function dashboard_incoming_display($dashletid)
{
global $sit, $CONFIG, $iconset;
global $dbUpdates, $dbTempIncoming;
// extract updates (query copied from review_incoming_email.php)
$sql = "SELECT u.id AS id, u.bodytext AS bodytext, ti.emailfrom AS emailfrom, ti.subject AS subject, ";
$sql .= "u.timestamp AS timestamp, ti.incidentid AS incidentid, ti.id AS tempid, ti.locked AS locked, ";
$sql .= "ti.reason AS reason, ti.contactid AS contactid, ti.`from` AS fromaddr ";
$sql .= "FROM `{$dbUpdates}` AS u, `{$dbTempIncoming}` AS ti ";
$sql .= "WHERE u.incidentid = 0 AND ti.updateid = u.id ";
$sql .= "ORDER BY timestamp ASC, id ASC";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (user_permission($sit[2], 42)) {
//echo "<div class='window'>";
if (mysql_num_rows($result) >= 1) {
echo "<table align='center' width='100%'>";
echo "<tr>";
# echo colheader('from', $GLOBALS['strFrom']);
echo colheader('subject', $GLOBALS['strSubject']);
echo colheader('message', $GLOBALS['strMessage']);
echo "</tr>\n";
$shade = 'shade1';
while ($incoming = mysql_fetch_object($result)) {
$date = mysql2date($incoming->date);
echo "<tr class='{$shade}'>";
# echo "<td><a href='holding_queue.php' class='info'>".truncate_string($incoming->emailfrom, 15);
# echo "</a></td>";
echo "<td><a href='holding_queue.php' class='info'>" . truncate_string($incoming->subject, 25);
echo "</a></td>";
echo "<td><a href='holding_queue.php' class='info'>" . truncate_string($incoming->reason, 25);
echo "</a></td>";
echo "</tr>\n";
if ($shade == 'shade1') {
$shade = 'shade2';
} else {
$shade = 'shade1';
}
}
echo "</table>\n";
} else {
echo "<p align='center'>{$GLOBALS['strNoRecords']}</p>";
}
} else {
echo "<p class='error'>{$GLOBALS['strPermissionDenied']}</p>";
}
}
echo "<tr><th>{$strOwner}</th><td>";
echo contact_site_drop_down('owner', '');
echo "</td></tr>";
echo "<tr><th>{$strID} " . help_link('InventoryID') . "</th>";
echo "<td><input name='identifier' value='{$row->identifier}' /></td></tr>";
echo "<tr><th>{$strAddress}</th>";
echo "<td><input name='address' value='{$row->address}' /></td></tr>";
if (!is_numeric($id) or ($row->privacy == 'adminonly' and user_permission($sit[2], 22) or $row->privacy == 'private' and $row->createdby == $sit[2] or $row->privacy == 'none')) {
echo "<tr><th>{$strUsername}</th>";
echo "<td><input name='username' value='{$row->username}' /></td></tr>";
echo "<tr><th>{$strPassword}</th>";
echo "<td><input name='password' value='{$row->password}' /></td></tr>";
}
echo "<tr><th>{$strNotes}</th>";
echo "<td><textarea name='notes'>{$row->notes}</textarea></td></tr>";
if ($row->privacy == 'adminonly' and user_permission($sit[2], 22) or $row->privacy == 'private' and $row->createdby == $sit[2] or $row->privacy == 'none') {
echo "<tr><th>{$strPrivacy} " . help_link('InventoryPrivacy') . "</th>";
echo "<td><input type='radio' name='privacy' value='private' ";
if ($row->privacy == 'private') {
echo " checked='checked' ";
$selected = TRUE;
}
echo "/>{$strPrivate}<br />";
echo "<input type='radio' name='privacy' value='adminonly'";
if ($row->privacy == 'adminonly') {
echo " checked='checked' ";
$selected = TRUE;
}
echo "/>";
echo "{$strAdminOnly}<br />";
echo "<input type='radio' name='privacy' value='none'";
// holidays.php -
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// This Page Is Valid XHTML 1.0 Transitional! 13Sep06
$permission = 4;
// Edit your profile
