function Page_Main()
{
global $conn;
$GLOBALS["Page"] =& $this;
//***$conn = ew_Connect();
// Get fn / table name parameters
$key = EW_RANDOM_KEY . session_id();
$fn = @$_GET["fn"] != "" ? ew_StripSlashes($_GET["fn"]) : "";
if ($fn != "" && EW_ENCRYPT_FILE_PATH) {
$fn = ew_Decrypt($fn, $key);
}
$table = @$_GET["t"] != "" ? ew_StripSlashes($_GET["t"]) : "";
if ($table != "" && EW_ENCRYPT_FILE_PATH) {
$table = ew_Decrypt($table, $key);
}
// Global Page Loading event (in userfn*.php)
//***Page_Loading();
// Get resize parameters
$resize = @$_GET["resize"] != "";
$width = @$_GET["width"] != "" ? $_GET["width"] : 0;
$height = @$_GET["height"] != "" ? $_GET["height"] : 0;
if (@$_GET["width"] == "" && @$_GET["height"] == "") {
$width = EW_THUMBNAIL_DEFAULT_WIDTH;
$height = EW_THUMBNAIL_DEFAULT_HEIGHT;
}
// Resize image from physical file
if ($fn != "") {
$fn = str_replace("", "", $fn);
$fn = ew_IncludeTrailingDelimiter(ew_AppRoot(), TRUE) . $fn;
if (file_exists($fn) || @fopen($fn, "rb") !== FALSE) {
// Allow remote file
if (ob_get_length()) {
ob_end_clean();
}
$pathinfo = pathinfo($fn);
$ext = strtolower(@$pathinfo["extension"]);
$ct = ew_ContentType("", $fn);
if ($ct != "") {
header("Content-type: " . $ct);
}
if (in_array($ext, explode(",", EW_IMAGE_ALLOWED_FILE_EXT))) {
$size = @getimagesize($fn);
if ($size) {
header("Content-type: {$size['mime']}");
}
if ($width > 0 || $height > 0) {
echo ew_ResizeFileToBinary($fn, $width, $height);
} else {
echo file_get_contents($fn);
}
} elseif (in_array($ext, explode(",", EW_DOWNLOAD_ALLOWED_FILE_EXT))) {
echo file_get_contents($fn);
}
}
}
// Global Page Unloaded event (in userfn*.php)
//***Page_Unloaded();
// Close connection
//***ew_CloseConn();
}
function Page_Main()
{
$GLOBALS["Page"] =& $this;
$post = ew_StripSlashes($_POST);
if (count($post) == 0) {
die("Missing post data.");
}
//$sql = $qs->getValue("s");
$sql = @$post["s"];
$sql = ew_Decrypt($sql);
if ($sql == "") {
die("Missing SQL.");
}
if (strpos($sql, "{filter}") > 0) {
$filters = "";
for ($i = 0; $i < 5; $i++) {
// Get the filter values (for "IN")
$filter = ew_Decrypt(@$post["f" . $i]);
if ($filter != "") {
$value = @$post["v" . $i];
if ($value == "") {
if ($i > 0) {
// Empty parent field
//continue; // Allow
ew_AddFilter($filters, "1=0");
}
// Disallow
continue;
}
$arValue = explode(",", $value);
$fldtype = intval(@$post["t" . $i]);
for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) {
$arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype));
}
$filter = str_replace("{filter_value}", implode(",", $arValue), $filter);
ew_AddFilter($filters, $filter);
}
}
$sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql);
}
// Get the query value (for "LIKE" or "=")
$value = ew_AdjustSql(@$post["q"]);
if ($value != "") {
$sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql);
$sql = str_replace("{query_value}", $value, $sql);
}
// Replace {query_value_n}
preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out);
$cnt = count($out[0]);
for ($i = 0; $i < $cnt; $i++) {
$j = $out[1][$i];
$v = ew_AdjustSql(@$post["q" . $j]);
$sql = str_replace("{query_value_" . $j . "}", $v, $sql);
}
$this->GetLookupValues($sql);
}
function Page_Main()
{
$post = ew_StripSlashes($_POST);
if (count($post) == 0) {
die("Missing post data.");
}
//$sql = $qs->getValue("s");
$sql = $post["s"];
$sql = TEAdecrypt($sql, EW_RANDOM_KEY);
if ($sql == "") {
die("Missing SQL.");
}
if (strpos($sql, "{filter}") > 0) {
$filters = "";
for ($i = 0; $i < 5; $i++) {
// Get the filter values (for "IN")
$filter = TEAdecrypt($post["f" . $i], EW_RANDOM_KEY);
if ($filter != "") {
$value = $post["v" . $i];
if ($value == "") {
if ($i > 0) {
// Empty parent field
//continue; // Allow
ew_AddFilter($filters, "1=0");
}
// Disallow
continue;
}
$arValue = explode(",", $value);
$fldtype = intval($post["t" . $i]);
for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) {
$arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype));
}
$filter = str_replace("{filter_value}", implode(",", $arValue), $filter);
ew_AddFilter($filters, $filter);
}
}
$sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql);
}
// Get the query value (for "LIKE" or "=")
