public function index()
{
$by = isset($_GET['by']) ? trim($_GET['by']) : '';
$p = isset($_GET['p']) ? intval($_GET['p']) : 1;
$below_ids = getSubRoleId(false);
$below_ids = empty($below_ids) ? -1 : $below_ids;
$d_v_leads = D('LeadsView');
$outdays = M('config')->where('name="leads_outdays"')->getField('value');
$outdate = empty($outdays) ? time() : time() - 86400 * $outdays;
$where = array();
$params = array();
$order = "create_time desc";
$where['have_time'] = array('egt', $outdate);
if ($_GET['desc_order']) {
$order = trim($_GET['desc_order']) . ' desc';
} elseif ($_GET['asc_order']) {
$order = trim($_GET['asc_order']) . ' asc';
}
switch ($by) {
case 'today':
$where['nextstep_time'] = array(array('lt', strtotime(date('Y-m-d', time())) + 86400), array('gt', 0), 'and');
break;
case 'week':
$where['nextstep_time'] = array(array('lt', strtotime(date('Y-m-d', time())) + (date('N', time()) - 1) * 86400), array('gt', 0), 'and');
break;
case 'month':
$where['nextstep_time'] = array(array('lt', strtotime(date('Y-m-01', strtotime('+1 month')))), array('gt', 0), 'and');
break;
case 'd7':
$where['update_time'] = array('lt', strtotime(date('Y-m-d', time())) - 86400 * 6);
break;
case 'd15':
$where['update_time'] = array('lt', strtotime(date('Y-m-d', time())) - 86400 * 14);
break;
case 'd30':
$where['update_time'] = array('lt', strtotime(date('Y-m-d', time())) - 86400 * 29);
break;
case 'add':
$order = 'create_time desc';
break;
case 'update':
$order = 'update_time desc';
break;
case 'sub':
$where['owner_role_id'] = array('in', implode(',', $below_ids));
break;
case 'subcreate':
$where['creator_role_id'] = array('in', implode(',', $below_ids));
break;
case 'public':
unset($where['have_time']);
$where['_string'] = "leads.owner_role_id=0 or leads.have_time < {$outdate}";
break;
case 'deleted':
$where['is_deleted'] = 1;
unset($where['have_time']);
break;
case 'transformed':
$where['is_transformed'] = 1;
break;
case 'me':
$where['owner_role_id'] = session('role_id');
break;
default:
$where['owner_role_id'] = array('in', implode(',', getSubRoleId()));
break;
}
if ($by != 'deleted') {
$where['is_deleted'] = array('neq', 1);
}
if ($by != 'transformed') {
$where['is_transformed'] = array('neq', 1);
}
if (!isset($where['owner_role_id'])) {
if (!isset($where['_string'])) {
$where['owner_role_id'] = array('in', implode(',', getSubRoleId(true)));
} else {
$where['owner_role_id'] = array('in', '0,' . implode(',', getSubRoleId(true)));
}
}
if ($_REQUEST["field"]) {
if (trim($_REQUEST['field']) == "all") {
$field = is_numeric(trim($_REQUEST['search'])) ? 'name|owner_role_id|company|position|saltname|phone|mobile|email|qq|fax|website|source|status|industry|state|zip_code|city|state|description|annual_revenue|no_of_employees|' : 'name|owner_role_id|company|position|saltname|phone|mobile|email|qq|fax|website|source|status|industry|state|zip_code|city|state|description';
} else {
$field = trim($_REQUEST['field']);
}
$field_date = M('Fields')->where('is_main=1 and (model="" or model="leads") and form_type="datetime"')->select();
foreach ($field_date as $v) {
if ($field == $v['field']) {
$search = is_numeric($search) ? $search : strtotime($search);
}
}
if ($this->_request('state')) {
$search = $this->_request('state');
if ($this->_request('city')) {
$search .= chr(10) . $this->_request('city');
}
if ($search) {
$search .= chr(10) . trim($_REQUEST['search']);
}
}
$search = empty($_REQUEST['search']) ? '' : trim($_REQUEST['search']);
$condition = empty($_REQUEST['condition']) ? 'is' : trim($_REQUEST['condition']);
if ('create_time' == $field || 'update_time' == $field) {
$search = is_numeric($search) ? $search : strtotime($search);
}
switch ($condition) {
case "is":
$where[$field] = array('eq', $search);
break;
case "isnot":
$where[$field] = array('neq', $search);
break;
case "contains":
$where[$field] = array('like', '%' . $search . '%');
break;
case "not_contain":
$where[$field] = array('notlike', '%' . $search . '%');
break;
case "start_with":
$where[$field] = array('like', $search . '%');
break;
case "end_with":
$where[$field] = array('like', '%' . $search);
break;
case "is_empty":
$where[$field] = array('eq', '');
break;
case "is_not_empty":
$where[$field] = array('neq', '');
break;
case "gt":
$where[$field] = array('gt', $search);
break;
case "egt":
$where[$field] = array('egt', $search);
break;
case "lt":
$where[$field] = array('lt', $search);
break;
case "elt":
$where[$field] = array('elt', $search);
break;
case "eq":
$where[$field] = array('eq', $search);
break;
case "neq":
$where[$field] = array('neq', $search);
break;
case "between":
$where[$field] = array('between', array($search - 1, $search + 86400));
break;
case "nbetween":
$where[$field] = array('not between', array($search, $search + 86399));
break;
case "tgt":
$where[$field] = array('gt', $search + 86400);
break;
default:
$where[$field] = array('eq', $search);
}
$params = array('field=' . trim($_REQUEST['field']), 'condition=' . $condition, 'search=' . $_REQUEST["search"]);
}
if (trim($_GET['act'] == 'sms')) {
$customer_list = $d_v_leads->where($where)->select();
$contacts = array();
foreach ($customer_list as $k => $v) {
$contacts[] = array('name' => $v['contacts_name'], 'customer_name' => $v['name'], 'telephone' => trim($v['mobile']));
}
$this->contacts = $contacts;
$this->alert = parseAlert();
$this->display('Setting:sendsms');
} elseif (trim($_GET['act']) == 'excel') {
if (vali_permission('leads', 'export')) {
$order = $order ? $order : 'create_time desc';
$leadsList = $d_v_leads->where($where)->order($order)->select();
$this->excelExport($leadsList);
} else {
alert('error', L('HAVE NOT PRIVILEGES'), $_SERVER['HTTP_REFERER']);
}
} else {
$list = $d_v_leads->where($where)->page($p . ',15')->order($order)->select();
$count = $d_v_leads->where($where)->count();
import("@.ORG.Page");
$Page = new Page($count, 15);
if (!empty($_GET['by'])) {
$params[] = 'by=' . trim($_GET['by']);