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$approver = user_permission($sit[2], 50);
// Approve holidays
if (!empty($_REQUEST['user'])) {
$user = cleanvar($_REQUEST['user']);
} else {
$user = $sit[2];
}
if ($user == $sit[2]) {
$title = sprintf($strUsersHolidays, $_SESSION['realname']);
} else {
$title = sprintf($strUsersHolidays, user_realname($user));
}
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<h2>" . icon('holiday', 32) . " ";
echo "{$title}</h2>";
echo "<p align='center'>";
}
if (empty($length)) {
$length = 'day';
}
$title = $strCalendar;
$pagecss = array('calendar/planner.css.php');
include APPLICATION_INCPATH . 'htmlheader.inc.php';
if (empty($user) || $user == 'current') {
$user = $sit[2];
} elseif ($user == 'all') {
$user = '';
}
if (empty($type)) {
$type = HOL_HOLIDAY;
}
if (user_permission($sit[2], 50)) {
$approver = TRUE;
} else {
$approver = FALSE;
}
// Force user to 0 (SiT) when setting public holidays
if ($type == HOL_PUBLIC) {
$user = 0;
}
$gidurl = '';
if (!empty($groupid)) {
$gidurl = "&gid={$groupid}";
}
// Defaults
if (empty($_REQUEST['year'])) {
$year = date('Y');
// reassign_incident.php - Form for re-assigning an incident to another user
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
$permission = 13;
// Reassign Incident
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$forcepermission = user_permission($sit[2], 40);
// External variables
$bodytext = cleanvar($_REQUEST['bodytext']);
$id = cleanvar($_REQUEST['id']);
$incidentid = $id;
$backupid = cleanvar($_REQUEST['backupid']);
$originalid = cleanvar($_REQUEST['originalid']);
$reason = cleanvar($_REQUEST['reason']);
$action = cleanvar($_REQUEST['action']);
$title = $strReassignIncident;
switch ($action) {
case 'save':
// External variables
$tempnewowner = cleanvar($_REQUEST['tempnewowner']);
$permnewowner = cleanvar($_REQUEST['permnewowner']);
$removetempowner = cleanvar($_REQUEST['removetempowner']);
}
$user->roleid = cleanvar($_POST['roleid']);
$user->holiday_entitlement = cleanvar($_POST['holiday_entitlement']);
if (!empty($_POST['startdate'])) {
$user->startdate = date('Y-m-d', strtotime($_POST['startdate']));
} else {
$user->startdate = date('Y-m-d', 0);
}
$password = cleanvar($_POST['oldpassword']);
$newpassword1 = cleanvar($_POST['newpassword1']);
$newpassword2 = cleanvar($_POST['newpassword2']);
if (empty($user->emoticons)) {
$user->emoticons = 'false';
}
// Some extra checking here so that users can't edit other peoples profiles
$edituserpermission = user_permission($sit[2], 23);
// edit user
if ($edituserid != $sit[2] and $edituserpermission == FALSE) {
trigger_error('Error: No permission to edit this users profile', E_USER_ERROR);
exit;
}
// If users status is set to 0 (disabled) force 'accepting' to no
if ($user->status == 0) {
$user->accepting = 'No';
}
// Update user profile
$errors = 0;
// check for change of password
if ($password != '' && $newpassword1 != '' && $newpassword2 != '') {
// verify password fields
$passwordMD5 = md5($password);
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// This Page Is Valid XHTML 1.0 Transitional! 13Sep06
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
$permission = 27;
// view your calendar
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$title = $strBookHoliday;
// External variables
$step = $_REQUEST['step'];
$date = cleanvar($_REQUEST['date']);
if (!empty($_REQUEST['user']) and user_permission($sit[2], 68)) {
$user = cleanvar($_REQUEST['user']);
// Manage holidays
