function process() { if ('plupload' == $_REQUEST['_process']) { if (!self::can_i('edit', 'Files') && !self::can_i('create', 'Files')) { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Permission error."}, "id" : "id"}'); } @ob_end_clean(); // HTTP headers for no cache etc header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // Settings $targetDir = _FILE_UPLOAD_PATH . "plupload"; //$targetDir = 'uploads'; $cleanupTargetDir = true; // Remove old files $maxFileAge = 5 * 3600; // Temp file age in seconds // 5 minutes execution time @set_time_limit(5 * 60); // Uncomment this one to fake upload time // usleep(5000); // Get parameters $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0; $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0; $fileName = isset($_REQUEST["plupload_key"]) ? $_REQUEST["plupload_key"] : ''; $fileName .= isset($_REQUEST["fileid"]) ? '-' . $_REQUEST["fileid"] : ''; $fileName = preg_replace('/[^a-zA-Z0-9-_]+/', '', $fileName); if (!$fileName) { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "No plupload_key defined."}, "id" : "id"}'); } // Make sure the fileName is unique but only if chunking is disabled if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) { $ext = strrpos($fileName, '.'); $fileName_a = substr($fileName, 0, $ext); $fileName_b = substr($fileName, $ext); $count = 1; while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) { $count++; } $fileName = $fileName_a . '_' . $count . $fileName_b; } $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; // Create target dir if (!file_exists($targetDir)) { @mkdir($targetDir); } // Remove old temp files if ($cleanupTargetDir) { if (!is_dir($targetDir) || !($dir = opendir($targetDir))) { die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}'); } while (($file = readdir($dir)) !== false) { $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; // If temp file is current file proceed to the next if ($tmpfilePath == "{$filePath}.part") { continue; } // Remove temp file if it is older than the max age and is not the current file if (preg_match('/\\.part$/', $file) && filemtime($tmpfilePath) < time() - $maxFileAge) { @unlink($tmpfilePath); } } closedir($dir); } /// Open temp file if (!($out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb"))) { die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}'); } if (!empty($_FILES)) { if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) { die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}'); } // Read binary input stream and append it to temp file if (!($in = @fopen($_FILES["file"]["tmp_name"], "rb"))) { die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}'); } } else { if (!($in = @fopen("php://input", "rb"))) { die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}'); } } while ($buff = fread($in, 4096)) { fwrite($out, $buff); } @fclose($out); @fclose($in); // Check if file has been uploaded if (!$chunks || $chunk == $chunks - 1) { // Strip the temp .part suffix off rename("{$filePath}.part", $filePath); } die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}'); } else { if ('download' == $_REQUEST['_process']) { @ob_end_clean(); $file_id = (int) $_REQUEST['file_id']; $file_data = $this->get_file($file_id); if (isset($file_data['file_url']) && strlen($file_data['file_url'])) { redirect_browser($file_data['file_url']); } else { if (is_file($file_data['file_path'])) { header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); //header("Content-Type: application/pdf"); header("Content-type: " . dtbaker_mime_type($file_data['file_name'], $file_data['file_path'])); header("Content-Disposition: attachment; filename=\"" . $file_data['file_name'] . "\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($file_data['file_path'])); //readfile($file_data['file_path']); $size = @readfile($file_data['file_path']); if (!$size) { echo file_get_contents($file_data['file_path']); } } else { echo 'Not found'; } } exit; } else { if ('save_file_popup' == $_REQUEST['_process']) { $file_id = $_REQUEST['file_id']; $file_path = false; $file_name = false; $options = unserialize(base64_decode($_REQUEST['options'])); // have we uploaded anything if (isset($_FILES['file_upload']) && is_uploaded_file($_FILES['file_upload']['tmp_name'])) { // copy to file area. $file_name = basename($_FILES['file_upload']['name']); if ($file_name) { $file_path = _FILE_UPLOAD_PATH . md5(time() . $file_name); if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path)) { // it worked. umm.. do something. } else { ?> <script type="text/javascript"> alert('Unable to save file. Please check permissions.'); </script> <?php // it didnt work. todo: display error. $file_path = false; $file_name = false; //set_error('Unable to save file'); } } } if (isset($_REQUEST['file_name']) && $_REQUEST['file_name']) { $file_name = $_REQUEST['file_name']; } if (!