}
$this->parameter = implode('&', $params);
if ($_GET['desc_order']) {
$params[] = "desc_order=" . trim($_GET['desc_order']);
} elseif ($_GET['asc_order']) {
$params[] = "asc_order=" . trim($_GET['asc_order']);
}
$Page->parameter = implode('&', $params);
$this->assign('page', $Page->show());
if ($by == 'deleted') {
foreach ($list as $k => $v) {
$list[$k]["delete_role"] = getUserByRoleId($v['delete_role_id']);
$list[$k]["owner"] = getUserByRoleId($v['owner_role_id']);
$list[$k]["creator"] = getUserByRoleId($v['creator_role_id']);
}
} elseif ($by == 'transformed') {
foreach ($list as $k => $v) {
$list[$k]["owner"] = getUserByRoleId($v['owner_role_id']);
$list[$k]["creator"] = getUserByRoleId($v['creator_role_id']);
$list[$k]["transform_role"] = getUserByRoleId($v['transform_role_id']);
$list[$k]["business_name"] = M('business')->where('business_id = %d', $v['business_id'])->getField('name');
$list[$k]["contacts_name"] = M('contacts')->where('contacts_id = %d', $v['contacts_id'])->getField('name');
$list[$k]["customer_name"] = M('customer')->where('customer_id = %d', $v['customer_id'])->getField('name');
}
} else {
foreach ($list as $k => $v) {
$days = 0;
$list[$k]["owner"] = D('RoleView')->where('role.role_id = %d', $v['owner_role_id'])->find();
$list[$k]["creator"] = D('RoleView')->where('role.role_id = %d', $v['creator_role_id'])->find();
$days = M('leads')->where('leads_id = %d', $v['leads_id'])->getField('have_time');
$list[$k]["days"] = $outdays - floor((time() - $days) / 86400);
}
}
//get subordinate's and youself position list
$d_role_view = D('RoleView');
$this->role_list = $d_role_view->where('role.role_id in (%s)', implode(',', $below_ids))->select();
$this->assign('leadslist', $list);
$this->field_array = getIndexFields('leads');
$this->field_list = getMainFields('leads');
$this->alert = parseAlert();
$this->display();
}
}
public function index()
{
$product = D('ProductView');
// 实例化User对象
import('@.ORG.Page');
// 导入分页类
$category = M('product_category');
$where = array();
$params = array();
$idArray = array();
if ($_GET['category_id']) {
$categoryList = getSubCategory($_GET['category_id'], $category_list, '');
foreach ($categoryList as $value) {
$idArray[] = $value['category_id'];
}
}
$idList = empty($idArray) ? $_GET['category_id'] : $_GET['category_id'] . ',' . implode(',', $idArray);
$p = isset($_GET['p']) ? $_GET['p'] : 1;
if ($_REQUEST["field"]) {
if (trim($_REQUEST['field']) == "all") {
$field = is_numeric(trim($_REQUEST['search'])) ? 'product.name|cost_price|sales_price|link|pre_sale_count|stock_count' : 'product.name|link|development_team';
} else {
$field = trim($_REQUEST['field']);
}
$search = empty($_REQUEST['search']) ? '' : trim($_REQUEST['search']);
$condition = empty($_REQUEST['condition']) ? 'is' : trim($_REQUEST['condition']);
$field_date = M('Fields')->where('(is_main=1 and model="product" and form_type="datetime") or(is_main=1 and model="" and form_type="datetime")')->select();
foreach ($field_date as $v) {
if ($field == $v['field']) {
$search = is_numeric($search) ? $search : strtotime($search);
}
}
if ($this->_request('state')) {
$search = $this->_request('state');
if ($this->_request('city')) {
$search .= chr(10) . $this->_request('city');
}
if ($search) {
$search .= chr(10) . trim($_REQUEST['search']);
}
}
if (!empty($field)) {
switch ($condition) {
case "is":
$where[$field] = array('eq', $search);
break;
case "isnot":
$where[$field] = array('neq', $search);
break;
case "contains":
$where[$field] = array('like', '%' . $search . '%');
break;
case "not_contain":
$where[$field] = array('notlike', '%' . $search . '%');
break;
case "start_with":
$where[$field] = array('like', $search . '%');
break;
case "end_with":
$where[$field] = array('like', '%' . $search);
break;
case "is_empty":
$where[$field] = array('eq', '');
break;
case "is_not_empty":
$where[$field] = array('neq', '');
break;
case "gt":
$where[$field] = array('gt', $search);
break;
case "egt":
$where[$field] = array('egt', $search);
break;
case "lt":
$where[$field] = array('lt', $search);
break;
case "elt":
$where[$field] = array('elt', $search);
break;
case "eq":
$where[$field] = array('eq', $search);
break;
case "neq":
$where[$field] = array('neq', $search);
break;
case "between":
$where[$field] = array('between', array($search - 1, $search + 86400));
break;
case "nbetween":
$where[$field] = array('not between', array($search, $search + 86399));
break;
case "tgt":
$where[$field] = array('gt', $search + 86400);
break;
default:
$where[$field] = array('eq', $search);
}
}
$params = array('field=' . trim($_REQUEST['field']), 'condition=' . $condition, 'search=' . $_REQUEST["search"]);
}
if ($_GET['category_id']) {
$where['product.category_id'] = array('in', $idList);
if (trim($_GET['act']) == 'excel') {
if (vali_permission('product', 'export')) {
$productList = $product->order('product_id desc')->where($where)->select();
$this->excelExport($productList);
} else {
alert('error', L('HAVE NOT PRIVILEGES'), $_SERVER['HTTP_REFERER']);
}
}
$count = $product->where($where)->count();
$list = $product->order('product_id desc')->where($where)->Page($p . ',15')->select();
} else {
if (trim($_GET['act']) == 'excel') {
if (vali_permission('product', 'export')) {
$productList = $product->order('product_id desc')->where($where)->select();
$this->excelExport($productList);
} else {
alert('error', L('HAVE NOT PRIVILEGES'), $_SERVER['HTTP_REFERER']);
}
}
$count = $product->where($where)->count();
// 查询满足要求的总记录数
$list = $product->order('product_id desc')->where($where)->Page($p . ',15')->select();
}
$m_product_images = M('productImages');
foreach ($list as $k => $v) {
$list[$k]["creator"] = D('RoleView')->where('role.role_id = %d', $v['creator_role_id'])->find();
$list[$k]['path'] = $m_product_images->where('product_id = %d and is_main = 1', $v['product_id'])->getField('path');
}
$Page = new Page($count, 15);
