function saveUserLogin($userLoginName)
{
$this->conn = DB::dbConnect();
$arrBrowserData = ADMIN::getBrowser();
$strBrowser = $arrBrowserData['name'] . " " . $arrBrowserData['version'] . " on " . $arrBrowserData['platform'] . " reports: " . $arrBrowserData['userAgent'];
$query = "INSERT INTO `logs` \n\t \t VALUES (NULL, \n\t\t\t\t \t\t '" . $userLoginName . "',\n\t\t\t\t\t\t 'Logged in successfully from " . $_SESSION['user']['ip_address'] . " using client browser " . $strBrowser . "', \n\t\t\t \t '" . $_SESSION['user']['login_time'] . "', \n\t\t\t\t\t\t '" . $_SESSION['user']['ip_address'] . "',\n\t\t\t\t\t \t NULL)";
$result = mysql_query($query);
if ($result) {
$query = "INSERT INTO `sessions` \n\t\t\t\t \t VALUES ('" . $_SESSION['user']['session_id'] . "', \n\t\t\t\t '" . $userLoginName . "', \n\t\t\t\t\t\t '" . time() . "', \n\t\t\t\t\t\t '" . $_SESSION['user']['login_time'] . "', \n\t\t\t\t\t\t '" . $_SESSION['user']['ip_address'] . "',\n\t\t\t\t\t\t 'http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . "')";
$result = mysql_query($query);
return 1;
} else {
return 0;
}
}
*
* @Desc: Process file using Ajax
**************************************************************************************************/
/*$data = $_POST;
echo "<pre>";
print_r($data);
echo "</pre>";
die;*/
include '../config.php';
require_once '../lib/db.php';
require_once '../lib/admin.php';
require_once '../lib/html.php';
session_start();
$db = new DB();
$admin = new ADMIN();
$html = new HTML();
//print_r($_REQUEST);
//--> Add
if ($_REQUEST['action'] == "add" && $_REQUEST['frm_supplier_name'] && $_REQUEST['frm_supplier_phone_number']) {
// filter input
if (!$_REQUEST['frm_supplier_active']) {
$_REQUEST['frm_supplier_active'] = "no";
}
// the query
$db->dbConnect();
$query = "INSERT INTO `mbs_suppliers` (`supplier_id`, \n\t\t\t\t\t\t\t\t\t\t `supplier_name`, \n\t\t\t\t\t\t\t\t\t\t `supplier_email`, \n\t\t\t\t\t\t\t\t\t\t `supplier_phone_number`, \n\t\t\t\t\t\t\t\t\t\t `supplier_postal_address`, \n\t\t\t\t\t\t\t\t\t\t `supplier_last_year_purchase`, \n\t\t\t\t\t\t\t\t\t\t `supplier_target`, \n\t\t\t\t\t\t\t\t\t\t `supplier_growth_incentives`, \n\t\t\t\t\t\t\t\t\t\t `supplier_budget`, \n\t\t\t\t\t\t\t\t\t\t `supplier_po_ref_number`, \n\t\t\t\t\t\t\t\t\t\t `supplier_active`, \n\t\t\t\t\t\t\t\t\t\t `supplier_created_date`, \n\t\t\t\t\t\t\t\t\t\t `supplier_created_by`, \n\t\t\t\t\t\t\t\t\t\t `supplier_modified_date`, \n\t\t\t\t\t\t\t\t\t\t `supplier_modified_by`) \n\n\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_name']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_email']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_phone_number']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_postal_address']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_last_year_purchase']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_target']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_growth_incentives']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_budget']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_po_ref_number']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_supplier_active']) . "', \n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "')";
$result = mysql_query($query);
$intID = mysql_insert_id();
if ($result) {
// Insert the Marketing Contact
/**
* Adds the itemOptions of a plugin to a page
* @author TeRanEX
*/
function parse_itemoptions()
{
global $itemid;
ADMIN::_insertPluginOptions('item', $itemid);
}
/**
* Cleans up entries in the activation table. All entries older than 2 days are removed.
* (static)
*
* @author dekarma
*/
function cleanupActivationTable()
{
$actdays = 2;
if (isset($CONF['ActivationDays']) && intval($CONF['ActivationDays']) > 0) {
$actdays = intval($CONF['ActivationDays']);
} else {
$CONF['ActivationDays'] = 2;
}
$boundary = time() - 60 * 60 * 24 * $actdays;
// 1. walk over all entries, and see if special actions need to be performed
$res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\'');
while ($o = sql_fetch_object($res)) {
switch ($o->vtype) {
case 'register':
// delete all information about this site member. registration is undone because there was
// no timely activation
include_once $DIR_LIBS . 'ADMIN.php';
ADMIN::deleteOneMember(intval($o->vmember));
break;
case 'addresschange':
// revert the e-mail address of the member back to old address
list($oldEmail, $oldCanLogin) = explode('/', $o->vextra);
sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin='******', memail=\'' . sql_real_escape_string($oldEmail) . '\' WHERE mnumber=' . intval($o->vmember));
break;
case 'forgot':
// delete the activation link and ignore. member can request a new password using the
// forgot password link
break;
}
}
// 2. delete activation entries for real
sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\'');
}
/**
* Inserts a HTML select element with choices for all categories to which the current
* member has access
* @see function selectBlog
*/
function selectBlogCategory($name, $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1)
{
ADMIN::selectBlog($name, 'category', $selected, $tabindex, $showNewCat, $iForcedBlogInclude);
}
/**************************************************************************************************
* EW Web Apps Process File
* @Author : Erick Wellem (me@erickwellem.com)
* October 2009
* This version: February 2013
*
* @Desc: Process file using Ajax
**************************************************************************************************/
include '../config.php';
require_once '../lib/db.php';
require_once '../lib/admin.php';
require_once '../lib/html.php';
session_start();
$db = new DB();
$admin = new ADMIN();
$html = new HTML();
//print_r($_REQUEST);
//--> Add
if ($_REQUEST['action'] == "add" && $_REQUEST['frm_activity_name']) {
// filter input
if (!$_REQUEST['frm_activity_store_related']) {
$_REQUEST['frm_activity_store_related'] = "no";
}
if (!$_REQUEST['frm_activity_active']) {
$_REQUEST['frm_activity_active'] = "no";
}
// the query
$db->dbConnect();
