function bannerlist_insert()
{
global $Translation;
// mm: can member insert record?
$arrPerm = getTablePermissions('bannerlist');
if (!$arrPerm[1]) {
return false;
}
$data['imgurl'] = makeSafe($_REQUEST['imgurl']);
if ($data['imgurl'] == empty_lookup_value) {
$data['imgurl'] = '';
}
$data['linkurl'] = makeSafe($_REQUEST['linkurl']);
if ($data['linkurl'] == empty_lookup_value) {
$data['linkurl'] = '';
}
$data['listdisp'] = makeSafe($_REQUEST['listdisp']);
if ($data['listdisp'] == empty_lookup_value) {
$data['listdisp'] = '';
}
$data['dldisp'] = makeSafe($_REQUEST['dldisp']);
if ($data['dldisp'] == empty_lookup_value) {
$data['dldisp'] = '';
}
$data['authdisp'] = makeSafe($_REQUEST['authdisp']);
if ($data['authdisp'] == empty_lookup_value) {
$data['authdisp'] = '';
}
// hook: bannerlist_before_insert
if (function_exists('bannerlist_before_insert')) {
$args = array();
if (!bannerlist_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `bannerlist` set `imgurl`=' . ($data['imgurl'] !== '' && $data['imgurl'] !== NULL ? "'{$data['imgurl']}'" : 'NULL') . ', `linkurl`=' . ($data['linkurl'] !== '' && $data['linkurl'] !== NULL ? "'{$data['linkurl']}'" : 'NULL') . ', `listdisp`=' . ($data['listdisp'] !== '' && $data['listdisp'] !== NULL ? "'{$data['listdisp']}'" : 'NULL') . ', `dldisp`=' . ($data['dldisp'] !== '' && $data['dldisp'] !== NULL ? "'{$data['dldisp']}'" : 'NULL') . ', `authdisp`=' . ($data['authdisp'] !== '' && $data['authdisp'] !== NULL ? "'{$data['authdisp']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"bannerlist_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: bannerlist_after_insert
if (function_exists('bannerlist_after_insert')) {
$res = sql("select * from `bannerlist` where `bannerid`='" . makeSafe($recID, false) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID, false);
$args = array();
if (!bannerlist_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert ignore into membership_userrecords set tableName='bannerlist', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function shippers_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('shippers');
if (!$arrPerm[1]) {
return false;
}
$data['CompanyName'] = makeSafe($_POST['CompanyName']);
if ($data['CompanyName'] == empty_lookup_value) {
$data['CompanyName'] = '';
}
$data['Phone'] = makeSafe($_POST['Phone']);
if ($data['Phone'] == empty_lookup_value) {
$data['Phone'] = '';
}
if ($data['CompanyName'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Company Name': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
// hook: shippers_before_insert
if (function_exists('shippers_before_insert')) {
$args = array();
if (!shippers_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `shippers` set `CompanyName`=' . ($data['CompanyName'] !== '' && $data['CompanyName'] !== NULL ? "'{$data['CompanyName']}'" : 'NULL') . ', `Phone`=' . ($data['Phone'] !== '' && $data['Phone'] !== NULL ? "'{$data['Phone']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"shippers_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: shippers_after_insert
if (function_exists('shippers_after_insert')) {
$res = sql("select * from `shippers` where `ShipperID`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!shippers_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='shippers', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function db_error($link = NULL, $mysqli_connect = false)
{
if (!$link) {
$link = db_link();
}
switch (DATABASE) {
case 'mysql':
return mysql_error($link);
case 'mysqli':
if ($mysqli_connect) {
return mysqli_connect_error();
}
return mysqli_error($link);
}
}
function residence_and_rental_history_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('residence_and_rental_history');
if (!$arrPerm[1]) {
return false;
}
$data['tenant'] = makeSafe($_POST['tenant']);
if ($data['tenant'] == empty_lookup_value) {
$data['tenant'] = '';
}
$data['address'] = makeSafe($_POST['address']);
if ($data['address'] == empty_lookup_value) {
$data['address'] = '';
}
$data['landlord_or_manager_name'] = makeSafe($_POST['landlord_or_manager_name']);
if ($data['landlord_or_manager_name'] == empty_lookup_value) {
$data['landlord_or_manager_name'] = '';
}
$data['landlord_or_manager_phone'] = makeSafe($_POST['landlord_or_manager_phone']);
if ($data['landlord_or_manager_phone'] == empty_lookup_value) {
$data['landlord_or_manager_phone'] = '';
}
$data['monthly_rent'] = makeSafe($_POST['monthly_rent']);
if ($data['monthly_rent'] == empty_lookup_value) {
$data['monthly_rent'] = '';
}
$data['duration_of_residency_from'] = intval($_POST['duration_of_residency_fromYear']) . '-' . intval($_POST['duration_of_residency_fromMonth']) . '-' . intval($_POST['duration_of_residency_fromDay']);
$data['duration_of_residency_from'] = parseMySQLDate($data['duration_of_residency_from'], '');
$data['to'] = intval($_POST['toYear']) . '-' . intval($_POST['toMonth']) . '-' . intval($_POST['toDay']);
$data['to'] = parseMySQLDate($data['to'], '');
$data['reason_for_leaving'] = makeSafe($_POST['reason_for_leaving']);
if ($data['reason_for_leaving'] == empty_lookup_value) {
$data['reason_for_leaving'] = '';
}
$data['notes'] = makeSafe($_POST['notes']);
if ($data['notes'] == empty_lookup_value) {
$data['notes'] = '';
}
// hook: residence_and_rental_history_before_insert
if (function_exists('residence_and_rental_history_before_insert')) {
$args = array();
if (!residence_and_rental_history_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `residence_and_rental_history` set `tenant`=' . ($data['tenant'] !== '' && $data['tenant'] !== NULL ? "'{$data['tenant']}'" : 'NULL') . ', `address`=' . ($data['address'] !== '' && $data['address'] !== NULL ? "'{$data['address']}'" : 'NULL') . ', `landlord_or_manager_name`=' . ($data['landlord_or_manager_name'] !== '' && $data['landlord_or_manager_name'] !== NULL ? "'{$data['landlord_or_manager_name']}'" : 'NULL') . ', `landlord_or_manager_phone`=' . ($data['landlord_or_manager_phone'] !== '' && $data['landlord_or_manager_phone'] !== NULL ? "'{$data['landlord_or_manager_phone']}'" : 'NULL') . ', `monthly_rent`=' . ($data['monthly_rent'] !== '' && $data['monthly_rent'] !== NULL ? "'{$data['monthly_rent']}'" : 'NULL') . ', `duration_of_residency_from`=' . ($data['duration_of_residency_from'] !== '' && $data['duration_of_residency_from'] !== NULL ? "'{$data['duration_of_residency_from']}'" : 'NULL') . ', `to`=' . ($data['to'] !== '' && $data['to'] !== NULL ? "'{$data['to']}'" : 'NULL') . ', `reason_for_leaving`=' . ($data['reason_for_leaving'] !== '' && $data['reason_for_leaving'] !== NULL ? "'{$data['reason_for_leaving']}'" : 'NULL') . ', `notes`=' . ($data['notes'] !== '' && $data['notes'] !== NULL ? "'{$data['notes']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"residence_and_rental_history_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: residence_and_rental_history_after_insert
if (function_exists('residence_and_rental_history_after_insert')) {
$res = sql("select * from `residence_and_rental_history` where `id`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!residence_and_rental_history_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='residence_and_rental_history', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function setupTable($tableName, $createSQL = '', $silent = true, $arrAlter = '')
{
global $Translation;
ob_start();
echo '<div style="padding: 5px; border-bottom:solid 1px silver; font-family: verdana, arial; font-size: 10px;">';
// is there a table rename query?
if (is_array($arrAlter)) {
$matches = array();
if (preg_match("/ALTER TABLE `(.*)` RENAME `{$tableName}`/", $arrAlter[0], $matches)) {
$oldTableName = $matches[1];
}
}
if ($res = @db_query("select count(1) from `{$tableName}`")) {
// table already exists
if ($row = @db_fetch_array($res)) {
echo str_replace("<TableName>", $tableName, str_replace("<NumRecords>", $row[0], $Translation["table exists"]));
if (is_array($arrAlter)) {
echo '<br>';
foreach ($arrAlter as $alter) {
if ($alter != '') {
echo "{$alter} ... ";
if (!@db_query($alter)) {
echo '<span class="label label-danger">' . $Translation['failed'] . '</span>';
echo '<div class="text-danger">' . $Translation['mysql said'] . ' ' . db_error(db_link()) . '</div>';
} else {
echo '<span class="label label-success">' . $Translation['ok'] . '</span>';
}
}
}
} else {
echo $Translation["table uptodate"];
}
} else {
echo str_replace("<TableName>", $tableName, $Translation["couldnt count"]);
}
} else {
// given tableName doesn't exist
if ($oldTableName != '') {
// if we have a table rename query
if ($ro = @db_query("select count(1) from `{$oldTableName}`")) {
// if old table exists, rename it.
$renameQuery = array_shift($arrAlter);
// get and remove rename query
echo "{$renameQuery} ... ";
if (!@db_query($renameQuery)) {
echo '<span class="label label-danger">' . $Translation['failed'] . '</span>';
echo '<div class="text-danger">' . $Translation['mysql said'] . ' ' . db_error(db_link()) . '</div>';
} else {
echo '<span class="label label-success">' . $Translation['ok'] . '</span>';
}
if (is_array($arrAlter)) {
setupTable($tableName, $createSQL, false, $arrAlter);
}
// execute Alter queries on renamed table ...