// 实例化分页类 传入总记录数和每页显示的记录数
if (!empty($_GET['category_id'])) {
$params['category_id'] = 'category_id=' . trim($_GET['category_id']);
}
$Page->parameter = implode('&', $params);
$show = $Page->show();
// 分页显示输出
//获取下级和自己的岗位列表,搜索用
$category_list = $category->select();
$this->categoryList = getSubCategory(0, $category_list, '');
//类别选项
$this->field_array = getIndexFields('product');
$this->field_list = getMainFields('product');
$this->assign('list', $list);
// 赋值数据集
$this->assign('page', $show);
// 赋值分页输出
$this->alert = parseAlert();
$this->display();
// 输出模板
}
/**
*商机列表页(默认页面)
*
**/
public function index()
{
$d_v_business = D('BusinessView');
$below_ids = getSubRoleId(false);
$p = isset($_GET['p']) ? intval($_GET['p']) : 1;
$by = isset($_GET['by']) ? trim($_GET['by']) : '';
$where = array();
$params = array();
$order = "create_time desc";
if ($_GET['desc_order']) {
$order = trim($_GET['desc_order']) . ' desc';
} elseif ($_GET['asc_order']) {
$order = trim($_GET['asc_order']) . ' asc';
}
switch ($by) {
case 'create':
$where['creator_role_id'] = session('role_id');
break;
case 'sub':
$where['owner_role_id'] = array('in', implode(',', $below_ids));
break;
case 'subcreate':
$where['creator_role_id'] = array('in', implode(',', $below_ids));
break;
case 'today':
$where['nextstep_time'] = array(array('lt', strtotime(date('Y-m-d', time())) + 86400), array('gt', 0), 'and');
break;
case 'week':
$where['nextstep_time'] = array(array('lt', strtotime(date('Y-m-d', time())) + (8 - date('N', time())) * 86400), array('gt', 0), 'and');
break;
case 'month':
$where['nextstep_time'] = array(array('lt', strtotime(date('Y-m-01', strtotime('+1 month')))), array('gt', 0), 'and');
break;
case 'd7':
$where['update_time'] = array('lt', strtotime(date('Y-m-d', time())) - 86400 * 6);
break;
case 'd15':
$where['update_time'] = array('lt', strtotime(date('Y-m-d', time())) - 86400 * 14);
break;
case 'd30':
$where['update_time'] = array('lt', strtotime(date('Y-m-d', time())) - 86400 * 29);
break;
case 'deleted':
$where['is_deleted'] = 1;
break;
case 'add':
$order = 'create_time desc';
break;
case 'update':
$order = 'update_time desc';
break;
case 'me':
$where['business.owner_role_id'] = session('role_id');
break;
default:
$where['business.owner_role_id'] = array('in', implode(',', getSubRoleId()));
break;
}
// if($by){
// if($by != 'deleted') {
// if(!$_REQUEST["field"] || ($_REQUEST["field"] != 'status_id' && $_REQUEST["field"])) $where['business.status_id'] = array(array('neq', 99), array('neq', 100), 'and');
// }
// }else{
// if(!$_REQUEST["field"] || ($_REQUEST["field"] != 'status_id' && $_REQUEST["field"])) $where['business.status_id'] = array(array('neq', 99), array('neq', 100), 'and');
// }
if (!isset($where['is_deleted'])) {
$where['business.is_deleted'] = 0;
}
if (!isset($where['business.owner_role_id'])) {
$where['business.owner_role_id'] = array('in', implode(',', getSubRoleId()));
}
if ($_REQUEST["field"]) {
if (trim($_REQUEST['field']) == "all") {
$field = is_numeric(trim($_REQUEST['search'])) ? 'name|origin|type|description|estimate_price|gain_rate|gain_cycle|sales_price|product_amount|total_price|estimate_income' : 'name|origin|type|description';
} else {
$field = trim($_REQUEST['field']);
}
$search = empty($_REQUEST['search']) ? '' : trim($_REQUEST['search']);
$condition = empty($_REQUEST['condition']) ? 'is' : trim($_REQUEST['condition']);
$field_date = M('Fields')->where('(is_main=1 and model="" and form_type="datetime") or (is_main=1 and model="business" and form_type="datetime")')->select();
foreach ($field_date as $v) {
if ($field == $v['field']) {
$search = is_numeric($search) ? $search : strtotime($search);
}
}
if ($this->_request('state')) {
$search = $this->_request('state');
if ($this->_request('city')) {
$search .= chr(10) . $this->_request('city');
}
if ($search) {
$search .= chr(10) . trim($_REQUEST['search']);
}
}
switch ($condition) {
case "is":
$where[$field] = array('eq', $search);
break;
case "isnot":
$where[$field] = array('neq', $search);
break;
case "contains":
$where[$field] = array('like', '%' . $search . '%');
break;
case "not_contain":
$where[$field] = array('notlike', '%' . $search . '%');
break;
case "start_with":
$where[$field] = array('like', $search . '%');
break;
case "end_with":
$where[$field] = array('like', '%' . $search);
break;
case "is_empty":
$where[$field] = array('eq', '');
break;
case "is_not_empty":
$where[$field] = array('neq', '');
break;
case "gt":
$where[$field] = array('gt', $search);
break;
case "egt":
$where[$field] = array('egt', $search);
break;
case "lt":
$where[$field] = array('lt', $search);
break;
case "elt":
$where[$field] = array('elt', $search);
break;
case "eq":
$where[$field] = array('eq', $search);
break;
case "neq":
$where[$field] = array('neq', $search);
break;
case "between":
$where[$field] = array('between', array($search - 1, $search + 86400));
break;
case "nbetween":
$where[$field] = array('not between', array($search, $search + 86399));
break;
case "tgt":
$where[$field] = array('gt', $search + 86400);
break;
default:
$where[$field] = array('eq', $search);
}
if ($this->_request('state') || $this->_request('city')) {
$params = array('field=' . trim($_REQUEST['field']), 'state=' . trim($_REQUEST['field']), 'city=' . trim($_REQUEST['field']), 'condition=' . $condition, 'search=' . $where);
} else {
$params = array('field=' . trim($_REQUEST['field']), 'condition=' . $condition, 'search=' . $search);
}
}
$order = empty($order) ? 'business.update_time desc' : $order;
if (trim($_GET['act']) == 'excel') {
if (vali_permission('business', 'export')) {
$businessList = $d_v_business->where($where)->order($order)->select();
$this->excelExport($businessList);
} else {
alert('error', L('HAVE NOT PRIVILEGES'), $_SERVER['HTTP_REFERER']);
}
}
$list = $d_v_business->where($where)->order($order)->page($p . ',15')->select();
$count = $d_v_business->where($where)->count();
