function saveUserLogin($userLoginName) { $this->conn = DB::dbConnect(); $arrBrowserData = ADMIN::getBrowser(); $strBrowser = $arrBrowserData['name'] . " " . $arrBrowserData['version'] . " on " . $arrBrowserData['platform'] . " reports: " . $arrBrowserData['userAgent']; $query = "INSERT INTO `logs` \n\t \t VALUES (NULL, \n\t\t\t\t \t\t '" . $userLoginName . "',\n\t\t\t\t\t\t 'Logged in successfully from " . $_SESSION['user']['ip_address'] . " using client browser " . $strBrowser . "', \n\t\t\t \t '" . $_SESSION['user']['login_time'] . "', \n\t\t\t\t\t\t '" . $_SESSION['user']['ip_address'] . "',\n\t\t\t\t\t \t NULL)"; $result = mysql_query($query); if ($result) { $query = "INSERT INTO `sessions` \n\t\t\t\t \t VALUES ('" . $_SESSION['user']['session_id'] . "', \n\t\t\t\t '" . $userLoginName . "', \n\t\t\t\t\t\t '" . time() . "', \n\t\t\t\t\t\t '" . $_SESSION['user']['login_time'] . "', \n\t\t\t\t\t\t '" . $_SESSION['user']['ip_address'] . "',\n\t\t\t\t\t\t 'http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . "')"; $result = mysql_query($query); return 1; } else { return 0; } }
* * @Desc: Process file using Ajax **************************************************************************************************/ /*$data = $_POST; echo "<pre>"; print_r($data); echo "</pre>"; die;*/ include '../config.php'; require_once '../lib/db.php'; require_once '../lib/admin.php'; require_once '../lib/html.php'; session_start(); $db = new DB(); $admin = new ADMIN(); $html = new HTML(); //print_r($_REQUEST); //--> Add if ($_REQUEST['action'] == "add" && $_REQUEST['frm_supplier_name'] && $_REQUEST['frm_supplier_phone_number']) { // filter input if (!$_REQUEST['frm_supplier_active']) { $_REQUEST['frm_supplier_active'] = "no"; } // the query $db->dbConnect(); $query = "INSERT INTO `mbs_suppliers` (`supplier_id`, \n\t\t\t\t\t\t\t\t\t\t `supplier_name`, \n\t\t\t\t\t\t\t\t\t\t `supplier_email`, \n\t\t\t\t\t\t\t\t\t\t `supplier_phone_number`, \n\t\t\t\t\t\t\t\t\t\t `supplier_postal_address`, \n\t\t\t\t\t\t\t\t\t\t `supplier_last_year_purchase`, \n\t\t\t\t\t\t\t\t\t\t `supplier_target`, \n\t\t\t\t\t\t\t\t\t\t `supplier_growth_incentives`, \n\t\t\t\t\t\t\t\t\t\t `supplier_budget`, \n\t\t\t\t\t\t\t\t\t\t `supplier_po_ref_number`, \n\t\t\t\t\t\t\t\t\t\t `supplier_active`, \n\t\t\t\t\t\t\t\t\t\t `supplier_created_date`, \n\t\t\t\t\t\t\t\t\t\t `supplier_created_by`, \n\t\t\t\t\t\t\t\t\t\t `supplier_modified_date`, \n\t\t\t\t\t\t\t\t\t\t `supplier_modified_by`) \n\n\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_name']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_email']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_phone_number']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_postal_address']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_last_year_purchase']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_target']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_growth_incentives']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_budget']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_po_ref_number']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_active']) . "', \n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "')"; $result = mysql_query($query); $intID = mysql_insert_id(); if ($result) { // Insert the Marketing Contact
/** * Adds the itemOptions of a plugin to a page * @author TeRanEX */ function parse_itemoptions() { global $itemid; ADMIN::_insertPluginOptions('item', $itemid); }
/** * Cleans up entries in the activation table. All entries older than 2 days are removed. * (static) * * @author dekarma */ function cleanupActivationTable() { $actdays = 2; if (isset($CONF['ActivationDays']) && intval($CONF['ActivationDays']) > 0) { $actdays = intval($CONF['ActivationDays']); } else { $CONF['ActivationDays'] = 2; } $boundary = time() - 60 * 60 * 24 * $actdays; // 1. walk over all entries, and see if special actions need to be performed $res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\''); while ($o = sql_fetch_object($res)) { switch ($o->vtype) { case 'register': // delete all information about this site member. registration is undone because there was // no timely activation include_once $DIR_LIBS . 'ADMIN.php'; ADMIN::deleteOneMember(intval($o->vmember)); break; case 'addresschange': // revert the e-mail address of the member back to old address list($oldEmail, $oldCanLogin) = explode('/', $o->vextra); sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin='******', memail=\'' . sql_real_escape_string($oldEmail) . '\' WHERE mnumber=' . intval($o->vmember)); break; case 'forgot': // delete the activation link and ignore. member can request a new password using the // forgot password link break; } } // 2. delete activation entries for real sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\''); }
/** * Inserts a HTML select element with choices for all categories to which the current * member has access * @see function selectBlog */ function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) { ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude); }
/************************************************************************************************** * EW Web Apps Process File * @Author : Erick Wellem (me@erickwellem.com) * October 2009 * This version: February 2013 * * @Desc: Process file using Ajax **************************************************************************************************/ include '../config.php'; require_once '../lib/db.php'; require_once '../lib/admin.php'; require_once '../lib/html.php'; session_start(); $db = new DB(); $admin = new ADMIN(); $html = new HTML(); //print_r($_REQUEST); //--> Add if ($_REQUEST['action'] == "add" && $_REQUEST['frm_activity_name']) { // filter input if (!$_REQUEST['frm_activity_store_related']) { $_REQUEST['frm_activity_store_related'] = "no"; } if (!