function add() { extract($_REQUEST); $new_date = "{$new_date_year}-{$new_date_month}-{$new_date_day}"; addTodayEntry("Leads", $lead_id, $new_date, $new_note); return display(); }
function write_data($_POST) { # get vars extract($_POST); # validate input require_lib("validate"); $v = new validate(); $v->isOk($id, "num", 1, 9, "ID Field (hidden)"); $v->isOk($surname, "string", 1, 100, "Last name"); $v->isOk($name, "string", 0, 100, "First name"); $v->isOk($account_id, "num", 0, 9, "Account ID (hidden)"); $v->isOk($account_type, "string", 0, 100, "Account type (hidden)"); $v->isOk($lead_source, "string", 0, 100, "Lead Source"); $v->isOk($title, "string", 0, 100, "Title"); $v->isOk($department, "string", 0, 100, "Department"); $v->isOk($tell, "string", 0, 100, "Home Phone"); $v->isOk($cell, "string", 0, 100, "Mobile Phone"); $v->isOk($fax, "string", 0, 100, "Fax"); $v->isOk($tell_office, "string", 0, 100, "Office Phone"); $v->isOk($tell_other, "string", 0, 100, "Other Phone"); $v->isOk($email, "string", 0, 100, "Email"); $v->isOk($email_other, "string", 0, 100, "Other Email"); $v->isOk($assistant, "string", 0, 100, "Assistant"); $v->isOk($assistant_phone, "string", 0, 100, "Assistant Phone"); $v->isOk($padd, "string", 0, 250, "Physical Address"); $v->isOk($padd_city, "string", 0, 100, "Physical Address: City"); $v->isOk($padd_state, "string", 0, 100, "Physical Address: State/Province"); $v->isOk($padd_code, "string", 0, 100, "Physical Address: Postal Code"); $v->isOk($padd_country, "string", 0, 100, "Physical Address: Country"); $v->isOk($hadd, "string", 0, 250, "Postal Address"); $v->isOk($hadd_city, "string", 0, 100, "Postal Address: City"); $v->isOk($hadd_state, "string", 0, 100, "Postal Address: State/Province"); $v->isOk($hadd_code, "string", 0, 100, "Postal Address: Postal Code"); $v->isOk($hadd_country, "string", 0, 100, "Postal Address: Country"); $v->isOk($description, "string", 0, 100, "Description"); $v->isOk($website, "string", 0, 255, "Website"); $v->isOk($religion, "string", 0, 100, "Religion"); $v->isOk($race, "string", 0, 100, "Race"); $v->isOk($gender, "string", 0, 6, "Gender"); $v->isOk($Con, "string", 2, 3, "Invalid private."); $v->isOk($salespn, "num", 1, 9, "Sales person."); $v->isOk($team_id, "num", 1, 9, "Team"); if (!empty($ncdate_day) || !empty($ncdate_month) || !empty($ncdate_year)) { $v->isOk($ncdate_day, "num", 1, 2, "Next contact date (Day)"); $v->isOk($ncdate_month, "num", 1, 2, "Next contact date (Month)"); $v->isOk($ncdate_year, "num", 4, 4, "Next contact date (Year)"); $ncdate = ", ncdate = '{$ncdate_year}-{$ncdate_month}-{$ncdate_day}'"; } else { $ncdate = ""; } $birthdate = "{$bf_year}-{$bf_month}-{$bf_day}"; if ($v->isOk($birthdate, "string", 1, 100, "Birthdate")) { if (!checkdate($bf_month, $bf_day, $bf_year)) { $v->addError("_OTHER", "Invalid birthdate. No such date exists."); } } $birthdate_description = date("d F Y", mktime(0, 0, 0, $bf_day, $bf_month, $bf_year)); # display errors, if any if ($v->isError()) { $err = "The following field value errors occured:<br>"; $errors = $v->getErrors(); foreach ($errors as $e) { if ($e["value"] == "_OTHER") { $err .= "<li class='err'>{$e['msg']}</li>"; } else { $err .= "<li class='err'>Invalid characters: {$e['msg']}</li>"; } } return get_data($_POST, $err); } db_conn('crm'); if (!pglib_transaction("BEGIN")) { return "<li class='err'>Unable to edit lead(TB)</li>"; } $Sl = "SELECT * FROM leads WHERE id='{$id}'"; $Ry = db_exec($Sl) or errDie("Unable to get lead details."); if (pg_num_rows($Ry) < 1) { return "Invalid lead."; } $cdata = pg_fetch_array($Ry); if ($account_type == "Customer") { db_conn("cubit"); $sql = "SELECT surname FROM customers WHERE cusnum='{$account_id}'"; $rslt = db_exec($sql) or errDie("Error reading account name (customers)"); if (pg_num_rows($rslt) > 0) { $accountname = pg_fetch_result($rslt, 0, 0); } else { $account_id = 0; $accountname = ""; $account_type = ""; } } else { if ($account_type == "Supplier") { db_conn("cubit"); $sql = "SELECT supname FROM suppliers WHERE supid='{$account_id}'"; $rslt = db_exec($sql) or errDie("Error reading account name (suppliers)"); if (pg_num_rows($rslt) > 0) { $accountname = pg_fetch_result($rslt, 0, 0); } else { $account_id = 0; $accountname = ""; $account_type = ""; } } else { $accountname = ""; } } # write to db db_conn("crm"); $Sql = "\r\n\t\tUPDATE