$file_path && !$file_name) { return false; } if (!$file_id || $file_id == 'new') { $file_data = array('file_id' => $file_id, 'owner_id' => (int) $_REQUEST['owner_id'], 'owner_table' => $_REQUEST['owner_table'], 'file_time' => time(), 'file_name' => $file_name, 'file_path' => $file_path); } else { // some fields we dont want to overwrite on existing files: $file_data = array('file_id' => $file_id, 'file_path' => $file_path, 'file_name' => $file_name); } // make sure we're saving a file we have access too. module_security::sanatise_data('file', $file_data); $file_id = update_insert('file_id', $file_id, 'file', $file_data); $file_data = $this->get_file($file_id); // we've updated from a popup. // this means we have to replace an existing file id with the updated output. // or if none exists on the page, we add a new one to the holder. $layout_type = isset($_REQUEST['layout']) && $_REQUEST['layout'] ? $_REQUEST['layout'] : 'gallery'; ?> <script type="text/javascript"> // check if it exists in parent window var new_html = '<?php echo addcslashes(preg_replace('/\\s+/', ' ', $this->print_file($file_id, $layout_type, true, $options)), "'"); ?> '; parent.new_file_added<?php echo $file_data['owner_table']; ?> _<?php echo $file_data['owner_id']; ?> (<?php echo $file_id; ?> ,'<?php echo $file_data['owner_table']; ?> ',<?php echo $file_data['owner_id']; ?> ,new_html); </script> <?php exit; } else { if ('save_file' == $_REQUEST['_process']) { $file_id = (int) $_REQUEST['file_id']; $file_path = false; $file_name = false; $file_url = ''; if (isset($_REQUEST['butt_del']) && self::can_i('delete', 'Files')) { if (module_form::confirm_delete('file_id', 'Really delete this file?')) { $ucm_file = new ucm_file($file_id); $ucm_file->delete(); set_message('File removed successfully'); } redirect_browser(module_file::link_open(false)); } else { $files_to_save = array(); // pump data in to here for multiple file uploads. // todo: stop people changing the "file_id" to another file they don't own. if (self::can_i('edit', 'Files') || self::can_i('create', 'Files')) { // have we uploaded anything $file_changed = false; if (isset($_REQUEST['plupload_key']) && isset($_REQUEST['plupload_file_name']) && is_array($_REQUEST['plupload_file_name']) && strlen(preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($_REQUEST['plupload_key'])))) { $plupload_key = preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($_REQUEST['plupload_key'])); foreach ($_REQUEST['plupload_file_name'] as $plupload_file_name_key => $file_name) { $plupload_file_name_key = preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($plupload_file_name_key)); if ($plupload_key && $plupload_file_name_key && $file_name && is_file(_FILE_UPLOAD_PATH . 'plupload' . DIRECTORY_SEPARATOR . $plupload_key . '-' . $plupload_file_name_key)) { $file_path = _FILE_UPLOAD_PATH . time() . '-' . md5(time() . $file_name); if (rename(_FILE_UPLOAD_PATH . 'plupload' . DIRECTORY_SEPARATOR . $plupload_key . '-' . $plupload_file_name_key, $file_path)) { // it worked. umm.. do something. $file_changed = true; $files_to_save[] = array('file_path' => $file_path, 'file_name' => $file_name); } else { // it didnt work. todo: display error. $file_path = false; $file_name = false; set_error('Unable to save file via plupload.'); } } } } // the old file upload method, no plupload: if (!$file_changed && isset($_FILES['file_upload']) && is_uploaded_file($_FILES['file_upload']['tmp_name'])) { // copy to file area. $file_name = basename($_FILES['file_upload']['name']); if ($file_name) { $file_path = _FILE_UPLOAD_PATH . time() . '-' . md5(time() . $file_name); if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path)) { // it worked. umm.. do something. $file_changed = true; $files_to_save[] = array('file_path' => $file_path, 'file_name' => $file_name); } else { // it didnt work. todo: display error. $file_path = false; $file_name = false; set_error('Unable to save file'); } } } if (!$file_path && isset($_REQUEST['file_url']) && isset($_REQUEST['file_name'])) { $files_to_save[] = array('file_path' => '', 'file_url' => $_REQUEST['file_url'], 'file_name' => $_REQUEST['file_name']); } if (!$file_path && isset($_REQUEST['bucket'])) { $files_to_save[] = array('file_name' => $_REQUEST['file_name'], 'bucket' => 1); } // make sure we have a valid customer_id and job_id selected. $possible_customers = $possible_jobs = array(); if (class_exists('module_customer', false)) { $possible_customers = module_customer::get_customers(); } if (class_exists('module_job', false)) { $possible_jobs = module_job::get_jobs(); } $original_file_data = array(); if ($file_id > 0) { $original_file_data = self::get_file($file_id); if (!