$_REQUEST['frm_activity_active']) { $_REQUEST['frm_activity_active'] = "no"; } // the query $db->dbConnect(); $query = "INSERT INTO `mbs_activities` (`activity_id`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_name`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_category`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_description`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_price`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_store_related`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_active`, \n\t\t\t\t\t\t\t\t\t\t\t`size_id`, \n\t\t\t\t\t\t\t\t\t\t\t`year`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_created_date`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_created_by`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_modified_date`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_modified_by`) \n\n\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_name']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_category']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_description']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_price']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_store_related']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_active']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_size_id']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_year']) . "', \n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "')"; $result = mysql_query($query);
function deleteEmail() { $this->conn = $this->dbConnect(); $query = "SELECT * FROM `mbs_emails` WHERE `email_id` = '" . $_REQUEST['email_id'] . "' LIMIT 1"; $result = mysql_query($query, $this->conn); $row = mysql_fetch_assoc($result); if ($row) { // delete user group $queryDel = "DELETE FROM `mbs_emails` WHERE `email_id` = '" . $_REQUEST['email_id'] . "' LIMIT 1"; $resultDel = mysql_query($queryDel, $this->conn); if ($resultDel) { $strAlert = "Email <strong>\"" . stripslashes($row['email_address']) . "\"</strong> is successfully deleted!"; $strAlert .= "<br /><br />\n"; if (ADMIN::getModulePrivilege('emails', 'add') > 0) { $strAlert .= "<a href=\"email_add.php\" title=\"Add Email\"><img src=\"img/add_icon.png\" /> Add</a> \n"; } if (ADMIN::getModulePrivilege('emails', 'list') > 0) { $strAlert .= "<a href=\"email_list.php\" title=\"Email List\"><img src=\"img/list_icon.png\" /> List</a> \n"; } $strLog = "Email \"" . stripslashes($row['email_address']) . "\" is successfully deleted."; $queryLog = "INSERT INTO `logs` (`log_id`, \n\t\t\t\t\t\t\t\t\t\t\t `log_user`, \n\t\t\t\t\t\t\t\t\t\t\t `log_action`, \n\t\t\t\t\t\t\t\t\t\t\t `log_time`, \n\t\t\t\t\t\t\t\t\t\t\t `log_from`, \n\t\t\t\t\t\t\t\t\t\t\t `log_logout`)\n\t\n\t\t\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t\t '" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t\t\tNOW( ),\n\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "', \n\t\t\t\t\t\t\t\t\tNULL)"; $resultLog = mysql_query($queryLog, $this->conn); HTML::showAlert($strAlert, FALSE); } } else { $strAlert = "Email <strong>\"" . stripslashes($row['email_address']) . "\"</strong> tidak kosong!"; $strAlert .= "<br /><br />\n"; if (ADMIN::getModulePrivilege('emails', 'list') > 0) { $strAlert .= "<a href=\"email_list.php\" title=\"Email List\"><img src=\"img/list_icon.png\" /> List</a> \n"; } HTML::showAlert($strAlert, FALSE); } }
function install() { // Can't install when faster requier Nucleus Core Version $ver_min = getNucleusVersion() < $this->getMinNucleusVersion(); $pat_min = getNucleusVersion() == $this->getMinNucleusVersion() && getNucleusPatchLevel() < $this->getMinNucleusPatchLevel(); if ($ver_min || $pat_min) { global $DIR_LIBS; // uninstall plugin again... include_once $DIR_LIBS . 'ADMIN.php'; $admin = new ADMIN(); $admin->deleteOnePlugin($this->getID()); // ...and show error $admin->error(_ERROR_NUCLEUSVERSIONREQ . $this->getMinNucleusVersion() . ' patch ' . $this->getMinNucleusPatchLevel()); } global $manager, $CONF; // Keys initialize if (empty($CONF['ArchiveKey'])) { $CONF['ArchiveKey'] = 'archive'; } if (empty($CONF['ArchivesKey'])) { $CONF['ArchivesKey'] = 'archives'; } if (empty($CONF['MemberKey'])) { $CONF['MemberKey'] = 'member'; } if (empty($CONF['ItemKey'])) { $CONF['ItemKey'] = 'item'; } if (empty($CONF['CategoryKey'])) { $CONF['CategoryKey'] = 'category'; } //Plugins sort $plugTable = sql_table('plugin'); $myid = intval($this->getID()); $res = sql_query('SELECT pid, porder FROM ' . $plugTable); while ($p = sql_fetch_array($res)) { $updateQuery = 'UPDATE %s ' . 'SET porder = %d ' . 'WHERE pid = %d'; if (($pid = intval($p['pid'])) == $myid) { $q = sprintf($updateQuery, $plugTable, 1, $myid); sql_query($q); } else { $porder = intval($p['porder']); $q = sprintf($updateQuery, $plugTable, $porder + 1, $pid); sql_query($q); } } //create plugin's options and set default value $this->createOption('customurl_archive', _OP_ARCHIVE_DIR_NAME, 'text', $CONF['ArchiveKey']); $this->createOption('customurl_archives', _OP_ARCHIVES_DIR_NAME, 'text', $CONF['ArchivesKey']); $this->createOption('customurl_member', _OP_MEMBER_DIR_NAME, 'text', $CONF['MemberKey']); $this->createOption('customurl_dfitem', _OP_DEF_ITEM_KEY, 'text', $CONF['ItemKey']); $this->createOption('customurl_dfcat', _OP_DEF_CAT_KEY, 'text', $CONF['CategoryKey']); $this->createOption('customurl_dfscat', _OP_DEF_SCAT_KEY, 'text', 'subcategory'); $this->createOption('customurl_incbname', _OP_INCLUDE_CBNAME, 'yesno', 'no'); $this->createOption('customurl_tabledel', _OP_TABLE_DELETE, 'yesno', 'no'); $this->createOption('customurl_quicklink', _OP_QUICK_LINK, 'yesno', 'yes'); $this->createOption('customurl_notfound', _OP_NOT_FOUND, 'select', '404', '404 Not Found|404|303 See Other|303'); $this->createBlogOption('use_customurl', _OP_USE_CURL, 'yesno', 'yes'); $this->createBlogOption('redirect_normal', _OP_RED_NORM, 'yesno', 'yes'); $this->createBlogOption('redirect_search', _OP_RED_SEARCH, 'yesno', 'yes'); $this->createBlogOption('customurl_bname', _OP_BLOG_PATH, 'text'); // $this->createItemOption( 'customurl_iname', _OP_ITEM_PATH, // 'text', $CONF['ItemKey']); $this->createMemberOption('customurl_mname', _OP_MEMBER_PATH, 'text'); $this->createCategoryOption('customurl_cname', _OP_CATEGORY_PATH, 'text'); //default archive directory name $this->setOption('customurl_archive', $CONF['ArchiveKey']); //default archives directory name $this->setOption('customurl_archives', $CONF['ArchivesKey']); //default member directory name $this->setOption('customurl_member', $CONF['MemberKey']); //default