leads \r\n\t\tSET surname='{$surname}', name='{$name}', accountname='{$accountname}', account_id='{$account_id}', \r\n\t\t\taccount_type='{$account_type}', lead_source='{$lead_source}', title='{$title}', department='{$department}', \r\n\t\t\tbirthdate='{$birthdate}', tell='{$tell}', cell='{$cell}', fax='{$fax}', tell_office='{$tell_office}', \r\n\t\t\ttell_other='{$tell_other}', email='{$email}', email_other='{$email_other}', assistant='{$assistant}', \r\n\t\t\tassistant_phone='{$assistant_phone}', padd='{$padd}', padd_city='{$padd_city}', padd_state='{$padd_state}', \r\n\t\t\tpadd_code='{$padd_code}', padd_country='{$padd_country}', hadd='{$hadd}', hadd_city='{$hadd_city}', \r\n\t\t\thadd_state='{$hadd_state}', hadd_code='{$hadd_code}', hadd_country='{$hadd_country}', description='{$description}', \r\n\t\t\twebsite='{$website}', religion='{$religion}', race='{$race}', gender='{$gender}', con='{$Con}', salespid='{$salespn}', \r\n\t\t\tteam_id='{$team_id}' {$ncdate}\r\n\t\tWHERE id='{$id}'"; // Add entry to today if (!empty($ncdate_year) && !empty($ncdate_month) && !empty($ncdate_day)) { $contact_date = "{$ncdate_year}-{$ncdate_month}-{$ncdate_day}"; addTodayEntry("Leads", $id, $contact_date, "Contact {$surname}"); } $Rslt = db_exec($Sql) or errDie("Unable to access database."); $Data = pg_fetch_array($Rslt); db_conn("cubit"); if ($cdata['supp_id'] != 0) { $Sl = "UPDATE suppliers SET supname='{$surname}',tel='{$tell}',fax='{$fax}',email='{$email}',supaddr='{$padd} \n {$hadd}' WHERE supid='{$cdata['supp_id']}'"; $Ry = db_exec($Sl) or errDie("Unable to update supplier."); } if ($cdata['cust_id'] != 0) { $Sl = "UPDATE customers SET surname='{$surname}',tel='{$tell}',fax='{$fax}',email='{$email}',paddr1='{$padd}',addr1='{$hadd}' WHERE cusnum='{$cdata['cust_id']}'"; $Ry = db_exec($Sl) or errDie("Unable to update customers."); } if (!pglib_transaction("COMMIT")) { return "<li class='err'>Unable to edit lead. (TC)</li>"; } $write_data = "\r\n\t\t<table " . TMPL_tblDflts . " width='50%'>\r\n\t\t\t<tr>\r\n\t\t\t\t<th>Lead modified</th>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td>{$surname} has been modified.</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<p>\r\n\t\t<table " . TMPL_tblDflts . ">\r\n\t\t\t<tr>\r\n\t\t\t\t<th>Quick Links</th>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td><a href='leads_list.php'>List leads</a></td>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td><a href='../main.php'>Main Menu</a></td>\r\n\t\t\t</tr>\r\n\t\t</table>"; return $write_data; }
function write_data($_POST) { $date = date("Y-m-d"); # get vars extract($_POST); if (isset($back)) { return get_data(""); } # validate input require_lib("validate"); $v = new validate(); $v->isOk($surname, "string", 1, 100, "Last name"); $v->isOk($name, "string", 0, 100, "First name"); $v->isOk($accountname, "string", 0, 100, "Account"); $v->isOk($account_id, "num", 0, 9, "Account ID (hidden)"); $v->isOk($account_type, "string", 0, 100, "Account type (hidden)"); $v->isOk($lead_source, "string", 0, 100, "Lead Source"); $v->isOk($title, "string", 0, 100, "Title"); $v->isOk($department, "string", 0, 100, "Department"); $v->isOk($tell, "string", 0, 100, "Home Phone"); $v->isOk($cell, "string", 0, 100, "Mobile Phone"); $v->isOk($fax, "string", 0, 100, "Fax"); $v->isOk($tell_office, "string", 0, 100, "Office Phone"); $v->isOk($tell_other, "string", 0, 100, "Other Phone"); $v->isOk($email, "string", 0, 100, "Email"); $v->isOk($email_other, "string", 0, 100, "Other Email"); $v->isOk($assistant, "string", 0, 100, "Assistant"); $v->isOk($assistant_phone, "string", 0, 100, "Assistant Phone"); $v->isOk($padd, "string", 0, 250, "Physical Address"); $v->isOk($padd_city, "string", 0, 100, "Physical Address: City"); $v->isOk($padd_state, "string", 0, 100, "Physical Address: State/Province"); $v->isOk($padd_code, "string", 0, 100, "Physical Address: Postal Code"); $v->isOk($padd_country, "string", 0, 100, "Physical Address: Country"); $v->isOk($hadd, "string", 0, 250, "Postal Address"); $v->isOk($hadd_city, "string", 0, 100, "Postal Address: City"); $v->isOk($hadd_state, "string", 0, 100, "Postal Address: State/Province"); $v->isOk($hadd_code, "string", 0, 100, "Postal Address: Postal Code"); $v->isOk($hadd_country, "string", 0, 100, "Postal Address: Country"); $v->isOk($description, "string", 0, 