", "", $RetMsg);
return $RetMsg;
}
sql("delete from `clients` where `client_id`='$selected_id'", $eo);
// hook: clients_after_delete
if (function_exists('clients_after_delete')) {
$args = array();
clients_after_delete($selected_id, getMemberInfo(), $args);
}
// mm: delete ownership data
sql("delete from membership_userrecords where tableName='clients' and pkValue='$selected_id'", $eo);
}
function clients_update($selected_id)
{
global $Translation;
// mm: can member edit record?
$arrPerm = getTablePermissions('clients');
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='clients' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='clients' and pkValue='" . makeSafe($selected_id) . "'");
if (($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID()) || ($arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID()) || $arrPerm[3] == 3) { // allow update?
// update allowed, so continue ...
} else {
return false;
}
$data['client'] = makeSafe($_REQUEST['client']);
if ($data['client'] == empty_lookup_value) {
$data['client'] = '';
}
$data['selectedID'] = makeSafe($selected_id);
// hook: clients_before_update
if (function_exists('clients_before_update')) {
$args = array();
if (!clients_before_update($data, getMemberInfo(), $args)) {
return false;
}
}
$o = array('silentErrors' => true);
sql('update `clients` set `client`=' . (($data['client'] !== '' && $data['client'] !== NULL) ? "'{$data['client']}'" : 'NULL') . " where `client_id`='" . makeSafe($selected_id) . "'", $o);
if ($o['error'] != '') {
echo $o['error'];
echo '{$Translation['< back']}";
exit;
}
// hook: clients_after_update
if (function_exists('clients_after_update')) {
$res = sql("SELECT * FROM `clients` WHERE `client_id`='{$data['selectedID']}' LIMIT 1", $eo);
if ($row = db_fetch_assoc($res)) {
$data = array_map('makeSafe', $row);
}
$data['selectedID'] = $data['client_id'];
$args = array();
if (!clients_after_update($data, getMemberInfo(), $args)) {
return;
}
}
// mm: update ownership data
sql("update membership_userrecords set dateUpdated='" . time() . "' where tableName='clients' and pkValue='" . makeSafe($selected_id) . "'", $eo);
}
function clients_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0, $TemplateDV = '', $TemplateDVP = '')
{
// function to return an editable form for a table records
// and fill it with data of record whose ID is $selected_id. If $selected_id
// is empty, an empty form is shown, with only an 'Add New'
// button displayed.
global $Translation;
// mm: get table permissions
$arrPerm = getTablePermissions('clients');
if (!$arrPerm[1] && $selected_id == '') {
return '';
}
$AllowInsert = ($arrPerm[1] ? true : false);
// print preview?
$dvprint = false;
if ($selected_id && $_REQUEST['dvprint_x'] != '') {
$dvprint = true;
}
// populate filterers, starting from children to grand-parents
// unique random identifier
$rnd1 = ($dvprint ? rand(1000000, 9999999) : '');
if ($selected_id) {
// mm: check member permissions
if (!$arrPerm[2]) {
return "";
}
// mm: who is the owner?
$ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='clients' and pkValue='" . makeSafe($selected_id) . "'");
$ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='clients' and pkValue='" . makeSafe($selected_id) . "'");
if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
return "";
}
if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
return "";
}
// can edit?
if (($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID()) || ($arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID()) || $arrPerm[3] == 3) {
$AllowUpdate = 1;
} else {
$AllowUpdate = 0;
}
$res = sql("select * from `clients` where `client_id`='" . makeSafe($selected_id) . "'", $eo);
if (!($row = db_fetch_array($res))) {
return error_message($Translation['No records found'], 'clients_view.php', false);
}
$urow = $row; /* unsanitized data */
$hc = new CI_Input();
$row = $hc->xss_clean($row); /* sanitize data */
} else { }
//print_r(db_fetch_array($income)['amount'] - db_fetch_array($expence)['amount']);
// code for template based detail view forms
// open the detail view template
if ($dvprint) {
$template_file = is_file("./{$TemplateDVP}") ? "./{$TemplateDVP}" : './templates/clients_templateDVP.html';
$templateCode = @file_get_contents($template_file);
} else {
$template_file = is_file("./{$TemplateDV}") ? "./{$TemplateDV}" : './templates/clients_templateDV.html';
$templateCode = @file_get_contents($template_file);
}
// process form title
$templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Available budget details', $templateCode);
$templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
$templateCode = str_replace('<%%EMBEDDED%%>', ($_REQUEST['Embedded'] ? 'Embedded=1' : ''), $templateCode);
// process buttons
if ($AllowInsert) {
if (!$selected_id) $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
} else {
$templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
}
// 'Back' button action
if ($_REQUEST['Embedded']) {
$backAction = 'AppGini.closeParentModal(); return false;';
} else {
$backAction = '$j(\'form\').eq(0).attr(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
}
if ($selected_id) {
if (!$_REQUEST['Embedded']) $templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '', $templateCode);
if ($AllowUpdate) {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
}
if (($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID()) || ($arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID()) || $arrPerm[4] == 3) { // allow delete?