itemkey_template $this->setOption('customurl_dfitem', $CONF['ItemKey']); //default categorykey_template $this->setOption('customurl_dfcat', $CONF['CategoryKey']); //default subcategorykey_template $this->setOption('customurl_dfscat', 'subcategory'); //create data table $sql = 'CREATE TABLE IF NOT EXISTS ' . _CUSTOMURL_TABLE . ' (' . ' `id` INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, ' . ' `obj_param` VARCHAR(15) NOT NULL, ' . ' `obj_name` VARCHAR(128) NOT NULL, ' . ' `obj_id` INT(11) NOT NULL, ' . ' `obj_bid` INT(11) NOT NULL,' . ' INDEX (`obj_name`)' . ' )'; sql_query($sql); //setting default aliases $this->_createNewPath('blog', 'blog', 'bnumber', 'bshortname'); $this->_createNewPath('item', 'item', 'inumber', 'iblog'); $this->_createNewPath('category', 'category', 'catid', 'cblog'); $this->_createNewPath('member', 'member', 'mnumber', 'mname'); if ($this->pluginCheck('MultipleCategories')) { $scatTableName = 'plug_multiple_categories_sub'; $this->_createNewPath('subcategory', $scatTableName, 'scatid', 'catid'); } }
function viewBooking() { global $arrSiteConfig; global $STR_URL, $STR_PATH; $this->conn = DB::dbConnect(); $query = "SELECT * FROM `mbs_bookings` WHERE `booking_id` = '" . mysql_real_escape_string($_REQUEST['booking_id']) . "' LIMIT 1"; $result = mysql_query($query); if ($result) { $row = mysql_fetch_assoc($result); // get some variables $intBookingYear = substr($row['booking_date'], 0, 4); $strFilePath = $STR_PATH . $row['booking_file_path'] . $row['booking_file_name']; // get supplier data $strQuerySupplier = "SELECT * FROM `mbs_suppliers` WHERE `supplier_id` = '" . mysql_real_escape_string($row['supplier_id']) . "'"; $resultSupplier = mysql_query($strQuerySupplier); if ($resultSupplier) { $rowSupplier = mysql_fetch_assoc($resultSupplier); // get marketing contact $strQueryContact = "SELECT * FROM `mbs_suppliers_marketing_contacts` WHERE `supplier_id` = '" . mysql_real_escape_string($rowSupplier['supplier_id']) . "'"; $resultContact = mysql_query($strQueryContact); if ($resultContact) { $rowContact = mysql_fetch_assoc($resultContact); } } ?> <?php if ($_REQUEST['pop'] == "yes") { ?> <div align="center"> <form name="myformTop" action="<?php if (preg_match("/_exec/", $_SERVER['HTTP_REFERER'])) { if ($_SESSION['user']['type'] == 'admin') { echo "booking_list.php"; } else { echo "booking_search.php"; } } else { echo $_SERVER['HTTP_REFERER']; } ?> "> <input type="hidden" name="booking_id" value="<?php echo $_REQUEST['booking_id']; ?> "> <input type="hidden" name="page_num" value="<?php echo $_REQUEST['page_num']; ?> "> <input type="hidden" name="frm_search_text" value="<?php echo $_REQUEST['frm_search_text']; ?> "> <input class="btn" type="submit" value="Close" onclick="this.value='Loading...'"> </form> </div> <?php } ?> <div class="container-fluid"> <div class="row-fluid"> <div class="span12" style="text-align:center;margin-top:20px;"> <h2>Booking » <?php echo stripslashes(htmlspecialchars($row['booking_name'])); ?> </h2> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span12" style="text-align:center;margin-top:20px;"> <?php if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'add') !== 0) { ?> <a class="btn btn-popover" href="booking.php?action=add" rel="popover" data-content="Insert new Booking to the database" data-original-title="New Booking" title="New Booking"><img src="<?php echo $STR_URL; ?> img/add_icon.png" /> New Booking</a> <?php } ?> <?php if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'edit') !== 0) { ?> <a class="btn btn-popover" href="booking.php?booking_id=<?php echo $row['booking_id']; ?> &action=edit" rel="popover" data-content="Edit Booking including the Promotional Activities included" data-original-title="Edit Booking" title="Edit Booking"><img src="<?php echo $STR_URL; ?> img/edit_icon.png" /> Edit</a> <?php } ?> <?php if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'delete') !== 0) { ?> <a id="frm_delete_button_<?php echo $row['booking_id']; ?> " class="btn btn-popover" href="booking_list.php?booking_id=<?php echo $row['booking_id']; ?> &action=delete" rel="popover" data-content="Delete Booking from the database" data-original-title="Delete Booking" title="Delete Booking" /><img src="<?php echo $STR_URL; ?> img/delete_icon.png" /> Delete</a> <?php } ?> <?php if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'list') !== 0) { ?> <a class="btn btn-popover" href="booking_list.php" rel="popover" data-content="Refresh the Booking List to the latest update" data-original-title="Booking List" title="Booking List"><img src="<?php echo $STR_URL; ?> img/list_icon.png" /> List</a> <?php } ?> <a class="btn btn-popover" href="documentation_list.php#bookings" rel="popover" data-content="Look up for the Documentation about Booking module" data-original-title="Help" title="Help"><i class="icon-info-sign"></i> Help</a> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span12" style="text-align:center;margin-top:20px;"> <?php if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'add') !== 0) { ?> <!--<a class="btn" href="booking.php?booking_id=<?php echo $row['booking_id']; ?> &action=edit" title="New Promo Activity"><img src="<?php echo $STR_URL; ?> img/add_icon.png" /> New Promo Activity</a>--> <?php } ?> <a class="btn btn-popover ajax callbacks cboxElement" href="booking_view_upload.php?action=upload&booking_id=<?php echo $row['booking_id']; ?> " rel="popover" data-content="Upload the scanned Booking document to server. Please upload in JPG, GIF, PNG or PDF format!" data-original-title="Upload Booking" title="Upload Booking"><img src="<?php echo $STR_URL; ?> img/upload_icon.png" /> Attach</a> <?php if ($row['booking_file_name'] && file_exists($strFilePath)) { ?> <a class="btn btn-popover" href="booking_view_download.php?action=download&booking_id=<?php echo $row['booking_id']; ?> " rel="popover" data-content="Download attached scanned Booking document from server" data-original-title="Download Booking" title="Download Booking"><img src="<?php echo $STR_URL; ?> img/download_icon.png" /> Download</a> <?php } ?> <a class="btn btn-popover" href="booking_view_print.php?action=print&booking_id=<?php echo $row['booking_id']; ?