$query = "INSERT INTO `mbs_activities` (`activity_id`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_name`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_category`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_description`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_price`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_store_related`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_active`, \n\t\t\t\t\t\t\t\t\t\t\t`size_id`, \n\t\t\t\t\t\t\t\t\t\t\t`year`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_created_date`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_created_by`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_modified_date`, \n\t\t\t\t\t\t\t\t\t\t\t`activity_modified_by`) \n\n\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_name']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_category']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_description']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_price']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_store_related']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_activity_active']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_size_id']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_year']) . "', \n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "')";
$result = mysql_query($query);
function deleteEmail()
{
$this->conn = $this->dbConnect();
$query = "SELECT * FROM `mbs_emails` WHERE `email_id` = '" . $_REQUEST['email_id'] . "' LIMIT 1";
$result = mysql_query($query, $this->conn);
$row = mysql_fetch_assoc($result);
if ($row) {
// delete user group
$queryDel = "DELETE FROM `mbs_emails` WHERE `email_id` = '" . $_REQUEST['email_id'] . "' LIMIT 1";
$resultDel = mysql_query($queryDel, $this->conn);
if ($resultDel) {
$strAlert = "Email <strong>\"" . stripslashes($row['email_address']) . "\"</strong> is successfully deleted!";
$strAlert .= "<br /><br />\n";
if (ADMIN::getModulePrivilege('emails', 'add') > 0) {
$strAlert .= "<a href=\"email_add.php\" title=\"Add Email\"><img src=\"img/add_icon.png\" /> Add</a> \n";
}
if (ADMIN::getModulePrivilege('emails', 'list') > 0) {
$strAlert .= "<a href=\"email_list.php\" title=\"Email List\"><img src=\"img/list_icon.png\" /> List</a> \n";
}
$strLog = "Email \"" . stripslashes($row['email_address']) . "\" is successfully deleted.";
$queryLog = "INSERT INTO `logs` (`log_id`, \n\t\t\t\t\t\t\t\t\t\t\t `log_user`, \n\t\t\t\t\t\t\t\t\t\t\t `log_action`, \n\t\t\t\t\t\t\t\t\t\t\t `log_time`, \n\t\t\t\t\t\t\t\t\t\t\t `log_from`, \n\t\t\t\t\t\t\t\t\t\t\t `log_logout`)\n\t\n\t\t\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t\t '" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t\t\tNOW( ),\n\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "', \n\t\t\t\t\t\t\t\t\tNULL)";
$resultLog = mysql_query($queryLog, $this->conn);
HTML::showAlert($strAlert, FALSE);
}
} else {
$strAlert = "Email <strong>\"" . stripslashes($row['email_address']) . "\"</strong> tidak kosong!";
$strAlert .= "<br /><br />\n";
if (ADMIN::getModulePrivilege('emails', 'list') > 0) {
$strAlert .= "<a href=\"email_list.php\" title=\"Email List\"><img src=\"img/list_icon.png\" /> List</a> \n";
}
HTML::showAlert($strAlert, FALSE);
}
}
function install()
{
// Can't install when faster requier Nucleus Core Version
$ver_min = getNucleusVersion() < $this->getMinNucleusVersion();
$pat_min = getNucleusVersion() == $this->getMinNucleusVersion() && getNucleusPatchLevel() < $this->getMinNucleusPatchLevel();
if ($ver_min || $pat_min) {
global $DIR_LIBS;
// uninstall plugin again...
include_once $DIR_LIBS . 'ADMIN.php';
$admin = new ADMIN();
$admin->deleteOnePlugin($this->getID());
// ...and show error
$admin->error(_ERROR_NUCLEUSVERSIONREQ . $this->getMinNucleusVersion() . ' patch ' . $this->getMinNucleusPatchLevel());
}
global $manager, $CONF;
// Keys initialize
if (empty($CONF['ArchiveKey'])) {
$CONF['ArchiveKey'] = 'archive';
}
if (empty($CONF['ArchivesKey'])) {
$CONF['ArchivesKey'] = 'archives';
}
if (empty($CONF['MemberKey'])) {
$CONF['MemberKey'] = 'member';
}
if (empty($CONF['ItemKey'])) {
$CONF['ItemKey'] = 'item';
}
if (empty($CONF['CategoryKey'])) {
$CONF['CategoryKey'] = 'category';
}
//Plugins sort
$plugTable = sql_table('plugin');
$myid = intval($this->getID());
$res = sql_query('SELECT pid, porder FROM ' . $plugTable);
while ($p = sql_fetch_array($res)) {
$updateQuery = 'UPDATE %s ' . 'SET porder = %d ' . 'WHERE pid = %d';
if (($pid = intval($p['pid'])) == $myid) {
$q = sprintf($updateQuery, $plugTable, 1, $myid);
sql_query($q);
} else {
$porder = intval($p['porder']);
$q = sprintf($updateQuery, $plugTable, $porder + 1, $pid);
sql_query($q);
}
}
//create plugin's options and set default value
$this->createOption('customurl_archive', _OP_ARCHIVE_DIR_NAME, 'text', $CONF['ArchiveKey']);
$this->createOption('customurl_archives', _OP_ARCHIVES_DIR_NAME, 'text', $CONF['ArchivesKey']);
$this->createOption('customurl_member', _OP_MEMBER_DIR_NAME, 'text', $CONF['MemberKey']);
$this->createOption('customurl_dfitem', _OP_DEF_ITEM_KEY, 'text', $CONF['ItemKey']);
$this->createOption('customurl_dfcat', _OP_DEF_CAT_KEY, 'text', $CONF['CategoryKey']);
$this->createOption('customurl_dfscat', _OP_DEF_SCAT_KEY, 'text', 'subcategory');
$this->createOption('customurl_incbname', _OP_INCLUDE_CBNAME, 'yesno', 'no');
$this->createOption('customurl_tabledel', _OP_TABLE_DELETE, 'yesno', 'no');
$this->createOption('customurl_quicklink', _OP_QUICK_LINK, 'yesno', 'yes');
$this->createOption('customurl_notfound', _OP_NOT_FOUND, 'select', '404', '404 Not Found|404|303 See Other|303');
$this->createBlogOption('use_customurl', _OP_USE_CURL, 'yesno', 'yes');
$this->createBlogOption('redirect_normal', _OP_RED_NORM, 'yesno', 'yes');
$this->createBlogOption('redirect_search', _OP_RED_SEARCH, 'yesno', 'yes');
$this->createBlogOption('customurl_bname', _OP_BLOG_PATH, 'text');
// $this->createItemOption( 'customurl_iname', _OP_ITEM_PATH,
// 'text', $CONF['ItemKey']);
$this->createMemberOption('customurl_mname', _OP_MEMBER_PATH, 'text');
$this->createCategoryOption('customurl_cname', _OP_CATEGORY_PATH, 'text');
//default archive directory name
$this->setOption('customurl_archive', $CONF['ArchiveKey']);
//default archives directory name
$this->setOption('customurl_archives', $CONF['ArchivesKey']);
//default member directory name
$this->setOption('customurl_member', $CONF['MemberKey']);
