<?php
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <tony@agileco.com>
* @package AgileBill
* @version 1.4.93
*/
class account_admin
{
# Open the constructor for this mod
function account_admin()
{
# name of this module:
$this->module = "account_admin";
if(!defined('AJAX'))
{
# location of the construct XML file:
$this->xml_construct = PATH_MODULES . "" . $this->module . "/" . $this->module . "_construct.xml";
# open the construct file for parsing
$C_xml = new CORE_xml;
$construct = $C_xml->xml_to_array($this->xml_construct);
$this->method = $construct["construct"]["method"];
$this->trigger = $construct["construct"]["trigger"];
$this->field = $construct["construct"]["field"];
$this->table = $construct["construct"]["table"];
$this->module = $construct["construct"]["module"];
$this->cache = $construct["construct"]["cache"];
$this->order_by = $construct["construct"]["order_by"];
$this->limit = $construct["construct"]["limit"];
}
}
/**
* Check account limitations
*/
function checkLimits() {
if(!defined('AGILE_RST_ACCOUNT') || AGILE_RST_ACCOUNT <= 0) return true;
$sql="SELECT count(*) as totalacct from ".AGILE_DB_PREFIX."account WHERE site_id=".DEFAULT_SITE;
$db=&DB();
$rs=$db->Execute($sql);
if($rs && $rs->RecordCount() && $rs->fields['totalacct'] <= AGILE_RST_ACCOUNT) {
return true;
} else {
echo "Licensed user limit of ".AGILE_RST_ACCOUNT." exceeded, operation failed.";
return false;
}
return true;
}
/* BEGIN: custom product/group searching method */
function group_search($VAR) {
$sql = '';
echo "<pre>";
// get date ranges:
foreach($VAR['dates']['val'] as $cond => $val)
{
if($val > 0) {
$exp = $VAR['dates']['expr'][$cond];
$val = $this->convert_date($val,false);
if(!empty($sql)) $sql .= " AND "; else $sql = " ";
$sql .= " A.date_orig $exp $val ";
}
}
if(!empty($sql)) $sql = " ( $sql ) ";
// get group(s)
if(!empty($VAR['groups'])) {
foreach($VAR['groups'] as $group )
{
if($group != 0) {
if(!empty($sql2)) $sql2 .= " OR "; else $sql2 = " ";
$sql2 .= " B.group_id = $group ";
}
}
}
if(!empty($sql2)) {
if(!empty($sql)) $sql .= " AND \r\n";
$sql .= " ( $sql2 ) AND ( A.id = B.account_id AND B.active = 1 ) ";
}
// Assemble SQL:
$q = "SELECT DISTINCT A.* FROM
". AGILE_DB_PREFIX ."account as A,
". AGILE_DB_PREFIX ."account_group as B
WHERE (
A.site_id = ". DEFAULT_SITE ." AND
B.site_id = ". DEFAULT_SITE ." ) ";
if(!empty($sql)) $q .= " AND " . $sql;
$db = &DB();
$rs = $db->Execute($q);
// print results in text format
if($rs && $rs->RecordCount() > 0) {
while(!$rs->EOF) {
echo $rs->fields['first_name'] .', '.$rs->fields['last_name'] .', '.$rs->fields['email'] .', '.$rs->fields['company'] .",\r\n";
$rs->MoveNext();
}
} else {
echo "<B>No matches</B>!";
}
echo "</pre>";
}
function product_search($VAR) {
$sql = '';
echo "<pre>";
// get date ranges:
if(!empty($VAR["dates"]))
{
foreach($VAR['dates']['val'] as $cond => $val)
{
if($val > 0) {
$exp = $VAR['dates']['expr'][$cond];
$val = $this->convert_date($val,false);
if(!empty($sql)) $sql .= " AND "; else $sql = " ";
$sql .= " B.date_orig $exp $val ";
}
}
}
if(!empty($sql)) $sql = " ( $sql ) ";
// get group(s)
if(!empty($VAR['products'])) {
foreach($VAR['products'] as $prod )
{
if($prod != 0) {
if(!empty($sql2)) $sql2 .= " OR "; else $sql2 = " ";
$sql2 .= " B.product_id = $prod ";
}
}
}
if(!empty($sql2)) {
if(!empty($sql)) $sql .= " AND \r\n";
$sql .= " ( $sql2 ) AND ( A.id = C.account_id AND C.id = B.invoice_id ) ";
}
// Assemble SQL:
$q = "SELECT DISTINCT A.* FROM
". AGILE_DB_PREFIX ."account as A,
". AGILE_DB_PREFIX ."invoice_item as B,
". AGILE_DB_PREFIX ."invoice as C
WHERE (
A.site_id = ". DEFAULT_SITE ." AND
C.site_id = ". DEFAULT_SITE ." AND
B.site_id = ". DEFAULT_SITE ." ) ";
if(!empty($sql)) $q .= " AND " . $sql;
$db = &DB();
$rs = $db->Execute($q);
// print results in text format
if($rs && $rs->RecordCount() > 0) {
while(!$rs->EOF) {
echo $rs->fields['first_name'] .', '.$rs->fields['last_name'] .', '.$rs->fields['email'] .', '.$rs->fields['company'] .",\r\n";
$rs->MoveNext();
}
} else {
echo "<B>No matches</B>!";
}
echo "</pre>";
}
function convert_date ($date,$field)
{
if($date == '0' || $date == '')
return '';
$Arr_format = split(DEFAULT_DATE_DIVIDER, UNIX_DATE_FORMAT);
$Arr_date = split(DEFAULT_DATE_DIVIDER, $date);
for($i=0; $i<3; $i++)
{
if($Arr_format[$i] == 'd')
$day = $Arr_date[$i];
if($Arr_format[$i] == 'm')
$month = $Arr_date[$i];
if($Arr_format[$i] == 'Y')
$year = $Arr_date[$i];
}
$timestamp = mktime(0, 0, 0, $month, $day, $year);
return $timestamp;
}
/* END: custom product/group searching method */
###########################################
### AJAX Auto-selector
###########################################
function autoselect($VAR)
{
if(!$this->checkLimits()) return false; // check account limits
$db = &DB();
$p = AGILE_DB_PREFIX;
if (empty($VAR['account_search'])) {
$where = "id > 0";
$type = 1;
} elseif (is_numeric($VAR['account_search'])) {
$where = "id LIKE ".$db->qstr($VAR['account_search']."%");
$type = 1;
} elseif (eregi(" ", $VAR['account_search'])) {
$arr = split(" ", $VAR['account_search']);
$where = "first_name = ".$db->qstr($arr[0])." AND ".
"last_name LIKE ".$db->qstr($arr[1].'%') ;
$type = 2;
} elseif (eregi("@", $VAR['account_search'])) {
$where = "email LIKE ".$db->qstr('%'.$VAR['account_search'].'%') ;
$type = 3;
} else {
$where = "username LIKE ".$db->qstr($VAR['account_search'].'%')." OR ".
"first_name LIKE ".$db->qstr($VAR['account_search'].'%')." OR ".
"last_name LIKE ".$db->qstr($VAR['account_search'].'%') ;
$type = 4;
}
$q = "SELECT id,email,first_name,last_name,username FROM {$p}account WHERE
( $where )
AND
site_id = " . DEFAULT_SITE."
ORDER BY first_name,last_name";
$result = $db->SelectLimit($q,10);
# Create the alert for no records found
echo '<ul>';
# Create the alert for no records found
if ($result->RecordCount() > 0) {
$i=0;
while(!$result->EOF)
{
echo '<li><div class="name"><b>' . $result->fields['first_name'].' '.$result->fields['last_name'] . '</b></div>'.
'<div class="email"><span class="informal">'.$result->fields['email']. '</span></div>'.
