function getLink($table = '', $linkField = '', $pk = '', $id = '', $path = '') { if (!$id || !$table || !$linkField || !$pk) { // default link to return exit; } if (preg_match('/^Lookup: (.*?)::(.*?)::(.*?)$/', $path, $m)) { $linkID = makeSafe(sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'")); $link = sqlValue("select `{$m[3]}` from `{$m[1]}` where `{$m[2]}`='{$linkID}'"); } else { $link = sqlValue("select `{$linkField}` from `{$table}` where `{$pk}`='{$id}'"); } if (!$link) { exit; } if (preg_match('/^(http|ftp)/i', $link)) { // if the link points to an external url, don't prepend path $path = ''; } elseif (!is_file(dirname(__FILE__) . "/{$path}{$link}")) { // if the file doesn't exist in the given path, try to find it without the path $path = ''; } @header("Location: {$path}{$link}"); exit; }
/** * Return file as response * @param $filePath path of file to return * @param $fileName name of file to return */ function forceDownload($filePath, $fileName) { header("Cache-Control: private"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=" . makeSafe(transliterate($fileName))); header("Content-Type: audio/mpeg"); header("Content-length: " . filesize($filePath)); readfile($filePath); }
/** * Deletes a file * @param string The relative folder path to the file */ function delete_file($listdir) { josSpoofCheck(null, null, 'get'); $delFile = makeSafe(mosGetParam($_REQUEST, 'delFile', '')); $fullPath = COM_MEDIA_BASE . $listdir . DIRECTORY_SEPARATOR . stripslashes($delFile); if (file_exists($fullPath)) { unlink($fullPath); } }
public function hate() { $deal_id = makeSafe($this->input->post('did')); if ($this->session->userdata('id_user') != "") { $retData = $this->deal_model->hate($deal_id); } else { $retData = array('DEAL_ID' => $deal_id, 'STAT' => false, 'MSG' => 'Login to avail this faility'); } echo json_encode($retData); }
public function login() { $data['msg'] = ""; $user_name = makeSafe($this->input->post('email')); $user_pass = makeSafe($this->input->post('pass')); if ($this->user_model->check_user($user_name, $user_pass)) { echo 1; } else { echo 0; } }
public function post_comment() { $data = array('DEAL_ID' => makeSafe($this->input->post('did')), 'USER_ID' => $this->session->userdata('id_user'), 'COMMENT' => makeSafe($this->input->post('cmt')), 'IP' => $this->input->ip_address()); $this->db->insert('deal_comments', $data); $dataR['comment_id'] = $this->db->insert_id(); $dataR['comment'] = makeSafe($this->input->post('cmt')); $dataR['user_image'] = $this->session->userdata('user_image_url'); $dataR['full_name'] = $this->session->userdata('full_name'); $dataR['time'] = "Just Now"; return json_encode($dataR); }
/** * This hook function is called when send mail. * @param $mail_info * An array contains mail information : to,cc,bcc,subject,message **/ function smtp_mail($mail_info) { /* include phpmailer library */ require dirname(__FILE__) . "/phpmailer/class.phpmailer.php"; require dirname(__FILE__) . "/phpmailer/class.smtp.php"; /* create mail_log table if it doesn't exist */ $database_tabels = str_split(sqlValue("SHOW TABLES")); $exist = in_array('mail_log', $database_tabels) ? True : False; if (!$exist) { $sql = "CREATE TABLE IF NOT EXISTS `mail_log` (\r\n\t\t\t\t\t`mail_id` int(15) NOT NULL AUTO_INCREMENT,\r\n\t\t\t\t\t`to` varchar(225) NOT NULL,\r\n\t\t\t\t\t`cc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`bcc` varchar(225) NOT NULL,\r\n\t\t\t\t\t`subject` varchar(225) NOT NULL,\r\n\t\t\t\t\t`body` text NOT NULL,\r\n\t\t\t\t\t`senttime` int(15) NOT NULL,\r\n\t\t\t\t\tPRIMARY KEY (`mail_id`)\r\n\t\t\t\t ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;\r\n\t\t\t\t "; sql($sql, $eo); } /* SMTP configuration*/ $mail = new PHPMailer(); $mail->isSMTP(); // telling the class to use SMTP $mail->SMTPAuth = true; // Enable SMTP authentication $mail->isHTML(true); // Set email format to HTML $mail->SMTPDebug = 0; // Enable verbose debug output $mail->Username = SMTP_USER; // SMTP username $mail->Password = SMTP_PASSWORD; // SMTP password $mail->SMTPSecure = SMTP_SECURE; // Enable TLS encryption, `ssl` also accepted $mail->Port = SMTP_PORT; // TCP port to connect to $mail->FromName = SMTP_FROM_NAME; $mail->From = SMTP_FROM; $mail->Host = SMTP_SERVER; // SMTP server $mail->setFrom(SMTP_FROM, SMTP_FROM_NAME); /* send to */ $mail->addAddress($mail_info['to']); $mail->addCC($mail_info['cc']); $mail->addBCC(SMTP_BCC); $mail->Subject = $mail_info['subject']; $mail->Body = $mail_info['message']; if (!$mail->send()) { return FALSE; } /* protect against malicious SQL injection attacks */ $to = makeSafe($mail_info['to']); $cc = makeSafe($mail_info['cc']); $bcc = makeSafe(SMTP_BCC); $subject = makeSafe($mail_info['subject']); $message = makeSafe($mail_info['message']); sql("INSERT INTO `mail_log` (`to`,`cc`,`bcc`,`subject`,`body`,`senttime`) VALUES ('{$to}','{$cc}','{$bcc}','{$subject}','{$message}',unix_timestamp(NOW()))", $eo); return TRUE; }
/** Contact Form **/ function TB_ContactForm($emailTo, $emailCC = FALSE, $sentHeading = 'Your message has been successfully submitted..', $sentMessage = 'We will get back to you asap.') { if (isset($_POST['contact_submit'])) { $error = ""; $fullname = makeSafe($_POST['fullname']); $email = makeSafe($_POST['email']); $phone = makeSafe($_POST['phone']); $message = makesafe($_POST['message']); $subject = "Enquiry from Canareef Resort Maldives"; $from_name = "Canareef"; $from_email = "*****@*****.**"; if (empty($fullname)) { $error['fullname'] = "Your Name"; } if (empty($email) || !isValidEmail($email)) { $error['email'] = "Your Email"; } if (empty($message)) { $error['message'] = "Your Message"; } if (!empty($_POST['antispam'])) { echo '<p>We don’t appreciate spam.</p>'; } elseif (!empty($error)) { TB_DisplayForm($error); } else { $content = __('Name') . ' : ' . $fullname . "\n" . __('Email') . ' : ' . $email . "\n" . __('Phone Number') . ' : ' . $phone . "\n" . __('Message') . " : \n" . $message . "\n\n"; $headers = 'From: =?UTF-8?B?' . base64_encode($fullname) . '?= <' . $email . '>' . "\r\n"; // $headers = 'From: =?UTF-8?B?'.base64_encode($from_name).'?= <'.$from_email.'>'."\r\n"; $emailBCC = ''; if ($emailCC) { $headers .= 'CC: ' . $emailCC . "\r\n"; } if ($emailBCC != '') { $headers .= 'BCC: ' . $emailBCC . "\r\n"; } $headers .= 'Reply-To: ' . $email . "\r\n"; $headers .= 'Content-type: text/plain; charset=UTF-8'; if (mail($emailTo, $subject, $content, $headers)) { echo '<a id="contact-status" name="status"></a>' . "\n"; echo '<p class="tbSuccess">' . __($sentHeading) . ' ' . __($sentMessage) . '</p>' . "\n"; $fullname = ""; $email = ""; $phone = ""; $message = ""; } else { $error['sendemail'] = "Email could not be sent."; } TB_DisplayForm($error); } } else { TB_DisplayForm(); } }
public function activate() { $user_id = $this->input->post('actid'); $act_code = makeSafe($this->input->post('user_input')); $sql = "Select * FROM user_details where md5(USER_ID)='" . makeSafe($user_id) . "' and ACT_CODE='" . $act_code . "'"; $query = $this->db->query($sql); if ($query->num_rows() > 0) { $sql = "UPDATE user_details set ACTIVATED='Y' where md5(USER_ID)='" . makeSafe($user_id) . "' and ACT_CODE='" . $act_code . "'"; $query = $this->db->query($sql); echo "Your account has been activated,Login to your account and post Deals "; } else { return "Invalid Activation COde"; } }
/** Contact Form **/ function TB_ContactForm($emailTo, $emailCC = FALSE, $sentHeading = 'Your message was sent successfully.', $sentMessage = 'We will get back to you soon.') { if (isset($_POST['contact_submit'])) { $error = ""; $fullname = makeSafe($_POST['fullname']); $email = makeSafe($_POST['email']); $phone = makeSafe($_POST['phone']); $message = makesafe($_POST['message']); $subject = "Enquiry from Estadia by Hatten"; if (empty($fullname)) { $error['fullname'] = "Your name"; } if (empty($email) || !isValidEmail($email)) { $error['email'] = "Email Address"; } if (empty($message)) { $error['message'] = "General Enquiry"; } if (!empty($_POST['antispam'])) { echo '<p>We don’t appreciate spam.</p>'; } elseif (!empty($error)) { TB_DisplayForm($error); } else { $content = __('Name') . ' : ' . $fullname . "\n\n" . __('Email Address') . ' : ' . $email . "\n\n" . __('Contact No.') . ' : ' . $phone . "\n\n" . __('General Enquiry') . " : \n\n" . $message . "\n\n"; $headers = 'From: =?UTF-8?B?' . base64_encode($fullname) . '?= <' . $email . '>' . "\r\n"; $emailBCC = ''; if ($emailCC) { $headers .= 'CC: ' . $emailCC . "\r\n"; } if ($emailBCC != '') { $headers .= 'BCC: ' . $emailBCC . "\r\n"; } $headers .= 'Reply-To: ' . $email . "\r\n"; $headers .= 'Content-type: text/plain; charset=UTF-8'; if (mail($emailTo, $subject, $content, $headers)) { echo '<a id="contact-status" name="status"></a>' . "\n"; echo '<p class="tbSuccess">' . __($sentHeading) . ' ' . __($sentMessage) . '</p>' . "\n"; } else { $error['sendemail'] = "Email could not be sent."; } TB_DisplayForm($error); } } else { TB_DisplayForm(); } }
<?php $d = dirname(__FILE__); require "{$d}/incCommon.php"; include "{$d}/incHeader.php"; // process search $memberID = makeSafe(strtolower($_GET['memberID'])); $groupID = intval($_GET['groupID']); $tableName = makeSafe($_GET['tableName']); // process sort $sortDir = $_GET['sortDir'] ? 'desc' : ''; $sort = makeSafe($_GET['sort']); if ($sort != 'dateAdded' && $sort != 'dateUpdated') { // default sort is newly created first $sort = 'dateAdded'; $sortDir = 'desc'; } if ($sort) { $sortClause = "order by {$sort} {$sortDir}"; } if ($memberID != '') { $where .= ($where ? " and " : "") . "r.memberID like '{$memberID}%'"; } if ($groupID != '') { $where .= ($where ? " and " : "") . "g.groupID='{$groupID}'"; } if ($tableName != '') { $where .= ($where ? " and " : "") . "r.tableName='{$tableName}'"; } if ($where) { $where = "where {$where}";
