function process()
{
if ('plupload' == $_REQUEST['_process']) {
if (!self::can_i('edit', 'Files') && !self::can_i('create', 'Files')) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Permission error."}, "id" : "id"}');
}
@ob_end_clean();
// HTTP headers for no cache etc
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Settings
$targetDir = _FILE_UPLOAD_PATH . "plupload";
//$targetDir = 'uploads';
$cleanupTargetDir = true;
// Remove old files
$maxFileAge = 5 * 3600;
// Temp file age in seconds
// 5 minutes execution time
@set_time_limit(5 * 60);
// Uncomment this one to fake upload time
// usleep(5000);
// Get parameters
$chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
$fileName = isset($_REQUEST["plupload_key"]) ? $_REQUEST["plupload_key"] : '';
$fileName .= isset($_REQUEST["fileid"]) ? '-' . $_REQUEST["fileid"] : '';
$fileName = preg_replace('/[^a-zA-Z0-9-_]+/', '', $fileName);
if (!$fileName) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "No plupload_key defined."}, "id" : "id"}');
}
// Make sure the fileName is unique but only if chunking is disabled
if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
$ext = strrpos($fileName, '.');
$fileName_a = substr($fileName, 0, $ext);
$fileName_b = substr($fileName, $ext);
$count = 1;
while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) {
$count++;
}
$fileName = $fileName_a . '_' . $count . $fileName_b;
}
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
// Create target dir
if (!file_exists($targetDir)) {
@mkdir($targetDir);
}
// Remove old temp files
if ($cleanupTargetDir) {
if (!is_dir($targetDir) || !($dir = opendir($targetDir))) {
die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
}
while (($file = readdir($dir)) !== false) {
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
// If temp file is current file proceed to the next
if ($tmpfilePath == "{$filePath}.part") {
continue;
}
// Remove temp file if it is older than the max age and is not the current file
if (preg_match('/\\.part$/', $file) && filemtime($tmpfilePath) < time() - $maxFileAge) {
@unlink($tmpfilePath);
}
}
closedir($dir);
}
/// Open temp file
if (!($out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb"))) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
if (!empty($_FILES)) {
if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
// Read binary input stream and append it to temp file
if (!($in = @fopen($_FILES["file"]["tmp_name"], "rb"))) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
} else {
if (!($in = @fopen("php://input", "rb"))) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
}
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
@fclose($out);
@fclose($in);
// Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1) {
// Strip the temp .part suffix off
rename("{$filePath}.part", $filePath);
}
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
} else {
if ('download' == $_REQUEST['_process']) {
@ob_end_clean();
$file_id = (int) $_REQUEST['file_id'];
$file_data = $this->get_file($file_id);
if (isset($file_data['file_url']) && strlen($file_data['file_url'])) {
redirect_browser($file_data['file_url']);
} else {
if (is_file($file_data['file_path'])) {
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
//header("Content-Type: application/pdf");
header("Content-type: " . dtbaker_mime_type($file_data['file_name'], $file_data['file_path']));
header("Content-Disposition: attachment; filename=\"" . $file_data['file_name'] . "\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($file_data['file_path']));
//readfile($file_data['file_path']);
$size = @readfile($file_data['file_path']);
if (!$size) {
echo file_get_contents($file_data['file_path']);
}
} else {
echo 'Not found';
}
}
exit;
} else {
if ('save_file_popup' == $_REQUEST['_process']) {
$file_id = $_REQUEST['file_id'];
$file_path = false;
$file_name = false;
$options = unserialize(base64_decode($_REQUEST['options']));
// have we uploaded anything
if (isset($_FILES['file_upload']) && is_uploaded_file($_FILES['file_upload']['tmp_name'])) {
// copy to file area.
$file_name = basename($_FILES['file_upload']['name']);
if ($file_name) {
$file_path = _FILE_UPLOAD_PATH . md5(time() . $file_name);
if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path)) {
// it worked. umm.. do something.
} else {
?>
<script type="text/javascript">
alert('Unable to save file. Please check permissions.');
</script>
<?php
// it didnt work. todo: display error.
$file_path = false;
$file_name = false;
//set_error('Unable to save file');
}
}
}
if (isset($_REQUEST['file_name']) && $_REQUEST['file_name']) {
$file_name = $_REQUEST['file_name'];
}
if (!$file_path && !$file_name) {
return false;
}
if (!$file_id || $file_id == 'new') {
$file_data = array('file_id' => $file_id, 'owner_id' => (int) $_REQUEST['owner_id'], 'owner_table' => $_REQUEST['owner_table'], 'file_time' => time(), 'file_name' => $file_name, 'file_path' => $file_path);
} else {
// some fields we dont want to overwrite on existing files:
$file_data = array('file_id' => $file_id, 'file_path' => $file_path, 'file_name' => $file_name);
}
// make sure we're saving a file we have access too.
module_security::sanatise_data('file', $file_data);
$file_id = update_insert('file_id', $file_id, 'file', $file_data);
$file_data = $this->get_file($file_id);
// we've updated from a popup.
