Changeset 704 for trunk/phpbms/modules
- Timestamp:
- 01/01/10 23:10:02 (2 years ago)
- Location:
- trunk/phpbms/modules
- Files:
-
- 34 modified
-
base/adminsettings.php (modified) (2 diffs)
-
base/attachments_records.php (modified) (2 diffs)
-
base/include/myaccount.php (modified) (2 diffs)
-
base/modules_view.php (modified) (1 diff)
-
base/myaccount.php (modified) (6 diffs)
-
base/notes_records.php (modified) (3 diffs)
-
base/tabledefs_columns.php (modified) (1 diff)
-
base/tabledefs_custom.php (modified) (1 diff)
-
base/tabledefs_groupings.php (modified) (1 diff)
-
base/tabledefs_options.php (modified) (1 diff)
-
base/tabledefs_quicksearch.php (modified) (1 diff)
-
base/tabledefs_searchfields.php (modified) (1 diff)
-
bms/aritems_aging.php (modified) (1 diff)
-
bms/clients_addresses.php (modified) (2 diffs)
-
bms/clients_credit.php (modified) (1 diff)
-
bms/clients_email.php (modified) (11 diffs)
-
bms/clients_purchasehistory.php (modified) (1 diff)
-
bms/invoices_addedit.php (modified) (1 diff)
-
bms/invoices_discount_ajax.php (modified) (2 diffs)
-
bms/invoices_statushistory.php (modified) (1 diff)
-
bms/post.php (modified) (1 diff)
-
bms/products_addedit.php (modified) (3 diffs)
-
bms/products_prereq.php (modified) (1 diff)
-
bms/products_saleshistory.php (modified) (1 diff)
-
bms/receipts_addedit.php (modified) (2 diffs)
-
bms/report/aritems_clientstatement.php (modified) (1 diff)
-
bms/report/aritems_summary.php (modified) (1 diff)
-
bms/report/clients_purchasehistory.php (modified) (1 diff)
-
bms/report/incoming_cashflow.php (modified) (1 diff)
-
bms/report/invoices_totals.php (modified) (1 diff)
-
bms/report/lineitems_totals.php (modified) (1 diff)
-
bms/report/products_saleshistory.php (modified) (1 diff)
-
mailchimp/report/client_mailchimp_export.php (modified) (8 diffs)
-
recurringinvoices/invoices_recurrence.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpbms/modules/base/adminsettings.php
r703 r704 145 145 ?> 146 146 <div class="bodyline"> 147 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" enctype="multipart/form-data" id="record" name="record" onsubmit="return false;">147 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>" method="post" enctype="multipart/form-data" id="record" name="record" onsubmit="return false;"> 148 148 <input type="hidden" id="command" name="command" value="save"/> 149 149 … … 270 270 <div class="fauxP"> 271 271 print logo 272 <div id="graphicHolder"><img alt="logo" src="<?php echo APP_PATH?>dbgraphic.php?t=file s&f=file&mf=type&r=1" /></div>272 <div id="graphicHolder"><img alt="logo" src="<?php echo APP_PATH?>dbgraphic.php?t=file&r=1" /></div> 273 273 </div> 274 274 -
trunk/phpbms/modules/base/attachments_records.php
r703 r704 80 80 $_POST["startnum"]=1; 81 81 } elseif($_POST["desc"]!="") $displayTable->querysortorder.=" DESC"; 82 82 83 83 //record offset? 84 84 if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; … … 94 94 <h1><?php echo $pageTitle ?></h1> 95 95 <div> 96 <form name="search" id="search" action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" onsubmit="setSelIDs(this);return true;">96 <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 97 97 <input name="theids" type="hidden" value="" /> 98 98 <?php -
trunk/phpbms/modules/base/include/myaccount.php