$original_file_data || $original_file_data['file_id'] != $file_id) { die('No permissions to update this file'); } } $new_file = false; if (!$file_id) { $file_data = array('file_id' => $file_id, 'bucket_parent_file_id' => isset($_REQUEST['bucket_parent_file_id']) ? (int) $_REQUEST['bucket_parent_file_id'] : false, 'customer_id' => isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false, 'job_id' => isset($_REQUEST['job_id']) ? (int) $_REQUEST['job_id'] : false, 'quote_id' => isset($_REQUEST['quote_id']) ? (int) $_REQUEST['quote_id'] : false, 'website_id' => isset($_REQUEST['website_id']) ? (int) $_REQUEST['website_id'] : false, 'status' => isset($_REQUEST['status']) ? $_REQUEST['status'] : false, 'pointers' => isset($_REQUEST['pointers']) ? $_REQUEST['pointers'] : false, 'description' => isset($_REQUEST['description']) ? $_REQUEST['description'] : false, 'file_time' => time()); if (!isset($possible_customers[$file_data['customer_id']])) { $file_data['customer_id'] = 0; } if (!isset($possible_jobs[$file_data['job_id']])) { $file_data['job_id'] = 0; } $new_file = true; } else { // some fields we dont want to overwrite on existing files: $file_data = array('file_id' => $file_id, 'bucket_parent_file_id' => isset($_REQUEST['bucket_parent_file_id']) ? (int) $_REQUEST['bucket_parent_file_id'] : false, 'pointers' => isset($_REQUEST['pointers']) ? $_REQUEST['pointers'] : false, 'customer_id' => isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false, 'job_id' => isset($_REQUEST['job_id']) ? (int) $_REQUEST['job_id'] : false, 'quote_id' => isset($_REQUEST['quote_id']) ? (int) $_REQUEST['quote_id'] : false, 'website_id' => isset($_REQUEST['website_id']) ? (int) $_REQUEST['website_id'] : false, 'status' => isset($_REQUEST['status']) ? $_REQUEST['status'] : false, 'description' => isset($_REQUEST['description']) ? $_REQUEST['description'] : false); if (!isset($possible_customers[$file_data['customer_id']]) && $file_data['customer_id'] != $original_file_data['customer_id']) { $file_data['customer_id'] = $original_file_data['customer_id']; } if ($file_data['job_id'] && !isset($possible_jobs[$file_data['job_id']]) && $file_data['job_id'] != $original_file_data['job_id']) { $file_data['job_id'] = $original_file_data['job_id']; } } $sub_bucket_fields = array('customer_id', 'job_id', 'quote_id', 'website_id'); if ($file_data['bucket_parent_file_id']) { // we're saving a sub bucket file, pull in the file data from the parent file. $parent_file = new ucm_file($file_data['bucket_parent_file_id']); $parent_file_data = $parent_file->get_data(); foreach ($sub_bucket_fields as $sub_bucket_field) { $file_data[$sub_bucket_field] = $parent_file_data[$sub_bucket_field]; } } if (!count($files_to_save)) { $files_to_save[] = array(); } foreach ($files_to_save as $id => $file_to_save) { $file_data_to_save = array_merge($file_data, $file_to_save); $files_to_save[$id]['file_id'] = update_insert('file_id', $file_data['file_id'], 'file', $file_data_to_save); $file_data['file_id'] = 0; // incease we're uploading multiple files if (isset($_POST['staff_ids_save']) && (int) $files_to_save[$id]['file_id'] > 0) { delete_from_db('file_user_rel', array('file_id'), array($files_to_save[$id]['file_id'])); if (isset($_POST['staff_ids']) && is_array($_POST['staff_ids'])) { foreach ($_POST['staff_ids'] as $staff_id) { $sql = "REPLACE INTO `" . _DB_PREFIX . "file_user_rel` SET "; $sql .= " `user_id` = " . (int) $staff_id; $sql .= ", `file_id` = " . (int) $files_to_save[$id]['file_id']; query($sql); } } } if ($files_to_save[$id]['file_id'] > 0 && isset($file_data_to_save['bucket']) && $file_data_to_save['bucket']) { // update certain fields of all the child files to match the parent bucket. $search = array('bucket_parent_file_id' => $files_to_save[$id]['file_id']); $sub_files = module_file::get_files($search); $vals = array(); foreach ($sub_bucket_fields as $field) { $vals[$field] = isset($file_data_to_save[$field]) ? $file_data_to_save[$field] : false; } foreach ($sub_files as $sub_file) { update_insert('file_id', $sub_file['file_id'], 'file', $vals); // and save the staff assignment manually too if (isset($_POST['staff_ids_save']) && (int) $sub_file['file_id'] > 0) { delete_from_db('file_user_rel', array('file_id'), array($sub_file['file_id'])); if (isset($_POST['staff_ids']) && is_array($_POST['staff_ids'])) { foreach ($_POST['staff_ids'] as $staff_id) { $sql = "REPLACE INTO `" . _DB_PREFIX . "file_user_rel` SET "; $sql .= " `user_id` = " . (int) $staff_id; $sql .