Changeset 704
- Timestamp:
- 01/01/10 23:10:02 (2 years ago)
- Location:
- trunk/phpbms
- Files:
-
- 44 modified
-
advancedsearch.php (modified) (2 diffs)
-
choicelist.php (modified) (2 diffs)
-
dbgraphic.php (modified) (1 diff)
-
footer.php (modified) (1 diff)
-
header.php (modified) (7 diffs)
-
include/fields.php (modified) (1 diff)
-
include/imports.php (modified) (1 diff)
-
include/search_class.php (modified) (2 diffs)
-
index.php (modified) (3 diffs)
-
modules/base/adminsettings.php (modified) (2 diffs)
-
modules/base/attachments_records.php (modified) (2 diffs)
-
modules/base/include/myaccount.php (modified) (2 diffs)
-
modules/base/modules_view.php (modified) (1 diff)
-
modules/base/myaccount.php (modified) (6 diffs)
-
modules/base/notes_records.php (modified) (3 diffs)
-
modules/base/tabledefs_columns.php (modified) (1 diff)
-
modules/base/tabledefs_custom.php (modified) (1 diff)
-
modules/base/tabledefs_groupings.php (modified) (1 diff)
-
modules/base/tabledefs_options.php (modified) (1 diff)
-
modules/base/tabledefs_quicksearch.php (modified) (1 diff)
-
modules/base/tabledefs_searchfields.php (modified) (1 diff)
-
modules/bms/aritems_aging.php (modified) (1 diff)
-
modules/bms/clients_addresses.php (modified) (2 diffs)
-
modules/bms/clients_credit.php (modified) (1 diff)
-
modules/bms/clients_email.php (modified) (11 diffs)
-
modules/bms/clients_purchasehistory.php (modified) (1 diff)
-
modules/bms/invoices_addedit.php (modified) (1 diff)
-
modules/bms/invoices_discount_ajax.php (modified) (2 diffs)
-
modules/bms/invoices_statushistory.php (modified) (1 diff)
-
modules/bms/post.php (modified) (1 diff)
-
modules/bms/products_addedit.php (modified) (3 diffs)
-
modules/bms/products_prereq.php (modified) (1 diff)
-
modules/bms/products_saleshistory.php (modified) (1 diff)
-
modules/bms/receipts_addedit.php (modified) (2 diffs)
-
modules/bms/report/aritems_clientstatement.php (modified) (1 diff)
-
modules/bms/report/aritems_summary.php (modified) (1 diff)
-
modules/bms/report/clients_purchasehistory.php (modified) (1 diff)
-
modules/bms/report/incoming_cashflow.php (modified) (1 diff)
-
modules/bms/report/invoices_totals.php (modified) (1 diff)
-
modules/bms/report/lineitems_totals.php (modified) (1 diff)
-
modules/bms/report/products_saleshistory.php (modified) (1 diff)
-
modules/mailchimp/report/client_mailchimp_export.php (modified) (8 diffs)
-
modules/recurringinvoices/invoices_recurrence.php (modified) (1 diff)
-
report/general_labels.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpbms/advancedsearch.php
r702 r704 1 <?php 1 <?php 2 2 /* 3 3 $Rev$ | $LastChangedBy$ … … 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 require("include/session.php");40 39 41 function showSearch($tabledefid,$basepath,$db){ 42 //First, grab table name from id 43 $querystatement="SELECT querytable FROM tabledefs WHERE id=".$tabledefid; 44 $queryresult = $db->query($querystatement); 45 if(!$queryresult) $error = new appError(500,"Cannot retrieve Table Information"); 46 $thetabledef=$db->fetchArray($queryresult); 40 class advancedSearch{ 47 41 48 //Grab query for all columns 49 $querystatement="SELECT * FROM ".$thetabledef["querytable"]." LIMIT 1"; 50 $queryresult = $db->query($querystatement); 51 if(!$queryresult) $error = new appError(500,"Cannot retrieve Table Information"); 52 $numfields = $db->numFields($queryresult); 53 for ($i=0;$i<$numfields;$i++) $fieldlist[]=$db->fieldTable($queryresult,$i).".".$db->fieldName($queryresult,$i); 54 ?> 55 <p align="right" style="float:right"> 56 <input id="ASsearchbutton" type="button" onclick="performAdvancedSearch(this)" class="Buttons" disabled="disabled" value="search" /> 57 </p> 42 var $db; 43 var $tabledefid; 58 44 59 <p>match <select id="ASanyall" onchange="updateAS()"> 60 <option value="and" selected="selected">all</option> 61 <option value="or">any</option> 62 </select> of the following rules:</p> 63 <div id="theASCs"> 64 <div id="ASC1"> 65 <select id="ASC1field" onchange="updateAS()"> 66 <?php 67 foreach($fieldlist as $field){ 68 echo "<option value=\"".$field."\" >".$field."</option>\n";}?> 69 </select> 70 <select id="ASC1operator" onchange="updateAS()"> 71 <option value="=" selected="selected">=</option> 72 <option value="!=">!=</option> 73 <option value=">">></option> 74 <option value="<"><</option> 75 <option value=">=">>=</option> 76 <option value="<="><=</option> 77 <option value="like">like</option> 78 <option value="not like">not like</option> 79 </select> 80 <input type="text" id="ASC1text" size="30" maxlength="255" onkeyup="updateAS()" value="" /> 81 <button type="button" id="ASC1minus" class="graphicButtons buttonMinusDisabled" onclick="removeLineAS(this)"><span>-</span></button> 82 <button type="button" id="ASC1plus" class="graphicButtons buttonPlus" onclick="addlineAS()"><span>+</span></button> 83 </div> 84 </div> 85 <p> 86 sql where clause<br/> 87 <textarea id="ASSQL" style="width:99%" cols="90" rows="3" onkeyup="ASEnableSave(this)"></textarea> 88 </p><?php 89 } 45 function advancedSearch($db, $tabledefid){ 46 47 $this->db = $db; 48 $this->tabledefid = (int) $tabledefid; 49 50 }//end function 90 51 91 52 92 if(isset($_GET["cmd"])){ 93 switch($_GET["cmd"]){ 94 case "show": 95 showSearch($_GET["tid"],$_GET["base"],$db); 96 break; 97 }//end switch 98 } 53 function display(){ 54 55 $querystatement = " 56 SELECT 57 `querytable` 58 FROM 59 `tabledefs` 60 WHERE 61 id=".$this->tabledefid; 62 63 $queryresult = $this->db->query($querystatement); 64 65 $thetabledef = $this->db->fetchArray($queryresult); 66 67 //Grab query for all columns 68 $querystatement = " 69 SELECT 70 * 71 FROM 72 ".$thetabledef["querytable"]." 73 LIMIT 1"; 74 75 $queryresult = $this->db->query($querystatement); 76 77 $numfields = $this->db->numFields($queryresult); 78 79 for ($i=0;$i<$numfields;$i++) 80 $fieldlist[]=$this->db->fieldTable($queryresult,$i).".".$this->db->fieldName($queryresult,$i); 81 82 ?