import("@.ORG.Page");
$Page = new Page($count, 15);
if (!empty($_GET['by'])) {
$params[] = "by=" . trim($_GET['by']);
}
$this->parameter = implode('&', $params);
if ($_GET['desc_order']) {
$params[] = "desc_order=" . trim($_GET['desc_order']);
} elseif ($_GET['asc_order']) {
$params[] = "asc_order=" . trim($_GET['asc_order']);
}
$Page->parameter = implode('&', $params);
$this->assign('page', $Page->show());
foreach ($list as $key => $value) {
$list[$key]['owner'] = D('RoleView')->where('role.role_id = %d', $value['owner_role_id'])->find();
$list[$key]['creator'] = D('RoleView')->where('role.role_id = %d', $value['creator_role_id'])->find();
$list[$key]['customer_name'] = M('customer')->where('customer_id = %s', $value['customer_id'])->getField('name');
$list[$key]['status_name'] = M('BusinessStatus')->where('status_id = %d', $value['status_id'])->getField('name');
if ($by == 'deleted') {
$list[$key]["delete_role"] = D('RoleView')->where('role.role_id = %d', $value['delete_role_id'])->find();
}
}
$d_role_view = D('RoleView');
$this->role_list = $d_role_view->where('role.role_id in (%s)', implode(',', $below_ids))->select();
$this->customer_list = M('customer')->where('owner_role_id in (%s)', implode(',', getSubRoleId()))->select();
$this->assign('list', $list);
$this->search_field_array = getMainFields('business');
$this->field_array = getIndexFields('business');
$this->alert = parseAlert();
$this->display();
}
public function index()
{
$d_v_customer = D('CustomerView');
$by = isset($_GET['by']) ? trim($_GET['by']) : '';
$below_ids = getSubRoleId(false);
$all_ids = getSubRoleId();
$outdays = M('config')->where('name="customer_outdays"')->getField('value');
$outdate = empty($outdays) ? time() : time() - 86400 * $outdays;
$where = array();
$params = array();
$order = "create_time desc";
if ($_GET['desc_order']) {
$order = trim($_GET['desc_order']) . ' desc';
} elseif ($_GET['asc_order']) {
$order = trim($_GET['asc_order']) . ' asc';
}
switch ($by) {
case 'today':
$where['create_time'] = array('gt', strtotime(date('Y-m-d', time())));
break;
case 'week':
$where['create_time'] = array('gt', strtotime(date('Y-m-d')) - (date('N', time()) - 1) * 86400);
break;
case 'month':
$where['create_time'] = array('gt', strtotime(date('Y-m-01', time())));
break;
case 'add':
$order = 'create_time desc';
break;
case 'update':
$order = 'update_time desc';
break;
case 'sub':
$where['owner_role_id'] = array('in', implode(',', $below_ids));
break;
case 'deleted':
$where['is_deleted'] = 1;
break;
case 'me':
$where['owner_role_id'] = session('role_id');
break;
default:
if ($this->_get('content') == 'resource') {
$where['_string'] = "customer.owner_role_id=0 or customer.update_time < {$outdate}";
$all_ids[] = "";
$where['owner_role_id'] = array('in', $all_ids);
$where['is_locked'] = 0;
} else {
$where['owner_role_id'] = array('in', implode(',', $all_ids));
}
break;
}
if ($by != 'deleted') {
$where['is_deleted'] = array('neq', 1);
}
if (!isset($where['owner_role_id'])) {
if ($by != 'deleted') {
$where['owner_role_id'] = array('in', $all_ids);
}
}
if ($by == 'deleted') {
unset($where['update_time']);
}
if ($this->_get('content') != 'resource') {
if ($by != 'deleted') {
$where['_string'] = 'update_time > ' . $outdate . ' OR is_locked = 1';
}
}
if ($_REQUEST["field"]) {
if (trim($_REQUEST['field']) == "all") {
$field = is_numeric(trim($_REQUEST['search'])) ? 'name|origin|address|email|telephone|website|account_type|industry|annual_revenue|sic_code|ticker_symbol|ownership|rating|description' : 'name|origin|address|email|telephone|website|account_type|industry|annual_revenue|sic_code|ticker_symbol|ownership|rating|description|create_time|update_time';
} else {
$field = trim($_REQUEST['field']);
}
$search = empty($_REQUEST['search']) ? '' : trim($_REQUEST['search']);
$condition = empty($_REQUEST['condition']) ? 'is' : trim($_REQUEST['condition']);
$field_date = M('Fields')->where('is_main=1 and (model="" or model="customer") and form_type="datetime"')->select();
foreach ($field_date as $v) {
if ($field == $v['field']) {
$search = is_numeric($search) ? $search : strtotime($search);
}
}
if ($this->_request('state')) {
$search = $this->_request('state');
if ($this->_request('city')) {
$search .= chr(10) . $this->_request('city');
}
if ($_REQUEST['search']) {
$search .= chr(10) . trim($_REQUEST['search']);
}
}
switch ($condition) {
case "is":
$where[$field] = array('eq', $search);
break;
case "isnot":
$where[$field] = array('neq', $search);
break;
case "contains":
$where[$field] = array('like', '%' . $search . '%');
break;
case "not_contain":
$where[$field] = array('notlike', '%' . $search . '%');
break;
case "start_with":
$where[$field] = array('like', $search . '%');
break;
case "not_start_with":
$where[$field] = array('notlike', $search . '%');
break;
case "end_with":
$where[$field] = array('like', '%' . $search);
break;
case "is_empty":
$where[$field] = array('eq', '');
break;
case "is_not_empty":
$where[$field] = array('neq', '');
break;
case "gt":
$where[$field] = array('gt', $search);
break;
case "egt":
$where[$field] = array('egt', $search);
break;
case "lt":
$where[$field] = array('lt', $search);
break;
case "elt":
$where[$field] = array('elt', $search);
break;
case "eq":
$where[$field] = array('eq', $search);
break;
case "neq":
$where[$field] = array('neq', $search);
break;
case "between":
$where[$field] = array('between', array($search - 1, $search + 86400));
break;
case "nbetween":
$where[$field] = array('not between', array($search, $search + 86399));
break;
case "tgt":
$where[$field] = array('gt', $search + 86400);
break;
default:
$where[$field] = array('eq', $search);
}
$params = array('field=' . trim($_REQUEST['field']), 'condition=' . $condition, 'search=' . $search);
}
if (trim($_GET['act'] == 'sms')) {
$customer_ids = $d_v_customer->where($where)->getField('customer_id', true);