= ", `file_id` = " . (int) $sub_file['file_id']; query($sql); } } } } } module_extra::save_extras('file', 'file_id', $files_to_save[$id]['file_id']); if ($file_changed) { $this->send_file_changed_notice($files_to_save[$id]['file_id'], $new_file); } // file changed } } if (module_file::can_i('create', 'File Comments')) { $this->save_file_comments($file_id); } if (isset($_REQUEST['delete_file_comment_id']) && $_REQUEST['delete_file_comment_id']) { $file_comment_id = (int) $_REQUEST['delete_file_comment_id']; $comment = get_single('file_comment', 'file_comment_id', $file_comment_id); if ($comment['create_user_id'] == module_security::get_loggedin_id() || module_file::can_i('delete', 'File Comments')) { $sql = "DELETE FROM `" . _DB_PREFIX . "file_comment` WHERE file_id = '" . (int) $file_id . "' AND file_comment_id = '{$file_comment_id}' "; $sql .= " LIMIT 1"; query($sql); } } if (isset($_REQUEST['butt_email']) && $_REQUEST['butt_email'] && module_file::can_i('edit', 'File Approval')) { redirect_browser($this->link_open_email($file_id)); } if (count($files_to_save)) { if (count($files_to_save) > 1) { $file_id = false; set_message(_l('%s Files saved successfully', count($files_to_save))); } else { set_message(_l('File saved successfully')); $file_id = $files_to_save[0]['file_id']; } } redirect_browser($this->link_open($file_id)); } } else { if ('delete_file_popup' == $_REQUEST['_process']) { $file_id = (int) $_REQUEST['file_id']; if (!$file_id || $file_id == 'new') { // cant delete a new file.. do nothing. } else { $file_data = $this->get_file($file_id); if (true) { //module_security::can_access_data('file',$file_data,$file_id)){ // delete the physical file. if (is_file($file_data['file_path'])) { unlink($file_data['file_path']); } // delete the db entry. delete_from_db('file', 'file_id', $file_id); // update ui with changes. ?> <script type="text/javascript"> var new_html = ''; parent.new_file_added<?php echo $file_data['owner_table']; ?> _<?php echo $file_data['owner_id']; ?> (<?php echo $file_id; ?> ,'<?php echo $file_data['owner_table']; ?> ',<?php echo $file_data['owner_id']; ?> ,new_html); </script> <?php } } exit; } } } } } }
$widget_id = (int) $_REQUEST['widget_id']; $widget = module_widget::get_widget($widget_id); if ($widget_id > 0 && $widget['widget_id'] == $widget_id) { $module->page_title = 'Widget' . ': ' . $widget['name']; } else { $module->page_title = 'Widget' . ': ' . _l('New'); } if ($widget_id > 0 && $widget) { if (class_exists('module_security', false)) { module_security::check_page(array('module' => $module->module_name, 'feature' => 'edit')); } } else { if (class_exists('module_security', false)) { module_security::check_page(array('module' => $module->module_name, 'feature' => 'create')); } module_security::sanatise_data('widget', $widget); } ?> <form action="" method="post"> <input type="hidden" name="_process" value="save_widget" /> <input type="hidden" name="widget_id" value="<?php echo $widget_id; ?> " /> <?php $fields = array('fields' => array('name' => 'Name'));
$website_id = (int) $_REQUEST['website_id']; $website = module_website::get_website($website_id); if ($website_id > 0 && $website['website_id'] == $website_id) { $module->page_title = module_config::c('project_name_single', 'Website') . ': ' . $website['name']; } else { $module->page_title = module_config::c('project_name_single', 'Website') . ': ' . _l('New'); } if ($website_id > 0 && $website) { if (class_exists('module_security', false)) { module_security::check_page(array('module' => $module->module_name, 'feature' => 'edit')); } } else { if (class_exists('module_security', false)) { module_security::check_page(array('module' => $module->module_name, 'feature' => 'create')); } module_security::sanatise_data('website', $website); } ?> <form action="" method="post"> <input type="hidden" name="_process" value="save_website" /> <input type="hidden" name="website_id" value="<?php echo $website_id; ?> " /> <?php
* IP Address: 67.79.165.254 */ if (!$module->can_i('view', 'Products') || !$module->can_i('edit', 'Products')) { redirect_browser(_BASE_HREF); } // check permissions. if (class_exists('module_security', false)) { if ($product_category_id > 0 && $product_category['product_category_id'] == $product_category_id) { // if they are not allowed to "edit" a page, but the "view" permission exists // then we automatically grab the page and regex all the crap out of it that they are not allowed to change // eg: form elements, submit buttons, etc.. module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Edit')); } else { module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Create')); } module_security::sanatise_data('product', $product_category); } ?> <form action="" method="post" id="product_category_form"> <input type="hidden" name="_process" value="save_product_category" /> <input type="hidden" name="product_category_id" value="<?php echo (int) $product_category_id; ?> " /> <?php module_form::set_required(array('fields' => array('name' => 'Name'))); module_form::prevent_exit(array('valid_exits' => array('.submit_button'))); $fieldset_data = array('heading' => array('type' => 'h3', 'title' => 'Product Information'), 'class' => 'tableclass tableclass_form tableclass_full', 'elements' => array()); $fieldset_data['elements'][] = array('title' => 'Name', 'fields' => array(array('type' => 'text', 'name' => 'product_category_name', 'value' => $product_category['product_category_name'])));