> 83 <p align="right" style="float:right"> 84 <input id="ASsearchbutton" type="button" onclick="performAdvancedSearch(this)" class="Buttons" disabled="disabled" value="search" /> 85 </p> 86 87 <p>match <select id="ASanyall" onchange="updateAS()"> 88 <option value="and" selected="selected">all</option> 89 <option value="or">any</option> 90 </select> of the following rules:</p> 91 <div id="theASCs"> 92 <div id="ASC1"> 93 <select id="ASC1field" onchange="updateAS()"> 94 <?php 95 foreach($fieldlist as $field){ 96 echo "<option value=\"".$field."\" >".$field."</option>\n";}?> 97 </select> 98 <select id="ASC1operator" onchange="updateAS()"> 99 <option value="=" selected="selected">=</option> 100 <option value="!=">!=</option> 101 <option value=">">></option> 102 <option value="<"><</option> 103 <option value=">=">>=</option> 104 <option value="<="><=</option> 105 <option value="like">like</option> 106 <option value="not like">not like</option> 107 </select> 108 <input type="text" id="ASC1text" size="30" maxlength="255" onkeyup="updateAS()" value="" /> 109 <button type="button" id="ASC1minus" class="graphicButtons buttonMinusDisabled" onclick="removeLineAS(this)"><span>-</span></button> 110 <button type="button" id="ASC1plus" class="graphicButtons buttonPlus" onclick="addlineAS()"><span>+</span></button> 111 </div> 112 </div> 113 <p> 114 sql where clause<br/> 115 <textarea id="ASSQL" style="width:99%" cols="90" rows="3" onkeyup="ASEnableSave(this)"></textarea> 116 </p><?php 117 118 }//end function 119 120 }//end class 121 122 123 /** 124 * PROCESSING ================================================================== 125 */ 126 require("include/session.php"); 127 128 if(!isset($_GET["cmd"]) || !isset($_GET["tid"])) 129 $error = new appError(200, "passed parameters missing"); 130 131 $as = new advancedSearch($db, $_GET["tid"]); 132 $as->display(); 99 133 ?> -
trunk/phpbms/choicelist.php
r702 r704 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 require_once("include/session.php"); 40 41 42 class choiceList{ 43 var $db; 44 45 function choiceList($db){ 46 $this->db = $db; 47 } 48 49 50 function deleteList($listname){ 51 $querystatement="DELETE FROM choices WHERE listname=\"".$listname."\" "; 52 $queryresult=$this->db->query($querystatement); 53 54 echo "ok"; 55 } 56 57 58 function addToList($listname,$value){ 59 $querystatement="INSERT INTO choices (listname,thevalue) VALUES(\"".$listname."\",\"".$value."\") "; 60 $queryresult=$this->db->query($querystatement); 61 62 echo "ok"; 63 } 64 65 66 function displayList($queryresult,$blankvalue){ 67 while($therecord=$this->db->fetchArray($queryresult)){ 68 $display=$therecord["thevalue"]; 69 $theclass=""; 70 if($therecord["thevalue"]==""){ 71 $display="<".$blankvalue.">"; 72 $theclass=" class=\"choiceListBlank\" "; 73 } 74 ?><option value="<?php echo $therecord["thevalue"]?>" <?php echo $theclass?>><?php echo $display?></option><?php 75 }//end while 76 77 } 78 79 function displayBox($listname,$blankvalue,$listid){ 80 $blankvalue = str_replace("<","",$blankvalue); 81 $blankvalue = str_replace(">","",$blankvalue); 82 83 $querystatement = "SELECT thevalue FROM choices WHERE listname=\"".$listname."\" ORDER BY thevalue;"; 84 $queryresult = $this->db->query($querystatement); 85 ?> 86 <p id="MLListP"> 87 <select id="MLlist" name="MLList" size="12" onchange="updateML(this)"> 88 <?php $this->displayList($queryresult,$blankvalue)?> 89 </select> 90 </p> 91 <p id="MLAddDelP"> 92 <input type="button" id="MLDelete" name="MLDelete" value="delete" class="Buttons" disabled onclick="delML()" /><br/> 93 <input type="button" id="MLInsert" name="MLInsert" value="insert" class="Buttons" onclick="insertML()"/> 94 </p> 95 <p id="MLAddTextP"> 96 <input name="MLaddedit" id="MLaddedit" type="text"/> 97 <input name="MLblankvalue" id="MLblankvalue" type="hidden" value="<?php echo $blankvalue?>"/> 98 </p> 99 <p id="MLAddP"> 100 <input type="button" id="MLaddeditbutton" name="MLaddeditbutton" value="add" class="Buttons" onclick="addeditML('<?php echo $blankvalue?>')" /> 101 </p> 102 <p id="MLStatus" class="small"> </p> 103 <div align="right"> 104 <input type="button" id="MLok" name="MLok" value="ok" class="Buttons" style="width:75px;" onclick="clickOK('<?php echo APP_PATH?>','<?php echo $listid?>','<?php echo $listname?>')"/> 105 <input type="button" id="MLcancel" name="MLcancel" value="cancel" class="Buttons" style="width:75px;" onclick="closeBox('<?php echo $listid?>');"/> 106 </div> 107 <?php }//end function 108 109 }//end class 110 111 112 113 114 115 116 if(!isset($_GET["cm"])) 39 40 41 class choiceList{ 42 43 var $db; 44 45 function choiceList($db){ 46 47 $this->db = $db; 48 49 }//end function init 50 51 52 function deleteList($listname){ 53 54 $deletestatement = " 55 DELETE FROM 56 `choices` 57 WHERE 58 `listname` = '".mysql_real_escape_string($listname)."' "; 59 $queryresult=$this->db->query($querystatement); 60 61 echo "ok"; 62 }//end function deleteList 63 64 65 function addToList($listname, $value){ 66 67 $insertstatement = " 68 INSERT INTO 69 `choices`( 70 `listname`, 71 `choices` 72 ) VALUES ( 73 '".mysql_real_escape_string($listname)."', 74 '".mysql_real_escape_string($value)."' 75 )"; 76 77 $this->db->query($insertstatement); 78 79 echo "ok"; 80 81 }//end function addToList 82 83 84 function displayList($queryresult, $blankvalue){ 85 86 while($therecord = $this->db->fetchArray($queryresult)){ 87 88 $display = $therecord["thevalue"]; 89 $theclass = ""; 90 91 if($therecord["thevalue"]==""){ 92 93 $display = "<".$blankvalue.">"; 94 $theclass = ' class="choiceListBlank" '; 95 96 } 97 98 ?><option value="<?php echo $therecord["thevalue"]?>" <?php echo $theclass?>><?php echo $display?></option><?php 99 100 }//end while 101 102 }//end function displayList 103 104 105 function displayBox($listname, $blankvalue, $listid){ 106 107 $blankvalue = str_replace("<","",$blankvalue); 108 $blankvalue = str_replace(">","",$blankvalue); 109 110 $querystatement = " 111 SELECT 112 thevalue 113 FROM 114 choices 115 WHERE 116 listname='".mysql_real_escape_string($listname)."' 117 ORDER BY 118 thevalue"; 119 120 $queryresult = $this->db->query($querystatement); 121 122 ?> 123 <p id="MLListP"> 124 <select id="MLlist" name="MLList" size="12" onchange="updateML(this)"> 125 <?php $this->displayList($queryresult, $blankvalue)?