$contacts_ids = M('RContactsCustomer')->where('customer_id in (%s)', implode(',', $customer_ids))->getField('contacts_id', true);
$contacts_ids = implode(',', $contacts_ids);
$contacts = D('ContactsView')->where('contacts.contacts_id in (%s)', $contacts_ids)->select();
$this->contacts = $contacts;
$this->display('Setting:sendsms');
} elseif (trim($_GET['act']) == 'excel') {
if (vali_permission('customer', 'export')) {
$customerList = $d_v_customer->where($where)->order($order)->select();
$this->excelExport($customerList);
} else {
alert('error', L('HAVE NOT PRIVILEGES'), $_SERVER['HTTP_REFERER']);
}
} else {
$p = isset($_GET['p']) ? intval($_GET['p']) : 1;
$list = $d_v_customer->where($where)->order($order)->page($p . ',15')->select();
$count = $d_v_customer->where($where)->count();
import("@.ORG.Page");
$Page = new Page($count, 15);
if (!empty($_GET['by'])) {
$params[] = "by=" . trim($_GET['by']);
}
if (!empty($_GET['content'])) {
$params[] = "content=" . trim($_GET['content']);
}
$this->parameter = implode('&', $params);
if ($_GET['desc_order']) {
$params[] = "desc_order=" . trim($_GET['desc_order']);
} elseif ($_GET['asc_order']) {
$params[] = "asc_order=" . trim($_GET['asc_order']);
}
$Page->parameter = implode('&', $params);
$this->assign('page', $Page->show());
if ($by == 'deleted') {
foreach ($list as $k => $v) {
$list[$k]["delete_role"] = D('RoleView')->where('role.role_id = %d', $v['delete_role_id'])->find();
$list[$k]["creator"] = D('RoleView')->where('role.role_id = %d', $v['creator_role_id'])->find();
$list[$k]["owner"] = D('RoleView')->where('role.role_id = %d', $v['owner_role_id'])->find();
}
} else {
foreach ($list as $k => $v) {
$days = 0;
$list[$k]["owner"] = D('RoleView')->where('role.role_id = %d', $v['owner_role_id'])->find();
$list[$k]["creator"] = D('RoleView')->where('role.role_id = %d', $v['creator_role_id'])->find();
$days = M('Customer')->where('customer_id = %d', $v['customer_id'])->getField('update_time');
$list[$k]["days"] = $outdays - floor((time() - $days) / 86400);
}
}
$this->customerlist = $list;
$this->field_array = getIndexFields('customer');
$this->field_list = getMainFields('customer');
$this->alert = parseAlert();
$this->display();
}
}
$fieldNamesArray = mapFieldNames(true);
// function 'mapFieldNames()' is defined in 'include.inc.php'
$mainFieldsArray = array();
// Define fields that can be designated as "main fields":
foreach ($availableMainFields as $field) {
// variable '$availableMainFields' is defined in 'ini.inc.php'
if (isset($fieldNamesArray[$field])) {
$mainFieldsArray[$field] = $fieldNamesArray[$field];
}
}
// Build properly formatted <option> tag elements from array items given in '$mainFieldsArray':
$mainFieldsOptionTags = buildSelectMenuOptions($mainFieldsArray, "//", "\t\t\t", true);
// function 'buildSelectMenuOptions()' is defined in 'include.inc.php'
// Get the list of "main fields" preferred by the current user:
// 'main_fields' option:
$userMainFieldsArray = getMainFields($userID);
// select all fields that shall be searched when the "main fields" search option is chosen:
// (these fields will also be included as separate entries in the "Quick Search drop-down menu)
foreach ($userMainFieldsArray as $userMainField) {
$mainFieldsOptionTags = preg_replace("/<option([^>]*)>" . $mainFieldsArray[$userMainField] . "<\\/option>/", "<option\\1 selected>" . $mainFieldsArray[$userMainField] . "</option>", $mainFieldsOptionTags);
}
// Cite Options:
// 'use_custom_text_citation_format' option:
if (!empty($userOptionsArray) and $userOptionsArray['use_custom_text_citation_format'] == "yes") {
$useCustomTextCitationFormatChecked = " checked";
} else {
$useCustomTextCitationFormatChecked = "";
}
// 'text_citation_format' option:
if (!empty($userOptionsArray['text_citation_format'])) {
$textCitationFormat = $userOptionsArray['text_citation_format'];
function start_session($updateUserFormatsStylesTypesPermissions)
{
global $databaseBaseURL;
// these variables are defined in 'ini.inc.php'
global $defaultMainFields;
global $filesBaseDir;
global $filesBaseURL;
global $loginEmail;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $abbrevInstitution;
global $lastLogin;
global $referer;
// '$referer' is made globally available from within this function
global $connection;
// Initialize the session:
if (!isset($_SESSION["sessionID"])) {
// Ensure that cookies are enabled:
if (ini_get('session.use_cookies') == 0) {
// if 'session.use_cookies' is OFF for the current directory
ini_set('session.use_cookies', 1);
}
// enable storage of sessions within cookies
session_start();
$sessionID = session_id();
// get the current session ID
if (!empty($sessionID)) {
saveSessionVariable("sessionID", $sessionID);
}
}
// Set the system's locale information:
list($systemLocaleCollate, $systemLocaleCType) = setSystemLocale();
// Set the default timezone used by all date/time functions
// Note: The 'date_default_timezone_set/date_default_timezone_get' functions are available since PHP 5.1.0
if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) {
@date_default_timezone_set(@date_default_timezone_get());
}
// NOTE: Upon first connection to the MySQL server, function 'connectToMySQLDatabase()' will query the
// MySQL server for the MySQL version and save it to a session variable
// Extract session variables (only necessary if register globals is OFF!):
if (isset($_SESSION['loginEmail'])) {
$loginEmail = $_SESSION['loginEmail'];
$loginUserID = $_SESSION['loginUserID'];
$loginFirstName = $_SESSION['loginFirstName'];
$loginLastName = $_SESSION['loginLastName'];
$abbrevInstitution = $_SESSION['abbrevInstitution'];
$lastLogin = $_SESSION['lastLogin'];
} elseif ($updateUserFormatsStylesTypesPermissions) {
// If the user isn't logged in we set the available export formats, citation styles, document types and permissions to
// the defaults which are specified in the 'formats', 'styles', 'types' and 'user_permissions' tables for 'user_id = 0'.