// this means we have to replace an existing file id with the updated output.
// or if none exists on the page, we add a new one to the holder.
$layout_type = isset($_REQUEST['layout']) && $_REQUEST['layout'] ? $_REQUEST['layout'] : 'gallery';
?>
<script type="text/javascript">
// check if it exists in parent window
var new_html = '<?php
echo addcslashes(preg_replace('/\\s+/', ' ', $this->print_file($file_id, $layout_type, true, $options)), "'");
?>
';
parent.new_file_added<?php
echo $file_data['owner_table'];
?>
_<?php
echo $file_data['owner_id'];
?>
(<?php
echo $file_id;
?>
,'<?php
echo $file_data['owner_table'];
?>
',<?php
echo $file_data['owner_id'];
?>
,new_html);
</script>
<?php
exit;
} else {
if ('save_file' == $_REQUEST['_process']) {
$file_id = (int) $_REQUEST['file_id'];
$file_path = false;
$file_name = false;
$file_url = '';
if (isset($_REQUEST['butt_del']) && self::can_i('delete', 'Files')) {
if (module_form::confirm_delete('file_id', 'Really delete this file?')) {
$ucm_file = new ucm_file($file_id);
$ucm_file->delete();
set_message('File removed successfully');
}
redirect_browser(module_file::link_open(false));
} else {
$files_to_save = array();
// pump data in to here for multiple file uploads.
// todo: stop people changing the "file_id" to another file they don't own.
if (self::can_i('edit', 'Files') || self::can_i('create', 'Files')) {
// have we uploaded anything
$file_changed = false;
if (isset($_REQUEST['plupload_key']) && isset($_REQUEST['plupload_file_name']) && is_array($_REQUEST['plupload_file_name']) && strlen(preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($_REQUEST['plupload_key'])))) {
$plupload_key = preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($_REQUEST['plupload_key']));
foreach ($_REQUEST['plupload_file_name'] as $plupload_file_name_key => $file_name) {
$plupload_file_name_key = preg_replace('/[^a-zA-Z0-9-_]+/', '', basename($plupload_file_name_key));
if ($plupload_key && $plupload_file_name_key && $file_name && is_file(_FILE_UPLOAD_PATH . 'plupload' . DIRECTORY_SEPARATOR . $plupload_key . '-' . $plupload_file_name_key)) {
$file_path = _FILE_UPLOAD_PATH . time() . '-' . md5(time() . $file_name);
if (rename(_FILE_UPLOAD_PATH . 'plupload' . DIRECTORY_SEPARATOR . $plupload_key . '-' . $plupload_file_name_key, $file_path)) {
// it worked. umm.. do something.
$file_changed = true;
$files_to_save[] = array('file_path' => $file_path, 'file_name' => $file_name);
} else {
// it didnt work. todo: display error.
$file_path = false;
$file_name = false;
set_error('Unable to save file via plupload.');
}
}
}
}
// the old file upload method, no plupload:
if (!$file_changed && isset($_FILES['file_upload']) && is_uploaded_file($_FILES['file_upload']['tmp_name'])) {
// copy to file area.
$file_name = basename($_FILES['file_upload']['name']);
if ($file_name) {
$file_path = _FILE_UPLOAD_PATH . time() . '-' . md5(time() . $file_name);
if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path)) {
// it worked. umm.. do something.
$file_changed = true;
$files_to_save[] = array('file_path' => $file_path, 'file_name' => $file_name);
} else {
// it didnt work. todo: display error.
$file_path = false;
$file_name = false;
set_error('Unable to save file');
}
}
}
if (!$file_path && isset($_REQUEST['file_url']) && isset($_REQUEST['file_name'])) {
$files_to_save[] = array('file_path' => '', 'file_url' => $_REQUEST['file_url'], 'file_name' => $_REQUEST['file_name']);
}
if (!$file_path && isset($_REQUEST['bucket'])) {
$files_to_save[] = array('file_name' => $_REQUEST['file_name'], 'bucket' => 1);
}
// make sure we have a valid customer_id and job_id selected.