> 126 </select> 127 </p> 128 <p id="MLAddDelP"> 129 <input type="button" id="MLDelete" name="MLDelete" value="delete" class="Buttons" disabled onclick="delML()" /><br/> 130 <input type="button" id="MLInsert" name="MLInsert" value="insert" class="Buttons" onclick="insertML()"/> 131 </p> 132 <p id="MLAddTextP"> 133 <input name="MLaddedit" id="MLaddedit" type="text"/> 134 <input name="MLblankvalue" id="MLblankvalue" type="hidden" value="<?php echo $blankvalue?>"/> 135 </p> 136 <p id="MLAddP"> 137 <input type="button" id="MLaddeditbutton" name="MLaddeditbutton" value="add" class="Buttons" onclick="addeditML('<?php echo $blankvalue?>')" /> 138 </p> 139 <p id="MLStatus" class="small"> </p> 140 <div align="right"> 141 <input type="button" id="MLok" name="MLok" value="ok" class="Buttons" style="width:75px;" onclick="clickOK('<?php echo APP_PATH?>','<?php echo $listid?>','<?php echo $listname?>')"/> 142 <input type="button" id="MLcancel" name="MLcancel" value="cancel" class="Buttons" style="width:75px;" onclick="closeBox('<?php echo $listid?>');"/> 143 </div> 144 <?php 145 146 }//end function 147 148 }//end class 149 150 151 152 153 154 if(!isset($noOutput)){ 155 156 require_once("include/session.php"); 157 $thelist = new choiceList($db); 158 159 if(!isset($_GET["cm"])) 160 $error = new appError(200, "passed parameters not set"); 161 162 switch($_GET["cm"]){ 163 164 case "shw": 165 166 if(!isset($_GET["ln"])) 167 $_GET["ln"]="shippingmethod"; 168 169 if(!isset($_GET["bv"])) 170 $_GET["bv"]="none"; 171 172 if(!isset($_GET["lid"])) 173 $_GET["lid"]=NULL; 174 175 $thelist->displayBox($_GET["ln"],$_GET["bv"],$_GET["lid"]); 176 break; 177 178 case "del": 179 180 if(!isset($_GET["ln"])) 181 $error = new appError(200, "passed parameters not set"); 182 183 $thelist->deleteList($_GET["ln"]); 184 break; 185 186 case "add": 187 188 if(!isset($_GET["ln"]) || !isset($_GET["val"])) 189 $error = new appError(200, "passed parameters not set"); 190 191 $thelist->addToList($_GET["ln"], $_GET["val"]); 192 break; 193 194 }//endswitch 195 196 }//endif 197 198 if(!isset($_GET["cm"])) 117 199 $_GET["cm"]="shw"; 118 119 if(!isset($_GET["ln"])) 120 $_GET["ln"]="shippingmethod"; 121 122 if(!isset($_GET["bv"])) 123 $_GET["bv"]="none"; 124 200 201 202 125 203 $theList = new choiceList($db); 126 204 127 205 switch($_GET["cm"]){ 128 206 case "shw": … … 136 214 break; 137 215 } 138 216 139 217 ?> -
trunk/phpbms/dbgraphic.php
r702 r704 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 40 39 session_cache_limiter('private'); 40 require_once("include/session.php"); 41 41 42 if(!isset($_GET["t"]) or !isset($_GET["r"]) or !isset($_GET["f"]) or !isset($_GET["mf"])) die("Invalid Parameters Set"); 42 if(!isset($_GET["t"]) or !isset($_GET["r"])) 43 $error = new appError(200, "passed parameters not set"); 43 44 44 $querystatement="SELECT ".$_GET["f"].",".$_GET["mf"]." FROM ".$_GET["t"]." WHERE id=".$_GET["r"]; 45 $queryresult=$db->query($querystatement); 46 if(!$queryresult) die("bad query".$querystatement); 47 if($db->numRows($queryresult)){ 48 $therecord=$db->fetchArray($queryresult); 49 header('Content-type: '.$therecord[$_GET["mf"]]); 45 switch($_GET["t"]){ 50 46 51 echo $therecord[$_GET["f"]]; 52 } 47 case "productThumb": 48 $table = "products"; 49 $fileField = "thumbnail"; 50 $mimeField = "thumbnailmime"; 51 52 case "productPic": 53 $table = "products"; 54 $fileField = "picture"; 55 $mimeField = "picturemime"; 56 57 break; 58 59 case "file": 60 $table = "files"; 61 $fileField = "file"; 62 $mimeField = "type"; 63 break; 64 65 }//endswitch 66 67 $id = (int) $_GET["r"]; 68 69 $querystatement = " 70 SELECT 71 `".$fileField."` AS theFile, 72 `".$mimeField."` AS theMime 73 FROM 74 ".$table." 75 WHERE 76 id = ".$_GET["r"]; 77 78 $queryresult = $db->query($querystatement); 79 80 if($db->numRows($queryresult)){ 81 82 $therecord = $db->fetchArray($queryresult); 83 84 header('Content-type: '.$therecord["theMime"]); 85 86 echo $therecord["theFile"]; 87 88 }//end if 53 89 ?> -
trunk/phpbms/footer.php
r285 r704 1 <?php if($phpbms->showFooter) {?> 1 <?php 2 if(!isset($phpbms)) 3 exit(); 4 5 if($phpbms->showFooter) 6 {?> 2 7 <div id="footer"> 3 8 <p id="footerAbout"><a href="http://www.phpbms.org" target="_blank">phpBMS</a> By <a href="http://www.kreotek.com" target="_blank">Kreotek, LLC</a></p> -
trunk/phpbms/header.php
r384 r704 1 <?php 2 if(!isset($pageTitle)) $pageTitle = APPLICATION_NAME; 1 <?php 2 if(!isset($pageTitle)) 3 $pageTitle = APPLICATION_NAME; 4 5 if(!isset($phpbms)) 6 exit(); 7 3 8 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 4 9 <html xmlns="http://www.w3.org/1999/xhtml"> … … 9 14 $phpbms->cssIncludes = array_merge(array("base.css"),$phpbms->cssIncludes); 10 15 $phpbms->showCssIncludes(); 11 16 12 17 $tempjsarray[] = "common/javascript/common.js"; 13 18 $tempjsarray[] = "common/javascript/menu.js"; … … 16 21 $tempjsarray[] = "common/javascript/moo/moo.fx.js"; 17 22 $tempjsarray[] = "common/javascript/moo/moo.fx.pack.js"; 18 23 19 24 $phpbms->jsIncludes = array_merge($tempjsarray,$phpbms->jsIncludes); 20 25 $phpbms->showJsIncludes(); 21 26 22 27 if(PERSISTENT_LOGIN && isset($_SESSION["userinfo"]["id"])) 23 28 $phpbms->topJS[]="setLoginRefresh();"; 24 29 25 30 $phpbms->showExtraJs($phpbms->topJS); 26 31 27 32 if($phpbms->onload) { 28 33 ?><script language="JavaScript" type="text/javascript"> 29 connect(window,"onload",function() { 34 connect(window,"onload",function() { 30 35 <?php 31 36 foreach($phpbms->onload as $theextra) … … 38 43 </head> 39 44 <body> 40 <?php 45 <?php 41 46 42 47 if($phpbms->showMenu){ 43 48 include("include/menu_class.php"); 44 49 45 50 $topMenu = new topMenu($db); 46 51 $topMenu->display(); … … 54 59 </div> 55 60 </div> 56 </div><?php 61 </div><?php 57 62 $phpbms->bottomJS[]='var statusM=getObjectFromID("statusmessage"); 58 63 var SMAni=new fx.Combo(statusM,{opacity:false,duration:500}); … … 60 65 statusM.style.display="block"; 61 66 SMAni.toggle();'; 62 } // end if 63 67 } // end if 68 64 69 ?> 65 70 <noscript> … … 68 73 <p>phpBMS requires JavaScript to be enabled.</p> 69 74 </div> 70 </noscript><?php 71 75 </noscript><?php 76 72 77 }//end if showMenu 73 78 ?> -