//default itemkey_template
$this->setOption('customurl_dfitem', $CONF['ItemKey']);
//default categorykey_template
$this->setOption('customurl_dfcat', $CONF['CategoryKey']);
//default subcategorykey_template
$this->setOption('customurl_dfscat', 'subcategory');
//create data table
$sql = 'CREATE TABLE IF NOT EXISTS ' . _CUSTOMURL_TABLE . ' (' . ' `id` INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, ' . ' `obj_param` VARCHAR(15) NOT NULL, ' . ' `obj_name` VARCHAR(128) NOT NULL, ' . ' `obj_id` INT(11) NOT NULL, ' . ' `obj_bid` INT(11) NOT NULL,' . ' INDEX (`obj_name`)' . ' )';
sql_query($sql);
//setting default aliases
$this->_createNewPath('blog', 'blog', 'bnumber', 'bshortname');
$this->_createNewPath('item', 'item', 'inumber', 'iblog');
$this->_createNewPath('category', 'category', 'catid', 'cblog');
$this->_createNewPath('member', 'member', 'mnumber', 'mname');
if ($this->pluginCheck('MultipleCategories')) {
$scatTableName = 'plug_multiple_categories_sub';
$this->_createNewPath('subcategory', $scatTableName, 'scatid', 'catid');
}
}
function viewBooking()
{
global $arrSiteConfig;
global $STR_URL, $STR_PATH;
$this->conn = DB::dbConnect();
$query = "SELECT * FROM `mbs_bookings` WHERE `booking_id` = '" . mysql_real_escape_string($_REQUEST['booking_id']) . "' LIMIT 1";
$result = mysql_query($query);
if ($result) {
$row = mysql_fetch_assoc($result);
// get some variables
$intBookingYear = substr($row['booking_date'], 0, 4);
$strFilePath = $STR_PATH . $row['booking_file_path'] . $row['booking_file_name'];
// get supplier data
$strQuerySupplier = "SELECT * FROM `mbs_suppliers` WHERE `supplier_id` = '" . mysql_real_escape_string($row['supplier_id']) . "'";
$resultSupplier = mysql_query($strQuerySupplier);
if ($resultSupplier) {
$rowSupplier = mysql_fetch_assoc($resultSupplier);
// get marketing contact
$strQueryContact = "SELECT * FROM `mbs_suppliers_marketing_contacts` WHERE `supplier_id` = '" . mysql_real_escape_string($rowSupplier['supplier_id']) . "'";
$resultContact = mysql_query($strQueryContact);
if ($resultContact) {
$rowContact = mysql_fetch_assoc($resultContact);
}
}
?>
<?php
if ($_REQUEST['pop'] == "yes") {
?>
<div align="center">
<form name="myformTop" action="<?php
if (preg_match("/_exec/", $_SERVER['HTTP_REFERER'])) {
if ($_SESSION['user']['type'] == 'admin') {
echo "booking_list.php";
} else {
echo "booking_search.php";
}
} else {
echo $_SERVER['HTTP_REFERER'];
}
?>
">
<input type="hidden" name="booking_id" value="<?php
echo $_REQUEST['booking_id'];
?>
">
<input type="hidden" name="page_num" value="<?php
echo $_REQUEST['page_num'];
?>
">
<input type="hidden" name="frm_search_text" value="<?php
echo $_REQUEST['frm_search_text'];
?>
">
<input class="btn" type="submit" value="Close" onclick="this.value='Loading...'">
</form>
</div>
<?php
}
?>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12" style="text-align:center;margin-top:20px;">
<h2>Booking » <?php
echo stripslashes(htmlspecialchars($row['booking_name']));
?>
</h2>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12" style="text-align:center;margin-top:20px;">
<?php
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'add') !== 0) {
?>
<a class="btn btn-popover" href="booking.php?action=add" rel="popover" data-content="Insert new Booking to the database" data-original-title="New Booking" title="New Booking"><img src="<?php
echo $STR_URL;
?>
img/add_icon.png" /> New Booking</a>
<?php
}
?>
<?php
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'edit') !== 0) {
?>
<a class="btn btn-popover" href="booking.php?booking_id=<?php
echo $row['booking_id'];
?>
&action=edit" rel="popover" data-content="Edit Booking including the Promotional Activities included" data-original-title="Edit Booking" title="Edit Booking"><img src="<?php
echo $STR_URL;
?>
img/edit_icon.png" /> Edit</a>
<?php
}
?>
<?php
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'delete') !== 0) {
?>
<a id="frm_delete_button_<?php
echo $row['booking_id'];
?>
" class="btn btn-popover" href="booking_list.php?booking_id=<?php
echo $row['booking_id'];
?>
&action=delete" rel="popover" data-content="Delete Booking from the database" data-original-title="Delete Booking" title="Delete Booking" /><img src="<?php
echo $STR_URL;
?>
img/delete_icon.png" /> Delete</a>
<?php
}
?>
<?php
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'list') !== 0) {
?>
<a class="btn btn-popover" href="booking_list.php" rel="popover" data-content="Refresh the Booking List to the latest update" data-original-title="Booking List" title="Booking List"><img src="<?php
echo $STR_URL;
?>
img/list_icon.png" /> List</a>
<?php
}
?>
<a class="btn btn-popover" href="documentation_list.php#bookings" rel="popover" data-content="Look up for the Documentation about Booking module" data-original-title="Help" title="Help"><i class="icon-info-sign"></i> Help</a>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12" style="text-align:center;margin-top:20px;">
<?php
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModuleFile('bookings', 'add') !== 0) {
?>
<!--<a class="btn" href="booking.php?booking_id=<?php
echo $row['booking_id'];
?>
&action=edit" title="New Promo Activity"><img src="<?php
echo $STR_URL;
?>
img/add_icon.png" /> New Promo Activity</a>-->
<?php
}
?>
<a class="btn btn-popover ajax callbacks cboxElement" href="booking_view_upload.php?action=upload&booking_id=<?php
echo $row['booking_id'];
?>
" rel="popover" data-content="Upload the scanned Booking document to server. Please upload in JPG, GIF, PNG or PDF format!" data-original-title="Upload Booking" title="Upload Booking"><img src="<?php
echo $STR_URL;
?>
img/upload_icon.png" /> Attach</a>
<?php
if ($row['booking_file_name'] && file_exists($strFilePath)) {
?>
<a class="btn btn-popover" href="booking_view_download.php?action=download&booking_id=<?php
echo $row['booking_id'];
?>
" rel="popover" data-content="Download attached scanned Booking document from server" data-original-title="Download Booking" title="Download Booking"><img src="<?php
echo $STR_URL;
?>
img/download_icon.png" /> Download</a>
<?php
}
?>
<a class="btn btn-popover" href="booking_view_print.php?action=print&booking_id=<?php
echo $row['booking_id'];
?>