$possible_customers = $possible_jobs = array();
if (class_exists('module_customer', false)) {
$possible_customers = module_customer::get_customers();
}
if (class_exists('module_job', false)) {
$possible_jobs = module_job::get_jobs();
}
$original_file_data = array();
if ($file_id > 0) {
$original_file_data = self::get_file($file_id);
if (!$original_file_data || $original_file_data['file_id'] != $file_id) {
die('No permissions to update this file');
}
}
$new_file = false;
if (!$file_id) {
$file_data = array('file_id' => $file_id, 'bucket_parent_file_id' => isset($_REQUEST['bucket_parent_file_id']) ? (int) $_REQUEST['bucket_parent_file_id'] : false, 'customer_id' => isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false, 'job_id' => isset($_REQUEST['job_id']) ? (int) $_REQUEST['job_id'] : false, 'quote_id' => isset($_REQUEST['quote_id']) ? (int) $_REQUEST['quote_id'] : false, 'website_id' => isset($_REQUEST['website_id']) ? (int) $_REQUEST['website_id'] : false, 'status' => isset($_REQUEST['status']) ? $_REQUEST['status'] : false, 'pointers' => isset($_REQUEST['pointers']) ? $_REQUEST['pointers'] : false, 'description' => isset($_REQUEST['description']) ? $_REQUEST['description'] : false, 'file_time' => time());
if (!isset($possible_customers[$file_data['customer_id']])) {
$file_data['customer_id'] = 0;
}
if (!isset($possible_jobs[$file_data['job_id']])) {
$file_data['job_id'] = 0;
}
$new_file = true;
} else {
// some fields we dont want to overwrite on existing files:
$file_data = array('file_id' => $file_id, 'bucket_parent_file_id' => isset($_REQUEST['bucket_parent_file_id']) ? (int) $_REQUEST['bucket_parent_file_id'] : false, 'pointers' => isset($_REQUEST['pointers']) ? $_REQUEST['pointers'] : false, 'customer_id' => isset($_REQUEST['customer_id']) ? (int) $_REQUEST['customer_id'] : false, 'job_id' => isset($_REQUEST['job_id']) ? (int) $_REQUEST['job_id'] : false, 'quote_id' => isset($_REQUEST['quote_id']) ? (int) $_REQUEST['quote_id'] : false, 'website_id' => isset($_REQUEST['website_id']) ? (int) $_REQUEST['website_id'] : false, 'status' => isset($_REQUEST['status']) ? $_REQUEST['status'] : false, 'description' => isset($_REQUEST['description']) ? $_REQUEST['description'] : false);
if (!isset($possible_customers[$file_data['customer_id']]) && $file_data['customer_id'] != $original_file_data['customer_id']) {
$file_data['customer_id'] = $original_file_data['customer_id'];
}
if ($file_data['job_id'] && !isset($possible_jobs[$file_data['job_id']]) && $file_data['job_id'] != $original_file_data['job_id']) {
$file_data['job_id'] = $original_file_data['job_id'];
}
}
$sub_bucket_fields = array('customer_id', 'job_id', 'quote_id', 'website_id');
if ($file_data['bucket_parent_file_id']) {
// we're saving a sub bucket file, pull in the file data from the parent file.
$parent_file = new ucm_file($file_data['bucket_parent_file_id']);
$parent_file_data = $parent_file->get_data();
foreach ($sub_bucket_fields as $sub_bucket_field) {
$file_data[$sub_bucket_field] = $parent_file_data[$sub_bucket_field];
}
}
if (!count($files_to_save)) {
$files_to_save[] = array();
}
foreach ($files_to_save as $id => $file_to_save) {
$file_data_to_save = array_merge($file_data, $file_to_save);
$files_to_save[$id]['file_id'] = update_insert('file_id', $file_data['file_id'], 'file', $file_data_to_save);
$file_data['file_id'] = 0;
// incease we're uploading multiple files
if (isset($_POST['staff_ids_save']) && (int) $files_to_save[$id]['file_id'] > 0) {
delete_from_db('file_user_rel', array('file_id'), array($files_to_save[$id]['file_id']));
if (isset($_POST['staff_ids']) && is_array($_POST['staff_ids'])) {
foreach ($_POST['staff_ids'] as $staff_id) {
$sql = "REPLACE INTO `" . _DB_PREFIX . "file_user_rel` SET ";
$sql .= " `user_id` = " . (int) $staff_id;
$sql .= ", `file_id` = " . (int) $files_to_save[$id]['file_id'];
query($sql);
}
}
}
if ($files_to_save[$id]['file_id'] > 0 && isset($file_data_to_save['bucket']) && $file_data_to_save['bucket']) {
// update certain fields of all the child files to match the parent bucket.