trunk/phpbms/include/fields.php
r703 r704 82 82 function startForm($pageTitle){ 83 83 84 ?><form action="<?php echo str_replace("&","&",$this->action) ?>" method="<?php echo $this->method?>" name="<?php echo $this->name?>" <?php84 ?><form action="<?php echo htmlentities($this->action) ?>" method="<?php echo $this->method?>" name="<?php echo $this->name?>" <?php 85 85 if($this->onsubmit !== NULL) { ?>onsubmit="<?php echo $this->onsubmit?>" <?php } 86 86 if(isset($this->enctype)) echo ' enctype="'.$this->enctype.'" '; -
trunk/phpbms/include/imports.php
r515 r704 457 457 function startForm($pageTitle, $pageType, $numberOfRecords = 0){ 458 458 459 ?><form action="<?php echo str_replace("&","&",$this->action) ?>" method="<?php echo $this->method?>" name="<?php echo $this->name?>" onsubmit="<?php echo $this->onsubmit?>" <?php459 ?><form action="<?php echo htmlentities($this->action) ?>" method="<?php echo $this->method?>" name="<?php echo $this->name?>" onsubmit="<?php echo $this->onsubmit?>" <?php 460 460 if(isset($this->enctype)) echo ' enctype="'.$this->enctype.'" '; 461 461 if(isset($this->id)) echo ' id="'.$this->id.'" '; -
trunk/phpbms/include/search_class.php
r703 r704 304 304 if($this->numrows==RECORD_LIMIT or $this->recordoffset!=0){ 305 305 //if you max the record limit or are already offsetiing get the true count 306 306 307 307 $truecountstatement = " 308 308 SELECT … … 587 587 588 588 ?> 589 <form name="search" id="search" method="post" action="<?php echo $_SERVER["PHP_SELF"]?>?id=<?php echo $this->thetabledef["uuid"]?>" onsubmit="setSelIDs(this);return true;">589 <form name="search" id="search" method="post" action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>?id=<?php echo $this->thetabledef["uuid"]?>" onsubmit="setSelIDs(this);return true;"> 590 590 <input id="tabledefid" name="tabledefid" type="hidden" value="<?php echo $this->thetabledef["id"]?>" /> 591 591 <input id="theids" name="theids" type="hidden" value="" /> -
trunk/phpbms/index.php
r702 r704 38 38 */ 39 39 require_once("include/session.php"); 40 41 40 42 require_once("include/login_include.php"); 41 43 … … 52 54 53 55 }//endif 56 57 58 if(isset($_SESSION["userinfo"])) 59 goURL(DEFAULT_LOAD_PAGE); 54 60 55 61 $pageTitle = formatVariable(APPLICATION_NAME)." Log in"; … … 74 80 </noscript> 75 81 76 <form name="form1" method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">82 <form name="form1" method="post" action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>"> 77 83 78 84 <p> -
trunk/phpbms/modules/base/adminsettings.php
r703 r704 145 145 ?> 146 146 <div class="bodyline"> 147 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" enctype="multipart/form-data" id="record" name="record" onsubmit="return false;">147 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>" method="post" enctype="multipart/form-data" id="record" name="record" onsubmit="return false;"> 148 148 <input type="hidden" id="command" name="command" value="save"/> 149 149 … … 270 270 <div class="fauxP"> 271 271 print logo 272 <div id="graphicHolder"><img alt="logo" src="<?php echo APP_PATH?>dbgraphic.php?t=file s&f=file&mf=type&r=1" /></div>272 <div id="graphicHolder"><img alt="logo" src="<?php echo APP_PATH?>dbgraphic.php?t=file&r=1" /></div> 273 273 </div> 274 274 -
trunk/phpbms/modules/base/attachments_records.php
r703 r704 80 80 $_POST["startnum"]=1; 81 81 } elseif($_POST["desc"]!="") $displayTable->querysortorder.=" DESC"; 82 82 83 83 //record offset? 84 84 if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; … … 94 94 <h1><?php echo $pageTitle ?></h1> 95 95 <div> 96 <form name="search" id="search" action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" onsubmit="setSelIDs(this);return true;">96 <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 97 97 <input name="theids" type="hidden" value="" /> 98 98 <?php -
trunk/phpbms/modules/base/include/myaccount.php
r646 r704 1 1 <?php 2 2 3 function displayRoles($db){4 3 5 $uuid = $_SESSION["userinfo"]["uuid"]; 4 class myAccount{ 5 6 var $db; 7 var $userUUID; 8 9 function myAccount($db, $userUUID){ 10 11 $this->db = $db; 12 13 $this->userUUID = $userUUID; 14 15 }//end function init 16 17 18 function displayRoles(){ 6 19 7 20 $querystatement = " … … 12 25 `roles` INNER JOIN `rolestousers` ON `rolestousers`.`roleid`=`roles`.`uuid` 13 26 WHERE 14 `rolestousers`.`userid` = '". mysql_real_escape_string($uuid)."'27 `rolestousers`.`userid` = '".$this->userUUID."' 15 28 "; 16 $assignedquery = $db->query($querystatement); 17 while($therecord = $db->fetchArray($assignedquery)) 29 30 $queryresult = $this->db->query($querystatement); 31 32 while($therecord = $this->db->fetchArray($queryresult)) 18 33 echo "<li>".$therecord["name"]."</li>"; 19 }20 34 21 function changePassword($variables,$id,$db){ 22 if(DEMO_ENABLED=="false"){ 23 $querystatement="SELECT id FROM users WHERE id=".$id." AND password=ENCODE(\"".$variables["curPass"]."\",\"".mysql_real_escape_string(ENCRYPTION_SEED)."\")"; 24 $queryresult=$db->query($querystatement); 25 if($queryresult) 26 if ($db->numRows($queryresult)){ 27 $querystatement="UPDATE users SET password=ENCODE(\"".$variables["newPass"]."\",\"".ENCRYPTION_SEED."\") WHERE id=".$id; 28 $queryresult=$db->query($querystatement); 29 return "Password Updated"; 30 } else 31 return "Current Password Incorrect"; 32 } else 33 return "Changing password is disabled in demonstration mode."; 34 } 35 36 function updateContact($variables,$id,$db){ 37 $querystatement="UPDATE users SET email=\"".$variables["email"]."\", phone=\"".$variables["phone"]."\" WHERE id=".$id; 38 $queryresult=$db->query($querystatement); 39 $_SESSION["userinfo"]["email"]=$variables["email"]; 40 $_SESSION["userinfo"]["phone"]=$variables["phone"]; 41 return "Contact Information Updated"; 42 } 35 }//end function displayRoles 43 36 44 37 45 if(isset($_POST["command"])) 46 switch($_POST["command"]){ 47 case "Change Password": 48 $statusmessage=changePassword(addSlashesToArray($_POST),$_SESSION["userinfo"]["id"],$db); 49 break; 50 case "Update Contact": 51 $statusmessage=updateContact(addSlashesToArray($_POST),$_SESSION["userinfo"]["id"],$db); 52 break; 53 default: 54 $statusmessage="\"".