diff --git a/acct-active.php b/acct-active.php index e3c645b3c..f47a76c37 100644 --- a/acct-active.php +++ b/acct-active.php @@ -27,8 +27,9 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); - // include validation utils + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); // validate this parameter before including menu $username = (array_key_exists('username', $_GET) && isset($_GET['username'])) @@ -55,10 +56,6 @@ $logQuery = "performed query for user [$username] and start date [$startdate] and end date [$enddate] on page: "; $logDebugSQL = ""; - include_once("lang/main.php"); - - include("library/layout.php"); - // print HTML prologue $title = t('Intro','acctactive.php'); $help = t('helpPage','acctactive'); diff --git a/acct-all.php b/acct-all.php index 098985779..826b3fd92 100644 --- a/acct-all.php +++ b/acct-all.php @@ -27,18 +27,15 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); // init logging variables $log = "visited page: "; $logQuery = "performed query for all accounting records on page: "; $logDebugSQL = ""; - include("library/validation.php"); - - include_once("lang/main.php"); - - include("library/layout.php"); - // print HTML prologue $title = t('Intro','acctall.php'); $help = t('helpPage','acctall'); diff --git a/acct-custom-query.php b/acct-custom-query.php index 5eb8afd1d..6b52fec1f 100644 --- a/acct-custom-query.php +++ b/acct-custom-query.php @@ -25,6 +25,11 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); + include_once('library/config_read.php'); + + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); // init logging variables $log = "visited page: "; @@ -34,10 +39,6 @@ // set session's page variable $_SESSION['PREV_LIST_PAGE'] = $_SERVER['REQUEST_URI']; - include_once('library/config_read.php'); - - include("library/validation.php"); - $sqlfields = (array_key_exists('sqlfields', $_GET) && !empty($_GET['sqlfields']) && is_array($_GET['sqlfields']) && array_intersect($_GET['sqlfields'], $acct_custom_query_options_all) == $_GET['sqlfields']) ? $_GET['sqlfields'] : $acct_custom_query_options_default; @@ -86,9 +87,6 @@ $accounting_custom_enddate = $enddate; $accounting_custom_value = $where_value_enc; - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $extra_js = array( @@ -203,12 +201,14 @@ . ''; // inserting the values of each field from the database to the table + $count = 0; while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { - echo ""; + printf('', $count); foreach ($sqlfields as $field) { printf("%s", htmlspecialchars($row[$field], ENT_QUOTES, 'UTF-8')); } - echo ""; + echo ''; + $count++; } echo ''; diff --git a/acct-custom.php b/acct-custom.php index d598c02e5..7c6522518 100644 --- a/acct-custom.php +++ b/acct-custom.php @@ -27,10 +27,8 @@ include_once('library/config_read.php'); $log = "visited page: "; - include("library/validation.php"); - include_once("lang/main.php"); - + include("library/validation.php"); include("library/layout.php"); // print HTML prologue diff --git a/acct-date.php b/acct-date.php index 870c278e8..145f78292 100644 --- a/acct-date.php +++ b/acct-date.php @@ -27,8 +27,9 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); - // include validation utils + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); // validate this parameter before including menu $username = (array_key_exists('username', $_GET) && isset($_GET['username'])) @@ -55,9 +56,6 @@ $logQuery = "performed query for user [$username] and start date [$startdate] and end date [$enddate] on page: "; $logDebugSQL = ""; - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $title = t('Intro','acctdate.php'); diff --git a/acct-ipaddress.php b/acct-ipaddress.php index f49481621..df8e6fb24 100644 --- a/acct-ipaddress.php +++ b/acct-ipaddress.php @@ -27,7 +27,9 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); // validate this parameter before including menu $ipaddress = (array_key_exists('ipaddress', $_GET) && isset($_GET['ipaddress']) && @@ -43,10 +45,8 @@ ((!empty($ipaddress)) ? "IP address [$ipaddress]" : "all IP addresses")); $logDebugSQL = ""; - include_once("lang/main.php"); - - include("library/layout.php"); + // print HTML prologue $title = t('Intro','acctipaddress.php'); $help = t('helpPage','acctipaddress'); diff --git a/acct-main.php b/acct-main.php index f3c5c2a88..bc2bdc5f3 100644 --- a/acct-main.php +++ b/acct-main.php @@ -44,4 +44,5 @@ include('include/config/logging.php'); print_footer_and_html_epilogue(); + ?> diff --git a/acct-nasipaddress.php b/acct-nasipaddress.php index a41340c60..4f2ee10af 100644 --- a/acct-nasipaddress.php +++ b/acct-nasipaddress.php @@ -27,7 +27,9 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); // validate this parameter before including menu $onlyactive = (array_key_exists('only-active', $_GET) && isset($_GET['only-active'])); @@ -46,10 +48,7 @@ ((!empty($nasipaddress)) ? "NAS IP address [$nasipaddress]" : "all NAS IP addresses")); $logDebugSQL = ""; - include_once("lang/main.php"); - - include("library/layout.php"); - + // print HTML prologue $title = t('Intro','acctnasipaddress.php'); $help = t('helpPage','acctnasipaddress'); diff --git a/acct-username.php b/acct-username.php index eaa1337d1..53c534b03 100644 --- a/acct-username.php +++ b/acct-username.php @@ -27,9 +27,13 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); + // validate this parameter before including menu - $username = (array_key_exists('username', $_GET) && isset($_GET['username'])) - ? str_replace("%", "", $_GET['username']) : ""; + $username = (array_key_exists('username', $_GET) && !empty(str_replace("%", "", trim($_GET['username'])))) + ? str_replace("%", "", trim($_GET['username'])) : ""; $username_enc = (!empty($username)) ? htmlspecialchars($username, ENT_QUOTES, 'UTF-8') : ""; // init logging variables @@ -44,11 +48,6 @@ //feed the sidebar variables $accounting_username = $username_enc; - include("library/validation.php"); - - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $title = t('Intro','acctusername.php'); diff --git a/bill-history-query.php b/bill-history-query.php index 825f56f4e..39ebc0c2b 100644 --- a/bill-history-query.php +++ b/bill-history-query.php @@ -1,4 +1,4 @@ - + * Authors: Liran Tal + * Filippo Lauria * ********************************************************************************************************* */ - include ("library/checklogin.php"); + include("library/checklogin.php"); $operator = $_SESSION['operator_user']; - include('library/check_operator_perm.php'); - - //setting values for the order by and order type variables - isset($_GET['orderBy']) ? $orderBy = $_GET['orderBy'] : $orderBy = "radacctid"; - isset($_GET['orderType']) ? $orderType = $_GET['orderType'] : $orderType = "asc"; + include('library/check_operator_perm.php'); + include_once('library/config_read.php'); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); - isset($_GET['username']) ? $username = trim($_GET['username']) : $username = "%"; - isset($_GET['billaction']) ? $billaction = trim($_GET['billaction']) : $billaction = ""; - isset($_GET['sqlfields']) ? $sqlfields = $_GET['sqlfields'] : $sqlfields = ""; - isset($_GET['startdate']) ? $startdate = $_GET['startdate'] : $startdate = ""; - isset($_GET['enddate']) ? $enddate = $_GET['enddate'] : $enddate = ""; - - - $username = str_replace('*', '%', $username); - - //feed the sidebar variables - $billing_date_startdate = $startdate; - $billing_date_enddate = $enddate; - $billing_history_username = $username; - $billing_history_billaction = $billaction; - - - include_once('library/config_read.php'); + // init loggin variables $log = "visited page: "; - $logQuery = "performed query for all accounting records on page: "; - -?> - - - -
- -

-

- - -
- - - -escapeSimple($username); - $billaction = $dbSocket->escapeSimple($billaction); - $startdate = $dbSocket->escapeSimple($startdate); - $enddate = $dbSocket->escapeSimple($enddate); - -// include_once('include/management/userBilling.php'); -// userBillingPayPalSummary($startdate, $enddate, $payer_email, $payment_address_status, $payer_status, $payment_status, 1); - // draw the billing rates summary table - - - include 'library/opendb.php'; - // since we need to span through pages, which we do using GET queries I can't rely on this page - // to be processed through POST but rather using GET only (with the current design anyway). - // For this reason, I need to build the GET query which I will later use in the page number's links - - $getFields = ""; - $counter = 0; - foreach ($sqlfields as $elements) { - $getFields .= "&sqlfields[$counter]=$elements"; - $counter++; - } - - // we should also sanitize the array that we will be passing to this page in the next query - $getFields = $dbSocket->escapeSimple($getFields); - - - $getQuery = ""; - $getQuery .= "&username=$username"; - $getQuery .= "&billAction=$billaction"; - $getQuery .= "&startdate=$startdate&enddate=$enddate"; - - - $select = implode(",", $sqlfields); - // sanitizing the array passed to us in the get request - $select = $dbSocket->escapeSimple($select); - - - $sql = "SELECT $select FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGHISTORY']." WHERE ". - " (username LIKE '$username') AND ". - " (billAction LIKE '$billaction') "; - $res = $dbSocket->query($sql); - $numrows = $res->numRows(); - - - $sql = "SELECT $select FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGHISTORY']." WHERE ". - " (username LIKE '$username') AND ". - " (billAction LIKE '$billaction') ". - " ORDER BY $orderBy $orderType LIMIT $offset, $rowsPerPage;"; - $res = $dbSocket->query($sql); - $logDebugSQL = ""; - $logDebugSQL .= $sql . "\n"; - - - /* START - Related to pages_numbering.php */ - $maxPage = ceil($numrows/$rowsPerPage); - /* END */ - - - echo "\n"; - echo " - - - - - - - - - - "; - - - // building the dybamic table list fields - echo " "; - foreach ($sqlfields as $value) { - switch($value) { - - case "id": - $title = t('all','ID'); - break; - case "username": - $title = t('all','Username'); - break; - case "planId": - $title = t('all','PlanId'); - break; - case "billAmount": - $title = t('all','BillAmount'); - break; - case "billAction": - $title = t('all','BillAction'); - break; - case "billPerformer": - $title = t('all','BillPerformer'); - break; - case "billReason": - $title = t('all','BillReason'); - break; - case "paymentmethod": - $title = t('ContactInfo','PaymentMethod'); - break; - case "cash": - $title = t('ContactInfo','Cash'); - break; - case "creditcardname": - $title = t('ContactInfo','CreditCardName'); - break; - case "creditcardnumber": - $title = t('ContactInfo','CreditCardNumber'); - break; - case "creditcardverification": - $title = t('ContactInfo','CreditCardVerificationNumber'); - break; - case "creditcardtype": - $title = t('ContactInfo','CreditCardType'); - break; - case "creditcardexp": - $title = t('ContactInfo','CreditCardExpiration'); - break; - case "coupon": - $title = t('all','Coupon'); - break; - case "discount": - $title = t('all','Discount'); - break; - case "notes": - $title = t('ContactInfo','Notes'); - break; - case "creationdate": - $title = t('all','CreationDate'); - break; - case "creationby": - $title = t('all','CreationBy'); - break; - case "updatedate": - $title = t('all','UpdateDate'); - break; - case "updateby": - $title = t('all','UpdateBy'); - break; - default: - $title = $value; - break; - } - - echo ""; - } //foreach $sqlfields - echo ""; - - - // inserting the values of each field from the database to the table - while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { - echo ""; - foreach ($sqlfields as $value) { - echo ""; - } - echo ""; - } - - echo " - - - - - - "; - - echo "
".t('all','Records')."