'<div class="index" style="display:none">'.$result->fields['id']. '</div></li>' . "\r\n";
$result->MoveNext();
$i++;
}
}
echo "</ul>";
}
###########################################
### Login as user
###########################################
function login($VAR)
{
global $C_auth;
# Check for target user
$display_this=false;
if(!empty($VAR['account_id']))
{
### Get any authorized groups of the target account
$dba = &DB();
$sql = 'SELECT group_id FROM ' . AGILE_DB_PREFIX . 'account_group WHERE
site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND
account_id = ' . $dba->qstr($VAR['account_id']) . ' AND
active = ' . $dba->qstr("1") . '
ORDER BY group_id';
$groups = $dba->Execute($sql);
while (!$groups->EOF) {
$group[] = $groups->fields['group_id'];
$groups->MoveNext();
}
### Verify the user has access to view this account:
if(SESS_ACCOUNT != $VAR['account_id']) {
$display_this = true;
for($ix=0; $ix<count($group); $ix++)
{
if(!$C_auth->auth_group_by_id($group[$ix]))
$display_this = false;
}
} else {
return false;
}
} else {
return false;
}
# Logout current user and login as the target user
if($display_this)
{
$db = &DB();
$sql = 'SELECT username,password FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND
id = ' . $dba->qstr($VAR['account_id']);
$acct = $db->Execute($sql);
$arr['_username'] = $acct->fields['username'];
$arr['_password'] = $acct->fields['password'];
include_once(PATH_CORE.'login.inc.php');
$login = new CORE_login_handler;
$login->logout($VAR);
$login->login($arr, $md5=false);
define('REDIRECT_PAGE', '?_page=account:account&tid='.DEFAULT_THEME);
}
####################################################################
### Do any db_mapping
####################################################################
$db = &DB();
$sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
name = ' . $db->qstr('db_mapping') . ' AND
status = ' . $db->qstr("1");
$result = $db->Execute($sql);
if($result->RecordCount() > 0)
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->login ( $VAR['account_id'] );
}
}
###########################################
### Account selector list search
###########################################
function popup_search($VAR)
{
$db = &DB();
if (empty($VAR['search'])) {
$where = '';
} elseif (eregi(" ", $VAR['search'])) {
$arr = split(" ", $VAR['search']);
$where = "first_name = ".$db->qstr($arr[0])." AND ".
"last_name LIKE ".$db->qstr('%'.$arr[1].'%')." AND ";
} else {
$where = "username LIKE ".$db->qstr('%'.$VAR['search'].'%')." OR ".
"first_name LIKE ".$db->qstr('%'.$VAR['search'].'%')." OR ".
"first_name LIKE ".$db->qstr('%'.$VAR['search'].'%')." OR ".
"company LIKE ". $db->qstr('%'.$VAR['search'].'%')." AND ";
}
$q = "SELECT id,first_name,last_name
FROM ".AGILE_DB_PREFIX."account
WHERE $where
site_id = '" . DEFAULT_SITE . "'";
$q_save = "SELECT * FROM ".AGILE_DB_PREFIX."account WHERE $where %%whereList%% ";
$result = $db->Execute($q);
/// DEBUG ////
// echo "<PRE>$q</PRE>";
# get the result count:
$results = $result->RecordCount();
# Create the alert for no records found
if ($results == 0)
{
$id = $result->fields['id'];
$name = $result->fields['first_name'].' '.$result->fields['last_name'];
$val = $id.'|'.$name;
$res = '
<script language=\'javascript\'>
window.parent.popup_clear_'.$VAR['field'].'(true);
alert("No matches found");
window.close();
</script> ';
echo $res;
}
else if ($results == 1)
{
$id = $result->fields['id'];
$name = $result->fields['first_name'].' '.$result->fields['last_name'];
$val = $id.'|'.$name;
$res = '
<script language=\'javascript\'>
window.parent.popup_fill_'.$VAR['field'].'("'.$val.'");
window.close();
</script> ';
echo $res;
}
else
{
# create the search record
include_once(PATH_CORE . 'search.inc.php');
$search = new CORE_search;
$arr['module'] = $this->module;
$arr['sql'] = $q_save;
$arr['limit'] = '30';
$arr['order_by'] = 'last_name';
$arr['results'] = $results;
$search->add($arr);
global $smarty;
$smarty->assign('search_id', $search->id);
$smarty->assign('page', '1');
$smarty->assign('limit', $limit);
$smarty->assign('order_by', $order_by);
$smarty->assign('results', $results);
$res = '
<script language=\'javascript\'>
function popup_fill(val) {
window.parent.popup_fill_'.$VAR['field'].'(val);
}
window.open("?_page=account_admin:iframe_search_show&_escape=1&search_id='.$search->id.'&page=1","account_select_popup","toolbar=no,status=no,width=400,height=500");
</script> ';
echo $res;
}
}
###########################################
### Top Accounts Graph:
###########################################
function top($VAR)
{
global $smarty, $C_translate, $C_auth;
# Get the period type, default to month
if (empty($VAR['period']))
$p = 'm';
else
$p = $VAR['period'];
# Load the jpgraph class
include (PATH_GRAPH."jpgraph.php");
include (PATH_GRAPH."jpgraph_bar.php");
# check the validation for this function
if(!$C_auth->auth_method_by_name($this->module,'search')) {
$error = $C_translate->translate('module_non_auth','','');
include (PATH_GRAPH."jpgraph_canvas.php");
$graph = new CanvasGraph(460,55,"auto");
$t1 = new Text($error);
$t1->Pos(0.2,0.5);
$t1->SetOrientation("h");
$t1->SetBox("white","black",'gray');
$t1->SetFont(FF_FONT1,FS_NORMAL);
$t1->SetColor("black");
$graph->AddText($t1);
$graph->Stroke();
exit;
}
# Get the period start & end
switch ($p)
{
# By Weeks:
case 'w':
$interval = "1";
$width = ".9";
$title = 'Top Accounts for Last Last Week';
$dow = date('w');
$start_str = mktime(0,0,0,date('m'), date('d')-$dow, date('y'));
$end_str = mktime(23,59,59,date('m'), date('d'), date('y'));
break;
# By Months:
case 'm':
$interval = "3";
$width = ".6";
$title = 'Top Accounts for Last Last Month';
$start_str = mktime(0,0,0,date('m'), 1, date('y'));
$end_str = mktime(23,59,59,date('m'), date('d'), date('y'));
break;
# By Years:
case 'y':
$interval = "1";
$width = ".8";
$title = 'Top Accounts for Last Last Year';
$start_str = mktime(0,0,0,1,1, date('y'));
$end_str = mktime(23,59,59, date('m'), date('d'), date('y'));
break;
}
##############################@@@@@@@@
# Get accounts & sales for this period
##############################@@@@@@@@
$db = &DB();
$sql = 'SELECT account_id,total_amt FROM ' . AGILE_DB_PREFIX . 'invoice WHERE
date_orig >= ' . $db->qstr( $start_str ) . ' AND date_orig <= ' . $db->qstr( $end_str ) . ' AND
site_id = ' . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($sql);
if(@$result->RecordCount() == 0) {
$file = fopen( PATH_THEMES.'default_admin/images/invisible.gif', 'r');
fpassthru($file);
exit;
}
while(!$result->EOF)
{
$amt = $result->fields['total_amt'];
$acct = $result->fields['account_id'];
if(!isset( $arr[$acct] )) $arr[$acct] = 0;
$arr[$acct] += $amt;
$result->MoveNext();
}
$i = 0;
while(list($key, $var) = each(@$arr)) {
# Get the user name
$sql = 'SELECT first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE
id = ' . $db->qstr( $key ) . ' AND
site_id = ' . $db->qstr(DEFAULT_SITE);
$rs = $db->Execute($sql);
$_lbl[] = strtoupper(substr($rs->fields['first_name'],0,1)) . ". " . $rs->fields['last_name'];
$_datay[] = $var;
$i++;
}
### Sort the arrays
array_multisort($_datay,SORT_DESC, SORT_NUMERIC, $_lbl);
### Limit the results to 10 or less
for($i=0; $i<count($_lbl); $i++) {
$lbl[$i] = $_lbl[$i];
$datay[$i] = $_datay[$i];
if($i>=9) $i = count($_lbl);
}
$i = count($lbl);
# Get the Currency
$sql = 'SELECT symbol FROM ' . AGILE_DB_PREFIX . 'currency WHERE
id = ' . $db->qstr( DEFAULT_CURRENCY ) . ' AND
site_id = ' . $db->qstr(DEFAULT_SITE);
$rs = $db->Execute($sql);
$currency_iso = $rs->fields['symbol'];
// Size of graph
$width=265;
$height=75 + ($i*15);
// Set the basic parameters of the graph
$graph = new Graph($width,$height,'auto');
$graph->SetScale("textlin");
$graph->yaxis->scale->SetGrace(50);
$graph->SetMarginColor('#F9F9F9');
$graph->SetFrame(true,'#CCCCCC',1);
$graph->SetColor('#FFFFFF');
$top = 45;
$bottom = 10;
$left = 95;
$right = 15;
$graph->Set90AndMargin($left,$right,$top,$bottom);
// Label align for X-axis
$graph->xaxis->SetLabelAlign('right','center','right');
// Label align for Y-axis
$graph->yaxis->SetLabelAlign('center','bottom');
$graph->xaxis->SetTickLabels($lbl);
// Titles
$graph->title->SetFont(FF_FONT1,FS_BOLD,9.5);
$title = $C_translate->translate('graph_top','account_admin','');
$graph->title->Set($title);
// Create a bar pot
$bplot = new BarPlot($datay);
$bplot->SetFillColor("#506DC7");
$bplot->SetWidth(0.2);
// Show the values
$bplot->value->Show();
$bplot->value->SetFont(FF_FONT1,FS_NORMAL,8);