$search = array('bucket_parent_file_id' => $files_to_save[$id]['file_id']);
$sub_files = module_file::get_files($search);
$vals = array();
foreach ($sub_bucket_fields as $field) {
$vals[$field] = isset($file_data_to_save[$field]) ? $file_data_to_save[$field] : false;
}
foreach ($sub_files as $sub_file) {
update_insert('file_id', $sub_file['file_id'], 'file', $vals);
// and save the staff assignment manually too
if (isset($_POST['staff_ids_save']) && (int) $sub_file['file_id'] > 0) {
delete_from_db('file_user_rel', array('file_id'), array($sub_file['file_id']));
if (isset($_POST['staff_ids']) && is_array($_POST['staff_ids'])) {
foreach ($_POST['staff_ids'] as $staff_id) {
$sql = "REPLACE INTO `" . _DB_PREFIX . "file_user_rel` SET ";
$sql .= " `user_id` = " . (int) $staff_id;
$sql .= ", `file_id` = " . (int) $sub_file['file_id'];
query($sql);
}
}
}
}
}
module_extra::save_extras('file', 'file_id', $files_to_save[$id]['file_id']);
if ($file_changed) {
$this->send_file_changed_notice($files_to_save[$id]['file_id'], $new_file);
}
// file changed
}
}
if (module_file::can_i('create', 'File Comments')) {
$this->save_file_comments($file_id);
}
if (isset($_REQUEST['delete_file_comment_id']) && $_REQUEST['delete_file_comment_id']) {
$file_comment_id = (int) $_REQUEST['delete_file_comment_id'];
$comment = get_single('file_comment', 'file_comment_id', $file_comment_id);
if ($comment['create_user_id'] == module_security::get_loggedin_id() || module_file::can_i('delete', 'File Comments')) {
$sql = "DELETE FROM `" . _DB_PREFIX . "file_comment` WHERE file_id = '" . (int) $file_id . "' AND file_comment_id = '{$file_comment_id}' ";
$sql .= " LIMIT 1";
query($sql);
}
}
if (isset($_REQUEST['butt_email']) && $_REQUEST['butt_email'] && module_file::can_i('edit', 'File Approval')) {
redirect_browser($this->link_open_email($file_id));
}
if (count($files_to_save)) {
if (count($files_to_save) > 1) {
$file_id = false;
set_message(_l('%s Files saved successfully', count($files_to_save)));
} else {
set_message(_l('File saved successfully'));
$file_id = $files_to_save[0]['file_id'];
}
}
redirect_browser($this->link_open($file_id));
}
} else {
if ('delete_file_popup' == $_REQUEST['_process']) {
$file_id = (int) $_REQUEST['file_id'];
if (!$file_id || $file_id == 'new') {
// cant delete a new file.. do nothing.
} else {
$file_data = $this->get_file($file_id);
if (true) {
//module_security::can_access_data('file',$file_data,$file_id)){
// delete the physical file.
if (is_file($file_data['file_path'])) {
unlink($file_data['file_path']);
}
// delete the db entry.
delete_from_db('file', 'file_id', $file_id);
// update ui with changes.
?>
<script type="text/javascript">
var new_html = '';
parent.new_file_added<?php
echo $file_data['owner_table'];
?>
_<?php
echo $file_data['owner_id'];
?>
(<?php
echo $file_id;
?>
,'<?php
echo $file_data['owner_table'];
?>
',<?php
echo $file_data['owner_id'];
?>
,new_html);
</script>
<?php
}
}
exit;
}
}
}
}
}
}
$widget_id = (int) $_REQUEST['widget_id'];
$widget = module_widget::get_widget($widget_id);
if ($widget_id > 0 && $widget['widget_id'] == $widget_id) {
$module->page_title = 'Widget' . ': ' . $widget['name'];
} else {
$module->page_title = 'Widget' . ': ' . _l('New');
}
if ($widget_id > 0 && $widget) {
if (class_exists('module_security', false)) {
module_security::check_page(array('module' => $module->module_name, 'feature' => 'edit'));
}
} else {
if (class_exists('module_security', false)) {
module_security::check_page(array('module' => $module->module_name, 'feature' => 'create'));
}
module_security::sanatise_data('widget', $widget);
}
?>
<form action="" method="post">
<input type="hidden" name="_process" value="save_widget" />
<input type="hidden" name="widget_id" value="<?php
echo $widget_id;
?>
" />
<?php
$fields = array('fields' => array('name' => 'Name'));
$website_id = (int) $_REQUEST['website_id'];
$website = module_website::get_website($website_id);
if ($website_id > 0 && $website['website_id'] == $website_id) {
$module->page_title = module_config::c('project_name_single', 'Website') . ': ' . $website['name'];
} else {
$module->page_title = module_config::c('project_name_single', 'Website') . ': ' . _l('New');
}
if ($website_id > 0 && $website) {
if (class_exists('module_security', false)) {
module_security::check_page(array('module' => $module->module_name, 'feature' => 'edit'));
}
} else {
if (class_exists('module_security', false)) {
module_security::check_page(array('module' => $module->module_name, 'feature' => 'create'));
}
module_security::sanatise_data('website', $website);
}
?>
<form action="" method="post">
<input type="hidden" name="_process" value="save_website" />
<input type="hidden" name="website_id" value="<?php
echo $website_id;
?>
" />
<?php
* IP Address: 67.79.165.254
*/
if (!$module->can_i('view', 'Products') || !$module->can_i('edit', 'Products')) {
redirect_browser(_BASE_HREF);
}
// check permissions.
if (class_exists('module_security', false)) {
if ($product_category_id > 0 && $product_category['product_category_id'] == $product_category_id) {
// if they are not allowed to "edit" a page, but the "view" permission exists
// then we automatically grab the page and regex all the crap out of it that they are not allowed to change
// eg: form elements, submit buttons, etc..