} else {
// if old tableName doesn't exist (nor the new one since we're here), then just create the table.
setupTable($tableName, $createSQL, false);
// no Alter queries passed ...
}
} else {
// tableName doesn't exist and no rename, so just create the table
echo str_replace("<TableName>", $tableName, $Translation["creating table"]);
if (!@db_query($createSQL)) {
echo '<span class="label label-danger">' . $Translation['failed'] . '</span>';
echo '<div class="text-danger">' . $Translation['mysql said'] . db_error(db_link()) . '</div>';
} else {
echo '<span class="label label-success">' . $Translation['ok'] . '</span>';
}
}
}
echo "</div>";
$out = ob_get_contents();
ob_end_clean();
if (!$silent) {
echo $out;
}
}
function products_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('products');
if (!$arrPerm[1]) {
return false;
}
$data['ProductName'] = makeSafe($_POST['ProductName']);
if ($data['ProductName'] == empty_lookup_value) {
$data['ProductName'] = '';
}
$data['SupplierID'] = makeSafe($_POST['SupplierID']);
if ($data['SupplierID'] == empty_lookup_value) {
$data['SupplierID'] = '';
}
$data['CategoryID'] = makeSafe($_POST['CategoryID']);
if ($data['CategoryID'] == empty_lookup_value) {
$data['CategoryID'] = '';
}
$data['QuantityPerUnit'] = makeSafe($_POST['QuantityPerUnit']);
if ($data['QuantityPerUnit'] == empty_lookup_value) {
$data['QuantityPerUnit'] = '';
}
$data['UnitPrice'] = makeSafe($_POST['UnitPrice']);
if ($data['UnitPrice'] == empty_lookup_value) {
$data['UnitPrice'] = '';
}
$data['UnitsInStock'] = makeSafe($_POST['UnitsInStock']);
if ($data['UnitsInStock'] == empty_lookup_value) {
$data['UnitsInStock'] = '';
}
$data['UnitsOnOrder'] = makeSafe($_POST['UnitsOnOrder']);
if ($data['UnitsOnOrder'] == empty_lookup_value) {
$data['UnitsOnOrder'] = '';
}
$data['ReorderLevel'] = makeSafe($_POST['ReorderLevel']);
if ($data['ReorderLevel'] == empty_lookup_value) {
$data['ReorderLevel'] = '';
}
$data['Discontinued'] = makeSafe($_POST['Discontinued']);
if ($data['Discontinued'] == empty_lookup_value) {
$data['Discontinued'] = '';
}
if ($data['UnitPrice'] == '') {
$data['UnitPrice'] = "0";
}
if ($data['UnitsInStock'] == '') {
$data['UnitsInStock'] = "0";
}
if ($data['UnitsOnOrder'] == '') {
$data['UnitsOnOrder'] = "0";
}
if ($data['ReorderLevel'] == '') {
$data['ReorderLevel'] = "0";
}
// hook: products_before_insert
if (function_exists('products_before_insert')) {
$args = array();
if (!products_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `products` set `ProductName`=' . ($data['ProductName'] !== '' && $data['ProductName'] !== NULL ? "'{$data['ProductName']}'" : 'NULL') . ', `SupplierID`=' . ($data['SupplierID'] !== '' && $data['SupplierID'] !== NULL ? "'{$data['SupplierID']}'" : 'NULL') . ', `CategoryID`=' . ($data['CategoryID'] !== '' && $data['CategoryID'] !== NULL ? "'{$data['CategoryID']}'" : 'NULL') . ', `QuantityPerUnit`=' . ($data['QuantityPerUnit'] !== '' && $data['QuantityPerUnit'] !== NULL ? "'{$data['QuantityPerUnit']}'" : 'NULL') . ', `UnitPrice`=' . ($data['UnitPrice'] !== '' && $data['UnitPrice'] !== NULL ? "'{$data['UnitPrice']}'" : 'NULL') . ', `UnitsInStock`=' . ($data['UnitsInStock'] !== '' && $data['UnitsInStock'] !== NULL ? "'{$data['UnitsInStock']}'" : 'NULL') . ', `UnitsOnOrder`=' . ($data['UnitsOnOrder'] !== '' && $data['UnitsOnOrder'] !== NULL ? "'{$data['UnitsOnOrder']}'" : 'NULL') . ', `ReorderLevel`=' . ($data['ReorderLevel'] !== '' && $data['ReorderLevel'] !== NULL ? "'{$data['ReorderLevel']}'" : 'NULL') . ', `Discontinued`=' . ($data['Discontinued'] !== '' && $data['Discontinued'] !== NULL ? "'{$data['Discontinued']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"products_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: products_after_insert
if (function_exists('products_after_insert')) {
$res = sql("select * from `products` where `ProductID`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!products_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='products', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function method_insertpin($params, $error)
{
if (!isset($_SESSION['username'])) {
die("Not logged in");
}
if (!check_permission($_SESSION['member_id'], "AMEND_PINS")) {
$error->SetError(JsonRpcError_PermissionDenied, "Permission Denied (AMEND_PINS)");
return $error;
}
$err = "";
$link = db_link();
if (strlen($params[1]) <= 1) {
$d = "";
} else {
$exp_date = new DateTime($params[1]);
$d = date_format($exp_date, 'd/m/Y H:i:s');
}
$ret = $link->sp_pin_insert($params[0], $d, $params[2], $params[3], $err);
$link->close();
if (strlen($err) > 0) {
$ret = $err;
} else {
if (!$ret) {
$ret = "Failed to insert";
} else {
$ret = "";
}
}
return $ret;
}
function login()
{
$result = array();
if (!isset($_POST["username"]) || !isset($_POST["password"])) {
$result['access_granted'] = false;
$result['error'] = 'Missing username/password';
} else {
$username = $_POST["username"];
$password = $_POST["password"];
/* Replace anything that isn't a-Z, 0-9 with an underscore (mostly after spaces...) */
$username = preg_replace('/[^a-zA-Z0-9]/', '_', $username);
$oInstDB = db_link();
if ($oInstDB->sp_wiki_login($username, $email, $name, $ret)) {
if ($ret == 1) {
/* check password */
$krb5 = krb_auth();
if ($krb5->check_password($username, $password)) {
$result['access_granted'] = true;
$result['name'] = $name;
$result['email'] = $email;
} else {
$result['access_granted'] = false;
$result['error'] = "Incorrect password / password check failed for [{$username}]";
}
} else {
$result['access_granted'] = false;
$result['error'] = 'Unknown username / no Wiki permission';
}
} else {
$result['access_granted'] = false;
$result['error'] = 'DB check failed';
}
}
return $result;
}
$shippers_view = checkPermissionVal('shippers_view');
$shippers_edit = checkPermissionVal('shippers_edit');
$shippers_delete = checkPermissionVal('shippers_delete');
###############################
// new group or old?