$permissionsJoin = $permissionsWhere ? ", `membership_userrecords`" : ''; // build the count query $forcedWhere = $userPCConfig[$ChildTable][$ChildLookupField]['forced-where']; $query = preg_replace('/^select .* from /i', 'SELECT count(1) FROM ', $userPCConfig[$ChildTable][$ChildLookupField]['query']) . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'"; $totalMatches = sqlValue($query); // make sure $Page is <= max pages $maxPage = ceil($totalMatches / $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']); if ($Page > $maxPage) { $Page = $maxPage; } // initiate output data array $data = array('config' => $userPCConfig[$ChildTable][$ChildLookupField], 'parameters' => array('ChildTable' => $ChildTable, 'ChildLookupField' => $ChildLookupField, 'SelectedID' => $SelectedID, 'Page' => $Page, 'SortBy' => $SortBy, 'SortDirection' => $SortDirection, 'Operation' => 'get-records'), 'records' => array(), 'totalMatches' => $totalMatches); // build the data query if ($totalMatches) { // if we have at least one record, proceed with fetching data $startRecord = $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page'] * ($Page - 1); $data['query'] = $userPCConfig[$ChildTable][$ChildLookupField]['query'] . $permissionsJoin . " WHERE " . ($permissionsWhere ? "( {$permissionsWhere} )" : "( 1=1 )") . " AND " . ($forcedWhere ? "( {$forcedWhere} )" : "( 2=2 )") . " AND " . "`{$ChildTable}`.`{$ChildLookupField}`='" . makeSafe($SelectedID) . "'" . ($SortBy !== false && $userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy] ? " ORDER BY {$userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy]} {$SortDirection}" : '') . " LIMIT {$startRecord}, {$userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']}"; $res = sql($data['query'], $eo); while ($row = db_fetch_row($res)) { $data['records'][$row[$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key-index']]] = $row; } } else { // if no matching records $startRecord = 0; } $response = loadView($userPCConfig[$ChildTable][$ChildLookupField]['template'], $data); // change name space to ensure uniqueness $uniqueNameSpace = $ChildTable . ucfirst($ChildLookupField) . 'GetRecords'; echo str_replace("{$ChildTable}GetChildrenRecordsList", $uniqueNameSpace, $response); /************************************************/ }
function getValueGivenCaption($query, $caption) { if (!preg_match('/select\\s+(.*?)\\s*,\\s*(.*?)\\s+from\\s+(.*?)\\s+order by.*/i', $query, $m)) { if (!preg_match('/select\\s+(.*?)\\s*,\\s*(.*?)\\s+from\\s+(.*)/i', $query, $m)) { return ''; } } // get where clause if present if (preg_match('/\\s+from\\s+(.*?)\\s+where\\s+(.*?)\\s+order by.*/i', $query, $mw)) { $where = "where ({$mw['2']}) AND"; $m[3] = $mw[1]; } else { $where = 'where'; } $caption = makeSafe($caption); return sqlValue("SELECT {$m['1']} FROM {$m['3']} {$where} {$m['2']}='{$caption}'"); }
<?php $currDir = dirname(__FILE__); require "{$currDir}/incCommon.php"; include "{$currDir}/incHeader.php"; if ($_GET['searchGroups'] != "") { $searchSQL = makeSafe($_GET['searchGroups']); $searchHTML = htmlspecialchars($_GET['searchGroups']); $where = "where name like '%{$searchSQL}%' or description like '%{$searchSQL}%'"; } else { $searchSQL = ''; $searchHTML = ''; $where = ""; } $numGroups = sqlValue("select count(1) from membership_groups {$where}"); if (!$numGroups && $searchSQL != '') { echo "<div class=\"status\">{$Translation['no matching results found']}</div>"; $noResults = true; $page = 1; } else { $noResults = false; } $page = intval($_GET['page']); if ($page < 1) { $page = 1; } elseif ($page > ceil($numGroups / $adminConfig['groupsPerPage']) && !$noResults) { redirect("admin/pageViewGroups.php?page=" . ceil($numGroups / $adminConfig['groupsPerPage'])); } $start = ($page - 1) * $adminConfig['groupsPerPage']; ?> <div class="page-header"><h1><?php
function categories_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0) { // function to return an editable form for a table records // and fill it with data of record whose ID is $selected_id. If $selected_id // is empty, an empty form is shown, with only an 'Add New' // button displayed. global $Translation; // mm: get table permissions $arrPerm = getTablePermissions('categories'); if (!$arrPerm[1] && $selected_id == '') { return ''; } $AllowInsert = $arrPerm[1] ? true : false; // print preview? $dvprint = false; if ($selected_id && $_REQUEST['dvprint_x'] != '') { $dvprint = true; } // populate filterers, starting from children to grand-parents // unique random identifier $rnd1 = $dvprint ? rand(1000000, 9999999) : ''; if ($selected_id) { // mm: check member permissions if (!$arrPerm[2]) { return ""; } // mm: who is the owner? $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'"); $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'"); if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) { return ""; } if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) { return ""; } // can edit? if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) { $AllowUpdate = 1; } else { $AllowUpdate = 0; } $res = sql("select * from `categories` where `CategoryID`='" . makeSafe($selected_id) . "'", $eo); if (!($row = db_fetch_array($res))) { return error_message($Translation['No records found']); } $urow = $row; /* unsanitized data */ $hc = new CI_Input(); $row = $hc->xss_clean($row); /* sanitize data */ } else { } ob_start(); ?> <script> // initial lookup values jQuery(function() { }); </script> <?php $lookups = str_replace('__RAND__', $rnd1, ob_get_contents()); ob_end_clean(); // code for template based detail view forms // open the detail view template if ($dvprint) { $templateCode = @file_get_contents('./templates/categories_templateDVP.html'); } else { $templateCode = @file_get_contents('./templates/categories_templateDV.html'); } // process form title $templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Add/Edit Product Categories', $templateCode); $templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode); $templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode); // process buttons if ($arrPerm[1] && !$selected_id) { // allow insert and no record selected? if (!$selected_id) { $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode); } $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode); } // 'Back' button action if ($_REQUEST['Embedded']) { $backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;'; } else { $backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;'; } if ($selected_id) { if (!$_REQUEST['Embedded']) { $templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode); } if ($AllowUpdate) { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode); } if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) { // allow delete? $templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode); } $templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode); $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode); $templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode); } // set records to read only if user can't insert new records and can't edit current record if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) { $jsReadOnly .= "\tjQuery('#Picture').replaceWith('<div class=\"form-control-static\" id=\"Picture\">' + (jQuery('#Picture').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#CategoryName').replaceWith('<div class=\"form-control-static\" id=\"CategoryName\">' + (jQuery('#CategoryName').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('.select2-container').hide();\n"; $noUploads = true; } elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) { $jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);"; // temporarily disable form change handler $jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);"; // re-enable form change handler } // process combos /* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */ $lookup_fields = array(); foreach ($lookup_fields as $luf => $ptfc) { $pt_perm = getTablePermissions($ptfc[0]); // process foreign key links if ($pt_perm['view'] || $pt_perm['edit']) { $templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode); } // if user has insert permission to parent table of a lookup field, put an add new button if ($pt_perm['insert'] && !