100, "Description"); $v->isOk($website, "string", 0, 255, "Website"); $v->isOk($religion, "string", 0, 100, "Religion"); $v->isOk($race, "string", 0, 100, "Race"); $v->isOk($gender, "string", 0, 6, "Gender"); $v->isOk($salespn, "num", 1, 9, "Sales person."); $v->isOK($team_id, "num", 1, 9, "Team."); if (!empty($ncdate_day) || !empty($ncdate_month) || !empty($ncdate_year)) { $v->isOk($ncdate_day, "num", 1, 2, "Next contact date (Day)"); $v->isOk($ncdate_month, "num", 1, 2, "Next contact day (Month)"); $v->isOk($ncdate_year, "num", 4, 4, "Next contact day (Year)"); $ncdate_col = ", ncdate"; $ncdate = ", '{$ncdate_year}-{$ncdate_month}-{$ncdate_day}'"; } else { $ncdate_col = ""; $ncdate = ""; } $v->isOk($Con, "string", 2, 3, "Invalid private."); $birthdate = "{$bf_year}-{$bf_month}-{$bf_day}"; if ($v->isOk($birthdate, "string", 1, 100, "Birthdate")) { if (!checkdate($bf_month, $bf_day, $bf_year)) { $v->addError("_OTHER", "Invalid birthdate. No such date exists."); } } $birthdate_description = date("d F Y", mktime(0, 0, 0, $bf_day, $bf_month, $bf_year)); $assigned_to = USER_NAME; $assigned_to_id = USER_ID; # display errors, if any if ($v->isError()) { $err = "The following field value errors occured:<br>"; $errors = $v->getErrors(); foreach ($errors as $e) { if ($e["value"] == "_OTHER") { $err .= "<li class='err'>{$e['msg']}</li>"; } else { $err .= "<li class='err'>Invalid characters: {$e['msg']}</li>"; } } return get_data($err); } db_conn('cubit'); if (!pglib_transaction("BEGIN")) { return "<li class='err'>Unable to add lead to database. (TB)</li>"; } if (isset($supacc)) { $supacc = remval($supacc); $sql = "\r\n\t\t\tINSERT INTO suppliers (\r\n\t\t\t\tdeptid, supno, supname, location, fcid, currency, vatnum, supaddr, contname, tel, fax, \r\n\t\t\t\temail, url, listid, bankname, branname, brancode, bankaccno, balance, fbalance, div\r\n\t\t\t) VALUES (\r\n\t\t\t\t'2', '{$supacc}', '{$surname}', 'loc', '2', 'R', '', '{$hadd} \n {$padd}', '', '{$tell}', '{$fax}', \r\n\t\t\t\t'{$email}', '', '2', '', '', '', '', 0, 0, '" . USER_DIV . "'\r\n\t\t\t)"; $supRslt = db_exec($sql) or errDie("Unable to add supplier to the system.", SELF); if (pg_cmdtuples($supRslt) < 1) { return "<li class='err'>Unable to add supplier to database.</li>"; } if (($supp_id = pglib_lastid("suppliers", "supid")) == 0) { return "<li class='err'>Unable to add supplier to lead list.</li>"; } $accountname = $surname; $account_type = "Supplier"; $account_id = $supp_id; } else { $supp_id = 0; } if (isset($cusacc)) { $cusacc = remval($cusacc); $sql = "\r\n\t\t\tINSERT INTO customers (\r\n\t\t\t\tdeptid, accno, surname, title, init, location, fcid, currency, category, class, addr1, paddr1, vatnum, \r\n\t\t\t\tcontname, bustel, tel, cellno, fax, email, url, traddisc, setdisc, pricelist, chrgint, overdue, \r\n\t\t\t\tintrate, chrgvat, credterm, odate, credlimit, blocked, balance, div,deptname,classname,catname\r\n\t\t\t) VALUES (\r\n\t\t\t\t'2', '{$cusacc}', '{$surname}', '', '', 'loc', '2', 'R', '2', '2', '{$hadd}', '{$padd}', '', \r\n\t\t\t\t'', '', '{$tell}', '{$cell}', '{$fax}', '{$email}', '', '0', '0', '2', 'yes', '0', '0', 'yes', \r\n\t\t\t\t'0', '{$date}', '0', 'no', '0', '" . USER_DIV . "','Ledger 1','General','General'\r\n\t\t\t)"; $custRslt = db_exec($sql) or errDie("Unable to add customer to system.", SELF); if (pg_cmdtuples($custRslt) < 1) { return "<li class='err'>Unable to add customer to database."; } if (($cust_id = pglib_lastid("customers", "cusnum")) == 0) { return "<li class='err'>Unable to add customer to lead list.</li>"; } $accountname = $surname; $account_type = "Customer"; $account_id = $cust_id; } else { $cust_id = 0; } # write to db db_conn("crm"); $sql = "\r\n\t\tINSERT INTO leads (\r\n\t\t\tsurname, name, accountname, account_id, account_type, lead_source, title, department, \r\n\t\t\tbirthdate, tell, cell, fax, tell_office, tell_other, email, email_other, assistant, \r\n\t\t\tassistant_phone, padd, padd_city, padd_state, padd_code, padd_country, hadd, hadd_city, \r\n\t\t\thadd_state, hadd_code, hadd_country, description, website, religion, race, gender, \r\n\t\t\tref, date, con, by, div, supp_id, cust_id, assigned_to, \r\n\t\t\tassigned_to_id {$ncdate_col}, salespid, team_id\r\n\t\t) VALUES (\r\n\t\t\t'{$surname}', '{$name}', '{$accountname}', '{$account_id}', '{$account_type}', '{$lead_source}', '{$title}', '{$department}', \r\n\t\t\t'{$birthdate}', '{$tell}', '{$cell}', '{$fax}', '{$tell_office}', '{$tell_other}', '{$email}', '{$email_other}', '{$assistant}', \r\n\t\t\t'{$assistant_phone}', '{$padd}', '{$padd_city}', '{$padd_state}', '{$padd_code}', '{$padd_country}', '{$hadd}', '{$hadd_city}', \r\n\t\t\t'{$hadd_state}', '{$hadd_code}', '{$hadd_country}', '{$description}', '{$website}', '{$religion}', '{$race}', '{$gender}', \r\n\t\t\t'', CURRENT_DATE, '{$Con}', '" . USER_NAME . "', '" . USER_DIV . "', '{$supp_id}', '{$cust_id}', '{$assigned_to}', \r\n\t\t\t'{$assigned_to_id}' {$ncdate}, '{$salespn}', '{$team_id}'\r\n\t\t)"; $rslt = db_exec($sql) or errDie("Unable to add lead to database."); $lead_id = pglib_lastid("leads", "id"); // Add entry to today if (!empty($ncdate_year) && !empty($ncdate_month) && !empty($ncdate_day)) { $contact_date = "{$ncdate_year}-{$ncdate_month}-{$ncdate_day}"; addTodayEntry("Leads", $lead_id, $contact_date, "Contact {$surname}"); } if (!pglib_transaction("COMMIT")) { return "<li class='err'>Unable to add lead to database. (TC)</li>"; } if (isset($crm)) { header("Location: crm/tokens-new.php?value={$surname}"); exit; } $write_data = "\r\n\t\t<table " . TMPL_tblDflts . " width='50%'>\r\n\t\t\t<tr>\r\n\t\t\t\t<th>Lead added</th>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='datacell'>\r\n\t\t\t\t<td>{$surname} has been added to Cubit.</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<p>\r\n\t\t<table " . TMPL_tblDflts . ">\r\n\t\t\t<tr>\r\n\t\t\t\t<th>Quick Links</th>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td><a href='" . SELF . "'>Add another lead</a></td>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td><a href='../crmsystem/leads_list.php'>View Leads</a></td>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td><a href='../main.php'>Main Menu</a></td>\r\n\t\t\t</tr>\r\n\t\t</table>"; return $write_data; }
function write($_POST) { global $_FILES; # get vars extract($_POST); if (isset($back)) { return enter($_POST); } # validate input require_lib("validate"); $v = new validate(); $v->isOk($id, "num", 1, 50, "Invalid Asset ID."); $v->isOk($grpid, "num", 1, 50, "Invalid Asset Group id."); $v->isOk($type_id, "num", 1, 50, "Invalid Asset Type Id."); if (isset($qty)) { $v->isOk($qty, "num", 0, 50, "Invalid quantity."); } else { if (isset($serial) && isset($serial2)) { $v->isOk($serial, "string", 0, 20, "Invalid Serial[1] Number."); $v->isOk($serial2, "string", 0, 30, "Invalid Serial[2] Number."); } else { $v->addError("", "Insufficient data for adding an asset supplied."); } } $v->isOk($locat, "string", 1, 100, "Invalid location."); $v->isOk($des, "string", 1, 255, "Invalid description."); $v->isOk($details, "string", 0, 255, "Invalid Details."); $v->isOk($amount, "float", 1, 255, "Invalid amount."); $v->isOk($date_day, "num", 1, 2, "Invalid Date day."); $v->isOk($date_month, "num", 1, 2, "Invalid Date month."); $v->isOk($date_year, "num", 4, 4, "Invalid Date Year."); $v->isOk($dep_perc, "float", 1, 16, "Invalid Yearly Depreciation Percentage."); if (isset($set_service) and $set_service == "yes") { $svdate = "{$svdate_year}-{$svdate_month}-{$svdate_day}"; $v->isOk($svdate_day, "num", 1, 2, "Invalid Next Service Date (day)"); $v->isOk($svdate_month, "num", 1, 2, "Invalid Next Service Date (month)"); $v->isOk($svdate_year, "num", 4, 4, "Invalid Next Service Date (year)"); } if (isset($accnt)) { $v->isOk($accnt, "num", 1, 255, "Invalid Contra Account."); } if ($v->isError()) { $confirmCust = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $confirmCust .= "<li class='err'>{$e['msg']}</li>"; } return $confirmCust; } $bdate = "{$date_year}-{$date_month}-{$date_day}"; $date = $bdate; db_connect(); if (isset($qty)) { $serial = "Not Serialized"; $serial2 = "{$qty}"; $nonserial = "1"; } else { $nonserial = "0"; } $Sl = "\r\n\t\tUPDATE assets \r\n\t\tSET grpid = '{$grpid}', serial = '{$serial}', locat = '{$locat}', des = '{$des}', date = '{$date}', amount = '{$amount}', \r\n\t\t\tdiv = '" . USER_DIV . "', dep_perc = '{$dep_perc}', dep_month = '{$dep_month}', serial2 = '{$serial2}', \r\n\t\t\tpuramt = '{$amount}', nonserial = '{$nonserial}', type_id = '{$type_id}', details = '{$details}', units = '{$units}' \r\n\t\tWHERE id = '{$id}'"; $Rs = db_exec($Sl) or errDie("Unable to add supplier to the system."); if (pg_cmdtuples($Rs) < 1) { return "<li class='err'>Unable to add asset to database.