if (!$job['hourly_rate']) { $job['hourly_rate'] = 0; } $staff_members = module_user::get_staff_members(); $staff_member_rel = array(); foreach ($staff_members as $staff_member) { $staff_member_rel[$staff_member['user_id']] = $staff_member['name']; } if ($job_id > 0 && $job['job_id'] == $job_id) { $module->page_title = _l('Job: %s', $job['name']); } else { $module->page_title = _l('Job: %s', _l('New')); } // check permissions. if (class_exists('module_security', false)) { module_security::sanatise_data('job', $job); } $job_tasks = module_job::get_tasks($job_id); if (class_exists('module_import_export', false)) { if (module_job::can_i('view', 'Export Job Tasks')) { module_import_export::enable_pagination_hook(array('name' => 'Job Tasks Export', 'fields' => array('Job Name' => 'job_name', 'Task ID' => 'task_id', 'Order' => 'task_order', 'Short Description' => 'description', 'Long Description' => 'long_description', 'Hours' => 'hours', 'Hours Completed' => 'completed', 'Amount' => 'amount', 'Billable' => 'billable', 'Fully Completed' => 'fully_completed', 'Date Due' => 'date_due', 'Invoice #' => 'invoice_number', 'Staff Member' => 'user_name', 'Approval Required' => 'approval_required'))); if (isset($_REQUEST['import_export_go']) && $_REQUEST['import_export_go'] == 'yes') { // do the task export. module_import_export::run_pagination_hook($job_tasks); } } if (module_job::can_i('view', 'Import Job Tasks')) { $import_tasks_link = module_import_export::import_link(array('callback' => 'module_job::handle_import_tasks', 'name' => 'Job Tasks', 'job_id' => $job_id, 'return_url' => $_SERVER['REQUEST_URI'], 'fields' => array('Task ID' => array('task_id', false, 'The existing system ID for this task. Will overwrite existing task ID. Leave blank to create new task.'), 'Order' => array('task_order', false, 'The numerical order the tasks will appear in.'), 'Short Description' => array('description', true), 'Long Description' => 'long_description', 'Hours' => 'hours', 'Hours Completed' => 'completed', 'Amount' => 'amount', 'Billable' => array('billable', false, '1 for billable, 0 for non-billable'), 'Fully Completed' => array('fully_completed', false, '1 for fully completed, 0 for not completed'), 'Date Due' => array('date_due', false, 'When this task is due for completion'), 'Staff Member' => array('user_name', false, 'One of: ' . implode(', ', $staff_member_rel)), 'Approval Required' => array('approval_required', false, '1 if the administrator needs to approve this task, 0 if it does not require approval')))); } } ?>
if (!module_config::can_i('edit', 'Settings')) { redirect_browser(_BASE_HREF); } $company_id = (int) $_REQUEST['company_id']; $company = array(); if ($company_id > 0) { if (class_exists('module_security', false)) { module_security::check_page(array('category' => 'Company', 'page_name' => 'Company', 'module' => 'company', 'feature' => 'edit')); } $company = module_company::get_company($company_id); } else { } if (!$company) { $company_id = 'new'; $company = array('company_id' => 'new', 'name' => ''); module_security::sanatise_data('company', $company); } ?> <form action="" method="post"> <input type="hidden" name="_process" value="save_company" /> <input type="hidden" name="company_id" value="<?php echo $company_id; ?> " /> <?php module_form::print_form_auth(); module_form::prevent_exit(array('valid_exits' => array('.submit_button'))); $fieldset_data = array('heading' => array('type' => 'h3', 'title' => 'Company Details'), 'elements' => array(array('title' => _l('Company Name'), 'field' => array('name' => 'name', 'value' => $company['name'], 'type' => 'text'))));
} // done in product_admin //$product_id = (int)$_REQUEST['product_id']; //$product = array(); //$product = module_product::get_product($product_id); // check permissions. if (class_exists('module_security', false)) { if ($product_id > 0 && $product['product_id'] == $product_id) { // if they are not allowed to "edit" a page, but the "view" permission exists // then we automatically grab the page and regex all the crap out of it that they are not allowed to change // eg: form elements, submit buttons, etc.. module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Edit')); } else { module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Create')); } module_security::sanatise_data('product', $product); } ?> <form action="" method="post" id="product_form"> <input type="hidden" name="_process" value="save_product" /> <input type="hidden" name="product_id" value="<?php echo $product_id; ?> " /> <?php module_form::set_required(array('fields' => array('name' => 'Name'))); module_form::prevent_exit(array('valid_exits' => array('.submit_button'))); $fieldset_data = array('heading' => array('type' => 'h3', 'title' => 'Product Information'), 'class' => 'tableclass tableclass_form tableclass_full', 'elements' => array()); $fieldset_data['elements'][] = array('title' => 'Name', 'fields' => array(array('type' => 'text', 'name' => 'name', 'value' => $product['name'])));