$_REQUEST['Embedded']) { $templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode); } } // process images $templateCode = str_replace('<%%UPLOADFILE(CategoryID)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Picture)%%>', $noUploads ? '' : '<input type=hidden name=MAX_FILE_SIZE value=204800>' . $Translation['upload image'] . ' <input type="file" name="Picture" id="Picture">', $templateCode); if ($AllowUpdate && $row['Picture'] != '') { $templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '<br><input type="checkbox" name="Picture_remove" id="Picture_remove" value="1"> <label for="Picture_remove" style="color: red; font-weight: bold;">' . $Translation['remove image'] . '</label>', $templateCode); } else { $templateCode = str_replace('<%%REMOVEFILE(Picture)%%>', '', $templateCode); } $templateCode = str_replace('<%%UPLOADFILE(CategoryName)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Description)%%>', '', $templateCode); // process values if ($selected_id) { $templateCode = str_replace('<%%VALUE(CategoryID)%%>', htmlspecialchars($row['CategoryID'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode($urow['CategoryID']), $templateCode); $row['Picture'] = $row['Picture'] != '' ? $row['Picture'] : 'blank.gif'; $templateCode = str_replace('<%%VALUE(Picture)%%>', htmlspecialchars($row['Picture'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(Picture)%%>', urlencode($urow['Picture']), $templateCode); $templateCode = str_replace('<%%VALUE(CategoryName)%%>', htmlspecialchars($row['CategoryName'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode($urow['CategoryName']), $templateCode); if ($AllowUpdate || $AllowInsert) { $templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5">' . htmlspecialchars($row['Description'], ENT_QUOTES, 'iso-8859-1') . '</textarea>', $templateCode); } else { $templateCode = str_replace('<%%HTMLAREA(Description)%%>', $row['Description'], $templateCode); } $templateCode = str_replace('<%%VALUE(Description)%%>', nl2br($row['Description']), $templateCode); $templateCode = str_replace('<%%URLVALUE(Description)%%>', urlencode($urow['Description']), $templateCode); } else { $templateCode = str_replace('<%%VALUE(CategoryID)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(CategoryID)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(Picture)%%>', 'blank.gif', $templateCode); $templateCode = str_replace('<%%VALUE(CategoryName)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(CategoryName)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%HTMLAREA(Description)%%>', '<textarea name="Description" id="Description" rows="5"></textarea>', $templateCode); } // process translations foreach ($Translation as $symbol => $trans) { $templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode); } // clear scrap $templateCode = str_replace('<%%', '<!-- ', $templateCode); $templateCode = str_replace('%%>', ' -->', $templateCode); // hide links to inaccessible tables if ($_POST['dvprint_x'] == '') { $templateCode .= "\n\n<script>\$j(function(){\n"; $arrTables = getTableList(); foreach ($arrTables as $name => $caption) { $templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n"; $templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n"; } $templateCode .= $jsReadOnly; $templateCode .= $jsEditable; if (!$selected_id) { } $templateCode .= "\n});</script>\n"; } // ajaxed auto-fill fields $templateCode .= '<script>'; $templateCode .= '$j(function() {'; $templateCode .= "});"; $templateCode .= "</script>"; $templateCode .= $lookups; // handle enforced parent values for read-only lookup fields // don't include blank images in lightbox gallery $templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode); // don't display empty email links $templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode); // hook: categories_dv if (function_exists('categories_dv')) { $args = array(); categories_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args); } return $templateCode; }
$search_term = false; if (isset($_REQUEST['s'])) { $search_term = iconv('UTF-8', datalist_db_encoding, $_REQUEST['s']); } $page = intval($_REQUEST['p']); if ($page < 1) { $page = 1; } $skip = $results_per_page * ($page - 1); $table_name = $_REQUEST['t']; if (!in_array($table_name, array_keys(getTableList()))) { /* invalid table */ echo '{"results":[{"id":"","text":"Invalid table"}],"more":false,"elapsed":0}'; exit; } /* if id is provided, get owner */ $owner = false; if ($id) { $owner = sqlValue("select memberID from membership_userrecords where tableName='{$table_name}' and pkValue='" . makeSafe($id) . "'"); } $prepared_data = array(); $where = "g.name!='{$adminConfig['anonymousGroup']}' and p.allowView>0 "; if ($search_term) { $search_term = makeSafe($search_term); $where .= "and (u.memberID like '%{$search_term}%' or g.name like '%{$search_term}%')"; } $res = sql("select u.memberID, g.name from membership_users u left join membership_groups g on u.groupID=g.groupID left join membership_grouppermissions p on g.groupID=p.groupID and p.tableName='{$table_name}' where {$where} order by g.name, u.memberID limit {$skip}, {$results_per_page}", $eo); while ($row = db_fetch_row($res)) { $prepared_data[] = array('id' => iconv(datalist_db_encoding, 'UTF-8', $row[0]), 'text' => iconv(datalist_db_encoding, 'UTF-8', "<b>{$row[1]}</b>/{$row[0]}")); } echo json_encode(array('results' => $prepared_data, 'more' => @db_num_rows($res) >= $results_per_page, 'elapsed' => round(microtime(true) - $start_ts, 3)));
require "{$d}/incCommon.php"; // request to save changes? if ($_POST['saveChanges'] != '') { // validate data $recID = intval($_POST['recID']); $memberID = makeSafe(strtolower($_POST['memberID'])); $groupID = intval($_POST['groupID']); ############################### // update ownership $upQry = "UPDATE `membership_userrecords` set memberID='{$memberID}', groupID='{$groupID}' WHERE recID='{$recID}'"; sql($upQry); // redirect to member editing page redirect("pageEditOwnership.php?recID={$recID}"); } elseif ($_GET['recID'] != '') { // we have an edit request for a member $recID = makeSafe($_GET['recID']); } include "{$d}/incHeader.php"; if ($recID != '') { // fetch record data to fill in the form below $res = sql("select * from membership_userrecords where recID='{$recID}'"); if ($row = mysql_fetch_assoc($res)) { // get record data $tableName = $row['tableName']; $pkValue = $row['pkValue']; $memberID = strtolower($row['memberID']); $dateAdded = date($adminConfig['PHPDateTimeFormat'], $row['dateAdded']); $dateUpdated = date($adminConfig['PHPDateTimeFormat'], $row['dateUpdated']); $groupID = $row['groupID']; } else { // no such record exists
function orders_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0) { // function to return an editable form for a table records // and fill it with data of record whose ID is $selected_id. If $selected_id // is empty, an empty form is shown, with only an 'Add New' // button displayed. global $Translation; // mm: get table permissions $arrPerm = getTablePermissions('orders'); if (!$arrPerm[1] && $selected_id == '') { return ''; } $AllowInsert = $arrPerm[1] ? true : false; // print preview? $dvprint = false; if ($selected_id && $_REQUEST['dvprint_x'] != '') { $dvprint = true; } $filterer_CustomerID = thisOr(undo_magic_quotes($_REQUEST['filterer_CustomerID']), ''); $filterer_EmployeeID = thisOr(undo_magic_quotes($_REQUEST['filterer_EmployeeID']), ''); $filterer_ShipVia = thisOr(undo_magic_quotes($_REQUEST['filterer_ShipVia']), ''); // populate filterers, starting from children to grand-parents // unique random identifier $rnd1 = $dvprint ? rand(1000000, 9999999) : ''; // combobox: CustomerID $combo_CustomerID = new DataCombo(); // combobox: EmployeeID $combo_EmployeeID = new DataCombo(); // combobox: OrderDate $combo_OrderDate = new DateCombo(); $combo_OrderDate->DateFormat = "mdy"; $combo_OrderDate->MinYear = 1900; $combo_OrderDate->MaxYear = 2100; $combo_OrderDate->DefaultDate = parseMySQLDate('1', '1'); $combo_OrderDate->MonthNames = $Translation['month names']; $combo_OrderDate->NamePrefix = 'OrderDate'; // combobox: RequiredDate $combo_RequiredDate = new DateCombo(); $combo_RequiredDate->DateFormat = "mdy"; $combo_RequiredDate->MinYear = 1900; $combo_RequiredDate->MaxYear = 2100; $combo_RequiredDate->DefaultDate = parseMySQLDate('1', '1'); $combo_RequiredDate->MonthNames = $Translation['month names']; $combo_RequiredDate->NamePrefix = 'RequiredDate'; // combobox: ShippedDate $combo_ShippedDate = new DateCombo(); $combo_ShippedDate->DateFormat = "mdy"; $combo_ShippedDate->MinYear = 1900; $combo_ShippedDate->MaxYear = 2100; $combo_ShippedDate->DefaultDate = parseMySQLDate('', ''); $combo_ShippedDate->MonthNames = $Translation['month names']; $combo_ShippedDate->NamePrefix = 'ShippedDate'; // combobox: ShipVia $combo_ShipVia = new DataCombo(); if ($selected_id) { // mm: check member permissions if (!$arrPerm[2]) { return ""; } // mm: who is the owner? $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'"); $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'"); if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) { return ""; } if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) { return ""; } // can edit? if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) { $AllowUpdate = 1; } else { $AllowUpdate = 0; } $res = sql("select * from `orders` where `OrderID`='" . makeSafe($selected_id) . "'", $eo); if (!($row = db_fetch_array($res))) { return error_message($Translation['No records found']); } $urow = $row; /* unsanitized data */ $hc = new CI_Input(); $row = $hc->xss_clean($row); /* sanitize data */ $combo_CustomerID->SelectedData = $row['CustomerID']; $combo_EmployeeID->SelectedData = $row['EmployeeID']; $combo_OrderDate->DefaultDate = $row['OrderDate']; $combo_RequiredDate->DefaultDate = $row['RequiredDate']; $combo_ShippedDate->DefaultDate = $row['ShippedDate']; $combo_ShipVia->SelectedData = $row['ShipVia']; } else { $combo_CustomerID->SelectedData = $filterer_CustomerID; $combo_EmployeeID->SelectedData = $filterer_EmployeeID; $combo_ShipVia->SelectedData = $filterer_ShipVia; } $combo_CustomerID->HTML = '<span id="CustomerID-container' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">'; $combo_CustomerID->MatchText = '<span id="CustomerID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">'; $combo_EmployeeID->HTML = '<span id="EmployeeID-container' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">'; $combo_EmployeeID->MatchText = '<span id="EmployeeID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">'; $combo_ShipVia->HTML = '<span id="ShipVia-container' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">'; $combo_ShipVia->MatchText = '<span id="ShipVia-container-readonly' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">'; ob_start(); ?