</li>"; } if (isset($set_service) and $set_service == "yes") { // Add service date $sql = "INSERT INTO cubit.asset_svdates (asset_id, svdate, des) VALUES ('{$id}', '{$svdate}', '{$sv_desc}')"; $as_rslt = db_exec($sql) or errDie("Unable to add asset service date."); addTodayEntry("Assets", $id, $svdate, "Service"); } #check if we are uploading a new picture if (is_uploaded_file($_FILES["picupload_image"]["tmp_name"])) { # Check file ext if (preg_match("/(image\\/jpeg|image\\/png|image\\/gif)/", $_FILES["picupload_image"]["type"], $extension)) { $type = $_FILES["picupload_image"]["type"]; $fname = $_FILES["picupload_image"]["name"]; // open file in "read, binary" mode $img = ""; $file = fopen($_FILES['picupload_image']['tmp_name'], "rb"); while (!feof($file)) { // fread is binary safe $img .= fread($file, 1024); } fclose($file); # base 64 encoding $img = base64_encode($img); db_connect(); $sql = "\r\n\t\t\t\tINSERT INTO display_images (\r\n\t\t\t\t\ttype, image_name, image_data, image_type, image_filename, ident_id\r\n\t\t\t\t) VALUES (\r\n\t\t\t\t\t'asset','{$picupload_name}','{$img}','{$type}', '{$fname}', '{$id}'\r\n\t\t\t\t)"; $run_sql = db_exec($sql); } } if (!isset($rempicid) or !is_array($rempicid)) { $rempicid = array(); } foreach ($rempicid as $each => $own) { $rem_sql = "DELETE FROM display_images WHERE id = '{$each}'"; $run_rem = db_exec($rem_sql) or errDie("Unable to remove customer image information."); } $write = "\r\n\t\t<table " . TMPL_tblDflts . " width='50%'>\r\n\t\t\t<tr>\r\n\t\t\t\t<th>Asset updated.</th>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='datacell'>\r\n\t\t\t\t<td>Asset has been updated.</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<p>\r\n\t\t<table border=0 cellpadding='2' cellspacing='1'>\r\n\t\t\t<tr>\r\n\t\t\t\t<th>Quick Links</th>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td><a href='asset-new.php'>New Asset</a></td>\r\n\t\t\t</tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td><a href='asset-view.php'>View Assets</a></td>\r\n\t\t\t</tr>\r\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\r\n\t\t</table>"; return $write; }
function createAppointment() { global $_GET, $_SESSION, $user_admin; // create the recieved variables extract($_GET); // check for valid input // check if start date is before end date $v = new validate(); $time_parts = explode(":", $ap_start_time); $start_time = mktime($time_parts[0], $time_parts[1], 0, $ap_month, $ap_day, $ap_year); $time_parts = explode(":", $ap_end_time); $end_time = mktime($time_parts[0], $time_parts[1], 0, $ap_month, $ap_day, $ap_year); // format variables to correct format for database isset($ap_entireday) ? $ap_entireday = 1 : ($ap_entireday = 0); isset($ap_private) ? $ap_private = 1 : ($ap_private = 0); isset($ap_repet) ? 1 : ($ap_repet = 'N'); isset($ap_repet_forever) ? $ap_repet_forever = 1 : ($ap_repet_forever = 0); if ($end_time < $start_time && $ap_entireday == 0) { $errlist[] = "The ending date/time for appointment is before the starting date/time."; } if (!$v->isOk($ap_title, "string", 1, 200, "")) { $errlist[] = "No or erraneous title."; } if (!$v->isOk(str_replace($ap_description, '@', ''), "string", 0, 1000000, "")) { $errlist[] = "No or erraneous description."; } if (isset($ap_category) && $v->isOk($ap_category, "num", 0, 9, "")) { $rslt = db_exec("SELECT * FROM diary_categories WHERE category_id='{$ap_category}'"); if (pg_num_rows($rslt) == 0) { $errlist[] = "Invalid category chosen: {$value}."; } } else { $errlist[] = "Invalid category chosen: {$value}."; } // check if notify period valid if (!isset($ap_notify)) { $ap_notify = 3; } else { if ($ap_notify < 0 && $ap_notify > 14) { $errlist[] = "Invalid notification period."; } } // check if may add to this person's diary (if permissions or owner or admin) if ($_SESSION["USER_NAME"] != $ap_diaryowner) { // check if has permissions db_conn("cubit"); $sql = "SELECT * FROM diary_privileges\n\t\t\tWHERE privilege = 'W' AND priv_owner = '" . USER_NAME . "' AND diary_owner = '{$ap_diaryowner}'"; $rslt = db_exec($sql) or errDie("Error reading diary privileges."); if (pg_num_rows($rslt) < 1) { $errlist[] = "You have no permissions to modify {$ap_diaryowner}'s diary."; } } // check to see if dates are valid if (checkdate($ap_month, $ap_day, $ap_year) == FALSE) { $errlist[] = "Invalid