if ($_POST['groupID'] == '') {
// new group
// make sure group name is unique
if (sqlValue("select count(1) from membership_groups where name='{$name}'")) {
echo "<div class=\"alert alert-danger\">Error: Group name already exists. You must choose a unique group name.</div>";
include "{$currDir}/incFooter.php";
}
// add group
sql("insert into membership_groups set name='{$name}', description='{$description}', allowSignup='{$allowSignup}', needsApproval='{$needsApproval}'", $eo);
// get new groupID
$groupID = db_insert_id(db_link());
} else {
// old group
// validate groupID
$groupID = intval($_POST['groupID']);
if ($groupID == $anonGroupID) {
$name = $adminConfig['anonymousGroup'];
$allowSignup = 0;
$needsApproval = 0;
}
// make sure group name is unique
if (sqlValue("select count(1) from membership_groups where name='{$name}' and groupID!='{$groupID}'")) {
echo "<div class=\"alert alert-danger\">Error: Group name already exists. You must choose a unique group name.</div>";
include "{$currDir}/incFooter.php";
}
// update group
function sql($statment, &$o)
{
static $connected = false, $db_link;
// $connect would be set to true on successful connection
if (!$connected) {
/****** Connect to MySQL ******/
if (!($db_link = @db_connect(config('dbServer'), config('dbUsername'), config('dbPassword')))) {
echo "<div class=\"alert alert-danger\">Couldn't connect to MySQL at '" . config('dbServer') . "'. You might need to re-configure this application. You can do so by manually editing the config.php file, or by deleting it to run the setup wizard.</div>";
exit;
}
/****** Select DB ********/
if (!db_select_db(config('dbDatabase'), $db_link)) {
echo "<div class=\"alert alert-danger\">Couldn't connect to the database '" . config('dbDatabase') . "'.</div>";
exit;
}
$connected = true;
}
if (!($result = @db_query($statment))) {
echo "An error occured while attempting to execute:<br><pre>" . htmlspecialchars($statment) . "</pre><br>MySQL said:<br><pre>" . db_error(db_link()) . "</pre>";
exit;
}
return $result;
}
}
$valList = implode("','", $arrCSVData[$j]);
if ($valList != '' && strlen($valList) > count($arrCSVData[$j]) * 3) {
$insert .= "('" . $valList . "'),";
}
}
// update record if pk matches
if ($_POST['csvUpdateIfPKExists']) {
$insert = "replace `{$tn}` ({$fieldList}) values " . substr($insert, 0, -1);
} else {
$insert = "insert ignore into `{$tn}` ({$fieldList}) values " . substr($insert, 0, -1);
}
// execute batch
echo 'Importing batch ' . (($i - 1) / $batch + 1) . ' of ' . $numBatches . ': ';
if (!@db_query($insert)) {
echo 'ERROR: ' . db_error(db_link()) . "\n";
} else {
echo "Ok\n";
}
if (!($i % ($batch * 5))) {
flush();
}
}
echo "</textarea>";
} else {
/* no more records in csv file */
$numRows = 0;
}
if ($numRows < MAXROWS) {
/* reached end of data */
// remove uploaded csv file
function employees_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('employees');
if (!$arrPerm[1]) {
return false;
}
$data['TitleOfCourtesy'] = makeSafe($_POST['TitleOfCourtesy']);
if ($data['TitleOfCourtesy'] == empty_lookup_value) {
$data['TitleOfCourtesy'] = '';
}
$data['LastName'] = makeSafe($_POST['LastName']);
if ($data['LastName'] == empty_lookup_value) {
$data['LastName'] = '';
}
$data['FirstName'] = makeSafe($_POST['FirstName']);
if ($data['FirstName'] == empty_lookup_value) {
$data['FirstName'] = '';
}
$data['Title'] = makeSafe($_POST['Title']);
if ($data['Title'] == empty_lookup_value) {
$data['Title'] = '';
}
$data['BirthDate'] = intval($_POST['BirthDateYear']) . '-' . intval($_POST['BirthDateMonth']) . '-' . intval($_POST['BirthDateDay']);
$data['BirthDate'] = parseMySQLDate($data['BirthDate'], '');
$data['HireDate'] = intval($_POST['HireDateYear']) . '-' . intval($_POST['HireDateMonth']) . '-' . intval($_POST['HireDateDay']);
$data['HireDate'] = parseMySQLDate($data['HireDate'], '1');
$data['Address'] = br2nl(makeSafe($_POST['Address']));
$data['City'] = makeSafe($_POST['City']);
if ($data['City'] == empty_lookup_value) {
$data['City'] = '';
}
$data['Region'] = makeSafe($_POST['Region']);
if ($data['Region'] == empty_lookup_value) {
$data['Region'] = '';
}
$data['PostalCode'] = makeSafe($_POST['PostalCode']);
if ($data['PostalCode'] == empty_lookup_value) {
$data['PostalCode'] = '';
}
$data['Country'] = makeSafe($_POST['Country']);
if ($data['Country'] == empty_lookup_value) {
$data['Country'] = '';
}
$data['HomePhone'] = makeSafe($_POST['HomePhone']);
if ($data['HomePhone'] == empty_lookup_value) {
$data['HomePhone'] = '';
}
$data['Extension'] = makeSafe($_POST['Extension']);
if ($data['Extension'] == empty_lookup_value) {
$data['Extension'] = '';
}
$data['Notes'] = makeSafe($_POST['Notes']);
if ($data['Notes'] == empty_lookup_value) {
$data['Notes'] = '';
}
$data['ReportsTo'] = makeSafe($_POST['ReportsTo']);
if ($data['ReportsTo'] == empty_lookup_value) {
$data['ReportsTo'] = '';
}
$data['Photo'] = PrepareUploadedFile('Photo', 153600, 'jpg|jpeg|gif|png', false, '');
if ($data['Photo']) {
createThumbnail($data['Photo'], getThumbnailSpecs('employees', 'Photo', 'tv'));
}
/* for empty upload fields, when saving a copy of an existing record, copy the original upload field */
if ($_REQUEST['SelectedID']) {
$res = sql("select * from employees where EmployeeID='" . makeSafe($_REQUEST['SelectedID']) . "'");
if ($row = db_fetch_assoc($res)) {
if (!$data['Photo']) {
$data['Photo'] = makeSafe($row['Photo']);
}
}
}
// hook: employees_before_insert
if (function_exists('employees_before_insert')) {
$args = array();
if (!employees_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `employees` set `TitleOfCourtesy`=' . ($data['TitleOfCourtesy'] !== '' && $data['TitleOfCourtesy'] !== NULL ? "'{$data['TitleOfCourtesy']}'" : 'NULL') . ', ' . ($data['Photo'] != '' ? "`Photo`='{$data['Photo']}'" : '`Photo`=NULL') . ', `LastName`=' . ($data['LastName'] !== '' && $data['LastName'] !== NULL ? "'{$data['LastName']}'" : 'NULL') . ', `FirstName`=' . ($data['FirstName'] !== '' && $data['FirstName'] !== NULL ? "'{$data['FirstName']}'" : 'NULL') . ', `Title`=' . ($data['Title'] !== '' && $data['Title'] !== NULL ? "'{$data['Title']}'" : 'NULL') . ', `BirthDate`=' . ($data['BirthDate'] !== '' && $data['BirthDate'] !== NULL ? "'{$data['BirthDate']}'" : 'NULL') . ', `HireDate`=' . ($data['HireDate'] !== '' && $data['HireDate'] !== NULL ? "'{$data['HireDate']}'" : 'NULL') . ', `Address`=' . ($data['Address'] !== '' && $data['Address'] !== NULL ? "'{$data['Address']}'" : 'NULL') . ', `City`=' . ($data['City'] !== '' && $data['City'] !== NULL ? "'{$data['City']}'" : 'NULL') . ', `Region`=' . ($data['Region'] !== '' && $data['Region'] !== NULL ? "'{$data['Region']}'" : 'NULL') . ', `PostalCode`=' . ($data['PostalCode'] !== '' && $data['PostalCode'] !== NULL ? "'{$data['PostalCode']}'" : 'NULL') . ', `Country`=' . ($data['Country'] !== '' && $data['Country'] !== NULL ? "'{$data['Country']}'" : 'NULL') . ', `HomePhone`=' . ($data['HomePhone'] !== '' && $data['HomePhone'] !== NULL ? "'{$data['HomePhone']}'" : 'NULL') . ', `Extension`=' . ($data['Extension'] !== '' && $data['Extension'] !== NULL ? "'{$data['Extension']}'" : 'NULL') . ', `Notes`=' . ($data['Notes'] !== '' && $data['Notes'] !== NULL ? "'{$data['Notes']}'" : 'NULL') . ', `ReportsTo`=' . ($data['ReportsTo'] !== '' && $data['ReportsTo'] !== NULL ? "'{$data['ReportsTo']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"employees_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: employees_after_insert
if (function_exists('employees_after_insert')) {
$res = sql("select * from `employees` where `EmployeeID`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!employees_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='employees', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
if ($valList != '' && strlen($valList) > count($arrCSVData[$j]) * 3) {
$insert .= "('" . $valList . "'),";
}
}
// update record if pk matches
if ($_POST['csvUpdateIfPKExists']) {
$insert = "replace `{$tn}` ({$fieldList}) values " . substr($insert, 0, -1);
} else {
$insert = "insert ignore into `{$tn}` ({$fieldList}) values " . substr($insert, 0, -1);
}
// execute batch
$originalValues = array('<BATCH>', '<BATCHNUM>');
$replaceValues = array(($i - 1) / $batch + 1, $numBatches);
echo str_replace($originalValues, $replaceValues, $Translation['importing batch']);
if (!@db_query($insert)) {
echo "{$Translation['error']}: " . db_error(db_link()) . "\n";
} else {
echo $Translation['ok'] . "\n";
}
if (!($i % ($batch * 5))) {
flush();
}
}
echo "</textarea>";
} else {
/* no more records in csv file */
$numRows = 0;
}
if ($numRows < MAXROWS) {
/* reached end of data */
// remove uploaded csv file
function properties_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('properties');
if (!$arrPerm[1]) {
return false;
}
$data['property_name'] = makeSafe($_POST['property_name']);
if ($data['property_name'] == empty_lookup_value) {
