API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 29th, 2017
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 63.02 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. include('config.php');
  4. include('functions.php');
  5. include('db.php');
  6. #destination = "";
  7. if ($_REQUEST['request'] == "add" or $_REQUEST['request'] == "new" or $_REQUEST['request'] == "create") {
  8. // add: customer
  9. if ($_REQUEST['request_type'] == "customer") {
  10. // get next auto increment ID
  11. $new_storeid = "0";
  12. $query = $db->select("SELECT `storeid` FROM ".$dbdb.".`equate_customers` ORDER BY `storeid` DESC LIMIT 0,1");
  13. foreach ($query as $row) {
  14. $new_storeid = $row['storeid'];
  15. }
  16. $new_storeid++;
  17. if ($_REQUEST['limit'] == "") { $limit = "0"; } else { $limit = $_REQUEST['limit']; }
  18. $query = $db->query("INSERT INTO ".$dbdb.".equate_customers (`storeid`, `storegroups`, `first`, `last`, `company`, `address1`, `address2`, `city`, `province`, `postalcode`, `country`, `homephone`, `busphone`, `cellphone`, `limit`, `available`, `sku`, `enabled`, `lastupdated`, `c1`, `c2`, `c3`, `c4`, `c5`, `c6`, `c7`, `c8`, `c9`, `c10`, `collect_loyalty`, `groups`) VALUES ('".$new_storeid."', '".$db->quote($_REQUEST['popup'])."', '".$db->quote($_REQUEST['first'])."', '".$db->quote($_REQUEST['last'])."', '".$db->quote($_REQUEST['company'])."', '".$db->quote($_REQUEST['address'])."', '".$db->quote($_REQUEST['address2'])."', '".$db->quote($_REQUEST['city'])."', '".$db->quote($_REQUEST['province'])."', '".$db->quote($_REQUEST['postalcode'])."', '".$db->quote($_REQUEST['country'])."', '".$db->quote(Filter('phone',$_REQUEST['homephone']))."', '".$db->quote(Filter('phone',$_REQUEST['busphone']))."', '".$db->quote(Filter('phone',$_REQUEST['cellphone']))."', '".$db->quote($limit)."', '".$db->quote($limit)."', '".$db->quote($_REQUEST['sku'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."', '".$db->quote($_REQUEST['c1'])."', '".$db->quote($_REQUEST['c2'])."', '".$db->quote($_REQUEST['c3'])."', '".$db->quote($_REQUEST['c4'])."', '".$db->quote($_REQUEST['c5'])."', '".$db->quote($_REQUEST['c6'])."', '".$db->quote($_REQUEST['c7'])."', '".$db->quote($_REQUEST['c8'])."', '".$db->quote($_REQUEST['c9'])."', '".$db->quote($_REQUEST['c10'])."', '".$db->quote($_REQUEST['collect_loyalty'])."', '".serialize($_REQUEST['edit_list'])."')");
  19. $destination = "dialog,Info,customer,".$query[1].",lg";
  20. }
  21. // add: product
  22. if ($_REQUEST['request_type'] == "product") {
  23. if ($_REQUEST['stock_min'] > $_REQUEST['stock_max']) { echo "error,Check the minimum, required, and maximum quantities in the supply tab."; exit; }
  24. // get next auto increment ID
  25. $new_storeid = time();
  26. $query = $db->query("INSERT INTO ".$dbdb.".equate_products (`storeid`, `sku`, `ean13`, `desc`, `weight`, `price`, `tax`, `total`, `batched`, `enabled`, `notes`, `cid`, `mid`, `type`, `parent`, `taxid`, `cost`, `availonline`, `origprice`, `adddate`, `adduser`, `moddate`, `moduser`, `grouped`, `loyalty`, `reference`, `c1`, `c2`, `c3`, `c4`, `c5`, `c6`, `c7`, `c8`, `c9`, `c10`, `supply`) VALUES ('".$new_storeid."', '".$db->quote($_REQUEST['sku'])."', '".$db->quote($_REQUEST['ean13'])."', '".$db->quote($_REQUEST['desc'])."', '".