$value = ew_AdjustSql(@$post["q"]);
if ($value != "") {
$sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql);
$sql = str_replace("{query_value}", $value, $sql);
}
// Check custom function
$fn = @$post["fn"];
if ($fn != "" && function_exists($fn)) {
// Custom function(&$sql)
$sql = $fn($sql);
}
$this->GetLookupValues($sql);
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->tipo_mantenimiento);
// tipo_mantenimiento
$this->UpdateSort($this->taller);
// taller
$this->UpdateSort($this->Patente);
// Patente
$this->UpdateSort($this->modelo);
// modelo
$this->UpdateSort($this->nombre);
// nombre
$this->UpdateSort($this->fecha_ini);
// fecha_ini
$this->UpdateSort($this->fecha_fin);
// fecha_fin
$this->UpdateSort($this->codigo);
// codigo
$this->setStartRecordNumber(1);
// Reset start position
}
}
function ExportEmail($EmailContent)
{
global $gTmpImages, $Language;
$sSender = @$_GET["sender"];
$sRecipient = @$_GET["recipient"];
$sCc = @$_GET["cc"];
$sBcc = @$_GET["bcc"];
$sContentType = @$_GET["contenttype"];
// Subject
$sSubject = ew_StripSlashes(@$_GET["subject"]);
$sEmailSubject = $sSubject;
// Message
$sContent = ew_StripSlashes(@$_GET["message"]);
$sEmailMessage = $sContent;
// Check sender
if ($sSender == "") {
return "<p class=\"text-error\">" . $Language->Phrase("EnterSenderEmail") . "</p>";
}
if (!ew_CheckEmail($sSender)) {
return "<p class=\"text-error\">" . $Language->Phrase("EnterProperSenderEmail") . "</p>";
}
// Check recipient
if (!ew_CheckEmailList($sRecipient, EW_MAX_EMAIL_RECIPIENT)) {
return "<p class=\"text-error\">" . $Language->Phrase("EnterProperRecipientEmail") . "</p>";
}
// Check cc
if (!ew_CheckEmailList($sCc, EW_MAX_EMAIL_RECIPIENT)) {
return "<p class=\"text-error\">" . $Language->Phrase("EnterProperCcEmail") . "</p>";
}
// Check bcc
if (!ew_CheckEmailList($sBcc, EW_MAX_EMAIL_RECIPIENT)) {
return "<p class=\"text-error\">" . $Language->Phrase("EnterProperBccEmail") . "</p>";
}
// Check email sent count
if (!isset($_SESSION[EW_EXPORT_EMAIL_COUNTER])) {
$_SESSION[EW_EXPORT_EMAIL_COUNTER] = 0;
}
if (intval($_SESSION[EW_EXPORT_EMAIL_COUNTER]) > EW_MAX_EMAIL_SENT_COUNT) {
return "<p class=\"text-error\">" . $Language->Phrase("ExceedMaxEmailExport") . "</p>";
}
// Send email
$Email = new cEmail();
$Email->Sender = $sSender;
// Sender
$Email->Recipient = $sRecipient;
// Recipient
$Email->Cc = $sCc;
// Cc
$Email->Bcc = $sBcc;
// Bcc
$Email->Subject = $sEmailSubject;
// Subject
$Email->Format = $sContentType == "url" ? "text" : "html";
$Email->Charset = EW_EMAIL_CHARSET;
if ($sEmailMessage != "") {
$sEmailMessage = ew_RemoveXSS($sEmailMessage);
$sEmailMessage .= $sContentType == "url" ? "\r\n\r\n" : "<br><br>";
}
if ($sContentType == "url") {
$sUrl = ew_ConvertFullUrl(ew_CurrentPage() . "?" . $this->ExportQueryString());
$sEmailMessage .= $sUrl;
// Send URL only
} else {
foreach ($gTmpImages as $tmpimage) {
$Email->AddEmbeddedImage($tmpimage);
}
$sEmailMessage .= $EmailContent;
// Send HTML
}
$Email->Content = $sEmailMessage;
// Content
$EventArgs = array();
$bEmailSent = FALSE;
if ($this->Email_Sending($Email, $EventArgs)) {
$bEmailSent = $Email->Send();
}
// Check email sent status
if ($bEmailSent) {
// Update email sent count
$_SESSION[EW_EXPORT_EMAIL_COUNTER]++;
// Sent email success
return "<p class=\"text-success\">" . $Language->Phrase("SendEmailSuccess") . "</p>";
// Set up success message
} else {
// Sent email failure
return "<p class=\"text-error\">" . $Email->SendErrDescription . "</p>";
}
}
function Page_Init()
{
global $gsExport, $gsExportFile, $UserProfile, $Language, $Security, $objForm;
// Security
$Security = new cAdvancedSecurity();
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
if (!$Security->IsLoggedIn()) {
$Security->SaveLastUrl();
$this->Page_Terminate("login.php");
}
// Get export parameters
if (@$_GET["export"] != "") {
$this->Export = $_GET["export"];
} elseif (ew_IsHttpPost()) {
if (@$_POST["exporttype"] != "") {
$this->Export = $_POST["exporttype"];
}
} else {
$this->setExportReturnUrl(ew_CurrentUrl());
}
$gsExport = $this->Export;
// Get export parameter, used in header
$gsExportFile = $this->TableVar;
// Get export file, used in header