} else { $linked_invoice_payments = $finance['linked_invoice_payments']; $linked_finances = $finance['linked_finances']; $module->page_title = $finance['name']; } // check permissions. if (class_exists('module_security', false)) { if ($finance_id > 0 && $finance['finance_id'] == $finance_id || isset($_REQUEST['invoice_payment_id']) && isset($invoice_payment_data) && $invoice_payment_data) { // if they are not allowed to "edit" a page, but the "view" permission exists // then we automatically grab the page and regex all the crap out of it that they are not allowed to change // eg: form elements, submit buttons, etc.. module_security::check_page(array('category' => 'Finance', 'page_name' => 'Finance', 'module' => 'finance', 'feature' => 'Edit')); } else { module_security::check_page(array('category' => 'Finance', 'page_name' => 'Finance', 'module' => 'finance', 'feature' => 'Create')); } module_security::sanatise_data('finance', $finance); } if (isset($finance['invoice_payment_id']) && (int) $finance['invoice_payment_id'] > 0) { //$locked = true; } $finance_recurring_id = isset($_REQUEST['finance_recurring_id']) ? (int) $_REQUEST['finance_recurring_id'] : false; if ($finance_id > 0 && $finance && isset($finance['finance_recurring_id']) && $finance['finance_recurring_id']) { $finance_recurring_id = $finance['finance_recurring_id']; } if ($finance_recurring_id > 0) { $finance_recurring = module_finance::get_recurring($finance_recurring_id); } if (!$finance_id && $finance_recurring_id > 0) { $finance = array_merge($finance, $finance_recurring); //print_r($finance_recurring); $finance['transaction_date'] = $finance_recurring['next_due_date'];
redirect_browser(_BASE_HREF); } $subscription_id = (int) $_REQUEST['subscription_id']; $subscription = array(); $subscription = module_subscription::get_subscription($subscription_id); // check permissions. if (class_exists('module_security', false)) { if ($subscription_id > 0 && $subscription['subscription_id'] == $subscription_id) { // if they are not allowed to "edit" a page, but the "view" permission exists // then we automatically grab the page and regex all the crap out of it that they are not allowed to change // eg: form elements, submit buttons, etc.. module_security::check_page(array('category' => 'Subscription', 'page_name' => 'Subscriptions', 'module' => 'subscription', 'feature' => 'Edit')); } else { module_security::check_page(array('category' => 'Subscription', 'page_name' => 'Subscriptions', 'module' => 'subscription', 'feature' => 'Create')); } module_security::sanatise_data('subscription', $subscription); } ?> <?php hook_handle_callback('layout_column_half', 1); ?> <form action="" method="post" id="subscription_form"> <input type="hidden" name="_process" value="save_subscription" /> <input type="hidden" name="subscription_id" value="<?php echo $subscription_id; ?> " />
if ($customer_id > 0 && $customer['customer_id'] == $customer_id) { $module->page_title = _l($page_type_single . ': %s', $customer['customer_name']); } else { $module->page_title = _l($page_type_single . ': %s', _l('New')); } // check permissions. if (class_exists('module_security', false)) { if ($customer_id > 0 && $customer['customer_id'] == $customer_id) { // if they are not allowed to "edit" a page, but the "view" permission exists // then we automatically grab the page and regex all the crap out of it that they are not allowed to change // eg: form elements, submit buttons, etc.. module_security::check_page(array('category' => 'Customer', 'page_name' => $page_type, 'module' => 'customer', 'feature' => 'Edit')); } else { module_security::check_page(array('category' => 'Customer', 'page_name' => $page_type, 'module' => 'customer', 'feature' => 'Create')); } module_security::sanatise_data('customer', $customer); } if (isset($_REQUEST['preview_email'])) { module_template::init_template('customer_statement_email', 'Dear {CUSTOMER_NAME},<br> <br> Please find below a copy of your details.<br><br> {EMAIL_DETAILS}<br><br> Thank you,<br><br> {FROM_NAME} ', 'Customer Statement: {CUSTOMER_NAME}', array('CUSTOMER_NAME' => 'Customers Name')); $template_name = isset($_REQUEST['template_name']) ? $_REQUEST['template_name'] : 'customer_statement_email'; $template = module_template::get_template_by_key($template_name); $to = module_user::get_contacts(array('customer_id' => $customer['customer_id'])); $to_select = false; if ($customer['primary_user_id']) { $primary = module_user::get_user($customer['primary_user_id']);