$data['property_name'] = '';
}
$data['type'] = makeSafe($_POST['type']);
if ($data['type'] == empty_lookup_value) {
$data['type'] = '';
}
$data['number_of_units'] = makeSafe($_POST['number_of_units']);
if ($data['number_of_units'] == empty_lookup_value) {
$data['number_of_units'] = '';
}
$data['owner'] = makeSafe($_POST['owner']);
if ($data['owner'] == empty_lookup_value) {
$data['owner'] = '';
}
$data['operating_account'] = makeSafe($_POST['operating_account']);
if ($data['operating_account'] == empty_lookup_value) {
$data['operating_account'] = '';
}
$data['property_reserve'] = makeSafe($_POST['property_reserve']);
if ($data['property_reserve'] == empty_lookup_value) {
$data['property_reserve'] = '';
}
$data['lease_term'] = makeSafe($_POST['lease_term']);
if ($data['lease_term'] == empty_lookup_value) {
$data['lease_term'] = '';
}
$data['country'] = makeSafe($_POST['country']);
if ($data['country'] == empty_lookup_value) {
$data['country'] = '';
}
$data['street'] = makeSafe($_POST['street']);
if ($data['street'] == empty_lookup_value) {
$data['street'] = '';
}
$data['City'] = makeSafe($_POST['City']);
if ($data['City'] == empty_lookup_value) {
$data['City'] = '';
}
$data['State'] = makeSafe($_POST['State']);
if ($data['State'] == empty_lookup_value) {
$data['State'] = '';
}
$data['ZIP'] = makeSafe($_POST['ZIP']);
if ($data['ZIP'] == empty_lookup_value) {
$data['ZIP'] = '';
}
$data['photo'] = PrepareUploadedFile('photo', 1024000, 'jpg|jpeg|gif|png', false, '');
if ($data['photo']) {
createThumbnail($data['photo'], getThumbnailSpecs('properties', 'photo', 'tv'));
}
if ($data['photo']) {
createThumbnail($data['photo'], getThumbnailSpecs('properties', 'photo', 'dv'));
}
if ($data['property_name'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Property Name': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
if ($data['type'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Type': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
// hook: properties_before_insert
if (function_exists('properties_before_insert')) {
$args = array();
if (!properties_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `properties` set `property_name`=' . ($data['property_name'] !== '' && $data['property_name'] !== NULL ? "'{$data['property_name']}'" : 'NULL') . ', `type`=' . ($data['type'] !== '' && $data['type'] !== NULL ? "'{$data['type']}'" : 'NULL') . ', `number_of_units`=' . ($data['number_of_units'] !== '' && $data['number_of_units'] !== NULL ? "'{$data['number_of_units']}'" : 'NULL') . ', ' . ($data['photo'] != '' ? "`photo`='{$data['photo']}'" : ($_POST['photo_remove'] != 1 ? '`photo`=`photo`' : '`photo`=NULL')) . ', `owner`=' . ($data['owner'] !== '' && $data['owner'] !== NULL ? "'{$data['owner']}'" : 'NULL') . ', `country`=' . ($data['country'] !== '' && $data['country'] !== NULL ? "'{$data['country']}'" : 'NULL') . ', `street`=' . ($data['street'] !== '' && $data['street'] !== NULL ? "'{$data['street']}'" : 'NULL') . ', `City`=' . ($data['City'] !== '' && $data['City'] !== NULL ? "'{$data['City']}'" : 'NULL') . ', `State`=' . ($data['State'] !== '' && $data['State'] !== NULL ? "'{$data['State']}'" : 'NULL') . ', `ZIP`=' . ($data['ZIP'] !== '' && $data['ZIP'] !== NULL ? "'{$data['ZIP']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"properties_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: properties_after_insert
if (function_exists('properties_after_insert')) {
$res = sql("select * from `properties` where `id`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!properties_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='properties', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
<?php
ob_start();
?>
<center>
<?php
$currDir = dirname(__FILE__);
include "{$currDir}/defaultLang.php";
include "{$currDir}/language.php";
include "{$currDir}/lib.php";
$memberID = db_escape(strtolower($_GET['memberID']), db_link());
if ($memberID != '') {
$res = sql("select memberID from membership_users where lcase(memberID)='{$memberID}'", $eo);
if ($row = db_fetch_row($res)) {
echo "<b>" . str_replace("<MemberID>", $memberID, $Translation['user already exists']) . "</b><!-- NOT AVAILABLE -->";
} else {
echo "<b>" . str_replace("<MemberID>", $memberID, $Translation['user available']) . "</b><!-- AVAILABLE -->";
}
} else {
echo $Translation['empty user'];
}
?>
<br><br><input type="button" value="Close" onClick="window.close();">
</center>
function units_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('units');
if (!$arrPerm[1]) {
return false;
}
$data['property'] = makeSafe($_POST['property']);
if ($data['property'] == empty_lookup_value) {
$data['property'] = '';
}
$data['unit_number'] = makeSafe($_POST['unit_number']);
if ($data['unit_number'] == empty_lookup_value) {
$data['unit_number'] = '';
}
$data['status'] = makeSafe($_POST['status']);
if ($data['status'] == empty_lookup_value) {
$data['status'] = '';
}
$data['size'] = makeSafe($_POST['size']);
if ($data['size'] == empty_lookup_value) {
$data['size'] = '';
}
$data['country'] = makeSafe($_POST['property']);
if ($data['country'] == empty_lookup_value) {
$data['country'] = '';
}
$data['street'] = makeSafe($_POST['property']);
if ($data['street'] == empty_lookup_value) {
$data['street'] = '';
}
$data['city'] = makeSafe($_POST['property']);
if ($data['city'] == empty_lookup_value) {
$data['city'] = '';
}
$data['state'] = makeSafe($_POST['property']);
if ($data['state'] == empty_lookup_value) {
$data['state'] = '';
}
$data['postal_code'] = makeSafe($_POST['property']);
if ($data['postal_code'] == empty_lookup_value) {
$data['postal_code'] = '';
}
$data['rooms'] = makeSafe($_POST['rooms']);
if ($data['rooms'] == empty_lookup_value) {
$data['rooms'] = '';
}
$data['bathroom'] = makeSafe($_POST['bathroom']);
if ($data['bathroom'] == empty_lookup_value) {
$data['bathroom'] = '';
}
if (is_array($_POST['features'])) {
$MultipleSeparator = ', ';
foreach ($_POST['features'] as $k => $v) {
$data['features'] .= makeSafe($v) . $MultipleSeparator;
}
$data['features'] = substr($data['features'], 0, -1 * strlen($MultipleSeparator));
} else {
$data['features'] = '';
}
$data['market_rent'] = makeSafe($_POST['market_rent']);
if ($data['market_rent'] == empty_lookup_value) {
$data['market_rent'] = '';
}
$data['rental_amount'] = makeSafe($_POST['rental_amount']);
if ($data['rental_amount'] == empty_lookup_value) {
$data['rental_amount'] = '';
}
$data['deposit_amount'] = makeSafe($_POST['deposit_amount']);
if ($data['deposit_amount'] == empty_lookup_value) {
$data['deposit_amount'] = '';
}
$data['description'] = makeSafe($_POST['description']);
if ($data['description'] == empty_lookup_value) {
$data['description'] = '';
}
$data['photo'] = PrepareUploadedFile('photo', 1024000, 'jpg|jpeg|gif|png', false, '');
if ($data['photo']) {
createThumbnail($data['photo'], getThumbnailSpecs('units', 'photo', 'tv'));
}
if ($data['photo']) {
createThumbnail($data['photo'], getThumbnailSpecs('units', 'photo', 'dv'));
}
if ($data['status'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Status': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
// hook: units_before_insert
if (function_exists('units_before_insert')) {
$args = array();
if (!units_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `units` set `property`=' . ($data['property'] !== '' && $data['property'] !== NULL ? "'{$data['property']}'" : 'NULL') . ', `unit_number`=' . ($data['unit_number'] !== '' && $data['unit_number'] !== NULL ? "'{$data['unit_number']}'" : 'NULL') . ', ' . ($data['photo'] != '' ? "`photo`='{$data['photo']}'" : ($_POST['photo_remove'] != 1 ? '`photo`=`photo`' : '`photo`=NULL')) . ', `status`=' . ($data['status'] !== '' && $data['status'] !== NULL ? "'{$data['status']}'" : 'NULL') . ', `size`=' . ($data['size'] !== '' && $data['size'] !== NULL ? "'{$data['size']}'" : 'NULL') . ', `country`=' . ($data['country'] !== '' && $data['country'] !== NULL ? "'{$data['country']}'" : 'NULL') . ', `street`=' . ($data['street'] !== '' && $data['street'] !== NULL ? "'{$data['street']}'" : 'NULL') . ', `city`=' . ($data['city'] !== '' && $data['city'] !== NULL ? "'{$data['city']}'" : 'NULL') . ', `state`=' . ($data['state'] !== '' && $data['state'] !== NULL ? "'{$data['state']}'" : 'NULL') . ', `postal_code`=' . ($data['postal_code'] !== '' && $data['postal_code'] !== NULL ? "'{$data['postal_code']}'" : 'NULL') . ', `rooms`=' . ($data['rooms'] !== '' && $data['rooms'] !== NULL ? "'{$data['rooms']}'" : 'NULL') . ', `bathroom`=' . ($data['bathroom'] !== '' && $data['bathroom'] !== NULL ? "'{$data['bathroom']}'" : 'NULL') . ', `features`=' . ($data['features'] !== '' && $data['features'] !== NULL ? "'{$data['features']}'" : 'NULL') . ', `rental_amount`=' . ($data['rental_amount'] !== '' && $data['rental_amount'] !== NULL ? "'{$data['rental_amount']}'" : 'NULL') . ', `description`=' . ($data['description'] !== '' && $data['description'] !== NULL ? "'{$data['description']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"units_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: units_after_insert
