[Ispbill-devel] ispbill/admin config.php, 1.3, 1.4 man_account.php, 1.2, 1.3 man_uacl.php, 1.2, 1.3
Brought to you by:
mjgreen
From: Martin J. G. <mj...@us...> - 2008-07-21 18:12:46
|
Update of /cvsroot/ispbill/ispbill/admin In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv9763/admin Modified Files: config.php man_account.php man_uacl.php showprofile.php viewbill.php Log Message: permissions added Index: config.php =================================================================== RCS file: /cvsroot/ispbill/ispbill/admin/config.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** config.php 27 Mar 2008 12:23:38 -0000 1.3 --- config.php 21 Jul 2008 18:12:35 -0000 1.4 *************** *** 151,153 **** ?> - --- 151,152 ---- Index: showprofile.php =================================================================== RCS file: /cvsroot/ispbill/ispbill/admin/showprofile.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** showprofile.php 18 Jul 2008 20:03:36 -0000 1.6 --- showprofile.php 21 Jul 2008 18:12:35 -0000 1.7 *************** *** 178,182 **** echo ("<td><div class='darkdata'><b>$lDomain</b></div></td>\n"); echo ("<td><div class='darkdata'><b>$lNextDateBilled</b></div></td>\n"); ! echo ("<td colspan='2'><div class='darkdata'><b>$lActions</b></div></td>\n"); echo ("</tr>\n"); $class = 'even'; --- 178,191 ---- echo ("<td><div class='darkdata'><b>$lDomain</b></div></td>\n"); echo ("<td><div class='darkdata'><b>$lNextDateBilled</b></div></td>\n"); ! ! if ((array_key_exists('CanEditAccount', $_SESSION['sess_acl'])) && (array_key_exists('CanCloseAccount', $_SESSION['sess_acl']))) ! { ! echo "<td colspan='2'><div class='darkdata'><b>$lActions</b></div></td>\n"; ! } ! else if ((array_key_exists('CanEditAccount', $_SESSION['sess_acl'])) || (array_key_exists('CanCloseAccount', $_SESSION['sess_acl']))) ! { ! echo "<td><div class='darkdata'><b>$lActions</b></div></td>\n"; ! } ! echo ("</tr>\n"); $class = 'even'; *************** *** 208,221 **** printf("<td>%s</td>\n", $domainlst); printf("<td>%s</td>\n", $nextdue); printf("<td>\n<form action='man_account.php' method=\"post\">\n"); printf("<input type='hidden' name='action' value='edit' />\n"); printf("<input type='hidden' name='accountid' value='$account_row[accountid]' />\n"); printf("<input type='image' src='../images/edit.png' alt='$lEditAccount' title='$lEditAccount' /></form>\n</td>\n"); printf("<td>\n<form action='man_account.php' method=\"post\">\n"); ! printf("<input type='hidden' name='action' value='deleteaccount' />\n"); ! printf("<input type='hidden' name='accountid' value='$account_row[accountid]' />\n"); ! printf("<input type='hidden' name='customerid' value='$account_row[customerid]' />\n"); ! printf("<input type='image' src='../images/delete.png' alt='$lDeleteAccount' title='$lDeleteAccount' /></form>\n"); printf("</td>"); printf("</tr>\n"); } --- 217,236 ---- printf("<td>%s</td>\n", $domainlst); printf("<td>%s</td>\n", $nextdue); + + if (array_key_exists('CanEditAccount', $_SESSION['sess_acl'])) { /* User can edit accounts */ printf("<td>\n<form action='man_account.php' method=\"post\">\n"); printf("<input type='hidden' name='action' value='edit' />\n"); printf("<input type='hidden' name='accountid' value='$account_row[accountid]' />\n"); printf("<input type='image' src='../images/edit.png' alt='$lEditAccount' title='$lEditAccount' /></form>\n</td>\n"); + } + + if (array_key_exists('CanCloseAccount', $_SESSION['sess_acl'])) { printf("<td>\n<form action='man_account.php' method=\"post\">\n"); ! printf("<input type='hidden' name='action' value='closeaccount' />\n"); ! printf("<input type='hidden' name='accountid' value=\"".