-
- "; - - if ($configValues['CONFIG_IFACE_TABLES_LISTING_NUM'] == "yes") - setupNumbering($numrows, $rowsPerPage, $pageNum, $orderBy, $orderType, $getFields, $getQuery); - - echo "
$title
" . $row[$value] . "
- "; - setupLinks($pageNum, $maxPage, $orderBy, $orderType, $getFields, $getQuery); - echo " -
"; - - include 'library/closedb.php'; + $logQuery = "performed query for listing of records on page: "; + $logDebugSQL = ""; + + // set session's page variable + $_SESSION['PREV_LIST_PAGE'] = $_SERVER['REQUEST_URI']; + + $sqlfields = (array_key_exists('sqlfields', $_GET) && !empty($_GET['sqlfields']) && is_array($_GET['sqlfields']) && + array_intersect($_GET['sqlfields'], array_keys($bill_history_query_options_all)) == $_GET['sqlfields']) + ? $_GET['sqlfields'] : $bill_history_query_options_default; + + $cols = array(); + foreach ($sqlfields as $sqlfield) { + $cols[$sqlfield] = $bill_history_query_options_all[$sqlfield]; + } + $colspan = count($cols); + $half_colspan = intdiv($colspan, 2); + + $orderBy = (array_key_exists('orderBy', $_GET) && isset($_GET['orderBy']) && + in_array($_GET['orderBy'], array_keys($bill_history_query_options_all))) + ? $_GET['orderBy'] : array_keys($bill_history_query_options_all)[0]; + + $orderType = (array_key_exists('orderType', $_GET) && isset($_GET['orderType']) && + preg_match(ORDER_TYPE_REGEX, $_GET['orderType']) !== false) + ? strtolower($_GET['orderType']) : "asc"; + + //~ $startdate = (array_key_exists('startdate', $_GET) && isset($_GET['startdate']) && + //~ preg_match(DATE_REGEX, $_GET['startdate'], $m) !== false && + //~ checkdate($m[2], $m[3], $m[1])) + //~ ? $_GET['startdate'] : ""; + + //~ $enddate = (array_key_exists('enddate', $_GET) && isset($_GET['enddate']) && + //~ preg_match(DATE_REGEX, $_GET['enddate'], $m) !== false && + //~ checkdate($m[2], $m[3], $m[1])) + //~ ? $_GET['enddate'] : ""; + + $username = (array_key_exists('username', $_GET) && !empty(str_replace("%", "", trim($_GET['username'])))) + ? str_replace("%", "", trim($_GET['username'])) : ""; + $username_enc = (!empty($username)) ? htmlspecialchars($username, ENT_QUOTES, 'UTF-8') : ""; + + $billaction = (array_key_exists('billaction', $_GET) && isset($_GET['billaction']) && + in_array($_GET['billaction'], array_slice($valid_billactions, 1))) // avoid inserting "Any" in the SQL query + ? $_GET['billaction'] : ""; + $billaction_enc = (!empty($billaction)) ? htmlspecialchars($billaction, ENT_QUOTES, 'UTF-8') : ""; + + // print HTML prologue + $title = t('Intro','billhistoryquery.php'); + $help = t('helpPage','billhistoryquery'); + + print_html_prologue($title, $langCode); + + + //feed the sidebar variables + $billing_date_startdate = $startdate; + $billing_date_enddate = $enddate; + $billing_history_username = $username; + $billing_history_billaction = $billaction; + + include("menu-bill-history.php"); + + echo '
'; + print_title_and_help($title, $help); + + include('library/opendb.php'); + include('include/management/pages_common.php'); + + // preparing the custom query + + $sql_WHERE = array(); + $partial_query_string_pieces = array(); + + foreach ($sqlfields as $sqlfield) { + $partial_query_string_pieces[] = sprintf("sqlfields[]=%s", $sqlfield); + } + + //~ if (!empty($startdate)) { + //~ $sql_WHERE[] = sprintf("AcctStartTime > '%s'", $dbSocket->escapeSimple($startdate)); + //~ $partial_query_string_pieces[] = sprintf("startdate=%s", $startdate); + //~ } + + //~ if (!empty($startdate)) { + //~ $sql_WHERE[] = sprintf("AcctStartTime < '%s'", $dbSocket->escapeSimple($enddate)); + //~ $partial_query_string_pieces[] = sprintf("enddate=%s", $enddate); + //~ } + + if (!empty($username)) { + $sql_WHERE[] = sprintf("username LIKE '%s%%'", $dbSocket->escapeSimple($username)); + $partial_query_string_pieces[] = sprintf("username=%s", $username_enc); + } + + if (!empty($billaction)) { + $sql_WHERE[] = sprintf("billaction LIKE '%s%%'", $dbSocket->escapeSimple($billaction)); + $partial_query_string_pieces[] = sprintf("billaction=%s", $billaction_enc); + } + + // executing the custom query + + $sql = sprintf("SELECT %s FROM %s", implode(", ", $sqlfields), $configValues['CONFIG_DB_TBL_DALOBILLINGHISTORY']); + + if (count($sql_WHERE) > 0) { + $sql .= " WHERE " . implode(" AND ", $sql_WHERE); + } + + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + $numrows = $res->numRows(); + + if ($numrows > 0) { + /* START - Related to pages_numbering.php */ + + // when $numrows is set, $maxPage is calculated inside this include file + include('include/management/pages_numbering.php'); // must be included after opendb because it needs to read + // the CONFIG_IFACE_TABLES_LISTING variable from the config file + + // here we decide if page numbers should be shown + $drawNumberLinks = strtolower($configValues['CONFIG_IFACE_TABLES_LISTING_NUM']) == "yes" && $maxPage > 1; + + $sql .= sprintf(" ORDER BY %s %s LIMIT %s, %s", $orderBy, $orderType, $offset, $rowsPerPage); + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + $per_page_numrows = $res->numRows(); + + // the partial query is built starting from user input + // and for being passed to setupNumbering and setupLinks functions + $partial_query_string = (count($partial_query_string_pieces) > 0) + ? "&" . implode("&", $partial_query_string_pieces) : ""; + + echo '' + . ''; + + // page numbers are shown only if there is more than one page + if ($drawNumberLinks) { + echo ''; + printf('' . ''; + } + + // second line of table header + echo ""; + printTableHead($cols, $orderBy, $orderType, $partial_query_string); + echo ""; + + echo '' + . ''; + + // inserting the values of each field from the database to the table + $count = 0; + while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { + printf('', $count); + foreach ($sqlfields as $field) { + printf("", htmlspecialchars($row[$field], ENT_QUOTES, 'UTF-8')); + } + echo ''; + $count++; + } + + echo ''; + + // tfoot + $links = setupLinks_str($pageNum, $maxPage, $orderBy, $orderType, $partial_query_string); + printTableFoot($per_page_numrows, $numrows, $colspan, $drawNumberLinks, $links); + + echo '
go to page: ', $colspan); + setupNumbering($numrows, $rowsPerPage, $pageNum, $orderBy, $orderType, $partial_query_string); + echo '
%s
'; + + } else { + $failureMsg = "Nothing to display"; + include_once("include/management/actionMessages.php"); + } + + include('library/closedb.php'); + + include('include/config/logging.php'); + print_footer_and_html_epilogue(); ?> - - - - - -
- - - -
- - - - - diff --git a/bill-history.php b/bill-history.php index c61c1d099..600778ddd 100644 --- a/bill-history.php +++ b/bill-history.php @@ -28,12 +28,12 @@ $log = "visited page: "; include_once("lang/main.php"); - + include("library/validation.php"); include("library/layout.php"); // print HTML prologue $title = t('Intro','billhistorymain.php'); - $help = t('helpPage','billhistorymain'); + $help = ""; print_html_prologue($title, $langCode); diff --git a/bill-main.php b/bill-main.php index ce30e6480..ef0cd0c4a 100644 --- a/bill-main.php +++ b/bill-main.php @@ -41,18 +41,8 @@ echo '
'; print_title_and_help($title, $help); - echo '
' - . ''; + print_footer_and_html_epilogue(); ?> - - - - - - diff --git a/bill-merchant-transactions.php b/bill-merchant-transactions.php index 0b47a7179..0c2fa0509 100644 --- a/bill-merchant-transactions.php +++ b/bill-merchant-transactions.php @@ -24,306 +24,212 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); - - //setting values for the order by and order type variables - isset($_GET['orderBy']) ? $orderBy = $_GET['orderBy'] : $orderBy = "radacctid"; - isset($_GET['orderType']) ? $orderType = $_GET['orderType'] : $orderType = "asc"; - - - isset($_GET['payer_email']) ? $payer_email = $_GET['payer_email'] : $payer_email = "%"; - isset($_GET['payment_address_status']) ? $payment_address_status = $_GET['payment_address_status'] : $payment_address_status = "%"; - isset($_GET['payer_status']) ? $payer_status = $_GET['payer_status'] : $payer_status = "%"; - isset($_GET['payment_status']) ? $payment_status = $_GET['payment_status'] : $payment_status = "%"; - isset($_GET['vendor_type']) ? $vendor_type = $_GET['vendor_type'] : $vendor_type = "%"; - isset($_GET['sqlfields']) ? $sqlfields = $_GET['sqlfields'] : $sqlfields = ""; - isset($_GET['startdate']) ? $startdate = $_GET['startdate'] : $startdate = ""; - isset($_GET['enddate']) ? $enddate = $_GET['enddate'] : $enddate = ""; - - - $payer_email = str_replace('*', '%', $payer_email); + include_once('library/config_read.php'); + + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); - //feed the sidebar variables + // init loggin variables + $log = "visited page: "; + $logQuery = "performed query for listing of records on page: "; + $logDebugSQL = ""; + + // set session's page variable + $_SESSION['PREV_LIST_PAGE'] = $_SERVER['REQUEST_URI']; + + $sqlfields = (array_key_exists('sqlfields', $_GET) && !empty($_GET['sqlfields']) && is_array($_GET['sqlfields']) && + array_intersect($_GET['sqlfields'], array_keys($bill_merchant_transactions_options_all)) == $_GET['sqlfields']) + ? $_GET['sqlfields'] : $bill_merchant_transactions_options_default; + + $cols = array(); + foreach ($sqlfields as $sqlfield) { + $cols[$sqlfield] = $bill_merchant_transactions_options_all[$sqlfield]; + } + $colspan = count($cols); + $half_colspan = intdiv($colspan, 2); + + $orderBy = (array_key_exists('orderBy', $_GET) && isset($_GET['orderBy']) && + in_array($_GET['orderBy'], array_keys($bill_merchant_transactions_options_all))) + ? $_GET['orderBy'] : array_keys($bill_merchant_transactions_options_all)[0]; + + $orderType = (array_key_exists('orderType', $_GET) && isset($_GET['orderType']) && + preg_match(ORDER_TYPE_REGEX, $_GET['orderType']) !== false) + ? strtolower($_GET['orderType']) : "asc"; + + $startdate = (array_key_exists('startdate', $_GET) && !empty($_GET['startdate']) && + preg_match(DATE_REGEX, $_GET['startdate'], $m) !== false && + checkdate($m[2], $m[3], $m[1])) + ? $_GET['startdate'] : ""; + + $enddate = (array_key_exists('enddate', $_GET) && !empty($_GET['enddate']) && + preg_match(DATE_REGEX, $_GET['enddate'], $m) !== false && + checkdate($m[2], $m[3], $m[1])) + ? $_GET['enddate'] : ""; + + $vendor_type = (array_key_exists('vendor_type', $_GET) && isset($_GET['vendor_type']) && + in_array($_GET['vendor_type'], array_slice($valid_vendorTypes, 1))) // avoid inserting "Any" in the SQL query + ? $_GET['vendor_type'] : ""; + + $payer_email = (array_key_exists('payer_email', $_GET) && !empty(str_replace("%", "", trim($_GET['payer_email'])))) + ? str_replace("%", "", trim($_GET['payer_email'])) : ""; + $payer_email_enc = (!empty($payer_email)) ? htmlspecialchars($payer_email, ENT_QUOTES, 'UTF-8') : ""; + + $payment_status = (array_key_exists('payment_status', $_GET) && isset($_GET['payment_status']) && + in_array($_GET['payment_status'], array_slice($valid_paymentStatus, 1))) // avoid inserting "Any" in the SQL query + ? $_GET['payment_status'] : ""; + + // FIX THIS: they aren't passed + $payment_address_status = (array_key_exists('payment_address_status', $_GET) && + !empty(str_replace("%", "", trim($_GET['payment_address_status'])))) + ? str_replace("%", "", trim($_GET['payment_address_status'])) : ""; + $payer_status = (array_key_exists('payer_status', $_GET) && !empty(str_replace("%", "", trim($_GET['payer_status'])))) + ? str_replace("%", "", trim($_GET['payer_status'])) : ""; + + //feed the sidebar variables $billing_date_startdate = $startdate; $billing_date_enddate = $enddate; - //$billing_paypal_firstname = $value; - $billing_paypal_payeremail = $payer_email; - $billing_paypal_paymentaddressstatus = $payment_address_status; - $billing_paypal_payerstatus = $payer_status; + $billing_paypal_payeremail = $payer_email_enc; $billing_paypal_paymentstatus = $payment_status; $billing_paypal_vendor_type = $vendor_type; - - include_once('library/config_read.php'); - $log = "visited page: "; - $logQuery = "performed query for all accounting records on page: "; - -?> - - - -
- -

-

- - -
- - - -escapeSimple($payer_email); - $payment_address_status = $dbSocket->escapeSimple($payment_address_status); - $payer_status = $dbSocket->escapeSimple($payer_status); - $payment_status = $dbSocket->escapeSimple($payment_status); - $vendor_type = $dbSocket->escapeSimple($vendor_type); - $startdate = $dbSocket->escapeSimple($startdate); - $enddate = $dbSocket->escapeSimple($enddate); - - include_once('include/management/userBilling.php'); - userBillingPayPalSummary($startdate, $enddate, $payer_email, $payment_address_status, $payer_status, $payment_status, $vendor_type, 1); - // draw the billing rates summary table - - - include 'library/opendb.php'; - // since we need to span through pages, which we do using GET queries I can't rely on this page - // to be processed through POST but rather using GET only (with the current design anyway). - // For this reason, I need to build the GET query which I will later use in the page number's links - - $getFields = ""; - $counter = 0; - foreach ($sqlfields as $elements) { - $getFields .= "&sqlfields[$counter]=$elements"; - $counter++; - } - - // we should also sanitize the array that we will be passing to this page in the next query - $getFields = $dbSocket->escapeSimple($getFields); - - - $getQuery = ""; - $getQuery .= "&payer_email=$payer_email"; - $getQuery .= "&payment_address_status=$payment_address_status"; - $getQuery .= "&payer_status=$payer_status"; - $getQuery .= "&payment_status=$payment_status"; - $getQuery .= "&vendor_type=$vendor_type"; - $getQuery .= "&startdate=$startdate&enddate=$enddate"; - - - $select = implode(",", $sqlfields); - // sanitizing the array passed to us in the get request - $select = $dbSocket->escapeSimple($select); - - - $sql = "SELECT $select FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']." WHERE ". - " (payer_email LIKE '$payer_email') AND ". - " (payment_address_status LIKE '$payment_address_status') AND ". - " (payer_status LIKE '$payer_status') AND ". - " (payment_status LIKE '$payment_status') AND ". - " (vendor_type LIKE '$vendor_type') AND ". - " (payment_date>'$startdate' AND payment_date<'$enddate')"; - $res = $dbSocket->query($sql); - $numrows = $res->numRows(); - - - $sql = "SELECT $select FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']." WHERE ". - " (payer_email LIKE '$payer_email') AND ". - " (payment_address_status LIKE '$payment_address_status') AND ". - " (payer_status LIKE '$payer_status') AND ". - " (payment_status LIKE '$payment_status') AND ". - " (vendor_type LIKE '$vendor_type') AND ". - " (payment_date>'$startdate' AND payment_date<'$enddate') ". - " ORDER BY $orderBy $orderType LIMIT $offset, $rowsPerPage;"; - $res = $dbSocket->query($sql); - $logDebugSQL = ""; - $logDebugSQL .= $sql . "\n"; - - - /* START - Related to pages_numbering.php */ - $maxPage = ceil($numrows/$rowsPerPage); - /* END */ - - - echo "\n"; - echo " - - - - - - - - - - "; - - - // building the dybamic table list fields - echo " "; - foreach ($sqlfields as $value) { - switch($value) { - - case "id": - $title = t('all','ID'); - break; - case "username": - $title = t('all','Username'); - break; - case "password": - $title = t('all','Password'); - break; - case "txnId": - $title = t('all','TxnId'); - break; - case "planId": - $title = t('all','PlanId'); - break; - case "quantity": - $title = t('all','Quantity'); - break; - case "business_email": - $title = t('all','ReceiverEmail'); - break; - case "business_id": - $title = t('all','Business'); - break; - case "payment_tax": - $title = t('all','Tax'); - break; - case "payment_cost": - $title = t('all','Cost'); - break; - case "payment_fee": - $title = t('all','TransactionFee'); - break; - case "payment_total": - $title = t('all','TotalCost'); - break; - case "payment_currency": - $title = t('all','PaymentCurrency'); - break; - case "first_name": - $title = t('all','FirstName'); - break; - case "last_name": - $title = t('all','LastName'); - break; - case "payer_email": - $title = t('all','PayerEmail'); - break; - case "payer_address_name": - $title = t('all','AddressRecipient'); - break; - case "payer_address_street": - $title = t('all','Street'); - break; - case "payer_address_country": - $title = t('all','Country'); - break; - case "payer_address_country_code": - $title = t('all','CountryCode'); - break; - case "payer_address_city": - $title = t('all','City'); - break; - case "payer_address_state": - $title = t('all','State'); - break; - case "payer_address_zip": - $title = t('all','Zip'); - break; - case "payment_date": - $title = t('all','PaymentDate'); - break; - case "payment_status": - $title = t('all','PaymentStatus'); - break; - case "payer_status": - $title = t('all','PayerStatus'); - break; - case "vendor_type": - $title = t('all','VendorType'); - break; - case "payment_address_status": - $title = t('all','PaymentAddressStatus'); - break; - default: - $title = $value; - break; - } - - echo ""; - } //foreach $sqlfields - echo ""; - - - // inserting the values of each field from the database to the table - while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { - echo ""; - foreach ($sqlfields as $value) { - echo ""; - } - echo ""; - } - - echo " - - - - - - "; - - echo "
".t('all','Records')."