if (function_exists('units_after_insert')) {
$res = sql("select * from `units` where `id`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!units_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='units', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function applicants_and_tenants_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('applicants_and_tenants');
if (!$arrPerm[1]) {
return false;
}
$data['last_name'] = makeSafe($_POST['last_name']);
if ($data['last_name'] == empty_lookup_value) {
$data['last_name'] = '';
}
$data['first_name'] = makeSafe($_POST['first_name']);
if ($data['first_name'] == empty_lookup_value) {
$data['first_name'] = '';
}
$data['email'] = makeSafe($_POST['email']);
if ($data['email'] == empty_lookup_value) {
$data['email'] = '';
}
$data['phone'] = makeSafe($_POST['phone']);
if ($data['phone'] == empty_lookup_value) {
$data['phone'] = '';
}
$data['birth_date'] = intval($_POST['birth_dateYear']) . '-' . intval($_POST['birth_dateMonth']) . '-' . intval($_POST['birth_dateDay']);
$data['birth_date'] = parseMySQLDate($data['birth_date'], '');
$data['driver_license_number'] = makeSafe($_POST['driver_license_number']);
if ($data['driver_license_number'] == empty_lookup_value) {
$data['driver_license_number'] = '';
}
$data['driver_license_state'] = makeSafe($_POST['driver_license_state']);
if ($data['driver_license_state'] == empty_lookup_value) {
$data['driver_license_state'] = '';
}
$data['requested_lease_term'] = makeSafe($_POST['requested_lease_term']);
if ($data['requested_lease_term'] == empty_lookup_value) {
$data['requested_lease_term'] = '';
}
$data['monthly_gross_pay'] = makeSafe($_POST['monthly_gross_pay']);
if ($data['monthly_gross_pay'] == empty_lookup_value) {
$data['monthly_gross_pay'] = '';
}
$data['additional_income'] = makeSafe($_POST['additional_income']);
if ($data['additional_income'] == empty_lookup_value) {
$data['additional_income'] = '';
}
$data['assets'] = makeSafe($_POST['assets']);
if ($data['assets'] == empty_lookup_value) {
$data['assets'] = '';
}
$data['status'] = makeSafe($_POST['status']);
if ($data['status'] == empty_lookup_value) {
$data['status'] = '';
}
$data['notes'] = makeSafe($_POST['notes']);
if ($data['notes'] == empty_lookup_value) {
$data['notes'] = '';
}
if ($data['status'] == '') {
$data['status'] = "Applicant";
}
if ($data['status'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Status': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
// hook: applicants_and_tenants_before_insert
if (function_exists('applicants_and_tenants_before_insert')) {
$args = array();
if (!applicants_and_tenants_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `applicants_and_tenants` set `last_name`=' . ($data['last_name'] !== '' && $data['last_name'] !== NULL ? "'{$data['last_name']}'" : 'NULL') . ', `first_name`=' . ($data['first_name'] !== '' && $data['first_name'] !== NULL ? "'{$data['first_name']}'" : 'NULL') . ', `email`=' . ($data['email'] !== '' && $data['email'] !== NULL ? "'{$data['email']}'" : 'NULL') . ', `phone`=' . ($data['phone'] !== '' && $data['phone'] !== NULL ? "'{$data['phone']}'" : 'NULL') . ', `birth_date`=' . ($data['birth_date'] !== '' && $data['birth_date'] !== NULL ? "'{$data['birth_date']}'" : 'NULL') . ', `driver_license_number`=' . ($data['driver_license_number'] !== '' && $data['driver_license_number'] !== NULL ? "'{$data['driver_license_number']}'" : 'NULL') . ', `monthly_gross_pay`=' . ($data['monthly_gross_pay'] !== '' && $data['monthly_gross_pay'] !== NULL ? "'{$data['monthly_gross_pay']}'" : 'NULL') . ', `additional_income`=' . ($data['additional_income'] !== '' && $data['additional_income'] !== NULL ? "'{$data['additional_income']}'" : 'NULL') . ', `assets`=' . ($data['assets'] !== '' && $data['assets'] !== NULL ? "'{$data['assets']}'" : 'NULL') . ', `status`=' . ($data['status'] !== '' && $data['status'] !== NULL ? "'{$data['status']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"applicants_and_tenants_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: applicants_and_tenants_after_insert
if (function_exists('applicants_and_tenants_after_insert')) {
$res = sql("select * from `applicants_and_tenants` where `id`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!applicants_and_tenants_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='applicants_and_tenants', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function orders_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('orders');
if (!$arrPerm[1]) {
return false;
}
$data['CustomerID'] = makeSafe($_POST['CustomerID']);
if ($data['CustomerID'] == empty_lookup_value) {
$data['CustomerID'] = '';
}
$data['EmployeeID'] = makeSafe($_POST['EmployeeID']);
if ($data['EmployeeID'] == empty_lookup_value) {
$data['EmployeeID'] = '';
}
$data['OrderDate'] = intval($_POST['OrderDateYear']) . '-' . intval($_POST['OrderDateMonth']) . '-' . intval($_POST['OrderDateDay']);
$data['OrderDate'] = parseMySQLDate($data['OrderDate'], '1');
$data['RequiredDate'] = intval($_POST['RequiredDateYear']) . '-' . intval($_POST['RequiredDateMonth']) . '-' . intval($_POST['RequiredDateDay']);
$data['RequiredDate'] = parseMySQLDate($data['RequiredDate'], '1');
$data['ShippedDate'] = intval($_POST['ShippedDateYear']) . '-' . intval($_POST['ShippedDateMonth']) . '-' . intval($_POST['ShippedDateDay']);
$data['ShippedDate'] = parseMySQLDate($data['ShippedDate'], '');
$data['ShipVia'] = makeSafe($_POST['ShipVia']);
if ($data['ShipVia'] == empty_lookup_value) {
$data['ShipVia'] = '';
}
$data['Freight'] = makeSafe($_POST['Freight']);
if ($data['Freight'] == empty_lookup_value) {
$data['Freight'] = '';
}
$data['ShipName'] = makeSafe($_POST['CustomerID']);
if ($data['ShipName'] == empty_lookup_value) {
$data['ShipName'] = '';
}
$data['ShipAddress'] = makeSafe($_POST['CustomerID']);
if ($data['ShipAddress'] == empty_lookup_value) {
$data['ShipAddress'] = '';
}
$data['ShipCity'] = makeSafe($_POST['CustomerID']);
if ($data['ShipCity'] == empty_lookup_value) {
$data['ShipCity'] = '';
}
$data['ShipRegion'] = makeSafe($_POST['CustomerID']);
if ($data['ShipRegion'] == empty_lookup_value) {
$data['ShipRegion'] = '';
}
$data['ShipPostalCode'] = makeSafe($_POST['CustomerID']);
if ($data['ShipPostalCode'] == empty_lookup_value) {
$data['ShipPostalCode'] = '';
}
$data['ShipCountry'] = makeSafe($_POST['CustomerID']);
if ($data['ShipCountry'] == empty_lookup_value) {
$data['ShipCountry'] = '';
}
if ($data['Freight'] == '') {
$data['Freight'] = "0";
}
// hook: orders_before_insert
if (function_exists('orders_before_insert')) {
$args = array();
if (!orders_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `orders` set `CustomerID`=' . ($data['CustomerID'] !== '' && $data['CustomerID'] !== NULL ? "'{$data['CustomerID']}'" : 'NULL') . ', `EmployeeID`=' . ($data['EmployeeID'] !== '' && $data['EmployeeID'] !== NULL ? "'{$data['EmployeeID']}'" : 'NULL') . ', `OrderDate`=' . ($data['OrderDate'] !== '' && $data['OrderDate'] !== NULL ? "'{$data['OrderDate']}'" : 'NULL') . ', `RequiredDate`=' . ($data['RequiredDate'] !== '' && $data['RequiredDate'] !== NULL ? "'{$data['RequiredDate']}'" : 'NULL') . ', `ShippedDate`=' . ($data['ShippedDate'] !== '' && $data['ShippedDate'] !== NULL ? "'{$data['ShippedDate']}'" : 'NULL') . ', `ShipVia`=' . ($data['ShipVia'] !== '' && $data['ShipVia'] !== NULL ? "'{$data['ShipVia']}'" : 'NULL') . ', `Freight`=' . ($data['Freight'] !== '' && $data['Freight'] !== NULL ? "'{$data['Freight']}'" : 'NULL') . ', `ShipName`=' . ($data['ShipName'] !== '' && $data['ShipName'] !== NULL ? "'{$data['ShipName']}'" : 'NULL') . ', `ShipAddress`=' . ($data['ShipAddress'] !== '' && $data['ShipAddress'] !== NULL ? "'{$data['ShipAddress']}'" : 'NULL') . ', `ShipCity`=' . ($data['ShipCity'] !== '' && $data['ShipCity'] !== NULL ? "'{$data['ShipCity']}'" : 'NULL') . ', `ShipRegion`=' . ($data['ShipRegion'] !== '' && $data['ShipRegion'] !== NULL ? "'{$data['ShipRegion']}'" : 'NULL') . ', `ShipPostalCode`=' . ($data['ShipPostalCode'] !== '' && $data['ShipPostalCode'] !== NULL ? "'{$data['ShipPostalCode']}'" : 'NULL') . ', `ShipCountry`=' . ($data['ShipCountry'] !== '' && $data['ShipCountry'] !== NULL ? "'{$data['ShipCountry']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"orders_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: orders_after_insert
if (function_exists('orders_after_insert')) {
$res = sql("select * from `orders` where `OrderID`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!orders_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='orders', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function trans_mrs2016_insert()
{
global $Translation;
// mm: can member insert record?