> <script> // initial lookup values var current_CustomerID__RAND__ = { text: "", value: "<?php echo addslashes($selected_id ? $urow['CustomerID'] : $filterer_CustomerID); ?> "}; var current_EmployeeID__RAND__ = { text: "", value: "<?php echo addslashes($selected_id ? $urow['EmployeeID'] : $filterer_EmployeeID); ?> "}; var current_ShipVia__RAND__ = { text: "", value: "<?php echo addslashes($selected_id ? $urow['ShipVia'] : $filterer_ShipVia); ?> "}; jQuery(function() { if(typeof(CustomerID_reload__RAND__) == 'function') CustomerID_reload__RAND__(); if(typeof(EmployeeID_reload__RAND__) == 'function') EmployeeID_reload__RAND__(); if(typeof(ShipVia_reload__RAND__) == 'function') ShipVia_reload__RAND__(); }); function CustomerID_reload__RAND__(){ <?php if (($AllowUpdate || $AllowInsert) && !$dvprint) { ?> jQuery("#CustomerID-container__RAND__").select2({ /* initial default value */ initSelection: function(e, c){ jQuery.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' } }).done(function(resp){ c({ id: resp.results[0].id, text: resp.results[0].text }); jQuery('[name="CustomerID"]').val(resp.results[0].id); jQuery('[id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>'); if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__(); }); }, width: ($j('fieldset .col-xs-11').width() - 99) + 'px', formatNoMatches: function(term){ return '<?php echo addslashes($Translation['No matches found!']); ?> '; }, minimumResultsForSearch: 10, loadMorePadding: 200, ajax: { url: 'ajax_combo.php', dataType: 'json', cache: true, data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'CustomerID' }; }, results: function(resp, page){ return resp; } } }).on('change', function(e){ current_CustomerID__RAND__.value = e.added.id; current_CustomerID__RAND__.text = e.added.text; jQuery('[name="CustomerID"]').val(e.added.id); if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__(); }); if(!$j("#CustomerID-container__RAND__").length){ $j.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' } }).done(function(resp){ $j('[name="CustomerID"]').val(resp.results[0].id); $j('[id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>'); if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__(); }); } <?php } else { ?> jQuery.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_CustomerID__RAND__.value, t: 'orders', f: 'CustomerID' } }).done(function(resp){ jQuery('[id=CustomerID-container__RAND__], [id=CustomerID-container-readonly__RAND__]').html('<span id="CustomerID-match-text">' + resp.results[0].text + '</span>'); if(typeof(CustomerID_update_autofills__RAND__) == 'function') CustomerID_update_autofills__RAND__(); }); <?php } ?> } function EmployeeID_reload__RAND__(){ <?php if (($AllowUpdate || $AllowInsert) && !$dvprint) { ?> jQuery("#EmployeeID-container__RAND__").select2({ /* initial default value */ initSelection: function(e, c){ jQuery.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' } }).done(function(resp){ c({ id: resp.results[0].id, text: resp.results[0].text }); jQuery('[name="EmployeeID"]').val(resp.results[0].id); jQuery('[id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>'); if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__(); }); }, width: ($j('fieldset .col-xs-11').width() - 99) + 'px', formatNoMatches: function(term){ return '<?php echo addslashes($Translation['No matches found!']); ?> '; }, minimumResultsForSearch: 10, loadMorePadding: 200, ajax: { url: 'ajax_combo.php', dataType: 'json', cache: true, data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'EmployeeID' }; }, results: function(resp, page){ return resp; } } }).on('change', function(e){ current_EmployeeID__RAND__.value = e.added.id; current_EmployeeID__RAND__.text = e.added.text; jQuery('[name="EmployeeID"]').val(e.added.id); if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__(); }); if(!$j("#EmployeeID-container__RAND__").length){ $j.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' } }).done(function(resp){ $j('[name="EmployeeID"]').val(resp.results[0].id); $j('[id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>'); if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__(); }); } <?php } else { ?> jQuery.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_EmployeeID__RAND__.value, t: 'orders', f: 'EmployeeID' } }).done(function(resp){ jQuery('[id=EmployeeID-container__RAND__], [id=EmployeeID-container-readonly__RAND__]').html('<span id="EmployeeID-match-text">' + resp.results[0].text + '</span>'); if(typeof(EmployeeID_update_autofills__RAND__) == 'function') EmployeeID_update_autofills__RAND__(); }); <?php } ?> } function ShipVia_reload__RAND__(){ <?php if (($AllowUpdate || $AllowInsert) && !$dvprint) { ?> jQuery("#ShipVia-container__RAND__").select2({ /* initial default value */ initSelection: function(e, c){ jQuery.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' } }).done(function(resp){ c({ id: resp.results[0].id, text: resp.results[0].text }); jQuery('[name="ShipVia"]').val(resp.results[0].id); jQuery('[id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>'); if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__(); }); }, width: ($j('fieldset .col-xs-11').width() - 99) + 'px', formatNoMatches: function(term){ return '<?php echo addslashes($Translation['No matches found!']); ?> '; }, minimumResultsForSearch: 10, loadMorePadding: 200, ajax: { url: 'ajax_combo.php', dataType: 'json', cache: true, data: function(term, page){ return { s: term, p: page, t: 'orders', f: 'ShipVia' }; }, results: function(resp, page){ return resp; } } }).on('change', function(e){ current_ShipVia__RAND__.value = e.added.id; current_ShipVia__RAND__.text = e.added.text; jQuery('[name="ShipVia"]').val(e.added.id); if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__(); }); if(!$j("#ShipVia-container__RAND__").length){ $j.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' } }).done(function(resp){ $j('[name="ShipVia"]').val(resp.results[0].id); $j('[id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>'); if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__(); }); } <?php } else { ?> jQuery.ajax({ url: 'ajax_combo.php', dataType: 'json', data: { id: current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' } }).done(function(resp){ jQuery('[id=ShipVia-container__RAND__], [id=ShipVia-container-readonly__RAND__]').html('<span id="ShipVia-match-text">' + resp.results[0].text + '</span>'); if(typeof(ShipVia_update_autofills__RAND__) == 'function') ShipVia_update_autofills__RAND__(); }); <?php } ?> } </script> <?php $lookups = str_replace('__RAND__', $rnd1, ob_get_contents()); ob_end_clean(); // code for template based detail view forms // open the detail view template if ($dvprint) { $templateCode = @file_get_contents('./templates/orders_templateDVP.html'); } else { $templateCode = @file_get_contents('./templates/orders_templateDV.html'); } // process form title $templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode); $templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode); $templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode); // process buttons if ($arrPerm[1] && !$selected_id) { // allow insert and no record selected? if (!$selected_id) { $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode); } $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode); } // 'Back' button action if ($_REQUEST['Embedded']) { $backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;'; } else { $backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;'; } if ($selected_id) { if (!$_REQUEST['Embedded']) { $templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode); } if ($AllowUpdate) { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return orders_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode); } if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) { // allow delete? $templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode); } $templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode); $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode); $templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode); } // set records to read only if user can't insert new records and can't edit current record if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) { $jsReadOnly .= "\tjQuery('#CustomerID').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n"; $jsReadOnly .= "\tjQuery('#CustomerID_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n"; $jsReadOnly .= "\tjQuery('#EmployeeID').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n"; $jsReadOnly .= "\tjQuery('#EmployeeID_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n"; $jsReadOnly .= "\tjQuery('#OrderDate').prop('readonly', true);\n"; $jsReadOnly .= "\tjQuery('#OrderDateDay, #OrderDateMonth, #OrderDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n"; $jsReadOnly .= "\tjQuery('#RequiredDate').prop('readonly', true);\n"; $jsReadOnly .= "\tjQuery('#RequiredDateDay, #RequiredDateMonth, #RequiredDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n"; $jsReadOnly .