// (a 'user_id' of zero is used within these tables to indicate the default settings if the user isn't logged in)
// NOTE: As an exception, for anyone who isn't logged in, we don't load the default number of records from option
// 'records_per_page' in table 'user_options', but instead use the value given in variable '$defaultNumberOfRecords'
// in 'ini.inc.php'. Similarly, if the user isn't logged in, the list of "main fields" is taken from variable
// '$defaultMainFields' in 'ini.inc.php' and not from option 'main_fields' in table 'user_options. Same holds true
// for variable '$autoCompleteUserInput' vs. option 'show_auto_completions'.
// Get all export formats that were selected by the admin to be visible if a user isn't logged in
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes(0, "format", "export");
// Get all citation formats that were selected by the admin to be visible if a user isn't logged in
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes(0, "format", "cite");
// Get all citation styles that were selected by the admin to be visible if a user isn't logged in
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes(0, "style", "");
// Get all document types that were selected by the admin to be visible if a user isn't logged in
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes(0, "type", "");
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions(0, "user", true);
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView(0);
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords(0);
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions(0);
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields(0);
} else {
// The scripts 'error.php', 'install.php' & 'update.php' use 'start_session(false);' so that they execute without errors
// when there isn't any database yet. However, function 'buildQuickSearchElements()' (which builds the "Quick Search" form
// in the page header) requires the session variable 'userMainFields' to be present. So we take the list of "main fields"
// directly from the global variable '$defaultMainFields' and save it as session variable (we cannot use function
// 'getMainFields()' here since this would require database access):
if (!isset($_SESSION['userMainFields'])) {
saveSessionVariable("userMainFields", $defaultMainFields);
}
}
// Set the referrer:
if (isset($_REQUEST['referer']) and !empty($_REQUEST['referer'])) {
$referer = $_REQUEST['referer'];
} elseif (isset($_SESSION['referer']) and !empty($_SESSION['referer'])) {
$referer = $_SESSION['referer'];
// get the referring URL from the superglobal '$_SESSION' variable (if any)
deleteSessionVariable("referer");
} elseif (isset($_SERVER['HTTP_REFERER']) and !empty($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
} else {
// as an example, the referrer won't be set if a user clicked on a URL of type 'show.php?record=12345' within an email announcement
$referer = "index.php";
}
// if all other attempts fail, we'll re-direct to the main page
// Verify important variables from 'ini.inc.php':
// - Ensure that the given paths/URLs end with a slash:
$databaseBaseURL = checkPath($databaseBaseURL, "URL");
$filesBaseDir = checkPath($filesBaseDir);
$filesBaseURL = checkPath($filesBaseURL, "URL");
}
function check_login($referer, $loginEmail, $loginPassword)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $connection;
global $HeaderString;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $adminLoginEmail;
global $abbrevInstitution;
global $tableAuth, $tableUserData, $tableUsers;
// defined in 'db.inc.php'
global $loc;
// Get the two character salt from the email address collected from the challenge
$salt = substr($loginEmail, 0, 2);
// Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table)
$crypted_password = crypt($loginPassword, $salt);
// CONSTRUCT SQL QUERY:
$query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
if (isset($_SESSION['formVars'])) {
// delete the 'formVars' session variable:
deleteSessionVariable("formVars");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
$userID = $row["user_id"];
// extract the user's userID from the last query
// Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message)
$query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// CONSTRUCT SQL QUERY
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
$row2 = mysql_fetch_array($result);
// EXTRACT results: fetch the one row into the array '$row2'
// Save the fetched user details to the session file:
// Write back session variables:
saveSessionVariable("loginEmail", $loginEmail);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("loginUserID", $row2["user_id"]);
saveSessionVariable("loginFirstName", $row2["first_name"]);
saveSessionVariable("loginLastName", $row2["last_name"]);
saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]);
saveSessionVariable("userLanguage", $row2["language"]);
saveSessionVariable("lastLogin", $row2["last_login"]);
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $row2["user_id"]);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $row2["user_id"]);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Get all user queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($row2["user_id"]);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Get all export formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation styles that were selected previously by the current user
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes($row2["user_id"], "style", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all document types that were selected previously by the current user
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes($row2["user_id"], "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions($row2["user_id"], "user", true);
// function 'getPermissions()' is defined in 'include.inc.php'
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView($row2["user_id"]);
// function 'getDefaultView()' is defined in 'include.inc.php'
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords($row2["user_id"]);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions($row2["user_id"]);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields($row2["user_id"]);
// function 'getMainFields()' is defined in 'include.inc.php'
// We also update the user's entry within the 'users' table:
$query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}";
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) {
header("Location: " . $referer);
} else {
header("Location: index.php");
}
// back to main page
} else {
// Ensure 'loginEmail' is not registered, so the user is not logged in
if (isset($_SESSION['loginEmail'])) {
// delete the 'loginEmail' session variable:
deleteSessionVariable("loginEmail");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
// Save an error message:
$HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
login_page($referer);
}
// -------------------
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
}
function showUserData($userID, $userAction, $connection)
{
global $HeaderString;
global $viewType;
global $loginWelcomeMsg;
global $loginStatus;
global $loginLinks;
global $loginEmail;
global $adminLoginEmail;
global $officialDatabaseName;
global $defaultLanguage;
global $tableUsers;
// defined in 'db.inc.php'
global $loc;
// '$loc' is made globally available in 'core.php'
// CONSTRUCT SQL QUERY:
$query = "SELECT * FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// (3) RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// (4) EXTRACT results (since 'user_id' is the unique primary key for the 'users' table, there will be only one matching row)
$row = @mysql_fetch_array($result);
// Build the correct header message:
if (!isset($_SESSION['HeaderString'])) {
// if there's no saved message
if ($userAction == "Delete") {
// provide an appropriate header message:
$HeaderString = "<b><span class=\"warning\">Delete user</span> " . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . ")</b>:";
} elseif (empty($userID)) {
$HeaderString = "Account details and options for anyone who isn't logged in:";
} else {
// provide the default message:
$HeaderString = "Account details and options for <b>" . encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . $row["email"] . ")</b>:";
}
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// Get the list of "main fields" preferred by the current user:
// NOTE: We have to call function 'getMainFields()' up here since it updates
// session variable 'userMainFields' which gets used in function
// 'buildQuickSearchElements()' (which, in turn, is called from within
// function 'showPageHeader()')
$mainFieldsArray = getMainFields($userID);
// function 'getMainFields()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions:
// (see note for '$mainFieldsArray' which also applies here)
$showAutoCompletions = getPrefAutoCompletions($userID);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Map MySQL field names to localized column names:
$fieldNamesArray = mapFieldNames();
// function 'mapFieldNames()' is defined in 'include.inc.php'