r646 r704 1 1 <?php 2 2 3 function displayRoles($db){4 3 5 $uuid = $_SESSION["userinfo"]["uuid"]; 4 class myAccount{ 5 6 var $db; 7 var $userUUID; 8 9 function myAccount($db, $userUUID){ 10 11 $this->db = $db; 12 13 $this->userUUID = $userUUID; 14 15 }//end function init 16 17 18 function displayRoles(){ 6 19 7 20 $querystatement = " … … 12 25 `roles` INNER JOIN `rolestousers` ON `rolestousers`.`roleid`=`roles`.`uuid` 13 26 WHERE 14 `rolestousers`.`userid` = '". mysql_real_escape_string($uuid)."'27 `rolestousers`.`userid` = '".$this->userUUID."' 15 28 "; 16 $assignedquery = $db->query($querystatement); 17 while($therecord = $db->fetchArray($assignedquery)) 29 30 $queryresult = $this->db->query($querystatement); 31 32 while($therecord = $this->db->fetchArray($queryresult)) 18 33 echo "<li>".$therecord["name"]."</li>"; 19 }20 34 21 function changePassword($variables,$id,$db){ 22 if(DEMO_ENABLED=="false"){ 23 $querystatement="SELECT id FROM users WHERE id=".$id." AND password=ENCODE(\"".$variables["curPass"]."\",\"".mysql_real_escape_string(ENCRYPTION_SEED)."\")"; 24 $queryresult=$db->query($querystatement); 25 if($queryresult) 26 if ($db->numRows($queryresult)){ 27 $querystatement="UPDATE users SET password=ENCODE(\"".$variables["newPass"]."\",\"".ENCRYPTION_SEED."\") WHERE id=".$id; 28 $queryresult=$db->query($querystatement); 29 return "Password Updated"; 30 } else 31 return "Current Password Incorrect"; 32 } else 33 return "Changing password is disabled in demonstration mode."; 34 } 35 36 function updateContact($variables,$id,$db){ 37 $querystatement="UPDATE users SET email=\"".$variables["email"]."\", phone=\"".$variables["phone"]."\" WHERE id=".$id; 38 $queryresult=$db->query($querystatement); 39 $_SESSION["userinfo"]["email"]=$variables["email"]; 40 $_SESSION["userinfo"]["phone"]=$variables["phone"]; 41 return "Contact Information Updated"; 42 } 35 }//end function displayRoles 43 36 44 37 45 if(isset($_POST["command"])) 46 switch($_POST["command"]){ 47 case "Change Password": 48 $statusmessage=changePassword(addSlashesToArray($_POST),$_SESSION["userinfo"]["id"],$db); 49 break; 50 case "Update Contact": 51 $statusmessage=updateContact(addSlashesToArray($_POST),$_SESSION["userinfo"]["id"],$db); 52 break; 53 default: 54 $statusmessage="\"".$_POST["command"]."\""; 55 break; 56 } 38 function changePassword($oldPassword, $newPassword){ 39 40 if(DEMO_ENABLED !== "false") 41 return "Cannot change password when in demonstration mode."; 42 43 $querystatement = " 44 SELECT 45 `id` 46 FROM 47 `users` 48 WHERE 49 `uuid` = '".$this->userUUID."' 50 AND password = ENCODE('".mysql_real_escape_string($oldPassword)."', '".mysql_real_escape_string(ENCRYPTION_SEED)."')"; 51 52 $queryresult = $this->db->query($querystatement); 53 54 if($this->db->numRows($queryresult)){ 55 56 $updatestatement = " 57 UPDATE 58 `users` 59 SET 60 `password` = ENCODE('".mysql_real_escape_string($newPassword)."', '".mysql_real_escape_string(ENCRYPTION_SEED)."') 61 WHERE 62 `uuid` = '".$this->userUUID."'"; 63 64 $this->db->query($updatestatement); 65 66 return "password changed"; 67 68 }else 69 return "Current password incorrect"; 70 71 }//end function changePassword 72 73 74 function update($variables){ 75 76 $updatestatement = " 77 UPDATE 78 `users` 79 SET 80 `email` = '".mysql_real_escape_string($variables["email"])."', 81 `phone` = '".mysql_real_escape_string($variables["phone"])."' 82 WHERE 83 `uuid` = '".$this->userUUID."'"; 84 85 $this->db->query($updatestatement); 86 87 $_SESSION["userinfo"]["email"] = $variables["email"]; 88 $_SESSION["userinfo"]["phone"] = $variables["phone"]; 89 90 return "Record Updated"; 91 92 }//end function update 93 94 }//end class 95 57 96 ?> -
trunk/phpbms/modules/base/modules_view.php
r703 r704 65 65 66 66 <div class="bodyline"> 67 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="record" onsubmit="return validateForm(this);">67 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]) ?>" method="post" name="record" onsubmit="return validateForm(this);"> 68 68 <h1 id="topTitle"><span><?php echo $pageTitle ?></span></h1> 69 69 -
trunk/phpbms/modules/base/myaccount.php