$account_row['accountid']."\" />\n"); ! printf("<input type='hidden' name='customerid' value=\"".$account_row['customerid']."\" />\n"); ! printf("<input type='image' src='../images/delete.png' alt='$lCloseAccount' title='$lCloseAccount' /></form>\n"); printf("</td>"); + } printf("</tr>\n"); } *************** *** 526,529 **** --- 541,545 ---- printf("</form>\n</td>\n"); } + if (array_key_exists('CanCloseTicket', $_SESSION['sess_acl'])) { printf("<td align='center'>\n<form action=\"man_ticket.php\" method=\"post\">\n"); printf("<input type=\"hidden\" name=\"action\" value=\"closeticket\" />\n"); *************** *** 533,536 **** --- 549,553 ---- printf("</form>\n"); printf("</td>\n"); + } printf("</tr>\n"); } Index: man_uacl.php =================================================================== RCS file: /cvsroot/ispbill/ispbill/admin/man_uacl.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** man_uacl.php 18 Jul 2008 14:42:09 -0000 1.2 --- man_uacl.php 21 Jul 2008 18:12:35 -0000 1.3 *************** *** 163,183 **** beginPrettyTable("4", $html); beginBorderedTable(4); ! echo "<tr class='small'><td><b>ACL</b></td><td><b>Description</b></td>\n</tr>\n"; ! echo "<tr class='odd'><td> </td><td>ACL values may be 'string' or</td>\n</tr>\n"; ! echo "<tr class='odd'><td> </td><td>'string:value' to set ACL to something other than 1</td>\n</tr>\n"; ! echo "<tr class='odd'><td> </td><td><b>User may need to logout & login before some settings will take effect</b></td>\n</tr>\n"; ! echo "<tr class='odd'><td>admin</td><td>Enables full control on admin DB site</td>\n</tr>\n"; ! echo "<tr class='odd'><td>admin:0</td><td>Disables admin control</td>\n</tr>\n"; ! echo "<tr class='odd'><td>debug:yes</td><td>Turns on various debugging items</td>\n</tr>\n"; echo "<tr class='odd'><td>debug_dest:html</td><td>Writes debugging as html comments</td>\n</tr>\n"; echo "<tr class='odd'><td>debug_dest:syslog</td><td>Writes debugging to the syslog</td>\n</tr>\n"; ! echo "<tr class='odd'><td>Main_HotTicket</td><td>Enables ticket view on main page</td>\n</tr>\n"; ! echo "<tr class='odd'><td>noacl</td><td>Disables ACL control for account</td>\n</tr>\n"; ! echo "<tr class='odd'><td>Taxes:[value]</td><td>Sets default tax for all objects</td>\n</tr>\n"; ! echo "<tr class='odd'><td>Language:[value]</td><td>Sets default language for all objects\n </td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanEditTicket</td><td>User can change the details of a ticket\n </td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanEditEvent</td><td>User can change the details of an event\n </td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanDeleteEvent</td><td>User can delete an event\n </td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanDeleteCustomer</td><td>User can delete customers\n </td>\n </tr>\n"; endBorderedTable(); endPrettyTable(); --- 163,181 ---- beginPrettyTable("4", $html); beginBorderedTable(4); ! echo "<tr class='small'><td>ACL</td><td>Description</td>\n</tr>\n"; ! echo "<tr class=\"small\"><td colspan=\"2\">User may need to logout & login before some