public static function get_files($search = false, $skip_permissions = false)
{
// build up a custom search sql query based on the provided search fields
$sql = "SELECT f.* ";
$from = " FROM `" . _DB_PREFIX . "file` f ";
if (class_exists('module_customer', false)) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)";
}
$where = " WHERE 1 ";
if (isset($search['generic']) && $search['generic']) {
$str = mysql_real_escape_string($search['generic']);
$where .= " AND ( ";
$where .= " f.file_name LIKE '%{$str}%' ";
//$where .= "OR u.url LIKE '%$str%' ";
$where .= ' ) ';
}
/*if(isset($search['job']) && $search['job']){
$str = mysql_real_escape_string($search['job']);
$from .= " LEFT JOIN `"._DB_PREFIX."job` j USING (job_id)";
$where .= " AND ( ";
$where .= " j.name LIKE '%$str%' ";
$where .= ' ) ';
}*/
// tricky job searching, by name or by job id.
// but we don't want to restrict it to customer if they are searching for a job.
/*
* this is the logic we have to follow:
*
$customer_access = module_customer::get_customer($file['customer_id']);
$job_access = module_job::get_job($file['job_id']);
if(
($customer_access && $customer_access['customer_id'] == $file['customer_id']) ||
($job_access && $job_access['job_id'] == $file['job_id'])
){
*/
foreach (array('file_id', 'owner_id', 'owner_table', 'status', 'bucket_parent_file_id') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
$where .= " AND f.`{$key}` = '{$str}'";
}
}
// permissions from customer module.
// tie in with customer permissions to only get jobs from customers we can access.
if (!$skip_permissions) {
switch (self::get_file_data_access()) {
case _FILE_ACCESS_ALL:
// all files, no limits on SQL here
break;
case _FILE_ACCESS_JOBS:
$jobs = module_job::get_jobs(array(), array('columns' => 'u.job_id AS job_id'));
$where .= " AND f.job_id IN ( ";
if (count($jobs)) {
foreach ($jobs as $valid_job_id) {
$where .= (int) $valid_job_id['job_id'] . ',';
}
$where = rtrim($where, ',');
} else {
$where .= ' -1 ';
}
$where .= ' ) ';
break;
case _FILE_ACCESS_ME:
$where .= " AND f.create_user_id = " . (int) module_security::get_loggedin_id();
break;
case _FILE_ACCESS_ASSIGNED:
$from .= " LEFT JOIN `" . _DB_PREFIX . "file_user_rel` cur ON f.file_id = cur.file_id";
$where .= " AND (cur.user_id = " . (int) module_security::get_loggedin_id() . ")";
break;
case _FILE_ACCESS_CUSTOMERS:
default:
if (class_exists('module_customer', false)) {
//added for compat in newsletter system that doesn't have customer module
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all files!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
if (isset($search['owner_table'])) {
$where .= " (f.owner_table = 'customer' AND f.owner_id = '" . (int) $valid_customer_id . "') OR ";
} else {
$where .= " (f.customer_id = '" . (int) $valid_customer_id . "') OR ";
if (isset($search['customer_id']) && $search['customer_id'] && $search['customer_id'] == $valid_customer_id) {
unset($search['customer_id']);
}
}
}
$where = rtrim($where, 'OR ');
$where .= ' ) ';
}
break;
}
}
}
// file data access switch
}
if (class_exists('module_job', false)) {
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
// check if we have permissions to view this job.
$job = module_job::get_job($search['job_id']);
if (!$job || $job['job_id'] != $search['job_id']) {
$search['job_id'] = false;
}
}
}
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
$where .= " AND f.job_id = " . (int) $search['job_id'];
} else {
if (isset($search['quote_id']) && (int) $search['quote_id'] > 0) {
$where .= " AND f.quote_id = " . (int) $search['quote_id'];
} else {
if (isset($search['customer_id']) && (int) $search['customer_id']) {
$where .= " AND f.customer_id = " . (int) $search['customer_id'];
}
}
}
$group_order = ' GROUP BY f.file_id ORDER BY f.file_name';
// stop when multiple company sites have same region
$sql = $sql . $from . $where . $group_order;
//echo $sql;
$result = qa($sql);
//module_security::filter_data_set("invoice",$result);
return $result;
//return get_multiple("file",$search,"file_id","exact","file_id");
}
public static function get_finances($search = array())
{
// we have to search for recent transactions. this involves combining the "finance" table with the "invoice_payment" table
// then sort the results by date
$hide_invoice_payments = false;
$sql = "SELECT f.* ";
$sql .= " , fa.name AS account_name ";
$sql .= " , GROUP_CONCAT(fc.`name` ORDER BY fc.`name` ASC SEPARATOR ', ') AS categories ";
$sql .= " FROM `" . _DB_PREFIX . "finance` f ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_account` fa USING (finance_account_id) ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category_rel` fcr ON f.finance_id = fcr.finance_id ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance_category` fc ON fcr.finance_category_id = fc.finance_category_id ";
$where = " WHERE 1 ";
if (isset($search['finance_account_id']) && is_array($search['finance_account_id'])) {
$fo = array();
foreach ($search['finance_account_id'] as $val) {
if ((int) $val > 0) {
$fo[(int) $val] = true;
}
}
if (count($fo) > 0) {
$where .= " AND ( ";
foreach ($fo as $f => $ff) {
$where .= " f.finance_account_id = " . $f . ' OR';
}
$where = rtrim($where, 'OR');
$where .= ' )';
$hide_invoice_payments = true;
}
}
if (isset($search['finance_recurring_id']) && $search['finance_recurring_id']) {
$where .= " AND f.finance_recurring_id = '" . (int) $search['finance_recurring_id'] . "'";
$hide_invoice_payments = true;
}
if (isset($search['finance_category_id']) && is_array($search['finance_category_id'])) {
$fo = array();
foreach ($search['finance_category_id'] as $val) {
if ((int) $val > 0) {
$fo[(int) $val] = true;
}
}
if (count($fo) > 0) {
$where .= " AND EXISTS ( SELECT * FROM `" . _DB_PREFIX . "finance_category_rel` fcr2 WHERE fcr2.finance_id = f.finance_id AND ( ";
foreach ($fo as $f => $ff) {
$where .= " fcr2.finance_category_id = " . $f . ' OR';
}
$where = rtrim($where, 'OR');
$where .= ' )';
$where .= ' )';
$hide_invoice_payments = true;
}
}
if (isset($search['invoice_payment_id']) && $search['invoice_payment_id']) {
$where .= " AND f.invoice_payment_id = '" . (int) $search['invoice_payment_id'] . "'";
$hide_invoice_payments = true;
}
// below 6 searches are repeated again below in invoice payments
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
$where .= " AND f.`job_id` = " . (int) $search['job_id'];
}
if (isset($search['invoice_id']) && (int) $search['invoice_id'] > 0) {
$where .= " AND f.`invoice_id` = " . (int) $search['invoice_id'];
}
if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) {
$where .= " AND f.`customer_id` = " . (int) $search['customer_id'];
}
if (isset($search['company_id']) && (int) $search['company_id'] > 0) {
// check this user can view this company id or not
if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) {
$companys = module_company::get_companys();
if (isset($companys[$search['company_id']])) {
$sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON f.customer_id = cc.customer_id ";
$where .= " AND ( cc.`company_id` = " . (int) $search['company_id'] . " OR f.`company_id` = " . (int) $search['company_id'] . " )";
}
}
}
if (isset($search['generic']) && strlen(trim($search['generic']))) {
$name = mysql_real_escape_string(trim($search['generic']));
$where .= " AND (f.`name` LIKE '%{$name}%' OR f.description LIKE '%{$name}%' )";
}
if (isset($search['date_from']) && $search['date_from'] != '') {
$where .= " AND f.transaction_date >= '" . input_date($search['date_from']) . "'";
}
if (isset($search['date_to']) && $search['date_to'] != '') {
$where .= " AND f.transaction_date <= '" . input_date($search['date_to']) . "'";
}
if (isset($search['amount_from']) && $search['amount_from'] != '') {
$where .= " AND f.amount >= '" . mysql_real_escape_string($search['amount_from']) . "'";
}
if (isset($search['amount_to']) && $search['amount_to'] != '') {
$where .= " AND f.amount <= '" . mysql_real_escape_string($search['amount_to']) . "'";
}
if (isset($search['type']) && $search['type'] != '' && $search['type'] != 'ie') {
$where .= " AND f.type = '" . mysql_real_escape_string($search['type']) . "'";
}
// permissions from job module.