" target="_blank" rel="popover" data-content="Print the Booking from the browser. A new tab and a Print dialog will be popped up" data-original-title="Print Booking" title="Print Booking"><img src="<?php
echo $STR_URL;
?>
img/print_icon.png" /> Print</a>
<a class="btn btn-popover ajax callbacks cboxElement" href="booking_view_email.php?action=email&booking_id=<?php
echo $row['booking_id'];
?>
" rel="popover" data-content="Send the Booking to a certain email" data-original-title="Email Booking" title="Email Booking"><img src="<?php
echo $STR_URL;
?>
img/email_icon.png" /> Email</a>
</div>
</div>
</div>
<fieldset>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12" style="text-align:center;margin-top:20px;">
<h3>Promotional Activity <?php
echo $intBookingYear;
?>
</h3>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span5">
<p><strong>Supplier Name: <?php
echo htmlspecialchars($rowSupplier['supplier_name']);
?>
</strong></p>
</div>
<div class="span3 offset4">
<p><strong>Date: <?php
echo HTML::convertDateTime($row['booking_date']);
?>
</strong></p>
</div>
</div>
</div>
<script>
$(document).ready(function () {
$('#frm_delete_button_<?php
echo $row['booking_id'];
?>
').click(function () {
if (confirmDeleteBooking())
{
var dataString = 'action=delete&booking_id=<?php
echo $row['booking_id'];
?>
';
var request = $.ajax({
url: 'ajax/booking_proc.php',
type: 'post',
data: dataString,
success: function(msg) {
$.gritter.add({
title: 'Info',
text: '<p>' + msg + '</p>',
image: '<?php
echo $STR_URL;
?>
img/accepted.png',
sticky: false,
time: '3000'
});
}
});
}
return false;
});
});
</script>
<?php
// Get the booking activity
$queryBookingActivity = "SELECT * FROM `mbs_bookings_activities` WHERE `booking_id` = '" . mysql_real_escape_string($_REQUEST['booking_id']) . "' ORDER BY `booking_activity_month`";
$resultBookingActivity = mysql_query($queryBookingActivity);
$arrBookingActivityData = array();
while ($rowBookingActivity = mysql_fetch_assoc($resultBookingActivity)) {
$arrBookingActivityData[] = $rowBookingActivity;
}
// Get the booking activity amount
$queryBookingActivityAmount = "SELECT COUNT(*) FROM `mbs_bookings_activities` WHERE `booking_id` = '" . mysql_real_escape_string($_REQUEST['booking_id']) . "'";
$resultBookingActivityAmount = mysql_query($queryBookingActivityAmount);
$rowBookingActivityAmount = mysql_fetch_row($resultBookingActivityAmount);
$intBookingActivityAmount = $rowBookingActivityAmount[0];
?>
<?php
if ($intBookingActivityAmount > 0) {
?>
<script>
$(document).ready(function() {
<?php
for ($i = 0; $i < count($arrBookingActivityData); $i++) {
?>
$('#frm_activity_edit_<?php
echo $arrBookingActivityData[$i]['booking_activity_id'];
?>
').click(function() {
window.location = "<?php
echo $STR_URL;
?>
booking.php?booking_id=<?php
echo $row['booking_id'];
?>
&action=edit&booking_activity_id=<?php
echo $arrBookingActivityData[$i]['booking_activity_id'];
?>
&child_action=edit-activity";
});
$('#frm_activity_delete_<?php
echo $arrBookingActivityData[$i]['booking_activity_id'];
?>
').click(function() {
if (confirmDeleteBookingActivity())
{
$(this).closest('tr').remove();
var dataString = 'action=delete&booking_id=<?php
echo $row['booking_id'];
?>
&booking_activity_id=<?php
echo $arrBookingActivityData[$i]['booking_activity_id'];
?>
';
var request = $.ajax({
url: 'ajax/booking_proc.php',
type: 'post',
data: dataString,
success: function(msg) {
$.gritter.add({
title: 'Info',
text: '<p>' + msg + '</p>',
image: '<?php
echo $STR_URL;
?>
img/accepted.png',
sticky: false,
time: '3000'
});
$('#frm_preview').load('ajax/booking_activity_preview.php?booking_id=<?php
echo $row['booking_id'];
?>
');
}
});
}
return false;
});
<?php
}
?>
});
</script>
<script>
$(function () {
$('.btn-popover').popover({
trigger: 'hover',
placement: 'top'
});
});
</script>
<?php
}
?>
<div id="frm_preview">
<table class="table table-bordered table-hover">
<thead class="well">
<tr>
<th style="text-align:center;"><strong>Month/Year</strong></th>
<th style="text-align:center;"><strong>Promotional Agreement</strong></th>
<th style="text-align:center;"><strong>Price</strong></th>
<th style="text-align:center;"><strong>Action</strong></th>
</tr>
</thead>
<tbody>
<?php
if ($intBookingActivityAmount > 0) {
?>
<?php
for ($i = 0; $i < count($arrBookingActivityData); $i++) {
?>
<?php
if ($arrBookingActivityData[$i]['store_id']) {
$arrStoreID = explode(',', $arrBookingActivityData[$i]['store_id']);
$intStoreCount = count($arrStoreID);
}
?>
<?php
if ($arrBookingActivityData[$i]['store_id']) {
$strPrice = $arrBookingActivityData[$i]['booking_activity_price'] * $intStoreCount;
} else {
$strPrice = $arrBookingActivityData[$i]['booking_activity_price'];
}
?>
<tr id="id<?php
echo $arrBookingActivityData[$i]['booking_activity_id'];
?>
">
<td><?php
echo HTML::getMonthName($arrBookingActivityData[$i]['booking_activity_month']);
?>
<?php
echo stripslashes($arrBookingActivityData[$i]['booking_activity_year']);
?>
</td>
<td><?php
echo stripslashes($arrBookingActivityData[$i]['booking_activity_description']);
?>
</td>
<td style="width:10%;"><div style="text-align:right;">$<?php
echo number_format($strPrice, 2);
?>
</div></td>
<?php
if ($_SESSION['user']['type'] == 'admin') {
?>
<td style="width:20%;"><div align="center">
<?php
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user') {
?>
<!--<button class="btn" type="button" id="frm_activity_edit_<?php
echo $arrBookingActivityData[$i]['booking_activity_id'];
?>
"><img src="<?php
echo $STR_URL;
?>
img/edit_icon.png" /> Edit</button>-->
<?php
}
?>
<?php
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') {
?>
<button class="btn" type="button" id="frm_activity_delete_<?php
echo $arrBookingActivityData[$i]['booking_activity_id'];
?>
"><img src="<?php
echo $STR_URL;
?>
img/delete_icon.png" /> Remove</button>
<?php
}
?>
</div></td>
<?php
}
?>
</tr>
<?php
$intTotalAmount += $strPrice;
?>
<?php
}
?>
<?php
} else {
?>
<tr>
<td colspan="4"><div align="center">No Promo Activity yet. Please <a class="btn" href="booking.php?booking_id=<?php
echo $row['booking_id'];
?>
&action=edit">add</a></div></td>
</tr>
<?php
}
?>
<tr>
<td colspan="2"><div style="text-align:right;"><strong>Total</strong></div></td>
<td><div style="text-align:right;"><strong>$<?php
echo number_format($intTotalAmount, 2);
