $i++; } if (mb_strlen($_POST['Email']) > 55) { $InputError = 1; prnMsg(_('The email address must be 55 characters or less long'), 'error'); $Errors[$i] = 'Email'; $i++; } if (mb_strlen($_POST['Email']) > 0 and !IsEmailAddress($_POST['Email'])) { $InputError = 1; prnMsg(_('The email address is not correctly formed'), 'error'); $Errors[$i] = 'Email'; $i++; } if (mb_strlen($_POST['BankRef']) > 12) { $InputError = 1; prnMsg(_('The bank reference text must be less than 12 characters long'), 'error'); $Errors[$i] = 'BankRef'; $i++; } if (!Is_Date($_POST['SupplierSince'])) { $InputError = 1; prnMsg(_('The supplier since field must be a date in the format') . ' ' . $_SESSION['DefaultDateFormat'], 'error'); $Errors[$i] = 'SupplierSince';
} elseif (isset($_POST['SelectedContact'])) { $SelectedContact = $_POST['SelectedContact']; } if (isset($_POST['submit'])) { //initialise no input errors assumed initially before we test $InputError = 0; /* actions to take once the user has clicked the submit button ie the page has called itself with some user input */ //first off validate inputs sensible if (mb_strlen($_POST['Contact']) == 0) { $InputError = 1; prnMsg(_('The contact name must be at least one character long'), 'error'); echo '<br />'; } if (mb_strlen($_POST['Email'])) { if (!IsEmailAddress($_POST['Email'])) { $InputError = 1; prnMsg(_('The email address entered does not appear to be a valid email address'), 'error'); echo '<br />'; } } if (isset($SelectedContact) and $InputError != 1) { /*SelectedContact could also exist if submit had not been clicked this code would not run in this case 'cos submit is false of course see the delete code below*/ $sql = "UPDATE suppliercontacts SET position='" . $_POST['Position'] . "',\n\t\t\t\t\t\t\t\t\t\t\ttel='" . $_POST['Tel'] . "',\n\t\t\t\t\t\t\t\t\t\t\tfax='" . $_POST['Fax'] . "',\n\t\t\t\t\t\t\t\t\t\t\temail='" . $_POST['Email'] . "',\n\t\t\t\t\t\t\t\t\t\t\tmobile = '" . $_POST['Mobile'] . "'\n\t\t\t\tWHERE contact='" . $SelectedContact . "'\n\t\t\t\tAND supplierid='" . $SupplierID . "'"; $msg = _('The supplier contact information has been updated'); } elseif ($InputError != 1) { /*Selected contact is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new supplier contacts form */ $sql = "INSERT INTO suppliercontacts (supplierid,\n\t\t\t\t\t\t\t\t\t\t\tcontact,\n\t\t\t\t\t\t\t\t\t\t\tposition,\n\t\t\t\t\t\t\t\t\t\t\ttel,\n\t\t\t\t\t\t\t\t\t\t\tfax,\n\t\t\t\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\t\t\t\tmobile)\n\t\t\t\tVALUES ('" . $SupplierID . "',\n\t\t\t\t\t'" . $_POST['Contact'] . "',\n\t\t\t\t\t'" . $_POST['Position'] . "',\n\t\t\t\t\t'" . $_POST['Tel'] . "',\n\t\t\t\t\t'" . $_POST['Fax'] . "',\n\t\t\t\t\t'" . $_POST['Email'] . "',\n\t\t\t\t\t'" . $_POST['Mobile'] . "')"; $msg = _('The new supplier contact has been added to the database'); } //run the SQL from either of the above possibilites