$db->quote($_REQUEST['weight'])."', '".$db->quote($_REQUEST['price'])."', '".$db->quote($_REQUEST['tax'])."', '".$db->quote($_REQUEST['total'])."', '".time()."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['notes'])."', '".$db->quote($_REQUEST['cid'])."', '".$db->quote($_REQUEST['mid'])."', 'p', '".$db->quote($_REQUEST['parent'])."', '".$db->quote($_REQUEST['taxid'])."', '".$db->quote($_REQUEST['cost'])."', '".$db->quote($_REQUEST['availonline'])."', '".$db->quote($_REQUEST['origprice'])."', '".time()."', '".$_SESSION['equate_auth']."', '', '', '".$db->quote($_REQUEST['grouped'])."', '".$db->quote($_REQUEST['loyalty'])."', '".$db->quote($_REQUEST['reference'])."', '".$db->quote($_REQUEST['c1'])."', '".$db->quote($_REQUEST['c2'])."', '".$db->quote($_REQUEST['c3'])."', '".$db->quote($_REQUEST['c4'])."', '".$db->quote($_REQUEST['c5'])."', '".$db->quote($_REQUEST['c6'])."', '".$db->quote($_REQUEST['c7'])."', '".$db->quote($_REQUEST['c8'])."', '".$db->quote($_REQUEST['c9'])."', '".$db->quote($_REQUEST['c10'])."', '".$db->quote($_REQUEST['supply'])."')");
  27. $pid = $query[1];
  28. // insert supply information if activated
  29. if ($_REQUEST['supply'] == "1") {
  30. if ($_REQUEST['expire'] == "0") { $expiration = ""; } else { $expiration = $_REQUEST['expiration']; }
  31. $query = $db->query("INSERT INTO ".$dbdb.".equate_inventory_supply (`pid`, `sid`, `type`, `stock_min`, `stock_required`, `stock_max`, `expiration`, `lastupdated`) VALUES ('".$pid."', '".$db->quote($_REQUEST['sid'])."', '".$db->quote($_REQUEST['supply_type'])."', '".$db->quote($_REQUEST['stock_min'])."', '".$db->quote($_REQUEST['stock_required'])."', '".$db->quote($_REQUEST['stock_max'])."', '".strtotime($expiration)."', '".time()."') ON DUPLICATE KEY UPDATE `type` = '".$db->quote($_REQUEST['supply_type'])."', `stock_min` = '".$db->quote($_REQUEST['stock_min'])."', `stock_required` = '".$db->quote($_REQUEST['stock_required'])."', `stock_max` = '".$db->quote($_REQUEST['stock_max'])."', `expiration` = '".strtotime($expiration)."', `lastupdated` = '".time()."'");
  32. }
  33. // add stock quantities
  34. $query = $db->select("SELECT `id` FROM ".$dbdb.".`equate_inventory_warehouse`");
  35. foreach ($query as $row) {
  36. $wid = $row['id'];
  37. $query2 = $db->query("INSERT INTO ".$dbdb.".equate_batching (`type`, `identifier`, `value`, `batched`, `lbatched`, `wid`, `reason`, `ref`, `time`) VALUES ('stock', '".$new_storeid."', '".$_REQUEST['w'.$wid]."', 'n', 'y', '".$wid."', '', '".md5(time().Random())."', '".time()."')");
  38. $query2 = $db->query("INSERT INTO `".$dbdb."`.`equate_inventory_warehouse_stock` (`wid`, `stockid`, `storeid`, `pid`, `paid`, `stock`, `lastupdated`) VALUES ('".$wid."', '".$new_storeid. "', '".$new_storeid."', '".$new_storeid."', '0', '".$_REQUEST['w'.$wid]."', '".time()."') ON DUPLICATE KEY UPDATE stock='".$_REQUEST['w'.$wid]."', lastupdated='".time()."'");
  39. }
  40. // add product descriptions
  41. $query = $db->query("INSERT INTO ".$dbdb.".equate_product_descriptions (`pid`, `short`, `long`) VALUES ('".$pid."', '".$db->quote($_REQUEST['short'])."', '".$db->quote($_REQUEST['long'])."') ON DUPLICATE KEY UPDATE `short` = '".$db->quote($_REQUEST['short'])."', `long` = '".$db->quote($_REQUEST['long'])."'");
  42.  