> " target="_blank" rel="popover" data-content="Print the Booking from the browser. A new tab and a Print dialog will be popped up" data-original-title="Print Booking" title="Print Booking"><img src="<?php echo $STR_URL; ?> img/print_icon.png" /> Print</a> <a class="btn btn-popover ajax callbacks cboxElement" href="booking_view_email.php?action=email&booking_id=<?php echo $row['booking_id']; ?> " rel="popover" data-content="Send the Booking to a certain email" data-original-title="Email Booking" title="Email Booking"><img src="<?php echo $STR_URL; ?> img/email_icon.png" /> Email</a> </div> </div> </div> <fieldset> <div class="container-fluid"> <div class="row-fluid"> <div class="span12" style="text-align:center;margin-top:20px;"> <h3>Promotional Activity <?php echo $intBookingYear; ?> </h3> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span5"> <p><strong>Supplier Name: <?php echo htmlspecialchars($rowSupplier['supplier_name']); ?> </strong></p> </div> <div class="span3 offset4"> <p><strong>Date: <?php echo HTML::convertDateTime($row['booking_date']); ?> </strong></p> </div> </div> </div> <script> $(document).ready(function () { $('#frm_delete_button_<?php echo $row['booking_id']; ?> ').click(function () { if (confirmDeleteBooking()) { var dataString = 'action=delete&booking_id=<?php echo $row['booking_id']; ?> '; var request = $.ajax({ url: 'ajax/booking_proc.php', type: 'post', data: dataString, success: function(msg) { $.gritter.add({ title: 'Info', text: '<p>' + msg + '</p>', image: '<?php echo $STR_URL; ?> img/accepted.png', sticky: false, time: '3000' }); } }); } return false; }); }); </script> <?php // Get the booking activity $queryBookingActivity = "SELECT * FROM `mbs_bookings_activities` WHERE `booking_id` = '" . mysql_real_escape_string($_REQUEST['booking_id']) . "' ORDER BY `booking_activity_month`"; $resultBookingActivity = mysql_query($queryBookingActivity); $arrBookingActivityData = array(); while ($rowBookingActivity = mysql_fetch_assoc($resultBookingActivity)) { $arrBookingActivityData[] = $rowBookingActivity; } // Get the booking activity amount $queryBookingActivityAmount = "SELECT COUNT(*) FROM `mbs_bookings_activities` WHERE `booking_id` = '" . mysql_real_escape_string($_REQUEST['booking_id']) . "'"; $resultBookingActivityAmount = mysql_query($queryBookingActivityAmount); $rowBookingActivityAmount = mysql_fetch_row($resultBookingActivityAmount); $intBookingActivityAmount = $rowBookingActivityAmount[0]; ?> <?php if ($intBookingActivityAmount > 0) { ?> <script> $(document).ready(function() { <?php for ($i = 0; $i < count($arrBookingActivityData); $i++) { ?> $('#frm_activity_edit_<?php echo $arrBookingActivityData[$i]['booking_activity_id']; ?> ').click(function() { window.location = "<?php echo $STR_URL; ?> booking.php?booking_id=<?php echo $row['booking_id']; ?> &action=edit&booking_activity_id=<?php echo $arrBookingActivityData[$i]['booking_activity_id']; ?> &child_action=edit-activity"; }); $('#frm_activity_delete_<?php echo $arrBookingActivityData[$i]['booking_activity_id']; ?> ').click(function() { if (confirmDeleteBookingActivity()) { $(this).closest('tr').remove(); var dataString = 'action=delete&booking_id=<?php echo $row['booking_id']; ?> &booking_activity_id=<?php echo $arrBookingActivityData[$i]['booking_activity_id']; ?> '; var request = $.ajax({ url: 'ajax/booking_proc.php', type: 'post', data: dataString, success: function(msg) { $.gritter.add({ title: 'Info', text: '<p>' + msg + '</p>', image: '<?php echo $STR_URL; ?> img/accepted.png', sticky: false, time: '3000' }); $('#frm_preview').load('ajax/booking_activity_preview.php?booking_id=<?php echo $row['booking_id']; ?> '); } }); } return false; }); <?php } ?> }); </script> <script> $(function () { $('.btn-popover').popover({ trigger: 'hover', placement: 'top' }); }); </script> <?php } ?> <div id="frm_preview"> <table class="table table-bordered table-hover"> <thead class="well"> <tr> <th style="text-align:center;"><strong>Month/Year</strong></th> <th style="text-align:center;"><strong>Promotional Agreement</strong></th> <th style="text-align:center;"><strong>Price</strong></th> <th style="text-align:center;"><strong>Action</strong></th> </tr> </thead> <tbody> <?php if ($intBookingActivityAmount > 0) { ?> <?php for ($i = 0; $i < count($arrBookingActivityData); $i++) { ?> <?php if ($arrBookingActivityData[$i]['store_id']) { $arrStoreID = explode(',', $arrBookingActivityData[$i]['store_id']); $intStoreCount = count($arrStoreID); } ?> <?php if ($arrBookingActivityData[$i]['store_id']) { $strPrice = $arrBookingActivityData[$i]['booking_activity_price'] * $intStoreCount; } else { $strPrice = $arrBookingActivityData[$i]['booking_activity_price']; } ?> <tr id="id<?php echo $arrBookingActivityData[$i]['booking_activity_id']; ?> "> <td><?php echo HTML::getMonthName($arrBookingActivityData[$i]['booking_activity_month']); ?> <?php echo stripslashes($arrBookingActivityData[$i]['booking_activity_year']); ?> </td> <td><?php echo stripslashes($arrBookingActivityData[$i]['booking_activity_description']); ?> </td> <td style="width:10%;"><div style="text-align:right;">$<?php echo number_format($strPrice, 2); ?> </div></td> <?php if ($_SESSION['user']['type'] == 'admin') { ?> <td style="width:20%;"><div align="center"> <?php if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user') { ?> <!--<button class="btn" type="button" id="frm_activity_edit_<?php echo $arrBookingActivityData[$i]['booking_activity_id']; ?> "><img src="<?php echo $STR_URL; ?> img/edit_icon.png" /> Edit</button>--> <?php } ?> <?php if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') { ?> <button class="btn" type="button" id="frm_activity_delete_<?php echo $arrBookingActivityData[$i]['booking_activity_id']; ?> "><img src="<?php echo $STR_URL; ?> img/delete_icon.png" /> Remove</button> <?php } ?> </div></td> <?php } ?> </tr> <?php $intTotalAmount += $strPrice; ?> <?php } ?> <?php } else { ?> <tr> <td colspan="4"><div align="center">No Promo Activity yet. Please <a class="btn" href="booking.php?booking_id=<?php echo $row['booking_id']; ?> &action=edit">add</a></div></td> </tr> <?php } ?