if (@$_GET["guru_id"] != "") {
if ($gsExportFile != "") {
$gsExportFile .= "_";
}
$gsExportFile .= ew_StripSlashes($_GET["guru_id"]);
}
$this->CurrentAction = @$_GET["a"] != "" ? $_GET["a"] : @$_POST["a_list"];
// Set up current action
// Setup export options
$this->SetupExportOptions();
// Global Page Loading event (in userfn*.php)
Page_Loading();
// Page Load event
$this->Page_Load();
// Update url if printer friendly for Pdf
if ($this->PrinterFriendlyForPdf) {
$this->ExportOptions->Items["pdf"]->Body = str_replace($this->ExportPdfUrl, $this->ExportPrintUrl . "&pdf=1", $this->ExportOptions->Items["pdf"]->Body);
}
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->EvaluateAnswerID);
// EvaluateAnswerID
$this->UpdateSort($this->lastModified);
// lastModified
$this->UpdateSort($this->Date);
// Date
$this->UpdateSort($this->ID);
// ID
$this->setStartRecordNumber(1);
// Reset start position
}
}
function SetUpSortOrder()
{
global $order;
// Check for "order" parameter
if (@$_GET["order"] != "") {
$order->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$order->CurrentOrderType = @$_GET["ordertype"];
$order->UpdateSort($order->orderid);
// orderid
$order->UpdateSort($order->bookid);
// bookid
$order->UpdateSort($order->orderstatus);
// orderstatus
$order->UpdateSort($order->zemail);
// email
$order->UpdateSort($order->datatime);
// datatime
$order->setStartRecordNumber(1);
// Reset start position
}
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->id_mapel);
// id_mapel
$this->UpdateSort($this->nilai_afektif);
// nilai_afektif
$this->UpdateSort($this->nilai_komulatif);
// nilai_komulatif
$this->UpdateSort($this->nilai_psikomotorik);
// nilai_psikomotorik
$this->UpdateSort($this->nilai_rata_rata);
// nilai_rata_rata
$this->setStartRecordNumber(1);
// Reset start position
}
}
function SetUpSortOrder()
{
global $ItemIngredients;
// Check for an Order parameter
if (@$_GET["order"] != "") {
$ItemIngredients->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$ItemIngredients->CurrentOrderType = @$_GET["ordertype"];
$ItemIngredients->UpdateSort($ItemIngredients->ItemIngredientID);
// Field
$ItemIngredients->UpdateSort($ItemIngredients->ItemID);
// Field
$ItemIngredients->UpdateSort($ItemIngredients->IngredientID);
// Field
$ItemIngredients->UpdateSort($ItemIngredients->Amount);
// Field
$ItemIngredients->UpdateSort($ItemIngredients->Type);
// Field
$ItemIngredients->UpdateSort($ItemIngredients->Letter_Code);
// Field
$ItemIngredients->UpdateSort($ItemIngredients->Vegetarian);
// Field
$ItemIngredients->setStartRecordNumber(1);
// Reset start position
}
}
// Turn on output buffering
include_once "ewcfg11.php";
include_once "adodb5/adodb.inc.php";
include_once "phpfn11.php";
// Get resize parameters
$resize = @$_GET["resize"] != "";
$width = @$_GET["width"] != "" ? $_GET["width"] : 0;
$height = @$_GET["height"] != "" ? $_GET["height"] : 0;
if (@$_GET["width"] == "" && @$_GET["height"] == "") {
$width = EW_THUMBNAIL_DEFAULT_WIDTH;
$height = EW_THUMBNAIL_DEFAULT_HEIGHT;
}
$quality = @$_GET["quality"] != "" ? $_GET["quality"] : EW_THUMBNAIL_DEFAULT_QUALITY;
// Resize image from physical file
if (@$_GET["fn"] != "") {
$fn = ew_StripSlashes($_GET["fn"]);
$fn = str_replace("", "", $fn);
$fn = ew_IncludeTrailingDelimiter(ew_AppRoot(), TRUE) . $fn;
if (file_exists($fn) || fopen($fn, "rb") !== FALSE) {
// Allow remote file
$pathinfo = pathinfo($fn);
$ext = strtolower(@$pathinfo["extension"]);
if (in_array($ext, explode(",", EW_IMAGE_ALLOWED_FILE_EXT))) {
$size = @getimagesize($fn);
if ($size) {
header("Content-type: {$size['mime']}");
}
echo ew_ResizeFileToBinary($fn, $width, $height, $quality);
}
}
exit;
function LoadSearchValues()
{
global $objForm;
// Load search values
// codigo
$this->codigo->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_codigo"]);
if ($this->codigo->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->codigo->AdvancedSearch->SearchOperator = @$_GET["z_codigo"];
// responsable
$this->responsable->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_responsable"]);
if ($this->responsable->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->responsable->AdvancedSearch->SearchOperator = @$_GET["z_responsable"];