module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Edit'));
} else {
module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Create'));
}
module_security::sanatise_data('product', $product_category);
}
?>
<form action="" method="post" id="product_category_form">
<input type="hidden" name="_process" value="save_product_category" />
<input type="hidden" name="product_category_id" value="<?php
echo (int) $product_category_id;
?>
" />
<?php
module_form::set_required(array('fields' => array('name' => 'Name')));
module_form::prevent_exit(array('valid_exits' => array('.submit_button')));
$fieldset_data = array('heading' => array('type' => 'h3', 'title' => 'Product Information'), 'class' => 'tableclass tableclass_form tableclass_full', 'elements' => array());
$fieldset_data['elements'][] = array('title' => 'Name', 'fields' => array(array('type' => 'text', 'name' => 'product_category_name', 'value' => $product_category['product_category_name'])));
if (!$job['hourly_rate']) {
$job['hourly_rate'] = 0;
}
$staff_members = module_user::get_staff_members();
$staff_member_rel = array();
foreach ($staff_members as $staff_member) {
$staff_member_rel[$staff_member['user_id']] = $staff_member['name'];
}
if ($job_id > 0 && $job['job_id'] == $job_id) {
$module->page_title = _l('Job: %s', $job['name']);
} else {
$module->page_title = _l('Job: %s', _l('New'));
}
// check permissions.
if (class_exists('module_security', false)) {
module_security::sanatise_data('job', $job);
}
$job_tasks = module_job::get_tasks($job_id);
if (class_exists('module_import_export', false)) {
if (module_job::can_i('view', 'Export Job Tasks')) {
module_import_export::enable_pagination_hook(array('name' => 'Job Tasks Export', 'fields' => array('Job Name' => 'job_name', 'Task ID' => 'task_id', 'Order' => 'task_order', 'Short Description' => 'description', 'Long Description' => 'long_description', 'Hours' => 'hours', 'Hours Completed' => 'completed', 'Amount' => 'amount', 'Billable' => 'billable', 'Fully Completed' => 'fully_completed', 'Date Due' => 'date_due', 'Invoice #' => 'invoice_number', 'Staff Member' => 'user_name', 'Approval Required' => 'approval_required')));
if (isset($_REQUEST['import_export_go']) && $_REQUEST['import_export_go'] == 'yes') {
// do the task export.
module_import_export::run_pagination_hook($job_tasks);
}
}
if (module_job::can_i('view', 'Import Job Tasks')) {
$import_tasks_link = module_import_export::import_link(array('callback' => 'module_job::handle_import_tasks', 'name' => 'Job Tasks', 'job_id' => $job_id, 'return_url' => $_SERVER['REQUEST_URI'], 'fields' => array('Task ID' => array('task_id', false, 'The existing system ID for this task. Will overwrite existing task ID. Leave blank to create new task.'), 'Order' => array('task_order', false, 'The numerical order the tasks will appear in.'), 'Short Description' => array('description', true), 'Long Description' => 'long_description', 'Hours' => 'hours', 'Hours Completed' => 'completed', 'Amount' => 'amount', 'Billable' => array('billable', false, '1 for billable, 0 for non-billable'), 'Fully Completed' => array('fully_completed', false, '1 for fully completed, 0 for not completed'), 'Date Due' => array('date_due', false, 'When this task is due for completion'), 'Staff Member' => array('user_name', false, 'One of: ' . implode(', ', $staff_member_rel)), 'Approval Required' => array('approval_required', false, '1 if the administrator needs to approve this task, 0 if it does not require approval'))));
}
}
?>
if (!module_config::can_i('edit', 'Settings')) {
redirect_browser(_BASE_HREF);
}
$company_id = (int) $_REQUEST['company_id'];
$company = array();
if ($company_id > 0) {
if (class_exists('module_security', false)) {
module_security::check_page(array('category' => 'Company', 'page_name' => 'Company', 'module' => 'company', 'feature' => 'edit'));
}
$company = module_company::get_company($company_id);
} else {
}
if (!$company) {
$company_id = 'new';
$company = array('company_id' => 'new', 'name' => '');
module_security::sanatise_data('company', $company);
}
?>
<form action="" method="post">
<input type="hidden" name="_process" value="save_company" />
<input type="hidden" name="company_id" value="<?php
echo $company_id;
?>
" />
<?php
module_form::print_form_auth();
module_form::prevent_exit(array('valid_exits' => array('.submit_button')));
$fieldset_data = array('heading' => array('type' => 'h3', 'title' => 'Company Details'), 'elements' => array(array('title' => _l('Company Name'), 'field' => array('name' => 'name', 'value' => $company['name'], 'type' => 'text'))));
}
// done in product_admin
//$product_id = (int)$_REQUEST['product_id'];
//$product = array();
//$product = module_product::get_product($product_id);
// check permissions.
if (class_exists('module_security', false)) {
if ($product_id > 0 && $product['product_id'] == $product_id) {
// if they are not allowed to "edit" a page, but the "view" permission exists
// then we automatically grab the page and regex all the crap out of it that they are not allowed to change
// eg: form elements, submit buttons, etc..