> <tr> <td colspan="2"><div style="text-align:right;"><strong>Total</strong></div></td> <td><div style="text-align:right;"><strong>$<?php echo number_format($intTotalAmount, 2); ?> </strong></div></td> <td></td> </tr> </tbody> </table> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="row-fluid"> <div class="span2 offset6"> <p style="text-align:right;">Purchases in <?php echo intval($intBookingYear) - 1; ?> :</p> </div> <div class="span4" style="border-bottom:1px solid #ddd;"> <p><?php echo $rowSupplier['supplier_last_year_purchase']; ?> </p> </div> </div> <div class="row-fluid"> <div class="span2 offset6"> <p style="text-align:right;"><?php echo intval($intBookingYear); ?> Target:</p> </div> <div class="span4" style="border-bottom:1px solid #ddd;"> <p><?php echo stripslashes(htmlspecialchars($rowSupplier['supplier_target'])); ?> </p> </div> </div> <div class="row-fluid"> <div class="span2 offset6"> <p style="text-align:right;">Growth Incentives:</p> </div> <div class="span4" style="border-bottom:1px solid #ddd;"> <p><?php echo stripslashes(htmlspecialchars($rowSupplier['supplier_growth_incentives'])); ?> </p> </div> </div> <div class="row-fluid"> <div class="span2 offset6"> <p style="text-align:right;">Co-op Budget:</p> </div> <div class="span4" style="border-bottom:1px solid #ddd;"> <p><?php echo stripslashes(htmlspecialchars($rowSupplier['supplier_budget'])); ?> </p> </div> </div> </div> </div> <div class="container-fluid" style="margin-top:80px;"> <div class="row-fluid"> <div class="span2"><p>Signed:</p></div> <div class="span4" style="border-bottom:1px solid #ddd;"></div> <div class="span2"></div> <div class="span4" style="border-bottom:1px solid #ddd;"></div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"></div> <div class="span4" style="text-align:center;"><p style="color:#999;">For & on behalf of supplier</p></div> <div class="span2"></div> <div class="span4" style="text-align:center;"><p style="color:#999;">For & on behalf of Pharmacy 4 Less</p></div> </div> </div> <div class="container-fluid" style="margin-top:40px;"> <div class="row-fluid"> <div class="span2" style="text-align:right;"><p>Name :</p></div> <div class="span2" style="border-bottom:1px solid #ddd;"><p><?php echo htmlspecialchars($rowContact['supplier_contact_name']); ?> </p></div> <div class="span2"></div> <div class="span2" style="text-align:right;"><p>Name :</p></div> <div class="span4" style="border-bottom:1px solid #ddd;"><p><?php echo stripslashes(htmlspecialchars($arrSiteConfig['mbs_p4l_on_behalf_name'])); ?> </p></div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2" style="text-align:right;"><p>Title :</p></div> <div class="span2" style="border-bottom:1px solid #ddd;"><p><?php echo htmlspecialchars($rowContact['supplier_contact_position']); ?> </p></div> <div class="span2"></div> <div class="span2" style="text-align:right;"><p>Title :</p></div> <div class="span4" style="border-bottom:1px solid #ddd;"><p><?php echo stripslashes(htmlspecialchars($arrSiteConfig['mbs_p4l_on_behalf_position'])); ?> </p></div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2" style="text-align:right;"><p>Date :</p></div> <div class="span2" style="border-bottom:1px solid #ddd;"><p><?php echo HTML::convertDateTime($row['booking_date']); ?> </p></div> <div class="span2"></div> <div class="span2" style="text-align:right;"><p>Date :</p></div> <div class="span4" style="border-bottom:1px solid #ddd;"><p><?php echo HTML::convertDateTime($row['booking_date']); ?> </p></div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2" style="text-align:right;"><p>Phone :</p></div> <div class="span2" style="border-bottom:1px solid #ddd;"><p><?php echo htmlspecialchars($rowContact['supplier_contact_phone_number']); ?> </p></div> <div class="span2"></div> <div class="span2" style="text-align:right;"></div> <div class="span4"></div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2" style="text-align:right;"><p>Mobile :</p></div> <div class="span2" style="border-bottom:1px solid #ddd;"><p><?php echo htmlspecialchars($rowContact['supplier_contact_mobile_number']); ?> </p></div> <div class="span2"></div> <div class="span2" style="text-align:right;"></div> <div class="span4"></div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2" style="text-align:right;"><p>Billing Address :</p></div> <div class="span2" style="border-bottom:1px solid #ddd;"><p><?php echo htmlspecialchars($rowContact['supplier_contact_postal_address']); ?> </p></div> <div class="span2"></div> <div class="span2" style="text-align:right;"></div> <div class="span4"><?php if ($row['booking_file_name'] && file_exists($strFilePath)) { ?> <strong>Attachment</strong> <img src="<?php echo $STR_URL; ?> img/attachment_icon.png" title="Attachment" /><p><?php echo $row['booking_file_name']; ?> <em>(<?php echo HTML::getFileSize($strFilePath); ?> )</em></p><?php } ?> </div> </div> </div> </fieldset> <ul style="margin-top:40px;"> <li><strong>Created on:</strong> <?php echo HTML::convertDateTime($row['booking_created_date']); ?> by <strong><?php echo stripslashes($row['booking_created_by']); ?> </strong></li> <li><strong>Last modified on:</strong> <?php echo HTML::convertDateTime($row['booking_modified_date']); ?> by <strong><?php echo stripslashes($row['booking_modified_by']); ?> </strong></li> </ul> <?php if ($_REQUEST['pop'] == "yes") { ?> <div align="center" style="margin-top:20px;"> <form name="myformBottom" action="<?php if (preg_match("/_exec/", $_SERVER['HTTP_REFERER'])) { if ($_SESSION['user']['type'] == 'admin') { echo "booking_list.php"; } else { echo "booking_search.php"; } } else { echo $_SERVER['HTTP_REFERER']; } ?> "> <input type="hidden" name="booking_id" value="<?php echo $_REQUEST['booking_id']; ?> "> <input type="hidden" name="page_num" value="<?php echo $_REQUEST['page_num']; ?> "> <input type="hidden" name="frm_search_text" value="<?php echo $_REQUEST['frm_search_text']; ?> "> <input class="btn" type="submit" value="Close" onclick="this.value='Loading...'"> </form> </div> <?php } ?> <?php // The Log $strLog = "View Booking named \"" . $row['booking_name'] . "\""; $queryLog = "INSERT INTO `logs` (`log_id`, \n\t\t\t\t\t\t\t\t\t\t `log_user`, \n\t\t\t\t\t\t\t\t\t\t `log_action`, \n\t\t\t\t\t\t\t\t\t\t `log_time`, \n\t\t\t\t\t\t\t\t\t\t `log_from`, \n\t\t\t\t\t\t\t\t\t\t `log_logout`)\n\n\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t'" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "',\n\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "', \n\t\t\t\t\t\t\tNULL)"; $resultLog = mysql_query($queryLog); } }