-
- "; - - if ($configValues['CONFIG_IFACE_TABLES_LISTING_NUM'] == "yes") - setupNumbering($numrows, $rowsPerPage, $pageNum, $orderBy, $orderType, $getFields, $getQuery); - - echo "
$title
" . $row[$value] . "
- "; - setupLinks($pageNum, $maxPage, $orderBy, $orderType, $getFields, $getQuery); - echo " -
"; - - include 'library/closedb.php'; + echo '
'; + print_title_and_help($title, $help); + + // draw the billing rates summary table + include_once('include/management/userBilling.php'); + userBillingPayPalSummary($startdate, $enddate, $payer_email, $payment_address_status, $payer_status, $payment_status, $vendor_type, 1); + + + include('library/opendb.php'); + include_once('include/management/pages_common.php'); + + // preparing the custom query + + $sql_WHERE = array(); + $partial_query_string_pieces = array(); + + foreach ($sqlfields as $sqlfield) { + $partial_query_string_pieces[] = sprintf("sqlfields[]=%s", $sqlfield); + } + + if (!empty($startdate)) { + $sql_WHERE[] = sprintf("payment_date > '%s'", $dbSocket->escapeSimple($startdate)); + $partial_query_string_pieces[] = sprintf("startdate=%s", $startdate); + } + + if (!empty($startdate)) { + $sql_WHERE[] = sprintf("payment_date < '%s'", $dbSocket->escapeSimple($enddate)); + $partial_query_string_pieces[] = sprintf("enddate=%s", $enddate); + } + + if (!empty($payer_email)) { + $sql_WHERE[] = sprintf("payer_email LIKE '%s%%'", $dbSocket->escapeSimple($payer_email)); + $partial_query_string_pieces[] = sprintf("payer_email=%s", $payer_email); + } + + if (!empty($payment_status)) { + $sql_WHERE[] = sprintf("payment_status='%s'", $dbSocket->escapeSimple($payment_status)); + $partial_query_string_pieces[] = sprintf("payment_status=%s", $payment_status); + } + + if (!empty($vendor_type)) { + $sql_WHERE[] = sprintf("vendor_type='%s'", $dbSocket->escapeSimple($vendor_type)); + $partial_query_string_pieces[] = sprintf("vendor_type=%s", $vendor_type); + } + + // executing the custom query + + $sql = sprintf("SELECT %s FROM %s", implode(", ", $sqlfields), $configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']); + + if (count($sql_WHERE) > 0) { + $sql .= " WHERE " . implode(" AND ", $sql_WHERE); + } + + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + $numrows = $res->numRows(); + + if ($numrows > 0) { + /* START - Related to pages_numbering.php */ + + // when $numrows is set, $maxPage is calculated inside this include file + include('include/management/pages_numbering.php'); // must be included after opendb because it needs to read + // the CONFIG_IFACE_TABLES_LISTING variable from the config file + + // here we decide if page numbers should be shown + $drawNumberLinks = strtolower($configValues['CONFIG_IFACE_TABLES_LISTING_NUM']) == "yes" && $maxPage > 1; + + $sql .= sprintf(" ORDER BY %s %s LIMIT %s, %s", $orderBy, $orderType, $offset, $rowsPerPage); + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + $per_page_numrows = $res->numRows(); + + // the partial query is built starting from user input + // and for being passed to setupNumbering and setupLinks functions + $partial_query_string = (count($partial_query_string_pieces) > 0) + ? "&" . implode("&", $partial_query_string_pieces) : ""; + + echo '' + . ''; + + // page numbers are shown only if there is more than one page + if ($drawNumberLinks) { + echo ''; + printf('' . ''; + } + + // second line of table header + echo ""; + printTableHead($cols, $orderBy, $orderType, $partial_query_string); + echo ""; + + + echo '' + . ''; + + // inserting the values of each field from the database to the table + $count = 0; + while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { + printf('', $count); + foreach ($sqlfields as $field) { + printf("", htmlspecialchars($row[$field], ENT_QUOTES, 'UTF-8')); + } + echo ''; + $count++; + } + + echo ''; + + // tfoot + $links = setupLinks_str($pageNum, $maxPage, $orderBy, $orderType, $partial_query_string); + printTableFoot($per_page_numrows, $numrows, $colspan, $drawNumberLinks, $links); + + echo '
go to page: ', $colspan); + setupNumbering($numrows, $rowsPerPage, $pageNum, $orderBy, $orderType, $partial_query_string); + echo '
%s
'; + + } else { + $failureMsg = "Nothing to display"; + include_once("include/management/actionMessages.php"); + } + + include('library/closedb.php'); + + include('include/config/logging.php'); + print_footer_and_html_epilogue(); ?> - - - - - -
- - - -
- - - - - diff --git a/bill-merchant.php b/bill-merchant.php index 742c65da1..5d3d19532 100644 --- a/bill-merchant.php +++ b/bill-merchant.php @@ -28,7 +28,7 @@ $log = "visited page: "; include_once("lang/main.php"); - + include("library/validation.php"); include("library/layout.php"); // print HTML prologue diff --git a/bill-pos-edit.php b/bill-pos-edit.php index ee6aa553e..d0920e501 100644 --- a/bill-pos-edit.php +++ b/bill-pos-edit.php @@ -25,17 +25,17 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); + include_once('library/config_read.php'); + include_once("lang/main.php"); + include_once("library/validation.php"); + include("library/layout.php"); + // init logging variables $log = "visited page: "; $logAction = ""; $logDebugSQL = ""; - include_once('library/config_read.php'); - - // we import validation facilities - include_once("library/validation.php"); - // required later $currDate = date('Y-m-d H:i:s'); $currBy = $operator; @@ -385,10 +385,6 @@ function addUserProfiles($dbSocket, $username, $planName, $oldplanName, $groups, $hiddenPassword = (strtolower($configValues['CONFIG_IFACE_PASSWORD_HIDDEN']) == "yes") ? 'password' : 'text'; - include_once("lang/main.php"); - - include("library/layout.php"); - // print HTML prologue $extra_css = array( // css tabs stuff @@ -677,13 +673,7 @@ function refillSessionTraffic() { '; - printf('Back to Previous Page', trim($_SESSION['PREV_LIST_PAGE'])); - echo ''; - - unset($_SESSION['PREV_LIST_PAGE']); - } + print_back_to_previous_page(); include('include/config/logging.php'); print_footer_and_html_epilogue(); diff --git a/bill-pos-new.php b/bill-pos-new.php index bd4b4bb78..8b05ebe94 100644 --- a/bill-pos-new.php +++ b/bill-pos-new.php @@ -27,6 +27,10 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + include_once("lang/main.php"); + include_once("library/validation.php"); + include("library/layout.php"); + // init logging variables $log = "visited page: "; $logAction = ""; @@ -34,9 +38,6 @@ include('include/management/pages_common.php'); - // we import validation facilities - include_once("library/validation.php"); - // if cleartext passwords are not allowed, // we remove Cleartext-Password from the $valid_passwordTypes array if (isset($configValues['CONFIG_DB_PASSWORD_ENCRYPTION']) && @@ -455,9 +456,6 @@ function addUserBillInfo($dbSocket, $username) { $hiddenPassword = (strtolower($configValues['CONFIG_IFACE_PASSWORD_HIDDEN']) == "yes") ? 'password' : 'text'; - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $extra_css = array( diff --git a/bill-rates-date.php b/bill-rates-date.php index 6da71d142..dbe98b29a 100644 --- a/bill-rates-date.php +++ b/bill-rates-date.php @@ -27,7 +27,14 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + // init loggin variables + $log = "visited page: "; + $logQuery = "performed query for listing of records on page: "; + $logDebugSQL = ""; + + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); //setting values for the order by and order type variables // and in other cases we partially strip some character, @@ -57,15 +64,7 @@ $billing_date_startdate = $startdate; $billing_date_enddate = $enddate; - // init loggin variables - $log = "visited page: "; - $logQuery = "performed query for listing of records on page: "; - $logDebugSQL = ""; - - include_once("lang/main.php"); - include("library/layout.php"); - // print HTML prologue $extra_css = array(); diff --git a/config-db.php b/config-db.php index 02e5ba233..02c281ccd 100644 --- a/config-db.php +++ b/config-db.php @@ -25,13 +25,13 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); - include_once('library/config_read.php'); - $log = "visited page: "; include_once("lang/main.php"); - include("library/validation.php"); + include("library/layout.php"); + + $log = "visited page: "; $db_tbl_param_label = array( 'CONFIG_DB_TBL_RADCHECK' => t('all','radcheck'), @@ -113,8 +113,6 @@ } - include("library/layout.php"); - // print HTML prologue $extra_css = array( // css tabs stuff diff --git a/config-lang.php b/config-lang.php index 4e15ca670..c25855854 100644 --- a/config-lang.php +++ b/config-lang.php @@ -25,11 +25,13 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); - include_once('library/config_read.php'); - $log = "visited page: "; + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); + + $log = "visited page: "; if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (array_key_exists('csrf_token', $_POST) && isset($_POST['csrf_token']) && dalo_check_csrf_token($_POST['csrf_token'])) { @@ -48,10 +50,7 @@ } } - include_once("lang/main.php"); - include("library/layout.php"); - // print HTML prologue $title = t('Intro','configlang.php'); $help = t('helpPage','configlang'); diff --git a/config-reports.php b/config-reports.php index 8e2fba9a1..803244fb2 100644 --- a/config-reports.php +++ b/config-reports.php @@ -1,4 +1,4 @@ - - -
- -'; print_title_and_help($title, $help); -?> - -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/gis-main.php b/gis-main.php index 7273cc618..ec601bbeb 100644 --- a/gis-main.php +++ b/gis-main.php @@ -74,18 +74,8 @@ print_title_and_help($title, $help); include_once('include/management/actionMessages.php'); -?> - - - - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/graph-main.php b/graph-main.php index 9626e617a..749400ee5 100644 --- a/graph-main.php +++ b/graph-main.php @@ -1,4 +1,4 @@ - -
-'; print_title_and_help($title, $help); -?> - -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/help-main.php b/help-main.php index 8451cb4b5..cb423c74b 100644 --- a/help-main.php +++ b/help-main.php @@ -61,29 +61,9 @@ daloRADIUS IRC: you can find us at #daloradius on irc.freenode.net

- - - - - - - - - - - diff --git a/include/management/userBilling.php b/include/management/userBilling.php index 297e5166e..542947446 100644 --- a/include/management/userBilling.php +++ b/include/management/userBilling.php @@ -14,16 +14,20 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * ********************************************************************************************************* - * Description: - * returns user billing information (rates, plans, etc) + * + * Description: returns user billing information (rates, plans, etc) * - * Authors: Liran Tal + * Authors: Liran Tal + * Filippo Lauria * ********************************************************************************************************* */ - - +// prevent this file to be directly accessed +if (strpos($_SERVER['PHP_SELF'], '/include/management/userBilling.php') !== false) { + header("Location: ../../index.php"); + exit; +} /* @@ -31,7 +35,7 @@ * userInvoiceAdd * general billing function to add invoices to the user based on the user_id * - * $userId the userbillinfo user id or the username (autodetects) + * $userId the userbillinfo user id or the username (autodetects) * $invoiceInfo array holding the invoice information * $invoiceItems array holding the invoice items information * @@ -39,106 +43,103 @@ */ function userInvoiceAdd($userId, $invoiceInfo = array(), $invoiceItems = array()) { - include(dirname(__FILE__).'/../../library/opendb.php'); - - $user_id = false; - - // if provided a numeric user id then this is the user_id that we need - if (is_numeric($userId)) { - $user_id = $dbSocket->escapeSimple($userId); // sanitize variable for sql statement - } else { - // otherwise this is the username and we need to look up the user id from the userbillinfo table - - $username = $dbSocket->escapeSimple($userId); - $sql = 'SELECT id FROM '.$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']. - ' WHERE username="'.$username.'"'; - $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; - - $row = $res->fetchRow(); - $user_id = $row[0]; - - } - - // if something is not right with the user id (set to null, false, whatever) we abort - if (!$user_id) - return false; + include(dirname(__FILE__).'/../../library/opendb.php'); + $user_id = false; - $currDate = date('Y-m-d H:i:s'); - $currBy = $_SESSION['operator_user']; + // if provided a numeric user id then this is the user_id that we need + if (is_numeric($userId)) { + $user_id = $dbSocket->escapeSimple($userId); // sanitize variable for sql statement + } else { + // otherwise this is the username and we need to look up the user id from the userbillinfo table - if (!$invoiceInfo) - $invoiceInfo = array(); + $username = $dbSocket->escapeSimple($userId); + $sql = 'SELECT id FROM '.$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']. + ' WHERE username="'.$username.'"'; + $res = $dbSocket->query($sql); + $logDebugSQL .= $sql . "\n"; - // create default invoice information if nothing was provided - $myinvoiceInfo['date'] = $currDate; - $myinvoiceInfo['status_id'] = 1; // defaults to invoice status of 'open' - $myinvoiceInfo['type_id'] = 1; // defaults to invoice type of 'Plans' - $myinvoiceInfo['notes'] = 'provisioned new user from daloRADIUS platform'; - $invoiceInfo = array_merge($myinvoiceInfo, $invoiceInfo); + $row = $res->fetchRow(); + $user_id = $row[0]; + } - $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']. - " (id, user_id, date, status_id, type_id, notes, creationdate, creationby, updatedate, updateby) ". - " VALUES (0, '".