= "\tjQuery('#ShippedDate').prop('readonly', true);\n"; $jsReadOnly .= "\tjQuery('#ShippedDateDay, #ShippedDateMonth, #ShippedDateYear').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n"; $jsReadOnly .= "\tjQuery('#ShipVia').prop('disabled', true).css({ color: '#555', backgroundColor: '#fff' });\n"; $jsReadOnly .= "\tjQuery('#ShipVia_caption').prop('disabled', true).css({ color: '#555', backgroundColor: 'white' });\n"; $jsReadOnly .= "\tjQuery('#Freight').replaceWith('<div class=\"form-control-static\" id=\"Freight\">' + (jQuery('#Freight').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('.select2-container').hide();\n"; $noUploads = true; } elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) { $jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);"; // temporarily disable form change handler $jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);"; // re-enable form change handler } // process combos $templateCode = str_replace('<%%COMBO(CustomerID)%%>', $combo_CustomerID->HTML, $templateCode); $templateCode = str_replace('<%%COMBOTEXT(CustomerID)%%>', $combo_CustomerID->MatchText, $templateCode); $templateCode = str_replace('<%%URLCOMBOTEXT(CustomerID)%%>', urlencode($combo_CustomerID->MatchText), $templateCode); $templateCode = str_replace('<%%COMBO(EmployeeID)%%>', $combo_EmployeeID->HTML, $templateCode); $templateCode = str_replace('<%%COMBOTEXT(EmployeeID)%%>', $combo_EmployeeID->MatchText, $templateCode); $templateCode = str_replace('<%%URLCOMBOTEXT(EmployeeID)%%>', urlencode($combo_EmployeeID->MatchText), $templateCode); $templateCode = str_replace('<%%COMBO(OrderDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_OrderDate->GetHTML(true) . '</div>' : $combo_OrderDate->GetHTML(), $templateCode); $templateCode = str_replace('<%%COMBOTEXT(OrderDate)%%>', $combo_OrderDate->GetHTML(true), $templateCode); $templateCode = str_replace('<%%COMBO(RequiredDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_RequiredDate->GetHTML(true) . '</div>' : $combo_RequiredDate->GetHTML(), $templateCode); $templateCode = str_replace('<%%COMBOTEXT(RequiredDate)%%>', $combo_RequiredDate->GetHTML(true), $templateCode); $templateCode = str_replace('<%%COMBO(ShippedDate)%%>', $selected_id && !$arrPerm[3] ? '<div class="form-control-static">' . $combo_ShippedDate->GetHTML(true) . '</div>' : $combo_ShippedDate->GetHTML(), $templateCode); $templateCode = str_replace('<%%COMBOTEXT(ShippedDate)%%>', $combo_ShippedDate->GetHTML(true), $templateCode); $templateCode = str_replace('<%%COMBO(ShipVia)%%>', $combo_ShipVia->HTML, $templateCode); $templateCode = str_replace('<%%COMBOTEXT(ShipVia)%%>', $combo_ShipVia->MatchText, $templateCode); $templateCode = str_replace('<%%URLCOMBOTEXT(ShipVia)%%>', urlencode($combo_ShipVia->MatchText), $templateCode); /* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */ $lookup_fields = array('CustomerID' => array('customers', 'Customer'), 'EmployeeID' => array('employees', 'Employee'), 'ShipVia' => array('shippers', 'Ship Via')); foreach ($lookup_fields as $luf => $ptfc) { $pt_perm = getTablePermissions($ptfc[0]); // process foreign key links if ($pt_perm['view'] || $pt_perm['edit']) { $templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode); } // if user has insert permission to parent table of a lookup field, put an add new button if ($pt_perm['insert'] && !$_REQUEST['Embedded']) { $templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode); } } // process images $templateCode = str_replace('<%%UPLOADFILE(OrderID)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(CustomerID)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(EmployeeID)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(OrderDate)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(RequiredDate)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(ShippedDate)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(ShipVia)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Freight)%%>', '', $templateCode); // process values if ($selected_id) { $templateCode = str_replace('<%%VALUE(OrderID)%%>', htmlspecialchars($row['OrderID'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(OrderID)%%>', urlencode($urow['OrderID']), $templateCode); $templateCode = str_replace('<%%VALUE(CustomerID)%%>', htmlspecialchars($row['CustomerID'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode($urow['CustomerID']), $templateCode); $templateCode = str_replace('<%%VALUE(EmployeeID)%%>', htmlspecialchars($row['EmployeeID'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(EmployeeID)%%>', urlencode($urow['EmployeeID']), $templateCode); $templateCode = str_replace('<%%VALUE(OrderDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['OrderDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode); $templateCode = str_replace('<%%URLVALUE(OrderDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['OrderDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode); $templateCode = str_replace('<%%VALUE(RequiredDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['RequiredDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode); $templateCode = str_replace('<%%URLVALUE(RequiredDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['RequiredDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode); $templateCode = str_replace('<%%VALUE(ShippedDate)%%>', @date('m/d/Y', @strtotime(htmlspecialchars($row['ShippedDate'], ENT_QUOTES, 'iso-8859-1'))), $templateCode); $templateCode = str_replace('<%%URLVALUE(ShippedDate)%%>', urlencode(@date('m/d/Y', @strtotime(htmlspecialchars($urow['ShippedDate'], ENT_QUOTES, 'iso-8859-1')))), $templateCode); $templateCode = str_replace('<%%VALUE(ShipVia)%%>', htmlspecialchars($row['ShipVia'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(ShipVia)%%>', urlencode($urow['ShipVia']), $templateCode); $templateCode = str_replace('<%%VALUE(Freight)%%>', htmlspecialchars($row['Freight'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(Freight)%%>', urlencode($urow['Freight']), $templateCode); } else { $templateCode = str_replace('<%%VALUE(OrderID)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(OrderID)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(CustomerID)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(EmployeeID)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(EmployeeID)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(OrderDate)%%>', '1', $templateCode); $templateCode = str_replace('<%%URLVALUE(OrderDate)%%>', urlencode('1'), $templateCode); $templateCode = str_replace('<%%VALUE(RequiredDate)%%>', '1', $templateCode); $templateCode = str_replace('<%%URLVALUE(RequiredDate)%%>', urlencode('1'), $templateCode); $templateCode = str_replace('<%%VALUE(ShippedDate)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(ShippedDate)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(ShipVia)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(ShipVia)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(Freight)%%>', '0', $templateCode); $templateCode = str_replace('<%%URLVALUE(Freight)%%>', urlencode('0'), $templateCode); } // process translations foreach ($Translation as $symbol => $trans) { $templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode); } // clear scrap $templateCode = str_replace('<%%', '<!-- ', $templateCode); $templateCode = str_replace('%%>', ' -->', $templateCode); // hide links to inaccessible tables if ($_POST['dvprint_x'] == '') { $templateCode .= "\n\n<script>\$j(function(){\n"; $arrTables = getTableList(); foreach ($arrTables as $name => $caption) { $templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n"; $templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n"; } $templateCode .= $jsReadOnly; $templateCode .= $jsEditable; if (!$selected_id) { } $templateCode .= "\n});</script>\n"; } // ajaxed auto-fill fields $templateCode .= '<script>'; $templateCode .= '$j(function() {'; $templateCode .= "\tCustomerID_update_autofills{$rnd1} = function(){\n"; $templateCode .= "\t\tnew Ajax.Request(\n"; if ($dvprint) { $templateCode .= "\t\t\t'orders_autofill.php?rnd1={$rnd1}&mfk=CustomerID&id='+encodeURIComponent('" . addslashes($row['CustomerID']) . "'),\n"; $templateCode .= "\t\t\t{encoding: 'iso-8859-1', method: 'get'}\n"; } else { $templateCode .= "\t\t\t'orders_autofill.php?rnd1={$rnd1}&mfk=CustomerID&id=' + encodeURIComponent(current_CustomerID{$rnd1}.value),\n"; $templateCode .= "\t\t\t{encoding: 'iso-8859-1', method: 'get', onCreate: function(){ \$('CustomerID{$rnd1}').disable(); \$('CustomerIDLoading').innerHTML='<img src=loading.gif align=top>'; }, onComplete: function(){" . ($arrPerm[1] || ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) ? "\$('CustomerID{$rnd1}').enable(); " : "\$('CustomerID{$rnd1}').disable(); ") . "\$('CustomerIDLoading').innerHTML='';}}\n"; } $templateCode .= "\t\t);\n"; $templateCode .= "\t};\n"; if (!$dvprint) { $templateCode .= "\tif(\$('CustomerID_caption') != undefined) \$('CustomerID_caption').onchange=CustomerID_update_autofills{$rnd1};\n"; } $templateCode .= "});"; $templateCode .= "</script>"; $templateCode .= $lookups; // handle enforced parent values for read-only lookup fields // don't include blank images in lightbox gallery $templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode); // don't display empty email links $templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode); // hook: orders_dv if (function_exists('orders_dv')) { $args = array(); orders_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args); } return $templateCode; }