$bplot->value->SetAlign('center','center');
$bplot->value->SetColor("black","darkred");
$bplot->value->SetFormat($currency_iso.'%.2f');
$graph->Add($bplot);
$graph->Stroke();
return;
}
##############################
## MAIL ONE ACCOUNT ##
##############################
function mail_one($VAR)
{
global $C_translate, $C_debug;
## Validate the required vars (account_id, message, subject)
if(@$VAR['mail_account_id'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "")
{
## Verify the specified account:
$db = &DB();
$sql = 'SELECT email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['mail_account_id']);
$account = $db->Execute($sql);
if($account->RecordCount() == 0)
{
## Error message:
$C_debug->alert($C_translate->translate('account_non_exist','account_admin',''));
return;
}
################################################################
## OK to send the email:
$db = &DB();
$q = "SELECT * FROM ".AGILE_DB_PREFIX."setup_email WHERE
site_id = ".$db->qstr(DEFAULT_SITE)." AND
id = ".$db->qstr($VAR['mail_email_id']);
$setup_email = $db->Execute($q);
$E['priority'] = $VAR['mail_priority'];
$E['html'] = '0';
$E['subject'] = $VAR['mail_subject'];
$E['body_text'] = $VAR['mail_message'];
$E['to_email'] = $account->fields['email'];
$E['to_name'] = $account->fields['first_name'] . ' ' . $account->fields['last_name'];
if($setup_email->fields['type'] == 0)
{
$type = 0;
}
else
{
$type = 1;
$E['server'] = $setup_email->fields['server'];
$E['account'] = $setup_email->fields['username'];
$E['password'] = $setup_email->fields['password'];
}
$E['from_name'] = $setup_email->fields['from_name'];
$E['from_email'] = $setup_email->fields['from_email'];
if($setup_email->fields['cc_list'] != '')
$E['cc_list'] = split(',', $setup_email->fields['cc_list']);
if($setup_email->fields['bcc_list'] != '')
$E['bcc_list'] = split(',', $setup_email->fields['bcc_list']);
### Call the mail class
require_once(PATH_CORE . 'email.inc.php');
$email = new CORE_email;
if($type == 0)
$email->PHP_Mail($E);
else
$email->SMTP_Mail($E);
}
else
{
## Error message:
$C_debug->alert($C_translate->translate('validate_any','',''));
## Stripslashes
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
## Success message:
$C_debug->alert($C_translate->translate('mail_sent','account_admin',''));
## Stripslashes
global $C_vars;
$C_vars->strip_slashes_all();
}
##############################
## MAIL MULTI ACCOUNTS ##
##############################
function mail_multi($VAR)
{
if(!$this->checkLimits()) return false; // check account limits
global $C_translate, $C_debug;
## Validate the required vars (account_id, message, subject)
if(@$VAR['search_id'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "")
{
## Get the specified accounts:
# get the search details:
if(isset($VAR['search_id'])) {
include_once(PATH_CORE . 'search.inc.php');
$search = new CORE_search;
$search->get($VAR['search_id']);
} else {
# invalid search!
echo '<BR> The search terms submitted were invalid!'; # translate... # alert
return;
}
# generate the full query
$field_list = AGILE_DB_PREFIX."account.email, ".
AGILE_DB_PREFIX."account.first_name, ".
AGILE_DB_PREFIX."account.last_name ";
$q = eregi_replace("%%fieldList%%", $field_list, $search->sql);
$q = eregi_replace("%%tableList%%", AGILE_DB_PREFIX."account", $q);
$q = eregi_replace("%%whereList%%", "", $q);
$q .= " ".AGILE_DB_PREFIX."account.site_id = '" . DEFAULT_SITE . "'";
$db = &DB();
$account = $db->Execute($q);
// check results
if($account->RecordCount() == 0) {
$C_debug->alert($C_translate->translate('account_non_exist','account_admin',''));
return;
}
// get the selected email setup details
$db = &DB();
$q = "SELECT * FROM ".AGILE_DB_PREFIX."setup_email WHERE
site_id = ".$db->qstr(DEFAULT_SITE)." AND
id = ".$db->qstr($VAR['mail_email_id']);
$setup_email = $db->Execute($q);
if($setup_email->fields['type'] == 0) {
$type = 0;
} else {
$type = 1;
$E['server'] = $setup_email->fields['server'];
$E['account'] = $setup_email->fields['username'];
$E['password'] = $setup_email->fields['password'];
}
// loop to send each e-mail
while ( !$account->EOF )
{
$E['priority'] = $VAR['mail_priority'];
$E['html'] = '0';
$E['subject'] = $VAR['mail_subject'];
$E['body_text'] = $VAR['mail_message'];
$E['to_email'] = $account->fields['email'];
$E['to_name'] = $account->fields['first_name'] . ' ' . $account->fields['last_name'];
$E['from_name'] = $setup_email->fields['from_name'];
$E['from_email'] = $setup_email->fields['from_email'];
### Call the mail class
require_once(PATH_CORE . 'email.inc.php');
$email = new CORE_email;
$email = new CORE_email;
if($type == 0)
$email->PHP_Mail($E);
else
$email->SMTP_Mail($E);
### Next record
$account->MoveNext();
}
} else {
## Error message:
$C_debug->alert($C_translate->translate('validate_any','',''));
## Stripslashes
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
## Success message:
$C_debug->alert($C_translate->translate('mail_sent','account_admin',''));
## Stripslashes
global $C_vars;
$C_vars->strip_slashes_all();
}
##############################
## SEND PASSWORD CHANGE ##
##############################
function send_password_email($VAR)
{
global $C_translate, $C_debug;
require_once(PATH_MODULES . 'email_template/email_template.inc.php');
$my = new email_template;
$my->send('password_change_instructions', @$VAR['id'], '', '', '');
echo $C_translate->translate("password_change_instructions","account_admin","");
}
##############################
## SEND VERIFY E-MAIL ##
##############################
function send_verify_email($VAR)
{
global $C_translate, $C_debug;
require_once(PATH_MODULES . 'email_template/email_template.inc.php');
$my = new email_template;
$db = &DB();
$dbm = new CORE_database;
echo $sql = $dbm->sql_select('account','date_orig',"id = {$VAR['id']}",'', $db);
$result = $db->Execute($sql);
$validation_str = strtoupper($result->fields['date_orig']. ':' . $VAR['id']);
$my->send('account_registration_inactive', @$VAR['id'], @$VAR['id'], '', $validation_str);
echo $C_translate->translate("account_verify_instructions","account_admin","");
}
##############################
## ADD ##
##############################
function add($VAR)
{
if(!$this->checkLimits()) return false; // check account limits
global $C_translate, $C_debug, $smarty;
### Set the hidden values:
$VAR['account_admin_date_orig'] = time();
$VAR['account_admin_date_last'] = time();
if(!empty($VAR["account_admin_date_expire"])) {
include_once(PATH_CORE.'validate.inc.php');
$val = new CORE_validate;
$date_expire = $val->DateToEpoch(false, $VAR["account_admin_date_expire"]);
} else {
$date_expire = 0;
}
### Determine the proper account status:
if(!isset($VAR['account_admin_status']) || $VAR['account_admin_status'] != "1")
$status = 0;
else
$status = 1;
### DEFINE A USERNAME:
if(empty($VAR['account_admin_username'])) {
$length = 4;
srand((double)microtime()*1000000);
$vowels = array("a", "e", "i", "o", "u");
$cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p",
"r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th",
"dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl");
$num_vowels = count($vowels);
$num_cons = count($cons);
for($i = 0; $i < $length; $i++){
@$VAR['account_admin_username'] .= $cons[rand(0, $num_cons - 1)] . $vowels[rand(0, $num_vowels - 1)];
}
}
## Single field login:
if(defined('SINGLE_FIELD_LOGIN') && SINGLE_FIELD_LOGIN==true && empty($VAR['account_admin_password'])) {
$VAR['account_admin_password']='none';
$passwd = 'none';
}
### DEFINE A PASSWORD:
if(empty($VAR['account_admin_password']))
{
srand((double)microtime() * 1000000);
$UniqID = md5(uniqid(rand()));
@$VAR['account_admin_password'] = substr(md5(uniqid(rand())), 0, 10);
$passwd = '********';
} else {
$passwd = $VAR['account_admin_password'];
/* hash the password */
if(defined('PASSWORD_ENCODING_SHA'))
$VAR['account_admin_password'] = sha1($VAR['account_admin_password']);
else
$VAR['account_admin_password'] = md5($VAR['account_admin_password']);
}
####################################################################
### loop through the field list to validate the required fields
####################################################################
$type = 'add';
$this->method["$type"] = split(",", $this->method["$type"]);
$arr = $this->method["$type"];
include_once(PATH_CORE . 'validate.inc.php');
$validate = new CORE_validate;
$this->validated = true;
while (list ($key, $value) = each ($arr))
{
# get the field value
$field_var = $this->module . '_' . $value;
$field_name = $value;