// Patente
$this->Patente->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_Patente"]);
if ($this->Patente->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->Patente->AdvancedSearch->SearchOperator = @$_GET["z_Patente"];
// kg_carga
$this->kg_carga->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_kg_carga"]);
if ($this->kg_carga->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->kg_carga->AdvancedSearch->SearchOperator = @$_GET["z_kg_carga"];
// tarifa
$this->tarifa->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_tarifa"]);
if ($this->tarifa->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->tarifa->AdvancedSearch->SearchOperator = @$_GET["z_tarifa"];
// sub_total
$this->sub_total->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_sub_total"]);
if ($this->sub_total->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->sub_total->AdvancedSearch->SearchOperator = @$_GET["z_sub_total"];
// porcentaje
$this->porcentaje->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_porcentaje"]);
if ($this->porcentaje->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->porcentaje->AdvancedSearch->SearchOperator = @$_GET["z_porcentaje"];
// comision_chofer
$this->comision_chofer->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_comision_chofer"]);
if ($this->comision_chofer->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->comision_chofer->AdvancedSearch->SearchOperator = @$_GET["z_comision_chofer"];
// adelanto
$this->adelanto->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_adelanto"]);
if ($this->adelanto->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->adelanto->AdvancedSearch->SearchOperator = @$_GET["z_adelanto"];
// total
$this->total->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_total"]);
if ($this->total->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->total->AdvancedSearch->SearchOperator = @$_GET["z_total"];
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->MetaID);
// MetaID
$this->UpdateSort($this->ID);
// ID
$this->UpdateSort($this->EducationalStatus);
// EducationalStatus
$this->UpdateSort($this->Created);
// Created
$this->setStartRecordNumber(1);
// Reset start position
}
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->id_hoja_mantenimiento);
// id_hoja_mantenimiento
$this->UpdateSort($this->descripcion);
// descripcion
$this->UpdateSort($this->fecha);
// fecha
$this->UpdateSort($this->hora_trabajo);
// hora_trabajo
$this->UpdateSort($this->id_tipo_mantenimiento);
// id_tipo_mantenimiento
$this->setStartRecordNumber(1);
// Reset start position
}
}
function Page_Main()
{
global $Language, $tbl_ga_stat;
// Load key parameters
$sKey = "";
$bSingleDelete = TRUE;
// Initialize as single delete
$nKeySelected = 0;
// Initialize selected key count
$sFilter = "";
if (@$_GET["id_profile"] != "") {
$tbl_ga_stat->id_profile->setQueryStringValue($_GET["id_profile"]);
if (!is_numeric($tbl_ga_stat->id_profile->QueryStringValue)) {
$this->Page_Terminate("tbl_ga_statlist.php");
}
// Prevent SQL injection, exit
$sKey .= $tbl_ga_stat->id_profile->QueryStringValue;
} else {
$bSingleDelete = FALSE;
}
if (@$_GET["stat_date"] != "") {
$tbl_ga_stat->stat_date->setQueryStringValue($_GET["stat_date"]);
if ($sKey != "") {
$sKey .= EW_COMPOSITE_KEY_SEPARATOR;
}
$sKey .= $tbl_ga_stat->stat_date->QueryStringValue;
} else {
$bSingleDelete = FALSE;
}
if (@$_GET["hour"] != "") {
$tbl_ga_stat->hour->setQueryStringValue($_GET["hour"]);
if ($sKey != "") {
$sKey .= EW_COMPOSITE_KEY_SEPARATOR;
}
$sKey .= $tbl_ga_stat->hour->QueryStringValue;
} else {
$bSingleDelete = FALSE;
}
if ($bSingleDelete) {
$nKeySelected = 1;
// Set up key selected count
$this->arRecKeys[0] = $sKey;
} else {
if (isset($_POST["key_m"])) {
// Key in form
$nKeySelected = count($_POST["key_m"]);
// Set up key selected count
$this->arRecKeys = ew_StripSlashes($_POST["key_m"]);
}
}
if ($nKeySelected <= 0) {
$this->Page_Terminate("tbl_ga_statlist.php");
}
// No key specified, return to list
// Build filter
foreach ($this->arRecKeys as $sKey) {
$sFilter .= "(";
$arKeyFlds = explode(EW_COMPOSITE_KEY_SEPARATOR, trim($sKey));