$custom3 = makeSafe($_POST['custom3']); $custom4 = makeSafe($_POST['custom4']); $MySQLDateFormat = makeSafe($_POST['MySQLDateFormat']); $PHPDateFormat = makeSafe($_POST['PHPDateFormat']); $PHPDateTimeFormat = makeSafe($_POST['PHPDateTimeFormat']); $groupsPerPage = intval($_POST['groupsPerPage']) ? intval($_POST['groupsPerPage']) : $adminConfig['groupsPerPage']; $membersPerPage = intval($_POST['membersPerPage']) ? intval($_POST['membersPerPage']) : $adminConfig['membersPerPage']; $recordsPerPage = intval($_POST['recordsPerPage']) ? intval($_POST['recordsPerPage']) : $adminConfig['recordsPerPage']; $defaultSignUp = intval($_POST['visitorSignup']); $anonymousGroup = makeSafe($_POST['anonymousGroup']); $anonymousMember = makeSafe($_POST['anonymousMember']); $senderEmail = isEmail($_POST['senderEmail']); $senderName = makeSafe($_POST['senderName']); $approvalMessage = makeSafe($_POST['approvalMessage']); //$approvalMessage=str_replace(array("\r", "\n"), '\n', $approvalMessage); $approvalSubject = makeSafe($_POST['approvalSubject']); // save changes if (!($fp = @fopen($conFile, "w"))) { errorMsg("Couldn't create the file '{$conFile}'. Please make sure the directory is writeable (Try chmoding it to 755 or 777)."); include "{$d}/incFooter.php"; } else { fwrite($fp, "<?php\n\t"); fwrite($fp, "\$adminConfig['adminUsername']='******';\n\t"); fwrite($fp, "\$adminConfig['adminPassword']='******';\n\t"); fwrite($fp, "\$adminConfig['notifyAdminNewMembers']={$notifyAdminNewMembers};\n\t"); fwrite($fp, "\$adminConfig['defaultSignUp']={$defaultSignUp};\n\t"); fwrite($fp, "\$adminConfig['anonymousGroup']='{$anonymousGroup}';\n\t"); fwrite($fp, "\$adminConfig['anonymousMember']='{$anonymousMember}';\n\t"); fwrite($fp, "\$adminConfig['groupsPerPage']={$groupsPerPage};\n\t"); fwrite($fp, "\$adminConfig['membersPerPage']={$membersPerPage};\n\t"); fwrite($fp, "\$adminConfig['recordsPerPage']={$recordsPerPage};\n\t");
<?php $d = dirname(__FILE__); require "{$d}/incCommon.php"; include "{$d}/incHeader.php"; // process search if ($_GET['searchMembers'] != "") { $searchSQL = makeSafe($_GET['searchMembers']); $searchHTML = htmlspecialchars($_GET['searchMembers']); $searchField = intval($_GET['searchField']); $searchFieldName = array_search($searchField, array('m.memberID' => 1, 'g.name' => 2, 'm.email' => 3, 'm.custom1' => 4, 'm.custom2' => 5, 'm.custom3' => 6, 'm.custom4' => 7, 'm.comments' => 8)); if (!$searchFieldName) { // = search all fields $where = "where (m.memberID like '%{$searchSQL}%' or g.name like '%{$searchSQL}%' or m.email like '%{$searchSQL}%' or m.custom1 like '%{$searchSQL}%' or m.custom2 like '%{$searchSQL}%' or m.custom3 like '%{$searchSQL}%' or m.custom4 like '%{$searchSQL}%' or m.comments like '%{$searchSQL}%')"; } else { // = search a specific field $where = "where ({$searchFieldName} like '%{$searchSQL}%')"; } } else { $searchSQL = ''; $searchHTML = ''; $searchField = 0; $searchFieldName = ''; $where = ""; } // process groupID filter $groupID = intval($_GET['groupID']); if ($groupID) { if ($where != '') { $where .= " and (g.groupID='{$groupID}')"; } else {
$perm = getTablePermissions($table_name); if (!$perm[0] && !$search_id) { die('{ "error": "' . addslashes($Translation['tableAccessDenied']) . '" }'); } $field = $lookups[$table_name][$field_name]; $wheres = array(); // search term provided? if ($search_term) { $wheres[] = "{$field['parent_caption']} like '%{$search_term}%'"; } // any filterers specified? if (is_array($field['filterers'])) { foreach ($field['filterers'] as $filterer => $filterer_parent) { $get = isset($_REQUEST["filterer_{$filterer}"]) ? $_REQUEST["filterer_{$filterer}"] : false; if ($get) { $wheres[] = "`{$field['parent_table']}`.`{$filterer_parent}`='" . makeSafe($get) . "'"; } } } // inherit permissions? if ($field['inherit_permissions']) { $inherit = permissions_sql($field['parent_table']); if ($inherit === false && !$search_id) { die($Translation['tableAccessDenied']); } if ($inherit['where']) { $wheres[] = $inherit['where']; } if ($inherit['from']) { $field['parent_from'] .= ", {$inherit['from']}"; }
foreach ($table_captions as $tn => $tc) { $eo['silentErrors'] = true; $res = sql("show columns from `{$tn}`", $eo); if ($res) { while ($row = db_fetch_assoc($res)) { if (!isset($schema[$tn][$row['Field']]['appgini'])) { continue; } $field_description = strtoupper(str_replace(' ', '', $row['Type'])); $field_description = str_ireplace('unsigned', ' unsigned', $field_description); $field_description = str_ireplace('zerofill', ' zerofill', $field_description); $field_description = str_ireplace('binary', ' binary', $field_description); $field_description .= $row['Null'] == 'NO' ? ' not null' : ''; $field_description .= $row['Key'] == 'PRI' ? ' primary key' : ''; $field_description .= $row['Key'] == 'UNI' ? ' unique' : ''; $field_description .= $row['Default'] != '' ? " default '" . makeSafe($row['Default']) . "'" : ''; $field_description .= $row['Extra'] == 'auto_increment' ? ' auto_increment' : ''; $schema[$tn][$row['Field']]['db'] = ''; if (isset($schema[$tn][$row['Field']])) { $schema[$tn][$row['Field']]['db'] = $field_description; } } } } ?> <?php if ($field_added || $field_updated) { ?> <div class="alert alert-info alert-dismissable"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<?php $currDir = dirname(__FILE__); require "{$currDir}/incCommon.php"; // get groupID of anonymous group $anonGroupID = sqlValue("select groupID from membership_groups where name='" . $adminConfig['anonymousGroup'] . "'"); // request to save changes? if ($_POST['saveChanges'] != '') { // validate data $name = makeSafe($_POST['name']); $description = makeSafe($_POST['description']); switch ($_POST['visitorSignup']) { case 0: $allowSignup = 0; $needsApproval = 1; break; case 2: $allowSignup = 1; $needsApproval = 0; break; default: $allowSignup = 1; $needsApproval = 1; } ############################### $customers_insert = checkPermissionVal('customers_insert'); $customers_view = checkPermissionVal('customers_view'); $customers_edit = checkPermissionVal('customers_edit'); $customers_delete = checkPermissionVal('customers_delete'); ############################### $employees_insert = checkPermissionVal('employees_insert');
$upQry = "UPDATE `membership_users` set memberID='{$memberID}', passMD5=" . ($password != '' ? "'" . md5($password) . "'" : "passMD5") . ", email='{$email}', groupID='{$groupID}', isBanned='{$isBanned}', isApproved='{$isApproved}', custom1='{$custom1}', custom2='{$custom2}', custom3='{$custom3}', custom4='{$custom4}', comments='{$comments}' WHERE lcase(memberID)='{$oldMemberID}'"; sql($upQry); // if memberID was changed, update membership_userrecords if ($oldMemberID != $memberID) { sql("update membership_userrecords set memberID='{$memberID}' where lcase(memberID)='{$oldMemberID}'"); } // is member was approved, notify him if ($isApproved && !$oldIsApproved) { notifyMemberApproval($memberID); } } // redirect to member editing page redirect("pageEditMember.php?memberID={$memberID}"); } elseif ($_GET['memberID'] != '') { // we have an edit request for a member $memberID = makeSafe(strtolower($_GET['memberID'])); } elseif ($_GET['groupID'] != '') { $groupID = intval($_GET['groupID']); $addend = " to '" . sqlValue("select name from membership_groups where groupID='{$groupID}'") . "'"; } include "{$d}/incHeader.php"; if ($memberID != '') { // fetch group data to fill in the form below $res = sql("select * from membership_users where lcase(memberID)='{$memberID}'"); if ($row = mysql_fetch_assoc($res)) { // get member data $email = $row['email']; $groupID = $row['groupID']; $isApproved = $row['isApproved']; $isBanned = $row['isBanned']; $custom1 = htmlspecialchars($row['custom1']);
<?php echo JText::_('NNEM_TITLE_DOWNGRADE'); ?> </span> </span></span> </div> <div class="pro_installed data hide"> <span class="pro_no_access data hide"> <span class="btn btn-small btn-danger disabled hasPopover" data-trigger="hover" data-placement="right" title="<?php echo makeSafe('<span class="icon-warning"></span> ' . JText::_('NNEM_COMMENT')); ?> " data-content="<?php echo makeSafe(JText::_('NNEM_COMMENT_NO_PRO')); ?> "> <span class="icon-upload"></span> <?php echo JText::_('NNEM_TITLE_UPDATE'); ?> </span> </span> </div> <span class="hidden-tablet hidden-desktop nowrap"> <div class="clearfix"></div> <span class="changelog data hide"> <a href="https://www.nonumber.nl/<?php echo $item->id; ?> #changelog" target="_blank">
if (function_exists('order_details_init')) { $args = array(); $render = order_details_init($x, getMemberInfo(), $args); } if ($render) { $x->Render(); } // column sums if (strpos($x->HTML, '<!-- tv data below -->')) { // if printing multi-selection TV, calculate the sum only for the selected records if (isset($_REQUEST['Print_x']) && is_array($_REQUEST['record_selector'])) { $QueryWhere = ''; foreach ($_REQUEST['record_selector'] as $id) { // get selected records if ($id != '') { $QueryWhere .= "'" . makeSafe($id) . "',"; } } if ($QueryWhere != '') { $QueryWhere = 'where `order_details`.`odID` in (' . substr($QueryWhere, 0, -1) . ')'; } else { // if no selected records, write the where clause to return an empty result $QueryWhere = 'where 1=0'; } } else { $QueryWhere = $x->QueryWhere; } $sumQuery = "select sum(`order_details`.`Quantity`) from " . $x->QueryFrom . ' ' . $QueryWhere; $res = sql($sumQuery, $eo); if ($row = db_fetch_row($res)) { $sumRow = "<tr class=\"success\">";