####################################################################
### perform any field validation...
####################################################################
# check if this value is unique
if(isset($this->field["$value"]["unique"]) && isset($VAR["$field_var"]))
{
if(!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["$field_var"]))
{
$this->validated = false;
$this->val_error[] = array('field' => $this->table . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), # translate
'error' => $C_translate->translate('validate_unique',"", ""));
}
}
# check if the submitted value meets the specifed requirements
if(isset($this->field["$value"]["validate"]))
{
if(isset($VAR["$field_var"]))
{
if($VAR["$field_var"] != '')
{
if(!$validate->validate($field_name, $this->field["$value"], $VAR["$field_var"], $this->field["$value"]["validate"]))
{
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""),
'error' => $validate->error["$field_name"] );
}
}
else
{
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""),
'error' => $C_translate->translate('validate_any',"", ""));
}
}
else
{
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""),
'error' => $C_translate->translate('validate_any',"", ""));
}
}
}
// validate the tax_id
require_once(PATH_MODULES.'tax/tax.inc.php');
$taxObj=new tax;
$tax_arr = @$VAR['account_admin_tax_id'];
if(is_array($tax_arr)) {
foreach($tax_arr as $country_id => $tax_id) {
if ($country_id == $VAR['account_admin_country_id']) {
$exempt = @$VAR["account_tax_id_exempt"][$country_id];
if(!$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) {
$this->validated = false;
$this->val_error[] = array(
'field' => 'account_admin_tax_id',
'field_trans' => $taxObj->errField,
'error' => $C_translate->translate('validate_general', "", ""));
}
if($exempt)
$account_admin_tax_id=false;
else
$account_admin_tax_id=$tax_id;
}
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once(PATH_CORE . 'static_var.inc.php');
$static_var = new CORE_static_var;
if(!isset($this->val_error)) $this->val_error = false;
$all_error = $static_var->validate_form('account', $this->val_error);
if($all_error != false && gettype($all_error) == 'array')
$this->validated = false;
else
$this->validated = true;
####################################################################
### If validation was failed, skip the db insert &
### set the errors & origonal fields as Smarty objects,
### and change the page to be loaded.
####################################################################
if(!$this->validated)
{
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if(!defined("FORCE_PAGE"))
{
define('FORCE_PAGE', $VAR['_page_current']);
}
# Stripslashes
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
# Get default invoice options
$db=&DB();
$invopt=$db->Execute(sqlSelect($db,"setup_invoice","*",""));
if($invopt && $invopt->RecordCount()) {
$invoice_delivery=$invopt->fields['invoice_delivery'];
$invoice_format=$invopt->fields['invoice_show_itemized'];
}
####################################################################
### Insert the account record
####################################################################
$this->account_id = $db->GenID(AGILE_DB_PREFIX . 'account_id');
$validation_str = time();
/** get parent id */
@$parent_id = @$VAR["account_admin_parent_id"];
if(empty($parent_id)) $parent_id = $this->account_id;
$sql = '
INSERT INTO ' . AGILE_DB_PREFIX . 'account SET
id = ' . $db->qstr ( $this->account_id ) . ',
site_id = ' . $db->qstr ( DEFAULT_SITE ) . ',
date_orig = ' . $db->qstr ( $validation_str ) . ',
date_last = ' . $db->qstr ( time()) . ',
date_expire = ' . $db->qstr ( $date_expire ) . ',
language_id = ' . $db->qstr ( $VAR["account_admin_language_id"] ) . ',
country_id = ' . $db->qstr ( $VAR["account_admin_country_id"] ) . ',
parent_id = ' . $db->qstr ( $parent_id ) . ',
affiliate_id = ' . $db->qstr ( @$VAR["account_admin_affiliate_id"] ) . ',
reseller_id = ' . $db->qstr ( @$VAR["account_admin_reseller_id"] ) . ',
currency_id = ' . $db->qstr ( $VAR["account_admin_currency_id"] ) . ',
theme_id = ' . $db->qstr ( $VAR["account_admin_theme_id"] ) . ',
username = ' . $db->qstr ( $VAR["account_admin_username"] ) . ',
password = ' . $db->qstr ( $VAR["account_admin_password"] ) . ',
status = ' . $db->qstr ( $status ) . ',
first_name = ' . $db->qstr ( $VAR["account_admin_first_name"] ) . ',
middle_name = ' . $db->qstr ( $VAR["account_admin_middle_name"] ) . ',
last_name = ' . $db->qstr ( $VAR["account_admin_last_name"] ) . ',
company = ' . $db->qstr ( $VAR["account_admin_company"] ) . ',
title = ' . $db->qstr ( $VAR["account_admin_title"] ) . ',
email = ' . $db->qstr ( $VAR["account_admin_email"] ) . ',
address1 = ' . $db->qstr ( $VAR["account_admin_address1"] ) . ',
address2 = ' . $db->qstr ( $VAR["account_admin_address2"] ) . ',
city = ' . $db->qstr ( $VAR["account_admin_city"] ) . ',
state = ' . $db->qstr ( $VAR["account_admin_state"] ) . ',
zip = ' . $db->qstr ( $VAR["account_admin_zip"] ) . ',
misc = ' . $db->qstr ( $VAR["account_admin_misc"] ) . ',
email_type = ' . $db->qstr ( $VAR["account_admin_email_html"] ) . ',
invoice_delivery= ' . $db->qstr ( @$invoice_delivery ) . ',
invoice_show_itemized=' . $db->qstr ( @$invoice_format ) . ',
invoice_advance_gen = ' . $db->qstr ( MAX_INV_GEN_PERIOD ) . ',
invoice_grace = ' . $db->qstr ( GRACE_PERIOD ) . ',
tax_id = ' . $db->qstr ( @$account_tax_id );
$result = $db->Execute($sql);
### error reporting:
if ($result === false)
{
global $C_debug;
$C_debug->error('account_admin.inc.php','add', $db->ErrorMsg());
if(isset($this->trigger["$type"]))
{
include_once(PATH_CORE . 'trigger.inc.php');
$trigger = new CORE_trigger;
$trigger->trigger($this->trigger["$type"], 0, $VAR);
}
return;
}
/* password logging class */
global $C_list;
if($C_list->is_installed('account_password_history')) {
include_once(PATH_MODULES.'account_password_history/account_password_history.inc.php');
$accountHistory = new account_password_history();
$accountHistory->setNewPassword($this->account_id, $VAR["account_admin_password"]);
}
### Add the account to the default group:
$this->add_account_groups($VAR['groups'], $this->account_id, $VAR['account_admin_date_expire']);
### Insert the static vars:
$static_var->add($VAR, 'account', $this->account_id);
### Mail the new user
if(!empty($VAR['welcome_email'])) {
require_once(PATH_MODULES . 'email_template/email_template.inc.php');
$my = new email_template;
if($status == "1") {
$my->send('account_add_staff_active', $this->account_id, '', '', $passwd);
} else {
$validation_str = strtoupper($validation_str. ':' .$this->account_id);
$my->send('account_add_staff_inactive', $this->account_id, $this->account_id, '', $validation_str);
}
}
### Do any db_mapping
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
if(!empty($passwd))
$db_map->plaintext_password = $passwd;
else
$db_map->plaintext_password = false;
$db_map->account_add ( $this->account_id );
}
### Display the welcome message
if($status == "1")
{
$C_debug->alert($C_translate->translate("staff_add_active","account_admin",""));
} else {
$C_debug->alert($C_translate->translate("staff_add_inactive","account_admin",""));
}
#$VAR["id"] = $this->account_id;
$url = '?_page=' . $VAR['_page'] . '&id=' . $this->account_id;
if(!empty($VAR['id'])) $url.= '&_escape=1';
if(!empty($VAR['field']))
{
$url .= '&field='.$VAR['field'];
$url .= '&name='.$VAR['account_admin_first_name'].' '.$VAR['account_admin_last_name'];
}
define('REDIRECT_PAGE', $url);
### Affiliate Auto Creation
if(AUTO_AFFILIATE == 1 && $C_list->is_installed("affiliate"))
{
$VAR['affiliate_account_id'] = $this->account_id;
$VAR['affiliate_template_id'] = DEFAULT_AFFILIATE_TEMPLATE;
@$VAR['affiliate_parent_affiliate_id'] = $VAR['account_admin_affiliate_id'];
include_once(PATH_MODULES . 'affiliate/affiliate.inc.php');
$affiliate = new affiliate;
$affiliate->add($VAR, $affiliate);
}
return;
}
##############################
## VIEW ##
##############################
function view($VAR)
{
if(!$this->checkLimits()) return false; // check account limits
global $C_auth;
$type = "view";
$this->method["$type"] = split(",", $this->method["$type"]);
# set the field list for this method:
$db = &DB();
$arr = $this->method[$type];
if(isset($VAR["id"]))
{
$id = split(',',$VAR["id"]);
for($i=0; $i<count($id); $i++)
{
if($id[$i] != '')
{
if($i == 0)
{
$id_list .= " id = " .$db->qstr($id[$i])." ";
$ii++;
}
else
{
$id_list .= " OR id = " .$db->qstr($id[$i]). " ";
$ii++;
}
}
}
}
if($ii>0)
{
# generate the full query
$q = "SELECT * FROM
".AGILE_DB_PREFIX."account
WHERE
$id_list
AND site_id = '" . DEFAULT_SITE . "'";
$result = $db->Execute($q);
# error reporting
if ($result === false)
{
global $C_debug;
$C_debug->error('account_admin.inc.php','view', $db->ErrorMsg() . ' ' . $q);
return;
}
# put the results into a smarty accessable array
$i=0;
$class_name = TRUE;
while (!$result->EOF)
{
$smart[$i] = $result->fields;
if($class_name)
{
$smart[$i]["i"] = $i;
} else {
$smart[$i]["i"] = $i;
}
### Get any authorized groups:
$dba = &DB();
$sql = 'SELECT service_id,group_id FROM ' . AGILE_DB_PREFIX . 'account_group WHERE
site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND
account_id = ' . $dba->qstr($result->fields['id']) . ' AND
active = ' . $dba->qstr("1") . '
ORDER BY group_id';
$groups = $dba->Execute($sql);
while (!$groups->EOF)
{
if($groups->fields['service_id'] == '') $group[] = $groups->fields['group_id'];
$groups->MoveNext();
}
$smart[$i]["groups"] = $group;
### Verify the user has access to view this account:
if(SESS_ACCOUNT != $result->fields['id'])
{
$smart[$i]['own_account'] = false;
$display_this = true;
for($ix=0; $ix<count($group); $ix++)
{
if(!$C_auth->auth_group_by_id($group[$ix]))
$display_this = false;
}
}
else
{
$display_this = true;
$smart[$i]['own_account'] = true;
}
### Get the static vars:
require_once(PATH_CORE . 'static_var.inc.php');
$static_var = new CORE_static_var;
$arr = $static_var->update_form('account', 'update', $result->fields['id']);
if(gettype($arr) == 'array')
{
$smart[$i]["static_var"] = $arr;
}
### Get the last activity date/IP
$sql = "SELECT * FROM ".AGILE_DB_PREFIX."login_log
WHERE account_id = {$result->fields['id']}
AND site_id = ".DEFAULT_SITE."