entry date specified"; } $rep_date = "{$ap_repet_year}-{$ap_repet_month}-{$ap_repet_day}"; $start_time = date("Y-m-d H:i:s", $start_time); $end_time = date("Y-m-d H:i:s", $end_time); // only do the repetition date checks if repetitions is not NONE and FOREVER is false if ($ap_repet != 'N' && $ap_repet_forever == 0) { // check to see if repetition date is valid if (checkdate($ap_repet_month, $ap_repet_day, $ap_repet_year) == FALSE) { $errlist[] = "Invalid repetition ending date specified"; } else { if (mktime(0, 0, 0, $ap_repet_month, $ap_repet_day, $ap_repet_year) < mktime(0, 0, 0, $ap_month, $ap_day, $ap_year)) { $errlist[] = "The date the repetitions should end is before the date it should start."; } } } // if errors was found, print them and create the appointment creation window, filling in all the values if (isset($errlist) && is_array($errlist)) { $OUTPUT = "<p>The following errors was found:<br>"; foreach ($errlist as $key => $err) { $OUTPUT .= "<li class=err>{$err}</li>"; } $OUTPUT .= "</p>"; $OUTPUT .= enterAppointment(); return $OUTPUT; } else { // create the diary entry pglib_transaction("BEGIN"); // if this was a modification, delete the old one deleteAppointment(); if ($ap_diaryowner != USER_NAME) { $ap_title = "[" . USER_NAME . "] {$ap_title}"; } db_conn("cubit"); $sql = "INSERT INTO diary_entries\n\t\t\t\t(username,time_start,time_end,time_entireday,title,location,\n\t\t\t\thomepage,description,type,repetitions,rep_date,rep_forever,\n\t\t\t\tcategory_id,notify,lead_id, loc_id)\n\t\t\tVALUES('{$ap_diaryowner}','{$start_time}','{$end_time}','{$ap_entireday}',\n\t\t\t\t'{$ap_title}','{$ap_location}', '{$ap_homepage}','{$ap_description}',\n\t\t\t\t'{$ap_private}','{$ap_repet}','{$rep_date}','{$ap_repet_forever}',\n\t\t\t\t'{$ap_category}','{$ap_notify}', '{$lead_id}', '{$loc_id}')"; db_exec($sql) or errDie("Error inserting diary entry. Please contact Administrator"); $entry_id = pglib_lastid("diary_entries", "entry_id"); preg_match("([0-9]{4}-[0-9]{1,2}-[0-9]{1,2})", $start_time, $match); $date = $match[0]; addTodayEntry("Diary", $entry_id, $date); pglib_transaction("COMMIT") or die("Error writing to database. Please contact your nearest integrator."); // create the required, not required and optional entry details $arr_required = explode(";", $ap_required); $arr_notrequired = explode(";", $ap_notrequired); $arr_optional = explode(";", $ap_optional); // insert each as a group setting or user setting (groups are departments and start with @) if (is_array($arr_required)) { foreach ($arr_required as $arr => $arrval) { if ($arrval != "") { if ($arrval[0] == '@') { db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','R')"); } else { db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','R')"); } } } } if (is_array($arr_notrequired)) { foreach ($arr_notrequired as $arr => $arrval) { if ($arrval != "") { if ($arrval[0] == '@') { db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','N')"); } else { db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','N')"); } } } } if (is_array($arr_optional)) { foreach ($arr_optional as $arr => $arrval) { if ($arrval != "") { if ($arrval[0] == '@') { db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','O')"); } else { db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','O')"); } } } } // notify all on the required, not required and optional list //print "NOTIFY ALL ON REQUIRED, NOT REQUIRED AND OPTIONAL LIST<br>"; $i = 0; $get = ""; foreach ($_POST as $key => $value) { if ($i) { $get .= "&"; } $i++; $get .= "{$key}={$value}"; } // quit $OUTPUT = "\n\t\t<script>\n\t\t\t\tobj = window.opener.location.reload();\n\t\t\t\twindow.close();\n\t\t\t\t//obj = obj.contentDocument.getElementById('diary_container');\n\t\t\t\t//ajaxRequest(\"diary-index.php\", obj, AJAX_OBJ | AJAX_CLS, \"{$get}\");\n\t\t</script>"; } return $OUTPUT; }