if ($vendor_id > 0 && $vendor['vendor_id'] == $vendor_id) { $module->page_title = _l($page_type_single . ': %s', $vendor['vendor_name']); } else { $module->page_title = _l($page_type_single . ': %s', _l('New')); } // check permissions. if (class_exists('module_security', false)) { if ($vendor_id > 0 && $vendor['vendor_id'] == $vendor_id) { // if they are not allowed to "edit" a page, but the "view" permission exists // then we automatically grab the page and regex all the crap out of it that they are not allowed to change // eg: form elements, submit buttons, etc.. module_security::check_page(array('category' => 'Vendor', 'page_name' => $page_type, 'module' => 'vendor', 'feature' => 'Edit')); } else { module_security::check_page(array('category' => 'Vendor', 'page_name' => $page_type, 'module' => 'vendor', 'feature' => 'Create')); } module_security::sanatise_data('vendor', $vendor); } ?> <form action="" method="post" id="vendor_form"> <input type="hidden" name="_process" value="save_vendor" /> <input type="hidden" name="vendor_id" value="<?php echo $vendor_id; ?> " /> <input type="hidden" name="_redirect" value="" id="form_redirect" /> <?php module_form::set_required(array('fields' => array('vendor_name' => 'Name', 'name' => 'Contact Name'))); module_form::prevent_exit(array('valid_exits' => array('.submit_button'))); module_form::print_form_auth(); //!(int)$vendor['vendor_id'] &&
$report_id = (int) $_REQUEST['report_id']; $report = module_report::get_report($report_id); if ($report_id > 0 && $report['report_id'] == $report_id) { $module->page_title = _l('Report: %s', $report['report_title']); } else { $module->page_title = _l('Report: %s', _l('New')); } if ($report_id > 0 && $report) { if (class_exists('module_security', false)) { module_security::check_page(array('module' => $module->module_name, 'feature' => 'edit')); } } else { if (class_exists('module_security', false)) { module_security::check_page(array('module' => $module->module_name, 'feature' => 'create')); } module_security::sanatise_data('report', $report); } if ($report_id > 0 && isset($_REQUEST['o']) && $_REQUEST['o'] == 'xls') { require_once 'php-excel.class.php'; // sending query $sql = $report['notes']; $export = mysql_query($sql); if (mysql_errno()) { set_error('SQL Error: ' . mysql_error() . ' ' . $sql); ?> <span class="button"> <?php echo create_link("Edit", "edit", module_report::link_generate($report['report_id'], array())); ?> </span><?php return false;
$quote_id = (int) $_REQUEST['quote_id']; $quote = module_quote::get_quote($quote_id); $quote_id = (int) $quote['quote_id']; $staff_members = module_user::get_staff_members(); $staff_member_rel = array(); foreach ($staff_members as $staff_member) { $staff_member_rel[$staff_member['user_id']] = $staff_member['name']; } if ($quote_id > 0 && $quote['quote_id'] == $quote_id) { $module->page_title = _l('Quote: %s', $quote['name']); } else { $module->page_title = _l('Quote: %s', _l('New')); } // check permissions. if (class_exists('module_security', false)) { module_security::sanatise_data('quote', $quote); } $quote_tasks = module_quote::get_quote_items($quote_id, $quote); if (class_exists('module_import_export', false)) { if (module_quote::can_i('view', 'Export Quote Tasks')) { module_import_export::enable_pagination_hook(array('name' => 'Quote Tasks Export', 'fields' => array('Quote Name' => 'quote_name', 'Task ID' => 'quote_task_id', 'Order' => 'task_order', 'Short Description' => 'description', 'Long Description' => 'long_description', 'Hours' => 'hours', 'Amount' => 'amount', 'Billable' => 'billable', 'Staff Member' => 'user_name'))); if (isset($_REQUEST['import_export_go']) && $_REQUEST['import_export_go'] == 'yes') { // do the task export. module_import_export::run_pagination_hook($quote_tasks); } } if (module_quote::can_i('view', 'Import Quote Tasks')) { $import_tasks_link = module_import_export::import_link(array('callback' => 'module_quote::handle_import_tasks', 'name' => 'Quote Tasks', 'quote_id' => $quote_id, 'return_url' => $_SERVER['REQUEST_URI'], 'fields' => array('Task ID' => array('quote_task_id', false, 'The existing system ID for this task. Will overwrite existing task ID. Leave blank to create new task.'), 'Order' => array('task_order', false, 'The numerical order the tasks will appear in.'), 'Short Description' => array('description', true), 'Long Description' => 'long_description', 'Hours' => 'hours', 'Hours Completed' => 'completed', 'Amount' => 'amount', 'Billable' => array('billable', false, '1 for billable, 0 for non-billable'), 'Staff Member' => array('user_name', false, 'One of: ' . implode(', ', $staff_member_rel))))); } } ?>