ORDER BY date_orig DESC ";
$rslast = $db->SelectLimit($sql, 1);
if($rslast != false && $rslast->RecordCount() == 1) {
$smart[$i]["last_activity"] = $rslast->fields['date_orig'];
$smart[$i]["last_ip"] = $rslast->fields['ip'];
} else {
$smart[$i]["last_activity"] = $result->fields['date_orig'];
$smart[$i]["last_ip"] = '';
}
### Get invoice details for this account:
$sql = "SELECT id,date_orig,total_amt,billed_amt,process_status FROM ".AGILE_DB_PREFIX."invoice
WHERE account_id = {$result->fields['id']}
AND site_id = ".DEFAULT_SITE."
ORDER BY id DESC ";
$inv = $db->SelectLimit($sql, 10);
if($inv != false && $inv->RecordCount() > 0) {
while(!$inv->EOF) {
if($inv->fields['total_amt'] > $inv->fields['billed_amt'] && $inv->fields['suspend_billing'] != 1) {
$inv->fields['due'] = $inv->fields['total_amt'] - $inv->fields['billed_amt'];
}
$smart[$i]["invoice"][] = $inv->fields;
$inv->MoveNext();
}
}
### Get service details for this account:
$sql = "SELECT id,sku,active,type,domain_name,domain_tld FROM ".AGILE_DB_PREFIX."service
WHERE account_id = {$result->fields['id']}
AND site_id = ".DEFAULT_SITE."
ORDER BY id DESC ";
$svc = $db->SelectLimit($sql, 10);
if($svc != false && $svc->RecordCount() > 0) {
while(!$svc->EOF) {
$smart[$i]["service"][] = $svc->fields;
$svc->MoveNext();
}
}
# define the results
if(!$display_this)
{
unset($smart["$i"]);
echo "You have selected an account for which you are not authorized,
your permission settings are to low!<br><br>";
}
else
{
$i++;
}
unset($group);
$result->MoveNext();
}
# get the result count:
$results = $i;
### No results:
if($i == 0)
{
global $C_debug;
$C_debug->error("CORE:account_admin.inc.php", "view()", "
The selected record does not exist any longer, or your account is not authorized to view it");
return;
}
global $smarty;
$smarty->assign($this->table, $smart);
$smarty->assign('results', $search->results);
}
}
##############################
## UPDATE ##
##############################
function update($VAR)
{
global $C_list, $C_debug;
if(!$this->checkLimits()) return false; // check account limits
// validate the tax_id
global $VAR;
require_once(PATH_MODULES.'tax/tax.inc.php');
$taxObj=new tax;
$tax_arr = @$VAR['account_admin_tax_id'];
if(is_array($tax_arr)) {
foreach($tax_arr as $country_id => $tax_id) {
if ($country_id == $VAR['account_admin_country_id']) {
$exempt = @$VAR["account_tax_id_exempt"][$country_id];
if(!$txRs=$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) {
$this->validated = false;
global $C_translate;
$this->val_error[] = array(
'field' => 'account_admin_tax_id',
'field_trans' => $taxObj->errField,
'error' => $C_translate->translate('validate_general', "", ""));
}
if($exempt)
$VAR['account_admin_tax_id']=false;
else
$VAR['account_admin_tax_id']=$tax_id;
}
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once(PATH_CORE . 'static_var.inc.php');
$static_var = new CORE_static_var;
if(!isset($this->val_error)) $this->val_error = false;
$all_error = $static_var->validate_form('account', $this->val_error);
if($all_error != false && gettype($all_error) == 'array')
$this->validated = false;
else
$this->validated = true;
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if(!$this->validated)
{
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if(!defined("FORCE_PAGE"))
{
define('FORCE_PAGE', $VAR['_page_current']);
}
return;
}
### Get the old username ( for db mapping )
$db = &DB();
$sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['account_admin_id']);
$result = $db->Execute($sql);
if($result->RecordCount() > 0)
{
$old_username = $result->fields['username'];
}
### Update the password:
$update_password=false;
if(!empty($VAR['_password'])) {
$VAR['account_admin_password'] = $VAR['_password'];
/* check if new password is ok */
if($C_list->is_installed('account_password_history')) {
include_once(PATH_MODULES.'account_password_history/account_password_history.inc.php');
$accountHistory = new account_password_history();
if(!$accountHistory->getIsPasswordOk($VAR['account_admin_id'], $VAR['account_admin_password'], false)) {
$C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
unset($VAR['account_admin_password']);
} else {
$update_password=true;
}
}
}
### Update the record
$type = "update";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$ok = $db->update($VAR, $this, $type);
if($ok)
{
/* password logging class */
if($update_password && is_object($accountHistory)) $accountHistory->setNewPassword($VAR['account_admin_id'], $VAR["account_admin_password"], false);
### Update the static vars:
$static_var->update($VAR, 'account', $VAR['account_admin_id']);
### Do any db_mapping
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
if(!empty($VAR['account_admin_password']))
$db_map->plaintext_password = $VAR['account_admin_password'];
else
$db_map->plaintext_password = false;
$db_map->account_edit ( $VAR['account_admin_id'], $old_username );
}
// remove login lock
if($VAR['account_admin_status']) {
$db=&DB();
$delrs = $db->Execute($sql=sqlDelete($db,"login_lock","account_id={$VAR['account_admin_id']}"));
$delrs = $db->Execute($sql=sqlDelete($db,"login_log","account_id={$VAR['account_admin_id']} AND status=0"));
}
return true;
}
}
##############################
## MERGE ##
##############################
function merge($VAR)
{
$db = &DB();
global $C_auth, $C_list, $C_translate, $C_debug;
if(empty($VAR['id']) || empty($VAR['merge_acct_id'])) {
$C_debug->alert($C_translate->translate('merge_err','account_admin',''));
return false;
}
$acct_id = $VAR['id'];
$merge_acct_id = $VAR['merge_acct_id'];
# Get merged account_group
$q = "SELECT * FROM ".AGILE_DB_PREFIX."account_group WHERE (
service_id = '' OR
service_id = 0 OR
service_id IS NULL
) AND account_id = $acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) {
$C_debug->error('account_admin.inc.php','merge :: account_group', $db->ErrorMsg());
} else {
while(!$rs->EOF) {
$Cauth = new CORE_auth(true);
if($Cauth->auth_group_by_account_id($merge_acct_id, $rs->fields['group_id'])) {
# duplicate group, delete
$q = "DELETE FROM ".AGILE_DB_PREFIX."account_group WHERE id = {$rs->fields['id']} AND site_id = ".DEFAULT_SITE;
$db->Execute($q);
}
$rs->MoveNext();
}
}
# account_group
$q = "UPDATE ".AGILE_DB_PREFIX."account_group SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: account_group', $db->ErrorMsg());
# account_billing
$q = "UPDATE ".AGILE_DB_PREFIX."account_billing SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: account_billing', $db->ErrorMsg());
# cart
$q = "UPDATE ".AGILE_DB_PREFIX."cart SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: cart', $db->ErrorMsg());
# charge
$q = "UPDATE ".AGILE_DB_PREFIX."charge SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: charge', $db->ErrorMsg());
# discount
$q = "UPDATE ".AGILE_DB_PREFIX."discount SET avail_account_id = $acct_id WHERE avail_account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: charge', $db->ErrorMsg());
# invoice
$q = "UPDATE ".AGILE_DB_PREFIX."invoice SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: invoice', $db->ErrorMsg());
# log_error
$q = "UPDATE ".AGILE_DB_PREFIX."log_error SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: log_error', $db->ErrorMsg());
# login_lock
$q = "DELETE FROM ".AGILE_DB_PREFIX."login_lock WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: login_lock', $db->ErrorMsg());
# login_log
$q = "UPDATE ".AGILE_DB_PREFIX."login_log SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: login_log', $db->ErrorMsg());
# search
$q = "UPDATE ".AGILE_DB_PREFIX."search SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: search', $db->ErrorMsg());