settings will take effect</td>\n</tr>\n"; ! echo "<tr class='odd'><td>admin</td><td>$lACLAdmin</td>\n</tr>\n"; ! echo "<tr class='odd'><td>debug</td><td>$lACLDebug</td>\n</tr>\n"; echo "<tr class='odd'><td>debug_dest:html</td><td>Writes debugging as html comments</td>\n</tr>\n"; echo "<tr class='odd'><td>debug_dest:syslog</td><td>Writes debugging to the syslog</td>\n</tr>\n"; ! echo "<tr class='odd'><td>Main_HotTicket</td><td>$lACLHotTicket</td>\n</tr>\n"; ! echo "<tr class='odd'><td>CanEditTicket</td><td>$lACLEditTicket</td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanCloseTicket</td><td>$lACLCloseTicket</td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanEditEvent</td><td>$lACLEditEvent</td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanDeleteEvent</td><td>User can delete events\n </td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanCloseCustomer</td><td>User can delete customers\n </td>\n </tr>\n"; /* This shouldn't be part of normal functionality */ ! echo "<tr class='odd'><td>CanEditAccount</td><td>User can edit accounts\n </td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanCloseAccount</td><td>User can close accounts\n </td>\n </tr>\n"; ! echo "<tr class='odd'><td>CanEditCustomer</td><td>User can edit customer details\n </td>\n </tr>\n"; endBorderedTable(); endPrettyTable(); Index: viewbill.php =================================================================== RCS file: /cvsroot/ispbill/ispbill/admin/viewbill.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** viewbill.php 18 Jul 2008 20:03:36 -0000 1.3 --- viewbill.php 21 Jul 2008 18:12:40 -0000 1.4 *************** *** 1,10 **** ! <?php /* * $Id$ */ session_start(); require("cwispy.php"); require("../security/hybrid.php"); ! browsercheck(); $inv_total = null; --- 1,11 ---- ! <? /* * $Id$ + * */ session_start(); require("cwispy.php"); require("../security/hybrid.php"); ! header("Content-type: text/html; charset=$htmlcharset"); $inv_total = null; *************** *** 27,35 **** $configuration = $conf_result->fetchRow(); - if (PEAR::isError($paypal_result = $db->query("SELECT * from paypalconfig"))) - exit ( $lDBError .' '. $paypal_result->getDebugInfo() ); - - $paypal_row = $paypal_result->fetchRow(); - if(PEAR::isError($result = $db->query("SELECT * FROM invoices WHERE invoiceid='$_POST[invoiceid]'"))) exit ($lDBError . ' ' . $result->getDebugInfo() ); --- 28,31 ---- *************** *** 63,70 **** $taxes_total = 0; $invset = null; ! $lineitems = "<tr><th>$lDescription</th><th>$lTaxTag</th><th>$lAmount</th><th>$lTotal</th></tr>"; - $amount_x = 0; - $paypal_amountx = null; while ($invoices = $inv_result->fetchRow()) { --- 59,64 ---- $taxes_total = 0; $invset = null; ! $lineitems = "<tr bgcolor='Navy'><th><font color='white'>$lDescription</font></th><th><font color='white'>$lTaxTag</font></th><th><font color='white'>$lAmount</font></th><th><font color='white'>$lTotal</font></th></tr>"; while ($invoices = $inv_result->fetchRow()) { *************** *** 82,87 **** $lineitems .= $lCurrency.$invoices["amount"]."</td><td align='right'>"; $lineitems .= $lCurrency.sprintf("%.2f",($invoices["taxes"]+$invoices["amount"]))."</td></tr>\n"; ! } ! $lineitems .= "<tr><td colspan='3'><b>$lTotal</b></td><td align='right'>"; $lineitems .= $lCurrency.sprintf("%.2f",($taxes_total+$inv_total))."</td></tr>"; --- 76,81 ---- $lineitems .