$user_id."', '". - $dbSocket->escapeSimple($invoiceInfo['date'])."', '". - $dbSocket->escapeSimple($invoiceInfo['status_id'])."', '". - $dbSocket->escapeSimple($invoiceInfo['type_id'])."', '". - $dbSocket->escapeSimple($invoiceInfo['notes'])."', ". - " '$currDate', '$currBy', NULL, NULL)"; - $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; + // if something is not right with the user id (set to null, false, whatever) we abort + if (!$user_id) + return false; - // if there hasn't been any errors with inserting the invoice record - if (!PEAR::isError($res)) { - // get the added invoice id from the database - $invoice_id = $dbSocket->getOne( "SELECT LAST_INSERT_ID() FROM `".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']."`" ); + $currDate = date('Y-m-d H:i:s'); + $currBy = $_SESSION['operator_user']; - if (!$invoice_id) - return false; + if (!$invoiceInfo) + $invoiceInfo = array(); - foreach($invoiceItems as $invoiceItem) { - // set default information for the invoice items - /* - $myinvoiceItems['plan_id'] = '' ; - $myinvoiceItems['amount'] = '' ; - $myinvoiceItems['tax'] = '' ; - $myinvoiceItems['notes'] = '' ; - $invoiceItems = array_merge($myinvoiceItems, $invoiceItems); - */ + // create default invoice information if nothing was provided + $myinvoiceInfo['date'] = $currDate; + $myinvoiceInfo['status_id'] = 1; // defaults to invoice status of 'open' + $myinvoiceInfo['type_id'] = 1; // defaults to invoice type of 'Plans' + $myinvoiceInfo['notes'] = 'provisioned new user from daloRADIUS platform'; + $invoiceInfo = array_merge($myinvoiceInfo, $invoiceInfo); - // now add an invoice item - $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS']. - " (id, invoice_id, plan_id, amount, tax_amount, notes, ". - " creationdate, creationby, updatedate, updateby) ". - " VALUES (0, '".$invoice_id."', '". - $dbSocket->escapeSimple($invoiceItem['plan_id'])."', '". - $dbSocket->escapeSimple($invoiceItem['amount'])."', '". - $dbSocket->escapeSimple($invoiceItem['tax'])."', '". - $dbSocket->escapeSimple($invoiceItem['notes'])."', ". - " '$currDate', '$currBy', NULL, NULL)"; - $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; + $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']. + " (id, user_id, date, status_id, type_id, notes, creationdate, creationby, updatedate, updateby) ". + " VALUES (0, '".$user_id."', '". + $dbSocket->escapeSimple($invoiceInfo['date'])."', '". + $dbSocket->escapeSimple($invoiceInfo['status_id'])."', '". + $dbSocket->escapeSimple($invoiceInfo['type_id'])."', '". + $dbSocket->escapeSimple($invoiceInfo['notes'])."', ". + " '$currDate', '$currBy', NULL, NULL)"; + $res = $dbSocket->query($sql); + $logDebugSQL .= $sql . "\n"; + + // if there hasn't been any errors with inserting the invoice record + if (!PEAR::isError($res)) { + + // get the added invoice id from the database + $invoice_id = $dbSocket->getOne( "SELECT LAST_INSERT_ID() FROM `".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']."`" ); + + if (!$invoice_id) + return false; + + foreach($invoiceItems as $invoiceItem) { + // set default information for the invoice items + /* + $myinvoiceItems['plan_id'] = '' ; + $myinvoiceItems['amount'] = '' ; + $myinvoiceItems['tax'] = '' ; + $myinvoiceItems['notes'] = '' ; + $invoiceItems = array_merge($myinvoiceItems, $invoiceItems); + */ + + // now add an invoice item + $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS']. + " (id, invoice_id, plan_id, amount, tax_amount, notes, ". + " creationdate, creationby, updatedate, updateby) ". + " VALUES (0, '".$invoice_id."', '". + $dbSocket->escapeSimple($invoiceItem['plan_id'])."', '". + $dbSocket->escapeSimple($invoiceItem['amount'])."', '". + $dbSocket->escapeSimple($invoiceItem['tax'])."', '". + $dbSocket->escapeSimple($invoiceItem['notes'])."', ". + " '$currDate', '$currBy', NULL, NULL)"; + + $res = $dbSocket->query($sql); + $logDebugSQL .= $sql . "\n"; - } + } - } + } - include(dirname(__FILE__).'/../../library/closedb.php'); + include(dirname(__FILE__).'/../../library/closedb.php'); - return true; + return true; } - - - /* ********************************************************************************************************* * userInvoicesStatus @@ -151,126 +152,108 @@ function userInvoiceAdd($userId, $invoiceInfo = array(), $invoiceItems = array() */ function userInvoicesStatus($user_id, $drawTable) { - include_once('include/management/pages_common.php'); - include 'library/opendb.php'; - - $user_id = $dbSocket->escapeSimple($user_id); // sanitize variable for sql statement - - $sql = "SELECT COUNT(distinct(a.id)) AS TotalInvoices, a.id, a.date, a.status_id, a.type_id, b.contactperson, b.username, ". - " c.value AS status, COALESCE(SUM(e2.totalpayed), 0) as totalpayed, COALESCE(SUM(d2.totalbilled), 0) as totalbilled, ". - " SUM(a.status_id = 1) as openInvoices ". - " FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']." AS a". - " INNER JOIN ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']." AS b ON (a.user_id = b.id) ". - " INNER JOIN ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICESTATUS']." AS c ON (a.status_id = c.id) ". - " LEFT JOIN (SELECT SUM(d.amount + d.tax_amount) ". - " as totalbilled, invoice_id FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS']." AS d ". - " GROUP BY d.invoice_id) AS d2 ON (d2.invoice_id = a.id) ". - " LEFT JOIN (SELECT SUM(e.amount) as totalpayed, invoice_id FROM ". - $configValues['CONFIG_DB_TBL_DALOPAYMENTS']." AS e GROUP BY e.invoice_id) AS e2 ON (e2.invoice_id = a.id) ". - " WHERE (a.user_id = $user_id)". - " GROUP BY b.id "; + include_once('include/management/pages_common.php'); + include 'library/opendb.php'; + + $user_id = $dbSocket->escapeSimple($user_id); // sanitize variable for sql statement + + $sql = "SELECT COUNT(distinct(a.id)) AS TotalInvoices, a.id, a.date, a.status_id, a.type_id, b.contactperson, b.username, ". + " c.value AS status, COALESCE(SUM(e2.totalpayed), 0) as totalpayed, COALESCE(SUM(d2.totalbilled), 0) as totalbilled, ". + " SUM(a.status_id = 1) as openInvoices ". + " FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']." AS a". + " INNER JOIN ".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']." AS b ON (a.user_id = b.id) ". + " INNER JOIN ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICESTATUS']." AS c ON (a.status_id = c.id) ". + " LEFT JOIN (SELECT SUM(d.amount + d.tax_amount) ". + " as totalbilled, invoice_id FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS']." AS d ". + " GROUP BY d.invoice_id) AS d2 ON (d2.invoice_id = a.id) ". + " LEFT JOIN (SELECT SUM(e.amount) as totalpayed, invoice_id FROM ". + $configValues['CONFIG_DB_TBL_DALOPAYMENTS']." AS e GROUP BY e.invoice_id) AS e2 ON (e2.invoice_id = a.id) ". + " WHERE (a.user_id = $user_id)". + " GROUP BY b.id "; - $res = $dbSocket->query($sql); - $row = $res->fetchRow(DB_FETCHMODE_ASSOC); + $res = $dbSocket->query($sql); + $row = $res->fetchRow(DB_FETCHMODE_ASSOC); - $totalInvoices = $row['TotalInvoices']; - $totalBilled = $row['totalbilled']; - $totalPayed = $row['totalpayed']; - $openInvoices = $row['openInvoices']; + $totalInvoices = $row['TotalInvoices']; + $totalBilled = $row['totalbilled']; + $totalPayed = $row['totalpayed']; + $openInvoices = $row['openInvoices']; - include 'library/closedb.php'; + include 'library/closedb.php'; - if ($drawTable == 1) { - echo ' -
+ if ($drawTable == 1) { + echo ' +
User Invoices -
+
-
    +
      - + - + - + -

      +

      -
    • - - -
      • +
    • + + +
      • -
    • - - -
      • +
    • + + +
      • -
      +
      -
    • - - -
      • +
    • + + +
      • -
    • - - -
      • +
    • + + +
      • -
    • - - -
      • +
    • + + +
      • -
    • -
      -

      - -
      • +
    • +
      +

      + +
      • -
    +
-
+
- '; + '; - } + } } - - - - - - - - - - - - - - - - - - /* ********************************************************************************************************* * userBillingRatesSummary * $username username to provide information of - * $startdate starting date, first accounting session - * $enddate ending date, last accounting session - * $ratename the rate to use for calculations + * $startdate starting date, first accounting session + * $enddate ending date, last accounting session + * $ratename the rate to use for calculations * $drawTable if set to 1 (enabled) a toggled on/off table will be drawn * * returns user connection information: uploads, download, session time, total billed, etc... @@ -279,10 +262,10 @@ function userInvoicesStatus($user_id, $drawTable) { */ function userBillingRatesSummary($username, $startdate, $enddate, $ratename, $drawTable) { - include_once('include/management/pages_common.php'); - include 'library/opendb.php'; + include_once('include/management/pages_common.php'); + include 'library/opendb.php'; - $username = $dbSocket->escapeSimple($username); // sanitize variable for sql statement + $username = $dbSocket->escapeSimple($username); // sanitize variable for sql statement $startdate = $dbSocket->escapeSimple($startdate); $enddate = $dbSocket->escapeSimple($enddate); $ratename = $dbSocket->escapeSimple($ratename); @@ -291,8 +274,8 @@ function userBillingRatesSummary($username, $startdate, $enddate, $ratename, $dr $sql = "SELECT rateType FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES']." WHERE ".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES'].".rateName = '$ratename'"; $res = $dbSocket->query($sql); - if ($res->numRows() == 0) - return; + if ($res->numRows() == 0) + return; $row = $res->fetchRow(); list($ratetypenum, $ratetypetime) = explode("/",$row[0]); @@ -327,18 +310,18 @@ function userBillingRatesSummary($username, $startdate, $enddate, $ratename, $dr $sql = "SELECT distinct(".$configValues['CONFIG_DB_TBL_RADACCT'].".username), ".$configValues['CONFIG_DB_TBL_RADACCT'].".NASIPAddress, ". $configValues['CONFIG_DB_TBL_RADACCT'].".AcctStartTime, SUM(".$configValues['CONFIG_DB_TBL_RADACCT'].".AcctSessionTime) AS AcctSessionTime, ". $configValues['CONFIG_DB_TBL_DALOBILLINGRATES'].".rateCost, SUM(".$configValues['CONFIG_DB_TBL_RADACCT'].".AcctInputOctets) AS AcctInputOctets, ". - " SUM(".$configValues['CONFIG_DB_TBL_RADACCT'].".AcctOutputOctets) AS AcctOutputOctets ". + " SUM(".$configValues['CONFIG_DB_TBL_RADACCT'].".AcctOutputOctets) AS AcctOutputOctets ". " FROM ".$configValues['CONFIG_DB_TBL_RADACCT'].", ".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES']." WHERE (AcctStartTime >= '$startdate') and (AcctStartTime <= '$enddate') and (UserName = '$username') and (".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES'].".rateName = '$ratename') GROUP BY UserName"; - $res = $dbSocket->query($sql); - $row = $res->fetchRow(DB_FETCHMODE_ASSOC); + $res = $dbSocket->query($sql); + $row = $res->fetchRow(DB_FETCHMODE_ASSOC); - $rateCost = $row['rateCost']; - $userUpload = toxbyte($row['AcctInputOctets']); - $userDownload = toxbyte($row['AcctOutputOctets']); - $userOnlineTime = time2str($row['AcctSessionTime']); - $sessionTime = $row['AcctSessionTime']; + $rateCost = $row['rateCost']; + $userUpload = toxbyte($row['AcctInputOctets']); + $userDownload = toxbyte($row['AcctOutputOctets']); + $userOnlineTime = time2str($row['AcctSessionTime']); + $sessionTime = $row['AcctSessionTime']; - $sumBilled = (($sessionTime/$rateDivisor)*$rateCost); + $sumBilled = (($sessionTime/$rateDivisor)*$rateCost); include 'library/closedb.php'; @@ -346,20 +329,20 @@ function userBillingRatesSummary($username, $startdate, $enddate, $ratename, $dr echo ""; echo " - - - - - -
- Billing Summary -
- "; + + + + Billing Summary + + + + + "; echo " - "; + + "; - } + } } - /* ********************************************************************************************************* * userBillingPayPalSummary - * $startdate starting date, first accounting session - * $enddate ending date, last accounting session + * $startdate starting date, first accounting session + * $enddate ending date, last accounting session * $drawTable if set to 1 (enabled) a toggled on/off table will be drawn * * returns user connection information: uploads, download, session time, total billed, etc... * ********************************************************************************************************* */ -function userBillingPayPalSummary($startdate, $enddate, $payer_email, $payment_address_status, $payer_status, $payment_status, $vendor_type, $drawTable) { - - include_once('include/management/pages_common.php'); - include 'library/opendb.php'; - - $startdate = $dbSocket->escapeSimple($startdate); - $enddate = $dbSocket->escapeSimple($enddate); - $payer_email = $dbSocket->escapeSimple($payer_email); - $payment_address_status = $dbSocket->escapeSimple($payment_address_status); - $payer_status = $dbSocket->escapeSimple($payer_status); - $payment_status = $dbSocket->escapeSimple($payment_status); - - $sql = "SELECT ".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT'].".Username AS Username, business_email, ". - $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'].".planName, ".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT'].".planId, SUM(payment_total) AS total, SUM(payment_fee) ". - " AS fee, SUM(payment_tax) AS tax, payment_currency, SUM(AcctSessionTime) AS AcctSessionTime, SUM(AcctInputOctets) AS AcctInputOctets, ". - " SUM(AcctOutputOctets) AS AcctOutputOctets ". - " FROM ".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']. - " LEFT JOIN ".$configValues['CONFIG_DB_TBL_RADACCT']." ON ". - $configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT'].".Username=".$configValues['CONFIG_DB_TBL_RADACCT'].".Username ". - " LEFT JOIN ".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']." ON ". - $configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT'].".planId=".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'].".id ". - " WHERE ". - " (business_email LIKE '$payer_email') AND ". - " (payment_address_status LIKE '$payment_address_status') AND ". - " (payer_status LIKE '$payer_status') AND ". - " (payment_status LIKE '$payment_status') AND ". - " (vendor_type LIKE '$vendor_type') AND ". - " (payment_date>'$startdate' AND payment_date<'$enddate')". - " GROUP BY Username"; - $res = $dbSocket->query($sql); - - if ($res->numRows() == 0) - return; - - $row = $res->fetchRow(DB_FETCHMODE_ASSOC); - - $planTotalCost = $row['total']; - $planTotalTax = $row['tax']; - $planTotalFee = $row['fee']; - $userUpload = toxbyte($row['AcctInputOctets']); - $userDownload = toxbyte($row['AcctOutputOctets']); - $userOnlineTime = time2str($row['AcctSessionTime']); - $sessionTime = $row['AcctSessionTime']; - $planCurrency = $row['payment_currency']; - $planName = $row['planName']; - $planId = $row['planId']; - $payer_email = $row['business_email']; - $username = $row['Username']; - - $grossGain = ($planTotalCost-($planTotalTax+$planTotalFee)); - - include 'library/closedb.php'; - - if ($drawTable == 1) { - - echo ""; - echo " - - - - - -