# service
$q = "UPDATE ".AGILE_DB_PREFIX."service SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: service', $db->ErrorMsg());
# session
$q = "DELETE FROM ".AGILE_DB_PREFIX."session WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: session', $db->ErrorMsg());
# staff
$q = "UPDATE ".AGILE_DB_PREFIX."staff SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: staff', $db->ErrorMsg());
# affiliate
if($C_list->is_installed('affiliate'))
{
$q = "UPDATE ".AGILE_DB_PREFIX."affiliate SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: affiliate', $db->ErrorMsg());
}
# ticket
if($C_list->is_installed('ticket'))
{
$q = "UPDATE ".AGILE_DB_PREFIX."ticket SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: ticket', $db->ErrorMsg());
}
# DB Mapping
if($C_list->is_installed('db_mapping'))
{
$dbsql = "SELECT username FROM ".AGILE_DB_PREFIX."account WHERE
site_id = ".$db->qstr(DEFAULT_SITE)." AND
id = ".$db->qstr($merge_acct_id);
$resultdb = $db->Execute($dbsql);
$old_username = $resultdb->fields['username'];
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->account_delete ( $merge_acct_id, $old_username );
}
# Delete account
$q = "DELETE FROM ".AGILE_DB_PREFIX."account WHERE id = $merge_acct_id AND site_id = ".DEFAULT_SITE;
$rs = $db->Execute($q);
if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: account', $db->ErrorMsg());
$C_debug->alert($C_translate->translate('merge_ok','account_admin',''));
return;
}
##############################
## DELETE ##
##############################
function delete($VAR)
{
$db = &DB();
global $C_auth, $C_list;
# set the id
$id = $this->table . '_id';
# generate the list of ID's
$id_list = '';
$account_id_list = '';
$discount_id_list = '';
$ii=0;
if(isset($VAR["delete_id"]))
{
$id = split(',',$VAR["delete_id"]);
}
elseif (isset($VAR["id"]))
{
$id = split(',',$VAR["id"]);
}
for($i=0; $i<count($id); $i++)
{
if($id[$i] != '')
{
### is current account auth to delete this account?
### Get any authorized groups:
$db = &DB();
$sql = 'SELECT group_id FROM ' . AGILE_DB_PREFIX . 'account_group WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
account_id = ' . $db->qstr($id[$i]) . '
ORDER BY group_id';
$groups = $db->Execute($sql);
while (!$groups->EOF)
{
$group[] = $groups->fields['group_id'];
$groups->MoveNext();
}
### Verify the user has access to view this account:
$delete_this = true;
if(!empty($group) && is_array($group)) {
for($ix=0; $ix<count($group); $ix++)
{
if(!$C_auth->auth_group_by_id($group[$ix]))
{
$delete_this = false;
$ix = count($group);
}
}
}
unset($group);
### Verify this is not the admin account or the current user's account:
if(SESS_ACCOUNT == $id[$i] || $id[$i] == '1')
$delete_this = false;
### Generate the SQL
if($delete_this)
{
if($i == 0) {
$id_list .= " id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$account_id_list .= " account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$discount_id_list .= " account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$ii++;
} else {
$id_list .= " OR id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$account_id_list .= " OR account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$discount_id_list .= " OR account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$ii++;
}
####################################################################
### Do any db_mapping
####################################################################
$dbsql = "SELECT username FROM ".AGILE_DB_PREFIX."account WHERE
site_id = ".$db->qstr(DEFAULT_SITE)." AND
id = ".$db->qstr($id[$i]);
$resultdb = $db->Execute($dbsql);
$old_username = $resultdb->fields['username'];
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->account_delete ( $id[$i], $old_username );
}
}
}
}
$db = &DB();
if($ii>0)
{
# generate the full query (account)
$q = "DELETE FROM ".AGILE_DB_PREFIX."account
WHERE $id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
# generate the full query (sessions)
$q = "DELETE FROM ".AGILE_DB_PREFIX."session
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (account_billing)
$q = "DELETE FROM ".AGILE_DB_PREFIX."account_billing
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (account_group)
$q = "DELETE FROM ".AGILE_DB_PREFIX."account_group
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (cart)
$q = "DELETE FROM ".AGILE_DB_PREFIX."cart
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (search)
$q = "DELETE FROM ".AGILE_DB_PREFIX."search
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (staff)
$q = "DELETE FROM ".AGILE_DB_PREFIX."staff
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (ticket)
if($C_list->is_installed('ticket'))
{
$q = "SELECT id FROM ".AGILE_DB_PREFIX."ticket
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$ticket = $db->Execute($q);
if($ticket != false && $ticket->RecordCount() > 0) {
while( !$ticket->EOF ) {
include_once(PATH_MODULES.'ticket/ticket.inc.php');
$tk = new ticket;
$arr['id'] = $ticket->fields['id'];
$tk->delete($arr, $tk);
$ticket->MoveNext();
}
}
}
# generate the full query (affiliate)
if($C_list->is_installed('affiliate'))
{
$q = "DELETE FROM ".AGILE_DB_PREFIX."affiliate
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
}
# generate the full query (discount)
$q = "DELETE FROM ".AGILE_DB_PREFIX."discount
WHERE $discount_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (invoice)
$q = "SELECT id FROM ".AGILE_DB_PREFIX."invoice
WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE);
$invoice = $db->Execute($q);
if($invoice != false && $invoice->RecordCount() > 0 ) {
while( !$invoice->EOF ) {
include_once(PATH_MODULES.'invoice/invoice.inc.php');
$inv = new invoice;
$arr['id'] = $invoice->fields['id'];
$inv->delete($arr, $inv);
$invoice->MoveNext();
}
}
# error reporting
if ($result === false)
{
global $C_debug;
$C_debug->error('account_admin.inc.php','delete', $db->ErrorMsg());
}
else
{
# Alert delete message
global $C_debug, $C_translate;
$C_translate->value["CORE"]["module_name"] = $C_translate->translate('name','account_admin',"");
$message = $C_translate->translate('alert_delete_ids',"CORE","");
$C_debug->alert($message);
}
}
}
##############################
## SEARCH FORM ##
##############################
function search_form($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->search_form($VAR, $this, $type);
}
##############################
## SEARCH ##
##############################
function search($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = &DB();
include_once(PATH_CORE . 'validate.inc.php');
$validate = new CORE_validate;
# set the search criteria array
$arr = $VAR;
# loop through the submitted field_names to get the WHERE statement
$where_list = '';
$i=0;
while (list ($key, $value) = each ($arr))
{
if($i == 0)
{
if($value != '')
{
$pat = "^" . $this->module . "_";
if(eregi($pat, $key))
{
$field = eregi_replace($pat,"",$key);
if(eregi('%',$value))
{
# do any data conversion for this field (date, encrypt, etc...)
if(isset($this->field["$field"]["convert"]))
{
$value = $validate->convert($field, $value, $this->field["$field"]["convert"]);
}
$where_list .= " WHERE ".AGILE_DB_PREFIX."account.".$field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
else
{
# check if array
if(is_array($value))
{
for($i_arr=0; $i_arr < count($value); $i_arr++)
{
if($value["$i_arr"] != '')
{
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module.'_'.$field;
$VAR['field_option']["$pat_field"]["$i_arr"];
if(isset($VAR['field_option']["$pat_field"]["$i_arr"]))
{
$f_opt = $VAR['field_option']["$pat_field"]["$i_arr"];
# error checking, safety precaution
if($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=')
$f_opt = '=';