} else {
$user = $sit[2];
}
if (empty($step)) {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
if ($user == $sit[2]) {
echo "<h2>" . icon('holiday', 32) . " {$strBookHoliday}</h2>";
} else {
echo "<h2>" . icon('holiday', 32) . " {$strBookHoliday}: " . user_realname($user) . "</h2>";
}
echo "<form name='date' action='{$_SERVER['PHP_SELF']}' method='post'>\n";
echo "<table class='vertical'>";
echo "<tr><th>{$strHolidayType}:</th><td>" . holidaytype_drop_down('type', 1) . "</td></tr>";
echo "<th align='center'>" . priority_icon(2) . "</th>";
echo "<th align='center'>" . priority_icon(1) . "</th>";
echo "<th></th>";
echo "</tr>";
$shade = 'shade2';
while ($userrow = mysql_fetch_array($result)) {
if ($userrow['id'] == $suggested_user) {
$shade = 'idle';
}
echo "<tr class='{$shade}'>";
// display reassign link only if person is accepting or if the current user has 'reassign when not accepting' permission
if ($userrow['accepting'] == 'Yes') {
echo "<td align='right'><a href=\"{$_SERVER['PHP_SELF']}?action=reassign&userid=" . $userrow['id'] . "&incidentid={$incidentid}&nextaction=" . urlencode($nextaction) . "&win={$win}\" ";
// if ($priority >= 3) echo " onclick=\"alertform.submit();\"";
echo ">{$strAssignTo}</a></td>";
} elseif (user_permission($sit[2], 40) or $userrow['id'] == $sit[2]) {
echo "<td align='right'><a href=\"{$_SERVER['PHP_SELF']}?action=reassign&userid=" . $userrow['id'] . "&incidentid={$incidentid}&nextaction=" . urlencode($nextaction) . "&win={$win}\" ";
// if ($priority >= 3) echo " onclick=\"alertform.submit();\"";
echo ">{$strForceTo}</a></td>";
} else {
echo "<td class='expired'> </td>";
}
echo "<td>";
// Have a look if this user has skills with this software
$ssql = "SELECT softwareid FROM `{$dbUserSoftware}` ";
$ssql .= "WHERE userid='{$userrow['id']}' AND softwareid='{$software}' ";
$sresult = mysql_query($ssql);
if (mysql_num_rows($sresult) >= 1) {
echo "<strong>{$userrow['realname']}</strong>";
} else {
echo $userrow['realname'];
/**
* Lists a set of incidents
* @author Paul Heaney
* @param string $sessionid - the sessionid
* @param int $owner - List incidents of this owner (0 for all)
* @param int $status - 0 for ALL, 1 for all Active, 2 for all open
* @return Array - array of incidents[] Status
*/
function list_incidents($sessionid, $owner = 0, $status = 1)
{
global $sit;
$status = new SoapStatus();
$incidents = array();
if (!empty($sessionid) and validate_session($sessionid)) {
if (user_permission($sit[2], 6)) {
/*
* SELECT i.*, uTOwner.realname AS townerName FROM `users` AS uo, `incidents` AS i LEFT JOIN `users` AS uTOwner ON uTOwner.id = i.towner WHERE i.owner = uo.id
*/
$sql = "SELECT i.*, uOwner.realname AS ownerName, uTOwner.realname AS townerName, p.name AS priorityName, ";
$sql .= "s.name AS skill, ist.name AS statusNameInternal, ist.ext_name AS statusNameExternal ";
$sql .= "FROM `{$GLOBALS['dbIncidentStatus']}` AS ist, `{$GLOBALS['dbUsers']}` AS uOwner, `{$GLOBALS['dbPriority']}` AS p, ";
$sql .= "`{$GLOBALS['dbIncidents']}` AS i LEFT JOIN `{$GLOBALS['dbUsers']}` AS uTOwner ON uTOwner.id = i.towner ";
$sql .= "LEFT JOIN `{$GLOBALS['dbSoftware']}` AS s ON s.id = i.softwareid ";
$sql .= " WHERE i.owner = uOwner.id AND i.priority = p.id AND i.status = ist.id ";
if ($owner > 0) {
$sql .= "AND (i.owner = {$owner} OR i.towner = {$owner}) ";
}
switch ($status) {
case 1:
$sql .= "AND i.status = " . STATUS_ACTIVE . " ";
break;
case 2:
$sql .= "AND (i.status != " . STATUS_CLOSED . " AND i.status != " . STATUS_UNASSIGNED . ") ";
break;
}
debug_log("SQL: {$sql}");
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($result) > 0) {
while ($obj = mysql_fetch_object($result)) {
$incident = new Incident();
$incident->incidentid = $obj->id;
$incident->title = $obj->title;
$incident->owner = $obj->ownerName;
$incident->ownerid = $obj->owner;
$incident->towner = $obj->townerName;
$incident->townerid = $obj->towner;
$incident->priority = $obj->priorityName;
$incident->priorityid = $obj->priority;
$incident->currentstatusid = $obj->status;
$incident->currentstatusinternal = $GLOBALS[$obj->statusNameInternal];
$incident->currentstatusexternal = $GLOBALS[$obj->statusNameExternal];
$incident->skill = $obj->skill;
$incident->skillid = $obj->softwareid;
$incident->maintenanceid = $obj->maintenanceid;
$incident->servicelevel = $obj->servicelevel;
$incidents[] = $incident;
}
}
} else {
$status->set_error('no_access');
}
} else {
$status->set_error('session_not_valid');
}
return array('incidents' => $incidents, 'status' => $status->getSOAPArray());
}
echo str_replace('\\r\\n', "<br />", nl2br($updatebody));
} else {
/*
* @modifier: Rick Bonkestoter
* @desc: some webmail systems use the wrong encodeing (\r\n) instead of (\n\r)
*/
echo str_replace('\\r\\n', "<br />", nl2br($updatebody));
}
if (!empty($update->nextaction) or $update->duration != 0) {
echo "<div class='detailhead'>";
if ($update->duration != 0) {
$inminutes = ceil($update->duration);
// Always round up
echo "{$strDuration}: {$inminutes} {$strMinutes}";
// Permision to adjust durations is 81
if ($CONFIG['allow_duration_adjustment'] and user_permission($sit[2], 81) and !$billable_incident_approved) {
echo " <a href='billing_edit_activity_duration.php?mode=showform&incidentid={$incidentid}&updateid={$update->id}'>{$strEdit}</a>";
}
echo "<br />";
}
if (!empty($update->nextaction)) {
echo "{$strNextAction}: {$update->nextaction}";
}
echo "</div>";
}
echo "</div>";
}
$count++;
}
if ($_SESSION['num_update_view'] > 0) {
echo log_nav_bar();
/**
* Outputs a contact's contract associate, if the viewing user is allowed
* @author Kieran Hogg
* @param int $userid ID of the contact
* @return string output html
* @todo TODO should this be renamed, it has nothing to do with users
*/
function user_contracts_table($userid, $mode = 'internal')
{
global $now, $CONFIG, $sit;
if (!empty($sit[2]) and user_permission($sit[2], 30) or $_SESSION['usertype'] == 'admin') {
$html .= "<h4>" . icon('contract', 16) . " {$GLOBALS['strContracts']}:</h4>";
// Contracts we're explicit supported contact for
$sql = "SELECT sc.maintenanceid AS maintenanceid, m.product, p.name AS productname, ";
$sql .= "m.expirydate, m.term ";
$sql .= "FROM `{$GLOBALS['dbContacts']}` AS c, ";
$sql .= "`{$GLOBALS['dbSupportContacts']}` AS sc, ";
$sql .= "`{$GLOBALS['dbMaintenance']}` AS m, ";
$sql .= "`{$GLOBALS['dbProducts']}` AS p ";
$sql .= "WHERE c.id = '{$userid}' ";
$sql .= "AND (sc.maintenanceid=m.id AND sc.contactid='{$userid}') ";
$sql .= "AND m.product=p.id ";
// Contracts we're an 'all supported' on
$sql .= "UNION ";
$sql .= "SELECT m.id AS maintenanceid, m.product, p.name AS productname, ";
$sql .= "m.expirydate, m.term ";
$sql .= "FROM `{$GLOBALS['dbContacts']}` AS c, ";
$sql .= "`{$GLOBALS['dbMaintenance']}` AS m, ";
$sql .= "`{$GLOBALS['dbProducts']}` AS p ";
$sql .= "WHERE c.id = '{$userid}' AND c.siteid = m.site ";
$sql .= "AND m.allcontactssupported = 'yes' ";