// Split key by separator
if (count($arKeyFlds) != 3) {
$this->Page_Terminate($tbl_ga_stat->getReturnUrl());
}
// Invalid key, exit
// Set up key field
$sKeyFld = $arKeyFlds[0];
if (!is_numeric($sKeyFld)) {
$this->Page_Terminate("tbl_ga_statlist.php");
}
// Prevent SQL injection, return to list
$sFilter .= "`id_profile`=" . ew_AdjustSql($sKeyFld) . " AND ";
// Set up key field
$sKeyFld = $arKeyFlds[1];
$sFilter .= "`stat_date`='" . ew_AdjustSql($sKeyFld) . "' AND ";
// Set up key field
$sKeyFld = $arKeyFlds[2];
$sFilter .= "`hour`='" . ew_AdjustSql($sKeyFld) . "' AND ";
if (substr($sFilter, -5) == " AND ") {
$sFilter = substr($sFilter, 0, strlen($sFilter) - 5) . ") OR ";
}
}
if (substr($sFilter, -4) == " OR ") {
$sFilter = substr($sFilter, 0, strlen($sFilter) - 4);
}
// Set up filter (SQL WHHERE clause) and get return SQL
// SQL constructor in tbl_ga_stat class, tbl_ga_statinfo.php
$tbl_ga_stat->CurrentFilter = $sFilter;
// Get action
if (@$_POST["a_delete"] != "") {
$tbl_ga_stat->CurrentAction = $_POST["a_delete"];
} else {
$tbl_ga_stat->CurrentAction = "D";
// Delete record directly
}
switch ($tbl_ga_stat->CurrentAction) {
case "D":
// Delete
$tbl_ga_stat->SendEmail = TRUE;
// Send email on delete success
if ($this->DeleteRows()) {
// delete rows
$this->setMessage($Language->Phrase("DeleteSuccess"));
// Set up success message
$this->Page_Terminate($tbl_ga_stat->getReturnUrl());
// Return to caller
}
}
}
function Page_Main()
{
global $conn, $Language, $Security, $gsFormError;
global $Breadcrumb;
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("changepwd", "ChangePwdPage", ew_CurrentUrl(), "", "", TRUE);
$bPostBack = ew_IsHttpPost();
$bValidate = TRUE;
if ($bPostBack) {
$this->OldPassword = ew_StripSlashes(@$_POST["opwd"]);
$this->NewPassword = ew_StripSlashes(@$_POST["npwd"]);
$this->ConfirmedPassword = ew_StripSlashes(@$_POST["cpwd"]);
$bValidate = $this->ValidateForm($this->OldPassword, $this->NewPassword, $this->ConfirmedPassword);
if (!$bValidate) {
$this->setFailureMessage($gsFormError);
}
}
$bPwdUpdated = FALSE;
if ($bPostBack && $bValidate) {
// Setup variables
$sUsername = $Security->CurrentUserName();
$sFilter = str_replace("%u", ew_AdjustSql($sUsername), EW_USER_NAME_FILTER);
// Set up filter (Sql Where Clause) and get Return SQL
// SQL constructor in usuarios class, usuariosinfo.php
$this->CurrentFilter = $sFilter;
$sSql = $this->SQL();
if ($rs = $conn->Execute($sSql)) {
if (!$rs->EOF) {
$rsold = $rs->fields;
if (ew_ComparePassword($rsold['contrasenia'], $this->OldPassword)) {
$bValidPwd = TRUE;
$bValidPwd = $this->User_ChangePassword($rsold, $sUsername, $this->OldPassword, $this->NewPassword);
if ($bValidPwd) {
$rsnew = array('contrasenia' => $this->NewPassword);
// Change Password
$sEmail = $rsold['email'];
$rs->Close();
$conn->raiseErrorFn = $GLOBALS["EW_ERROR_FN"];
$bValidPwd = $this->Update($rsnew);
$conn->raiseErrorFn = '';
if ($bValidPwd) {
$bPwdUpdated = TRUE;
}
} else {
$this->setFailureMessage($Language->Phrase("InvalidNewPassword"));
$rs->Close();
}
} else {
$this->setFailureMessage($Language->Phrase("InvalidPassword"));
}
} else {
$rs->Close();
}
}
}
if ($bPwdUpdated) {
if (@$sEmail != "") {
// Load Email Content
$Email = new cEmail();
$Email->Load("phptxt/changepwd.txt");
$Email->ReplaceSender(EW_SENDER_EMAIL);
// Replace Sender
$Email->ReplaceRecipient($sEmail);
// Replace Recipient
$Email->ReplaceContent('<!--$Password-->', $this->NewPassword);
$Email->Charset = EW_EMAIL_CHARSET;
$Args = array();
$Args["rs"] =& $rsnew;
$bEmailSent = FALSE;
if ($this->Email_Sending($Email, $Args)) {
$bEmailSent = $Email->Send();
}
// Send email failed
if (!$bEmailSent) {
$this->setFailureMessage($Email->SendErrDescription);
}
}
if ($this->getSuccessMessage() == "") {
$this->setSuccessMessage($Language->Phrase("PasswordChanged"));
}
// Set up success message
$this->Page_Terminate("index.php");
// Exit page and clean up
}
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->codigo);
// codigo
$this->UpdateSort($this->Patente);
// Patente
$this->UpdateSort($this->cantidad_rueda);
// cantidad_rueda
$this->UpdateSort($this->nombre);
// nombre