= $lCurrency.$invoices["amount"]."</td><td align='right'>"; $lineitems .= $lCurrency.sprintf("%.2f",($invoices["taxes"]+$invoices["amount"]))."</td></tr>\n"; ! } ! $lineitems .= "<tr><td colspan='3'><b>$lTotal</b></td><td align='right'>"; // ".$lCurrency.$taxes_total."</td><td align='right'>".$lCurrency.$inv_total."</td><td align='right'>"; $lineitems .= $lCurrency.sprintf("%.2f",($taxes_total+$inv_total))."</td></tr>"; *************** *** 94,221 **** $htmlmessage = null; ! $balance = $customer['balance']; ! $prevbal = null; ! if ($balance < 0) { ! $prevbal .= "Due"; ! } else { ! $prevbal .= "Credit"; ! } ! $invoicedetails = "<tr><th>$lInvoiceNumber</th><th>$lInvoiceDate</th><th>$lDueDate</th><th>$lBalance $prevbal</th><tr>"; ! $invoicedetails .= "<tr><td align='right'>$InvoiceID</td><td align='right'>$Date</td><td align='right'>$DueDate</td><td align='right'>$lCurrency".sprintf("%.2f", abs($customer["balance"])); - $invoicedetails .+ "</td></tr>"; - $fullname = $customer["first"]." ".$customer["mid"]." ".$customer["last"]; - - $paypalbutton = "<form action=\""; - if ( ($paypal_row['enabled'] == 1) && ( $paypal_row['use_sandbox'] == 1) ) - { $paypalbutton .= "https://".$paypal_row['sandbox_url']; } - else - { $paypalbutton .= "https://".$paypal_row['url']; } - $paypalbutton .= "\" method=\"post\"> - <input type=\"hidden\" name=\"cmd\" value=\"_xclick\"><br /> - <input type=\"hidden\" name=\"business\" value=\""; - - /* if ( ($paypal_row['enabled'] == 1) && ( $paypal_row['use_sandbox'] == 1) ) - { $paypalbutton .= $paypal_row['sandbox_email']; } - else - { $paypalbutton .= $paypal_row['email']; } - $paypalbutton .= "\"> - <input type=\"hidden\" name=\"upload\" value=\"1\"> - <input type=\"hidden\" name=\"notify_url\" value=\"http://www.2000cn.com.au/~crispy/cwispy2/admin/paypal.php\"> - <input type=\"hidden\" name=\"return\" value=\"http://www.2000cn.com.au/~crispy/cwispy2/customer/paypal.php\"> - <input type=\"hidden\" name=\"rm\" value=\"1\"> - <input type=\"hidden\" name=\"cancel_return\" value=\"http://localhost/cwispy2/customer/\"> - <input type=\"hidden\" name=\"item_name\" value=\"Payment for CustomerID $_POST[customerid], Invoice Number $InvoiceID\"> - <input type=\"hidden\" name=\"amount\" value=\"$grandtotal\"> - <input type=\"hidden\" name=\"custom\" value=\"$_POST[customerid]\"> - <input type=\"hidden\" name=\"invoice\" value=\"$InvoiceID\"> - <input type=\"hidden\" name=\"currency_code\" value=\"$paypal_row[currency]\"> - <input type=\"hidden\" name=\"no_note\" value=\"1\"> - <!-- <input type=\"submit\" value=\"PayPal\"> --> - <input type=\"image\" value='submit' src=\"https://www.paypal.com/en_US/i/btn/x-click-but6.gif\"></form>"; - */ - - $pattern[0] = "/\[INVOICENUMBER\]/"; ! $replacement[0] = $InvoiceID; ! ! $pattern[1] = "/\[INVOICEDATE\]/"; ! $replacement[1] = $Date; ! ! $pattern[2] = "/\[DUEDATE\]/"; ! ! $replacement[2] = $DueDate; ! ! $pattern[32] = "/\[PREVIOUSBALANCE\]/"; ! $previousbalance = $lCurrency.sprintf("%.2f", abs($customer["balance"])); ! $previousbalance = str_replace("$", "\\$", $previousbalance); ! $replacement[32] = $previousbalance." ".$prevbal; ! ! $pattern[3] = "/\[CUSTOMERNAME\]/"; ! $replacement[3] = $customer["first"]." ".$customer["mid"]." ".