function write() { extract($_REQUEST); if ($mode == "edit") { $sql = "\n\t\t\tUPDATE cubit.documents \n\t\t\tSET doc_type='{$type_id}', revision='{$revision}', title='{$title}', location='{$location}', \n\t\t\t\tcomments='{$comments}', status='{$status}', team_id='{$team_id}' \n\t\t\tWHERE docid='{$id}'"; $doc_rslt = db_exec($sql) or errDie("Unable to save document."); $movement_description = "Edited Document Information"; $doc_id = $id; } else { $sql = "\n\t\t\tINSERT INTO cubit.documents (\n\t\t\t\tdoc_type, revision, title, location, comments, status, team_id\n\t\t\t) VALUES (\n\t\t\t\t'{$type_id}', '{$revision}', '{$title}', '{$location}', '{$comments}', '{$status}', '{$team_id}'\n\t\t\t)"; $doc_rslt = db_exec($sql) or errDie("Unable to save document."); $movement_description = "Document Added to System"; $doc_id = pglib_lastid("documents", "docid"); } // Save into today if ($bf_true) { $bfdate = "{$bfdate_year}-{$bfdate_month}-{$bfdate_day}"; addTodayEntry("Documents", $doc_id, $bfdate); } if ($_FILES["file"]["tmp_name"]) { $tmp_name = $_FILES["file"]["tmp_name"]; $file_name = $_FILES["file"]["name"]; $file_type = $_FILES["file"]["type"]; $file_size = $_FILES["file"]["size"]; $tmp_file = fopen($tmp_name, "rb"); if (is_resource($tmp_file)) { $file = ""; while (!feof($tmp_file)) { $file .= fread($tmp_file, 1024); } fclose($tmp_file); $file = base64_encode($file); $sql = "\n\t\t\t\tINSERT INTO cubit.document_files (\n\t\t\t\t\tdoc_id, filename, file, type,\tsize\n\t\t\t\t) VALUES (\n\t\t\t\t\t'{$doc_id}', '{$file_name}', '{$file}', '{$file_type}', '{$file_size}'\n\t\t\t\t)"; $df_rslt = db_exec($sql) or errDie("Unable to upload document."); } } // $sql = " // INSERT INTO cubit.document_movement (doc_id, movement_description, project, area, // discipline, doc_type, revision, drawing_num, sheet_num, title, location, // contract, contractor, code, issue_for, comments, qs, status, team_id) // VALUES ('$doc_id', '$movement_description', '$project', '$area', // '$discipline', '$type_id', '$revision', '$drawing_num', '$sheet_num', // '$title', '$location', '$contract', '$contractor', '$code', '$issue_for', // '$comments', '$qs', '$status', '$team_id')"; // $dm_rslt = db_exec($sql) or errDie("Unable to retrieve documents."); // $sql = " // INSERT INTO cubit.document_movement (doc_id, movement_description, doc_type, // revision, title, location, comments, status, team_id) // VALUES ('$doc_id', '$movement_description', '$type_id', '$revision', // '$title', '$location', '$comments', '$status', '$team_id')"; // $dm_rslt = db_exec($sql) or errDie("Unable to update document movement."); $OUTPUT = "\n\t\t<h3>{$page_title} Document</h3>\n\t\t<table cellpadding='2' cellspacing='0' class='shtable'>\n\t\t\t<tr>\n\t\t\t\t<th>Write</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td><li>Successfully saved the document</li></td>\n\t\t\t</tr>\n\t\t</table>\n\t\t<p></p>"; return $OUTPUT; }
function write($_POST) { global $_FILES, $_POST; # get vars extract($_POST); if (isset($back)) { return enter(); } # validate input require_lib("validate"); $v = new validate(); $v->isOk($grpid, "num", 1, 50, "Invalid Asset Group id."); $v->isOk($type_id, "num", 1, 50, "Invalid Asset Type Id."); if (isset($qty)) { $v->isOk($qty, "num", 0, 10, "Invalid quantity."); } else { if (isset($serial) && isset($serial2)) { $v->isOk($serial, "string", 0, 20, "Invalid Serial[1] Number."); $v->isOk($serial2, "string", 0, 30, "Invalid Serial[2] Number."); } else { $v->addError("", "Insufficient data for adding an asset supplied."); } } $v->isOk($locat, "string", 1, 100, "Invalid location."); $v->isOk($des, "string", 1, 255, "Invalid description."); $v->isOk($details, "string", 0, 255, "Invalid Details."); $v->isOk($units, "num", 1, 10, "Invalid units."); $v->isOk($amount, "float", 1, 255, "Invalid amount."); $v->isOk($date_day, "num", 1, 2, "Invalid Date day."); $v->isOk($date_month, "num", 1, 2, "Invalid Date month."); $v->isOk($date_year, "num", 4, 4, "Invalid Date Year."); $v->isOk($method, "string", 1, 255, "Invalid method."); $v->isOk($dep_perc, "float", 1, 16, "Invalid Yearly Depreciation Percentage."); /* $v->isOk($svdate_day, "num", 1, 2, "Invalid Next Service Date (day)"); $v->isOk($svdate_month, "num", 1, 2, "Invalid Next Service Date (month)"); $v->isOk($svdate_year, "num", 4, 4, "Invalid Next Service Date (year)"); */ if (isset($accnt)) { $v->isOk($accnt, "num", 1, 255, "Invalid Contra Account."); } if ($v->isError()) { $confirmCust = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $confirmCust .