}
# do any data conversion for this field (date, encrypt, etc...)
if(isset($this->field["$field"]["convert"]))
{
$value["$i_arr"] = $validate->convert($field, $value["$i_arr"], $this->field["$field"]["convert"]);
}
if($i_arr == 0)
{
$where_list .= " WHERE ".AGILE_DB_PREFIX."account.".$field . " $f_opt " . $db->qstr($value["$i_arr"], get_magic_quotes_gpc());
$i++;
}
else
{
$where_list .= " AND ".AGILE_DB_PREFIX."account.".$field . " $f_opt " . $db->qstr($value["$i_arr"], get_magic_quotes_gpc());
$i++;
}
}
}
}
else
{
$where_list .= " WHERE ".AGILE_DB_PREFIX."account.".$field . " = " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
}
else
{
if($value != '')
{
$pat = "^" . $this->module . "_";
if(eregi($pat, $key))
{
$field = eregi_replace($pat,"",$key);
if(eregi('%',$value))
{
# do any data conversion for this field (date, encrypt, etc...)
if(isset($this->field["$field"]["convert"]))
{
$value = $validate->convert($field, $value, $this->field["$field"]["convert"]);
}
$where_list .= " AND ".AGILE_DB_PREFIX."account.".$field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
else
{
# check if array
if(is_array($value))
{
for($i_arr=0; $i_arr < count($value); $i_arr++)
{
if($value["$i_arr"] != '')
{
# determine any field options (=, >, <, etc...)
$f_opt = '=';
$pat_field = $this->module.'_'.$field;
if(isset($VAR['field_option']["$pat_field"]["$i_arr"]))
{
$f_opt = $VAR['field_option']["$pat_field"]["$i_arr"];
# error checking, safety precaution
if($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=')
$f_opt = '=';
}
# do any data conversion for this field (date, encrypt, etc...)
if(isset($this->field["$field"]["convert"]))
{
$value["$i_arr"] = $validate->convert($field, $value["$i_arr"], $this->field["$field"]["convert"]);
}
$where_list .= " AND ".AGILE_DB_PREFIX."account.". $field . " $f_opt " . $db->qstr($value["$i_arr"], get_magic_quotes_gpc());
$i++;
}
}
}
else
{
$where_list .= " AND ".AGILE_DB_PREFIX."account.". $field . " = ". $db->qstr($value, get_magic_quotes_gpc());
$i++;
}
}
}
}
}
}
#### finalize the WHERE statement
if($where_list == '')
{
$where_list .= ' WHERE ';
}
else
{
$where_list .= ' AND ';
}
# get limit type
if(isset($VAR['limit']))
{
$limit = $VAR['limit'];
}
else
{
$limit = $this->limit;
}
# get order by
if(isset($VAR['order_by']))
{
$order_by = $VAR['order_by'];
}
else
{
$order_by = $this->order_by;
}
$pre = AGILE_DB_PREFIX;
$q = "SELECT DISTINCT ".AGILE_DB_PREFIX."account.id,".AGILE_DB_PREFIX."account.last_name,".AGILE_DB_PREFIX."account.first_name,".AGILE_DB_PREFIX."account.username FROM ".AGILE_DB_PREFIX."account ";
$q_save = "SELECT DISTINCT %%fieldList%% FROM ".AGILE_DB_PREFIX."account ";
# Code for group searches:
if(!empty($VAR['account_group']))
$q .= " LEFT JOIN ".AGILE_DB_PREFIX."account_group ON ".AGILE_DB_PREFIX."account_group.account_id = ".AGILE_DB_PREFIX."account.id";
######## GET ANY STATIC VARS TO SEARCH ##########
$join_list = '';
if(!empty($VAR["static_relation"]) && count( $VAR["static_relation"] > 0 )) {
while(list($idx, $value) = each ($VAR["static_relation"])) {
if($value != "") {
$join_list .= " INNER JOIN {$pre}static_var_record AS s{$idx} ON
(
s{$idx}.record_id = {$pre}{$this->table}.id
AND
s{$idx}.static_var_relation_id = '{$idx}'
AND
s{$idx}.site_id = ".$db->qstr(DEFAULT_SITE)."
AND";
if(ereg("%", $value))
$join_list .= " s{$idx}.value LIKE ".$db->qstr($VAR["static_relation"]["$idx"]);
else
$join_list .= " s{$idx}.value = ".$db->qstr($VAR["static_relation"]["$idx"]);
$join_list .= " ) ";
}
}
}
######## END STATIC VAR SEARCH ##################
# standard where list
$q .= $join_list . $where_list ." ".AGILE_DB_PREFIX."account.site_id = " . $db->qstr(DEFAULT_SITE);
# Code for member group:
if(!empty($VAR['account_group'])) {
$q .= " AND ".AGILE_DB_PREFIX."account_group.group_id = " . $db->qstr($VAR['account_group'])."
AND ".AGILE_DB_PREFIX."account_group.site_id = " . $db->qstr(DEFAULT_SITE);
}
if(!empty($VAR['account_group']))
{
$q_save .= " LEFT JOIN ".AGILE_DB_PREFIX."account_group ON ".AGILE_DB_PREFIX."account_group.account_id = ".AGILE_DB_PREFIX."account.id ";
if(!empty($join_list))
$q_save .= $join_list;
$q_save .= $where_list ." %%whereList%% ";
$q_save .= AGILE_DB_PREFIX."account_group.group_id = " . $db->qstr($VAR['account_group'])." AND ";
}
else
{
if(!empty($join_list))
$q_save .= $join_list;
$q_save .= $where_list ." %%whereList%% ";
}
################## DEBUG ##################
#echo "<pre>" . $q;
#echo "<BR><BR>" . $q_save;
#exit;
# run the database query
$result = $db->Execute($q);
# error reporting
if ($result === false)
{
global $C_debug;
$C_debug->error('database.inc.php','search', $db->ErrorMsg());
return false;
}
# get the result count:
$results = $result->RecordCount();
# get the first record id:
if($results == 1) $record_id = $result->fields['id'];
# define the DB vars as a Smarty accessible block
global $smarty;
# Create the definition for fast-forwarding to a single record:
if ($results == 1 && !isset($this->fast_forward))
{
$smarty->assign('record_id', $record_id);
}
# create the search record:
if($results > 0)
{
# create the search record
include_once(PATH_CORE . 'search.inc.php');
$search = new CORE_search;
$arr['module'] = $this->module;
$arr['sql'] = $q_save;
$arr['limit'] = $limit;
$arr['order_by']= $order_by;
$arr['results'] = $results;
$search->add($arr);
# define the search id and other parameters for Smarty
$smarty->assign('search_id', $search->id);
# page:
$smarty->assign('page', '1');
# limit:
$smarty->assign('limit', $limit);
# order_by:
$smarty->assign('order_by', $order_by);
}
# define the result count
$smarty->assign('results', $results);
}
##############################
## SEARCH SHOW ##
##############################
function search_show($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
# set the field list for this method:
$arr = $this->method[$type];
$field_list = '';
$i=0;
while (list ($key, $value) = each ($arr))
{
if($i == 0)
{
$field_var = $this->table . '_' . $value;
$field_list .= AGILE_DB_PREFIX . "account" . "." . $value;
// determine if this record is linked to another table/field
if($this->field[$value]["asso_table"] != "")
{
$this->linked[] = array('field' => $value, 'link_table' => $this->field[$value]["asso_table"], 'link_field' => $this->field[$value]["asso_field"]);
}
}
else
{
$field_var = $this->table . '_' . $value;
$field_list .= "," . AGILE_DB_PREFIX . "account" . "." . $value;
// determine if this record is linked to another table/field
if($this->field[$value]["asso_table"] != "")
{
$this->linked[] = array('field' => $value, 'link_table' => $this->field[$value]["asso_table"], 'link_field' => $this->field[$value]["asso_field"]);
}
}
$i++;
}
# get the search details:
if(isset($VAR['search_id'])) {
include_once(PATH_CORE . 'search.inc.php');
$search = new CORE_search;
$search->get($VAR['search_id']);