/*switch(module_job::get_job_access_permissions()){
case _JOB_ACCESS_ALL:
break;
case _JOB_ACCESS_ASSIGNED:
// only assigned jobs!
//$from .= " LEFT JOIN `"._DB_PREFIX."task` t ON u.job_id = t.job_id ";
//u.user_id = ".(int)module_security::get_loggedin_id()." OR
$where .= " AND (t.user_id = ".(int)module_security::get_loggedin_id().")";
break;
case _JOB_ACCESS_CUSTOMER:
break;
}*/
// permissions from customer module.
// tie in with customer permissions to only get jobs from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND f.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
}
}
$where .= " GROUP BY f.finance_id ";
$where .= " ORDER BY f.transaction_date DESC ";
$sql .= $where;
$finances_from_finance_db_table = qa($sql);
// invoice payments:
$finance_from_invoice_payments = array();
$finance_from_job_staff_expenses = array();
if (!$hide_invoice_payments && (!isset($search['invoice_id']) || !(int) $search['invoice_id'] > 0)) {
$sql = "SELECT j.*, f.finance_id AS existing_finance_id ";
$sql .= " FROM `" . _DB_PREFIX . "job` j ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "finance` f ON j.job_id = f.job_id AND f.job_staff_expense > 0 ";
$where = " WHERE 1 ";
//j.date_completed != '0000-00-00' ";
$where .= " AND j.`c_staff_total_amount` > 0 ";
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
$where .= " AND (j.`job_id` = " . (int) $search['job_id'] . " ) ";
}
if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) {
$where .= " AND j.`customer_id` = " . (int) $search['customer_id'];
}
/*if(isset($search['generic']) && strlen(trim($search['generic']))){
$name = mysql_real_escape_string(trim($search['generic']));
$where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )";
}*/
if (isset($search['company_id']) && (int) $search['company_id'] > 0) {
// check this user can view this company id or not
if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) {
$companys = module_company::get_companys();
if (isset($companys[$search['company_id']])) {
$sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON j.customer_id = cc.customer_id ";
$where .= " AND cc.`company_id` = " . (int) $search['company_id'];
}
}
}
if (isset($search['date_from']) && $search['date_from'] != '') {
$where .= " AND j.date_completed >= '" . input_date($search['date_from']) . "'";
}
if (isset($search['date_to']) && $search['date_to'] != '') {
$where .= " AND j.date_completed <= '" . input_date($search['date_to']) . "'";
}
if (isset($search['amount_from']) && $search['amount_from'] != '') {
$where .= " AND j.c_staff_total_amount >= '" . mysql_real_escape_string($search['amount_from']) . "'";
}
if (isset($search['amount_to']) && $search['amount_to'] != '') {
$where .= " AND j.c_staff_total_amount <= '" . mysql_real_escape_string($search['amount_to']) . "'";
}
switch (module_job::get_job_access_permissions()) {
case _JOB_ACCESS_ALL:
break;
case _JOB_ACCESS_ASSIGNED:
// only assigned jobs!
$sql .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON j.job_id = t.job_id ";
$where .= " AND (j.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")";
break;
case _JOB_ACCESS_CUSTOMER:
// tie in with customer permissions to only get jobs from customers we can access.
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND j.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
}
break;
}
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND j.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
}
}
$sql .= $where . " GROUP BY j.job_id ORDER BY j.date_completed DESC ";
//echo $sql;
$finance_from_job_staff_expenses = array();
$res = qa($sql);
foreach ($res as $finance) {
// we have a job with staff expenses. split this up into gruops based on staff members.
$staff_total_grouped = false;
if (isset($finance['c_staff_total_grouped']) && strlen($finance['c_staff_total_grouped'])) {
$staff_total_grouped = @unserialize($finance['c_staff_total_grouped']);
}
if ($staff_total_grouped === false) {
// echo 'here: ';
// var_dump($finance);
// var_dump($staff_total_grouped);
$job_data = module_job::get_job($finance['job_id']);
$staff_total_grouped = $job_data['staff_total_grouped'];
}
if (is_array($staff_total_grouped)) {
foreach ($staff_total_grouped as $staff_id => $staff_total) {
$staff_member = module_user::get_user($staff_id);
if ($staff_member && $staff_member['user_id'] == $staff_id) {
// make sure this entry doesn't already exist in the database table for this job
// there MAY be an existing entry if 'existing_finance_id' is set
if ($finance['existing_finance_id'] > 0) {
// check if it exists for this staff member.
$existing = get_single('finance', array('job_id', 'job_staff_expense', 'amount'), array($finance['job_id'], $staff_id, $staff_total));
if ($existing) {
// match exists already, skip adding this one to the list.
continue;
}
}
//$finance = self::_format_invoice_payment($finance, $finance);
//$finance['url'] = module_job::link_open($finance['job_id'],false,$finance);
$finance['url'] = module_finance::link_open('new', false) . '&job_staff_expense=' . $staff_id . '&from_job_id=' . $finance['job_id'];
$finance['transaction_date'] = $finance['date_completed'];
$finance['description'] = _l('Job Expense For Staff Member: %s', $staff_member['name'] . ' ' . $staff_member['last_name']);
//"Exiting: ".$finance['existing_finance_id'].": ".