r703 r704 1 <?php 1 <?php 2 2 /* 3 3 $Rev: 186 $ | $LastChangedBy: brieb $ … … 43 43 require_once("include/myaccount.php"); 44 44 45 $user = new myAccount($db, $_SESSION["userinfo"]["uuid"]); 46 47 if(isset($_POST["command"])){ 48 49 switch($_POST["command"]){ 50 51 case "Change Password": 52 53 if($_POST["newPass"] === $_POST["confirmPass"]) 54 $statusmessage = $user->changePassword($_POST["curPass"], $_POST["newPass"]); 55 else 56 $statusmessage = "New password not confirmed"; 57 break; 58 59 case "Update Contact": 60 61 $statusmessage = $user->update($_POST); 62 break; 63 64 }//endswitch 65 66 }//endif 67 45 68 $pageTitle="My Account"; 46 69 … … 57 80 $theinput = new inputField("phone",$_SESSION["userinfo"]["phone"],"phone/extension",false,"phone",32,64); 58 81 $theform->addField($theinput); 59 82 60 83 $theform->jsMerge(); 61 84 //============================================================== 62 //End Form Elements 63 85 //End Form Elements 86 64 87 include("header.php"); 65 88 ?><div class="bodyline"> 66 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="record" id="record" onsubmit="return false">89 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>" method="post" name="record" id="record" onsubmit="return false"> 67 90 <input type="hidden" id="command" name="command" value=""/> 68 91 69 92 <h1><span><?php echo $pageTitle ?></span></h1> 70 93 … … 73 96 <p id="nameP"><?php echo htmlQuotes($_SESSION["userinfo"]["firstname"]." ".$_SESSION["userinfo"]["lastname"])?></p> 74 97 </fieldset> 75 98 76 99 <fieldset> 77 100 <legend>Change Password</legend> … … 80 103 <input type="password" id="curPass" name="curPass" maxlength="32"/> 81 104 </p> 82 105 83 106 <p> 84 107 <label for="newPass">new password</label><br /> … … 93 116 <button type="button" class="Buttons" onclick="changePass()">Change Password</button> 94 117 </p> 95 118 96 119 <fieldset> 97 120 <legend>Contact Information</legend> 98 121 99 122 <p><?php $theform->showField("email")?></p> 100 123 101 124 <p><?php $theform->showField("phone")?></p> 102 125 103 126 </fieldset> 104 127 <p><button type="button" class="Buttons" onclick="changeContact()">Update Contact Information</button></p> 105 128 106 129 <fieldset> 107 130 <legend>Access / Assigned Roles</legend> 108 131 <ul> 109 <?php 132 <?php 110 133 if($_SESSION["userinfo"]["admin"]) {?><li><strong>Administrator</strong></li><?php } 111 displayRoles($db)134 $user->displayRoles(); 112 135 ?></ul> 113 136 </fieldset> -
trunk/phpbms/modules/base/notes_records.php
r703 r704 70 70 if(!isset($_POST["newsort"])) $_POST["newsort"]=""; 71 71 if(!isset($_POST["desc"])) $_POST["desc"]=""; 72 72 73 73 74 74 if($_POST["newsort"]!="") { … … 81 81 82 82 if($displayTable->querytype!="new" and $displayTable->querytype!="edit") { 83 83 84 84 //record offset? 85 85 if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; … … 96 96 <h1><?php echo $pageTitle ?></h1> 97 97 <div> 98 <form name="search" id="search" action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" onsubmit="setSelIDs(this);return true;">98 <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 99 99 <input name="theids" type="hidden" value="" /> 100 100 <?php -
trunk/phpbms/modules/base/tabledefs_columns.php
r703 r704 203 203 </table></div> 204 204 205 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">205 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 206 206 <fieldset> 207 207 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/base/tabledefs_custom.php
r703 r704 75 75 </form> 76 76 <?php } else { ?> 77 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record">77 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record"> 78 78 79 79 <p id="topSaveP"><button type="button" class="Buttons saveButtons" accesskey="s">save</button></p> -