} else {
# invalid search!
echo '<BR> The search terms submitted were invalid!'; # translate... # alert
if(isset($this->trigger["$type"])) {
include_once(PATH_CORE . 'trigger.inc.php');
$trigger = new CORE_trigger;
$trigger->trigger($this->trigger["$type"], 0, $VAR);
}
}
# get the sort order details:
if(isset($VAR['order_by']) && $VAR['order_by'] != "") {
$order_by = ' ORDER BY ' . AGILE_DB_PREFIX . 'account.'.$VAR['order_by'];
$smarty_order = $VAR['order_by'];
} else {
$order_by = ' ORDER BY ' . AGILE_DB_PREFIX . 'account.'.$this->order_by;
$smarty_order = $search->order_by;
}
# determine the sort order
if(isset($VAR['desc'])) {
$order_by .= ' DESC';
$smarty_sort = 'desc=';
} else if(isset($VAR['asc'])) {
$order_by .= ' ASC';
$smarty_sort = 'asc=';
} else {
if (!eregi('date',$smarty_order)) {
$order_by .= ' ASC';
$smarty_sort = 'asc=';
} else {
$order_by .= ' DESC';
$smarty_sort = 'desc=';
}
}
# generate the full query
$db = &DB();
$q = eregi_replace("%%fieldList%%", $field_list, $search->sql);
$q = eregi_replace("%%tableList%%", AGILE_DB_PREFIX.$construct->table, $q);
$q = eregi_replace("%%whereList%%", "", $q);
$q .= " ".AGILE_DB_PREFIX . "account."."site_id = " . $db->qstr(DEFAULT_SITE);
$q .= $order_by;
//////////////////
#echo "<BR><pre> $q </pre><BR>";
$current_page=1;
$offset=-1;
if (!empty($VAR['page'])) $current_page = $VAR['page'];
if (empty($search->limit)) $search->limit=25;
if($current_page>1) $offset = (($current_page * $search->limit) - $search->limit);
$result = $db->SelectLimit($q, $search->limit, $offset);
# error reporting
if ($result === false)
{
global $C_debug;
$C_debug->error('database.inc.php','search', $db->ErrorMsg());
if(isset($this->trigger["$type"]))
{
include_once(PATH_CORE . 'trigger.inc.php');
$trigger = new CORE_trigger;
$trigger->trigger($this->trigger["$type"], 0, $VAR);
}
return;
}
# put the results into a smarty accessable array
$i=0;
$class_name = TRUE;
while (!$result->EOF) {
$smart[$i] = $result->fields;
if($class_name)
{
$smart[$i]['_C'] = 'row1';
$class_name = FALSE;
} else {
$smart[$i]['_C'] = 'row2';
$class_name = TRUE;
}
$result->MoveNext();
$i++;
}
# get any linked fields
if($i > 0)
{
$db_join = new CORE_database;
$this->result = $db_join->join_fields($smart, $this->linked);
}
else
{
$this->result = $smart;
}
# get the result count:
$results = $result->RecordCount();
# define the DB vars as a Smarty accessible block
global $smarty;
# define the results
$smarty->assign($this->table, $this->result);
$smarty->assign('page', $VAR['page']);
$smarty->assign('order', $smarty_order);
$smarty->assign('sort', $smarty_sort);
$smarty->assign('limit', $search->limit);
$smarty->assign('search_id',$search->id);
$smarty->assign('results', $search->results);
# get the total pages for this search:
if(empty($search->limit))
$this->pages = 1;
else
$this->pages = intval($search->results / $search->limit);
if ($search->results % $search->limit) $this->pages++;
# total pages
$smarty->assign('pages', $this->pages);
# current page
$smarty->assign('page', $current_page);
$page_arr = '';
for($i=0; $i <= $this->pages; $i++)
{
if ($this->page != $i) $page_arr[] = $i;
}
# page array for menu
$smarty->assign('page_arr', $page_arr);
}
##############################
## SEARCH EXPORT ##
##############################
function search_export($VAR)
{
if(!$this->checkLimits()) return false; // check account limits
# require the export class
require_once (PATH_CORE . "export.inc.php");
# Call the correct export function for inline browser display, download, email, or web save.
if($VAR["format"] == "excel")
{
$type = "export_excel";
$this->method["$type"] = split(",", $this->method["$type"]);
$export = new CORE_export;
$export->search_excel($VAR, $this, $type);
}
else if ($VAR["format"] == "pdf")
{
$type = "export_pdf";
$this->method["$type"] = split(",", $this->method["$type"]);
$export = new CORE_export;
$export->search_pdf($VAR, $this, $type);
}
else if ($VAR["format"] == "xml")
{
$type = "export_xml";
$this->method["$type"] = split(",", $this->method["$type"]);
$export = new CORE_export;
$export->search_xml($VAR, $this, $type);
}
else if ($VAR["format"] == "csv")
{
$type = "export_csv";
$this->method["$type"] = split(",", $this->method["$type"]);
$export = new CORE_export;
$export->search_csv($VAR, $this, $type);
}
else if ($VAR["format"] == "tab")
{
$type = "export_tab";
$this->method["$type"] = split(",", $this->method["$type"]);
$export = new CORE_export;
$export->search_tab($VAR, $this, $type);
}
}
##############################
## ADD GROUPS ##
##############################
function add_account_groups($groups, $account, $expire)
{
global $C_auth;
$ii = 0;
#loop through the array to add each account_group record
for($i=0; $i<count($groups); $i++)
{
# verify the admin adding this account is authorized
# for this group themselves, otherwise skip
if($C_auth->auth_group_by_id($groups[$i]))
{
# add the account to the selected groups...
$dba = &DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# generate the full query
$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
SET
id = ". $dba->qstr($this->new_id).",
date_orig = ". $dba->qstr(time()).",
date_expire = ". $dba->qstr($expire).",
group_id = ". $dba->qstr($groups[$i]).",
account_id = ". $dba->qstr($account).",
active = ". $dba->qstr('1').",
site_id = ". $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
$ii++;
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php','add_account_groups', $dba->ErrorMsg());
}
}
}
### Add default group
if($ii == 0)
{
# add the account to the selected groups...
$dba = &DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# generate the full query
$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
SET
id = ". $dba->qstr($this->new_id).",
date_orig = ". $dba->qstr(time()).",
date_expire = ". $dba->qstr($expire).",
group_id = ". $dba->qstr(DEFAULT_GROUP).",
account_id = ". $dba->qstr($account).",
active = ". $dba->qstr('1').",
site_id = ". $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php','add_account_groups', $dba->ErrorMsg());
}
}
}
##############################
## UDPATE GROUPS ##
##############################
function update_account_groups($VAR)
{
global $C_auth;
$ii = 0;
@$groups = $VAR['groups'];
@$account = $VAR['account_admin_id'];
# admin accounts groups cannot be altered
# user cannot modify their own groups
if($account == "1" || SESS_ACCOUNT == $account)
return false;
### Drop the current groups for this account:
# generate the full query
$dba = &DB();
$q = "DELETE FROM ".AGILE_DB_PREFIX."account_group
WHERE
service_id IS NULL AND
account_id = ". $dba->qstr($account)." AND
site_id = ". $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
#loop through the array to add each account_group record
for($i=0; $i<count($groups); $i++)
{
# verify the admin adding this account is authorized
# for this group themselves, otherwise skip
if($C_auth->auth_group_by_id($groups[$i]))
{
# add the account to the selected groups...
$dba = &DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# determine the expiration
if(!empty($VAR['account_admin_date_expire']))
{
include_once(PATH_CORE.'validate.inc.php');
$validate = new CORE_validate;
$expire = $validate->DateToEpoch(DEFAULT_DATE_FORMAT,$VAR['account_admin_date_expire']);
} else {
$expire = 0;
}
# generate the full query
$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
SET
id = ". $dba->qstr($this->new_id).",
date_orig = ". $dba->qstr(time()).",
date_expire = ". $dba->qstr($expire).",
group_id = ". $dba->qstr($groups[$i]).",
account_id = ". $dba->qstr($account).",
active = ". $dba->qstr('1').",
site_id = ". $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
$ii++;
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php','update_account_groups', $dba->ErrorMsg());
}
}
}
### Add default group
if($ii == 0)
{
# add the account to the selected groups...
$dba = &DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# generate the full query
$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
SET
id = ". $dba->qstr($this->new_id).",
date_orig = ". $dba->qstr(time()).",
date_expire = ". $dba->qstr(@$expire).",
group_id = ". $dba->qstr(DEFAULT_GROUP).",
account_id = ". $dba->qstr($account).",
active = ". $dba->qstr('1').",
site_id = ". $dba->qstr(DEFAULT_SITE);
$result = $dba->Execute($q);
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php','update_account_groups', $dba->ErrorMsg());
}
}
### Remove the user's session_auth_cache so it is regenerated on user's next pageview
$db = &DB();
$q = "SELECT id FROM ".AGILE_DB_PREFIX."session WHERE
account_id = ".$db->qstr($account)." AND
site_id = ".$db->qstr(DEFAULT_SITE);
$rss = $db->Execute($q);
while(!$rss->EOF)
{
$q = "DELETE FROM ".AGILE_DB_PREFIX."session_auth_cache WHERE
session_id = ".$db->qstr($rss->fields['id'])." AND
site_id = ".$db->qstr(DEFAULT_SITE);
$db->Execute($q);
$rss->MoveNext();
}
### Do any db_mapping
global $C_list;
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->account_group_sync ( $account );
}
}
}
?>