$sql .= "AND m.product=p.id ";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($result) > 0) {
$html .= "<table align='center' class='vertical'>";
$html .= "<tr>";
$html .= "<th>{$GLOBALS['strID']}</th><th>{$GLOBALS['strProduct']}</th><th>{$GLOBALS['strExpiryDate']}</th>";
$html .= "</tr>\n";
$supportcount = 1;
$shade = 'shade2';
while ($supportedrow = mysql_fetch_array($result)) {
if ($supportedrow['term'] == 'yes') {
$shade = 'expired';
}
if ($supportedrow['expirydate'] < $now and $supportedrow['expirydate'] != -1) {
$shade = 'expired';
}
$html .= "<tr><td class='{$shade}'>";
$html .= '' . icon('contract', 16) . " ";
if ($mode == 'internal') {
$html .= "<a href='contract_details.php?id=";
} else {
$html .= "<a href='contracts.php?id=";
}
$html .= "{$supportedrow['maintenanceid']}'>";
$html .= "{$GLOBALS['strContract']}: ";
$html .= "{$supportedrow['maintenanceid']}</a></td>";
$html .= "<td class='{$shade}'>{$supportedrow['productname']}</td>";
$html .= "<td class='{$shade}'>";
if ($supportedrow['expirydate'] == -1) {
$html .= $GLOBALS['strUnlimited'];
} else {
$html .= ldate($CONFIG['dateformat_date'], $supportedrow['expirydate']);
}
if ($supportedrow['term'] == 'yes') {
$html .= " {$GLOBALS['strTerminated']}";
}
$html .= "</td>";
$html .= "</tr>\n";
$supportcount++;
$shade = 'shade2';
}
$html .= "</table>\n";
} else {
$html .= "<p align='center'>{$GLOBALS['strNone']}</p>\n";
}
if ($mode == 'internal') {
$html .= "<p align='center'>";
$html .= "<a href='contract_add_contact.php?contactid={$userid}&context=contact'>";
$html .= "{$GLOBALS['strAssociateContactWithContract']}</a></p>\n";
}
}
return $html;
}
}
$page = urlencode($page);
header("Location: {$CONFIG['application_webpath']}index.php?id=2&page={$page}");
exit;
} else {
// Attempt to prevent session fixation attacks
session_regenerate();
setcookie(session_name(), session_id(), ini_get("session.cookie_lifetime"), "/");
// Conversions for when register_globals=off
// We've migrated away from using cookies and now use sessions
$sit[0] = $_SESSION['username'];
$sit[2] = $_SESSION['userid'];
// Load session language if it is set and different to the default language
if (!empty($_SESSION['lang']) and $_SESSION['lang'] != $CONFIG['default_i18n']) {
include APPLICATION_I18NPATH . "{$_SESSION['lang']}.inc.php";
} elseif (empty($_SESSION['lang'])) {
$_SESSION['lang'] = $CONFIG['default_i18n'];
}
include APPLICATION_LIBPATH . 'strings.inc.php';
}
if (!is_array($permission)) {
$permission = array($permission);
}
// Valid user, check permissions
if (user_permission($userid, $permission) == FALSE) {
//No access permission
$refused = implode(',', $permission);
header("Location: {$CONFIG['application_webpath']}noaccess.php?id={$refused}");
exit;
}
require_once APPLICATION_LIBPATH . 'triggers.inc.php';
$reseller = "NULL";
} else {
$reseller = "'{$reseller}'";
}
if (empty($licence_type) or $licence_type == 0) {
$licence_type = "NULL";
} else {
$licence_type = "'{$licence_type}'";
}
// NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0
$sql = "UPDATE `{$dbMaintenance}` SET reseller={$reseller}, expirydate='{$expirydate}', licence_quantity='{$licence_quantity}', ";
$sql .= "licence_type={$licence_type}, notes='{$notes}', admincontact={$admincontact}, term='{$terminated}', servicelevelid='{$servicelevelid}', ";
$sql .= "incident_quantity='{$incident_quantity}', ";
$sql .= "incidentpoolid='{$incidentpoolid}', productonly='{$productonly}', ";