trunk/phpbms/modules/base/tabledefs_groupings.php
r703 r704 94 94 <?php $groupings->showRecords($allRecords) ?> 95 95 96 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">96 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 97 97 <fieldset> 98 98 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/base/tabledefs_options.php
r703 r704 143 143 ?> 144 144 145 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" id="record" name="record">145 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" id="record" name="record"> 146 146 147 147 <fieldset> -
trunk/phpbms/modules/base/tabledefs_quicksearch.php
r703 r704 158 158 </table> 159 159 </div> 160 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">160 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 161 161 <fieldset> 162 162 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/base/tabledefs_searchfields.php
r703 r704 154 154 </table></div> 155 155 156 <form action="<?php echo $_SERVER["PHP_SELF"]."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);">156 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])."?id=".$_GET["id"] ?>" method="post" name="record" onsubmit="return validateForm(this);"> 157 157 <fieldset> 158 158 <legend><?php echo $action?></legend> -
trunk/phpbms/modules/bms/aritems_aging.php
r702 r704 156 156 $phpbms->showMenu = false; 157 157 158 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);158 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 159 159 160 160 include("header.php"); -
trunk/phpbms/modules/bms/clients_addresses.php
r702 r704 157 157 //record offset? 158 158 if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; 159 159 160 160 $displayTable->issueQuery(); 161 161 … … 171 171 <h1 id="h1Title"><?php echo $pageTitle?></h1> 172 172 173 <form name="search" id="search" action="<?php echo str_replace("&", "&" ,$_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;">173 <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 174 174 <input name="command" id="reset" type="submit"/> 175 175 <input name="theids" id="theids" type="hidden" /> -
trunk/phpbms/modules/bms/clients_credit.php
r702 r704 89 89 90 90 $phpbms->showTabs("clients entry", "tab:5a6ef814-2689-4e3b-2609-db43fb3cc001", ((int) $_GET["id"]));?><div class="bodyline"> 91 <form action="<?php echo str_replace("&","&",$_SERVER["REQUEST_URI"]) ?>"91 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" 92 92 method="post" name="record" id="record"> 93 93 <div id="topButtons"> -
trunk/phpbms/modules/bms/clients_email.php
r702 r704 1 <?php 1 <?php 2 2 /* 3 3 $Rev$ | $LastChangedBy$ … … 41 41 42 42 include("./include/clients_email_include.php"); 43 44 43 44 45 45 $thecommand="showoptions"; 46 46 if(isset($_POST["command"])) $thecommand=$_POST["command"]; 47 47 48 48 switch($thecommand){ 49 49 case "send email": … … 54 54 foreach($_SESSION["emailids"] as $id) 55 55 $whereclause.="clients.id=".$id." or "; 56 $whereclause=substr($whereclause,0,strlen($whereclause)-3); 56 $whereclause=substr($whereclause,0,strlen($whereclause)-3); 57 57 break; 58 58 case "savedsearch": … … 64 64 case "all": 65 65 $whereclause=""; 66 break; 66 break; 67 67 }//end switch 68 68 //next the from: 69 $_SESSION["massemail"]["from"]=str_replace("]",">",str_replace("[","<",$_POST["ds-email"])); 69 $_SESSION["massemail"]["from"]=str_replace("]",">",str_replace("[","<",$_POST["ds-email"])); 70 70 $_SESSION["massemail"]["whereclause"]=$whereclause; 71 71 $_SESSION["massemail"]["subject"]=$_POST["subject"]; 72 72 $_SESSION["massemail"]["body"]=$_POST["body"]; 73 73 $_SESSION["massemail"]["savedproject"]=$_POST["pid"]; 74 74 75 75 $querystatement="SELECT id,email, if(clients.lastname!=\"\",concat(clients.lastname,\", \",clients.firstname,if(clients.company!