  43. $destination = "dialog,Info,product,".$query[1].",lg";
  44. }
  45. // add: group
  46. if ($_REQUEST['request_type'] == "group") {
  47. $query = $db->query("INSERT INTO ".$dbdb.".equate_customer_groups (`name`, `desc`, `enabled`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['desc'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."')");
  48. }
  49. // add: workgroup
  50. if ($_REQUEST['request_type'] == "workgroup") {
  51. $query = $db->query("INSERT INTO ".$dbdb.".equate_tickets_groups (`name`, `members`) VALUES ('".$db->quote($_REQUEST['name'])."', '".serialize($_REQUEST['members'])."')");
  52. }
  53. // add: security group
  54. if ($_REQUEST['request_type'] == "security") {
  55. $query = $db->query("INSERT INTO ".$dbdb.".equate_system_accessgroups (`name`, `desc`, `access`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['desc'])."', '".$db->quote($_REQUEST['access'])."', '".time()."')");
  56. }
  57. // add: reason
  58. if ($_REQUEST['request_type'] == "reason") {
  59. $query = $db->query("INSERT INTO ".$dbdb.".equate_system_refundreasons (`name`, `type`, `enabled`, `lastupdated`, `ref`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['type'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."', '".md5($_REQUEST['name'].$_REQUEST['type'].Random())."')");
  60. }
  61. // add: user
  62. if ($_REQUEST['request_type'] == "user") {
  63. $query = $db->query("INSERT INTO ".$dbdb.".equate_admins (`first`, `last`, `phone`, `email`, `username`, `password`, `address`, `city`, `province`, `country`, `postalcode`, `lastupdated`, `security_group`, `pay_rate`, `enabled`) VALUES ('".$db->quote($_REQUEST['first'])."', '".$db->quote($_REQUEST['last'])."', '".$db->quote(Filter('phone',$_REQUEST['phone']))."', '".$db->quote($_REQUEST['email'])."', '".$db->quote($_REQUEST['username'])."', '".md5($_REQUEST['password'])."', '".$db->quote($_REQUEST['address'])."', '".$db->quote($_REQUEST['city'])."', '".$db->quote($_REQUEST['province'])."', '".$db->quote($_REQUEST['country'])."', '".$db->quote($_REQUEST['postal'])."', '".time()."', '".$db->quote($_REQUEST['security_group'])."', '".$db->quote($_REQUEST['pay_rate'])."', '".$db->quote($_REQUEST['enabled'])."')");
  64. $destination = "dialog,Info,user,".$query[1].",lg";
  65. }
  66. // add: operator
  67. if ($_REQUEST['request_type'] == "operator") {
  68. $query = $db->select("SELECT first,last FROM ".$dbdb.".`equate_admins` WHERE `id` = '".$_REQUEST['request_id']."'");
  69. foreach ($query as $row) {
  70. $name = $row['first']." ".$row['last'];
  71. }
  72. $query = $db->query("INSERT INTO ".$dbdb.".equate_operators (`name`, `operator`, `pass`, `enabled`, `lastupdated`, `user_id`) VALUES ('".$db->quote($name)."', '".$db->quote($_REQUEST['operator'])."', '".$db->quote($_REQUEST['password'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."', '".$db->quote($_REQUEST['request_id'])."')");
  73. $destination = "dialog,Edit,user,".$_REQUEST['request_id'].",lg";
  74. }
  75. // add: category
  76. if ($_REQUEST['request_type'] == "category") {
  77. $query = $db->query("INSERT INTO ".$dbdb.".equate_inventory_categories (`name`, `pid`, `enabled`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['pid'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."')");
  78. }
  79. // add: attribute
  80. if ($_REQUEST['request_type'] == "attribute") {
  81. $query = $db->query("INSERT INTO ".$dbdb.".equate_attributes (`name`, `type`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['type'])."', '".time()."')");
  82. }
  83. // add: value
  84. if ($_REQUEST['request_type'] == "value") {