$finance['amount'] = $staff_total;
$finance['debit'] = $staff_total;
$finance['sub_amount'] = $staff_total;
$finance['taxable_amount'] = $staff_total;
$finance['credit'] = 0;
$finance['type'] = 'e';
$finance_from_job_staff_expenses[] = $finance;
}
}
}
}
}
if (!$hide_invoice_payments) {
$sql = "SELECT p.*, i.customer_id ";
if (module_config::c('finance_date_type', 'payment') == 'invoice') {
// show entries by invoice create date, not payment date.
$sql .= " , i.date_create AS transaction_date ";
} else {
// default, show by paid date.
$sql .= " , p.date_paid AS transaction_date ";
}
$sql .= " FROM `" . _DB_PREFIX . "invoice_payment` p ";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "invoice` i ON p.invoice_id = i.invoice_id ";
$where = " WHERE p.date_paid != '0000-00-00' ";
$where .= " AND p.`amount` != 0 ";
$where .= " AND ( p.`payment_type` = " . _INVOICE_PAYMENT_TYPE_NORMAL . " OR p.`payment_type` = " . _INVOICE_PAYMENT_TYPE_REFUND . ' OR p.`payment_type` = ' . _INVOICE_PAYMENT_TYPE_OVERPAYMENT_CREDIT . ' OR p.`payment_type` = ' . _INVOICE_PAYMENT_TYPE_CREDIT . ')';
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
$sql .= " LEFT JOIN `" . _DB_PREFIX . "invoice_item` ii ON i.invoice_id = ii.invoice_id";
$sql .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON ii.task_id = t.task_id";
$where .= " AND (t.`job_id` = " . (int) $search['job_id'] . " OR i.`deposit_job_id` = " . (int) $search['job_id'] . " ) ";
}
if (isset($search['invoice_id']) && (int) $search['invoice_id'] > 0) {
$where .= " AND p.`invoice_id` = " . (int) $search['invoice_id'];
}
if (isset($search['customer_id']) && (int) $search['customer_id'] > 0) {
$where .= " AND i.`customer_id` = " . (int) $search['customer_id'];
}
/*if(isset($search['generic']) && strlen(trim($search['generic']))){
$name = mysql_real_escape_string(trim($search['generic']));
$where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )";
}*/
if (isset($search['company_id']) && (int) $search['company_id'] > 0) {
// check this user can view this company id or not
if (class_exists('module_company', false) && module_company::can_i('view', 'Company') && module_company::is_enabled()) {
$companys = module_company::get_companys();
if (isset($companys[$search['company_id']])) {
$sql .= " LEFT JOIN `" . _DB_PREFIX . "company_customer` cc ON i.customer_id = cc.customer_id ";
$where .= " AND cc.`company_id` = " . (int) $search['company_id'];
}
}
}
if (isset($search['date_from']) && $search['date_from'] != '') {
if (module_config::c('finance_date_type', 'payment') == 'invoice') {
$where .= " AND i.date_create >= '" . input_date($search['date_from']) . "'";
} else {
$where .= " AND p.date_paid >= '" . input_date($search['date_from']) . "'";
}
}
if (isset($search['date_to']) && $search['date_to'] != '') {
if (module_config::c('finance_date_type', 'payment') == 'invoice') {
$where .= " AND i.date_create <= '" . input_date($search['date_to']) . "'";
} else {
$where .= " AND p.date_paid <= '" . input_date($search['date_to']) . "'";
}
}
if (isset($search['amount_from']) && $search['amount_from'] != '') {
$where .= " AND p.amount >= '" . mysql_real_escape_string($search['amount_from']) . "'";
}
if (isset($search['amount_to']) && $search['amount_to'] != '') {
$where .= " AND p.amount <= '" . mysql_real_escape_string($search['amount_to']) . "'";
}
if (isset($search['type']) && $search['type'] != '' && $search['type'] != 'ie') {
if ($search['type'] == 'i') {
$where .= " AND p.amount > 0";
} else {
if ($search['type'] == 'e') {
$where .= " AND p.amount < 0";
}
}
}
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND i.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
}
}
$sql .= $where . " ORDER BY p.date_paid DESC ";
//echo $sql;
$finance_from_invoice_payments = qa($sql);
foreach ($finance_from_invoice_payments as $finance_id => $finance) {
// doesn't have an finance / account reference just yet.
// but they can create one and this will become a child entry to it.
$finance = self::_format_invoice_payment($finance, $finance);
/*if(!isset($finance['customer_id']) || !$finance['customer_id']){
$invoice_data = module_invoice::get_invoice($finance['invoice_id'],2);
$finance['customer_id'] = $invoice_data['customer_id'];
}*/
// grab a new name/descriptino/etc.. from other plugins (at the moment only subscription)
/*$new_finance = hook_handle_callback('finance_invoice_listing',$finance['invoice_id'],$finance);
if(is_array($new_finance) && count($new_finance)){
foreach($new_finance as $n){
$finance = array_merge($finance,$n);
}
}*/
$finance_from_invoice_payments[$finance_id] = $finance;
}
if (isset($search['generic']) && strlen(trim($search['generic']))) {
$name = mysql_real_escape_string(trim($search['generic']));
// $where .= " AND (i.`name` LIKE '%$name%' OR p.method LIKE '%$name%' )";
// we have to do a PHP search here because
foreach ($finance_from_invoice_payments as $finance_id => $finance) {
if (stripos($finance['name'], $name) === false && stripos($finance['description'], $name) === false) {
unset($finance_from_invoice_payments[$finance_id]);
}
}
}
}
$finances = array_merge($finances_from_finance_db_table, $finance_from_invoice_payments, $finance_from_job_staff_expenses);
unset($finances_from_finance_db_table);
unset($finance_from_invoice_payments);
unset($finance_from_job_staff_expenses);
// sort this
if (!function_exists('sort_finance')) {
function sort_finance($a, $b)
{
$t1 = strtotime($a['transaction_date']);
$t2 = strtotime($b['transaction_date']);
if ($t1 == $t2) {
// sort by finance id, putting ones with a finance id first before others. then amount.
if (isset($a['finance_id']) && !isset($b['finance_id'])) {
// put $a before $b
return -1;
} else {
if (!isset($a['finance_id']) && isset($b['finance_id'])) {
// put $b before $a
return 1;
} else {
return $a['amount'] > $b['amount'];
}
}
} else {
return $t1 < $t2;
}
}
}
uasort($finances, 'sort_finance');
foreach ($finances as $finance_id => $finance) {
// we load each of these transactions
// transaction can be a "transaction" or an "invoice_payment"
// find out if this transaction is a child transaction to another transaction.
// if it is a child transaction and we haven't already dispayed it in this listing
// then we find the parent transaction and display it along with all it's children in this place.
// this wont be perfect all the time but will be awesome in 99% of cases.
if (isset($finance['finance_id']) && $finance['finance_id']) {
// displayed before already?
if (isset($displayed_finance_ids[$finance['finance_id']])) {
$finances[$displayed_finance_ids[$finance['finance_id']]]['link_count']++;
unset($finances[$finance_id]);
continue;
}
$displayed_finance_ids[$finance['finance_id']] = $finance_id;
if (isset($finance['invoice_payment_id']) && $finance['invoice_payment_id']) {
$displayed_invoice_payment_ids[$finance['invoice_payment_id']] = $finance_id;
// so we dont display again.