?>
</strong></div></td>
<td></td>
</tr>
</tbody>
</table>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="row-fluid">
<div class="span2 offset6">
<p style="text-align:right;">Purchases in <?php
echo intval($intBookingYear) - 1;
?>
:</p>
</div>
<div class="span4" style="border-bottom:1px solid #ddd;">
<p><?php
echo $rowSupplier['supplier_last_year_purchase'];
?>
</p>
</div>
</div>
<div class="row-fluid">
<div class="span2 offset6">
<p style="text-align:right;"><?php
echo intval($intBookingYear);
?>
Target:</p>
</div>
<div class="span4" style="border-bottom:1px solid #ddd;">
<p><?php
echo stripslashes(htmlspecialchars($rowSupplier['supplier_target']));
?>
</p>
</div>
</div>
<div class="row-fluid">
<div class="span2 offset6">
<p style="text-align:right;">Growth Incentives:</p>
</div>
<div class="span4" style="border-bottom:1px solid #ddd;">
<p><?php
echo stripslashes(htmlspecialchars($rowSupplier['supplier_growth_incentives']));
?>
</p>
</div>
</div>
<div class="row-fluid">
<div class="span2 offset6">
<p style="text-align:right;">Co-op Budget:</p>
</div>
<div class="span4" style="border-bottom:1px solid #ddd;">
<p><?php
echo stripslashes(htmlspecialchars($rowSupplier['supplier_budget']));
?>
</p>
</div>
</div>
</div>
</div>
<div class="container-fluid" style="margin-top:80px;">
<div class="row-fluid">
<div class="span2"><p>Signed:</p></div>
<div class="span4" style="border-bottom:1px solid #ddd;"></div>
<div class="span2"></div>
<div class="span4" style="border-bottom:1px solid #ddd;"></div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2"></div>
<div class="span4" style="text-align:center;"><p style="color:#999;">For & on behalf of supplier</p></div>
<div class="span2"></div>
<div class="span4" style="text-align:center;"><p style="color:#999;">For & on behalf of Pharmacy 4 Less</p></div>
</div>
</div>
<div class="container-fluid" style="margin-top:40px;">
<div class="row-fluid">
<div class="span2" style="text-align:right;"><p>Name :</p></div>
<div class="span2" style="border-bottom:1px solid #ddd;"><p><?php
echo htmlspecialchars($rowContact['supplier_contact_name']);
?>
</p></div>
<div class="span2"></div>
<div class="span2" style="text-align:right;"><p>Name :</p></div>
<div class="span4" style="border-bottom:1px solid #ddd;"><p><?php
echo stripslashes(htmlspecialchars($arrSiteConfig['mbs_p4l_on_behalf_name']));
?>
</p></div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2" style="text-align:right;"><p>Title :</p></div>
<div class="span2" style="border-bottom:1px solid #ddd;"><p><?php
echo htmlspecialchars($rowContact['supplier_contact_position']);
?>
</p></div>
<div class="span2"></div>
<div class="span2" style="text-align:right;"><p>Title :</p></div>
<div class="span4" style="border-bottom:1px solid #ddd;"><p><?php
echo stripslashes(htmlspecialchars($arrSiteConfig['mbs_p4l_on_behalf_position']));
?>
</p></div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2" style="text-align:right;"><p>Date :</p></div>
<div class="span2" style="border-bottom:1px solid #ddd;"><p><?php
echo HTML::convertDateTime($row['booking_date']);
?>
</p></div>
<div class="span2"></div>
<div class="span2" style="text-align:right;"><p>Date :</p></div>
<div class="span4" style="border-bottom:1px solid #ddd;"><p><?php
echo HTML::convertDateTime($row['booking_date']);
?>
</p></div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2" style="text-align:right;"><p>Phone :</p></div>
<div class="span2" style="border-bottom:1px solid #ddd;"><p><?php
echo htmlspecialchars($rowContact['supplier_contact_phone_number']);
?>
</p></div>
<div class="span2"></div>
<div class="span2" style="text-align:right;"></div>
<div class="span4"></div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2" style="text-align:right;"><p>Mobile :</p></div>
<div class="span2" style="border-bottom:1px solid #ddd;"><p><?php
echo htmlspecialchars($rowContact['supplier_contact_mobile_number']);
?>
</p></div>
<div class="span2"></div>
<div class="span2" style="text-align:right;"></div>
<div class="span4"></div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2" style="text-align:right;"><p>Billing Address :</p></div>
<div class="span2" style="border-bottom:1px solid #ddd;"><p><?php
echo htmlspecialchars($rowContact['supplier_contact_postal_address']);
?>
</p></div>
<div class="span2"></div>
<div class="span2" style="text-align:right;"></div>
<div class="span4"><?php
if ($row['booking_file_name'] && file_exists($strFilePath)) {
?>
<strong>Attachment</strong> <img src="<?php
echo $STR_URL;
?>
img/attachment_icon.png" title="Attachment" /><p><?php
echo $row['booking_file_name'];
?>
<em>(<?php
echo HTML::getFileSize($strFilePath);
?>
)</em></p><?php
}
?>
</div>
</div>
</div>
</fieldset>
<ul style="margin-top:40px;">
<li><strong>Created on:</strong> <?php
echo HTML::convertDateTime($row['booking_created_date']);
?>
by <strong><?php
echo stripslashes($row['booking_created_by']);
?>
</strong></li>
<li><strong>Last modified on:</strong> <?php
echo HTML::convertDateTime($row['booking_modified_date']);
?>
by <strong><?php
echo stripslashes($row['booking_modified_by']);
?>
</strong></li>
</ul>
<?php
if ($_REQUEST['pop'] == "yes") {
?>
<div align="center" style="margin-top:20px;">
<form name="myformBottom" action="<?php
if (preg_match("/_exec/", $_SERVER['HTTP_REFERER'])) {
if ($_SESSION['user']['type'] == 'admin') {
echo "booking_list.php";
} else {
echo "booking_search.php";
}
} else {
echo $_SERVER['HTTP_REFERER'];
}
?>
">
<input type="hidden" name="booking_id" value="<?php
echo $_REQUEST['booking_id'];
?>
">
<input type="hidden" name="page_num" value="<?php
echo $_REQUEST['page_num'];
?>
">
<input type="hidden" name="frm_search_text" value="<?php
echo $_REQUEST['frm_search_text'];
?>
">
<input class="btn" type="submit" value="Close" onclick="this.value='Loading...'">
</form>
</div>
<?php
}
?>
<?php
// The Log
$strLog = "View Booking named \"" . $row['booking_name'] . "\"";
$queryLog = "INSERT INTO `logs` (`log_id`, \n\t\t\t\t\t\t\t\t\t\t `log_user`, \n\t\t\t\t\t\t\t\t\t\t `log_action`, \n\t\t\t\t\t\t\t\t\t\t `log_time`, \n\t\t\t\t\t\t\t\t\t\t `log_from`, \n\t\t\t\t\t\t\t\t\t\t `log_logout`)\n\n\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t'" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "',\n\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "', \n\t\t\t\t\t\t\tNULL)";