  85. $query = $db->query("INSERT INTO ".$dbdb.".equate_attribute_values (`name`, `group_id`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['group_id'])."', '".time()."')");
  86. }
  87. // add: payment method
  88. if ($_REQUEST['request_type'] == "payment_method") {
  89. $query = $db->query("INSERT INTO ".$dbdb.".equate_invoicing_paymethods (`name`, `alias`, `enabled`, `showonpos`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote(seo($_REQUEST['name']))."', '".$db->quote($_REQUEST['enabled'])."', '1', '".time()."')");
  90. }
  91. // add: coupon
  92. if ($_REQUEST['request_type'] == "coupon") {
  93. if ($_REQUEST['expire_control'] == "1") {
  94. $date = explode(' - ',$_REQUEST['range']);
  95. $to = strtotime($date[1]);
  96. $from = strtotime($date[0]);
  97. } else {
  98. $to = "0";
  99. $from = "0";
  100. }
  101. if ($_REQUEST['type'] == "1") { $value = $_REQUEST['percentage']; }
  102. if ($_REQUEST['type'] == "2") { $value = $_REQUEST['dollar']; }
  103. $query = $db->query("INSERT INTO ".$dbdb.".equate_invoicing_coupons (`name`, `sku`, `enabled`, `wid`, `type`, `template`, `value`, `criteria`, `to`, `from`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['sku'])."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['wid'])."', '".$db->quote($_REQUEST['type'])."', '".$db->quote($_REQUEST['template'])."', '".$db->quote($value)."', '".serialize($_REQUEST['criteria'])."', '".$db->quote($to)."', '".$db->quote($from)."', '".time()."')");
  104. }
  105. // add: tax
  106. if ($_REQUEST['request_type'] == "tax") {
  107. $query = $db->query("INSERT INTO ".$dbdb.".equate_tax (`name`, `rate`, `enabled`, `default`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote(($_REQUEST['rate'] / 100))."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['default'])."', '".time()."')");
  108. }
  109. // add: entry (timecard)
  110. if ($_REQUEST['request_type'] == "entry") {
  111. $date = explode(' - ',$_REQUEST['date']);
  112. $query = $db->query("INSERT INTO ".$dbdb.".equate_timecard (`op_id`, `time`, `outtime`, `total`, `lastupdated`, `ref`) VALUES ('".$db->quote($_REQUEST['request_id'])."', '".$db->quote(strtotime($date[0]))."', '".$db->quote(strtotime($date[1]))."', '".$db->quote((strtotime($date[1]) - strtotime($date[0])))."', '".time()."', '".md5(strtotime($date[1]).strtotime($date[0]).$_REQUEST['request_id'])."')");
  113. $destination = "dialog,Info,timecard,".$_REQUEST['request_id'].",lg";
  114. }
  115. // add: currency
  116. if ($_REQUEST['request_type'] == "currency") {
  117. $query = $db->query("INSERT INTO ".$dbdb.".equate_system_currency (`name`, `code`, `symbol`, `rate`, `lastupdated`, `enabled`, `autoupdate`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['code'])."', '".$db->quote($_REQUEST['symbol'])."', '".$db->quote($_REQUEST['rate'])."', '".time()."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['autoupdate'])."')");
  118. }
  119. // add: ticket
  120. if ($_REQUEST['request_type'] == "ticket") {
  121. $query = $db->query("INSERT INTO ".$dbdb.".equate_tickets (`subject`, `owner`, `author`, `status`, `lastupdated`, `severity`, `details`, `custid`, `tranid`) VALUES ('".$db->quote($_REQUEST['subject'])."', '".$db->quote($_REQUEST['owner'])."', '".$db->quote($_REQUEST['owner'])."', '".$db->quote($_REQUEST['status'])."', '".time()."', '".$db->quote($_REQUEST['severity'])."', '".$db->quote($_REQUEST['details'])."', '".$db->quote($_REQUEST['customer'])."', '".$db->quote($_REQUEST['transaction'])."')");
  122. }
  123. // add: gift card
  124. if ($_REQUEST['request_type'] == "gift_card") {
  125. if ($_REQUEST['expire_control'] == "1" ) { $expire = strtotime($_REQUEST['expire']); } else { $expire = ""; }