$_POST["command"]."\""; 55 break; 56 } 38 function changePassword($oldPassword, $newPassword){ 39 40 if(DEMO_ENABLED !== "false") 41 return "Cannot change password when in demonstration mode."; 42 43 $querystatement = " 44 SELECT 45 `id` 46 FROM 47 `users` 48 WHERE 49 `uuid` = '".$this->userUUID."' 50 AND password = ENCODE('".mysql_real_escape_string($oldPassword)."', '".mysql_real_escape_string(ENCRYPTION_SEED)."')"; 51 52 $queryresult = $this->db->query($querystatement); 53 54 if($this->db->numRows($queryresult)){ 55 56 $updatestatement = " 57 UPDATE 58 `users` 59 SET 60 `password` = ENCODE('".mysql_real_escape_string($newPassword)."', '".mysql_real_escape_string(ENCRYPTION_SEED)."') 61 WHERE 62 `uuid` = '".$this->userUUID."'"; 63 64 $this->db->query($updatestatement); 65 66 return "password changed"; 67 68 }else 69 return "Current password incorrect"; 70 71 }//end function changePassword 72 73 74 function update($variables){ 75 76 $updatestatement = " 77 UPDATE 78 `users` 79 SET 80 `email` = '".mysql_real_escape_string($variables["email"])."', 81 `phone` = '".mysql_real_escape_string($variables["phone"])."' 82 WHERE 83 `uuid` = '".$this->userUUID."'"; 84 85 $this->db->query($updatestatement); 86 87 $_SESSION["userinfo"]["email"] = $variables["email"]; 88 $_SESSION["userinfo"]["phone"] = $variables["phone"]; 89 90 return "Record Updated"; 91 92 }//end function update 93 94 }//end class 95 57 96 ?> -
trunk/phpbms/modules/base/modules_view.php
r703 r704 65 65 66 66 <div class="bodyline"> 67 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="record" onsubmit="return validateForm(this);">67 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]) ?>" method="post" name="record" onsubmit="return validateForm(this);"> 68 68 <h1 id="topTitle"><span><?php echo $pageTitle ?></span></h1> 69 69 -
trunk/phpbms/modules/base/myaccount.php
r703 r704 1 <?php 1 <?php 2 2 /* 3 3 $Rev: 186 $ | $LastChangedBy: brieb $ … … 43 43 require_once("include/myaccount.php"); 44 44 45 $user = new myAccount($db, $_SESSION["userinfo"]["uuid"]); 46 47 if(isset($_POST["command"])){ 48 49 switch($_POST["command"]){ 50 51 case "Change Password": 52 53 if($_POST["newPass"] === $_POST["confirmPass"]) 54 $statusmessage = $user->changePassword($_POST["curPass"], $_POST["newPass"]); 55 else 56 $statusmessage = "New password not confirmed"; 57 break; 58 59 case "Update Contact": 60 61 $statusmessage = $user->update($_POST); 62 break; 63 64 }//endswitch 65 66 }//endif 67 45 68 $pageTitle="My Account"; 46 69 … … 57 80 $theinput = new inputField("phone",$_SESSION["userinfo"]["phone"],"phone/extension",false,"phone",32,64); 58 81 $theform->addField($theinput); 59 82 60 83 $theform->jsMerge(); 61 84 //============================================================== 62 //End Form Elements 63 85 //End Form Elements 86 64 87 include("header.php"); 65 88 ?><div class="bodyline"> 66 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="record" id="record" onsubmit="return false">89 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>" method="post" name="record" id="record" onsubmit="return false"> 67 90 <input type="hidden" id="command" name="command" value=""/> 68 91 69 92 <h1><span><?php echo $pageTitle ?></span></h1> 70 93 … … 73 96 <p id="nameP"><?php echo htmlQuotes($_SESSION["userinfo"]["firstname"]." ".$_SESSION["userinfo"]["lastname"])?></p> 74 97 </fieldset> 75 98 76 99 <fieldset> 77 100 <legend>Change Password</legend> … … 80 103 <input type="password" id="curPass" name="curPass" maxlength="32"/> 81 104 </p> 82 105 83 106 <p> 84 107 <label for="newPass">new password</label><br /> … … 93 116 <button type="button" class="Buttons" onclick="changePass()">Change Password</button> 94 117 </p> 95 118 96 119 <fieldset> 97 120 <legend>Contact Information</legend> 98 121 99 122 <p><?php $theform->showField("email")?></p> 100 123 101 124 <p><?php $theform->showField("phone")?></p> 102 125 103 126 </fieldset> 104 127 <p><button type="button" class="Buttons" onclick="changeContact()">Update Contact Information</button></p> 105 128 106 129 <fieldset> 107 130 <legend>Access / Assigned Roles</legend> 108 131 <ul> 109 <?php 132 <?php 110 133 if($_SESSION["userinfo"]["admin"]) {?><li><strong>Administrator</strong></li><?php } 111 displayRoles($db)134 $user->displayRoles(); 112 135 ?></ul> 113 136 </fieldset> -
trunk/phpbms/modules/base/notes_records.php
r703 r704 70 70 if(!isset($_POST["newsort"])) $_POST["newsort"]=""; 71 71 if(!isset($_POST["desc"])) $_POST["desc"]=""; 72 72 73 73 74 74 if($_POST["newsort"]!="") { … … 81 81 82 82 if($displayTable->querytype!="new" and $displayTable->querytype!="edit") { 83 83 84 84 //record offset? 85 85 if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; … … 96 96 <h1><?php echo $pageTitle ?></h1> 97 97 <div> 98 <form name="search" id="search" action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" onsubmit="setSelIDs(this);return true;">98 <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 99 99 <input name="theids" type="hidden" value="" /> 100 100 <?php -
trunk/phpbms/modules/base/tabledefs_columns.php
r703 r704 203 203 </table></div> 204 204 205 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">205 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 206 206 <fieldset> 207 207 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/base/tabledefs_custom.php
r703 r704 75 75 </form> 76 76 <?php } else { ?> 77 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record">77 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record"> 78 78 79 79 <p id="topSaveP"><button type="button" class="Buttons saveButtons" accesskey="s">save</button></p> -
trunk/phpbms/modules/base/tabledefs_groupings.php
r703 r704 94 94 <?php $groupings->showRecords($allRecords) ?> 95 95 96 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">96 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 97 97 <fieldset> 98 98 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/base/tabledefs_options.php