$sql .= "supportedcontacts='{$amount}', allcontactssupported='{$allcontacts}'";
if (!empty($product) and user_permission($sit[2], 22)) {
$sql .= ", product='{$product}'";
}
$sql .= " WHERE id='{$maintid}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// show error message if addition failed
if (!$result) {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo user_alert("Update failed", E_USER_WARNING);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
journal(CFG_LOGGING_NORMAL, 'Contract Edited', "contract {$maintid} modified", CFG_JOURNAL_MAINTENANCE, $maintid);
html_redirect("contract_details.php?id={$maintid}");
mysql_query($lastseensql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
}
if ($sit[0] != '') {
// Check this is current
$sql = "SELECT version FROM `{$dbSystem}` WHERE id = 0";
$versionresult = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
list($dbversion) = mysql_fetch_row($versionresult);
if ($dbversion < $application_version) {
echo "<p class='error'><strong>IMPORTANT</strong> The SiT database schema needs to be updated";
if (user_permission($sit[2], 22)) {
echo " from v{$dbversion} to v{$application_version}</p>";
echo "<p class='tip'>Visit <a href='setup.php'>Setup</a> to update the schema";
}
echo "</p>";
}
// Check users email address
if (empty($_SESSION['email'])) {
echo user_alert("{$strInvalidEmailAddress} - <a href='user_profile_edit.php'>{$strEditEmail}</a>", E_USER_ERROR);
}
//display (trigger) notices
$noticesql = "SELECT * FROM `{$GLOBALS['dbNotices']}` ";
// Don't show more than 20 notices, saftey cap
$noticesql .= "WHERE userid={$sit[2]} ORDER BY timestamp DESC LIMIT 20";
$noticeresult = mysql_query($noticesql);
if (mysql_error()) {
$title = $strSystemActions;
} else {
$title = $strNotifications;
}
switch ($_REQUEST['mode']) {
case 'delete':
$id = cleanvar($_GET['id']);
if (!is_numeric($id)) {
html_redirect($_SERVER['PHP_SELF'], FALSE);
}
$triggerowner = db_read_column('userid', $dbTriggers, $id);
if ($triggerowner == 0 and !user_permission($sit[2], 72)) {
html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE, $strPermissionDenied);
} elseif ($triggerowner != 0 and $triggerowner != $sit[2] and !user_permission($sit[2], 72)) {
html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE, $strPermissionDenied);
} elseif ($triggerowner == $sit[2] and !user_permission($sit[2], 71)) {
html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE, $strPermissionDenied);
} else {
$sql = "DELETE FROM `{$dbTriggers}` WHERE id = {$id} LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
if (mysql_affected_rows() >= 1) {
html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}");
} else {
html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE);
}
}
break;
case 'add':
break;
case 'edit':
if (user_permission($sit[2], 79) == FALSE) {
header("Location: {$CONFIG['application_webpath']}noaccess.php?id=79");
exit;
} else {
$status = update_contract_balance($contractid, $reason, $amount, $sourceservice);
if ($status) {
html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", TRUE, $strSuccessfullyUpdated);
} else {
html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", FALSE, $strUpdateFailed);
}
}
break;
case 'transfer':
if (user_permission($sit[2], 79) == FALSE) {
header("Location: {$CONFIG['application_webpath']}noaccess.php?id=79");
exit;
} else {
$status = update_contract_balance($contractid, $reason, $amount * -1, $sourceservice);