$groupID = $row['groupID']; } else { // no such record exists die("<div class=\"status\">Error: Record not found!</div>"); } } // get pk field name $pkField = getPKFieldName($tableName); // get field list if (!($res = sql("show fields from `{$tableName}`", $eo))) { errorMsg("Couldn't retrieve field list from '{$tableName}'"); } while ($row = db_fetch_assoc($res)) { $field[] = $row['Field']; } $res = sql("select * from `{$tableName}` where `{$pkField}`='" . makeSafe($pkValue, false) . "'", $eo); if ($row = db_fetch_assoc($res)) { ?> <h2>Table: <?php echo $tableName; ?> </h2> <table class="table table-striped"> <tr> <td class="tdHeader"><div class="ColCaption">Field name</div></td> <td class="tdHeader"><div class="ColCaption">Value</div></td> </tr> <?php include "{$currDir}/../language.php"; foreach ($field as $fn) { if (@is_file("{$currDir}/../" . $Translation['ImageFolder'] . $row[$fn])) {
include "{$currDir}/lib.php"; $adminConfig = config('adminConfig'); /* no access for guests */ $mi = getMemberInfo(); if (!$mi['username'] || $mi['group'] == $adminConfig['anonymousGroup']) { @header('Location: index.php'); exit; } /* save profile */ if ($_POST['action'] == 'saveProfile') { /* process inputs */ $email = isEmail($_POST['email']); $custom1 = makeSafe($_POST['custom1']); $custom2 = makeSafe($_POST['custom2']); $custom3 = makeSafe($_POST['custom3']); $custom4 = makeSafe($_POST['custom4']); /* validate email */ if (!$email) { echo "{$Translation['error:']} {$Translation['email invalid']}"; echo "<script>\$\$('label[for=\"email\"]')[0].pulsate({ pulses: 10, duration: 4 }); \$('email').activate();</script>"; exit; } /* update profile */ $updateDT = date($adminConfig['PHPDateTimeFormat']); sql("UPDATE `membership_users` set email='{$email}', custom1='{$custom1}', custom2='{$custom2}', custom3='{$custom3}', custom4='{$custom4}', comments=CONCAT_WS('\\n', comments, 'member updated his profile on {$updateDT} from IP address {$mi[IP]}') WHERE memberID='{$mi['username']}'", $eo); // hook: member_activity if (function_exists('member_activity')) { $args = array(); member_activity($mi, 'profile', $args); } exit;
function customers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0) { // function to return an editable form for a table records // and fill it with data of record whose ID is $selected_id. If $selected_id // is empty, an empty form is shown, with only an 'Add New' // button displayed. global $Translation; // mm: get table permissions $arrPerm = getTablePermissions('customers'); if (!$arrPerm[1] && $selected_id == '') { return ''; } $AllowInsert = $arrPerm[1] ? true : false; // print preview? $dvprint = false; if ($selected_id && $_REQUEST['dvprint_x'] != '') { $dvprint = true; } // populate filterers, starting from children to grand-parents // unique random identifier $rnd1 = $dvprint ? rand(1000000, 9999999) : ''; // combobox: Country $combo_Country = new Combo(); $combo_Country->ListType = 0; $combo_Country->MultipleSeparator = ', '; $combo_Country->ListBoxHeight = 10; $combo_Country->RadiosPerLine = 1; if (is_file(dirname(__FILE__) . '/hooks/customers.Country.csv')) { $Country_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/customers.Country.csv'))); $combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($Country_data))); $combo_Country->ListData = $combo_Country->ListItem; } else { $combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Afghanistan;;Albania;;Algeria;;American Samoa;;Andorra;;Angola;;Anguilla;;Antarctica;;Antigua, Barbuda;;Argentina;;Armenia;;Aruba;;Australia;;Austria;;Azerbaijan;;Bahamas;;Bahrain;;Bangladesh;;Barbados;;Belarus;;Belgium;;Belize;;Benin;;Bermuda;;Bhutan;;Bolivia;;Bosnia, Herzegovina;;Botswana;;Bouvet Is.;;Brazil;;Brunei Darussalam;;Bulgaria;;Burkina Faso;;Burundi;;Cambodia;;Cameroon;;Canada;;Canary Is.;;Cape Verde;;Cayman Is.;;Central African Rep.;;Chad;;Channel Islands;;Chile;;China;;Christmas Is.;;Cocos Is.;;Colombia;;Comoros;;Congo, D.R. Of;;Congo;;Cook Is.;;Costa Rica;;Croatia;;Cuba;;Cyprus;;Czech Republic;;Denmark;;Djibouti;;Dominica;;Dominican Republic;;Ecuador;;Egypt;;El Salvador;;Equatorial Guinea;;Eritrea;;Estonia;;Ethiopia;;Falkland Is.;;Faroe Is.;;Fiji;;Finland;;France;;French Guiana;;French Polynesia;;French Territories;;Gabon;;Gambia;;Georgia;;Germany;;Ghana;;Gibraltar;;Greece;;Greenland;;Grenada;;Guadeloupe;;Guam;;Guatemala;;Guernsey;;Guinea-bissau;;Guinea;;Guyana;;Haiti;;Heard, Mcdonald Is.;;Honduras;;Hong Kong;;Hungary;;Iceland;;India;;Indonesia;;Iran;;Iraq;;Ireland;;Israel;;Italy;;Ivory Coast;;Jamaica;;Japan;;Jersey;;Jordan;;Kazakhstan;;Kenya;;Kiribati;;Korea, D.P.R Of;;Korea, Rep. Of;;Kuwait;;Kyrgyzstan;;Lao Peoples D.R.;;Latvia;;Lebanon;;Lesotho;;Liberia;;Libyan Arab Jamahiriya;;Liechtenstein;;Lithuania;;Luxembourg;;Macao;;Macedonia, F.Y.R Of;;Madagascar;;Malawi;;Malaysia;;Maldives;;Mali;;Malta;;Mariana Islands;;Marshall Islands;;Martinique;;Mauritania;;Mauritius;;Mayotte;;Mexico;;Micronesia;;Moldova;;Monaco;;Mongolia;;Montserrat;;Morocco;;Mozambique;;Myanmar;;Namibia;;Nauru;;Nepal;;Netherlands Antilles;;Netherlands;;New Caledonia;;New Zealand;;Nicaragua;;Niger;;Nigeria;;Niue;;Norfolk Island;;Norway;;Oman;;Pakistan;;Palau;;Palestinian Terr.;;Panama;;Papua New Guinea;;Paraguay;;Peru;;Philippines;;Pitcairn;;Poland;;Portugal;;Puerto Rico;;Qatar;;Reunion;;Romania;;Russian Federation;;Rwanda;;Samoa;;San Marino;;Sao Tome, Principe;;Saudi Arabia;;Senegal;;Seychelles;;Sierra Leone;;Singapore;;Slovakia;;Slovenia;;Solomon Is.;;Somalia;;South Africa;;South Georgia;;South Sandwich Is.;;Spain;;Sri Lanka;;St. Helena;;St. Kitts, Nevis;;St. Lucia;;St. Pierre, Miquelon;;St. Vincent, Grenadines;;Sudan;;Suriname;;Svalbard, Jan Mayen;;Swaziland;;Sweden;;Switzerland;;Syrian Arab Republic;;Taiwan;;Tajikistan;;Tanzania;;Thailand;;Timor-leste;;Togo;;Tokelau;;Tonga;;Trinidad, Tobago;;Tunisia;;Turkey;;Turkmenistan;;Turks, Caicoss;;Tuvalu;;Uganda;;Ukraine;;United Arab Emirates;;United Kingdom;;United States;;Uruguay;;Uzbekistan;;Vanuatu;;Vatican City;;Venezuela;;Viet Nam;;Virgin Is. British;;Virgin Is. U.S.;;Wallis, Futuna;;Western Sahara;;Yemen;;Yugoslavia;;Zambia;;Zimbabwe"))); $combo_Country->ListData = $combo_Country->ListItem; } $combo_Country->SelectName = 'Country'; if ($selected_id) { // mm: check member permissions if (!$arrPerm[2]) { return ""; } // mm: who is the owner? $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'"); $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'"); if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) { return ""; } if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) { return ""; } // can edit? if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) { $AllowUpdate = 1; } else { $AllowUpdate = 0; } $res = sql("select * from `customers` where `CustomerID`='" . makeSafe($selected_id) . "'", $eo); if (!($row = db_fetch_array($res))) { return error_message($Translation['No records found']); } $urow = $row; /* unsanitized data */ $hc = new CI_Input(); $row = $hc->xss_clean($row); /* sanitize data */ $combo_Country->SelectedData = $row['Country']; } else { $combo_Country->SelectedText = $_REQUEST['FilterField'][1] == '9' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : ""; } $combo_Country->Render(); // code for template based detail view forms // open the detail view template if ($dvprint) { $templateCode = @file_get_contents('./templates/customers_templateDVP.html'); } else { $templateCode = @file_get_contents('./templates/customers_templateDV.html'); } // process form title $templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode); $templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode); $templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode); // process buttons if ($arrPerm[1] && !$selected_id) { // allow insert and no record selected? if (!$selected_id) { $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode); } $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode); } // 'Back' button action if ($_REQUEST['Embedded']) { $backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;'; } else { $backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;'; } if ($selected_id) { if (!$_REQUEST['Embedded']) { $templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode); } if ($AllowUpdate) { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode); } if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) { // allow delete? $templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode); } $templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode); } else { $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode); $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode); $templateCode = str_replace('<%%DESELECT_BUTTON%%>', $ShowCancel ? '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>' : '', $templateCode); } // set records to read only if user can't insert new records and can't edit current record if ($selected_id && !$AllowUpdate || !$selected_id && !$AllowInsert) { $jsReadOnly .= "\tjQuery('#CustomerID').replaceWith('<div class=\"form-control-static\" id=\"CustomerID\">' + (jQuery('#CustomerID').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#CompanyName').replaceWith('<div class=\"form-control-static\" id=\"CompanyName\">' + (jQuery('#CompanyName').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#ContactName').replaceWith('<div class=\"form-control-static\" id=\"ContactName\">' + (jQuery('#ContactName').