r703 r704 143 143 ?> 144 144 145 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" id="record" name="record">145 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" id="record" name="record"> 146 146 147 147 <fieldset> -
trunk/phpbms/modules/base/tabledefs_quicksearch.php
r703 r704 158 158 </table> 159 159 </div> 160 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">160 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 161 161 <fieldset> 162 162 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/base/tabledefs_searchfields.php
r703 r704 154 154 </table></div> 155 155 156 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">156 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 157 157 <fieldset> 158 158 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/bms/aritems_aging.php
r702 r704 156 156 $phpbms->showMenu = false; 157 157 158 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);158 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 159 159 160 160 include("header.php"); -
trunk/phpbms/modules/bms/clients_addresses.php
r702 r704 157 157 //record offset? 158 158 if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; 159 159 160 160 $displayTable->issueQuery(); 161 161 … … 171 171 <h1 id="h1Title"><?php echo $pageTitle?></h1> 172 172 173 <form name="search" id="search" action="<?php echo str_replace("&", "&" ,$_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;">173 <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 174 174 <input name="command" id="reset" type="submit"/> 175 175 <input name="theids" id="theids" type="hidden" /> -
trunk/phpbms/modules/bms/clients_credit.php
r702 r704 89 89 90 90 $phpbms->showTabs("clients entry", "tab:5a6ef814-2689-4e3b-2609-db43fb3cc001", ((int) $_GET["id"]));?><div class="bodyline"> 91 <form action="<?php echo str_replace("&","&",$_SERVER["REQUEST_URI"]) ?>"91 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" 92 92 method="post" name="record" id="record"> 93 93 <div id="topButtons"> -
trunk/phpbms/modules/bms/clients_email.php
r702 r704 1 <?php 1 <?php 2 2 /* 3 3 $Rev$ | $LastChangedBy$ … … 41 41 42 42 include("./include/clients_email_include.php"); 43 44 43 44 45 45 $thecommand="showoptions"; 46 46 if(isset($_POST["command"])) $thecommand=$_POST["command"]; 47 47 48 48 switch($thecommand){ 49 49 case "send email": … … 54 54 foreach($_SESSION["emailids"] as $id) 55 55 $whereclause.="clients.id=".$id." or "; 56 $whereclause=substr($whereclause,0,strlen($whereclause)-3); 56 $whereclause=substr($whereclause,0,strlen($whereclause)-3); 57 57 break; 58 58 case "savedsearch": … … 64 64 case "all": 65 65 $whereclause=""; 66 break; 66 break; 67 67 }//end switch 68 68 //next the from: 69 $_SESSION["massemail"]["from"]=str_replace("]",">",str_replace("[","<",$_POST["ds-email"])); 69 $_SESSION["massemail"]["from"]=str_replace("]",">",str_replace("[","<",$_POST["ds-email"])); 70 70 $_SESSION["massemail"]["whereclause"]=$whereclause; 71 71 $_SESSION["massemail"]["subject"]=$_POST["subject"]; 72 72 $_SESSION["massemail"]["body"]=$_POST["body"]; 73 73 $_SESSION["massemail"]["savedproject"]=$_POST["pid"]; 74 74 75 75 $querystatement="SELECT id,email, if(clients.lastname!=\"\",concat(clients.lastname,\", \",clients.firstname,if(clients.company!=\"\",concat(\" (\",clients.company,\")\"),\"\")),clients.company) AS name FROM clients ".$whereclause; 76 76 $sendqueryresult=$db->query($querystatement); 77 77 if(!$sendqueryresult) $error = new appError(300,"Error with: ".$querystatement); 78 78 79 79 break; 80 80 case "delete project": … … 100 100 $thecommand="showoptions"; 101 101 break; 102 102 103 103 case "done": 104 104 case "cancel": 105 105 goURL(APP_PATH."search.php?id=2"); 106 106 107 107 break; 108 108 } 109 110 109 110 111 111 $pageTitle="Client/Prospect E-Mail"; 112 112 113 113 $phpbms->cssIncludes[] = "pages/clientemail.css"; 114 114 $phpbms->jsIncludes[] = "modules/bms/javascript/clientemail.js"; … … 117 117 //============================================================== 118 118 $theform = new phpbmsForm(); 119 119 120 120 if(is_numeric($therecord["emailfrom"])) 121 121 $theid=$therecord["emailfrom"]; 122 122 else 123 123 $theid=0; 124 124 125 125 $theinput = new inputSmartSearch($db, "email", "Pick Active User Email", $theid, "from"); 126 126 $theform->addField($theinput); 127 127 128 128 $theform->jsMerge(); 129 129 //============================================================== 130 130 //End Form Elements 131 131 132 132 if($therecord["emailto"]!="selected" AND $therecord["emailto"]!="all") 133 133 $phpbms->bottomJS[] ='thediv=getObjectFromID("showsavedsearches");thediv.style.display="block"'; … … 135 135 if(!is_numeric($therecord["emailfrom"])) 136 136 $phpbms->bottomJS[] ='thefield=getObjectFromID("ds-email");thefield.value="'.$therecord["emailfrom"].'"'; 137 137 138 138 if($thecommand=="send email"){ 139 140 $phpbms->topJS[]=' 141 ids=new Array(); 139 140 $phpbms->topJS[]=' 141 ids=new Array(); 142 142 emails=new Array(); 143 143 names= new Array();'; 144 144 145 145 while($therecord = $db->fetchArray($sendqueryresult)){ 146 146 $phpbms->topJS[]="ids[ids.length]=".$therecord["id"].";"; 147 147 $phpbms->topJS[]="names[names.length]=\"".$therecord["name"]."\";"; 148 148 $phpbms->topJS[]="emails[emails.length]=\"".$therecord["email"]."\";"; 149 } 149 } 150 150 }//end if 151 151 152 152 include("header.php") 153 153 … … 156 156 <div class="bodyline" id="mainBG"> 157 157 <h1 id="topTitle"><span><?php echo $pageTitle?></span></h1> 158 159 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="theform" id="theform">158 159 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]) ?>" method="post" name="theform" id="theform"> 160 160 <?php if($thecommand=="showoptions") { ?> 161 161 162 162 <input type="hidden" name="pid" id="pid" value="<?php echo $therecord["id"]?>" /> 163 163 <div class="box"> 164 164 165 165 <p id="toP"> 166 <label for="therecords">to</label><br /> 166 <label for="therecords">to</label><br /> 167 167 <select id="therecords" name="therecords" onchange="showSavedSearches(this);"> 168 168 <option value="selected" <?php if ($therecord["emailto"]=="selected") echo "selected=\"selected\""?