<?php /************************************************************************************************** * EW Web Apps Process File * @Author : Erick Wellem (me@erickwellem.com) * October 2009 * This version: February 2013 * * @Desc: Process file using Ajax **************************************************************************************************/ include '../config.php'; require_once '../lib/db.php'; require_once '../lib/admin.php'; require_once '../lib/html.php'; $db = new DB(); $admin = new ADMIN(); $html = new HTML(); $strCode = htmlentities($_REQUEST['frm_user_password_reset_code']); $strPassword = htmlentities($_REQUEST['frm_user_password']); $strPasswordConfirm = htmlentities($_REQUEST['frm_user_password_confirm']); if ($strCode && $strPassword && $strPasswordConfirm && !$_SERVER['QUERY_STRING']) { $intUserID = $admin->getUserIDByPasswordResetCode($strCode); if ($intUserID) { if ($admin->resetUserPasswordByCode($intUserID, $strPassword) > 0) { sendEmailPasswordResetSuccess($intUserID); } else { echo "Failed to reset the password. There might be a database problem!"; } } else { echo "Failed to reset the password. The password reset code is invalid or has been expired."; }
array_push($aFound, $fileDesc); } } if (@is_writable('../config.php')) { array_push($aFound, _ERRORS_CONFIGPHP); } if (sizeof($aFound) > 0) { startUpError(_ERRORS_STARTUPERROR1 . implode($aFound, '</li><li>') . _ERRORS_STARTUPERROR2, _ERRORS_STARTUPERROR3); } } $bNeedsLogin = false; $bIsActivation = in_array($action, array('activate', 'activatesetpwd')); if ($action == 'logout') { $bNeedsLogin = true; } if (!$member->isLoggedIn() && !$bIsActivation) { $bNeedsLogin = true; } // show error if member cannot login to admin if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) { $error = _ERROR_LOGINDISALLOWED; $bNeedsLogin = true; } if ($bNeedsLogin) { setOldAction($action); // see ADMIN::login() (sets old action in POST vars) $action = 'showlogin'; } sendContentType('text/html', 'admin-' . $action); $admin = new ADMIN(); $admin->action($action);
<?php /************************************************************************************************** * EW Web Apps Process File * @Author : Erick Wellem (me@erickwellem.com) * October 2009 * This version: February 2013 * * @Desc: Process file using Ajax **************************************************************************************************/ include '../config.php'; require_once '../lib/db.php'; require_once '../lib/admin.php'; session_start(); $db = new DB(); $admin = new ADMIN(); //print_r($_REQUEST); //--> Add if ($_REQUEST['action'] == "add" && $_REQUEST['frm_product_name']) { // filter input if (!$_REQUEST['frm_product_active']) { $_REQUEST['frm_product_active'] = "no"; } // the query $db->dbConnect(); $query = "INSERT INTO `mbs_products` (`product_id`, \n\t\t\t\t\t\t\t\t\t\t `product_code`, \n\t\t\t\t\t\t\t\t\t\t `product_name`, \n\t\t\t\t\t\t\t\t\t\t `product_size`, \n\t\t\t\t\t\t\t\t\t\t `product_normal_retail_price`, \n\t\t\t\t\t\t\t\t\t\t `product_promo_price`, \n\t\t\t\t\t\t\t\t\t\t `product_special_offer_details`, \n\t\t\t\t\t\t\t\t\t\t `product_description`, \n\t\t\t\t\t\t\t\t\t\t `product_active`, \n\t\t\t\t\t\t\t\t\t\t `product_created_date`, \n\t\t\t\t\t\t\t\t\t\t `product_created_by`, \n\t\t\t\t\t\t\t\t\t\t `product_modified_date`, \n\t\t\t\t\t\t\t\t\t\t `product_modified_by`) \n\n\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_code']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_name']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_size_id']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_normal_retail_price']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_promo_price']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_special_offer_details']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_name']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_active']) . "', \t\t\t\t\t\t\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "')"; $result = mysql_query($query); $intID = mysql_insert_id(); if ($result) { $strAlert = '<p>Product named "' . stripslashes($_REQUEST['frm_product_name']); if ($_REQUEST['frm_product_code']) {
function listplug_plugOptionRow($current) { $varname = 'plugoption[' . $current['oid'] . '][' . $current['contextid'] . ']'; // retreive the optionmeta $meta = NucleusPlugin::getOptionMeta($current['typeinfo']); // only if it is not a hidden option write the controls to the page if ($meta['access'] != 'hidden') { echo '<td>', htmlspecialchars($current['description'] ? $current['description'] : $current['name']), '</td>'; echo '<td>'; switch ($current['type']) { case 'yesno': ADMIN::input_yesno($varname, $current['value'], 0, 'yes', 'no'); break; case 'password': echo '<input type="password" size="40" maxlength="128" name="', htmlspecialchars($varname), '" value="', htmlspecialchars($current['value']), '" />'; break; case 'select': echo '<select name="' . htmlspecialchars($varname) . '">'; $aOptions = NucleusPlugin::getOptionSelectValues($current['typeinfo']); $aOptions = explode('|', $aOptions); for ($i = 0; $i < count($aOptions) - 1; $i += 2) { echo '<option value="' . htmlspecialchars($aOptions[$i + 1]) . '"'; if ($aOptions[$i + 1] == $current['value']) { echo ' selected="selected"'; } echo '>' . htmlspecialchars($aOptions[$i]) . '</option>'; } echo '</select>'; break; case 'textarea': //$meta = NucleusPlugin::getOptionMeta($current['typeinfo']); echo '<textarea class="pluginoption" cols="30" rows="5" name="', htmlspecialchars($varname), '"'; if ($meta['access'] == 'readonly') { echo ' readonly="readonly"'; } echo '>', htmlspecialchars($current['value']), '</textarea>'; break; case 'text': default: //$meta = NucleusPlugin::getOptionMeta($current['typeinfo']); echo '<input type="text" size="40" maxlength="128" name="', htmlspecialchars($varname), '" value="', htmlspecialchars($current['value']), '"'; if ($meta['datatype'] == 'numerical') { echo ' onkeyup="checkNumeric(this)" onblur="checkNumeric(this)"'; } if ($meta['access'] == 'readonly') { echo ' readonly="readonly"'; } echo ' />'; } echo $current['extra']; echo '</td>'; } }