$localizedMainFieldsArray = array();
foreach ($mainFieldsArray as $field) {
if (isset($fieldNamesArray[$field])) {
$localizedMainFieldsArray[$field] = $fieldNamesArray[$field];
} else {
// no localized field name exists, so we use the original field name
$localizedMainFieldsArray[$field] = $field;
}
}
// Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Receipt", "noindex,nofollow", "Receipt page confirming correct entry of user details and options for the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array());
showPageHeader($HeaderString);
// Start main table:
echo "\n<table id=\"accountinfo\" align=\"center\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"95%\" summary=\"This table displays user account details and options\">";
echo "\n<tr>" . "\n\t<td valign=\"top\" width=\"28%\">";
// Start left sub-table:
echo "\n\t\t<table id=\"accountdetails\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account details\">";
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>Account Details:</b></td>";
if (mysql_num_rows($result) == 1) {
// Add edit/delete button:
echo "\n\t\t\t<td align=\"left\">";
// If the admin is logged in, allow the display of a button that will delete the currently shown user:
if (isset($_SESSION['loginEmail']) && $loginEmail == $adminLoginEmail) {
if ($userAction == "Delete") {
echo "<a href=\"user_removal.php?userID=" . $userID . "\"><img src=\"img/delete.gif\" alt=\"" . $loc["delete"] . "\" title=\"" . $loc["LinkTitle_DeleteUser"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
}
if ($userAction != "Delete") {
echo "<a href=\"user_details.php?userID=" . $userID . "\"><img src=\"img/edit.gif\" alt=\"" . $loc["edit"] . "\" title=\"" . $loc["LinkTitle_EditDetails"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
// Display a password reminder:
// (but only if a normal user is logged in -OR- the admin is logged in AND the updated user data are his own!)
if ($loginEmail != $adminLoginEmail | ($loginEmail == $adminLoginEmail && $userID == getUserID($loginEmail))) {
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\"><i>Please record your password somewhere safe for future use!</i></td>\n\t\t</tr>";
}
// Print title, first name, last name and institutional abbreviation:
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\">\n\t\t\t\t";
if (!empty($row["title"])) {
echo $row["title"] . ". ";
}
echo encodeHTML($row["first_name"]) . " " . encodeHTML($row["last_name"]) . " (" . encodeHTML($row["abbrev_institution"]) . ")";
// Since the first name, last name and abbrev. institution fields are mandatory, we don't need to check if they're empty
// Print institution name:
if (!empty($row["institution"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["institution"]);
}
// Print corporate institution name:
if (!empty($row["corporate_institution"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["corporate_institution"]);
}
// If any of the address lines contain data, add a spacer row:
if (!empty($row["address_line_1"]) || !empty($row["address_line_2"]) || !empty($row["address_line_3"]) || !empty($row["zip_code"]) || !empty($row["city"]) || !empty($row["state"]) || !empty($row["country"])) {
echo "\n\t\t\t\t<br>";
}
// Print first address line:
if (!empty($row["address_line_1"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_1"]);
}
// Print second address line:
if (!empty($row["address_line_2"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_2"]);
}
// Print third address line:
if (!empty($row["address_line_3"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["address_line_3"]);
}
// Print zip code and city:
if (!empty($row["zip_code"]) && !empty($row["city"])) {
// both fields are available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["zip_code"]) . " " . encodeHTML($row["city"]);
} elseif (!empty($row["zip_code"]) && empty($row["city"])) {
// only 'zip_code' available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["zip_code"]);
} elseif (empty($row["zip_code"]) && !empty($row["city"])) {
// only 'city' field available
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["city"]);
}
// Print state:
if (!empty($row["state"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["state"]);
}
// Print country:
if (!empty($row["country"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . encodeHTML($row["country"]);
}
// If any of the phone/url/email fields contain data, add a spacer row:
if (!empty($row["phone"]) || !empty($row["url"]) || !empty($row["email"])) {
echo "\n\t\t\t\t<br>";
}
// Print phone number:
if (!empty($row["phone"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "Phone: " . encodeHTML($row["phone"]);
}
// Print URL:
if (!empty($row["url"])) {
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "URL: <a href=\"" . $row["url"] . "\">" . $row["url"] . "</a>";
}
// Print email:
echo "\n\t\t\t\t<br>\n\t\t\t\t" . "Email: <a href=\"mailto:" . $row["email"] . "\">" . $row["email"] . "</a>";
// Since the email field is mandatory, we don't need to check if it's empty
echo "\n\t\t\t</td>\n\t\t</tr>";
} else {
echo "\n\t\t\t<td align=\"right\"></td>\n\t\t</tr>";
echo "\n\t\t<tr>\n\t\t\t<td colspan=\"2\">(none)</td>\n\t\t</tr>";
}
// Close left sub-table:
echo "\n\t\t</table>";
// Close left table cell of main table:
echo "\n\t</td>";
if ($userAction != "Delete") {
// ------------------------------------------------------------
// Start middle table cell of main table:
echo "\n\t<td valign=\"top\">";
// Start middle sub-table:
echo "\n\t\t<table id=\"accountopt\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account options\">";
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>Display Options:</b></td>" . "\n\t\t\t<td align=\"right\">";
if (mysql_num_rows($result) == 1 or $userID == 0) {
// If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in)
echo "<a href=\"user_options.php?userID=" . $userID . "\"><img src=\"img/options.gif\" alt=\"" . $loc["options"] . "\" title=\"" . $loc["LinkTitle_EditOptions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
// Show the user's selected interface language:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Use language:</td>";
if (mysql_num_rows($result) == 1) {
// If there's a user associated with this user ID
echo "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $row["language"] . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>";
} else {
// no user exists with this user ID
echo "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $defaultLanguage . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>";
}
echo "\n\t\t</tr>";
// get the default number of records per page preferred by the current user:
$recordsPerPage = getDefaultNumberOfRecords($userID);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// show the user's default number of records per page:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Show records per page:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $recordsPerPage . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// show the user's preference for displaying auto-completions:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Show auto-completions:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . $loc[$showAutoCompletions] . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
if ($loginEmail == $adminLoginEmail) {
$ShowEnabledDescriptor = "Enabled";
// get all formats/styles/types that are available and were enabled by the admin for the current user:
$userTypesArray = getEnabledUserFormatsStylesTypes($userID, "type", "", false);
// function 'getEnabledUserFormatsStylesTypes()' is defined in 'include.inc.php'
$citationStylesArray = getEnabledUserFormatsStylesTypes($userID, "style", "", false);
$citationFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "cite", false);
$exportFormatsArray = getEnabledUserFormatsStylesTypes($userID, "format", "export", false);
} else {
$ShowEnabledDescriptor = "Show";
// get all formats/styles/types that were selected by the current user
// and (if some formats/styles/types were found) save them as semicolon-delimited string to an appropriate session variable:
$userTypesArray = getVisibleUserFormatsStylesTypes($userID, "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
$citationStylesArray = getVisibleUserFormatsStylesTypes($userID, "style", "");
$citationFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "cite");
$exportFormatsArray = getVisibleUserFormatsStylesTypes($userID, "format", "export");
// Note: the function 'getVisibleUserFormatsStylesTypes()' will only update the appropriate session variables if
// either a normal user is logged in -OR- the admin is logged in AND the updated user data are his own(*);
// otherwise, the function will simply return an array containing all matching values
// (*) the admin-condition won't apply here, though, since this function gets only called for normal users. This means, that
// the admin is currently not able to hide any items from his popup lists via the admin interface (he'll need to hack the MySQL tables)!