= "<li class='err'>{$e['msg']}</li>"; } return $confirmCust; } $bdate = "{$date_year}-{$date_month}-{$date_day}"; $svdate = "{$svdate_year}-{$svdate_month}-{$svdate_day}"; $date = $bdate; db_connect(); if (isset($qty)) { $serial = "Not Serialized"; $serial2 = "{$qty}"; $nonserial = "1"; } else { $nonserial = "0"; } /* $Sl = " INSERT INTO assets(grpid, serial, locat, des, date, bdate, amount, div, dep_perc, dep_month, serial2, puramt, nonserial, type_id, cost_acc, accdep_acc, dep_acc) VALUES ('$grpid', '$serial','$locat','$des','$date','$bdate','$amount', '".USER_DIV."', '$dep_perc', '$dep_month', '$serial2', '$amount', '$nonserial', '$type_id', '$cost_acc', '$accdep_acc', '$dep_acc')"; */ $Sl = "\r\n\t\tINSERT INTO assets (\r\n\t\t\tgrpid, serial, locat, des, date, bdate, \r\n\t\t\tamount, div, dep_perc, dep_month, serial2, puramt, \r\n\t\t\tnonserial, type_id, details, units\r\n\t\t) VALUES (\r\n\t\t\t'{$grpid}', '{$serial}', '{$locat}', '{$des}', '{$date}', '{$bdate}', \r\n\t\t\t'{$amount}', '" . USER_DIV . "', '{$dep_perc}', '{$dep_month}', '{$serial2}', '{$amount}',\r\n\t\t\t'{$nonserial}', '{$type_id}', '{$details}', '{$units}'\r\n\t\t)"; $Rs = db_exec($Sl) or errDie("Unable to add supplier to the system."); if (pg_cmdtuples($Rs) < 1) { return "<li class='err'>Unable to add asset to database.</li>"; } $assid = pglib_lastid("assets", "id"); // Create basis entry $sql = "\r\n\t\tINSERT INTO hire.basis_prices (\r\n\t\t\tassetid, per_hour, per_day, per_week, per_month, default_basis\r\n\t\t) VALUES (\r\n\t\t\t'{$assid}', '0.00', '0.00', '0.00', '0.00', 'per_day'\r\n\t\t)"; db_exec($sql); // Add service date $sql = "\r\n\t\tINSERT INTO cubit.asset_svdates (\r\n\t\t\tasset_id, svdate, des\r\n\t\t) VALUES (\r\n\t\t\t'{$assid}', '{$svdate}', '{$sv_desc}'\r\n\t\t)"; $as_rslt = db_exec($sql) or errDie("Unable to add asset service date."); // Add to today addTodayEntry("Assets", $assid, $svdate, "Service"); # Get group $sql = "SELECT * FROM assetgrp WHERE grpid='{$grpid}' AND div='" . USER_DIV . "'"; $grpRslt = db_exec($sql); $grp = pg_fetch_array($grpRslt); if ($method == 'purch') { header("Location: nonsa-purchase-new.php?assid={$assid}&grpid={$grpid}&v=yes"); } else { $refnum = getrefnum(); # dt(costacc) ct(accdep) //$date = date("d-m-Y"); writetrans($grp['costacc'], $accnt, $date, $refnum, $amount, "New Asset {$des} Added."); db_conn('core'); $Sl = "SELECT * FROM bankacc WHERE accnum='{$accnt}'"; $Ri = db_exec($Sl) or errDie("Unable to get accnum"); if (pg_num_rows($Ri) > 0) { $bd = pg_fetch_array($Ri); db_conn('cubit'); //$Sl="SELECT * FROM bankacct WHERE $sql = "\r\n\t\t\t\tINSERT INTO cashbook (\r\n\t\t\t\t\tbankid, trantype, date, name, descript,\r\n\t\t\t\t\tcheqnum, amount, vat, chrgvat, banked, \r\n\t\t\t\t\taccinv, div\r\n\t\t\t\t) VALUES (\r\n\t\t\t\t\t'{$bd['accid']}', 'withdrawal', '{$date}', '{$des}', 'New Asset {$des} Added.', \r\n\t\t\t\t\t'0', '{$amount}', '0', '', 'no',\r\n\t\t\t\t\t'{$grp['costacc']}', '" . USER_DIV . "'\r\n\t\t\t\t)"; $Rslt = db_exec($sql) or errDie("Unable to add bank payment to database."); } } #check if we are uploading a new picture if (is_uploaded_file($_FILES["picupload_image"]["tmp_name"])) { # Check file ext if (preg_match("/(image\\/jpeg|image\\/png|image\\/gif)/", $_FILES["picupload_image"]["type"], $extension)) { $type = $_FILES["picupload_image"]["type"]; $fname = $_FILES["picupload_image"]["name"]; // open file in "read, binary" mode $img = ""; $file = fopen($_FILES['picupload_image']['tmp_name'], "rb"); while (!feof($file)) { // fread is binary safe $img .= fread($file, 1024); } fclose($file); # base 64 encoding $img = base64_encode($img); db_connect(); $sql = "\r\n\t\t\t\tINSERT INTO display_images (\r\n\t\t\t\t\ttype, image_name, image_data, image_type, image_filename, \r\n\t\t\t\t\tident_id\r\n\t\t\t\t) VALUES (\r\n\t\t\t\t\t'asset','{$picupload_name}','{$img}','{$type}', '{$fname}', \r\n\t\t\t\t\t'{$assid}'\r\n\t\t\t\t)"; $run_sql = db_exec($sql); } } // $write = " // <table ".TMPL_tblDflts." width='50%'> // <tr> // <th>Asset added to the system</th> // </tr> // <tr class='datacell'> // <td>New Asset has been added to the system.</td> // </tr> // </table> // <p> // <table border='0' cellpadding='2' cellspacing='1'> // <tr> // <th>Quick Links</th> // </tr> // <tr class='".bg_class()."'> // <td><a href='asset-new.php'>New Asset</a></td> // </tr> // <tr class='".bg_class()."'> // <td><a href='asset-view.php'>View Assets</a></td> // </tr> // <script>document.write(getQuicklinkSpecial());</script> // </table>"; // return $write; $_POST = array(); $_REQUEST = array(); return enter("<li class='yay'>Asset has been added.</li><br>"); }