function listBooking() { global $arrSiteConfig; global $STR_URL; global $TABLE_MAX_ROW_PER_PAGE; DB::dbConnect(); // If page number not set, set it to 1 if (!$_REQUEST['page_num']) { $_REQUEST['page_num'] = 1; } // Setting queries and pages $offset = ($_REQUEST['page_num'] - 1) * $TABLE_MAX_ROW_PER_PAGE; $this->conn = DB::dbConnect(); $strSearchText = stripslashes($_REQUEST['frm_search_text']); // sort variables if (!$_REQUEST['sortmode']) { $_REQUEST['sortmode'] = "asc"; } $strSortMode = $_REQUEST['sortmode']; if ($_REQUEST['frm_search_text']) { // search query ********************************************************************************* $query = "SELECT * FROM `mbs_bookings` \n\t\t\t\t\t \t\t WHERE (`booking_name` LIKE '%" . mysql_real_escape_string($strSearchText) . "%'\n\t\t\t\t\t \t\t \t\t OR `booking_code` LIKE '%" . mysql_real_escape_string($strSearchText) . "%' \n\t\t\t\t\t \t\t\t OR `booking_description` LIKE '%" . mysql_real_escape_string($strSearchText) . "%')\n\t\t\t\t\t \t\t\t ORDER BY "; if ($_REQUEST['sortby']) { $query .= "`" . mysql_real_escape_string($_REQUEST['sortby']) . "` " . $strSortMode . ", `booking_id`"; } else { $query .= "`booking_code` ASC, `booking_name` ASC, `booking_created_date` DESC"; } $query .= " LIMIT " . $offset . "," . $TABLE_MAX_ROW_PER_PAGE; // search query total *************************************************************************** $queryTotal = "SELECT COUNT(*) FROM `mbs_bookings` \n\t\t\t\t\t \t\t\t WHERE (`booking_name` LIKE '%" . mysql_real_escape_string($strSearchText) . "%' \n\t\t\t\t\t \t\t\t \t OR `booking_code` LIKE '%" . mysql_real_escape_string($strSearchText) . "%'\n\t\t\t\t\t \t\t\t OR `booking_description` LIKE '%" . mysql_real_escape_string($strSearchText) . "%')"; } else { // the query ************************************************************************************ $query = "SELECT * FROM `mbs_bookings` ORDER BY "; if ($_REQUEST['sortby']) { $query .= " `" . mysql_real_escape_string($_REQUEST['sortby']) . "` " . $strSortMode . ", `booking_id`"; } else { $query .= " `booking_code`, `booking_name`"; } $query .= " LIMIT " . $offset . "," . $TABLE_MAX_ROW_PER_PAGE; // the query total ****************************************************************************** $queryTotal = "SELECT COUNT(*) FROM `mbs_bookings`"; } $result = mysql_query($query, $this->conn); $resultTotal = mysql_query($queryTotal, $this->conn); $rowTotal = mysql_fetch_row($resultTotal); $totalPage = ceil($rowTotal[0] / $TABLE_MAX_ROW_PER_PAGE); $strResult = ""; #echo "<div style=\"padding:15px; background-color:#eee;\">"; #echo "<strong>Query:</strong> " . $query . "<br /><br />"; #echo "<strong>Query Total:</strong> " . $queryTotal . "<br /><br />"; #echo "</div>"; // javascript to pop up message $strResult .= "\n\t\t\n\t\t\t\t\t"; // search form $strResult .= "\n\t\t\t<form name=\"search_booking_data\" method=\"post\" action=\"" . $STR_URL . "booking_list.php\">\n\t\t\t\t<input type=\"hidden\" name=\"frm_search_referer\" value=\"" . $_SERVER['PHP_SELF'] . "\" />\n\t\t\t\t<input type=\"text\" name=\"frm_search_text\" size=\"40\" maxlength=\"128\" value=\""; if ($_REQUEST['frm_search_text']) { $strResult .= stripslashes($_REQUEST['frm_search_text']); } $strResult .= "\" />\t\t\t\t\n\t\t\t\t<input class=\"btn\" type=\"submit\" name=\"frm_search_submit\" value=\"Search Bookings\" onclick=\"return validateSearch(this.form)\" /><br />\n\t\t\t</form>\n\t\t\t"; // the form $strResult .= "\n\t\t\t<form id=\"frm_booking\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\" />\n\t\t\t"; $strResult .= "<div align=\"right\">"; // the refresh link if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'list') !== 0) { $strResult .= "<a class=\"btn\" href=\"" . $STR_URL . ADMIN::getModuleFile('bookings', 'list') . "\" title=\"Booking List\"><img src=\"" . $STR_URL . "img/refresh_icon.png\" /> Refresh</a>"; } $strResult .= " "; // the add link if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'add') !== 0) { $strResult .= "<a class=\"btn ajax callbacks cboxElement\" href=\"" . $STR_URL . ADMIN::getModuleFile('bookings', 'add') . "?pop=yes\" title=\"New Booking\"><img src=\"" . $STR_URL . "img/add_icon.png\" /> New Booking</a>"; } $strResult .= "\t</div>"; if ($strSortMode == "asc") { $strSortMode = "desc"; } elseif ($strSortMode == "desc") { $strSortMode = "asc"; } // the table $strResult .= "\t\t\t\n\t\t\t<div align=\"center\"><h2>Booking List</h2></div>\n\t\t\t<div align=\"right\">" . HTML::showPaging($rowTotal[0], $totalPage, 4, array(array('frm_search_text', urlencode($_REQUEST['frm_search_text'])), array('pop', urlencode('yes')), array('sortby', urlencode($_REQUEST['sortby'])), array('sortmode', urlencode($_REQUEST['sortmode'])))) . "</div>\n\n\t\t\t<section id=\"table_booking_list\">\n\t\t\t<table class=\"table table-bordered table-hover\" summary=\"Booking List\">\n\t\t\t<caption>Booking List</caption>\n\t\t\t<thead>\n\t\t\t\t<tr>\t\t\t\t\t\n\t\t\t\t\t<th scope=\"col\" width=\"5%\"><div align=\"center\">No</div></th>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\"><a href=\"" . $_SERVER['PHP_SELF'] . "?page_num=" . intval($_REQUEST['page_num']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&sortby=booking_name&sortmode=" . $strSortMode . "\">Code/Name</a></div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\"><a href=\"" . $_SERVER['PHP_SELF'] . "?page_num=" . intval($_REQUEST['page_num']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&sortby=booking_normal_retail_price&sortmode=" . $strSortMode . "\">Normal Retail Price</a></div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\"><a href=\"" . $_SERVER['PHP_SELF'] . "?page_num=" . intval($_REQUEST['page_num']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&sortby=booking_promo_price&sortmode=" . $strSortMode . "\">Promo Price</a></div></th>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t"; // edit / delete column if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') { $strResult .