- Billing Summary -
- "; - - echo " - - "; +function userBillingPayPalSummary($startdate, $enddate, $payer_email, $payment_address_status, + $payer_status, $payment_status, $vendor_type, $drawTable) { + global $logDebugSQL; + + include('library/opendb.php'); + + $sql_WHERE = array(); + + if (!empty($startdate)) { + $sql_WHERE[] = sprintf("payment_date > '%s'", $dbSocket->escapeSimple($startdate)); + } + + if (!empty($startdate)) { + $sql_WHERE[] = sprintf("payment_date < '%s'", $dbSocket->escapeSimple($enddate)); + } + + if (!empty($payer_email)) { + $sql_WHERE[] = sprintf("payer_email LIKE '%s%%'", $dbSocket->escapeSimple($payer_email)); + } + + if (!empty($payment_status)) { + $sql_WHERE[] = sprintf("payment_status='%s'", $dbSocket->escapeSimple($payment_status)); + } + + if (!empty($vendor_type)) { + $sql_WHERE[] = sprintf("vendor_type='%s'", $dbSocket->escapeSimple($vendor_type)); + } + + if (!empty($payment_address_status)) { + $sql_WHERE[] = sprintf("payment_address_status='%s'", $dbSocket->escapeSimple($payment_address_status)); + } + + if (!empty($payer_status)) { + $sql_WHERE[] = sprintf("payer_status='%s'", $dbSocket->escapeSimple($payer_status)); + } + + $sql = sprintf("SELECT dbm.Username AS Username, business_email, dbp.planName, dbm.planId, SUM(payment_total) AS total, + SUM(payment_fee) AS fee, SUM(payment_tax) AS tax, payment_currency, + SUM(AcctSessionTime) AS AcctSessionTime, SUM(AcctInputOctets) AS AcctInputOctets, + SUM(AcctOutputOctets) AS AcctOutputOctets + FROM %s AS dbm LEFT JOIN %s AS ra ON dbm.Username = ra.Username + LEFT JOIN %s AS dbp ON dbm.planId = dbp.id", $configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT'], + $configValues['CONFIG_DB_TBL_RADACCT'], + $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']); + if (count($sql_WHERE) > 0) { + $sql .= " WHERE " . implode(" AND ", $sql_WHERE); + + } + + $sql .= " GROUP BY Username"; + $logDebugSQL .= "$sql;\n"; + $res = $dbSocket->query($sql); - } + if ($res->numRows() > 0 && $drawTable == 1) { + + include_once('include/management/pages_common.php'); + + $row = $res->fetchRow(); + + for ($i=0; $i < count($row); $i++) { + $row[$i] = htmlspecialchars($row[$i], ENT_QUOTES, 'UTF-8'); + } + + list( $username, $payer_email, $planName, $planId, $planTotalCost, $planTotalFee, $planTotalTax, + $planCurrency, $sessionTime, $userUpload, $userDownload ) = $row; + + $grossGain = $planTotalCost - ($planTotalTax + $planTotalFee); + + $userUpload = toxbyte($userUpload); + $userDownload = toxbyte($userDownload); + $userOnlineTime = time2str($sessionTime); + + + $table = array( + array( "Username", "$username (email: $payer_email)" ), + array( "Billing for period of", "$startdate until $enddate (inclusive)" ), + array( "Online Time", $userOnlineTime ), + array( "User Upload", $userUpload ), + array( "User Download", $userDownload ), + array( "Plan name", "$planName (planId: $planId)" ), + array( "Total Plans Cost
Total Transaction Fees
Total Transaction Taxs", + "$planTotalCost
$planTotalFee
$planTotalTax" ), + array( "Gross Gain", "$grossGain $planCurrency" ) + ); + + echo '' + . '' + . '' + . '' + . '' + . '' + . '
'; + + printf('Billing Summary', "toggleShowDiv('divBillingPayPalSummary')"); + + echo '
'; + + + echo ''; + } + + include('library/closedb.php'); } diff --git a/library/validation.php b/library/validation.php index 093023da1..436d9504f 100644 --- a/library/validation.php +++ b/library/validation.php @@ -65,6 +65,22 @@ ">=", "<", "<=", "=~", "!~", "=*", "!*" ); +$valid_recommendedHelpers = array( + "date", "datetime", "authtype", "framedprotocol", "servicetype", + "kbitspersecond", "bitspersecond", "volumebytes", "mikrotikRateLimit", + ); + +$valid_attributeTypes = array( + "string", + "integer", + "ipaddr", + "date", + "octets", + "ipv6addr", + "ifid", + "abinary", + ); + $valid_db_engines = array( "mysql" => "MySQL", "pgsql" => "PostgreSQL", @@ -86,6 +102,7 @@ "netserver", "pathras", "patton", "portslave", "tc", "usrhiper" ); +// accounting custom-query options list $acct_custom_query_options_all = array( "RadAcctId", "AcctSessionId", @@ -112,14 +129,110 @@ "AcctStartDelay", "AcctStopDelay" ); - + +// accounting custom-query options selected by default $acct_custom_query_options_default = array( "UserName", "Realm", "NASIPAddress", "AcctStartTime", "AcctStopTime", "AcctSessionTime", "AcctInputOctets", "AcctOutputOctets", "CalledStationId", "CallingStationId", "AcctTerminateCause", "FramedIPAddress" ); +// billing history query options list +$bill_history_query_options_all = array( + "id" => t('all','ID'), + "username" => t('all','Username'), + "planId" => t('all','PlanId'), + + "billAmount" => t('all','BillAmount'), + "billAction" => t('all','BillAction'), + "billPerformer" => t('all','BillPerformer'), + "billReason" => t('all','BillReason'), + + "paymentmethod" => t('ContactInfo','PaymentMethod'), + "cash" => t('ContactInfo','Cash'), + + "creditcardname" => t('ContactInfo','CreditCardName'), + "creditcardnumber" => t('ContactInfo','CreditCardNumber'), + "creditcardverification" => t('ContactInfo','CreditCardVerificationNumber'), + "creditcardtype" => t('ContactInfo','CreditCardType'), + "creditcardexp" => t('ContactInfo','CreditCardExpiration'), + "coupon" => t('all','Coupon'), + "discount" => t('all','Discount'), + "notes" => t('ContactInfo','Notes'), + "creationdate" => t('all','CreationDate'), + "creationby" => t('all','CreationBy'), + "updatedate" => t('all','UpdateDate'), + "updateby" => t('all','UpdateBy') + ); + +// billing history query options selected by default +$bill_history_query_options_default = array( + "username", + "planId", + "billAmount", + "billAction", + "billPerformer", + "paymentmethod" + ); + +$bill_merchant_transactions_options_all = array( + "id" => t('all','ID'), + "username" => t('all','Username'), + "password" => t('all','Password'), + "txnId" => t('all','TxnId'), + "planName" => t('all','PlanName'), + "planId" => t('all','PlanId'), + "quantity" => t('all','Quantity'), + "business_email" => t('all','ReceiverEmail'), + "business_id" => t('all','Business'), + "payment_tax" => t('all','Tax'), + "payment_cost" => t('all','Cost'), + "payment_fee" => t('all','TransactionFee'), + "payment_total" => t('all','TotalCost'), + "payment_currency" => t('all','PaymentCurrency'), + "first_name" => t('all','FirstName'), + "last_name" => t('all','LastName'), + "payer_email" => t('all','PayerEmail'), + "payer_address_name" => t('all','AddressRecipient'), + "payer_address_street" => t('all','Street'), + "payer_address_country" => t('all','Country'), + "payer_address_country_code" => t('all','CountryCode'), + "payer_address_city" => t('all','City'), + "payer_address_state" => t('all','State'), + "payer_address_zip" => t('all','Zip'), + "payment_date" => t('all','PaymentDate'), + "payment_status" => t('all','PaymentStatus'), + "payer_status" => t('all','PayerStatus'), + "payment_address_status" => t('all','PaymentAddressStatus'), + "vendor_type" => t('all','VendorType') + ); + +$bill_merchant_transactions_options_default = array( + "username", + "planName", + "payment_fee", + "payment_total", + "payment_currency", + "first_name", + "last_name", + "payer_email", + "payer_address_country", + "payer_address_city", + "payer_address_state", + "payment_date", + "payment_status", + "vendor_type" + ); + // validating values + +$valid_paymentStatus = array( + "Any", "Completed", "Denied", "Expired", "Failed", "In-Progress", "Pending", + "Processed", "Refunded", "Reversed", "Canceled-Reversal", "Voided", + ); +$valid_vendorTypes = array( "Any", "2Checkout", "PayPal" ); +$valid_billactions = array( "Any", "Refill Session Time", "Refill Session Traffic" ); + $valid_languages = array( "en" => "English", "it" => "Italian", diff --git a/menu-accounting-custom.php b/menu-accounting-custom.php index b7d3e35ff..0324dff07 100644 --- a/menu-accounting-custom.php +++ b/menu-accounting-custom.php @@ -23,7 +23,7 @@ // prevent this file to be directly accessed if (strpos($_SERVER['PHP_SELF'], '/menu-accounting-custom.php') !== false) { - header("Location: /index.php"); + header("Location: index.php"); exit; } diff --git a/menu-bill-history.php b/menu-bill-history.php index 9eeaf39ff..6eb0a83b4 100644 --- a/menu-bill-history.php +++ b/menu-bill-history.php @@ -23,7 +23,7 @@ // prevent this file to be directly accessed if (strpos($_SERVER['PHP_SELF'], '/menu-bill-history.php') !== false) { - header("Location: /index.php"); + header("Location: index.php"); exit; } @@ -34,42 +34,6 @@ include_once("include/menu/menu-items.php"); include_once("include/menu/billing-subnav.php"); -$checkboxes = array( - "id" => t('all','ID'), - "username" => t('all','Username'), - "planId" => t('all','PlanId'), - - "billAmount" => t('all','BillAmount'), - "billAction" => t('all','BillAction'), - "billPerformer" => t('all','BillPerformer'), - "billReason" => t('all','BillReason'), - - "paymentmethod" => t('ContactInfo','PaymentMethod'), - "cash" => t('ContactInfo','Cash'), - - "creditcardname" => t('ContactInfo','CreditCardName'), - "creditcardnumber" => t('ContactInfo','CreditCardNumber'), - "creditcardverification" => t('ContactInfo','CreditCardVerificationNumber'), - "creditcardtype" => t('ContactInfo','CreditCardType'), - "creditcardexp" => t('ContactInfo','CreditCardExpiration'), - "coupon" => t('all','Coupon'), - "discount" => t('all','Discount'), - "notes" => t('ContactInfo','Notes'), - "creationdate" => t('all','CreationDate'), - "creationby" => t('all','CreationBy'), - "updatedate" => t('all','UpdateDate'), - "updateby" => t('all','UpdateBy') - ); - -$checkboxes_checked = array( - "username", - "planId", - "billAmount", - "billAction", - "billPerformer", - "paymentmethod" - ); - ?> + print_footer_and_html_epilogue($inline_extra_js); - - +?> diff --git a/mng-import-users.php b/mng-import-users.php index 1358df8d6..bd46b03fe 100644 --- a/mng-import-users.php +++ b/mng-import-users.php @@ -32,9 +32,12 @@ $logAction = ""; $logDebugSQL = ""; - // we import validation facilities - include_once("library/validation.php"); - include("include/management/functions.php"); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); + include_once("include/management/functions.php"); + + include_once('include/management/populate_selectbox.php'); // custom valid authTypes $valid_authTypes = array( @@ -42,16 +45,15 @@ "otherAuth" => "Based on MAC addr/PIN code" ); + $valid_groups = get_groups(); + $valid_planNames = get_plans(); + // if cleartext passwords are not allowed, // we remove Cleartext-Password from the $valid_passwordTypes array if (isset($configValues['CONFIG_DB_PASSWORD_ENCRYPTION']) && strtolower($configValues['CONFIG_DB_PASSWORD_ENCRYPTION']) !== 'cleartext') { $valid_passwordTypes = array_diff($valid_passwordTypes, array("Cleartext-Password")); } - - include_once('include/management/populate_selectbox.php'); - $valid_groups = get_groups(); - $valid_planNames = get_plans(); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (array_key_exists('csrf_token', $_POST) && isset($_POST['csrf_token']) && dalo_check_csrf_token($_POST['csrf_token'])) { @@ -184,8 +186,6 @@ } } - include_once("lang/main.php"); - include("library/layout.php"); // print HTML prologue $extra_css = array(); diff --git a/mng-list-all.php b/mng-list-all.php index f4dbb4572..29a0b7f54 100644 --- a/mng-list-all.php +++ b/mng-list-all.php @@ -101,9 +101,10 @@ $_SESSION['reportType'] = "usernameListGeneric"; // we use this simplified query just to initialize $numrows - $sql0 = sprintf("SELECT COUNT(DISTINCT(username)) AS username - FROM %s - WHERE attribute='Auth-Type' OR attribute LIKE '%%-Password'", $configValues['CONFIG_DB_TBL_RADCHECK']); + $sql0 = sprintf("SELECT COUNT(DISTINCT(rc.username)) AS username + FROM %s AS rc, %s AS ui + WHERE rc.username=ui.username AND (rc.attribute='Auth-Type' OR rc.attribute LIKE '%%-Password')", + $configValues['CONFIG_DB_TBL_RADCHECK'], $configValues['CONFIG_DB_TBL_DALOUSERINFO']); $res = $dbSocket->query($sql0); $logDebugSQL .