$module->page_title = _l('Invoice: #%s', htmlspecialchars($invoice['name'])); if (class_exists('module_security', false)) { // make sure current customer can access this invoice if (!module_security::can_access_data('invoice', $invoice, $invoice_id)) { echo 'Data access denied. Sorry.'; exit; } module_security::check_page(array('category' => 'Invoice', 'page_name' => 'Invoices', 'module' => 'invoice', 'feature' => 'edit')); } } else { $invoice_id = 0; $invoice = module_invoice::get_invoice($invoice_id); if (class_exists('module_security', false)) { module_security::check_page(array('category' => 'Invoice', 'page_name' => 'Invoices', 'module' => 'invoice', 'feature' => 'create')); } module_security::sanatise_data('invoice', $invoice); } $invoice_items = module_invoice::get_invoice_items($invoice_id, $invoice); $invoice_locked = $invoice['date_sent'] && $invoice['date_sent'] != '0000-00-00' || $invoice['date_paid'] && $invoice['date_paid'] != '0000-00-00'; if (isset($_REQUEST['as_deposit']) && isset($_REQUEST['job_id'])) { $invoice['deposit_job_id'] = (int) $_REQUEST['job_id']; } $discounts_allowed = !(isset($invoice['deposit_job_id']) && $invoice['deposit_job_id'] > 0); $customer_data = array(); if ($invoice['customer_id']) { $customer_data = module_customer::get_customer($invoice['customer_id']); } $show_task_dates = module_config::c('invoice_task_list_show_date', 1); $colspan = 2; if ($show_task_dates) { $colspan++;
* IP Address: 67.79.165.254 */ $group_id = (int) $_REQUEST['group_id']; $group = array(); if ($group_id > 0) { if (class_exists('module_security', false)) { module_security::check_page(array('category' => 'Group', 'page_name' => 'Groups', 'module' => 'group', 'feature' => 'edit')); } $group = module_group::get_group($group_id); } else { } if (!$group) { die('Creating groups this way is disabled'); $group_id = 'new'; $group = array('group_id' => 'new', 'name' => '', 'default_text' => ''); module_security::sanatise_data('group', $group); } ?> <form action="" method="post"> <?php module_form::prevent_exit(array('valid_exits' => array('.submit_button'))); ?> <input type="hidden" name="_process" value="save_group" /> <input type="hidden" name="group_id" value="<?php echo $group_id; ?>
* Envato: 4ffca17e-861e-4921-86c3-8931978c40ca * Package Date: 2015-11-25 02:55:20 * IP Address: 67.79.165.254 */ if (!module_config::can_i('view', 'Settings') || !module_template::can_i('edit', 'Templates')) { redirect_browser(_BASE_HREF); } $template_id = $_REQUEST['template_id']; $template = array(); if ((int) $template_id && $template_id != 'new') { $template = module_template::get_template($template_id); } if (!$template) { $template_id = 'new'; $template = array('template_id' => 'new', 'template_key' => '', 'description' => '', 'content' => '', 'name' => '', 'default_text' => '', 'wysiwyg' => 1); module_security::sanatise_data('template', $template); } ?> <form action="<?php echo module_template::link_open(false); ?> " method="post" id="template_form"> <?php module_form::prevent_exit(array('valid_exits' => array('.submit_button'))); if ($template) { // is there a company template? if (class_exists('module_company', false) && defined('COMPANY_UNIQUE_CONFIG') && COMPANY_UNIQUE_CONFIG) { if (module_company::get_current_logged_in_company_id()) { // we restrict this template editing to only this template.
* IP Address: 67.79.165.254 */ $member_id = (int) $_REQUEST['member_id']; $member = array(); $member = module_member::get_member($member_id); // check permissions. if (class_exists('module_security', false)) { if ($member_id > 0 && $member['member_id'] == $member_id) { // if they are not allowed to "edit" a page, but the "view" permission exists // then we automatically grab the page and regex all the crap out of it that they are not allowed to change // eg: form elements, submit buttons, etc.. module_security::check_page(array('category' => 'Member', 'page_name' => 'Members', 'module' => 'member', 'feature' => 'Edit')); } else { module_security::check_page(array('category' => 'Member', 'page_name' => 'Members', 'module' => 'member', 'feature' => 'Create')); } module_security::sanatise_data('member', $member); } $module->page_title = _l('Member: %s', htmlspecialchars($member['first_name'] . ' ' . $member['last_name'])); ?> <form action="" method="post" id="member_form"> <input type="hidden" name="_process" value="save_member" /> <input type="hidden" name="member_id" value="<?php echo $member_id; ?> " /> <?php module_form::set_required(array('fields' => array('first_name' => 'Name', 'email' => 'Email'))); module_form::prevent_exit(array('valid_exits' => array('.submit_button', '.submit_small'))); hook_handle_callback('layout_column_half', 1);