$arrPerm = getTablePermissions('trans_mrs2016');
if (!$arrPerm[1]) {
return false;
}
$data['firstname'] = makeSafe($_REQUEST['firstname']);
if ($data['firstname'] == empty_lookup_value) {
$data['firstname'] = '';
}
$data['lastname'] = makeSafe($_REQUEST['lastname']);
if ($data['lastname'] == empty_lookup_value) {
$data['lastname'] = '';
}
$data['email'] = makeSafe($_REQUEST['email']);
if ($data['email'] == empty_lookup_value) {
$data['email'] = '';
}
$data['phone'] = makeSafe($_REQUEST['phone']);
if ($data['phone'] == empty_lookup_value) {
$data['phone'] = '';
}
$data['quantity'] = makeSafe($_REQUEST['quantity']);
if ($data['quantity'] == empty_lookup_value) {
$data['quantity'] = '';
}
$data['amount'] = makeSafe($_REQUEST['amount']);
if ($data['amount'] == empty_lookup_value) {
$data['amount'] = '';
}
$data['mailinglist'] = makeSafe($_REQUEST['mailinglist']);
if ($data['mailinglist'] == empty_lookup_value) {
$data['mailinglist'] = '';
}
$data['remarks'] = br2nl(makeSafe($_REQUEST['remarks']));
$data['transactiondate'] = parseCode('<%%creationDate%%>', true, true);
$data['seller'] = parseCode('<%%creatorUsername%%>', true);
$data['editingdate'] = parseMySQLDate('', '<%%editingDate%%>');
// hook: trans_mrs2016_before_insert
if (function_exists('trans_mrs2016_before_insert')) {
$args = array();
if (!trans_mrs2016_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `trans_mrs2016` set `firstname`=' . ($data['firstname'] !== '' && $data['firstname'] !== NULL ? "'{$data['firstname']}'" : 'NULL') . ', `lastname`=' . ($data['lastname'] !== '' && $data['lastname'] !== NULL ? "'{$data['lastname']}'" : 'NULL') . ', `email`=' . ($data['email'] !== '' && $data['email'] !== NULL ? "'{$data['email']}'" : 'NULL') . ', `phone`=' . ($data['phone'] !== '' && $data['phone'] !== NULL ? "'{$data['phone']}'" : 'NULL') . ', `quantity`=' . ($data['quantity'] !== '' && $data['quantity'] !== NULL ? "'{$data['quantity']}'" : 'NULL') . ', `amount`=' . ($data['amount'] !== '' && $data['amount'] !== NULL ? "'{$data['amount']}'" : 'NULL') . ', `mailinglist`=' . ($data['mailinglist'] !== '' && $data['mailinglist'] !== NULL ? "'{$data['mailinglist']}'" : 'NULL') . ', `remarks`=' . ($data['remarks'] !== '' && $data['remarks'] !== NULL ? "'{$data['remarks']}'" : 'NULL') . ', `transactiondate`=' . "'{$data['transactiondate']}'" . ', `seller`=' . "'{$data['seller']}'" . ', `editingdate`=' . ($data['editingdate'] != '' ? "'{$data['editingdate']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"trans_mrs2016_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: trans_mrs2016_after_insert
if (function_exists('trans_mrs2016_after_insert')) {
$res = sql("select * from `trans_mrs2016` where `transaction_id`='" . makeSafe($recID, false) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID, false);
$args = array();
if (!trans_mrs2016_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert ignore into membership_userrecords set tableName='trans_mrs2016', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function categories_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('categories');
if (!$arrPerm[1]) {
return false;
}
$data['CategoryName'] = makeSafe($_POST['CategoryName']);
if ($data['CategoryName'] == empty_lookup_value) {
$data['CategoryName'] = '';
}
$data['Description'] = makeSafe($_POST['Description']);
if ($data['Description'] == empty_lookup_value) {
$data['Description'] = '';
}
$data['Picture'] = PrepareUploadedFile('Picture', 204800, 'jpg|jpeg|gif|png', false, '');
if ($data['Picture']) {
createThumbnail($data['Picture'], getThumbnailSpecs('categories', 'Picture', 'tv'));
}
if ($data['Picture']) {
createThumbnail($data['Picture'], getThumbnailSpecs('categories', 'Picture', 'dv'));
}
/* for empty upload fields, when saving a copy of an existing record, copy the original upload field */
if ($_REQUEST['SelectedID']) {
$res = sql("select * from categories where CategoryID='" . makeSafe($_REQUEST['SelectedID']) . "'");
if ($row = db_fetch_assoc($res)) {
if (!$data['Picture']) {
$data['Picture'] = makeSafe($row['Picture']);
}
}
}
// hook: categories_before_insert
if (function_exists('categories_before_insert')) {
$args = array();
if (!categories_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `categories` set ' . ($data['Picture'] != '' ? "`Picture`='{$data['Picture']}'" : '`Picture`=NULL') . ', `CategoryName`=' . ($data['CategoryName'] !== '' && $data['CategoryName'] !== NULL ? "'{$data['CategoryName']}'" : 'NULL') . ', `Description`=' . ($data['Description'] !== '' && $data['Description'] !== NULL ? "'{$data['Description']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"categories_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: categories_after_insert
if (function_exists('categories_after_insert')) {
$res = sql("select * from `categories` where `CategoryID`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!categories_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='categories', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function submitlog_insert()
{
global $Translation;
// mm: can member insert record?
$arrPerm = getTablePermissions('submitlog');
if (!$arrPerm[1]) {
return false;
}
$data['cstatus'] = makeSafe($_REQUEST['cstatus']);
if ($data['cstatus'] == empty_lookup_value) {
$data['cstatus'] = '';
}
$data['logtime'] = makeSafe($_REQUEST['logtime']);
if ($data['logtime'] == empty_lookup_value) {
$data['logtime'] = '';
}
$data['ipaddr'] = makeSafe($_REQUEST['ipaddr']);
if ($data['ipaddr'] == empty_lookup_value) {
$data['ipaddr'] = '';
}
$data['company'] = makeSafe($_REQUEST['company']);
if ($data['company'] == empty_lookup_value) {
$data['company'] = '';
}
$data['country'] = makeSafe($_REQUEST['country']);
if ($data['country'] == empty_lookup_value) {
$data['country'] = '';
}
$data['website'] = makeSafe($_REQUEST['website']);
if ($data['website'] == empty_lookup_value) {
$data['website'] = '';
}
$data['contactname'] = makeSafe($_REQUEST['contactname']);
if ($data['contactname'] == empty_lookup_value) {
$data['contactname'] = '';
}
$data['email'] = makeSafe($_REQUEST['email']);
if ($data['email'] == empty_lookup_value) {
$data['email'] = '';
}
$data['title'] = makeSafe($_REQUEST['title']);
if ($data['title'] == empty_lookup_value) {
$data['title'] = '';
}
$data['version'] = makeSafe($_REQUEST['version']);
if ($data['version'] == empty_lookup_value) {
$data['version'] = '';
}
$data['pdate'] = intval($_REQUEST['pdateYear']) . '-' . intval($_REQUEST['pdateMonth']) . '-' . intval($_REQUEST['pdateDay']);
$data['pdate'] = parseMySQLDate($data['pdate'], '');
$data['cost'] = makeSafe($_REQUEST['cost']);
if ($data['cost'] == empty_lookup_value) {
$data['cost'] = '';
}
$data['ptype'] = makeSafe($_REQUEST['ptype']);
if ($data['ptype'] == empty_lookup_value) {
$data['ptype'] = '';
}
$data['install'] = makeSafe($_REQUEST['install']);
if ($data['install'] == empty_lookup_value) {
$data['install'] = '';
}
$data['os'] = makeSafe($_REQUEST['os']);
if ($data['os'] == empty_lookup_value) {
$data['os'] = '';
}
$data['languages'] = makeSafe($_REQUEST['languages']);
if ($data['languages'] == empty_lookup_value) {
$data['languages'] = '';
}
$data['changeinfo'] = makeSafe($_REQUEST['changeinfo']);
if ($data['changeinfo'] == empty_lookup_value) {
$data['changeinfo'] = '';
}
$data['category'] = makeSafe($_REQUEST['category']);
if ($data['category'] == empty_lookup_value) {
$data['category'] = '';
}
$data['requirements'] = makeSafe($_REQUEST['requirements']);
if ($data['requirements'] == empty_lookup_value) {
$data['requirements'] = '';
}
$data['ksize'] = makeSafe($_REQUEST['ksize']);
if ($data['ksize'] == empty_lookup_value) {
$data['ksize'] = '';
}
$data['keywords'] = makeSafe($_REQUEST['keywords']);
if ($data['keywords'] == empty_lookup_value) {
$data['keywords'] = '';
}
$data['description'] = makeSafe($_REQUEST['description']);