=\"\",concat(\" (\",clients.company,\")\"),\"\")),clients.company) AS name FROM clients ".$whereclause; 76 76 $sendqueryresult=$db->query($querystatement); 77 77 if(!$sendqueryresult) $error = new appError(300,"Error with: ".$querystatement); 78 78 79 79 break; 80 80 case "delete project": … … 100 100 $thecommand="showoptions"; 101 101 break; 102 102 103 103 case "done": 104 104 case "cancel": 105 105 goURL(APP_PATH."search.php?id=2"); 106 106 107 107 break; 108 108 } 109 110 109 110 111 111 $pageTitle="Client/Prospect E-Mail"; 112 112 113 113 $phpbms->cssIncludes[] = "pages/clientemail.css"; 114 114 $phpbms->jsIncludes[] = "modules/bms/javascript/clientemail.js"; … … 117 117 //============================================================== 118 118 $theform = new phpbmsForm(); 119 119 120 120 if(is_numeric($therecord["emailfrom"])) 121 121 $theid=$therecord["emailfrom"]; 122 122 else 123 123 $theid=0; 124 124 125 125 $theinput = new inputSmartSearch($db, "email", "Pick Active User Email", $theid, "from"); 126 126 $theform->addField($theinput); 127 127 128 128 $theform->jsMerge(); 129 129 //============================================================== 130 130 //End Form Elements 131 131 132 132 if($therecord["emailto"]!="selected" AND $therecord["emailto"]!="all") 133 133 $phpbms->bottomJS[] ='thediv=getObjectFromID("showsavedsearches");thediv.style.display="block"'; … … 135 135 if(!is_numeric($therecord["emailfrom"])) 136 136 $phpbms->bottomJS[] ='thefield=getObjectFromID("ds-email");thefield.value="'.$therecord["emailfrom"].'"'; 137 137 138 138 if($thecommand=="send email"){ 139 140 $phpbms->topJS[]=' 141 ids=new Array(); 139 140 $phpbms->topJS[]=' 141 ids=new Array(); 142 142 emails=new Array(); 143 143 names= new Array();'; 144 144 145 145 while($therecord = $db->fetchArray($sendqueryresult)){ 146 146 $phpbms->topJS[]="ids[ids.length]=".$therecord["id"].";"; 147 147 $phpbms->topJS[]="names[names.length]=\"".$therecord["name"]."\";"; 148 148 $phpbms->topJS[]="emails[emails.length]=\"".$therecord["email"]."\";"; 149 } 149 } 150 150 }//end if 151 151 152 152 include("header.php") 153 153 … … 156 156 <div class="bodyline" id="mainBG"> 157 157 <h1 id="topTitle"><span><?php echo $pageTitle?></span></h1> 158 159 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="theform" id="theform">158 159 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]) ?>" method="post" name="theform" id="theform"> 160 160 <?php if($thecommand=="showoptions") { ?> 161 161 162 162 <input type="hidden" name="pid" id="pid" value="<?php echo $therecord["id"]?>" /> 163 163 <div class="box"> 164 164 165 165 <p id="toP"> 166 <label for="therecords">to</label><br /> 166 <label for="therecords">to</label><br /> 167 167 <select id="therecords" name="therecords" onchange="showSavedSearches(this);"> 168 168 <option value="selected" <?php if ($therecord["emailto"]=="selected") echo "selected=\"selected\""?>>e-mail addresses from selected records (<?php echo count($_SESSION["emailids"]) ?> record<?php if(count($_SESSION["emailids"])>1) echo "s"?>)</option> 169 169 <option value="savedsearch" <?php if ($therecord["emailto"]!="selected" AND $therecord["emailto"]!="all") echo "selected=\"selected\""?>>e-mail addresses from saved search...</option> 170 </select> 170 </select> 171 171 </p> 172 172 <p id="showsavedsearches" > 173 173 <label for="savedsearches">load e-mail addresses from saved search...</label><br /> 174 <?php showSavedSearches($db,$therecord["emailto"]); ?> 175 </p> 176 174 <?php showSavedSearches($db,$therecord["emailto"]); ?> 175 </p> 176 177 177 <div class="fauxP" id="fromDiv"><?php $theform->showField("email")?