$this->UpdateSort($this->modelo);
// modelo
$this->UpdateSort($this->id_chofer);
// id_chofer
$this->UpdateSort($this->id_guarda);
// id_guarda
$this->UpdateSort($this->id_marca);
// id_marca
$this->setStartRecordNumber(1);
// Reset start position
}
}
function SetUpSortOrder()
{
global $t_promotions_vins;
// Check for "order" parameter
if (@$_GET["order"] != "") {
$t_promotions_vins->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$t_promotions_vins->CurrentOrderType = @$_GET["ordertype"];
$t_promotions_vins->UpdateSort($t_promotions_vins->promotion);
// promotion
$t_promotions_vins->UpdateSort($t_promotions_vins->produit_vin);
// produit_vin
$t_promotions_vins->setStartRecordNumber(1);
// Reset start position
}
}
function GetRecordKeys()
{
global $EW_COMPOSITE_KEY_SEPARATOR;
$arKeys = array();
$arKey = array();
if (isset($_POST["key_m"])) {
$arKeys = ew_StripSlashes($_POST["key_m"]);
$cnt = count($arKeys);
} elseif (isset($_GET["key_m"])) {
$arKeys = ew_StripSlashes($_GET["key_m"]);
$cnt = count($arKeys);
} elseif (isset($_GET)) {
$arKeys[] = @$_GET["subject_type_id"];
// subject_type_id
//return $arKeys; // do not return yet, so the values will also be checked by the following code
}
// check keys
$ar = array();
foreach ($arKeys as $key) {
if (!is_numeric($key)) {
continue;
}
$ar[] = $key;
}
return $ar;
}
function LoadSearchValues()
{
global $objForm;
// Load search values
// idmedicina
$this->idmedicina->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_idmedicina"]);
if ($this->idmedicina->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->idmedicina->AdvancedSearch->SearchOperator = @$_GET["z_idmedicina"];
// descripcion
$this->descripcion->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_descripcion"]);
if ($this->descripcion->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->descripcion->AdvancedSearch->SearchOperator = @$_GET["z_descripcion"];
// estado
$this->estado->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_estado"]);
if ($this->estado->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->estado->AdvancedSearch->SearchOperator = @$_GET["z_estado"];
// idlaboratorio
$this->idlaboratorio->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_idlaboratorio"]);
if ($this->idlaboratorio->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->idlaboratorio->AdvancedSearch->SearchOperator = @$_GET["z_idlaboratorio"];
// idhospital
$this->idhospital->AdvancedSearch->SearchValue = ew_StripSlashes(@$_GET["x_idhospital"]);
if ($this->idhospital->AdvancedSearch->SearchValue != "") {
$this->Command = "search";
}
$this->idhospital->AdvancedSearch->SearchOperator = @$_GET["z_idhospital"];
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->idpaciente);
// idpaciente
$this->UpdateSort($this->fecha_inicio);
// fecha_inicio
$this->UpdateSort($this->fecha_final);
// fecha_final
$this->UpdateSort($this->estado);
// estado
$this->setStartRecordNumber(1);
// Reset start position
}
}
function Page_Init()
{
global $gsExport, $gsCustomExport, $gsExportFile, $UserProfile, $Language, $Security, $objForm;
// User profile
$UserProfile = new cUserProfile();
// Security
$Security = new cAdvancedSecurity();
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
if ($Security->IsLoggedIn()) {
$Security->TablePermission_Loading();
}
$Security->LoadCurrentUserLevel($this->ProjectID . $this->TableName);
if ($Security->IsLoggedIn()) {
$Security->TablePermission_Loaded();
}
if (!$Security->CanView()) {
$Security->SaveLastUrl();
$this->setFailureMessage($Language->Phrase("NoPermission"));
// Set no permission
if ($Security->CanList()) {
$this->Page_Terminate(ew_GetUrl("airplanelist.php"));
} else {
$this->Page_Terminate(ew_GetUrl("login.php"));
}
}
if ($Security->IsLoggedIn()) {
$Security->UserID_Loading();
$Security->LoadUserID();
$Security->UserID_Loaded();
}
// Get export parameters
$custom = "";
if (@$_GET["export"] != "") {
$this->Export = $_GET["export"];
$custom = @$_GET["custom"];
} elseif (@$_POST["export"] != "") {
$this->Export = $_POST["export"];
$custom = @$_POST["custom"];
} elseif (ew_IsHttpPost()) {
if (@$_POST["exporttype"] != "") {
$this->Export = $_POST["exporttype"];
}