if ($data['description'] == empty_lookup_value) {
$data['description'] = '';
}
$data['descrlarge'] = makeSafe($_REQUEST['descrlarge']);
if ($data['descrlarge'] == empty_lookup_value) {
$data['descrlarge'] = '';
}
$data['homepage'] = makeSafe($_REQUEST['homepage']);
if ($data['homepage'] == empty_lookup_value) {
$data['homepage'] = '';
}
$data['screenshot'] = makeSafe($_REQUEST['screenshot']);
if ($data['screenshot'] == empty_lookup_value) {
$data['screenshot'] = '';
}
$data['icon'] = makeSafe($_REQUEST['icon']);
if ($data['icon'] == empty_lookup_value) {
$data['icon'] = '';
}
$data['padfile'] = makeSafe($_REQUEST['padfile']);
if ($data['padfile'] == empty_lookup_value) {
$data['padfile'] = '';
}
$data['download'] = makeSafe($_REQUEST['download']);
if ($data['download'] == empty_lookup_value) {
$data['download'] = '';
}
$data['aspnumber'] = makeSafe($_REQUEST['aspnumber']);
if ($data['aspnumber'] == empty_lookup_value) {
$data['aspnumber'] = '';
}
$data['backlink'] = makeSafe($_REQUEST['backlink']);
if ($data['backlink'] == empty_lookup_value) {
$data['backlink'] = '';
}
$data['affiliate'] = makeSafe($_REQUEST['affiliate']);
if ($data['affiliate'] == empty_lookup_value) {
$data['affiliate'] = '';
}
$data['affiliateid'] = makeSafe($_REQUEST['affiliateid']);
if ($data['affiliateid'] == empty_lookup_value) {
$data['affiliateid'] = '';
}
// hook: submitlog_before_insert
if (function_exists('submitlog_before_insert')) {
$args = array();
if (!submitlog_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `submitlog` set `cstatus`=' . ($data['cstatus'] !== '' && $data['cstatus'] !== NULL ? "'{$data['cstatus']}'" : 'NULL') . ', `logtime`=' . ($data['logtime'] !== '' && $data['logtime'] !== NULL ? "'{$data['logtime']}'" : 'NULL') . ', `ipaddr`=' . ($data['ipaddr'] !== '' && $data['ipaddr'] !== NULL ? "'{$data['ipaddr']}'" : 'NULL') . ', `company`=' . ($data['company'] !== '' && $data['company'] !== NULL ? "'{$data['company']}'" : 'NULL') . ', `country`=' . ($data['country'] !== '' && $data['country'] !== NULL ? "'{$data['country']}'" : 'NULL') . ', `website`=' . ($data['website'] !== '' && $data['website'] !== NULL ? "'{$data['website']}'" : 'NULL') . ', `contactname`=' . ($data['contactname'] !== '' && $data['contactname'] !== NULL ? "'{$data['contactname']}'" : 'NULL') . ', `email`=' . ($data['email'] !== '' && $data['email'] !== NULL ? "'{$data['email']}'" : 'NULL') . ', `title`=' . ($data['title'] !== '' && $data['title'] !== NULL ? "'{$data['title']}'" : 'NULL') . ', `version`=' . ($data['version'] !== '' && $data['version'] !== NULL ? "'{$data['version']}'" : 'NULL') . ', `pdate`=' . ($data['pdate'] !== '' && $data['pdate'] !== NULL ? "'{$data['pdate']}'" : 'NULL') . ', `cost`=' . ($data['cost'] !== '' && $data['cost'] !== NULL ? "'{$data['cost']}'" : 'NULL') . ', `ptype`=' . ($data['ptype'] !== '' && $data['ptype'] !== NULL ? "'{$data['ptype']}'" : 'NULL') . ', `install`=' . ($data['install'] !== '' && $data['install'] !== NULL ? "'{$data['install']}'" : 'NULL') . ', `os`=' . ($data['os'] !== '' && $data['os'] !== NULL ? "'{$data['os']}'" : 'NULL') . ', `languages`=' . ($data['languages'] !== '' && $data['languages'] !== NULL ? "'{$data['languages']}'" : 'NULL') . ', `changeinfo`=' . ($data['changeinfo'] !== '' && $data['changeinfo'] !== NULL ? "'{$data['changeinfo']}'" : 'NULL') . ', `category`=' . ($data['category'] !== '' && $data['category'] !== NULL ? "'{$data['category']}'" : 'NULL') . ', `requirements`=' . ($data['requirements'] !== '' && $data['requirements'] !== NULL ? "'{$data['requirements']}'" : 'NULL') . ', `ksize`=' . ($data['ksize'] !== '' && $data['ksize'] !== NULL ? "'{$data['ksize']}'" : 'NULL') . ', `keywords`=' . ($data['keywords'] !== '' && $data['keywords'] !== NULL ? "'{$data['keywords']}'" : 'NULL') . ', `description`=' . ($data['description'] !== '' && $data['description'] !== NULL ? "'{$data['description']}'" : 'NULL') . ', `descrlarge`=' . ($data['descrlarge'] !== '' && $data['descrlarge'] !== NULL ? "'{$data['descrlarge']}'" : 'NULL') . ', `homepage`=' . ($data['homepage'] !== '' && $data['homepage'] !== NULL ? "'{$data['homepage']}'" : 'NULL') . ', `screenshot`=' . ($data['screenshot'] !== '' && $data['screenshot'] !== NULL ? "'{$data['screenshot']}'" : 'NULL') . ', `icon`=' . ($data['icon'] !== '' && $data['icon'] !== NULL ? "'{$data['icon']}'" : 'NULL') . ', `padfile`=' . ($data['padfile'] !== '' && $data['padfile'] !== NULL ? "'{$data['padfile']}'" : 'NULL') . ', `download`=' . ($data['download'] !== '' && $data['download'] !== NULL ? "'{$data['download']}'" : 'NULL') . ', `aspnumber`=' . ($data['aspnumber'] !== '' && $data['aspnumber'] !== NULL ? "'{$data['aspnumber']}'" : 'NULL') . ', `backlink`=' . ($data['backlink'] !== '' && $data['backlink'] !== NULL ? "'{$data['backlink']}'" : 'NULL') . ', `affiliate`=' . ($data['affiliate'] !== '' && $data['affiliate'] !== NULL ? "'{$data['affiliate']}'" : 'NULL') . ', `affiliateid`=' . ($data['affiliateid'] !== '' && $data['affiliateid'] !== NULL ? "'{$data['affiliateid']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"submitlog_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: submitlog_after_insert
if (function_exists('submitlog_after_insert')) {
$res = sql("select * from `submitlog` where `submid`='" . makeSafe($recID, false) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID, false);
$args = array();
if (!submitlog_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert ignore into membership_userrecords set tableName='submitlog', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<body>
<table border="2" cellspacing="2" cellpadding="2">
<tr>
<td>Position</td>
<td>Product</td>
<td>Description</td>
<td>Cost</td>
</tr>
<?php
require "../db.php";
$oInstDB = db_link();
$sSQLVDetails = "\n select \n coalesce(vr.loc_name, '') as Position, \n coalesce(p.shortdesc, '') as Product,\n coalesce(p.longdesc, '') as Description, \n coalesce(concat('£', cast((price/100) as decimal(20,2))), '') as cost\n from vmc_ref vr \n left outer join vmc_state vs on vr.vmc_ref_id = vs.vmc_ref_id \n left outer join products p on vs.product_id = p.product_id \n order by vr.loc_name";
if ($oResult = $oInstDB->query($sSQLVDetails)) {
while ($oRow = $oResult->fetch_assoc()) {
echo " <tr>\n";
echo " <td>" . $oRow['Position'] . "</td>\n";
echo " <td>" . $oRow['Product'] . "</td>\n";
echo " <td>" . $oRow['Description'] . "</td>\n";
echo " <td>" . $oRow['cost'] . "</td>\n";
echo " </tr>\n";
}
$oResult->free();
$oInstDB->close();
}
?>
$insertBegin = "insert ignore into membership_userrecords (tableName, pkValue, groupID, memberID, dateAdded, dateUpdated) values ";
$ts = time();
$assigned = 0;
$res = sql("select `{$tn}`.`{$pkf}` from `{$tn}`", $eo);
while ($row = db_fetch_row($res)) {
$pkValue = makeSafe($row[0], false);
$insert .= "('{$tn}', '{$pkValue}', '{$groupID}', " . ($memberID ? "'{$memberID}'" : "NULL") . ", {$ts}, {$ts}),";
if (strlen($insert) > 50000) {
sql($insertBegin . substr($insert, 0, -1), $eo);
$assigned += @db_affected_rows(db_link());
$insert = '';
}
}
if ($insert != '') {
sql($insertBegin . substr($insert, 0, -1), $eo);
$assigned += @db_affected_rows(db_link());
$insert = '';
}
$status .= "Assigned " . number_format($assigned) . " records of table '{$tn}' to group '" . sqlValue("select name from membership_groups where groupID='{$groupID}'") . "'" . ($memberID ? ", member '{$memberID}'" : "") . ".<br>";
}
}
// refresh the list of tables with records that have no owners
unset($arrTablesNoOwners);
foreach ($arrTables as $tn => $tc) {
$countOwned = sqlValue("select count(1) from membership_userrecords where tableName='{$tn}'");
$countAll = sqlValue("select count(1) from `{$tn}`");
if ($countAll > $countOwned) {
$arrTablesNoOwners[$tn] = $countAll - $countOwned;
}
}
}
function suppliers_insert()
{
global $Translation;
// mm: can member insert record?