$resultLog = mysql_query($queryLog);
}
}
<?php
/**************************************************************************************************
* EW Web Apps Process File
* @Author : Erick Wellem (me@erickwellem.com)
* October 2009
* This version: February 2013
*
* @Desc: Process file using Ajax
**************************************************************************************************/
include '../config.php';
require_once '../lib/db.php';
require_once '../lib/admin.php';
require_once '../lib/html.php';
$db = new DB();
$admin = new ADMIN();
$html = new HTML();
$strCode = htmlentities($_REQUEST['frm_user_password_reset_code']);
$strPassword = htmlentities($_REQUEST['frm_user_password']);
$strPasswordConfirm = htmlentities($_REQUEST['frm_user_password_confirm']);
if ($strCode && $strPassword && $strPasswordConfirm && !$_SERVER['QUERY_STRING']) {
$intUserID = $admin->getUserIDByPasswordResetCode($strCode);
if ($intUserID) {
if ($admin->resetUserPasswordByCode($intUserID, $strPassword) > 0) {
sendEmailPasswordResetSuccess($intUserID);
} else {
echo "Failed to reset the password. There might be a database problem!";
}
} else {
echo "Failed to reset the password. The password reset code is invalid or has been expired.";
}
array_push($aFound, $fileDesc);
}
}
if (@is_writable('../config.php')) {
array_push($aFound, _ERRORS_CONFIGPHP);
}
if (sizeof($aFound) > 0) {
startUpError(_ERRORS_STARTUPERROR1 . implode($aFound, '</li><li>') . _ERRORS_STARTUPERROR2, _ERRORS_STARTUPERROR3);
}
}
$bNeedsLogin = false;
$bIsActivation = in_array($action, array('activate', 'activatesetpwd'));
if ($action == 'logout') {
$bNeedsLogin = true;
}
if (!$member->isLoggedIn() && !$bIsActivation) {
$bNeedsLogin = true;
}
// show error if member cannot login to admin
if ($member->isLoggedIn() && !$member->canLogin() && !$bIsActivation) {
$error = _ERROR_LOGINDISALLOWED;
$bNeedsLogin = true;
}
if ($bNeedsLogin) {
setOldAction($action);
// see ADMIN::login() (sets old action in POST vars)
$action = 'showlogin';
}
sendContentType('text/html', 'admin-' . $action);
$admin = new ADMIN();
$admin->action($action);
<?php
/**************************************************************************************************
* EW Web Apps Process File
* @Author : Erick Wellem (me@erickwellem.com)
* October 2009
* This version: February 2013
*
* @Desc: Process file using Ajax
**************************************************************************************************/
include '../config.php';
require_once '../lib/db.php';
require_once '../lib/admin.php';
session_start();
$db = new DB();
$admin = new ADMIN();
//print_r($_REQUEST);
//--> Add
if ($_REQUEST['action'] == "add" && $_REQUEST['frm_product_name']) {
// filter input
if (!$_REQUEST['frm_product_active']) {
$_REQUEST['frm_product_active'] = "no";
}
// the query
$db->dbConnect();
$query = "INSERT INTO `mbs_products` (`product_id`, \n\t\t\t\t\t\t\t\t\t\t `product_code`, \n\t\t\t\t\t\t\t\t\t\t `product_name`, \n\t\t\t\t\t\t\t\t\t\t `product_size`, \n\t\t\t\t\t\t\t\t\t\t `product_normal_retail_price`, \n\t\t\t\t\t\t\t\t\t\t `product_promo_price`, \n\t\t\t\t\t\t\t\t\t\t `product_special_offer_details`, \n\t\t\t\t\t\t\t\t\t\t `product_description`, \n\t\t\t\t\t\t\t\t\t\t `product_active`, \n\t\t\t\t\t\t\t\t\t\t `product_created_date`, \n\t\t\t\t\t\t\t\t\t\t `product_created_by`, \n\t\t\t\t\t\t\t\t\t\t `product_modified_date`, \n\t\t\t\t\t\t\t\t\t\t `product_modified_by`) \n\n\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_code']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_name']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_size_id']) . "', \n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_normal_retail_price']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_promo_price']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_special_offer_details']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_name']) . "', \t\n\t\t\t\t\t\t'" . mysql_real_escape_string($_REQUEST['frm_product_active']) . "', \t\t\t\t\t\t\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "', \n\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "')";
$result = mysql_query($query);
$intID = mysql_insert_id();
if ($result) {
$strAlert = '<p>Product named "' . stripslashes($_REQUEST['frm_product_name']);
if ($_REQUEST['frm_product_code']) {
function listplug_plugOptionRow($current)
{
$varname = 'plugoption[' . $current['oid'] . '][' . $current['contextid'] . ']';
// retreive the optionmeta
$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
// only if it is not a hidden option write the controls to the page
if ($meta['access'] != 'hidden') {
echo '<td>', htmlspecialchars($current['description'] ? $current['description'] : $current['name']), '</td>';
echo '<td>';
switch ($current['type']) {
case 'yesno':
ADMIN::input_yesno($varname, $current['value'], 0, 'yes', 'no');
break;
case 'password':
echo '<input type="password" size="40" maxlength="128" name="', htmlspecialchars($varname), '" value="', htmlspecialchars($current['value']), '" />';
break;
case 'select':
echo '<select name="' . htmlspecialchars($varname) . '">';
$aOptions = NucleusPlugin::getOptionSelectValues($current['typeinfo']);
$aOptions = explode('|', $aOptions);
for ($i = 0; $i < count($aOptions) - 1; $i += 2) {
echo '<option value="' . htmlspecialchars($aOptions[$i + 1]) . '"';
if ($aOptions[$i + 1] == $current['value']) {
echo ' selected="selected"';
}
echo '>' . htmlspecialchars($aOptions[$i]) . '</option>';
}
echo '</select>';
break;
case 'textarea':
//$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
echo '<textarea class="pluginoption" cols="30" rows="5" name="', htmlspecialchars($varname), '"';
if ($meta['access'] == 'readonly') {
echo ' readonly="readonly"';
}
echo '>', htmlspecialchars($current['value']), '</textarea>';
break;
case 'text':
default:
//$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
echo '<input type="text" size="40" maxlength="128" name="', htmlspecialchars($varname), '" value="', htmlspecialchars($current['value']), '"';
if ($meta['datatype'] == 'numerical') {
