// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); $search_text = (string) get_parameter('search_text'); $id_company = (int) get_parameter('id_company'); // Check if current user have access to this company. if ($id_company) { $read = check_crm_acl('other', 'cr', $config['id_user'], $id_company); if (!$read) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to contact export"); include "general/noaccess.php"; exit; } } $where_clause = "WHERE tcompany_contact.id_company = tcompany.id {$where_group} " . "AND tcompany_contact.id_company " . get_filter_by_company_accessibility($config["id_user"]); if ($search_text != "") { $where_clause .= sprintf(' AND fullname LIKE "%%%s%%"', $search_text); } if ($id_company) { $where_clause .= sprintf(' AND id_company = %d', $id_company); } $sql = "SELECT tcompany_contact.fullname, tcompany.name as company_name, \ntcompany_contact.email, tcompany_contact.phone, tcompany_contact.mobile, \ntcompany_contact.position, tcompany_contact.description FROM tcompany_contact, \ntcompany {$where_clause} ORDER BY id_company, fullname"; $filename = clean_output('contacts_export') . '-' . date("YmdHi"); ob_end_clean(); // CSV Output header('Content-Disposition: attachment; filename="' . $filename . '.csv"'); header('Content-Type: text/css; charset=utf-8'); $config['mysql_result_type'] = MYSQL_ASSOC; $rows = get_db_all_rows_sql(clean_output($sql)); if ($rows === false) {
// Copyright (c) 2008-2013 Artica Soluciones Tecnologicas // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); // TODO: Implement ACL check ! $search_text = (string) get_parameter('search_text'); $search_role = (int) get_parameter("search_role"); $search_country = (string) get_parameter("search_country"); $search_manager = (string) get_parameter("search_manager"); $where_clause = " 1 = 1 AND tcompany.id " . get_filter_by_company_accessibility($config["id_user"]); if ($search_text != "") { $where_clause .= sprintf(' AND name LIKE "%%%s%%" ', $search_text); } if ($search_role != 0) { $where_clause .= sprintf(' AND id_company_role = %d', $search_role); } if ($search_country != "") { $where_clause .= sprintf(' AND country LIKE "%%s%%" ', $search_country); } if ($search_manager != "") { $where_clause .= sprintf(' AND manager = "%s" ', $search_manager); } $params = "&search_manager={$search_manager}&search_text={$search_text}&search_role={$search_role}&search_country={$search_country}"; $filename = clean_output('company_export') . '-' . date("YmdHi"); ob_end_clean();