$arrPerm = getTablePermissions('suppliers');
if (!$arrPerm[1]) {
return false;
}
$data['CompanyName'] = makeSafe($_REQUEST['CompanyName']);
if ($data['CompanyName'] == empty_lookup_value) {
$data['CompanyName'] = '';
}
$data['ContactName'] = makeSafe($_REQUEST['ContactName']);
if ($data['ContactName'] == empty_lookup_value) {
$data['ContactName'] = '';
}
$data['ContactTitle'] = makeSafe($_REQUEST['ContactTitle']);
if ($data['ContactTitle'] == empty_lookup_value) {
$data['ContactTitle'] = '';
}
$data['Address'] = br2nl(makeSafe($_REQUEST['Address']));
$data['City'] = makeSafe($_REQUEST['City']);
if ($data['City'] == empty_lookup_value) {
$data['City'] = '';
}
$data['Region'] = makeSafe($_REQUEST['Region']);
if ($data['Region'] == empty_lookup_value) {
$data['Region'] = '';
}
$data['PostalCode'] = makeSafe($_REQUEST['PostalCode']);
if ($data['PostalCode'] == empty_lookup_value) {
$data['PostalCode'] = '';
}
$data['Country'] = makeSafe($_REQUEST['Country']);
if ($data['Country'] == empty_lookup_value) {
$data['Country'] = '';
}
$data['Phone'] = makeSafe($_REQUEST['Phone']);
if ($data['Phone'] == empty_lookup_value) {
$data['Phone'] = '';
}
$data['Fax'] = makeSafe($_REQUEST['Fax']);
if ($data['Fax'] == empty_lookup_value) {
$data['Fax'] = '';
}
$data['HomePage'] = makeSafe($_REQUEST['HomePage']);
if ($data['HomePage'] == empty_lookup_value) {
$data['HomePage'] = '';
}
// hook: suppliers_before_insert
if (function_exists('suppliers_before_insert')) {
$args = array();
if (!suppliers_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `suppliers` set `CompanyName`=' . ($data['CompanyName'] !== '' && $data['CompanyName'] !== NULL ? "'{$data['CompanyName']}'" : 'NULL') . ', `ContactName`=' . ($data['ContactName'] !== '' && $data['ContactName'] !== NULL ? "'{$data['ContactName']}'" : 'NULL') . ', `ContactTitle`=' . ($data['ContactTitle'] !== '' && $data['ContactTitle'] !== NULL ? "'{$data['ContactTitle']}'" : 'NULL') . ', `Address`=' . ($data['Address'] !== '' && $data['Address'] !== NULL ? "'{$data['Address']}'" : 'NULL') . ', `City`=' . ($data['City'] !== '' && $data['City'] !== NULL ? "'{$data['City']}'" : 'NULL') . ', `Region`=' . ($data['Region'] !== '' && $data['Region'] !== NULL ? "'{$data['Region']}'" : 'NULL') . ', `PostalCode`=' . ($data['PostalCode'] !== '' && $data['PostalCode'] !== NULL ? "'{$data['PostalCode']}'" : 'NULL') . ', `Country`=' . ($data['Country'] !== '' && $data['Country'] !== NULL ? "'{$data['Country']}'" : 'NULL') . ', `Phone`=' . ($data['Phone'] !== '' && $data['Phone'] !== NULL ? "'{$data['Phone']}'" : 'NULL') . ', `Fax`=' . ($data['Fax'] !== '' && $data['Fax'] !== NULL ? "'{$data['Fax']}'" : 'NULL') . ', `HomePage`=' . ($data['HomePage'] !== '' && $data['HomePage'] !== NULL ? "'{$data['HomePage']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"suppliers_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: suppliers_after_insert
if (function_exists('suppliers_after_insert')) {
$res = sql("select * from `suppliers` where `SupplierID`='" . makeSafe($recID, false) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID, false);
$args = array();
if (!suppliers_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert ignore into membership_userrecords set tableName='suppliers', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
function applications_leases_insert()
{
global $Translation;
if ($_GET['insert_x'] != '') {
$_POST = $_GET;
}
// mm: can member insert record?
$arrPerm = getTablePermissions('applications_leases');
if (!$arrPerm[1]) {
return false;
}
$data['tenants'] = makeSafe($_POST['tenants']);
if ($data['tenants'] == empty_lookup_value) {
$data['tenants'] = '';
}
$data['status'] = makeSafe($_POST['status']);
if ($data['status'] == empty_lookup_value) {
$data['status'] = '';
}
$data['property'] = makeSafe($_POST['property']);
if ($data['property'] == empty_lookup_value) {
$data['property'] = '';
}
$data['unit'] = makeSafe($_POST['unit']);
if ($data['unit'] == empty_lookup_value) {
$data['unit'] = '';
}
$data['type'] = makeSafe($_POST['type']);
if ($data['type'] == empty_lookup_value) {
$data['type'] = '';
}
$data['total_number_of_occupants'] = makeSafe($_POST['total_number_of_occupants']);
if ($data['total_number_of_occupants'] == empty_lookup_value) {
$data['total_number_of_occupants'] = '';
}
$data['start_date'] = intval($_POST['start_dateYear']) . '-' . intval($_POST['start_dateMonth']) . '-' . intval($_POST['start_dateDay']);
$data['start_date'] = parseMySQLDate($data['start_date'], '1');
$data['end_date'] = intval($_POST['end_dateYear']) . '-' . intval($_POST['end_dateMonth']) . '-' . intval($_POST['end_dateDay']);
$data['end_date'] = parseMySQLDate($data['end_date'], '1');
$data['recurring_charges_frequency'] = makeSafe($_POST['recurring_charges_frequency']);
if ($data['recurring_charges_frequency'] == empty_lookup_value) {
$data['recurring_charges_frequency'] = '';
}
$data['next_due_date'] = intval($_POST['next_due_dateYear']) . '-' . intval($_POST['next_due_dateMonth']) . '-' . intval($_POST['next_due_dateDay']);
$data['next_due_date'] = parseMySQLDate($data['next_due_date'], '1');
$data['rent'] = makeSafe($_POST['rent']);
if ($data['rent'] == empty_lookup_value) {
$data['rent'] = '';
}
$data['security_deposit'] = makeSafe($_POST['security_deposit']);
if ($data['security_deposit'] == empty_lookup_value) {
$data['security_deposit'] = '';
}
$data['security_deposit_date'] = intval($_POST['security_deposit_dateYear']) . '-' . intval($_POST['security_deposit_dateMonth']) . '-' . intval($_POST['security_deposit_dateDay']);
$data['security_deposit_date'] = parseMySQLDate($data['security_deposit_date'], '');
$data['emergency_contact'] = br2nl(makeSafe($_POST['emergency_contact']));
$data['co_signer_details'] = br2nl(makeSafe($_POST['co_signer_details']));
$data['notes'] = makeSafe($_POST['notes']);
if ($data['notes'] == empty_lookup_value) {
$data['notes'] = '';
}
$data['agreement'] = makeSafe($_POST['agreement']);
if ($data['agreement'] == empty_lookup_value) {
$data['agreement'] = '';
}
if ($data['status'] == '') {
$data['status'] = "Application";
}
if ($data['status'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Application status': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
if ($data['type'] == '') {
$data['type'] = "Fixed";
}
if ($data['type'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Lease type': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
if ($data['recurring_charges_frequency'] == '') {
$data['recurring_charges_frequency'] = "Monthly";
}
if ($data['recurring_charges_frequency'] == '') {
echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Recurring charges frequency': " . $Translation['field not null'] . '<br><br>';
echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>';
exit;
}
// hook: applications_leases_before_insert
if (function_exists('applications_leases_before_insert')) {
$args = array();
if (!applications_leases_before_insert($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('insert into `applications_leases` set `tenants`=' . ($data['tenants'] !== '' && $data['tenants'] !== NULL ? "'{$data['tenants']}'" : 'NULL') . ', `status`=' . ($data['status'] !== '' && $data['status'] !== NULL ? "'{$data['status']}'" : 'NULL') . ', `property`=' . ($data['property'] !== '' && $data['property'] !== NULL ? "'{$data['property']}'" : 'NULL') . ', `unit`=' . ($data['unit'] !== '' && $data['unit'] !== NULL ? "'{$data['unit']}'" : 'NULL') . ', `type`=' . ($data['type'] !== '' && $data['type'] !== NULL ? "'{$data['type']}'" : 'NULL') . ', `total_number_of_occupants`=' . ($data['total_number_of_occupants'] !== '' && $data['total_number_of_occupants'] !== NULL ? "'{$data['total_number_of_occupants']}'" : 'NULL') . ', `start_date`=' . ($data['start_date'] !== '' && $data['start_date'] !== NULL ? "'{$data['start_date']}'" : 'NULL') . ', `end_date`=' . ($data['end_date'] !== '' && $data['end_date'] !== NULL ? "'{$data['end_date']}'" : 'NULL') . ', `recurring_charges_frequency`=' . ($data['recurring_charges_frequency'] !== '' && $data['recurring_charges_frequency'] !== NULL ? "'{$data['recurring_charges_frequency']}'" : 'NULL') . ', `next_due_date`=' . ($data['next_due_date'] !== '' && $data['next_due_date'] !== NULL ? "'{$data['next_due_date']}'" : 'NULL') . ', `rent`=' . ($data['rent'] !== '' && $data['rent'] !== NULL ? "'{$data['rent']}'" : 'NULL') . ', `security_deposit`=' . ($data['security_deposit'] !== '' && $data['security_deposit'] !== NULL ? "'{$data['security_deposit']}'" : 'NULL') . ', `security_deposit_date`=' . ($data['security_deposit_date'] !== '' && $data['security_deposit_date'] !== NULL ? "'{$data['security_deposit_date']}'" : 'NULL') . ', `emergency_contact`=' . ($data['emergency_contact'] !== '' && $data['emergency_contact'] !== NULL ? "'{$data['emergency_contact']}'" : 'NULL') . ', `co_signer_details`=' . ($data['co_signer_details'] !== '' && $data['co_signer_details'] !== NULL ? "'{$data['co_signer_details']}'" : 'NULL') . ', `notes`=' . ($data['notes'] !== '' && $data['notes'] !== NULL ? "'{$data['notes']}'" : 'NULL') . ', `agreement`=' . ($data['agreement'] !== '' && $data['agreement'] !== NULL ? "'{$data['agreement']}'" : 'NULL'), $o);
if ($o['error'] != '') {
echo $o['error'];
echo "<a href=\"applications_leases_view.php?addNew_x=1\">{$Translation['< back']}</a>";
exit;
}
$recID = db_insert_id(db_link());
// hook: applications_leases_after_insert
if (function_exists('applications_leases_after_insert')) {
$res = sql("select * from `applications_leases` where `id`='" . makeSafe($recID) . "' limit 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = makeSafe($recID);
$args = array();
if (!applications_leases_after_insert($data, getMemberInfo(), $args)) {
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}
}
// mm: save ownership data
sql("insert into membership_userrecords set tableName='applications_leases', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo);
return get_magic_quotes_gpc() ? stripslashes($recID) : $recID;
}