= "$sql0;\n"; $numrows = $res->fetchrow()[0]; @@ -171,22 +172,25 @@ $usernamelist[] = sprintf("'%s'", $dbSocket->escapeSimple($this_username)); } - // with this second query we retrieve user status (enabled/disabled) and user groups list - $sql2 = sprintf("SELECT username, groupname FROM %s WHERE username IN (%s)", - $configValues['CONFIG_DB_TBL_RADUSERGROUP'], implode(", ", $usernamelist)); - $res = $dbSocket->query($sql2); - $logDebugSQL .= "$sql2;\n"; + if (count($usernamelist) > 0) { + + // with this second query we retrieve user status (enabled/disabled) and user groups list + $sql2 = sprintf("SELECT username, groupname FROM %s WHERE username IN (%s)", + $configValues['CONFIG_DB_TBL_RADUSERGROUP'], implode(", ", $usernamelist)); + $res = $dbSocket->query($sql2); + $logDebugSQL .= "$sql2;\n"; - // foreach user we update the enabled flag and the grouplist - while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { - $this_username = $row['username']; - $this_groupname = $row['groupname']; + // foreach user we update the enabled flag and the grouplist + while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { + $this_username = $row['username']; + $this_groupname = $row['groupname']; - if ($this_groupname === 'daloRADIUS-Disabled-Users') { - $records[$this_username]['enabled'] = false; - } else { - array_push($records[$this_username]['groups'], - htmlspecialchars($this_groupname, ENT_QUOTES, 'UTF-8')); + if ($this_groupname === 'daloRADIUS-Disabled-Users') { + $records[$this_username]['enabled'] = false; + } else { + array_push($records[$this_username]['groups'], + htmlspecialchars($this_groupname, ENT_QUOTES, 'UTF-8')); + } } } @@ -274,7 +278,7 @@ %s', strtolower($type), $type); ?> - + escapeSimple($vendor). - "' AND attribute='".$dbSocket->escapeSimple($attribute)."'"; + function attribute_vendor_exist($dbSocket, $attribute, $vendor) { + global $configValues, $logDebugSQL; + + $sql = sprintf("SELECT COUNT(DISTINCT(id)) FROM %s WHERE attribute='%s' AND vendor='%s'", + $configValues['CONFIG_DB_TBL_DALODICTIONARY'], + $dbSocket->escapeSimple($attribute), + $dbSocket->escapeSimple($vendor)); $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; - - if ($res->numRows() == 1) { - if (trim($vendor) != "" and trim($attribute) != "") { - // update vendor/attribute pairs to database - $sql = "UPDATE ".$configValues['CONFIG_DB_TBL_DALODICTIONARY']." SET - type='". - $dbSocket->escapeSimple($type)."', attribute='".$dbSocket->escapeSimple($attribute). - "', RecommendedOP='".$dbSocket->escapeSimple($RecommendedOP). - "', RecommendedTable='".$dbSocket->escapeSimple($RecommendedTable). - "', RecommendedTooltip='".$dbSocket->escapeSimple($RecommendedTooltip). - "', RecommendedHelper='".$dbSocket->escapeSimple($RecommendedHelper). - "' WHERE Vendor='$vendor' AND Attribute='$attributeOld'"; - $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; - - $successMsg = "Updated database with vendor attribute: $attribute of vendor: $vendor"; - $logAction .= "Successfully update vendor [$vendor] and attribute [$attribute] on page: "; + $logDebugSQL .= "$sql;\n"; + + return $res->fetchrow()[0] > 0; + } + + + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (array_key_exists('csrf_token', $_POST) && isset($_POST['csrf_token']) && dalo_check_csrf_token($_POST['csrf_token'])) { + + $vendor = (array_key_exists('vendor', $_POST) && !empty(str_replace("%", "", trim($_POST['vendor'])))) + ? str_replace("%", "", trim($_POST['vendor'])) : ""; + $vendor_enc = (!empty($vendor)) ? htmlspecialchars($vendor, ENT_QUOTES, 'UTF-8') : ""; + + $attribute = (array_key_exists('attribute', $_POST) && !empty(str_replace("%", "", trim($_POST['attribute'])))) + ? str_replace("%", "", trim($_POST['attribute'])) : ""; + $attribute_enc = (!empty($attribute)) ? htmlspecialchars($attribute, ENT_QUOTES, 'UTF-8') : ""; + + $type = (array_key_exists('type', $_POST) && !empty(trim($_POST['type'])) && + in_array(trim($_POST['type']), $valid_attributeTypes)) + ? $_POST['type'] : ""; + + $op = (array_key_exists('RecommendedOP', $_POST) && isset($_POST['RecommendedOP']) && + in_array($_POST['RecommendedOP'], $valid_ops)) + ? $_POST['RecommendedOP'] : ""; + + $table = (array_key_exists('RecommendedTable', $_POST) && isset($_POST['RecommendedTable']) && + in_array($_POST['RecommendedTable'], $valid_tables)) + ? $_POST['RecommendedTable'] : ""; + + $helper = (array_key_exists('RecommendedHelper', $_POST) && isset($_POST['RecommendedHelper']) && + in_array($_POST['RecommendedHelper'], $valid_recommendedHelpers)) + ? $_POST['RecommendedHelper'] : ""; + + $tooltip = (array_key_exists('RecommendedTooltip', $_POST) && + !empty(str_replace("%", "", trim($_POST['RecommendedTooltip'])))) + ? str_replace("%", "", trim($_POST['RecommendedTooltip'])) : ""; + + if (empty($vendor) || empty($attribute)) { + // vendor and attribute are required + $failureMsg = "vendor and/or attribute are empty or invalid"; + $logAction .= "Failed updating attribute [$attribute] (possible empty/invalid vendor and/or attribute) on page: "; } else { - $failureMsg = "you must provide atleast a vendor name and attribute"; - $logAction .= "Failed updating vendor [$vendor] and attribute [$attribute] on page: "; + + include('library/opendb.php'); + + $exists = attribute_vendor_exist($dbSocket, $attribute, $vendor); + + if (!$exists) { + // vendor and/or attribute invalid + $failureMsg = "vendor and/or attribute are invalid"; + $logAction .= "Failed updating attribute [$attribute] (possible invalid vendor and/or attribute) on page: "; + } else { + + $sql = sprintf("UPDATE %s + SET Type='%s', RecommendedOP='%s', RecommendedTable='%s', + RecommendedTooltip='%s', RecommendedHelper='%s' + WHERE Vendor='%s' AND Attribute='%s'", + $configValues['CONFIG_DB_TBL_DALODICTIONARY'], $dbSocket->escapeSimple($type), + $dbSocket->escapeSimple($op), $dbSocket->escapeSimple($table), + $dbSocket->escapeSimple($tooltip), $dbSocket->escapeSimple($helper), + $dbSocket->escapeSimple($vendor), $dbSocket->escapeSimple($attribute)); + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + if (!DB::isError($res)) { + $format = "Attribute information has been updated in the dictionary (attribute: %s, vendor: %s)"; + $successMsg = sprintf($format, $attribute_enc, $vendor_enc); + $logAction .= sprintf("$format on page: ", $attribute, $vendor); + } else { + $format = "An error occurred when updating attribute information in the dictionary (attribute: %s, vendor: %s)"; + $failureMsg = sprintf($format, $attribute_enc, $vendor_enc); + $logAction .= sprintf("Failed to add an attribute [$format] on page: ", $attribute, $vendor); + } + } + + include('library/closedb.php'); } - } else { - $failureMsg = "You have tried to update a vendor's attribute that either is not present in the database or there - may be more than 1 entry for this vendor attribute in database (attribute :$attribute)"; - $logAction .= "Failed updating vendor attribute already in database [$attribute] on page: "; + + } else { + // csrf + $failureMsg = "CSRF token error"; + $logAction .= "$failureMsg on page: "; } - - include 'library/closedb.php'; + } else { + // !POST + + $vendor = (array_key_exists('vendor', $_REQUEST) && !empty(str_replace("%", "", trim($_REQUEST['vendor'])))) + ? str_replace("%", "", trim($_REQUEST['vendor'])) : ""; + $vendor_enc = (!empty($vendor)) ? htmlspecialchars($vendor, ENT_QUOTES, 'UTF-8') : ""; + $attribute = (array_key_exists('attribute', $_REQUEST) && !empty(str_replace("%", "", trim($_REQUEST['attribute'])))) + ? str_replace("%", "", trim($_REQUEST['attribute'])) : ""; + $attribute_enc = (!empty($attribute)) ? htmlspecialchars($attribute, ENT_QUOTES, 'UTF-8') : ""; } - - include 'library/opendb.php'; - - $sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALODICTIONARY']." WHERE vendor='".$dbSocket->escapeSimple($vendor). - "' AND attribute='".$dbSocket->escapeSimple($attribute)."'"; - $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; - - $row = $res->fetchRow(DB_FETCHMODE_ASSOC); - - isset($row['Attribute']) ? $attribute = $row['Attribute'] : $attribute = ""; - isset($row['Type']) ? $type = $row['Type'] : $type = ""; - isset($row['Vendor']) ? $vendor = $row['Vendor'] : $vendor = ""; - isset($row['RecommendedOP']) ? $RecommendedOP = $row['RecommendedOP'] : $RecommendedOP = ""; - isset($row['RecommendedTable']) ? $RecommendedTable = $row['RecommendedTable'] : $RecommendedTable = ""; - isset($row['RecommendedTooltip']) ? $RecommendedTooltip = $row['RecommendedTooltip'] : $RecommendedTooltip = ""; - isset($row['RecommendedHelper']) ? $RecommendedHelper = $row['RecommendedHelper'] : $RecommendedHelper = ""; - - include 'library/closedb.php'; - - include_once("lang/main.php"); - include("library/layout.php"); - // print HTML prologue $title = t('Intro','mngradattributesedit.php'); $help = t('helpPage','mngradattributesedit'); @@ -118,137 +154,147 @@ echo '
'; print_title_and_help($title, $help); - include_once('include/management/actionMessages.php'); + include('library/opendb.php'); + + $exists = attribute_vendor_exist($dbSocket, $attribute, $vendor); + + if (!$exists) { + // vendor and/or attribute invalid + $failureMsg = "vendor and/or attribute are invalid"; + $logAction .= "Failed updating attribute [$attribute] (possible invalid vendor and/or attribute) on page: "; + + } else { + $sql = sprintf("SELECT id, Type, Attribute, Value, Format, Vendor, RecommendedOP, + RecommendedTable, RecommendedHelper, RecommendedTooltip + FROM %s WHERE attribute='%s' AND vendor='%s' LIMIT 1", + $configValues['CONFIG_DB_TBL_DALODICTIONARY'], + $dbSocket->escapeSimple($attribute), + $dbSocket->escapeSimple($vendor)); + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + list( + $this_id, $this_Type, $this_Attribute, $this_Value, $this_Format, + $this_Vendor, $this_OP, $this_Table, $this_Helper, $this_Tooltip + ) = $res->fetchrow(); + + + } + + include('library/closedb.php'); -?> + include_once('include/management/actionMessages.php'); -
- -
- - -
- -
    - - - -
  • - - - Tip - - -
    • - - - -
  • - - - Tip - - -
    • - -
  • - - - Tip - - -
    • - -
  • - - - Tip - - -
    • - -
  • - - - Tip - - -
    • - -
  • - - - Tip - - -
    • - - -
  • - - - Tip - - -
    • - -
  • -
    -

    - ' tabindex=10000 class='button' /> -
    • -
-
+ if (!isset($successMsg) && !empty($vendor) && !empty($attribute)) { + + $fieldset0_descriptor = array( + "title" => t('title','VendorAttribute'), + ); -
+ + $input_descriptors0 = array(); + + $input_descriptors0[] = array( + "name" => "vendor", + "type" => "hidden", + "value" => (isset($vendor) ? $vendor : ""), + ); + + $input_descriptors0[] = array( + "name" => "attribute", + "type" => "hidden", + "value" => (isset($attribute) ? $attribute : ""), + ); + + $input_descriptors0[] = array( + "name" => "vendor_presentation", + "caption" => t('all','VendorName'), + "type" => "text", + "tooltipText" => t('Tooltip','vendorNameTooltip'), + "value" => (isset($vendor) ? $vendor : ""), + "disabled" => true + ); + + $input_descriptors0[] = array( + "name" => "attribute_presentation", + "caption" => t('all','Attribute'), + "type" => "text", + "tooltipText" => t('Tooltip','attributeTooltip'), + "value" => (isset($attribute) ? $attribute : ""), + "disabled" => true + ); + + $input_descriptors0[] = array( + "name" => "type", + "caption" => t('all','Type'), + "type" => "text", + "datalist" => $valid_attributeTypes, + "value" => ((isset($type)) ? $type : ""), + "tooltipText" => t('Tooltip','typeTooltip'), + ); + + $input_descriptors0[] = array( + "name" => "RecommendedOP", + "caption" => t('all','RecommendedOP'), + "type" => "text", + "datalist" => $valid_ops, + "value" => ((isset($op)) ? $op : ""), + "tooltipText" => t('Tooltip','RecommendedOPTooltip'), + ); + + $input_descriptors0[] = array( + "name" => "RecommendedTable", + "caption" => t('all','RecommendedTable'), + "type" => "text", + "datalist" => $valid_tables, + "value" => ((isset($table)) ? $table : ""), + "tooltipText" => t('Tooltip','RecommendedTableTooltip'), + ); + + $input_descriptors0[] = array( + "name" => "RecommendedHelper", + "caption" => t('all','RecommendedHelper'), + "type" => "text", + "datalist" => $valid_recommendedHelpers, + "value" => ((isset($helper)) ? $helper : ""), + "tooltipText" => t('Tooltip','RecommendedHelperTooltip'), + ); + + $input_descriptors0[] = array( + "name" => "RecommendedTooltip", + "caption" => t('all','RecommendedTooltip'), + "type" => "textarea", + "tooltipText" => t('Tooltip','RecommendedTooltipTooltip'), + "value" => (isset($tooltip) ? $tooltip : "") + ); + + $input_descriptors0[] = array( + "name" => "csrf_token", + "type" => "hidden", + "value" => dalo_csrf_token(), + ); + + $input_descriptors0[] = array( + 'type' => 'submit', + 'name' => 'submit', + 'value' => t('buttons','apply') + ); + + open_form(); + + open_fieldset($fieldset0_descriptor); + + foreach ($input_descriptors0 as $input_descriptor) { + print_form_component($input_descriptor); + } + + close_fieldset(); + + close_form(); + } - diff --git a/mng-rad-attributes-new.php b/mng-rad-attributes-new.php index a3c997aa7..1a5d8306b 100644 --- a/mng-rad-attributes-new.php +++ b/mng-rad-attributes-new.php @@ -32,52 +32,102 @@ $logAction = ""; $logDebugSQL = ""; - if (isset($_POST["submit"])) { - - isset($_POST['vendor']) ? $vendor = $_POST['vendor'] : $vendor = ""; - isset($_POST['attribute']) ? $attribute = $_POST['attribute'] : $attribute = ""; - isset($_POST['type']) ? $type = $_POST['type'] : $type = ""; - isset($_POST['RecommendedOP']) ? $RecommendedOP = $_POST['RecommendedOP'] : $RecommendedOP = ""; - isset($_POST['RecommendedTable']) ? $RecommendedTable = $_POST['RecommendedTable'] : $RecommendedTable = ""; - isset($_POST['RecommendedTooltip']) ? $RecommendedTooltip = $_POST['RecommendedTooltip'] : $RecommendedTooltip = ""; - - include 'library/opendb.php'; - - $sql = "SELECT * FROM ".