if ($status) {
$status = update_contract_balance($contractid, $reason, $amount, $destinationservice);
if ($status) {
html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", TRUE);
} else {
html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", FALSE);
}
exit;
}
html_redirect('main.php', FALSE, $strFailed);
exit;
echo "<th>{$strOwner}</th><th>{$strActions}</th></tr>";
$shade = 'shade1';
while ($row = mysql_fetch_object($result)) {
echo "<tr class='{$shade}'><td>" . icon('inventory', 16);
echo " {$row->name}, {$CONFIG['inventory_types'][$row->type]}";
if ($row->active != 1) {
echo " (inactive)";
}
echo "</td><td align='center'>";
if ($row->privacy == 'private') {
echo icon('private', 16);
} elseif ($row->privacy == 'adminonly') {
echo icon('review', 16, $strAdmin);
}
echo "</td><td>" . user_realname($row->createdby) . "</td><td>";
if ($row->privacy == 'private' and $sit[2] != $row->createdby or $row->privacy == 'adminonly' and !user_permission($sit[2], 22)) {
echo "{$strView}</a> ";
echo "{$strEdit}</td></tr>";
} else {
echo "<a href='inventory_view.php?id={$row->id}'>{$strView}</a> ";
echo "<a href='inventory_edit.php?id={$row->id}'>{$strEdit}</td></tr>";
}
if ($shade == 'shade1') {
$shade = 'shade2';
} else {
$shade = 'shade1';
}
}
echo "</table>";
echo "<p align='center'>" . icon('add', 16);
echo " <a href='inventory_add.php?site={$siteid}'>";
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Tom Gerrard <tom.gerrard[at]salfordsoftware.co.uk>
$permission = 27;
// View your calendar
require '../core.php';
$headerdisplayed = 1;
require APPLICATION_LIBPATH . 'functions.inc.php';
require APPLICATION_LIBPATH . 'auth.inc.php';
header('Content-Type: text/javascript');
foreach (array('user') as $var) {
eval("\${$var}=cleanvar(\$_REQUEST['{$var}']);");
}
if ($user == '' || $user != $_SESSION['userid'] && !user_permission($_SESSION['userid'], 50)) {
$user = $_SESSION['userid'];
}
echo "var user = '******';\n\n";
?>
/************************************************************************************************************
Some of this Javascript is Based on
DHTML Week Planner
Copyright (C) 2007 DTHMLGoodies.com, Alf Magne Kalleland
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
echo "</td>";
echo "<td>" . nl2br(substr($contactrow['notes'], 0, 500)) . "</td>";
echo "</tr>";
if ($shade == 'shade1') {
$shade = 'shade2';
} else {
$shade = 'shade1';
}
}
echo "</table>\n";
} else {
echo "<p align='center'>{$strNoContactsForSite}</p>";
}
echo "<p align='center'><a href='contact_add.php?siteid={$id}'>{$strAddContact}</a></p>";
// Valid user, check perms
if (user_permission($sit[2], 19)) {
echo "<h3>{$strContracts}<a id='contracts'></a></h3>";
// Display contracts
$sql = "SELECT m.id AS maintid, m.term AS term, p.name AS product, r.name AS reseller, ";
$sql .= "licence_quantity, lt.name AS licence_type, expirydate, admincontact, ";
$sql .= "c.forenames AS admincontactsforenames, c.surname AS admincontactssurname, m.notes AS maintnotes ";
$sql .= "FROM `{$dbContacts}` AS c, `{$dbProducts}` AS p, `{$dbMaintenance}` AS m ";
$sql .= "LEFT JOIN `{$dbLicenceTypes}` AS lt ON m.licence_type = lt.id ";
$sql .= "LEFT JOIN `{$dbResellers}` AS r ON r.id = m.reseller ";
$sql .= "WHERE m.product = p.id ";
$sql .= "AND admincontact = c.id AND m.site = '{$id}' ";
$sql .= "ORDER BY expirydate DESC";
// connect to database and execute query
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);