echo ' onkeyup="checkNumeric(this)" onblur="checkNumeric(this)"';
}
if ($meta['access'] == 'readonly') {
echo ' readonly="readonly"';
}
echo ' />';
}
echo $current['extra'];
echo '</td>';
}
}
function listBooking()
{
global $arrSiteConfig;
global $STR_URL;
global $TABLE_MAX_ROW_PER_PAGE;
DB::dbConnect();
// If page number not set, set it to 1
if (!$_REQUEST['page_num']) {
$_REQUEST['page_num'] = 1;
}
// Setting queries and pages
$offset = ($_REQUEST['page_num'] - 1) * $TABLE_MAX_ROW_PER_PAGE;
$this->conn = DB::dbConnect();
$strSearchText = stripslashes($_REQUEST['frm_search_text']);
// sort variables
if (!$_REQUEST['sortmode']) {
$_REQUEST['sortmode'] = "asc";
}
$strSortMode = $_REQUEST['sortmode'];
if ($_REQUEST['frm_search_text']) {
// search query *********************************************************************************
$query = "SELECT * FROM `mbs_bookings` \n\t\t\t\t\t \t\t WHERE (`booking_name` LIKE '%" . mysql_real_escape_string($strSearchText) . "%'\n\t\t\t\t\t \t\t \t\t OR `booking_code` LIKE '%" . mysql_real_escape_string($strSearchText) . "%' \n\t\t\t\t\t \t\t\t OR `booking_description` LIKE '%" . mysql_real_escape_string($strSearchText) . "%')\n\t\t\t\t\t \t\t\t ORDER BY ";
if ($_REQUEST['sortby']) {
$query .= "`" . mysql_real_escape_string($_REQUEST['sortby']) . "` " . $strSortMode . ", `booking_id`";
} else {
$query .= "`booking_code` ASC, `booking_name` ASC, `booking_created_date` DESC";
}
$query .= " LIMIT " . $offset . "," . $TABLE_MAX_ROW_PER_PAGE;
// search query total ***************************************************************************
$queryTotal = "SELECT COUNT(*) FROM `mbs_bookings` \n\t\t\t\t\t \t\t\t WHERE (`booking_name` LIKE '%" . mysql_real_escape_string($strSearchText) . "%' \n\t\t\t\t\t \t\t\t \t OR `booking_code` LIKE '%" . mysql_real_escape_string($strSearchText) . "%'\n\t\t\t\t\t \t\t\t OR `booking_description` LIKE '%" . mysql_real_escape_string($strSearchText) . "%')";
} else {
// the query ************************************************************************************
$query = "SELECT * FROM `mbs_bookings` ORDER BY ";
if ($_REQUEST['sortby']) {
$query .= " `" . mysql_real_escape_string($_REQUEST['sortby']) . "` " . $strSortMode . ", `booking_id`";
} else {
$query .= " `booking_code`, `booking_name`";
}
$query .= " LIMIT " . $offset . "," . $TABLE_MAX_ROW_PER_PAGE;
// the query total ******************************************************************************
$queryTotal = "SELECT COUNT(*) FROM `mbs_bookings`";
}
$result = mysql_query($query, $this->conn);
$resultTotal = mysql_query($queryTotal, $this->conn);
$rowTotal = mysql_fetch_row($resultTotal);
$totalPage = ceil($rowTotal[0] / $TABLE_MAX_ROW_PER_PAGE);
$strResult = "";
#echo "<div style=\"padding:15px; background-color:#eee;\">";
#echo "<strong>Query:</strong> " . $query . "<br /><br />";
#echo "<strong>Query Total:</strong> " . $queryTotal . "<br /><br />";
#echo "</div>";
// javascript to pop up message
$strResult .= "\n\t\t\n\t\t\t\t\t";
// search form
$strResult .= "\n\t\t\t<form name=\"search_booking_data\" method=\"post\" action=\"" . $STR_URL . "booking_list.php\">\n\t\t\t\t<input type=\"hidden\" name=\"frm_search_referer\" value=\"" . $_SERVER['PHP_SELF'] . "\" />\n\t\t\t\t<input type=\"text\" name=\"frm_search_text\" size=\"40\" maxlength=\"128\" value=\"";
if ($_REQUEST['frm_search_text']) {
$strResult .= stripslashes($_REQUEST['frm_search_text']);
}
$strResult .= "\" />\t\t\t\t\n\t\t\t\t<input class=\"btn\" type=\"submit\" name=\"frm_search_submit\" value=\"Search Bookings\" onclick=\"return validateSearch(this.form)\" /><br />\n\t\t\t</form>\n\t\t\t";
// the form
$strResult .= "\n\t\t\t<form id=\"frm_booking\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\" />\n\t\t\t";
$strResult .= "<div align=\"right\">";
// the refresh link
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'list') !== 0) {
$strResult .= "<a class=\"btn\" href=\"" . $STR_URL . ADMIN::getModuleFile('bookings', 'list') . "\" title=\"Booking List\"><img src=\"" . $STR_URL . "img/refresh_icon.png\" /> Refresh</a>";
}
$strResult .= " ";
// the add link
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'add') !== 0) {
$strResult .= "<a class=\"btn ajax callbacks cboxElement\" href=\"" . $STR_URL . ADMIN::getModuleFile('bookings', 'add') . "?pop=yes\" title=\"New Booking\"><img src=\"" . $STR_URL . "img/add_icon.png\" /> New Booking</a>";
}
$strResult .= "\t</div>";
if ($strSortMode == "asc") {
$strSortMode = "desc";
} elseif ($strSortMode == "desc") {
$strSortMode = "asc";
}
// the table
$strResult .= "\t\t\t\n\t\t\t<div align=\"center\"><h2>Booking List</h2></div>\n\t\t\t<div align=\"right\">" . HTML::showPaging($rowTotal[0], $totalPage, 4, array(array('frm_search_text', urlencode($_REQUEST['frm_search_text'])), array('pop', urlencode('yes')), array('sortby', urlencode($_REQUEST['sortby'])), array('sortmode', urlencode($_REQUEST['sortmode'])))) . "</div>\n\n\t\t\t<section id=\"table_booking_list\">\n\t\t\t<table class=\"table table-bordered table-hover\" summary=\"Booking List\">\n\t\t\t<caption>Booking List</caption>\n\t\t\t<thead>\n\t\t\t\t<tr>\t\t\t\t\t\n\t\t\t\t\t<th scope=\"col\" width=\"5%\"><div align=\"center\">No</div></th>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\"><a href=\"" . $_SERVER['PHP_SELF'] . "?page_num=" . intval($_REQUEST['page_num']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&sortby=booking_name&sortmode=" . $strSortMode . "\">Code/Name</a></div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\"><a href=\"" . $_SERVER['PHP_SELF'] . "?page_num=" . intval($_REQUEST['page_num']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&sortby=booking_normal_retail_price&sortmode=" . $strSortMode . "\">Normal Retail Price</a></div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\"><a href=\"" . $_SERVER['PHP_SELF'] . "?page_num=" . intval($_REQUEST['page_num']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&sortby=booking_promo_price&sortmode=" . $strSortMode . "\">Promo Price</a></div></th>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t";
// edit / delete column
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') {
$strResult .= "\t\n\t\t\t\t\t<th scope=\"col\" width=\"20%\"><div align=\"center\">Edit/Delete</div></th>\n\t\t\t\t\t";