}
// list types:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " reference types:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($userTypesArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $userTypesArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list styles:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " citation styles:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($citationStylesArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $citationStylesArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list cite formats:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " citation formats:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($citationFormatsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $citationFormatsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list export formats:
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>" . $ShowEnabledDescriptor . " export formats:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($exportFormatsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $exportFormatsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// list all fields that were selected by the current user as "main fields":
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>\"Main fields\" searches:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>";
if (empty($localizedMainFieldsArray)) {
echo "(none)";
} else {
echo implode("</li>\n\t\t\t\t\t<li>", $localizedMainFieldsArray);
}
echo "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
// Close middle sub-table:
echo "\n\t\t</table>";
// Close middle table cell of main table:
echo "\n\t</td>";
// ------------------------------------------------------------
// Start right table cell of main table:
echo "\n\t<td valign=\"top\">";
// Start right sub-table:
echo "\n\t\t<table id=\"accountperm\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" summary=\"User account permissions\">";
if ($loginEmail == $adminLoginEmail) {
// get all user permissions for the current user:
$userPermissionsArray = getPermissions($userID, "user", false);
// function 'getPermissions()' is defined in 'include.inc.php'
// map raw field names from table 'user_permissions' with items of the global localization array ('$loc'):
$localizedUserPermissionsArray = array('allow_add' => 'UserPermission_AllowAdd', 'allow_edit' => 'UserPermission_AllowEdit', 'allow_delete' => 'UserPermission_AllowDelete', 'allow_download' => 'UserPermission_AllowDownload', 'allow_upload' => 'UserPermission_AllowUpload', 'allow_list_view' => 'UserPermission_AllowListView', 'allow_details_view' => 'UserPermission_AllowDetailsView', 'allow_print_view' => 'UserPermission_AllowPrintView', 'allow_browse_view' => 'UserPermission_AllowBrowseView', 'allow_sql_search' => 'UserPermission_AllowSQLSearch', 'allow_user_groups' => 'UserPermission_AllowUserGroups', 'allow_user_queries' => 'UserPermission_AllowUserQueries', 'allow_rss_feeds' => 'UserPermission_AllowRSSFeeds', 'allow_import' => 'UserPermission_AllowImport', 'allow_export' => 'UserPermission_AllowExport', 'allow_cite' => 'UserPermission_AllowCite', 'allow_batch_import' => 'UserPermission_AllowBatchImport', 'allow_batch_export' => 'UserPermission_AllowBatchExport', 'allow_modify_options' => 'UserPermission_AllowModifyOptions', 'allow_edit_call_number' => 'UserPermission_AllowEditCallNumber');
$enabledUserActionsArray = array();
// initialize array variables
$disabledUserActionsArray = array();
// separate enabled permission settings from disabled ones and assign localized permission names:
foreach ($userPermissionsArray as $permissionKey => $permissionValue) {
if ($permissionValue == 'yes') {
$enabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]];
} else {
$disabledUserActionsArray[] = $loc[$localizedUserPermissionsArray[$permissionKey]];
}
// append this field's localized permission name to the array of disabled user actions
}
if (empty($enabledUserActionsArray)) {
$enabledUserActionsArray[] = "(none)";
}
if (empty($disabledUserActionsArray)) {
$disabledUserActionsArray[] = "(none)";
}
echo "\n\t\t<tr>\n\t\t\t<td align=\"left\"><b>User Permissions:</b></td>" . "\n\t\t\t<td align=\"right\">";
if (mysql_num_rows($result) == 1 or $userID == 0) {
// If there's a user associated with this user ID (or if we're supposed to display options/permissions for anyone who isn't logged in)
echo "<a href=\"user_options.php?userID=" . $userID . "#permissions\"><img src=\"img/options.gif\" alt=\"" . $loc["permissions"] . "\" title=\"" . $loc["LinkTitle_EditPermissions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "</td>\n\t\t</tr>";
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Enabled features:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . implode("</li>\n\t\t\t\t\t<li>", $enabledUserActionsArray) . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
echo "\n\t\t<tr valign=\"top\">" . "\n\t\t\t<td>Disabled features:</td>" . "\n\t\t\t<td>\n\t\t\t\t<ul>\n\t\t\t\t\t<li>" . implode("</li>\n\t\t\t\t\t<li>", $disabledUserActionsArray) . "</li>\n\t\t\t\t</ul>\n\t\t\t</td>" . "\n\t\t</tr>";
}
// Close right sub-table:
echo "\n\t\t</table>";
// Close right table cell of main table:
echo "\n\t</td>";
}
echo "\n</tr>";
// Close main table:
echo "\n</table>";
}