>>e-mail addresses from selected records (<?php echo count($_SESSION["emailids"]) ?> record<?php if(count($_SESSION["emailids"])>1) echo "s"?>)</option> 169 169 <option value="savedsearch" <?php if ($therecord["emailto"]!="selected" AND $therecord["emailto"]!="all") echo "selected=\"selected\""?>>e-mail addresses from saved search...</option> 170 </select> 170 </select> 171 171 </p> 172 172 <p id="showsavedsearches" > 173 173 <label for="savedsearches">load e-mail addresses from saved search...</label><br /> 174 <?php showSavedSearches($db,$therecord["emailto"]); ?> 175 </p> 176 174 <?php showSavedSearches($db,$therecord["emailto"]); ?> 175 </p> 176 177 177 <div class="fauxP" id="fromDiv"><?php $theform->showField("email")?></div> 178 178 179 179 <p> 180 180 <label for="subject">subject</label><br /> 181 <input type="text" name="subject" id="subject" maxlength="128" value="<?php echo htmlQuotes($therecord["subject"])?>"/> 182 </p> 183 </div> 184 181 <input type="text" name="subject" id="subject" maxlength="128" value="<?php echo htmlQuotes($therecord["subject"])?>"/> 182 </p> 183 </div> 184 185 185 <div class="box"> 186 186 <p> … … 194 194 </p> 195 195 </div> 196 196 197 197 <div class="box"> 198 198 <div id="projectButtons"> … … 205 205 <input type="submit" name="command" id="sendemail" value="send email" class="Buttons" /> 206 206 <input type="submit" name="command" id="cancel" value="cancel" class="Buttons" /> 207 <input type="submit" name="command" id="othercommand" value="" class="Buttons" /> 208 </div> 209 </div> 210 207 <input type="submit" name="command" id="othercommand" value="" class="Buttons" /> 208 </div> 209 </div> 210 211 211 <div id="loadedprojects"> 212 212 <p><?php showSavedProjects($db)?></p> … … 218 218 </div> 219 219 <?php } elseif($thecommand=="send email"){?> 220 220 221 221 <div id="processingWrap"> 222 222 <div class="box"> -
trunk/phpbms/modules/bms/clients_purchasehistory.php
r702 r704 137 137 <h1><?php echo $pageTitle ?></h1> 138 138 139 <form action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" name="record">139 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record"> 140 140 <div class="box"> 141 141 <p class="timelineP"> -
trunk/phpbms/modules/bms/invoices_addedit.php
r703 r704 242 242 243 243 244 ?><form action="<?php echo str_replace("&","&",$_SERVER["REQUEST_URI"]) ?>"244 ?><form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" 245 245 method="post" name="record" id="record"><div id="dontSubmit"><input type="submit" value=" " onclick="return false;" /></div> 246 246 <?php $phpbms->showTabs("invoices entry","tab:20276b44-9cfa-403e-4c2a-ac6f0987ae20",$therecord["id"]);?><div class="bodyline"> -
trunk/phpbms/modules/bms/invoices_discount_ajax.php
r702 r704 40 40 require("../../include/session.php"); 41 41 42 if(!isset($_GET["id"])) $error = new appError(300,"Passed variable not set (id)"); 42 if(!isset($_GET["id"])) 43 $error = new appError(300,"Passed variable not set (id)"); 44 45 $uuid = mysql_real_escape_string($_GET["id"]); 43 46 44 47 $querystatement = " … … 48 51 `discounts` 49 52 WHERE 50 `uuid`='". mysql_real_escape_string($_GET["id"])."'53 `uuid`='".$uuid."' 51 54 "; 52 55 -
trunk/phpbms/modules/bms/invoices_statushistory.php
r702 r704 127 127 $phpbms->showTabs("invoices entry","tab:809d644e-fa40-5ad3-0426-3d84cf15b32e",$_GET["id"]);?><div class="bodyline"> 128 128 <h1><span><?php echo $pageTitle ?></span></h1> 129 <form action="<?PHP echo $_SERVER["REQUEST_URI"]?>" method="post" name="record" onsubmit="return validateForm(this);">129 <form action="<?PHP echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" onsubmit="return validateForm(this);"> 130 130 <p> 131 131 <input accesskey="s" title="(access key+s)" name="command" type="submit" value="update statuses" class="Buttons" <?php if($refrecord["type"]=="Invoice") echo "disabled=\"disabled\""?>/> -
trunk/phpbms/modules/bms/post.php
r702 r704 77 77 78 78 ?><div class="bodyline" id="mainline"> 79 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="record" id="record" onsubmit="return false">79 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>" method="post" name="record" id="record" onsubmit="return false"> 80 80 <input type="hidden" id="cmd" name="cmd" value=""/> 81 81 -
trunk/phpbms/modules/bms/products_addedit.php
r702 r704 145 145 include("header.php"); 146 146 ?> 147 <form action="<?php echo str_replace("&","&",$_SERVER["REQUEST_URI"]) ?>" method="post" enctype="multipart/form-data" name="record" id="record" onsubmit="return false;">147 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" enctype="multipart/form-data" name="record" id="record" onsubmit="return false;"> 148 148 <?php $phpbms->showTabs("products entry","tab:17346362-261b-4d1d-fa77-99e84cfd9b8a",$therecord["id"]);?><div class="bodyline"> 149 149 <input type="hidden" value="" name="command" id="hiddenCommand"/> … … 273 273 thumbnail graphic<br /> 274 274 <?php if($therecord["thumbnailmime"]) {?> 275 <img id="thumbpic" src="<?php echo APP_PATH ?>dbgraphic.php?t=product s&f=thumbnail&mf=thumbnailmime&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" />275 <img id="thumbpic" src="<?php echo APP_PATH ?>dbgraphic.php?t=productThumb&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" /> 276 276 <?php } else {?> 277 277 <div id="noThumb" class="tiny" align="center">no thumbnail</div> … … 286 286 main picture<br /> 287 287 <?php if($therecord["picturemime"]) {?> 288 <img id="picturepic" src="<?php echo APP_PATH ?>dbgraphic.php?t=product s&f=picture&mf=picturemime&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" />288 <img id="picturepic" src="<?php echo APP_PATH ?>dbgraphic.php?t=productPic&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" /> 289 289 <?php } else {?> 290 290 <div id="noPicture" class="tiny" align="center">no picture</div> -
trunk/phpbms/modules/bms/products_prereq.php
r702 r704 132 132 <?php $phpbms->showTabs("products entry","tab:9bfc7eea-5abb-f5d8-763f-f78fe499464d",$_GET["id"]);?><div class="bodyline"> 133 133 <h1><span><?php echo $pageTitle ?></span></h1> 134 <form action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" name="record">134 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record"> 135 135 <input id="deleteid" name="deleteid" type="hidden" value="0" /> 136 136 <input id="command" name="command" type="hidden" value="" /> -