}
$strResult .= "\n\t\t\t\t</tr>\n\t\t\t</thead>\t\n\t\t\t\n\t\t\t<tbody>\n\t\t\t";
if ($rowTotal[0] > 0) {
$no = $offset;
while ($row = mysql_fetch_assoc($result)) {
$no++;
// link
$strLink = ADMIN::getModuleFile('bookings', 'view') . "?booking_id=" . urlencode($row['booking_id']) . "&frm_search_text=" . urlencode($_REQUEST['frm_search_text']) . "&page_num=" . $_REQUEST['page_num'] . "&pop=yes";
$strResult .= "\n\t\t\t\t\t\t<tr ";
if ($no % 2 == 0) {
$strResult .= "class=\"odd\"";
}
$strResult .= ">\n\t\t\t\t\t\t\t<td id=\"r" . $row['booking_id'] . "\"><div align=\"right\">" . $no . ".</div></td>\t\t\t\t\t\t\n\t\t\t\t\t\t\t<td><div align=\"left\">";
if ($_SESSION['user']['type'] == 'admin' || $strPrivView == "yes") {
$strResult .= "<a class=\"ajax callbacks cboxElement\" href=\"" . $STR_URL . $strLink . "\" title=\"" . html_entity_decode(strtoupper($row['booking_name'])) . "\">";
}
$strResult .= "<strong>" . html_entity_decode(stripslashes($row['booking_code'])) . " / " . html_entity_decode(stripslashes($row['booking_name'])) . "</strong>";
if ($_SESSION['user']['type'] == 'admin' || $strPrivView == "yes") {
"</a>";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"right\"><strong>\$" . html_entity_decode(stripslashes($row['booking_normal_retail_price'])) . "</strong></div></td>\n\t\t\t\t\t\t\t<td><div align=\"right\"><strong>\$" . html_entity_decode(stripslashes($row['booking_promo_price'])) . "</strong></div></td>\t\t\t\t\t\t\t\n\t\t\t\t\t\t";
// action column
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') {
$strResult .= "<td><div align=\"center\">";
// edit
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'edit') !== 0 && $_SESSION['user']['type'] == 'user') {
$strResult .= "<a class=\"btn ajax callbacks cboxElement\" href=\"" . $STR_URL . "booking.php?booking_id=" . html_entity_decode($row['booking_id']) . "&action=edit&pop=yes\" title=\"Edit Booking\"><img src=\"" . $STR_URL . "img/edit_icon.png\" /> Edit</a>";
}
$strResult .= " ";
// delete
if ($_SESSION['user']['type'] == 'admin' || ADMIN::getModulePrivilege('bookings', 'delete') !== 0 && $_SESSION['user']['type'] == 'user') {
$strResult .= "<a id=\"frm_delete_button_" . $row['booking_id'] . "\" class=\"btn\" href=\"" . $STR_URL . "booking_list.php?booking_id=" . $row['booking_id'] . "&action=delete\" title=\"Delete Booking\"><img src=\"" . $STR_URL . "img/delete_icon.png\" /> Delete</a> ";
}
$strResult .= "</div></td>";
}
$strResult .= "\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t";
}
// end while($row = )
} else {
$strResult .= "<tr><td colspan=\"5\"><div align=\"center\">Found no data</div></td></tr>";
}
$strResult .= "\n\t\t\t</tbody>\n\t\t\t<tfoot>\n\t\t\t\t<tr>\n\t\t\t\t\t<th scope=\"row\" colspan=\"2\">Total: " . $rowTotal[0] . "</th>\t\t\t\t\t\n\t\t\t\t\t<td colspan=\"3\">" . HTML::showPaging($rowTotal[0], $totalPage, 4, array(array('frm_search_text', urlencode($_REQUEST['frm_search_text'])), array('pop', urlencode('yes')), array('sortby', urlencode($_REQUEST['sortby'])), array('sortmode', urlencode($_REQUEST['sortmode'])))) . "</td>\n\t\t\t\t</tr>\n\t\t\t</tfoot>\n\t\t\t</table>\n\t\t\t</section>\n\t\t\t</form>\n\t\t\t<a class=\"btn\" href=\"#content\"><i class=\"icon-arrow-up\"></i> Back to top</a>\n\n\n\t\t\t<script>\n\t\t\t\t\$(document).ready(function () {\n\t\t\t\t\tvar strID;\n\t\t\t\t\tvar intID;\n\t\t\t\t\tvar deleteConf;\t\n\t\t\t\n\t\t\t\t\t\$('a').click(function(event) {\n \t\t\t\tstrID = event.target.id; \t\t\t\t \t\t\t\t\n\t\t\t\t\t\tintID = strID.replace('frm_delete_button_', '');\t\t\t\t\t\t\n\n\t\t\t\t\t\tif (intID && intID !== '')\n\t\t\t\t\t\t{\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tif (confirmDeleteBooking())\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\$(this).closest('tr').remove();\t\n\n\t\t\t\t\t\t\t\tvar dataString = 'action=delete&booking_id=' + intID;\t\t\t\t\t\t\t\n\t\t \t\t\t\t \n\t\t\t\t\t\t\t\tvar request = \$.ajax({\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\turl: 'ajax/booking_proc.php',\n\t\t\t\t\t\t\t\t\ttype: 'post', \n\t\t\t\t\t\t\t\t\tdata: dataString,\n\t\t\t\t\t\t\t\t\tsuccess: function(msg) {\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\$.gritter.add({\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\ttitle: 'Info',\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\ttext: '<p>' + msg + '</p>',\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\timage: '" . $STR_URL . "img/accepted.png',\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\tsticky: false,\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\ttime: '3000'\n\t\t\t\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t});\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\treturn false;\t\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t}\t\t\t\n\t\t\t\t\t\t\n \t\t\t\t});\n \n\t\t\t\t});\n\t\t\t</script>\n\t\t\t";
// The Log
$strLog = "View the Booking List";
$queryLog = "INSERT INTO `logs` (`log_id`, \n\t\t\t\t\t\t\t\t\t\t `log_user`, \n\t\t\t\t\t\t\t\t\t\t `log_action`, \n\t\t\t\t\t\t\t\t\t\t `log_time`, \n\t\t\t\t\t\t\t\t\t\t `log_from`, \n\t\t\t\t\t\t\t\t\t\t `log_logout`)\n\n\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t'" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "',\n\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "', \n\t\t\t\t\t\t\tNULL)";
$resultLog = mysql_query($queryLog);
echo $strResult;
}
<?php
/* @Author: Erick Wellem - me @ erickwellem.com - October 2009 */
// include file - no need to change anything here - EW
$dirPos = './';
include $dirPos . 'config.php';
// Class Library -- NO NEED TO CHANGE unless you know what to do
require_once 'lib/admin.php';
require_once 'lib/db.php';
require_once 'lib/html.php';
// Includes
$HEADER_INCLUDE = 'inc/header-default.php';
$FOOTER_INCLUDE = 'inc/footer-default.php';
// start the session
session_start();
$db = new DB();
$admin = new ADMIN();
$html = new HTML();
// get the configuration
$arrSiteConfig = $db->getSiteConfig();
// get the privileges and modules
$arrPrivileges = $admin->getPrivileges();
// get site language
if ($arrSiteConfig['site_language'] == 'id') {
require_once 'lang/id/id.php';
} else {
require_once 'lang/en/en.php';
}