  126. $query = $db->query("INSERT INTO ".$dbdb.".equate_giftcards (`sku`, `total`, `balance`, `expire`, `lastupdated`, `enabled`, `user`) VALUES ('".$db->quote($_REQUEST['sku'])."', '".$db->quote(HumanDollar($_REQUEST['total']))."', '".$db->quote(HumanDollar($_REQUEST['total']))."', '".$db->quote($expire)."', '".time()."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['customer'])."')");
  127. }
  128. // add: calendar
  129. if ($_REQUEST['request_type'] == "calendar") {
  130. $labels['label'] = $_REQUEST['label'];
  131. $labels['label_color'] = $_REQUEST['label_color'];
  132. $query = $db->query("INSERT INTO ".$dbdb.".equate_calendar_calendars (`name`, `desc`, `view`, `view_list`, `edit`, `edit_list`, `labels`, `enabled`, `type`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['desc'])."', '".$db->quote($_REQUEST['view'])."', '".serialize($_REQUEST['view_list'])."', '".$db->quote($_REQUEST['edit'])."', '".serialize($_REQUEST['edit_list'])."', '".serialize($labels)."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['type'])."', '".time()."')");
  133. }
  134. // add: event
  135. if ($_REQUEST['request_type'] == "event") {
  136. // explode date/time field
  137. // if (isset($_REQUEST['start'])) { $stmt_start = "`start` = '".$db->quote(strtotime(str_replace("T", " ", $_REQUEST['start'])))."', "; }
  138. $date = explode(' - ',$_REQUEST['date']);
  139. $query = $db->select("SELECT * FROM ".$dbdb.".equate_calendar_calendars WHERE `id` = '".$_REQUEST['request_id']."'");
  140. foreach ($query as $row) {
  141. $labels = unserialize($row['labels']);
  142. }
  143. foreach($labels['label'] as $index => $label) {
  144. if ($label == $_REQUEST['label']) { $type = $labels['label_color']{$index}; }
  145. }
  146. if ($_REQUEST['request_event_type'] == "schedule") {
  147. $query = $db->select("SELECT * FROM ".$dbdb.".equate_admins WHERE `id` = '".$_REQUEST['value']."'");
  148. foreach ($query as $row) {
  149. $title = $row['first']." ".$row['last']." (".$_REQUEST['label'].")";
  150. }
  151. } else { $title = $_REQUEST['title']; }
  152. $query = $db->query("INSERT INTO ".$dbdb.".equate_calendar (`type`, `value`, `class`, `title`, `start`, `end`, `cid`, `ref`, `lastupdated`) VALUES ('".$type."', '".$db->quote($_REQUEST['value'])."', '".$label."', '".$db->quote($title)."', '".$db->quote(strtotime($date[0]))."', '".$db->quote(strtotime($date[1]))."', '".$db->quote($_REQUEST['request_id'])."', '".$db->quote(md5(Random().$_REQUEST['date'].$_REQUEST['title']))."', '".time()."')");
  153. $destination = "calendarrefresh,".$_REQUEST['request_id'];
  154. }
  155. // add: adapter
  156. if ($_REQUEST['request_type'] == "adapter") {
  157. if (strpos($_REQUEST['ip'], ':') == true) { $explode = explode(":", $_REQUEST['ip']); $host = $explode[0]; $port = $explode[1]; } else { $host = $_REQUEST['ip']; $port = null; }
  158. $link = mysqli_connect($host, $_REQUEST['username'], $_REQUEST['password'], $_REQUEST['database'], $port);
  159. if (!$link) {
  160. echo "error,Cannot connect to SQL server: ".mysqli_connect_error();
  161. exit;
  162. } else {
  163. if ($_REQUEST['type'] == "ps1") {
  164. $querytest = $link->query("SELECT * FROM `".$_REQUEST['database']."`.`".$_REQUEST['prefix']."shop`");
  165. }
  166. if ($_REQUEST['type'] == "vm2") {
  167. $querytest = $link->query("SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE `TABLE_NAME` LIKE '".$prefix."virtuemart_%'");
  168. if ($querytest->num_rows == "0") { return false; } else { return true; }
  169. }
  170. if ($querytest) {