$custom = @$_POST["custom"];
} else {
$this->setExportReturnUrl(ew_CurrentUrl());
}
$gsExportFile = $this->TableVar;
// Get export file, used in header
if (@$_GET["AIRPLANE_ID"] != "") {
if ($gsExportFile != "") {
$gsExportFile .= "_";
}
$gsExportFile .= ew_StripSlashes($_GET["AIRPLANE_ID"]);
}
// Get custom export parameters
if ($this->Export != "" && $custom != "") {
$this->CustomExport = $this->Export;
$this->Export = "print";
}
$gsCustomExport = $this->CustomExport;
$gsExport = $this->Export;
// Get export parameter, used in header
// Update Export URLs
if (defined("EW_USE_PHPEXCEL")) {
$this->ExportExcelCustom = FALSE;
}
if ($this->ExportExcelCustom) {
$this->ExportExcelUrl .= "&custom=1";
}
if (defined("EW_USE_PHPWORD")) {
$this->ExportWordCustom = FALSE;
}
if ($this->ExportWordCustom) {
$this->ExportWordUrl .= "&custom=1";
}
if ($this->ExportPdfCustom) {
$this->ExportPdfUrl .= "&custom=1";
}
$this->CurrentAction = @$_GET["a"] != "" ? $_GET["a"] : @$_POST["a_list"];
// Set up current action
// Setup export options
$this->SetupExportOptions();
$this->AIRPLANE_ID->Visible = !$this->IsAdd() && !$this->IsCopy() && !$this->IsGridAdd();
// Global Page Loading event (in userfn*.php)
Page_Loading();
// Page Load event
$this->Page_Load();
// Check token
if (!$this->ValidPost()) {
echo $Language->Phrase("InvalidPostRequest");
$this->Page_Terminate();
exit;
}
// Create Token
$this->CreateToken();
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->accountId);
// accountId
$this->UpdateSort($this->permissionId);
// permissionId
$this->UpdateSort($this->granted);
// granted
$this->UpdateSort($this->realmId);
// realmId
$this->setStartRecordNumber(1);
// Reset start position
}
}
function Page_Init()
{
global $gsExport, $gsExportFile, $UserProfile, $Language, $Security, $objForm;
// Security
$Security = new cAdvancedSecurity();
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
if (!$Security->IsLoggedIn()) {
$Security->SaveLastUrl();
$this->Page_Terminate("login.php");
}
// Get export parameters
if (@$_GET["export"] != "") {
$this->Export = $_GET["export"];
} elseif (ew_IsHttpPost()) {
if (@$_POST["exporttype"] != "") {
$this->Export = $_POST["exporttype"];
}
} else {
$this->setExportReturnUrl(ew_CurrentUrl());
}
$gsExport = $this->Export;
// Get export parameter, used in header
$gsExportFile = $this->TableVar;
// Get export file, used in header
if (@$_GET["realmid"] != "") {
if ($gsExportFile != "") {
$gsExportFile .= "_";
}
$gsExportFile .= ew_StripSlashes($_GET["realmid"]);
}
if (@$_GET["acctid"] != "") {
if ($gsExportFile != "") {
$gsExportFile .= "_";
}
$gsExportFile .= ew_StripSlashes($_GET["acctid"]);
}
// Setup export options
$this->SetupExportOptions();
$this->CurrentAction = @$_GET["a"] != "" ? $_GET["a"] : @$_POST["a_list"];
// Global Page Loading event (in userfn*.php)
Page_Loading();
// Page Load event
$this->Page_Load();
}
function GetRecordKeys()
{
global $EW_COMPOSITE_KEY_SEPARATOR;
$arKeys = array();
$arKey = array();
if (isset($_POST["key_m"])) {
$arKeys = ew_StripSlashes($_POST["key_m"]);
$cnt = count($arKeys);
} elseif (isset($_GET["key_m"])) {
$arKeys = ew_StripSlashes($_GET["key_m"]);
$cnt = count($arKeys);
} elseif (!empty($_GET) || !empty($_POST)) {
$isPost = ew_IsHttpPost();
if ($isPost && isset($_POST["CARD_TYPE_ID"])) {
$arKeys[] = ew_StripSlashes($_POST["CARD_TYPE_ID"]);
} elseif (isset($_GET["CARD_TYPE_ID"])) {
$arKeys[] = ew_StripSlashes($_GET["CARD_TYPE_ID"]);
} else {
$arKeys = NULL;
}
// Do not setup
//return $arKeys; // Do not return yet, so the values will also be checked by the following code
}
// Check keys
$ar = array();
if (is_array($arKeys)) {
foreach ($arKeys as $key) {
if (!is_numeric($key)) {
continue;
}
$ar[] = $key;
}
}
return $ar;
}
function SetUpSortOrder()
{
// Check for "order" parameter
if (@$_GET["order"] != "") {
$this->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$this->CurrentOrderType = @$_GET["ordertype"];
$this->UpdateSort($this->news_id);
// news_id
$this->UpdateSort($this->news_title);
// news_title
$this->UpdateSort($this->news_date);
// news_date
$this->setStartRecordNumber(1);
// Reset start position
}
}
function Page_Main()