$customer["last"]; if($customer["company"] != "") { ! $pattern[4] = "/\[CUSTOMERCOMPANYNAME\]/"; ! $replacement[4] = $customer["company"]; } else { ! $pattern[4] = "/\[CUSTOMERCOMPANYNAME\]/"; ! $replacement[4] = ""; } ! $pattern[5] = "/\[CUSTOMERADDRESS\]/"; ! $replacement[5] = $customer["address"]; ! $pattern[6] = "/\[CUSTOMERCITY\]/"; ! $replacement[6] = $customer["city"]; ! ! $pattern[7] = "/\[CUSTOMERSTATE\]/"; ! $replacement[7] = $customer["state"]; ! ! $pattern[8] = "/\[CUSTOMERPOSTCODE\]/"; ! $replacement[8] = $customer["zip"]; ! ! $pattern[9] = "/\[INVOICEDETAIL\]/"; $invoicedetails = str_replace("$", "\\$", $invoicedetails); ! $replacement[9] = $invoicedetails; ! ! $pattern[10] = "/\[LINEITEMS\]/"; $lineitems = str_replace("$", "\\$", $lineitems); ! $replacement[10] = $lineitems; ! ! $invcost = $lCurrency.sprintf("%.2f",$inv_total); ! $invcost = str_replace("$", "\\$", $invcost); ! $pattern[11] = "/\[INVOICECOST\]/"; ! $replacement[11] = $invcost; ! ! $taxcost = $lCurrency.sprintf("%.2f",$taxes_total); ! $taxcost = str_replace("$", "\\$", $taxcost); ! $pattern[12] = "/\[TAXCOST\]/"; ! $replacement[12] = $taxcost; ! ! $total = $lCurrency.sprintf("%.2f",($taxes_total+$inv_total)); ! $total = str_replace("$", "\\$", $total); ! $pattern[13] = "/\[GRANDTOTAL\]/"; ! $replacement[13] = $total; ! /* ! $pattern[14] = "/\[PAYPAL\]/"; ! $replacement[14] = $paypalbutton; ! */ ! $htmlmessage .= preg_replace($pattern, $replacement, stripslashes($billing['header']) ); ! $htmlmessage .= preg_replace($pattern, $replacement, stripslashes($billing['footer']) ); - echo $htmlmessage; ! } } else { ! /* Viewing bills requires a customerid */ echo "An error has occured. You may wish to contact your system administrator."; ! } die(); ! /* Dump Bill Header and Footer HTML */ ! /* Is this code no longer used? ! */ function show_bill_html($btype,$BillID,$title) { global $db; --- 88,136 ---- $htmlmessage = null; ! $invoicedetails = "<tr bgcolor='Navy'><th><font color='white'>$lInvoiceNumber</font></th><th><font color='white'>$lInvoiceDate</font></th><th><font color='white'>$lDueDate</font></th><th><font color='white'>$lBalance</font></th><tr>"; ! $invoicedetails .= "<tr><td align='right'>$InvoiceID</td><td align='right'>$Date</td><td align='right'>$DueDate</td><td align='right'>".$lCurrency.sprintf("%.2f", abs($customer["balance"]))."</td></tr>"; $fullname = $customer["first"]." ".$customer["mid"]." ".$customer["last"]; $pattern[0] = "/\[INVOICENUMBER\]/"; ! $replacement[0] = $invoices["invoiceid"]; ! $pattern[1] = "/\[CUSTOMERNAME\]/"; ! $replacement[1] = $customer["first"]." ".$customer["mid"]." ".$customer["last"]; if($customer["company"] != "") { ! $pattern[2] = "/\[CUSTOMERCOMPANYNAME\]/"; ! $replacement[2] = "<tr><td> </td><td>".$customer["company"]."</td></tr>"; } else { ! $pattern[2] = "/\[CUSTOMERCOMPANYNAME\]/"; ! $replacement[2] = ""; } ! $pattern[3] = "/\[CUSTOMERADDRESS\]/"; ! $replacement[3] = $customer["address"]; ! $pattern[4] = "/\[CUSTOMERCITY\]/"; ! $replacement[4] = $customer["city"]; ! $pattern[5] = "/\[CUSTOMERSTATE\]/"; ! $replacement[5] = $customer["state"]; ! $pattern[6] = "/\[CUSTOMERPOSTCODE\]/"; ! $replacement[6] = $customer["zip"]; ! $pattern[7] = "/\[INVOICEDETAIL\]/"; $invoicedetails = str_replace("$", "\\$", $invoicedetails); ! $replacement[7] = $invoicedetails; ! $pattern[8] = "/\[LINEITEMS\]/"; $lineitems = str_replace("$", "\\$", $lineitems); ! $replacement[8] = $lineitems; + $htmlmessage .