></div> 178 178 179 179 <p> 180 180 <label for="subject">subject</label><br /> 181 <input type="text" name="subject" id="subject" maxlength="128" value="<?php echo htmlQuotes($therecord["subject"])?>"/> 182 </p> 183 </div> 184 181 <input type="text" name="subject" id="subject" maxlength="128" value="<?php echo htmlQuotes($therecord["subject"])?>"/> 182 </p> 183 </div> 184 185 185 <div class="box"> 186 186 <p> … … 194 194 </p> 195 195 </div> 196 196 197 197 <div class="box"> 198 198 <div id="projectButtons"> … … 205 205 <input type="submit" name="command" id="sendemail" value="send email" class="Buttons" /> 206 206 <input type="submit" name="command" id="cancel" value="cancel" class="Buttons" /> 207 <input type="submit" name="command" id="othercommand" value="" class="Buttons" /> 208 </div> 209 </div> 210 207 <input type="submit" name="command" id="othercommand" value="" class="Buttons" /> 208 </div> 209 </div> 210 211 211 <div id="loadedprojects"> 212 212 <p><?php showSavedProjects($db)?></p> … … 218 218 </div> 219 219 <?php } elseif($thecommand=="send email"){?> 220 220 221 221 <div id="processingWrap"> 222 222 <div class="box"> -
trunk/phpbms/modules/bms/clients_purchasehistory.php
r702 r704 137 137 <h1><?php echo $pageTitle ?></h1> 138 138 139 <form action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" name="record">139 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record"> 140 140 <div class="box"> 141 141 <p class="timelineP"> -
trunk/phpbms/modules/bms/invoices_addedit.php
r703 r704 242 242 243 243 244 ?><form action="<?php echo str_replace("&","&",$_SERVER["REQUEST_URI"]) ?>"244 ?><form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" 245 245 method="post" name="record" id="record"><div id="dontSubmit"><input type="submit" value=" " onclick="return false;" /></div> 246 246 <?php $phpbms->showTabs("invoices entry","tab:20276b44-9cfa-403e-4c2a-ac6f0987ae20",$therecord["id"]);?><div class="bodyline"> -
trunk/phpbms/modules/bms/invoices_discount_ajax.php
r702 r704 40 40 require("../../include/session.php"); 41 41 42 if(!isset($_GET["id"])) $error = new appError(300,"Passed variable not set (id)"); 42 if(!isset($_GET["id"])) 43 $error = new appError(300,"Passed variable not set (id)"); 44 45 $uuid = mysql_real_escape_string($_GET["id"]); 43 46 44 47 $querystatement = " … … 48 51 `discounts` 49 52 WHERE 50 `uuid`='". mysql_real_escape_string($_GET["id"])."'53 `uuid`='".$uuid."' 51 54 "; 52 55 -
trunk/phpbms/modules/bms/invoices_statushistory.php
r702 r704 127 127 $phpbms->showTabs("invoices entry","tab:809d644e-fa40-5ad3-0426-3d84cf15b32e",$_GET["id"]);?><div class="bodyline"> 128 128 <h1><span><?php echo $pageTitle ?></span></h1> 129 <form action="<?PHP echo $_SERVER["REQUEST_URI"]?>" method="post" name="record" onsubmit="return validateForm(this);">129 <form action="<?PHP echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" onsubmit="return validateForm(this);"> 130 130 <p> 131 131 <input accesskey="s" title="(access key+s)" name="command" type="submit" value="update statuses" class="Buttons" <?php if($refrecord["type"]=="Invoice") echo "disabled=\"disabled\""?>/> -
trunk/phpbms/modules/bms/post.php
r702 r704 77 77 78 78 ?><div class="bodyline" id="mainline"> 79 <form action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="record" id="record" onsubmit="return false">79 <form action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>" method="post" name="record" id="record" onsubmit="return false"> 80 80 <input type="hidden" id="cmd" name="cmd" value=""/> 81 81 -
trunk/phpbms/modules/bms/products_addedit.php