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
} else {
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
}
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', '', $templateCode);
} else {
$templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
$templateCode = str_replace('<%%DESELECT_BUTTON%%>', ($ShowCancel ? '' : ''), $templateCode);
}
// set records to read only if user can't insert new records and can't edit current record
if (($selected_id && !$AllowUpdate && !$AllowInsert) || (!$selected_id && !$AllowInsert)) {
$jsReadOnly .= "\tjQuery('#client').replaceWith('' + (jQuery('#client').val() || '') + '
');\n";
$jsReadOnly .= "\tjQuery('.select2-container').hide();\n";
$noUploads = true;
} elseif ($AllowInsert) {
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', true);"; // temporarily disable form change handler
$jsEditable .= "\tjQuery('form').eq(0).data('already_changed', false);"; // re-enable form change handler
}
// process combos
/* lookup fields array: 'lookup field name' => array('parent table name', 'lookup field caption') */
$lookup_fields = array();
foreach ($lookup_fields as $luf => $ptfc) {
$pt_perm = getTablePermissions($ptfc[0]);
// process foreign key links
if ($pt_perm['view'] || $pt_perm['edit']) {
$templateCode = str_replace("<%%PLINK({$luf})%%>", '', $templateCode);
}
// if user has insert permission to parent table of a lookup field, put an add new button
if ($pt_perm['insert'] && !$_REQUEST['Embedded']) {
$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '', $templateCode);
}
}
// process images
$templateCode = str_replace('<%%UPLOADFILE(client_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(client)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(total_income)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(total_expense)%%>', '', $templateCode);
$templateCode = str_replace('<%%UPLOADFILE(available_budget)%%>', '', $templateCode);
// process values
if ($selected_id) {
if ($dvprint) $templateCode = str_replace('<%%VALUE(client_id)%%>', safe_html($urow['client_id']), $templateCode);
if (!$dvprint) $templateCode = str_replace('<%%VALUE(client_id)%%>', html_attr($row['client_id']), $templateCode);
$templateCode = str_replace('<%%URLVALUE(client_id)%%>', urlencode($urow['client_id']), $templateCode);
if ($dvprint) $templateCode = str_replace('<%%VALUE(client)%%>', safe_html($urow['client']), $templateCode);
if (!$dvprint) $templateCode = str_replace('<%%VALUE(client)%%>', html_attr($row['client']), $templateCode);
$templateCode = str_replace('<%%URLVALUE(client)%%>', urlencode($urow['client']), $templateCode);
$client = $urow['client_id'];
$income = sql("SELECT sum(amount) FROM incomes WHERE client= $client", $eo);
$expence = sql("SELECT sum(amount) FROM expenses WHERE client= $client", $eo);
$in = $ex = null;
while ($re = mysqli_fetch_assoc($income)) $in = $re['sum(amount)'];
while ($re = mysqli_fetch_assoc($expence)) $ex = $re['sum(amount)'];
var_dump($in, $ex);
$last = (int) $in - (int) $ex;
$templateCode = str_replace('<%%VALUE(total_income)%%>', safe_html($in), $templateCode);
$templateCode = str_replace('<%%URLVALUE(total_income)%%>', urlencode($in), $templateCode);
$templateCode = str_replace('<%%VALUE(total_expense)%%>', safe_html($ex), $templateCode);
$templateCode = str_replace('<%%URLVALUE(total_expense)%%>', urlencode($ex), $templateCode);
$templateCode = str_replace('<%%VALUE(available_budget)%%>', safe_html($last), $templateCode);
$templateCode = str_replace('<%%URLVALUE(available_budget)%%>', urlencode($last), $templateCode);
} else {
$templateCode = str_replace('<%%VALUE(client_id)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(client_id)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(client)%%>', '', $templateCode);
$templateCode = str_replace('<%%URLVALUE(client)%%>', urlencode(''), $templateCode);
$templateCode = str_replace('<%%VALUE(total_income)%%>', '0', $templateCode);
$templateCode = str_replace('<%%URLVALUE(total_income)%%>', urlencode('0'), $templateCode);
$templateCode = str_replace('<%%VALUE(total_expense)%%>', '0', $templateCode);
$templateCode = str_replace('<%%URLVALUE(total_expense)%%>', urlencode('0'), $templateCode);
$templateCode = str_replace('<%%VALUE(available_budget)%%>', '0', $templateCode);
$templateCode = str_replace('<%%URLVALUE(available_budget)%%>', urlencode('0'), $templateCode);
}
// process translations
foreach ($Translation as $symbol => $trans) {
$templateCode = str_replace("<%%TRANSLATION($symbol)%%>", $trans, $templateCode);
}
// clear scrap
$templateCode = str_replace('<%%', '', $templateCode);
// hide links to inaccessible tables
if ($_REQUEST['dvprint_x'] == '') {
$templateCode .= "\n\n\n";
}
// ajaxed auto-fill fields
$templateCode .= '";
$templateCode .= $lookups;
// handle enforced parent values for read-only lookup fields
// don't include blank images in lightbox gallery
$templateCode = preg_replace('/blank.gif" data-lightbox=".*?"/', 'blank.gif"', $templateCode);
// don't display empty email links
$templateCode = preg_replace('//', '', $templateCode);
/* default field values */
$rdata = $jdata = get_defaults('clients');
if ($selected_id) {
$jdata = get_joined_record('clients', $selected_id);
if ($jdata === false) $jdata = get_defaults('clients');
$rdata = $row;
}
$templateCode .= loadView('clients-ajax-cache', array('rdata' => $rdata, 'jdata' => $jdata));
// hook: clients_dv
if (function_exists('clients_dv')) {
$args = array();
clients_dv(($selected_id ? $selected_id : FALSE), getMemberInfo(), $templateCode, $args);
}
return $templateCode;
}