module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Edit'));
} else {
module_security::check_page(array('category' => 'Product', 'page_name' => 'Products', 'module' => 'product', 'feature' => 'Create'));
}
module_security::sanatise_data('product', $product);
}
?>
<form action="" method="post" id="product_form">
<input type="hidden" name="_process" value="save_product" />
<input type="hidden" name="product_id" value="<?php
echo $product_id;
?>
" />
<?php
module_form::set_required(array('fields' => array('name' => 'Name')));
module_form::prevent_exit(array('valid_exits' => array('.submit_button')));
$fieldset_data = array('heading' => array('type' => 'h3', 'title' => 'Product Information'), 'class' => 'tableclass tableclass_form tableclass_full', 'elements' => array());
$fieldset_data['elements'][] = array('title' => 'Name', 'fields' => array(array('type' => 'text', 'name' => 'name', 'value' => $product['name'])));
} else {
$linked_invoice_payments = $finance['linked_invoice_payments'];
$linked_finances = $finance['linked_finances'];
$module->page_title = $finance['name'];
}
// check permissions.
if (class_exists('module_security', false)) {
if ($finance_id > 0 && $finance['finance_id'] == $finance_id || isset($_REQUEST['invoice_payment_id']) && isset($invoice_payment_data) && $invoice_payment_data) {
// if they are not allowed to "edit" a page, but the "view" permission exists
// then we automatically grab the page and regex all the crap out of it that they are not allowed to change
// eg: form elements, submit buttons, etc..
module_security::check_page(array('category' => 'Finance', 'page_name' => 'Finance', 'module' => 'finance', 'feature' => 'Edit'));
} else {
module_security::check_page(array('category' => 'Finance', 'page_name' => 'Finance', 'module' => 'finance', 'feature' => 'Create'));
}
module_security::sanatise_data('finance', $finance);
}
if (isset($finance['invoice_payment_id']) && (int) $finance['invoice_payment_id'] > 0) {
//$locked = true;
}
$finance_recurring_id = isset($_REQUEST['finance_recurring_id']) ? (int) $_REQUEST['finance_recurring_id'] : false;
if ($finance_id > 0 && $finance && isset($finance['finance_recurring_id']) && $finance['finance_recurring_id']) {
$finance_recurring_id = $finance['finance_recurring_id'];
}
if ($finance_recurring_id > 0) {
$finance_recurring = module_finance::get_recurring($finance_recurring_id);
}
if (!$finance_id && $finance_recurring_id > 0) {
$finance = array_merge($finance, $finance_recurring);
//print_r($finance_recurring);
$finance['transaction_date'] = $finance_recurring['next_due_date'];
redirect_browser(_BASE_HREF);
}
$subscription_id = (int) $_REQUEST['subscription_id'];
$subscription = array();
$subscription = module_subscription::get_subscription($subscription_id);
// check permissions.
if (class_exists('module_security', false)) {
if ($subscription_id > 0 && $subscription['subscription_id'] == $subscription_id) {
// if they are not allowed to "edit" a page, but the "view" permission exists
// then we automatically grab the page and regex all the crap out of it that they are not allowed to change
// eg: form elements, submit buttons, etc..
module_security::check_page(array('category' => 'Subscription', 'page_name' => 'Subscriptions', 'module' => 'subscription', 'feature' => 'Edit'));
} else {
module_security::check_page(array('category' => 'Subscription', 'page_name' => 'Subscriptions', 'module' => 'subscription', 'feature' => 'Create'));
}
module_security::sanatise_data('subscription', $subscription);
}
?>
<?php
hook_handle_callback('layout_column_half', 1);
?>
<form action="" method="post" id="subscription_form">
<input type="hidden" name="_process" value="save_subscription" />
<input type="hidden" name="subscription_id" value="<?php
echo $subscription_id;
?>
" />
if ($customer_id > 0 && $customer['customer_id'] == $customer_id) {
$module->page_title = _l($page_type_single . ': %s', $customer['customer_name']);
} else {
$module->page_title = _l($page_type_single . ': %s', _l('New'));
}
// check permissions.
if (class_exists('module_security', false)) {
if ($customer_id > 0 && $customer['customer_id'] == $customer_id) {
// if they are not allowed to "edit" a page, but the "view" permission exists
// then we automatically grab the page and regex all the crap out of it that they are not allowed to change
// eg: form elements, submit buttons, etc..
module_security::check_page(array('category' => 'Customer', 'page_name' => $page_type, 'module' => 'customer', 'feature' => 'Edit'));
} else {
module_security::check_page(array('category' => 'Customer', 'page_name' => $page_type, 'module' => 'customer', 'feature' => 'Create'));
}
module_security::sanatise_data('customer', $customer);
}
if (isset($_REQUEST['preview_email'])) {
module_template::init_template('customer_statement_email', 'Dear {CUSTOMER_NAME},<br>
<br>
Please find below a copy of your details.<br><br>
{EMAIL_DETAILS}<br><br>
Thank you,<br><br>
{FROM_NAME}
', 'Customer Statement: {CUSTOMER_NAME}', array('CUSTOMER_NAME' => 'Customers Name'));
$template_name = isset($_REQUEST['template_name']) ? $_REQUEST['template_name'] : 'customer_statement_email';
$template = module_template::get_template_by_key($template_name);
$to = module_user::get_contacts(array('customer_id' => $customer['customer_id']));
$to_select = false;
if ($customer['primary_user_id']) {
$primary = module_user::get_user($customer['primary_user_id']);
if ($vendor_id > 0 && $vendor['vendor_id'] == $vendor_id) {
$module->page_title = _l($page_type_single . ': %s', $vendor['vendor_name']);
} else {
$module->page_title = _l($page_type_single . ': %s', _l('New'));
}
// check permissions.