}
} else {
if (isset($finance['invoice_payment_id']) && $finance['invoice_payment_id'] && isset($finance['invoice_id']) && $finance['invoice_id']) {
// this is an invoice payment (incoming payment)
// displayed before already?
if (isset($displayed_invoice_payment_ids[$finance['invoice_payment_id']])) {
$finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]] = array_merge($finance, $finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]]);
$finances[$displayed_invoice_payment_ids[$finance['invoice_payment_id']]]['link_count']++;
unset($finances[$finance_id]);
continue;
}
$displayed_invoice_payment_ids[$finance['invoice_payment_id']] = $finance_id;
// so we dont display again.
} else {
if (isset($finance['c_staff_total_amount'])) {
// staff expense.
} else {
// nfi?
unset($finances[$finance_id]);
continue;
}
}
}
if (isset($finance['parent_finance_id']) && $finance['parent_finance_id']) {
// check if it's parent finance id has been displayed already somewhere.
if (isset($displayed_finance_ids[$finance['parent_finance_id']])) {
$finances[$displayed_finance_ids[$finance['parent_finance_id']]]['link_count']++;
unset($finances[$finance_id]);
continue;
// already done it on this page.
}
$displayed_finance_ids[$finance['parent_finance_id']] = $finance_id;
// we haven't displayed the parent one yet.
// display the parent one in this listing.
$finance = self::get_finance($finance['parent_finance_id']);
}
/*if(isset($finance['invoice_payment_id']) && $finance['invoice_payment_id'] && isset($finance['invoice_id']) && $finance['invoice_id']){
// moved to above.
}else*/
if (isset($finance['finance_id']) && $finance['finance_id']) {
$finance['url'] = self::link_open($finance['finance_id'], false);
$finance['credit'] = $finance['type'] == 'i' ? $finance['amount'] : 0;
$finance['debit'] = $finance['type'] == 'e' ? $finance['amount'] : 0;
if (!isset($finance['categories'])) {
$finance['categories'] = '';
}
if (!isset($finance['account_name'])) {
$finance['account_name'] = '';
}
}
if (isset($finance['taxes']) && !isset($finance['sub_amount'])) {
$finance['sub_amount'] = $finance['amount'];
foreach ($finance['taxes'] as $tax) {
if (isset($tax['amount'])) {
$finance['sub_amount'] -= $tax['amount'];
}
}
}
$finance['link_count'] = 0;
$finances[$finance_id] = $finance;
}
return $finances;
}
public static function get_jobs($search = array(), $return_options = array())
{
// limit based on customer id
/*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){
return array();
}*/
$cache_key = 'get_jobs_' . md5(serialize(array($search, $return_options)));
if ($cached_item = module_cache::get('job', $cache_key)) {
return $cached_item;
}
$cache_timeout = module_config::c('cache_objects', 60);
// build up a custom search sql query based on the provided search fields
$sql = "SELECT ";
if (isset($return_options['columns'])) {
$sql .= $return_options['columns'];
} else {
$sql .= "u.*,u.job_id AS id ";
$sql .= ", u.name AS name ";
$sql .= ", c.customer_name ";
if (class_exists('module_website', false) && module_website::is_plugin_enabled()) {
$sql .= ", w.name AS website_name";
// for export
}
$sql .= ", us.name AS staff_member";
// for export
}
$from = " FROM `" . _DB_PREFIX . "job` u ";
$from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)";
if (class_exists('module_website', false) && module_website::is_plugin_enabled()) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "website` w ON u.website_id = w.website_id";
// for export
}
$from .= " LEFT JOIN `" . _DB_PREFIX . "user` us ON u.user_id = us.user_id";
// for export
$where = " WHERE 1 ";
if (is_array($return_options) && isset($return_options['custom_where'])) {
// put in return options so harder to push through from user end.
$where .= $return_options['custom_where'];
}
if (isset($search['generic']) && $search['generic']) {
$str = mysql_real_escape_string($search['generic']);
$where .= " AND ( ";
$where .= " u.name LIKE '%{$str}%' ";
//OR ";
//$where .= " u.url LIKE '%$str%' ";
$where .= ' ) ';
}
if (isset($search['date_start_after']) && $search['date_start_after'] !== '' && $search['date_start_after'] !== false) {
$date = input_date($search['date_start_after']);
$where .= " AND u.`date_start` >= '" . mysql_real_escape_string($date) . "'";
}
if (isset($search['date_start_before']) && $search['date_start_before'] !== '' && $search['date_start_before'] !== false) {
$date = input_date($search['date_start_before']);
$where .= " AND u.`date_start` != '0000-00-00' AND u.`date_start` <= '" . mysql_real_escape_string($date) . "'";
}
if (isset($search['task_due_after']) && $search['task_due_after'] !== '' && $search['task_due_after'] !== false) {
$date = input_date($search['task_due_after']);
if (!strpos($from, 'task`')) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id ";
}
$where .= " AND ts.`date_due` >= '" . mysql_real_escape_string($date) . "'";
}
if (isset($search['task_due_before']) && $search['task_due_before'] !== '' && $search['task_due_before'] !== false) {
$date = input_date($search['task_due_before']);
if (!strpos($from, 'task`')) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id ";
}
$where .= " AND ts.`date_due` != '0000-00-00' AND ts.`date_due` <= '" . mysql_real_escape_string($date) . "'";
}
if (isset($search['user_id']) && $search['user_id'] !== '' && $search['user_id'] !== false && (int) $search['user_id'] > 0) {
$user_id = (int) $search['user_id'];
if (!strpos($from, 'task`')) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id ";
}
$where .= " AND ( u.`user_id` = {$user_id} OR `ts`.`user_id` = {$user_id} ) ";
}
if (strpos($sql, 'ts.') && !strpos($from, 'task')) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "task` ts ON u.job_id = ts.job_id ";
}
if (isset($search['group_id']) && trim($search['group_id'])) {
$str = (int) $search['group_id'];
$from .= " LEFT JOIN `" . _DB_PREFIX . "group_member` gm ON (u.job_id = gm.owner_id)";
$where .= " AND (gm.group_id = '{$str}' AND gm.owner_table = 'job')";
}
if (isset($search['extra_fields']) && is_array($search['extra_fields']) && class_exists('module_extra', false)) {
$extra_fields = array();
foreach ($search['extra_fields'] as $key => $val) {
if (strlen(trim($val))) {
$extra_fields[$key] = trim($val);
}
}
if (count($extra_fields)) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "extra` ext ON (ext.owner_id = u.job_id)";
//AND ext.owner_table = 'customer'
$where .= " AND (ext.owner_table = 'job' AND ( ";
foreach ($extra_fields as $key => $val) {
$val = mysql_real_escape_string($val);
$key = mysql_real_escape_string($key);
$where .= "( ext.`extra` LIKE '%{$val}%' AND ext.`extra_key` = '{$key}') OR ";
}
$where = rtrim($where, ' OR');
$where .= ' ) )';
}
}
foreach (array('customer_id', 'website_id', 'renew_job_id', 'status', 'type', 'date_start', 'date_quote', 'quote_id') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
if ($str[0] == '!') {
// hack for != sql searching.