$DbgMsg = _('The following SQL to insert the debtor transaction record was used'); $Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true); $DebtorTransID = DB_Last_Insert_ID($db, 'debtortrans', 'id'); $SQL = 'INSERT INTO debtortranstaxes (debtortransid, taxauthid, taxamount) VALUES (' . $DebtorTransID . ', ' . $TaxAuthID . ', ' . $Tax['FXAmount'] / $CurrencyRate . ')'; $ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The debtor transaction taxes records could not be inserted because'); $DbgMsg = _('The following SQL to insert the debtor transaction taxes record was used'); $Result = DB_query($SQL, $db, $ErrMsg, $DbgMsg, true); $SQL = 'COMMIT'; $Result = DB_query($SQL, $db); echo _('Invoice number') . ' ' . $InvoiceNo . ' ' . _('processed') . '<BR>'; $EmailText .= "\n" . _('This recurring order was set to produce the invoice automatically on invoice number') . ' ' . $InvoiceNo; } /*end if the recurring order is set to auto invoice */ if (IsEmailAddress($RecurrOrderRow['email'])) { $mail = new htmlMimeMail(); $mail->setText($EmailText); $mail->setSubject(_('Recurring Order Created Advice')); $mail->setFrom($_SESSION['CompanyRecord']['coyname'] . "<" . $_SESSION['CompanyRecord']['email'] . ">"); $result = $mail->send(array($RecurrOrderRow['email'])); unset($mail); } else { prnMsg(_('No email advice was sent for this order because the location has no email contact defined with a valid email address'), 'warn'); } } /*end while there are recurring orders due to have a new order created */ include 'includes/footer.inc';
} elseif (strlen($_POST['X_MonthsAuditTrail']) > 2 || !is_numeric($_POST['X_MonthsAuditTrail']) || $_POST['X_MonthsAuditTrail'] < 0) { $InputError = 1; prnMsg(_('The number of months of audit trail to keep must be zero or a positive number less than 100 months'), 'error'); } elseif (strlen($_POST['X_DefaultTaxCategory']) > 1 || !is_numeric($_POST['X_DefaultTaxCategory']) || $_POST['X_DefaultTaxCategory'] < 1) { $InputError = 1; prnMsg(_('DefaultTaxCategory must be between 1 and 9'), 'error'); } elseif (strlen($_POST['X_DefaultDisplayRecordsMax']) > 3 || !is_numeric($_POST['X_DefaultDisplayRecordsMax']) || $_POST['X_DefaultDisplayRecordsMax'] < 1) { $InputError = 1; prnMsg(_('Default maximum number of records to display must be between 1 and 500'), 'error'); } elseif (strlen($_POST['X_MaxImageSize']) > 3 || !is_numeric($_POST['X_MaxImageSize']) || $_POST['X_MaxImageSize'] < 1) { $InputError = 1; prnMsg(_('The maximum size of item image files must be between 50 and 500 (NB this figure refers to KB)'), 'error'); } elseif (!IsEmailAddress($_POST['X_FactoryManagerEmail'])) { $InputError = 1; prnMsg(_('The Factory Manager Email address does not appear to be valid'), 'error'); } elseif (!IsEmailAddress($_POST['X_PurchasingManagerEmail'])) { $InputError = 1; prnMsg(_('The Purchasing Manager Email address does not appear to be valid'), 'error'); } if ($InputError != 1) { $sql = array(); if ($_SESSION['DefaultDateFormat'] != $_POST['X_DefaultDateFormat']) { $sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultDateFormat'] . "' WHERE confname = 'DefaultDateFormat'"; } if ($_SESSION['DefaultTheme'] != $_POST['X_DefaultTheme']) { $sql[] = "UPDATE config SET confvalue = '" . $_POST['X_DefaultTheme'] . "' WHERE confname = 'DefaultTheme'"; } if ($_SESSION['PastDueDays1'] != $_POST['X_PastDueDays1']) { $sql[] = "UPDATE config SET confvalue = '" . $_POST['X_PastDueDays1'] . "' WHERE confname = 'PastDueDays1'"; } if ($_SESSION['PastDueDays2'] != $_POST['X_PastDueDays2']) {