r702 r704 145 145 include("header.php"); 146 146 ?> 147 <form action="<?php echo str_replace("&","&",$_SERVER["REQUEST_URI"]) ?>" method="post" enctype="multipart/form-data" name="record" id="record" onsubmit="return false;">147 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" enctype="multipart/form-data" name="record" id="record" onsubmit="return false;"> 148 148 <?php $phpbms->showTabs("products entry","tab:17346362-261b-4d1d-fa77-99e84cfd9b8a",$therecord["id"]);?><div class="bodyline"> 149 149 <input type="hidden" value="" name="command" id="hiddenCommand"/> … … 273 273 thumbnail graphic<br /> 274 274 <?php if($therecord["thumbnailmime"]) {?> 275 <img id="thumbpic" src="<?php echo APP_PATH ?>dbgraphic.php?t=product s&f=thumbnail&mf=thumbnailmime&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" />275 <img id="thumbpic" src="<?php echo APP_PATH ?>dbgraphic.php?t=productThumb&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" /> 276 276 <?php } else {?> 277 277 <div id="noThumb" class="tiny" align="center">no thumbnail</div> … … 286 286 main picture<br /> 287 287 <?php if($therecord["picturemime"]) {?> 288 <img id="picturepic" src="<?php echo APP_PATH ?>dbgraphic.php?t=product s&f=picture&mf=picturemime&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" />288 <img id="picturepic" src="<?php echo APP_PATH ?>dbgraphic.php?t=productPic&r=<?php echo $therecord["id"]?>" style="border: 1px solid black; display: block; margin: 3px;;" /> 289 289 <?php } else {?> 290 290 <div id="noPicture" class="tiny" align="center">no picture</div> -
trunk/phpbms/modules/bms/products_prereq.php
r702 r704 132 132 <?php $phpbms->showTabs("products entry","tab:9bfc7eea-5abb-f5d8-763f-f78fe499464d",$_GET["id"]);?><div class="bodyline"> 133 133 <h1><span><?php echo $pageTitle ?></span></h1> 134 <form action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" name="record">134 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record"> 135 135 <input id="deleteid" name="deleteid" type="hidden" value="0" /> 136 136 <input id="command" name="command" type="hidden" value="" /> -
trunk/phpbms/modules/bms/products_saleshistory.php
r702 r704 144 144 $phpbms->showTabs("products entry","tab:cd09d4a1-7d32-e08a-bd6e-5850bc9af88e",$_GET["id"]);?><div class="bodyline"> 145 145 <h1><span><?php echo $pageTitle ?></span></h1> 146 <form action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" name="record">146 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record"> 147 147 <div class="box"> 148 148 <p class="timelineP"> -
trunk/phpbms/modules/bms/receipts_addedit.php
r702 r704 47 47 $backurl .= "?refid=".$_GET["refid"]; 48 48 } 49 49 50 50 if(!isset($_GET["id"])) 51 51 $_GET["id"] = 0; … … 140 140 141 141 ?><div class="bodyline"> 142 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record">142 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record"> 143 143 144 144 <div id="topButtons"><?php showSaveCancel(1); ?></div> -
trunk/phpbms/modules/bms/report/aritems_clientstatement.php
r703 r704 499 499 $phpbms->showMenu = false; 500 500 501 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);501 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 502 502 503 503 $theform = new phpbmsForm(); -
trunk/phpbms/modules/bms/report/aritems_summary.php
r703 r704 434 434 $phpbms->showMenu = false; 435 435 436 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);436 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 437 437 438 438 $theform = new phpbmsForm(); -
trunk/phpbms/modules/bms/report/clients_purchasehistory.php
r703 r704 300 300 include("header.php"); 301 301 ?> 302 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)">302 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)"> 303 303 304 304 <div class="bodyline" id="reportOptions"> -
trunk/phpbms/modules/bms/report/incoming_cashflow.php