if (class_exists('module_security', false)) {
if ($vendor_id > 0 && $vendor['vendor_id'] == $vendor_id) {
// if they are not allowed to "edit" a page, but the "view" permission exists
// then we automatically grab the page and regex all the crap out of it that they are not allowed to change
// eg: form elements, submit buttons, etc..
module_security::check_page(array('category' => 'Vendor', 'page_name' => $page_type, 'module' => 'vendor', 'feature' => 'Edit'));
} else {
module_security::check_page(array('category' => 'Vendor', 'page_name' => $page_type, 'module' => 'vendor', 'feature' => 'Create'));
}
module_security::sanatise_data('vendor', $vendor);
}
?>
<form action="" method="post" id="vendor_form">
<input type="hidden" name="_process" value="save_vendor" />
<input type="hidden" name="vendor_id" value="<?php
echo $vendor_id;
?>
" />
<input type="hidden" name="_redirect" value="" id="form_redirect" />
<?php
module_form::set_required(array('fields' => array('vendor_name' => 'Name', 'name' => 'Contact Name')));
module_form::prevent_exit(array('valid_exits' => array('.submit_button')));
module_form::print_form_auth();
//!(int)$vendor['vendor_id'] &&
$report_id = (int) $_REQUEST['report_id'];
$report = module_report::get_report($report_id);
if ($report_id > 0 && $report['report_id'] == $report_id) {
$module->page_title = _l('Report: %s', $report['report_title']);
} else {
$module->page_title = _l('Report: %s', _l('New'));
}
if ($report_id > 0 && $report) {
if (class_exists('module_security', false)) {
module_security::check_page(array('module' => $module->module_name, 'feature' => 'edit'));
}
} else {
if (class_exists('module_security', false)) {
module_security::check_page(array('module' => $module->module_name, 'feature' => 'create'));
}
module_security::sanatise_data('report', $report);
}
if ($report_id > 0 && isset($_REQUEST['o']) && $_REQUEST['o'] == 'xls') {
require_once 'php-excel.class.php';
// sending query
$sql = $report['notes'];
$export = mysql_query($sql);
if (mysql_errno()) {
set_error('SQL Error: ' . mysql_error() . ' ' . $sql);
?>
<span class="button">
<?php
echo create_link("Edit", "edit", module_report::link_generate($report['report_id'], array()));
?>
</span><?php
return false;
$quote_id = (int) $_REQUEST['quote_id'];
$quote = module_quote::get_quote($quote_id);
$quote_id = (int) $quote['quote_id'];
$staff_members = module_user::get_staff_members();
$staff_member_rel = array();
foreach ($staff_members as $staff_member) {
$staff_member_rel[$staff_member['user_id']] = $staff_member['name'];
}
if ($quote_id > 0 && $quote['quote_id'] == $quote_id) {
$module->page_title = _l('Quote: %s', $quote['name']);
} else {
$module->page_title = _l('Quote: %s', _l('New'));
}
// check permissions.
if (class_exists('module_security', false)) {
module_security::sanatise_data('quote', $quote);
}
$quote_tasks = module_quote::get_quote_items($quote_id, $quote);
if (class_exists('module_import_export', false)) {
if (module_quote::can_i('view', 'Export Quote Tasks')) {
module_import_export::enable_pagination_hook(array('name' => 'Quote Tasks Export', 'fields' => array('Quote Name' => 'quote_name', 'Task ID' => 'quote_task_id', 'Order' => 'task_order', 'Short Description' => 'description', 'Long Description' => 'long_description', 'Hours' => 'hours', 'Amount' => 'amount', 'Billable' => 'billable', 'Staff Member' => 'user_name')));
if (isset($_REQUEST['import_export_go']) && $_REQUEST['import_export_go'] == 'yes') {
// do the task export.