$configValues['CONFIG_DB_TBL_DALODICTIONARY']." WHERE vendor='".$dbSocket->escapeSimple($vendor). - "' AND attribute='".$dbSocket->escapeSimple($attribute)."'"; - $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; - - if ($res->numRows() == 0) { - if (trim($vendor) != "" and trim($attribute) != "") { - // insert vendor/attribute pairs to database - $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_DALODICTIONARY']. - " (id, type, attribute, vendor, RecommendedOP, RecommendedTable, RecommendedTooltip) VALUES (0, '". - $dbSocket->escapeSimple($type)."', '".$dbSocket->escapeSimple($attribute)."','". - $dbSocket->escapeSimple($vendor)."','". $dbSocket->escapeSimple($RecommendedOP)."','". - $dbSocket->escapeSimple($RecommendedTable)."','".$dbSocket->escapeSimple($RecommendedTooltip)."')"; - $res = $dbSocket->query($sql); - $logDebugSQL .= $sql . "\n"; + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); - $successMsg = "Added to database new vendor attribute: $attribute of vendor: $vendor"; - $logAction .= "Successfully added new vendor [$vendor] and attribute [$attribute] on page: "; + // custom validation structures + $valid_tables = array("check", "reply"); + + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (array_key_exists('csrf_token', $_POST) && isset($_POST['csrf_token']) && dalo_check_csrf_token($_POST['csrf_token'])) { + + $vendor = (array_key_exists('vendor', $_POST) && !empty(str_replace("%", "", trim($_POST['vendor'])))) + ? str_replace("%", "", trim($_POST['vendor'])) : ""; + $vendor_enc = (!empty($vendor)) ? htmlspecialchars($vendor, ENT_QUOTES, 'UTF-8') : ""; + + $attribute = (array_key_exists('attribute', $_POST) && !empty(str_replace("%", "", trim($_POST['attribute'])))) + ? str_replace("%", "", trim($_POST['attribute'])) : ""; + $attribute_enc = (!empty($attribute)) ? htmlspecialchars($attribute, ENT_QUOTES, 'UTF-8') : ""; + + $type = (array_key_exists('type', $_POST) && isset($_POST['type']) && + in_array($_POST['type'], $valid_attributeTypes)) + ? $_POST['type'] : ""; + + $op = (array_key_exists('RecommendedOP', $_POST) && isset($_POST['RecommendedOP']) && + in_array($_POST['RecommendedOP'], $valid_ops)) + ? $_POST['RecommendedOP'] : ""; + + $table = (array_key_exists('RecommendedTable', $_POST) && isset($_POST['RecommendedTable']) && + in_array($_POST['RecommendedTable'], $valid_tables)) + ? $_POST['RecommendedTable'] : ""; + + $helper = (array_key_exists('RecommendedHelper', $_POST) && isset($_POST['RecommendedHelper']) && + in_array($_POST['RecommendedHelper'], $valid_recommendedHelpers)) + ? $_POST['RecommendedHelper'] : ""; + + $tooltip = (array_key_exists('RecommendedTooltip', $_POST) && + !empty(str_replace("%", "", trim($_POST['RecommendedTooltip'])))) + ? str_replace("%", "", trim($_POST['RecommendedTooltip'])) : ""; + + if (empty($vendor) || empty($attribute)) { + // vendor and attribute are required + $failureMsg = "vendor and/or attribute are empty or invalid"; + $logAction .= "Failed adding new attribute [$attribute] (possible empty/invalid vendor and/or attribute) on page: "; } else { - $failureMsg = "You must provide atleast a vendor name and attribute"; - $logAction .= "Failed adding new vendor [$vendor] and attribute [$attribute] on page: "; + include('library/opendb.php'); + + $sql = sprintf("SELECT DISTINCT(Vendor) FROM %s WHERE attribute='%s'", + $configValues['CONFIG_DB_TBL_DALODICTIONARY'], $dbSocket->escapeSimple($attribute)); + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + $vendors = array(); + while ($row = $res->fetchrow()) { + $vendors[] = $row[0]; + } + + if (count($vendors) > 0) { + // already present + $format = "An attribute with the same name is already present in another dictionary (attribute: %s, vendor(s): %s)"; + $failureMsg = sprintf($format, $attribute_enc, htmlspecialchars(implode(", ", $vendors), ENT_QUOTES, 'UTF-8')); + $logAction .= sprintf("Failed to add an attribute [$format] on page: ", $attribute, implode(", ", $vendors)); + + } else { + + $sql = sprintf("INSERT INTO %s (id, Type, Attribute, Value, Format, Vendor, RecommendedOP, + RecommendedTable, RecommendedHelper, RecommendedTooltip) + VALUES (0, '%s', '%s', '', '', '%s', '%s', '%s', '%s', '%s')", + $configValues['CONFIG_DB_TBL_DALODICTIONARY'], + $dbSocket->escapeSimple($type), $dbSocket->escapeSimple($attribute), + $dbSocket->escapeSimple($vendor), $dbSocket->escapeSimple($op), + $dbSocket->escapeSimple($table), $dbSocket->escapeSimple($helper), + $dbSocket->escapeSimple($tooltip)); + $res = $dbSocket->query($sql); + $logDebugSQL .= "$sql;\n"; + + if (!DB::isError($res)) { + $format = "The new attribute has been inserted in the dictionary (attribute: %s, vendor: %s)"; + $successMsg = sprintf($format, $attribute_enc, $vendor_enc); + $logAction .= sprintf("$format on page: ", $attribute, $vendor); + } else { + $format = "An error occurred when adding the new attribute to a dictionary (attribute: %s, vendor: %s)"; + $failureMsg = sprintf($format, $attribute_enc, $vendor_enc); + $logAction .= sprintf("Failed to add an attribute [$format] on page: ", $attribute, $vendor); + } + } + + include('library/closedb.php'); } - } else { - $failureMsg = "You have tried to add a vendor's attribute that already exist in the database: $attribute"; - $logAction .= "Failed adding new vendor attribute already in database [$attribute] on page: "; + + } else { + // csrf + $failureMsg = "CSRF token error"; + $logAction .= "$failureMsg on page: "; } - - include 'library/closedb.php'; - } - - - include_once("lang/main.php"); - include("library/layout.php"); - + + // print HTML prologue $title = t('Intro','mngradattributesnew.php'); $help = t('helpPage','mngradattributesnew'); @@ -91,113 +141,101 @@ include_once('include/management/actionMessages.php'); -?> - -
- -
- - -
+ if (!isset($successMsg)) { -
    + $fieldset0_descriptor = array( + "title" => t('title','VendorAttribute'), + ); -
  • - - - Tip - -
    • - -
  • - - - Tip - - -
    • - -
  • - - - Tip + $input_descriptors0 = array(); - -
    • - -
  • - - - Tip + $input_descriptors0[] = array( + "name" => "vendor", + "caption" => t('all','VendorName'), + "type" => "text", + "tooltipText" => t('Tooltip','vendorNameTooltip'), + "value" => (isset($vendor) ? $vendor : "") + ); + + $input_descriptors0[] = array( + "name" => "attribute", + "caption" => t('all','Attribute'), + "type" => "text", + "tooltipText" => t('Tooltip','attributeTooltip'), + "value" => (isset($attribute) ? $attribute : "") + ); + + $input_descriptors0[] = array( + "name" => "type", + "caption" => t('all','Type'), + "type" => "text", + "datalist" => $valid_attributeTypes, + "value" => ((isset($type)) ? $type : ""), + "tooltipText" => t('Tooltip','typeTooltip'), + ); - -
    • - -
  • - - - Tip + $input_descriptors0[] = array( + "name" => "RecommendedOP", + "caption" => t('all','RecommendedOP'), + "type" => "text", + "datalist" => $valid_ops, + "value" => ((isset($op)) ? $op : ""), + "tooltipText" => t('Tooltip','RecommendedOPTooltip'), + ); - -
    • - -
  • - - - Tip - -
    • - + $input_descriptors0[] = array( + "name" => "RecommendedTable", + "caption" => t('all','RecommendedTable'), + "type" => "text", + "datalist" => $valid_tables, + "value" => ((isset($table)) ? $table : ""), + "tooltipText" => t('Tooltip','RecommendedTableTooltip'), + ); + + $input_descriptors0[] = array( + "name" => "RecommendedHelper", + "caption" => t('all','RecommendedHelper'), + "type" => "text", + "datalist" => $valid_recommendedHelpers, + "value" => ((isset($helper)) ? $helper : ""), + "tooltipText" => t('Tooltip','RecommendedHelperTooltip'), + ); + + $input_descriptors0[] = array( + "name" => "RecommendedTooltip", + "caption" => t('all','RecommendedTooltip'), + "type" => "textarea", + "tooltipText" => t('Tooltip','RecommendedTooltipTooltip'), + "value" => (isset($tooltip) ? $tooltip : "") + ); + + $input_descriptors0[] = array( + "name" => "csrf_token", + "type" => "hidden", + "value" => dalo_csrf_token(), + ); + + $input_descriptors0[] = array( + 'type' => 'submit', + 'name' => 'submit', + 'value' => t('buttons','apply') + ); + + open_form(); + + open_fieldset($fieldset0_descriptor); + + foreach ($input_descriptors0 as $input_descriptor) { + print_form_component($input_descriptor); + } + + close_fieldset(); + + close_form(); + } -
  • -
    -

    - ' tabindex=10000 class='button' /> -
    • - -
-
- -
- - diff --git a/mng-rad-attributes-search.php b/mng-rad-attributes-search.php index b6832c9d5..8af6bb0d1 100644 --- a/mng-rad-attributes-search.php +++ b/mng-rad-attributes-search.php @@ -32,9 +32,9 @@ $logQuery = "performed query for listing of records on page: "; $logDebugSQL = ""; - // get vendor name passed to us from menu-mng-rad-attributes.php - $attribute = (array_key_exists('attribute', $_GET) && isset($_GET['attribute'])) - ? str_replace("%", "", $_GET['attribute']) : ""; + // get attribute name passed to us from menu-mng-rad-attributes.php + $attribute = (array_key_exists('attribute', $_GET) && !empty(str_replace("%", "", trim($_GET['attribute'])))) + ? str_replace("%", "", trim($_GET['attribute'])) : ""; include_once("lang/main.php"); @@ -81,7 +81,7 @@ $sql_WHERE = array(); $sql_WHERE[] = "(type <> '' OR type IS NOT NULL)"; - if (!empty($vendor)) { + if (!empty($attribute)) { $sql_WHERE[] = sprintf("attribute LIKE '%s%%'", $dbSocket->escapeSimple($attribute)); } diff --git a/mng-rad-groupcheck-new.php b/mng-rad-groupcheck-new.php index 6f5fd0519..989c258ac 100644 --- a/mng-rad-groupcheck-new.php +++ b/mng-rad-groupcheck-new.php @@ -32,8 +32,9 @@ $logAction = ""; $logDebugSQL = ""; - // we import validation facilities - include_once("library/validation.php"); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); include_once('include/management/populate_selectbox.php'); @@ -79,10 +80,6 @@ } - include_once("lang/main.php"); - - include("library/layout.php"); - // print HTML prologue $extra_js = array( "library/javascript/ajax.js", diff --git a/mng-rad-groupreply-new.php b/mng-rad-groupreply-new.php index 1dca62f9d..6f94dfd5b 100644 --- a/mng-rad-groupreply-new.php +++ b/mng-rad-groupreply-new.php @@ -32,8 +32,9 @@ $logAction = ""; $logDebugSQL = ""; - // we import validation facilities - include_once("library/validation.php"); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); include_once('include/management/populate_selectbox.php'); @@ -79,10 +80,6 @@ } - include_once("lang/main.php"); - - include("library/layout.php"); - // print HTML prologue $extra_js = array( "library/javascript/ajax.js", diff --git a/mng-rad-nas-new.php b/mng-rad-nas-new.php index 82d4c0de8..8a481aa6b 100644 --- a/mng-rad-nas-new.php +++ b/mng-rad-nas-new.php @@ -25,18 +25,16 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); + include_once('library/config_read.php'); // init logging variables $log = "visited page: "; $logAction = ""; $logDebugSQL = ""; - include_once('library/config_read.php'); - include_once("lang/main.php"); - - // we import validation facilities - include_once("library/validation.php"); + include("library/validation.php"); + include("library/layout.php"); if ($_SERVER['REQUEST_METHOD'] === 'POST') { $nasname = (array_key_exists('nasname', $_POST) && isset($_POST['nasname'])) ? trim(str_replace("%", "", $_POST['nasname'])) : ""; @@ -95,7 +93,6 @@ } - include("library/layout.php"); // print HTML prologue $extra_css = array( diff --git a/mng-rad-profiles-edit.php b/mng-rad-profiles-edit.php index e99ea49e1..db0917339 100644 --- a/mng-rad-profiles-edit.php +++ b/mng-rad-profiles-edit.php @@ -32,8 +32,9 @@ $logAction = ""; $logDebugSQL = ""; - // we import validation facilities - include_once("library/validation.php"); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); if ($_SERVER['REQUEST_METHOD'] === 'POST') { $profile_name = (array_key_exists('profile_name', $_POST) && !empty($_POST['profile_name']) && @@ -47,9 +48,6 @@ $profile_name_enc = (!empty($profile_name)) ? htmlspecialchars($profile_name, ENT_QUOTES, 'UTF-8') : ""; - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $extra_css = array( diff --git a/mng-rad-profiles-new.php b/mng-rad-profiles-new.php index 1592d0dcb..c100f1f27 100644 --- a/mng-rad-profiles-new.php +++ b/mng-rad-profiles-new.php @@ -32,8 +32,9 @@ $logDebugSQL = ""; $log = "visited page: "; - // we import validation facilities - include_once("library/validation.php"); + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); if ($_SERVER['REQUEST_METHOD'] === 'POST') { @@ -75,10 +76,7 @@ } // profile name not empty } - - include_once("lang/main.php"); - - include("library/layout.php"); + // print HTML prologue $extra_css = array( diff --git a/mng-rad-usergroup-list-user.php b/mng-rad-usergroup-list-user.php index 1fe81d2b0..6e0440731 100644 --- a/mng-rad-usergroup-list-user.php +++ b/mng-rad-usergroup-list-user.php @@ -156,11 +156,11 @@ fetchRow()) { $rowlen = count($row); - echo ''; + printf('', $counter); for ($i = 0; $i < $rowlen; $i++) { $row[$i] = htmlspecialchars($row[$i], ENT_QUOTES, 'UTF-8'); @@ -201,6 +201,9 @@ printTableFoot($per_page_numrows, $numrows, $colspan, $drawNumberLinks, $links, $partial_query_string); ?> + + + array() ); - $sql1 = sprintf("SELECT groupname, priority FROM %s WHERE username='%s' ORDER BY priority DESC, groupname ASC", + $sql1 = sprintf("SELECT groupname, priority FROM %s WHERE username='%s' ORDER BY priority ASC, groupname ASC", $configValues['CONFIG_DB_TBL_RADUSERGROUP'], $dbSocket->escapeSimple($this_username)); $res1 = $dbSocket->query($sql1); diff --git a/mng-search.php b/mng-search.php index 25d036884..39b11bcc6 100644 --- a/mng-search.php +++ b/mng-search.php @@ -28,24 +28,12 @@ include_once('library/config_read.php'); include_once("lang/main.php"); - include("library/layout.php"); - // print HTML prologue - $extra_js = array( - "library/javascript/ajax.js", - "library/javascript/ajaxGeneric.js" - ); - - $title = t('Intro','mngsearch.php'); - - print_html_prologue($title, $langCode, array(), $extra_js); - // we partially strip some character and // leave validation/escaping to other functions used later in the script - $username = (array_key_exists('username', $_GET) && isset($_GET['username'])) - ? str_replace("%", "", $_GET['username']) : ""; - + $username = (array_key_exists('username', $_GET) && !empty(str_replace("%", "", trim($_GET['username'])))) + ? str_replace("%", "", trim($_GET['username'])) : ""; $username_enc = (!empty($username)) ? htmlspecialchars($username, ENT_QUOTES, 'UTF-8') : ""; @@ -63,6 +51,17 @@ //feed the sidebar variables $search_username = $username_enc; + + // print HTML prologue + $extra_js = array( + "library/javascript/ajax.js", + "library/javascript/ajaxGeneric.js" + ); + + $title = t('Intro','mngsearch.php'); + + print_html_prologue($title, $langCode, array(), $extra_js); + if (!empty($username_enc)) { $title .= " :: " . $username_enc; } @@ -91,12 +90,10 @@ $orderType = (array_key_exists('orderType', $_GET) && isset($_GET['orderType']) && in_array(strtolower($_GET['orderType']), array( "desc", "asc" ))) ? strtolower($_GET['orderType']) : "desc"; -?> -