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#ContactTitle').replaceWith('<div class=\"form-control-static\" id=\"ContactTitle\">' + (jQuery('#ContactTitle').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#Address').replaceWith('<div class=\"form-control-static\" id=\"Address\">' + (jQuery('#Address').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#City').replaceWith('<div class=\"form-control-static\" id=\"City\">' + (jQuery('#City').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#Region').replaceWith('<div class=\"form-control-static\" id=\"Region\">' + (jQuery('#Region').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#PostalCode').replaceWith('<div class=\"form-control-static\" id=\"PostalCode\">' + (jQuery('#PostalCode').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#Country').replaceWith('<div class=\"form-control-static\" id=\"Country\">' + (jQuery('#Country').val() || '') + '</div>'); jQuery('#Country-multi-selection-help').hide();\n"; $jsReadOnly .= "\tjQuery('#Phone').replaceWith('<div class=\"form-control-static\" id=\"Phone\">' + (jQuery('#Phone').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('#Fax').replaceWith('<div class=\"form-control-static\" id=\"Fax\">' + (jQuery('#Fax').val() || '') + '</div>');\n"; $jsReadOnly .= "\tjQuery('.select2-container').hide();\n"; $noUploads = true; } elseif ($AllowInsert && !$selected_id || $AllowUpdate && $selected_id) { $jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);"; // temporarily disable form change handler $jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);"; // re-enable form change handler } // process combos $templateCode = str_replace('<%%COMBO(Country)%%>', $combo_Country->HTML, $templateCode); $templateCode = str_replace('<%%COMBOTEXT(Country)%%>', $combo_Country->SelectedData, $templateCode); /* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */ $lookup_fields = array(); foreach ($lookup_fields as $luf => $ptfc) { $pt_perm = getTablePermissions($ptfc[0]); // process foreign key links if ($pt_perm['view'] || $pt_perm['edit']) { $templateCode = str_replace("<%%PLINK({$luf})%%>", '<button type="button" class="btn btn-default view_parent hspacer-lg" id="' . $ptfc[0] . '_view_parent" title="' . htmlspecialchars($Translation['View'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-eye-open"></i></button>', $templateCode); } // if user has insert permission to parent table of a lookup field, put an add new button if ($pt_perm['insert'] && !$_REQUEST['Embedded']) { $templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent" id="' . $ptfc[0] . '_add_new" title="' . htmlspecialchars($Translation['Add New'] . ' ' . $ptfc[1], ENT_QUOTES, 'iso-8859-1') . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode); } } // process images $templateCode = str_replace('<%%UPLOADFILE(CustomerID)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(CompanyName)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(ContactName)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(ContactTitle)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Address)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(City)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Region)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(PostalCode)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Country)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Phone)%%>', '', $templateCode); $templateCode = str_replace('<%%UPLOADFILE(Fax)%%>', '', $templateCode); // process values if ($selected_id) { $templateCode = str_replace('<%%VALUE(CustomerID)%%>', htmlspecialchars($row['CustomerID'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode($urow['CustomerID']), $templateCode); $templateCode = str_replace('<%%VALUE(CompanyName)%%>', htmlspecialchars($row['CompanyName'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode($urow['CompanyName']), $templateCode); $templateCode = str_replace('<%%VALUE(ContactName)%%>', htmlspecialchars($row['ContactName'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode($urow['ContactName']), $templateCode); $templateCode = str_replace('<%%VALUE(ContactTitle)%%>', htmlspecialchars($row['ContactTitle'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode($urow['ContactTitle']), $templateCode); if ($dvprint) { $templateCode = str_replace('<%%VALUE(Address)%%>', nl2br(htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1')), $templateCode); } else { $templateCode = str_replace('<%%VALUE(Address)%%>', htmlspecialchars($row['Address'], ENT_QUOTES, 'iso-8859-1'), $templateCode); } $templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode($urow['Address']), $templateCode); $templateCode = str_replace('<%%VALUE(City)%%>', htmlspecialchars($row['City'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode($urow['City']), $templateCode); $templateCode = str_replace('<%%VALUE(Region)%%>', htmlspecialchars($row['Region'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode($urow['Region']), $templateCode); $templateCode = str_replace('<%%VALUE(PostalCode)%%>', htmlspecialchars($row['PostalCode'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode($urow['PostalCode']), $templateCode); $templateCode = str_replace('<%%VALUE(Country)%%>', htmlspecialchars($row['Country'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode($urow['Country']), $templateCode); $templateCode = str_replace('<%%VALUE(Phone)%%>', htmlspecialchars($row['Phone'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode($urow['Phone']), $templateCode); $templateCode = str_replace('<%%VALUE(Fax)%%>', htmlspecialchars($row['Fax'], ENT_QUOTES, 'iso-8859-1'), $templateCode); $templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode($urow['Fax']), $templateCode); } else { $templateCode = str_replace('<%%VALUE(CustomerID)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(CustomerID)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(CompanyName)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(CompanyName)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(ContactName)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(ContactName)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(ContactTitle)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(ContactTitle)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(Address)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(Address)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(City)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(City)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(Region)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(Region)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(PostalCode)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(PostalCode)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(Country)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(Country)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(Phone)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(Phone)%%>', urlencode(''), $templateCode); $templateCode = str_replace('<%%VALUE(Fax)%%>', '', $templateCode); $templateCode = str_replace('<%%URLVALUE(Fax)%%>', urlencode(''), $templateCode); } // process translations foreach ($Translation as $symbol => $trans) { $templateCode = str_replace("<%%TRANSLATION({$symbol})%%>", $trans, $templateCode); } // clear scrap $templateCode = str_replace('<%%', '<!-- ', $templateCode); $templateCode = str_replace('%%>', ' -->', $templateCode); // hide links to inaccessible tables if ($_POST['dvprint_x'] == '') { $templateCode .= "\n\n<script>\$j(function(){\n"; $arrTables = getTableList(); foreach ($arrTables as $name => $caption) { $templateCode .= "\t\$j('#{$name}_link').removeClass('hidden');\n"; $templateCode .= "\t\$j('#xs_{$name}_link').removeClass('hidden');\n"; } $templateCode .= $jsReadOnly; $templateCode .= $jsEditable; if (!$selected_id) { } $templateCode .= "\n});</script>\n"; } // ajaxed auto-fill fields $templateCode .= '<script>'; $templateCode .= '$j(function() {'; $templateCode .= "});"; $templateCode .= "</script>"; $templateCode .= $lookups; // handle enforced parent values for read-only lookup fields // don't include blank images in lightbox gallery $templateCode = preg_replace('/blank.gif" rel="lightbox\\[.*?\\]"/', 'blank.gif"', $templateCode); // don't display empty email links $templateCode = preg_replace('/<a .*?href="mailto:".*?<\\/a>/', '', $templateCode); // hook: customers_dv if (function_exists('customers_dv')) { $args = array(); customers_dv($selected_id ? $selected_id : FALSE, getMemberInfo(), $templateCode, $args); } return $templateCode; }
?> <div class="alert alert-danger"> <?php echo $Translation['password reset invalid']; ?> </div> <?php } include_once "{$currDir}/footer.php"; exit; } #_______________________________________________________________________________ # Step 2: Send email to member containing the reset link #_______________________________________________________________________________ if ($_POST['reset']) { $username = makeSafe(strtolower(trim($_POST['username']))); $email = isEmail(trim($_POST['email'])); if (!$username && !$email || $username == $adminConfig['adminUsername']) { redirect("membership_passwordReset.php?emptyData=1"); exit; } ?> <div class="page-header"><h1><?php echo $Translation['password reset']; ?> </h1></div><?php $where = ''; if ($username) { $where = "lcase(memberID)='{$username}'"; } elseif ($email) { $where = "email='{$email}'";