  171. $query = $db->query("INSERT INTO ".$dbdb.".equate_adapters (`name`, `type`, `enabled`, `ip`, `database`, `username`, `password`, `prefix`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['type'])."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['ip'])."', '".$db->quote($_REQUEST['database'])."', '".$db->quote($_REQUEST['username'])."', '".$_REQUEST['password']."', '".$db->quote($_REQUEST['prefix'])."', '".time()."')");
  172. $destination = "dialog,Info,adapter,".$query[1]."";
  173. } else { echo "error,Cannot locate adapter tables. Please check adapter type or table prefix settings."; exit; }
  174. }
  175. }
  176. // add: terminal
  177. if ($_REQUEST['request_type'] == "terminal") {
  178. $query = $db->query("INSERT INTO ".$dbdb.".equate_system (`register`, `company`, `address`, `address2`, `city`, `province`, `country`, `postalcode`, `phone`, `phone2`, `web`, `email`, `enabled`, `wid`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['register'])."', '".$db->quote($_REQUEST['company'])."', '".$db->quote($_REQUEST['address'])."', '".$db->quote($_REQUEST['address2'])."', '".$db->quote($_REQUEST['city'])."', '".$db->quote($_REQUEST['province'])."', '".$db->quote($_REQUEST['country'])."', '".$db->quote($_REQUEST['postalcode'])."', '".$db->quote(Filter('phone',$_REQUEST['phone']))."', '".$db->quote(Filter('phone',$_REQUEST['phone2']))."', '".$db->quote($_REQUEST['web'])."', '".$db->quote($_REQUEST['email'])."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['wid'])."', '".time()."')");
  179. }
  180. // add: warehouse
  181. if ($_REQUEST['request_type'] == "warehouse") {
  182. $query = $db->query("INSERT INTO ".$dbdb.".equate_inventory_warehouse (`name`, `contact`, `address`, `city`, `province`, `country`, `postalcode`, `phone1`, `phone2`, `email`, `enabled`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['contact'])."', '".$db->quote($_REQUEST['address'])."', '".$db->quote($_REQUEST['city'])."', '".$db->quote($_REQUEST['province'])."', '".$db->quote($_REQUEST['country'])."', '".$db->quote($_REQUEST['postalcode'])."', '".$db->quote(Filter('phone',$_REQUEST['phone']))."', '".$db->quote(Filter('phone',$_REQUEST['phone2']))."', '".$db->quote($_REQUEST['email'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."')");
  183. }
  184. // add: manufacturer
  185. if ($_REQUEST['request_type'] == "manufacturer") {
  186. $query = $db->query("INSERT INTO ".$dbdb.".equate_inventory_manufacturers (`name`, `contact`, `address`, `city`, `province`, `country`, `postalcode`, `phone1`, `phone2`, `website`, `email`, `enabled`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['contact'])."', '".$db->quote($_REQUEST['address'])."', '".$db->quote($_REQUEST['city'])."', '".$db->quote($_REQUEST['province'])."', '".$db->quote($_REQUEST['country'])."', '".$db->quote($_REQUEST['postalcode'])."', '".$db->quote($_REQUEST['phone'])."', '".$db->quote($_REQUEST['phone2'])."', '".$db->quote($_REQUEST['web'])."', '".$db->quote($_REQUEST['email'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."')");
  187. }
  188. // add: manufacturer
  189. if ($_REQUEST['request_type'] == "supplier") {
  190. $query = $db->query("INSERT INTO ".$dbdb.".equate_po_suppliers (`name`, `contact`, `address`, `city`, `province`, `country`, `postalcode`, `phone1`, `phone2`, `website`, `email`, `enabled`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['name'])."', '".$db->quote($_REQUEST['contact'])."', '".$db->quote($_REQUEST['address'])."', '".$db->quote($_REQUEST['city'])."', '".$db->quote($_REQUEST['province'])."', '".$db->quote($_REQUEST['country'])."', '".$db->quote($_REQUEST['postalcode'])."', '".$db->quote($_REQUEST['phone'])."', '".$db->quote($_REQUEST['phone2'])."', '".$db->quote($_REQUEST['web'])."', '".$db->quote($_REQUEST['email'])."', '".$db->quote($_REQUEST['enabled'])."', '".time()."')");
  191. }