module_import_export::run_pagination_hook($quote_tasks);
}
}
if (module_quote::can_i('view', 'Import Quote Tasks')) {
$import_tasks_link = module_import_export::import_link(array('callback' => 'module_quote::handle_import_tasks', 'name' => 'Quote Tasks', 'quote_id' => $quote_id, 'return_url' => $_SERVER['REQUEST_URI'], 'fields' => array('Task ID' => array('quote_task_id', false, 'The existing system ID for this task. Will overwrite existing task ID. Leave blank to create new task.'), 'Order' => array('task_order', false, 'The numerical order the tasks will appear in.'), 'Short Description' => array('description', true), 'Long Description' => 'long_description', 'Hours' => 'hours', 'Hours Completed' => 'completed', 'Amount' => 'amount', 'Billable' => array('billable', false, '1 for billable, 0 for non-billable'), 'Staff Member' => array('user_name', false, 'One of: ' . implode(', ', $staff_member_rel)))));
}
}
?>
$module->page_title = _l('Invoice: #%s', htmlspecialchars($invoice['name']));
if (class_exists('module_security', false)) {
// make sure current customer can access this invoice
if (!module_security::can_access_data('invoice', $invoice, $invoice_id)) {
echo 'Data access denied. Sorry.';
exit;
}
module_security::check_page(array('category' => 'Invoice', 'page_name' => 'Invoices', 'module' => 'invoice', 'feature' => 'edit'));
}
} else {
$invoice_id = 0;
$invoice = module_invoice::get_invoice($invoice_id);
if (class_exists('module_security', false)) {
module_security::check_page(array('category' => 'Invoice', 'page_name' => 'Invoices', 'module' => 'invoice', 'feature' => 'create'));
}
module_security::sanatise_data('invoice', $invoice);
}
$invoice_items = module_invoice::get_invoice_items($invoice_id, $invoice);
$invoice_locked = $invoice['date_sent'] && $invoice['date_sent'] != '0000-00-00' || $invoice['date_paid'] && $invoice['date_paid'] != '0000-00-00';
if (isset($_REQUEST['as_deposit']) && isset($_REQUEST['job_id'])) {
$invoice['deposit_job_id'] = (int) $_REQUEST['job_id'];
}
$discounts_allowed = !(isset($invoice['deposit_job_id']) && $invoice['deposit_job_id'] > 0);
$customer_data = array();
if ($invoice['customer_id']) {
$customer_data = module_customer::get_customer($invoice['customer_id']);
}
$show_task_dates = module_config::c('invoice_task_list_show_date', 1);
$colspan = 2;
if ($show_task_dates) {
$colspan++;
* IP Address: 67.79.165.254
*/
$group_id = (int) $_REQUEST['group_id'];
$group = array();
if ($group_id > 0) {
if (class_exists('module_security', false)) {
module_security::check_page(array('category' => 'Group', 'page_name' => 'Groups', 'module' => 'group', 'feature' => 'edit'));
}
$group = module_group::get_group($group_id);
} else {
}
if (!$group) {
die('Creating groups this way is disabled');
$group_id = 'new';
$group = array('group_id' => 'new', 'name' => '', 'default_text' => '');
module_security::sanatise_data('group', $group);
}
?>
<form action="" method="post">
<?php
module_form::prevent_exit(array('valid_exits' => array('.submit_button')));
?>
<input type="hidden" name="_process" value="save_group" />
<input type="hidden" name="group_id" value="<?php
echo $group_id;
?>
* Envato: 4ffca17e-861e-4921-86c3-8931978c40ca
* Package Date: 2015-11-25 02:55:20
* IP Address: 67.79.165.254
*/
if (!module_config::can_i('view', 'Settings') || !module_template::can_i('edit', 'Templates')) {
redirect_browser(_BASE_HREF);
}
$template_id = $_REQUEST['template_id'];
$template = array();
if ((int) $template_id && $template_id != 'new') {
$template = module_template::get_template($template_id);
}
if (!$template) {
$template_id = 'new';
$template = array('template_id' => 'new', 'template_key' => '', 'description' => '', 'content' => '', 'name' => '', 'default_text' => '', 'wysiwyg' => 1);
module_security::sanatise_data('template', $template);
}
?>
<form action="<?php
echo module_template::link_open(false);
?>
" method="post" id="template_form">
<?php
module_form::prevent_exit(array('valid_exits' => array('.submit_button')));
if ($template) {
// is there a company template?
if (class_exists('module_company', false) && defined('COMPANY_UNIQUE_CONFIG') && COMPANY_UNIQUE_CONFIG) {
if (module_company::get_current_logged_in_company_id()) {
// we restrict this template editing to only this template.
* IP Address: 67.79.165.254
*/
$member_id = (int) $_REQUEST['member_id'];
$member = array();
$member = module_member::get_member($member_id);
// check permissions.
if (class_exists('module_security', false)) {
if ($member_id > 0 && $member['member_id'] == $member_id) {
// if they are not allowed to "edit" a page, but the "view" permission exists
// then we automatically grab the page and regex all the crap out of it that they are not allowed to change
// eg: form elements, submit buttons, etc..
module_security::check_page(array('category' => 'Member', 'page_name' => 'Members', 'module' => 'member', 'feature' => 'Edit'));
} else {
module_security::check_page(array('category' => 'Member', 'page_name' => 'Members', 'module' => 'member', 'feature' => 'Create'));
}
module_security::sanatise_data('member', $member);
}
$module->page_title = _l('Member: %s', htmlspecialchars($member['first_name'] . ' ' . $member['last_name']));
?>
<form action="" method="post" id="member_form">
<input type="hidden" name="_process" value="save_member" />
<input type="hidden" name="member_id" value="<?php
echo $member_id;
?>
" />
<?php
module_form::set_required(array('fields' => array('first_name' => 'Name', 'email' => 'Email')));
module_form::prevent_exit(array('valid_exits' => array('.submit_button', '.submit_small')));
hook_handle_callback('layout_column_half', 1);