= preg_replace($pattern, $replacement, $billing['header'] ); + $htmlmessage .= $billing['footer']; echo $htmlmessage; ! } // END if(isset($_POST[InvoiceID])) } else { ! // Viewing bills requires a CustomerID echo "An error has occured. You may wish to contact your system administrator."; ! } // END if(isset($_POST[CustomerID])) die(); ! // Dump Bill Header and Footer HTML function show_bill_html($btype,$BillID,$title) { global $db; Index: man_account.php =================================================================== RCS file: /cvsroot/ispbill/ispbill/admin/man_account.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** man_account.php 18 Jul 2008 15:23:46 -0000 1.2 --- man_account.php 21 Jul 2008 18:12:35 -0000 1.3 *************** *** 61,78 **** } ! /* Confirm account deletion */ ! if (isset($_POST['action']) && ($_POST['action'] == "deleteaccount")) { ! beginPrettyTable("2", $lConfirmDeleteAccount); beginBorderedTable("2"); ! echo "<tr><td colspan='2'><b>".$lConfirmDeleteAccount." ".$_POST['accountid']."</b>"; ! echo "<tr><td><div style='data'>".$lConfirmDeleteAccount." ".$_POST['accountid']; echo "</div></td><td>"; echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>\n"; ! echo "<input type='hidden' name='action' value='deleteaccount2' />\n"; echo "<input type='hidden' name='accountid' value='".$_POST['accountid']."' />\n"; echo "<input type='hidden' name='customerid' value='".$_POST['customerid']."' />\n"; ! echo "<input type='image' value='submit' src='../images/tick.png' alt='Delete' />\n"; echo "</form></td></tr>\n"; echo "<tr><td><div style='data'>Go Back</div></td>\n"; --- 61,78 ---- } ! /* Confirm closing account */ ! if (isset($_POST['action']) && ($_POST['action'] == "closeaccount")) { ! beginPrettyTable("2", $lConfirmCloseAccount); beginBorderedTable("2"); ! echo "<tr><td colspan='2'><b>".$lConfirmCloseAccount." ".$_POST['accountid']."</b>"; ! echo "<tr><td><div style='data'>".$lConfirmCloseAccount." ".$_POST['accountid']; echo "</div></td><td>"; echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>\n"; ! echo "<input type='hidden' name='action' value='closeaccount2' />\n"; echo "<input type='hidden' name='accountid' value='".$_POST['accountid']."' />\n"; echo "<input type='hidden' name='customerid' value='".$_POST['customerid']."' />\n"; ! echo "<input type='image' value='submit' src='../images/tick.png' alt='$lClose' />\n"; echo "</form></td></tr>\n"; echo "<tr><td><div style='data'>Go Back</div></td>\n"; *************** *** 89,97 **** } ! /* Delete the Account */ ! if (isset($_POST['action']) && ($_POST['action'] == "deleteaccount2")) { if (PEAR::isError($result = $db->query( ! "DELETE FROM accounts WHERE accountid='$_POST[accountid]'"))) print("db error: " . $result->getDebugInfo()); --- 89,97 ---- } ! /* Account closure confirmed */ ! if (isset($_POST['action']) && ($_POST['action'] == "closeaccount2")) { if (PEAR::isError($result = $db->query( ! "UPDATE accounts SET status='Closed', dateclosed=now() WHERE accountid='$_POST[accountid]'"))) print("db error: " . $result->getDebugInfo()); *************** *** 100,104 **** } ! PostDBReport($result, $lAccountDeletion, 'showprofile.php', 'customerid', $_POST['customerid'], "Customer " . $_POST['customerid'], $db); --- 100,104 ---- } ! PostDBReport($result, $lAccountClosed, 'showprofile.php', 'customerid', $_POST['customerid'], "Customer " . $_POST['customerid'], $db); |