  192. // add: custom field
  193. if ($_REQUEST['request_type'] == "custom_field") {
  194. // get next available available custom field position (lowest number first)
  195. $used = array();
  196. $query = $db->select("SELECT `position` FROM ".$dbdb.".`equate_system_customfields` WHERE `type` = '".$_REQUEST['field_type']."'");
  197. if ($query->num_rows != "0") { foreach ($query as $row) { array_push($used,$row['position']); } }
  198. $i = "1";
  199. while (in_array($i, $used) && $i < 11) { $i++; }
  200. if ($i == "11") { echo "error,There are no more custom fields available for this type."; exit; } else { $position = $i; }
  201. $query = $db->query("INSERT INTO ".$dbdb.".equate_system_customfields (`type`, `label`, `position`, `enabled`, `required`, `lastupdated`) VALUES ('".$db->quote($_REQUEST['field_type'])."', '".$db->quote($_REQUEST['label'])."', '".$db->quote($position)."', '".$db->quote($_REQUEST['enabled'])."', '".$db->quote($_REQUEST['required'])."', '".time()."')");
  202. }
  203. }
  204. if ($_REQUEST['request'] == "edit") {
  205. // edit: customer
  206. if ($_REQUEST['request_type'] == "customer") {
  207. if ($_REQUEST['limit'] == "") {
  208. $limit = "";
  209. } else {
  210. $query = $db->select("SELECT * FROM ".$dbdb.".`equate_customers` WHERE `id` = '".$_REQUEST['request_id']."'");
  211. foreach ($query as $row) {
  212. $current_limit = $row['limit'];
  213. $current_available = $row['available'];
  214. }
  215. $current_difference = $current_limit - $_REQUEST['limit'];
  216. $new_limit = $current_limit - $current_difference;
  217. $new_available = $current_available - $current_difference;
  218. $limit = ", `limit` = '".$db->quote(HumanDollar($new_limit))."', `available` = '".$db->quote(HumanDollar($new_available))."'";
  219. }
  220. $query = $db->query("UPDATE ".$dbdb.".equate_customers SET `storegroups` = '".$db->quote($_REQUEST['popup'])."', `first` = '".$db->quote($_REQUEST['first'])."', `last` = '".$db->quote($_REQUEST['last'])."', `company` = '".$db->quote($_REQUEST['company'])."', `address1` = '".$db->quote($_REQUEST['address1'])."', `address2` = '".$db->quote($_REQUEST['address2'])."', `city` = '".$db->quote($_REQUEST['city'])."', `province` = '".$db->quote($_REQUEST['province'])."', `postalcode` = '".$db->quote($_REQUEST['postalcode'])."', `country` = '".$db->quote($_REQUEST['country'])."', `homephone` = '".$db->quote(Filter('phone',$_REQUEST['homephone']))."', `busphone` = '".$db->quote(Filter('phone',$_REQUEST['busphone']))."', `cellphone` = '".$db->quote(Filter('phone',$_REQUEST['cellphone']))."', `sku` = '".$db->quote($_REQUEST['sku'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `collect_loyalty` = '".$db->quote($_REQUEST['collect_loyalty'])."', `c1` = '".$db->quote($_REQUEST['c1'])."', `c2` = '".$db->quote($_REQUEST['c2'])."', `c3` = '".$db->quote($_REQUEST['c3'])."', `c4` = '".$db->quote($_REQUEST['c4'])."', `c5` = '".$db->quote($_REQUEST['c5'])."', `c6` = '".$db->quote($_REQUEST['c6'])."', `c7` = '".$db->quote($_REQUEST['c7'])."', `c8` = '".$db->quote($_REQUEST['c8'])."', `c9` = '".$db->quote($_REQUEST['c9'])."', `c10` = '".$db->quote($_REQUEST['c10'])."', `groups` = '".serialize($_REQUEST['groups'])."', `lastupdated` = '".time()."'".$limit." WHERE `id` = '".$_REQUEST['request_id']."'");
  221. }
  222. // edit: product
  223. if ($_REQUEST['request_type'] == "product") {
  224. if ($_REQUEST['stock_min'] > $_REQUEST['stock_max']) { echo "error,Check the minimum, required, and maximum quantities in the supply tab."; exit; }