- -'; print_title_and_help($title, $help); + include('library/opendb.php'); include('include/management/pages_common.php'); diff --git a/msg-error-permissions.php b/msg-error-permissions.php index c624ef336..9fb918be8 100644 --- a/msg-error-permissions.php +++ b/msg-error-permissions.php @@ -24,10 +24,12 @@ include ("library/checklogin.php"); $operator = $_SESSION['operator_user']; + $log = "visited page: "; + include_once("lang/main.php"); - include("library/layout.php"); + // print HTML prologue $title = t('Intro','msgerrorpermissions.php'); $help = t('helpPage','msgerrorpermissions'); @@ -35,23 +37,14 @@ print_html_prologue($title, $langCode); include("menu-home.php"); -?> -
-'; print_title_and_help($title, $help); + $failureMsg = t('helpPage','msgerrorpermissions'); - include_once("include/management/actionMessages.php"); -?> -
- - -
-
- - + include_once('include/management/actionMessages.php'); + include('include/config/logging.php'); + print_footer_and_html_epilogue(); + +?> diff --git a/rep-batch.php b/rep-batch.php index e2d2ce682..c71d5b654 100644 --- a/rep-batch.php +++ b/rep-batch.php @@ -1,4 +1,4 @@ - -
-

- - - -

- - -
-'; + print_title_and_help($title, $help); + include('include/config/logging.php'); -?> + print_footer_and_html_epilogue(); -
- - - - - - - - diff --git a/rep-hb.php b/rep-hb.php index 109537379..84bf8d696 100644 --- a/rep-hb.php +++ b/rep-hb.php @@ -1,4 +1,4 @@ - -
-'; print_title_and_help($title, $help); -?> - -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/rep-lastconnect.php b/rep-lastconnect.php index 1db2f6ef6..3cf099634 100644 --- a/rep-lastconnect.php +++ b/rep-lastconnect.php @@ -33,7 +33,7 @@ $logDebugSQL = ""; include_once("lang/main.php"); - + include("library/validation.php"); include("library/layout.php"); // print HTML prologue @@ -57,8 +57,6 @@ break; } - include("library/validation.php"); - // in other cases we just check that syntax is ok $startdate = (array_key_exists('startdate', $_GET) && isset($_GET['startdate']) && preg_match(DATE_REGEX, $_GET['startdate'], $m) !== false && diff --git a/rep-logs-boot.php b/rep-logs-boot.php index 9c1c9dce5..22ed86887 100644 --- a/rep-logs-boot.php +++ b/rep-logs-boot.php @@ -25,6 +25,12 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); + include_once('library/config_read.php'); + + $log = "visited page: "; + + include_once("lang/main.php"); + include("library/layout.php"); // parameter validation $bootLineCount = (array_key_exists('bootLineCount', $_GET) && isset($_GET['bootLineCount']) && @@ -35,12 +41,6 @@ $bootFilter = (array_key_exists('bootFilter', $_GET) && isset($_GET['bootFilter'])) ? $_GET['bootFilter'] : ""; - include_once('library/config_read.php'); - $log = "visited page: "; - - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $title = t('Intro','replogsboot.php') . " :: $bootLineCount Lines Count"; @@ -52,27 +52,14 @@ print_html_prologue($title, $langCode); include("menu-reports-logs.php"); - -?> -
-'; print_title_and_help($title, $help); include('library/exten-boot_log.php'); include_once('include/management/actionMessages.php'); -?> -
- - - - - - - + print_footer_and_html_epilogue(); +?> diff --git a/rep-logs-radius.php b/rep-logs-radius.php index 2b104d7fa..93db862d1 100644 --- a/rep-logs-radius.php +++ b/rep-logs-radius.php @@ -25,6 +25,12 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); + include_once('library/config_read.php'); + + $log = "visited page: "; + + include_once("lang/main.php"); + include("library/layout.php"); // parameter validation $radiusLineCount = (array_key_exists('radiusLineCount', $_GET) && isset($_GET['radiusLineCount']) && @@ -37,13 +43,6 @@ ? $_GET['radiusFilter'] : ""; - include_once('library/config_read.php'); - $log = "visited page: "; - - include_once("lang/main.php"); - - include("library/layout.php"); - // print HTML prologue $title = t('Intro','replogsradius.php') . " :: $radiusLineCount Lines Count"; if (!empty($radiusFilter) && $radiusFilter !== '.+') { @@ -55,23 +54,13 @@ include ("menu-reports-logs.php"); -?> -
-'; print_title_and_help($title, $help); + include('library/exten-radius_log.php'); include_once('include/management/actionMessages.php'); -?> -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/rep-logs-system.php b/rep-logs-system.php index facd0dc51..d704912fe 100644 --- a/rep-logs-system.php +++ b/rep-logs-system.php @@ -25,7 +25,13 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); + include_once('library/config_read.php'); + + $log = "visited page: "; + include_once("lang/main.php"); + include("library/layout.php"); + // parameter validation $systemLineCount = (array_key_exists('systemLineCount', $_GET) && isset($_GET['systemLineCount']) && intval($_GET['systemLineCount']) > 0) @@ -35,13 +41,7 @@ $systemFilter = (array_key_exists('systemFilter', $_GET) && isset($_GET['systemFilter'])) ? $_GET['systemFilter'] : ""; - include_once('library/config_read.php'); - $log = "visited page: "; - - include_once("lang/main.php"); - include("library/layout.php"); - // print HTML prologue $title = t('Intro','replogssystem.php') . " :: $systemLineCount Lines Count"; if (!empty($systemFilter) && $systemFilter !== '.+') { @@ -52,24 +52,14 @@ print_html_prologue($title, $langCode); include ("menu-reports-logs.php"); -?> -
-'; print_title_and_help($title, $help); + include('library/exten-syslog_log.php'); include_once('include/management/actionMessages.php'); -?> -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/rep-logs.php b/rep-logs.php index 5639ff4cf..69805165c 100644 --- a/rep-logs.php +++ b/rep-logs.php @@ -27,10 +27,10 @@ include_once('library/config_read.php'); $log = "visited page: "; - include_once("lang/main.php"); - + include_once("lang/main.php"); include("library/layout.php"); + // print HTML prologue $title = t('Intro','replogs.php'); $help = t('helpPage','replogs'); @@ -41,18 +41,8 @@ echo '
'; print_title_and_help($title, $help); -?> -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/rep-main.php b/rep-main.php index 63cc91285..754d26b85 100644 --- a/rep-main.php +++ b/rep-main.php @@ -1,4 +1,4 @@ - - -
-'; print_title_and_help($title, $help); -?> - -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/rep-newusers.php b/rep-newusers.php index 2157a3fa5..27d966d30 100644 --- a/rep-newusers.php +++ b/rep-newusers.php @@ -28,7 +28,9 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); // we validate starting and ending dates $startdate = (array_key_exists('startdate', $_GET) && isset($_GET['startdate']) && @@ -52,9 +54,6 @@ } $logQuery .= "on page: "; - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $extra_css = array( diff --git a/rep-stat-server.php b/rep-stat-server.php index 63c7d75a0..7a0f24606 100644 --- a/rep-stat-server.php +++ b/rep-stat-server.php @@ -25,12 +25,11 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); - include_once('library/config_read.php'); + $log = "visited page: "; include_once("lang/main.php"); - include("library/layout.php"); // print HTML prologue @@ -41,23 +40,12 @@ include("menu-reports-status.php"); -?> -
-'; print_title_and_help($title, $help); + include('library/exten-server_info.php'); -?> - -
- - - - + print_footer_and_html_epilogue(); - - +?> diff --git a/rep-stat-services.php b/rep-stat-services.php index f192f4557..da42406e9 100644 --- a/rep-stat-services.php +++ b/rep-stat-services.php @@ -25,13 +25,11 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); - include_once('library/config_read.php'); + $log = "visited page: "; - include('include/config/logging.php'); - - include_once("lang/main.php"); + include_once("lang/main.php"); include("library/layout.php"); // print HTML prologue @@ -42,25 +40,12 @@ include("menu-reports-status.php"); -?> -
- -'; print_title_and_help($title, $help); + include('library/exten-radius_server_info.php'); -?> + + include('include/config/logging.php'); + print_footer_and_html_epilogue(); -
- - - - - - - - diff --git a/rep-stat-ups.php b/rep-stat-ups.php index f35fdbdfa..eaa8e8135 100644 --- a/rep-stat-ups.php +++ b/rep-stat-ups.php @@ -25,16 +25,15 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); - include_once('library/config_read.php'); + $log = "visited page: "; $logQuery = "performed query on page: "; - include('include/config/logging.php'); - - include_once("lang/main.php"); + include_once("lang/main.php"); include("library/layout.php"); + // print HTML prologue $title = "UPS Status"; $help = ""; @@ -42,11 +41,8 @@ print_html_prologue($title, $langCode); include("menu-reports-status.php"); - -?> -
-'; print_title_and_help($title, $help); exec("which apcaccess || command -v apcaccess", $output, $retStatus); @@ -83,17 +79,8 @@ if (!empty($failureMsg)) { include_once('include/management/actionMessages.php'); } -?> -
- - - - - - - + include('include/config/logging.php'); + print_footer_and_html_epilogue(); + +?> diff --git a/rep-status.php b/rep-status.php index 74935d16a..c602ce8fe 100644 --- a/rep-status.php +++ b/rep-status.php @@ -1,4 +1,4 @@ - + * + * Authors: Liran Tal + * Filippo Lauria * ********************************************************************************************************* */ - include("library/checklogin.php"); + include ("library/checklogin.php"); $operator = $_SESSION['operator_user']; - - include_once('library/config_read.php'); + + include_once('library/config_read.php'); $log = "visited page: "; - + include_once("lang/main.php"); - include("library/layout.php"); // print HTML prologue @@ -37,24 +37,10 @@ print_html_prologue($title, $langCode); include("menu-reports-status.php"); - -?> -
-'; print_title_and_help($title, $help); + + include('include/config/logging.php'); + print_footer_and_html_epilogue(); ?> - -
- - - - - - - diff --git a/rep-topusers.php b/rep-topusers.php index 8405ca19f..0e4103265 100644 --- a/rep-topusers.php +++ b/rep-topusers.php @@ -27,7 +27,9 @@ include('library/check_operator_perm.php'); include_once('library/config_read.php'); + include_once("lang/main.php"); include("library/validation.php"); + include("library/layout.php"); $limit = (array_key_exists('limit', $_GET) && isset($_GET['limit']) && intval($_GET['limit']) > 0) ? intval($_GET['limit']) : ""; @@ -48,9 +50,6 @@ ? str_replace("%", "", trim($_GET['username'])) : ""; $username_enc = (!empty($username)) ? htmlspecialchars($username, ENT_QUOTES, 'UTF-8') : ""; - include_once("lang/main.php"); - - include("library/layout.php"); // print HTML prologue $title = t('Intro','reptopusers.php'); diff --git a/rep-username.php b/rep-username.php index 805b4fac9..d91a6802f 100644 --- a/rep-username.php +++ b/rep-username.php @@ -25,27 +25,27 @@ $operator = $_SESSION['operator_user']; //~ include('library/check_operator_perm.php'); + include_once('library/config_read.php'); + + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); // validate this parameter before including menu - $username = (array_key_exists('username', $_GET) && isset($_GET['username'])) - ? str_replace("%", "", $_GET['username']) : ""; + $username = (array_key_exists('username', $_GET) && !empty(str_replace("%", "", trim($_GET['username'])))) + ? str_replace("%", "", trim($_GET['username'])) : ""; $username_enc = (!empty($username)) ? htmlspecialchars($username, ENT_QUOTES, 'UTF-8') : ""; $log = "visited page: "; - $logQuery = "performed query for [$username"; - if (!empty($limit)) { - $logQuery .= " : $limit"; + $logQuery = "performed query for "; + if (!empty($username)) { + $logQuery .= "username(s) starting with [$username] "; + } else { + $logQuery .= "all usernames "; } - $logQuery .= "] on page: "; - - include_once('library/config_read.php'); - - include("library/validation.php"); + $logQuery .= "on page: "; - include_once("lang/main.php"); - include("library/layout.php"); - // print HTML prologue $title = t('Intro','repusername.php'); $help = t('helpPage','repusername') . " " . $username_enc;