r703 r704 536 536 $phpbms->showMenu = false; 537 537 538 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']);538 $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 539 539 540 540 $theform = new phpbmsForm(); -
trunk/phpbms/modules/bms/report/invoices_totals.php
r703 r704 493 493 <div class="bodyline"> 494 494 <h1>Invoice Total Options</h1> 495 <form id="GroupForm" action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm">495 <form id="GroupForm" action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm"> 496 496 497 497 <fieldset> -
trunk/phpbms/modules/bms/report/lineitems_totals.php
r703 r704 462 462 <div class="bodyline"> 463 463 <h1>Line Items Total Options</h1> 464 <form id="GroupForm" action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm">464 <form id="GroupForm" action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="GroupForm"> 465 465 466 466 <fieldset> -
trunk/phpbms/modules/bms/report/products_saleshistory.php
r703 r704 313 313 include("header.php"); 314 314 ?> 315 <form action="<?php echo str_replace("&", "&",$_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)">315 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]); ?>" method="post" name="totals" onsubmit="return validateForm(this)"> 316 316 317 317 <div class="bodyline" id="reportOptions"> -
trunk/phpbms/modules/mailchimp/report/client_mailchimp_export.php
r703 r704 49 49 function MCReport($db,$variables = NULL){ 50 50 $this->db = $db; 51 51 52 52 //next we do the columns 53 53 $this->addColumn("Email","`email`");//0 … … 56 56 $this->addColumn("Company","`company`");//3 57 57 $this->addColumn("Uuid","`uuid`");//4 58 58 59 59 $this->addColumn("Type","`type`");//5 60 60 $this->addColumn("Id","`id`");//6 61 61 62 62 63 63 if($variables){ … … 68 68 $this->selectcolumns[] = $this->columns[$id]; 69 69 $this->selectcolumns = array_reverse($this->selectcolumns); 70 70 71 71 $this->selecttable = "`clients`"; 72 72 … … 76 76 if($this->whereclause!="") $this->whereclause=" WHERE (".substr($this->whereclause,6).") "; 77 77 }// endif 78 78 79 79 }//end method 80 80 … … 88 88 $this->columns[] = $temp; 89 89 }//end method 90 91 90 91 92 92 function generate(){ 93 93 94 94 $querystatement = "SELECT "; 95 95 foreach($this->selectcolumns as $thecolumn) … … 97 97 $querystatement = substr($querystatement, 0, -1); 98 98 $querystatement .= " FROM ".$this->selecttable.$this->whereclause; 99 99 100 100 $queryresult = $this->db->query($querystatement); 101 101 102 102 $num_fields = $this->db->numFields($queryresult); 103 103 104 104 for($i=0;$i<$num_fields;$i++) 105 105 $this->reportOutput .= ",".$this->db->fieldName($queryresult, $i); … … 123 123 $this->reportOutput = substr($this->reportOutput, 0, strlen($this->reportOutput)-1); 124 124 } 125 126 125 126 127 127 function output(){ 128 128 129 129 header("Content-type: text/plain"); 130 130 header('Content-Disposition: attachment; filename="clients_mailchimp_export.csv"'); 131 131 132 132 echo $this->reportOutput; 133 133 134 134 }//end function --output-- 135 135 136 136 137 137 function showOptions($what){ … … 164 164 <div class="bodyline"> 165 165 <h1>Invoice Total Options</h1> 166 <form id="GroupForm" action="<?php echo $_SERVER["PHP_SELF"]?>" method="post" name="GroupForm">166 <form id="GroupForm" action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>" method="post" name="GroupForm"> 167 167 168 168 <fieldset> -
trunk/phpbms/modules/recurringinvoices/invoices_recurrence.php
r702 r704 150 150 $phpbms->showTabs("invoices entry","tab:d303321e-7ff5-fe4b-29ec-fe3eb0305576",$_GET["id"]); 151 151 ?><div class="bodyline"> 152 <form action="<?php echo $_SERVER["REQUEST_URI"]?>"152 <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" 153 153 method="post" name="record" id="record" 154 154 onsubmit="return false;">