$str = ltrim($str, '!');
$where .= " AND u.`{$key}` != '{$str}'";
} else {
$where .= " AND u.`{$key}` = '{$str}'";
}
}
}
if (isset($search['completed']) && (int) $search['completed'] > 0) {
switch ($search['completed']) {
case 1:
// both complete and not complete jobs, dont modify query
break;
case 2:
// only completed jobs.
$where .= " AND u.date_completed != '0000-00-00'";
break;
case 3:
// only non-completed jobs.
$where .= " AND u.date_completed = '0000-00-00'";
break;
case 4:
// only quoted jobs
$where .= " AND u.date_start = '0000-00-00' AND u.date_quote != '0000-00-00'";
break;
case 5:
// only not started jobs
$where .= " AND u.date_start = '0000-00-00'";
break;
}
}
if (isset($return_options['custom_group_by'])) {
$group_order = $return_options['custom_group_by'];
} else {
$group_order = ' GROUP BY u.job_id ORDER BY u.name';
}
switch (self::get_job_access_permissions()) {
case _JOB_ACCESS_ALL:
break;
case _JOB_ACCESS_ASSIGNED:
// only assigned jobs!
$from .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON u.job_id = t.job_id ";
$where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")";
break;
case _JOB_ACCESS_CUSTOMER:
// tie in with customer permissions to only get jobs from customers we can access.
$customers = module_customer::get_customers();
if (count($customers)) {
$where .= " AND u.customer_id IN ( ";
foreach ($customers as $customer) {
$where .= $customer['customer_id'] . ', ';
}
$where = rtrim($where, ', ');
$where .= " ) ";
}
break;
}
// tie in with customer permissions to only get jobs from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
$where .= " )";
}
}
$sql = $sql . $from . $where . $group_order;
// echo $sql;print_r(debug_backtrace());exit;
$result = qa($sql);
//module_security::filter_data_set("job",$result);
module_cache::put('job', $cache_key, $result, $cache_timeout);
return $result;
// return get_multiple("job",$search,"job_id","fuzzy","name");
}
public static function get_invoices($search = array(), $return_options = array())
{
// limit based on customer id
/*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){
return array();
}*/
// build up a custom search sql query based on the provided search fields
$sql = "SELECT u.*,u.invoice_id AS id ";
$sql .= ", u.name AS name ";
$sql .= ", c.customer_name ";
$from = " FROM `" . _DB_PREFIX . "invoice` u ";
$from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)";
$from .= " LEFT JOIN `" . _DB_PREFIX . "invoice_item` ii ON u.invoice_id = ii.invoice_id ";
$from .= " LEFT JOIN `" . _DB_PREFIX . "task` t ON ii.task_id = t.task_id";
/*if(isset($search['job_id']) && (int)$search['job_id']>0){
$from .= " AND t.`job_id` = ".(int)$search['job_id'];
}*/
if (class_exists('module_subscription', false)) {
$sql .= ", GROUP_CONCAT(DISTINCT subh.subscription_id ORDER BY subh.subscription_id) AS invoice_subscription_ids ";
$from .= " LEFT JOIN `" . _DB_PREFIX . "subscription_history` subh ON u.invoice_id = subh.invoice_id ";
}
$where = " WHERE 1 ";
if (is_array($return_options) && isset($return_options['custom_where'])) {
// put in return options so harder to push through from user end.
$where .= $return_options['custom_where'];
}
if (isset($search['generic']) && $search['generic']) {
$str = mysql_real_escape_string($search['generic']);
$where .= " AND ( ";
$where .= " u.name LIKE '%{$str}%' ";
//$where .= "OR u.url LIKE '%$str%' ";
$where .= ' ) ';
}
foreach (array('customer_id', 'status', 'name', 'date_paid', 'date_due', 'renew_invoice_id', 'credit_note_id', 'website_id') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
$where .= " AND u.`{$key}` = '{$str}'";
}
}
if (isset($search['date_from']) && $search['date_from']) {
$str = mysql_real_escape_string(input_date($search['date_from']));
$where .= " AND ( ";
$where .= " u.date_create >= '{$str}' ";
$where .= ' ) ';
}
if (isset($search['date_to']) && $search['date_to']) {
$str = mysql_real_escape_string(input_date($search['date_to']));
$where .= " AND ( ";
$where .= " u.date_create <= '{$str}' ";
$where .= ' ) ';
}
if (isset($search['date_paid_from']) && $search['date_paid_from']) {
$str = mysql_real_escape_string(input_date($search['date_paid_from']));
$where .= " AND ( ";
$where .= " u.date_paid >= '{$str}' ";
$where .= ' ) ';
}
if (isset($search['date_paid_to']) && $search['date_paid_to']) {
$str = mysql_real_escape_string(input_date($search['date_paid_to']));
$where .= " AND ( ";
$where .= " u.date_paid <= '{$str}' ";
$where .= ' ) ';
}
if (isset($search['job_id']) && (int) $search['job_id'] > 0) {
$where .= " AND ( t.`job_id` = " . (int) $search['job_id'] . ' OR ';
$where .= " u.deposit_job_id = " . (int) $search['job_id'];
$where .= ' ) ';
}
if (isset($search['deposit_job_id']) && (int) $search['deposit_job_id'] > 0) {
$where .= " AND ( u.deposit_job_id = " . (int) $search['deposit_job_id'];
$where .= ' ) ';
}
if (isset($search['customer_group_id']) && (int) $search['customer_group_id'] > 0) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "group_member` gm ON (c.customer_id = gm.owner_id)";
$where .= " AND (gm.group_id = '" . (int) $search['customer_group_id'] . "' AND gm.owner_table = 'customer')";
}
if (isset($search['renewing']) && $search['renewing']) {
$where .= " AND u.date_renew != '0000-00-00' AND (u.renew_invoice_id IS NULL OR u.renew_invoice_id = 0) ";
}
switch (self::get_invoice_access_permissions()) {
case _INVOICE_ACCESS_ALL:
break;
case _INVOICE_ACCESS_STAFF:
$where .= " AND u.vendor_user_id = " . (int) module_security::get_loggedin_id();
break;
case _INVOICE_ACCESS_JOB:
$valid_job_ids = module_job::get_jobs();
$where .= " AND ( t.`job_id` IN ( ";
if (count($valid_job_ids)) {
foreach ($valid_job_ids as $valid_job_id) {
$where .= (int) $valid_job_id['job_id'] . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= ' ) ';
$where .= " OR ";
$where .= " u.deposit_job_id IN ( ";
if (count($valid_job_ids)) {
foreach ($valid_job_ids as $valid_job_id) {
$where .= (int) $valid_job_id['job_id'] . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= ' ) ';
$where .= " )";
break;
case _INVOICE_ACCESS_CUSTOMER:
$valid_customer_ids = module_security::get_customer_restrictions();
$where .= " AND u.customer_id IN ( ";
if (count($valid_customer_ids)) {
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= " )";
}
// permissions from customer module.