trunk/phpbms/modules/bms/products_saleshistory.php
r702 r704 144 144 $phpbms->showTabs("products entry","tab:cd09d4a1-7d32-e08a-bd6e-5850bc9af88e",$_GET["id"]);?><div class="bodyline"> 145 145 <h1><span><?php echo $pageTitle ?></span></h1> 146 <form action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" name="record">146 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record"> 147 147 <div class="box"> 148 148 <p class="timelineP"> -
trunk/phpbms/modules/bms/receipts_addedit.php
r702 r704 47 47 $backurl .= "?refid=".$_GET["refid"]; 48 48 } 49 49 50 50 if(!isset($_GET["id"])) 51 51 $_GET["id"] = 0; … … 140 140 141 141 ?><div class="bodyline"> 142 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record">142 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record"> 143 143 144 144 <div id="topButtons"><?php showSaveCancel(1); ?></div> -
trunk/phpbms/modules/bms/report/aritems_clientstatement.php
r703 r704 499 499 $phpbms->showMenu = false; 500 500 501 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);501 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 502 502 503 503 $theform = new phpbmsForm(); -
trunk/phpbms/modules/bms/report/aritems_summary.php
r703 r704 434 434 $phpbms->showMenu = false; 435 435 436 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);436 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 437 437 438 438 $theform = new phpbmsForm(); -
trunk/phpbms/modules/bms/report/clients_purchasehistory.php
r703 r704 300 300 include("header.php"); 301 301 ?> 302 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)">302 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)"> 303 303 304 304 <div class="bodyline" id="reportOptions"> -
trunk/phpbms/modules/bms/report/incoming_cashflow.php
r703 r704 536 536 $phpbms->showMenu = false; 537 537 538 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);538 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 539 539 540 540 $theform = new phpbmsForm(); -
trunk/phpbms/modules/bms/report/invoices_totals.php
r703 r704 493 493 <div class="bodyline"> 494 494 <h1>Invoice Total Options</h1> 495 <form id="GroupForm" action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm">495 <form id="GroupForm" action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm"> 496 496 497 497 <fieldset> -
trunk/phpbms/modules/bms/report/lineitems_totals.php
r703 r704 462 462 <div class="bodyline"> 463 463 <h1>Line Items Total Options</h1> 464 <form id="GroupForm" action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm">464 <form id="GroupForm" action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm"> 465 465 466 466 <fieldset> -
trunk/phpbms/modules/bms/report/products_saleshistory.php
r703 r704 313 313 include("header.php"); 314 314 ?> 315 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)">315 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)"> 316 316 317 317 <div class="bodyline" id="reportOptions"> -
trunk/phpbms/modules/mailchimp/report/client_mailchimp_export.php
r703 r704 49 49 function MCReport($db,$variables = NULL){ 50 50 $this->db = $db; 51 51 52 52 //next we do the columns 53 53 $this->addColumn("Email","`email`");//0 … … 56 56 $this->addColumn("Company","`company`");//3 57 57 $this->addColumn("Uuid","`uuid`");//4 58 58 59 59 $this->addColumn("Type","`type`");//5 60 60 $this->addColumn("Id","`id`");//6 61 61 62 62 63 63 if($variables){ … … 68 68 $this->selectcolumns[] = $this->columns[$id]; 69 69 $this->selectcolumns = array_reverse($this->selectcolumns); 70 70 71 71 $this->selecttable = "`clients`"; 72 72 … … 76 76 if($this->whereclause!="") $this->whereclause=" WHERE (".substr($this->whereclause,6).") "; 77 77 }// endif 78 78 79 79 }//end method 80 80 … … 88 88 $this->columns[] = $temp; 89 89 }//end method 90 91 90 91 92 92 function generate(){ 93 93 94 94 $querystatement = "SELECT "; 95 95 foreach($this->selectcolumns as $thecolumn) … … 97 97 $querystatement = substr($querystatement, 0, -1); 98 98 $querystatement .= " FROM ".$this->selecttable.$this->whereclause; 99 99 100 100 $queryresult = $this->db->query($querystatement); 101 101 102 102 $num_fields = $this->db->numFields($queryresult); 103 103 104 104 for($i=0;$i<$num_fields;$i++) 105 105 $this->reportOutput .= ",".$this->db->fieldName($queryresult, $i); … … 123 123 $this->reportOutput = substr($this->reportOutput, 0, strlen($this->reportOutput)-1); 124 124 } 125 126 125 126 127 127 function output(){ 128 128 129 129 header("Content-type: text/plain"); 130 130 header('Content-Disposition: attachment; filename="clients_mailchimp_export.csv"'); 131 131 132 132 echo $this->reportOutput; 133 133 134 134 }//end function --output-- 135 135 136 136 137 137 function showOptions($what){ … … 164 164 <div class="bodyline"> 165 165 <h1>Invoice Total Options</h1> 166 <form id="GroupForm" action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="GroupForm">166 <form id="GroupForm" action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>" method="post" name="GroupForm"> 167 167 168 168 <fieldset> -
trunk/phpbms/modules/recurringinvoices/invoices_recurrence.php
r702 r704 150 150 $phpbms->showTabs("invoices entry","tab:d303321e-7ff5-fe4b-29ec-fe3eb0305576",$_GET["id"]); 151 151 ?><div class="bodyline"> 152 <form action="<?php echo $_SERVER["REQUEST_URI"]?>"152 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" 153 153 method="post" name="record" id="record" 154 154 onsubmit="return false;"> -
trunk/phpbms/report/general_labels.php
r703 r704 144 144 145 145 ?> 146 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"])?>" method="post" name="print_form">146 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" name="print_form"> 147 147 <div class="bodyline" id="reportOptions"> 148 148 … … 475 475 476 476 $report = new pdfLabels($db, $_GET["rid"], $_GET["tid"]); 477 477 478 478 if(!isset($_POST["skipLabels"])) 479 479 $report->displaySkipLabels();