= "\t\n\t\t\t\t\t<th scope=\"col\" width=\"20%\"><div align=\"center\">Edit/Delete</div></th>\n\t\t\t\t\t"; } $strResult .= "\n\t\t\t\t</tr>\n\t\t\t</thead>\t\n\t\t\t\n\t\t\t<tbody>\n\t\t\t"; if ($rowTotal[0] > 0) { $no = $offset; while ($row = mysql_fetch_assoc($result)) { $no++; // link $strLink = ADMIN::getModuleFile('bookings', 'view') . "?booking_id=" . urlencode($row['booking_id']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&page_num=" . $_REQUEST['page_num'] . "&pop=yes"; $strResult .= "\n\t\t\t\t\t\t<tr "; if ($no % 2 == 0) { $strResult .= "class=\"odd\""; } $strResult .= ">\n\t\t\t\t\t\t\t<td id=\"r" . $row['booking_id'] . "\"><div align=\"right\">" . $no . ".</div></td>\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td><div align=\"left\">"; if ($_SESSION['user']['type'] == 'admin' || $strPrivView == "yes") { $strResult .= "<a class=\"ajax callbacks cboxElement\" href=\"" . $STR_URL . $strLink . "\" title=\"" . html_entity_decode(strtoupper($row['booking_name'])) . "\">"; } $strResult .= "<strong>" . html_entity_decode(stripslashes($row['booking_code'])) . " / " . html_entity_decode(stripslashes($row['booking_name'])) . "</strong>"; if ($_SESSION['user']['type'] == 'admin' || $strPrivView == "yes") { "</a>"; } $strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"right\"><strong>\$" . html_entity_decode(stripslashes($row['booking_normal_retail_price'])) . "</strong></div></td>\n\t\t\t\t\t\t\t<td><div align=\"right\"><strong>\$" . html_entity_decode(stripslashes($row['booking_promo_price'])) . "</strong></div></td>\t\t\t\t\t\t\t\n\t\t\t\t\t\t"; // action column if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') { $strResult .= "<td><div align=\"center\">"; // edit if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user') { $strResult .= "<a class=\"btn ajax callbacks cboxElement\" href=\"" . $STR_URL . "booking.php?booking_id=" . html_entity_decode($row['booking_id']) . "&action=edit&pop=yes\" title=\"Edit Booking\"><img src=\"" . $STR_URL . "img/edit_icon.png\" /> Edit</a>"; } $strResult .= " "; // delete if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') { $strResult .= "<a id=\"frm_delete_button_" . $row['booking_id'] . "\" class=\"btn\" href=\"" . $STR_URL . "booking_list.php?booking_id=" . $row['booking_id'] . "&action=delete\" title=\"Delete Booking\"><img src=\"" . $STR_URL . "img/delete_icon.png\" /> Delete</a> "; } $strResult .= "</div></td>"; } $strResult .= "\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t"; } // end while($row = ) } else { $strResult .= "<tr><td colspan=\"5\"><div align=\"center\">Found no data</div></td></tr>"; } $strResult .= "\n\t\t\t</tbody>\n\t\t\t<tfoot>\n\t\t\t\t<tr>\n\t\t\t\t\t<th scope=\"row\" colspan=\"2\">Total: " . $rowTotal[0] . "</th>\t\t\t\t\t\n\t\t\t\t\t<td colspan=\"3\">" . HTML::showPaging($rowTotal[0], $totalPage, 4, array(array('frm_search_text', urlencode($_REQUEST['frm_search_text'])), array('pop', urlencode('yes')), array('sortby', urlencode($_REQUEST['sortby'])), array('sortmode', urlencode($_REQUEST['sortmode'])))) . "</td>\n\t\t\t\t</tr>\n\t\t\t</tfoot>\n\t\t\t</table>\n\t\t\t</section>\n\t\t\t</form>\n\t\t\t<a class=\"btn\" href=\"#content\"><i class=\"icon-arrow-up\"></i> Back to top</a>\n\n\n\t\t\t<script>\n\t\t\t\t\$(document).ready(function () {\n\t\t\t\t\tvar strID;\n\t\t\t\t\tvar intID;\n\t\t\t\t\tvar deleteConf;\t\n\t\t\t\n\t\t\t\t\t\$('a').click(function(event) {\n \t\t\t\tstrID = event.target.id; \t\t\t\t \t\t\t\t\n\t\t\t\t\t\tintID = strID.replace('frm_delete_button_', '');\t\t\t\t\t\t\n\n\t\t\t\t\t\tif (intID && intID !== '')\n\t\t\t\t\t\t{\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tif (confirmDeleteBooking())\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\$(this).closest('tr').remove();\t\n\n\t\t\t\t\t\t\t\tvar dataString = 'action=delete&booking_id=' + intID;\t\t\t\t\t\t\t\n\t\t \t\t\t\t \n\t\t\t\t\t\t\t\tvar request = \$.ajax({\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\turl: 'ajax/booking_proc.php',\n\t\t\t\t\t\t\t\t\ttype: 'post', \n\t\t\t\t\t\t\t\t\tdata: dataString,\n\t\t\t\t\t\t\t\t\tsuccess: function(msg) {\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\$.gritter.add({\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\ttitle: 'Info',\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\ttext: '<p>' + msg + '</p>',\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\timage: '" . $STR_URL . "img/accepted.png',\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tsticky: false,\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\ttime: '3000'\n\t\t\t\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t});\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\treturn false;\t\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t}\t\t\t\n\t\t\t\t\t\t\n \t\t\t\t});\n \n\t\t\t\t});\n\t\t\t</script>\n\t\t\t"; // The Log $strLog = "View the Booking List"; $queryLog = "INSERT INTO `logs` (`log_id`, \n\t\t\t\t\t\t\t\t\t\t `log_user`, \n\t\t\t\t\t\t\t\t\t\t `log_action`, \n\t\t\t\t\t\t\t\t\t\t `log_time`, \n\t\t\t\t\t\t\t\t\t\t `log_from`, \n\t\t\t\t\t\t\t\t\t\t `log_logout`)\n\n\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t'" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "',\n\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "', \n\t\t\t\t\t\t\tNULL)"; $resultLog = mysql_query($queryLog); echo $strResult; }
<?php /* @Author: Erick Wellem - me @ erickwellem.com - October 2009 */ // include file - no need to change anything here - EW $dirPos = './'; include $dirPos . 'config.php'; // Class Library -- NO NEED TO CHANGE unless you know what to do require_once 'lib/admin.php'; require_once 'lib/db.php'; require_once 'lib/html.php'; // Includes $HEADER_INCLUDE = 'inc/header-default.php'; $FOOTER_INCLUDE = 'inc/footer-default.php'; // start the session session_start(); $db = new DB(); $admin = new ADMIN(); $html = new HTML(); // get the configuration $arrSiteConfig = $db->getSiteConfig(); // get the privileges and modules $arrPrivileges = $admin->getPrivileges(); // get site language if ($arrSiteConfig['site_language'] == 'id') { require_once 'lang/id/id.php'; } else { require_once 'lang/en/en.php'; }