// tie in with customer permissions to only get jobs from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$where .= " AND u.customer_id IN ( ";
if (count($valid_customer_ids)) {
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
} else {
$where .= ' NULL ';
}
$where .= " )";
}
$group_order = ' GROUP BY u.invoice_id ORDER BY u.date_create DESC';
// stop when multiple company sites have same region
$sql = $sql . $from . $where . $group_order;
$result = qa($sql);
//module_security::filter_data_set("invoice",$result);
return $result;
// return get_multiple("invoice",$search,"invoice_id","fuzzy","name");
}
<?php
/**
* Copyright: dtbaker 2012
* Licence: Please check CodeCanyon.net for licence details.
* More licence clarification available here: http://codecanyon.net/wiki/support/legal-terms/licensing-terms/
* Deploy: 9809 f200f46c2a19bb98d112f2d32a8de0c4
* Envato: 4ffca17e-861e-4921-86c3-8931978c40ca
* Package Date: 2015-11-25 02:55:20
* IP Address: 67.79.165.254
*/
$access = true;
switch ($table_name) {
case 'invoice':
default:
// check if current user can access this invoice.
if ($data && isset($data['customer_id']) && (int) $data['customer_id'] > 0) {
$valid_customer_ids = module_security::get_customer_restrictions();
if ($valid_customer_ids) {
$access = isset($valid_customer_ids[$data['customer_id']]);
if (!$access) {
return false;
}
}
}
break;
}
public static function get_quotes($search = array(), $return_options = array())
{
// limit based on customer id
/*if(!isset($_REQUEST['customer_id']) || !(int)$_REQUEST['customer_id']){
return array();
}*/
$cache_key = 'get_quotes_' . md5(serialize(array($search, $return_options)));
if ($cached_item = module_cache::get('quote', $cache_key)) {
return $cached_item;
}
$cache_timeout = module_config::c('cache_objects', 60);
// build up a custom search sql query based on the provided search fields
$sql = "SELECT ";
if (isset($return_options['columns'])) {
$sql .= $return_options['columns'];
} else {
$sql .= "u.*,u.quote_id AS id ";
$sql .= ", u.name AS name ";
$sql .= ", c.customer_name ";
if (class_exists('module_website', false) && module_website::is_plugin_enabled()) {
$sql .= ", w.name AS website_name";
// for export
}
$sql .= ", us.name AS staff_member";
// for export
}
$from = " FROM `" . _DB_PREFIX . "quote` u ";
$from .= " LEFT JOIN `" . _DB_PREFIX . "customer` c USING (customer_id)";
if (class_exists('module_website', false) && module_website::is_plugin_enabled()) {
$from .= " LEFT JOIN `" . _DB_PREFIX . "website` w ON u.website_id = w.website_id";
// for export
}
$from .= " LEFT JOIN `" . _DB_PREFIX . "user` us ON u.user_id = us.user_id";
// for export
$where = " WHERE 1 ";
if (is_array($return_options) && isset($return_options['custom_where'])) {
// put in return options so harder to push through from user end.
$where .= $return_options['custom_where'];
}
if (isset($search['generic']) && $search['generic']) {
$str = mysql_real_escape_string($search['generic']);
$where .= " AND ( ";
$where .= " u.name LIKE '%{$str}%' ";
//OR ";
//$where .= " u.url LIKE '%$str%' ";
$where .= ' ) ';
}
foreach (array('customer_id', 'website_id', 'status', 'type', 'date_create') as $key) {
if (isset($search[$key]) && $search[$key] !== '' && $search[$key] !== false) {
$str = mysql_real_escape_string($search[$key]);
if ($str[0] == '!') {
// hack for != sql searching.
$str = ltrim($str, '!');
$where .= " AND u.`{$key}` != '{$str}'";
} else {
$where .= " AND u.`{$key}` = '{$str}'";
}
}
}
if (isset($search['ticket_id']) && (int) $search['ticket_id'] > 0) {
// join on the ticket_quote_rel tab.e
$from .= " LEFT JOIN `" . _DB_PREFIX . "ticket_quote_rel` tqr USING (quote_id)";
$where .= " AND tqr.ticket_id = " . (int) $search['ticket_id'];
}
if (isset($search['accepted']) && (int) $search['accepted'] > 0) {
switch ($search['accepted']) {
case 1:
// both complete and not complete quotes, dont modify query
break;
case 2:
// only completed quotes.
$where .= " AND u.date_approved != '0000-00-00'";
break;
case 3:
// only non-completed quotes.
$where .= " AND u.date_approved = '0000-00-00'";
break;
}
}
$group_order = ' GROUP BY u.quote_id ORDER BY u.name';
switch (self::get_quote_access_permissions()) {
case _QUOTE_ACCESS_ALL:
break;
case _QUOTE_ACCESS_ASSIGNED:
// only assigned quotes!
$from .= " LEFT JOIN `" . _DB_PREFIX . "quote_task` t ON u.quote_id = t.quote_id ";
$where .= " AND (u.user_id = " . (int) module_security::get_loggedin_id() . " OR t.user_id = " . (int) module_security::get_loggedin_id() . ")";
break;
case _QUOTE_ACCESS_CUSTOMER:
// tie in with customer permissions to only get quotes from customers we can access.
$customers = module_customer::get_customers();
if (count($customers)) {
$where .= " AND u.customer_id IN ( ";
foreach ($customers as $customer) {
$where .= $customer['customer_id'] . ', ';
}
$where = rtrim($where, ', ');
$where .= " ) ";
}
break;
}
// tie in with customer permissions to only get quotes from customers we can access.
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all quotes!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
if (count($valid_customer_ids)) {
$where .= " AND ( u.customer_id = 0 OR u.customer_id IN ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$where .= (int) $valid_customer_id . ", ";
}
$where = rtrim($where, ', ');
$where .= " )";
$where .= " )";
}
}
$sql = $sql . $from . $where . $group_order;
// echo $sql;print_r(debug_backtrace());exit;
$result = qa($sql);
//module_security::filter_data_set("quote",$result);
module_cache::put('quote', $cache_key, $result, $cache_timeout);
return $result;
// return get_multiple("quote",$search,"quote_id","fuzzy","name");
}
public static function get_customer($customer_id, $skip_permissions = false, $basic_for_link = false)
{
$customer_id = (int) $customer_id;
$customer = false;
if ($customer_id > 0) {
$cache_key_args = func_get_args();
$cache_key = self::_customer_cache_key($customer_id, $cache_key_args);
$cache_timeout = module_config::c('cache_objects', 60);
if ($cached_item = module_cache::get('customer', $cache_key)) {
return $cached_item;
}
$customer = get_single("customer", "customer_id", $customer_id);
// get their address.