{
global $Customers;
// Load Key Parameters
$sKey = "";
$bSingleDelete = TRUE;
// Initialize as single delete
$nKeySelected = 0;
// Initialize selected key count
$sFilter = "";
if (@$_GET["CustomerID"] != "") {
$Customers->CustomerID->setQueryStringValue($_GET["CustomerID"]);
if (!is_numeric($Customers->CustomerID->QueryStringValue)) {
$this->Page_Terminate("Customerslist.php");
}
// Prevent SQL injection, exit
$sKey .= $Customers->CustomerID->QueryStringValue;
} else {
$bSingleDelete = FALSE;
}
if ($bSingleDelete) {
$nKeySelected = 1;
// Set up key selected count
$this->arRecKeys[0] = $sKey;
} else {
if (isset($_POST["key_m"])) {
// Key in form
$nKeySelected = count($_POST["key_m"]);
// Set up key selected count
$this->arRecKeys = ew_StripSlashes($_POST["key_m"]);
}
}
if ($nKeySelected <= 0) {
$this->Page_Terminate("Customerslist.php");
}
// No key specified, return to list
// Build filter
foreach ($this->arRecKeys as $sKey) {
$sFilter .= "(";
// Set up key field
$sKeyFld = $sKey;
if (!is_numeric($sKeyFld)) {
$this->Page_Terminate("Customerslist.php");
}
// Prevent SQL injection, return to list
$sFilter .= "`CustomerID`=" . ew_AdjustSql($sKeyFld) . " AND ";
if (substr($sFilter, -5) == " AND ") {
$sFilter = substr($sFilter, 0, strlen($sFilter) - 5) . ") OR ";
}
}
if (substr($sFilter, -4) == " OR ") {
$sFilter = substr($sFilter, 0, strlen($sFilter) - 4);
}
// Set up filter (SQL WhHERE clause) and get return SQL
// SQL constructor in SQL constructor in Customers class, Customersinfo.php
$Customers->CurrentFilter = $sFilter;
// Get action
if (@$_POST["a_delete"] != "") {
$Customers->CurrentAction = $_POST["a_delete"];
} else {
$Customers->CurrentAction = "I";
// Display record
}
switch ($Customers->CurrentAction) {
case "D":
// Delete
$Customers->SendEmail = TRUE;
// Send email on delete success
if ($this->DeleteRows()) {
// delete rows
$this->setMessage("Delete succeeded");
// Set up success message
$this->Page_Terminate($Customers->getReturnUrl());
// Return to caller
}
}
}
function SetUpSortOrder()
{
global $Allergies;
// Check for an Order parameter
if (@$_GET["order"] != "") {
$Allergies->CurrentOrder = ew_StripSlashes(@$_GET["order"]);
$Allergies->CurrentOrderType = @$_GET["ordertype"];
$Allergies->UpdateSort($Allergies->id);
// Field
$Allergies->UpdateSort($Allergies->name);
// Field
$Allergies->UpdateSort($Allergies->code);
// Field
$Allergies->setStartRecordNumber(1);
// Reset start position
}
}
function Page_Init()
{
global $gsExport, $gsExportFile, $ZipCode;
global $Security;
$Security = new cAdvancedSecurity();
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
if (!$Security->IsLoggedIn()) {
$Security->SaveLastUrl();
$this->Page_Terminate("login.php");
}
$ZipCode->Export = @$_GET["export"];
// Get export parameter
$gsExport = $ZipCode->Export;
// Get export parameter, used in header
$gsExportFile = $ZipCode->TableVar;
// Get export file, used in header
if (@$_GET["ZipCode"] != "") {
if ($gsExportFile != "") {
$gsExportFile .= "_";
}
$gsExportFile .= ew_StripSlashes($_GET["ZipCode"]);
}
if ($ZipCode->Export == "print" || $ZipCode->Export == "html") {
// Printer friendly or Export to HTML, no action required
}
if ($ZipCode->Export == "excel") {
header('Content-Type: application/vnd.ms-excel;charset=utf-8');
header('Content-Disposition: attachment; filename=' . $gsExportFile . '.xls');
}
if ($ZipCode->Export == "csv") {
header('Content-Type: application/csv;charset=utf-8');
header('Content-Disposition: attachment; filename=' . $gsExportFile . '.csv');
}
// Global page loading event (in userfn6.php)
Page_Loading();
// Page load event, used in current page
$this->Page_Load();
}
function GetRecordKeys()
{
global $EW_COMPOSITE_KEY_SEPARATOR;
$arKeys = array();
$arKey = array();
if (isset($_POST["key_m"])) {
$arKeys = ew_StripSlashes($_POST["key_m"]);
$cnt = count($arKeys);
} elseif (isset($_GET["key_m"])) {
$arKeys = ew_StripSlashes($_GET["key_m"]);
$cnt = count($arKeys);
} elseif (isset($_GET)) {
//return $arKeys; // Do not return yet, so the values will also be checked by the following code
}
// Check keys
$ar = array();
foreach ($arKeys as $key) {
$ar[] = $key;
}
return $ar;
}