if ($customer && isset($customer['customer_id']) && $customer['customer_id'] == $customer_id) {
if (!$basic_for_link) {
$customer['staff_ids'] = array();
foreach (get_multiple('customer_user_rel', array('customer_id' => $customer_id), 'user_id') as $val) {
$customer['staff_ids'][] = $val['user_id'];
}
$customer['customer_address'] = module_address::get_address($customer_id, 'customer', 'physical', true);
}
switch (self::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$is_valid_customer = isset($valid_customer_ids[$customer['customer_id']]);
if (!$is_valid_customer) {
if ($skip_permissions) {
$customer['_no_access'] = true;
// set a flag for custom processing. we check for this when calling get_customer with the skip permissions argument. (eg: in the ticket file listing link)
} else {
$customer = false;
}
}
break;
}
}
}
if (!$customer) {
$customer = array('customer_id' => 'new', 'customer_name' => '', 'customer_status' => _CUSTOMER_STATUS_PAID, 'primary_user_id' => '', 'credit' => '0', 'customer_address' => array(), 'staff_ids' => array(), 'customer_type_id' => self::get_current_customer_type_id());
}
if (class_exists('module_company', false) && module_company::is_enabled() && !$basic_for_link) {
$customer['company_ids'] = array();
if (isset($customer['customer_id']) && (int) $customer['customer_id'] > 0) {
foreach (module_company::get_companys_by_customer($customer['customer_id']) as $company) {
$customer['company_ids'][$company['company_id']] = $company['name'];
}
}
}
//$customer['customer_industry_id'] = get_multiple('customer_industry_rel',array('customer_id'=>$customer_id),'customer_industry_id');
//echo $customer_id;print_r($customer);exit;
if (isset($cache_key) && isset($cache_timeout)) {
module_cache::put('customer', $cache_key, $customer, $cache_timeout);
}
return $customer;
}
public static function get_user($user_id, $perms = true, $do_link = true, $basic_for_link = false)
{
//,$basic=false
$cache_key_args = func_get_args();
$cache_key = self::_user_cache_key($user_id, $cache_key_args);
$cache_timeout = module_config::c('cache_objects', 60);
if ($cached_item = module_cache::get('user', $cache_key)) {
return $cached_item;
}
$user = get_single("user", "user_id", $user_id);
if ($do_link && $user && isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] && $user['linked_parent_user_id'] != $user['user_id']) {
$user = self::get_user($user['linked_parent_user_id']);
module_cache::put('user', $cache_key, $user, $cache_timeout);
return $user;
}
if ($user) {
if ($basic_for_link) {
module_cache::put('user', $cache_key, $user, $cache_timeout);
return $user;
}
// if this user is a linked contact to the current contact then we allow access.
if (isset($user['linked_parent_user_id']) && $user['linked_parent_user_id'] == module_security::get_loggedin_id()) {
// allow all access.
} else {
if (class_exists('module_customer', false)) {
if ($user) {
switch (module_user::get_user_data_access()) {
case _USER_ACCESS_ME:
if ($user['user_id'] != module_security::get_loggedin_id()) {
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
break;
case _USER_ACCESS_CONTACTS:
if (!$user['customer_id'] && !$user['vendor_id'] && $user['user_id'] != module_security::get_loggedin_id()) {
// this user is not a customer contact, don't let them access it.
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
break;
case _USER_ACCESS_ALL:
default:
// all user accounts.
break;
}
}
if ($user && $user['customer_id'] > 0) {
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_TASKS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$is_valid_user = isset($valid_customer_ids[$user['customer_id']]);
if (!$is_valid_user) {
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
}
}
}
if ($user && $user['vendor_id'] > 0) {
switch (module_vendor::get_vendor_data_access()) {
case _VENDOR_ACCESS_ALL:
// all vendors! so this means all jobs!
break;
case _VENDOR_ACCESS_ALL_COMPANY:
case _VENDOR_ACCESS_CONTACTS:
$valid_vendor_check = module_vendor::get_vendor($user['vendor_id']);
$is_valid_user = $valid_vendor_check && isset($valid_vendor_check['vendor_id']) && $valid_vendor_check['vendor_id'] == $user['vendor_id'];
if (!$is_valid_user) {
if ($perms) {
$user = false;
} else {
// eg for linking.
$user['_perms'] = false;
}
}
}
}
}
}
if (!$user) {
$user = array('user_id' => 'new', 'customer_id' => 0, 'vendor_id' => 0, 'name' => '', 'last_name' => '', 'email' => '', 'password' => '', 'phone' => '', 'mobile' => '', 'fax' => '', 'roles' => array(), 'language' => module_config::c('default_language', 'en'), 'company_ids' => array());
$use_master_key = self::get_contact_master_key();
if (isset($_REQUEST[$use_master_key])) {
$user[$use_master_key] = $_REQUEST[$use_master_key];
}
} else {
$user['roles'] = get_multiple('user_role', array('user_id' => $user_id));
if (class_exists('module_company', false) && module_company::is_enabled()) {
$user['company_ids'] = array();
foreach (module_company::get_companys_by_user($user['user_id']) as $company) {
$user['company_ids'][$company['company_id']] = $company['name'];
}
}
module_cache::put('user', $cache_key, $user, $cache_timeout);
}
return $user;
}
/**
* Copyright: dtbaker 2012
* Licence: Please check CodeCanyon.net for licence details.
* More licence clarification available here: http://codecanyon.net/wiki/support/legal-terms/licensing-terms/
* Deploy: 9809 f200f46c2a19bb98d112f2d32a8de0c4
* Envato: 4ffca17e-861e-4921-86c3-8931978c40ca
* Package Date: 2015-11-25 02:55:20
* IP Address: 67.79.165.254
*/
print_heading(array('main' => true, 'type' => 'h2', 'title' => 'Calendar'));
$customer_id = isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false;
$customer_access = module_customer::get_customer_data_access();
if ($customer_access && $customer_access != _CUSTOMER_ACCESS_ALL) {
// restricted to what customers we can see. is it only 1?
$customer_access_ids = module_security::get_customer_restrictions();
if (count($customer_access_ids) == 1) {
$customer_access_id = current($customer_access_ids);
if ($customer_access_id > 0) {
$customer_id = $customer_access_id;
}
}
}
$base_path = _BASE_HREF . 'includes/plugin_calendar/wdCalendar/';
?>
<link href="<?php
echo $base_path;
?>
css/calendar.css" rel="stylesheet" type="text/css" />
<link href="<?php
echo $base_path;
public static function get_website($website_id)
{
$website = get_single("website", "website_id", $website_id);
if ($website) {
switch (module_customer::get_customer_data_access()) {
case _CUSTOMER_ACCESS_ALL:
// all customers! so this means all jobs!
break;
case _CUSTOMER_ACCESS_ALL_COMPANY:
case _CUSTOMER_ACCESS_CONTACTS:
case _CUSTOMER_ACCESS_STAFF:
$valid_customer_ids = module_security::get_customer_restrictions();
$is_valid_website = isset($valid_customer_ids[$website['customer_id']]);
if (!$is_valid_website) {
$website = false;
}
break;
case _CUSTOMER_ACCESS_TASKS:
// only customers who have linked jobs that I am assigned to.
$has_job_access = false;
if (isset($website['customer_id']) && $website['customer_id']) {
$jobs = module_job::get_jobs(array('customer_id' => $website['customer_id']));
foreach ($jobs as $job) {
if ($job['user_id'] == module_security::get_loggedin_id()) {
$has_job_access = true;
break;
}
$tasks = module_job::get_tasks($job['job_id']);
foreach ($tasks as $task) {
if ($task['user_id'] == module_security::get_loggedin_id()) {
$has_job_access = true;
break;
}
}
}
}
if (!$has_job_access) {
$website = false;
}
break;
}
}
if (!$website) {
$website = array('website_id' => 'new', 'customer_id' => isset($_REQUEST['customer_id']) ? $_REQUEST['customer_id'] : 0, 'name' => '', 'status' => module_config::s('website_status_default', 'New'), 'url' => '');
}
return $website;
}
public static function get_ticket($ticket_id, $full = true)
{
$cache_key_args = func_get_args();
$cache_key = self::_ticket_cache_key($ticket_id, $cache_key_args);
$cache_timeout = module_config::c('cache_objects', 60);
if ($cached_item = module_cache::get('ticket', $cache_key)) {
return $cached_item;
}
$ticket_access = self::get_ticket_data_access();
$ticket_id = (int) $ticket_id;
$ticket = false;
if ($ticket_id > 0) {
//$ticket = get_single("ticket","ticket_id",$ticket_id);
$sql = "SELECT * FROM `" . _DB_PREFIX . "ticket` t WHERE t.ticket_id = {$ticket_id} ";
switch ($ticket_access) {
case _TICKET_ACCESS_ALL:
break;
case _TICKET_ACCESS_ASSIGNED:
// we only want tickets assigned to me.
//$sql .= " AND t.assigned_user_id = '".(int)module_security::get_loggedin_id()."'";
$sql .= " AND (t.assigned_user_id = '" . (int) module_security::get_loggedin_id() . "' OR t.assigned_user_id = 0)";
break;
case _TICKET_ACCESS_CREATED:
// we only want tickets I created.
$sql .= " AND t.user_id = '" . (int) module_security::get_loggedin_id() . "'";
break;
case _TICKET_ACCESS_CUSTOMER:
$valid_customer_ids = module_security::get_customer_restrictions();
if (is_array($valid_customer_ids) && count($valid_customer_ids)) {
$sql .= " AND ( ";
foreach ($valid_customer_ids as $valid_customer_id) {
$sql .= " t.customer_id = '" . (int) $valid_customer_id . "' OR ";
}
$sql = rtrim($sql, 'OR ');
$sql .= " )";
}
break;
}
$ticket = qa1($sql, false);
}
if ($full === 2) {
module_cache::put('ticket', $cache_key, $ticket, $cache_timeout);
return $ticket;
}
if (!$ticket) {
$customer_id = $website_id = 0;
$user_id = module_security::get_loggedin_id();
if (isset($_REQUEST['customer_id']) && $_REQUEST['customer_id']) {
//
$customer_id = (int) $_REQUEST['customer_id'];
$customer = module_customer::get_customer($customer_id);
if (!$customer || $customer['customer_id'] != $customer_id) {
$customer_id = 0;
} else {
$user_id = $customer['primary_user_id'];
}
// find default website id to use.
if (isset($_REQUEST['website_id'])) {
$website_id = (int) $_REQUEST['website_id'];
$website = module_website::get_website($website_id);
if (!$website || $website['website_id'] != $website_id || $website['customer_id'] != $customer_id) {
$website_id = 0;
}
} else {
$website_id = 0;
}
}
$position = self::ticket_position();
$ticket = array('ticket_id' => 'new', 'customer_id' => $customer_id, 'website_id' => $website_id, 'subject' => '', 'date_completed' => '', 'status_id' => _TICKET_STATUS_NEW_ID, 'user_id' => $user_id, 'assigned_user_id' => module_config::c('ticket_default_user_id', 1), 'ticket_account_id' => module_config::c('ticket_default_account_id', 0), 'last_message_timestamp' => 0, 'last_ticket_message_id' => 0, 'message_count' => 0, 'position' => $position['current'] + 1, 'priority' => 0, 'ticket_type_id' => module_config::c('ticket_type_id_default', 0), 'total_pending' => $position['total'] + 1, 'extra_data' => array(), 'invoice_id' => false, 'faq_product_id' => false);
} else {
// find the position of this ticket
// the position is determined by the number of pending tickets
// that have a last_message_timestamp earlier than this ticket.
$position = self::ticket_position($ticket_id);
$ticket['position'] = $position['current'];
$ticket['total_pending'] = $position['total'];
/*if($ticket['priority'] == _TICKET_PRIORITY_STATUS_ID){
$ticket['position'] = self::ticket_count('priority',$ticket['last_message_timestamp'],$ticket['ticket_id'],$ticket['priority']);
}else{
$ticket['position'] = self::ticket_count('pending',$ticket['last_message_timestamp'],$ticket['ticket_id'],$ticket['priority']);
}
$ticket['total_pending'] = self::ticket_count('pending');*/
$messages = self::get_ticket_messages($ticket_id, true);
//$ticket['message_count'] = count($messages);
$ticket['message_count'] = mysql_num_rows($messages);
//end($messages);
if ($ticket['message_count'] > 0) {
mysql_data_seek($messages, $ticket['message_count'] - 1);
}
//$last_message = current($messages);
$last_message = mysql_fetch_assoc($messages);
$ticket['last_ticket_message_id'] = $last_message['ticket_message_id'];
$ticket['last_message_was_private'] = isset($last_message['private_message']) && $last_message['private_message'];
// for passwords and website addresses..
$ticket['extra_data'] = self::get_ticket_extras($ticket_id);
// hook into the envato module.
// link any missing envato/faqproduct items together.
if (class_exists('module_envato', false) && isset($_REQUEST['faq_product_envato_hack']) && (!$ticket['faq_product_id'] || $ticket['faq_product_id'] == $_REQUEST['faq_product_envato_hack'])) {
$items = module_envato::get_items_by_ticket($ticket['ticket_id']);
foreach ($items as $envato_item_id => $item) {
// see if this item is linked to a product.
if ($item['envato_item_id']) {
$sql = "SELECT * FROM `" . _DB_PREFIX . "faq_product` WHERE envato_item_ids REGEXP '[|]*" . $envato_item_id . "[|]*'";
$res = qa1($sql);
if ($res && $res['faq_product_id']) {
// found a product matching this one. link her up.
update_insert('ticket_id', $ticket_id, 'ticket', array('faq_product_id' => $res['faq_product_id']));
break;
}
}
}
}
}
module_cache::put('ticket', $cache_key, $ticket, $cache_timeout);
return $ticket;
}