  225. $query = $db->query("UPDATE ".$dbdb.".equate_products SET `sku` = '".$db->quote($_REQUEST['sku'])."', `ean13` = '".$db->quote($_REQUEST['ean13'])."', `desc` = '".$db->quote($_REQUEST['desc'])."', `weight` = '".$db->quote($_REQUEST['weight'])."', `price` = '".$db->quote($_REQUEST['price'])."', `tax` = '".$db->quote($_REQUEST['tax'])."', `total` = '".$db->quote($_REQUEST['total'])."', `batched` = '".time()."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `notes` = '".$db->quote($_REQUEST['notes'])."', `cid` = '".$db->quote($_REQUEST['cid'])."', `mid` = '".$db->quote($_REQUEST['mid'])."', `parent` = '".$db->quote($_REQUEST['parent'])."', `taxid` = '".$db->quote($_REQUEST['taxid'])."', `cost` = '".$db->quote($_REQUEST['cost'])."', `availonline` = '".$db->quote($_REQUEST['availonline'])."', `origprice` = '".$db->quote($_REQUEST['origprice'])."', `moduser` = '".$_SESSION['equate_auth']."', `moddate` = '".time()."', `grouped` = '".$db->quote($_REQUEST['grouped'])."', `loyalty` = '".$db->quote($_REQUEST['loyalty'])."', `reference` = '".$db->quote($_REQUEST['reference'])."', `c1` = '".$db->quote($_REQUEST['c1'])."', `c2` = '".$db->quote($_REQUEST['c2'])."', `c3` = '".$db->quote($_REQUEST['c3'])."', `c4` = '".$db->quote($_REQUEST['c4'])."', `c5` = '".$db->quote($_REQUEST['c5'])."', `c6` = '".$db->quote($_REQUEST['c6'])."', `c7` = '".$db->quote($_REQUEST['c7'])."', `c8` = '".$db->quote($_REQUEST['c8'])."', `c9` = '".$db->quote($_REQUEST['c9'])."', `c10` = '".$db->quote($_REQUEST['c10'])."', `supply` = '".$db->quote($_REQUEST['supply'])."' WHERE `id` = '".$_REQUEST['request_id']."'");
  226. if ($_REQUEST['supply'] == "1") {
  227. if ($_REQUEST['expire'] == "0") { $expiration = ""; } else { $expiration = $_REQUEST['expiration']; }
  228. $query = $db->query("INSERT INTO ".$dbdb.".equate_inventory_supply (`pid`, `sid`, `type`, `stock_min`, `stock_required`, `stock_max`, `expiration`, `lastupdated`) VALUES ('".$_REQUEST['request_id']."', '".$db->quote($_REQUEST['sid'])."', '".$db->quote($_REQUEST['supply_type'])."', '".$db->quote($_REQUEST['stock_min'])."', '".$db->quote($_REQUEST['stock_required'])."', '".$db->quote($_REQUEST['stock_max'])."', '".strtotime($expiration)."', '".time()."') ON DUPLICATE KEY UPDATE `sid` = '".$db->quote($_REQUEST['sid'])."', `type` = '".$db->quote($_REQUEST['supply_type'])."', `stock_min` = '".$db->quote($_REQUEST['stock_min'])."', `stock_required` = '".$db->quote($_REQUEST['stock_required'])."', `stock_max` = '".$db->quote($_REQUEST['stock_max'])."', `expiration` = '".strtotime($expiration)."', `lastupdated` = '".time()."'");
  229. }
  230. $query = $db->query("INSERT INTO ".$dbdb.".equate_product_descriptions (`pid`, `short`, `long`) VALUES ('".$_REQUEST['request_id']."', '".$db->quote($_REQUEST['short'])."', '".$db->quote($_REQUEST['long'])."') ON DUPLICATE KEY UPDATE `short` = '".$db->quote($_REQUEST['short'])."', `long` = '".$db->quote($_REQUEST['long'])."'");
  231. }
  232. // edit: user
  233. if ($_REQUEST['request_type'] == "user") {
  234. if ($_REQUEST['password'] == "") { $password = ""; } else { $password = ", `password` = '".$db->quote(md5($_REQUEST['password']))."'"; }
  235. $query = $db->query("UPDATE ".$dbdb.".equate_admins SET `first` = '".$db->quote($_REQUEST['first'])."', `last` = '".$db->quote($_REQUEST['last'])."', `phone` = '".$db->quote($_REQUEST['phone'])."', `email` = '".$db->quote($_REQUEST['email'])."', `address` = '".$db->quote($_REQUEST['address'])."', `city` = '".$db->quote($_REQUEST['city'])."', `province` = '".$db->quote($_REQUEST['province'])."', `country` = '".$db->quote($_REQUEST['country'])."', `postalcode` = '".$db->quote($_REQUEST['postal'])."', `username` = '".$db->quote($_REQUEST['username'])."', `lastupdated` = '".time()."', `security_group` = '".$db->quote($_REQUEST['security_group'])."', `pay_rate` = '".$db->quote($_REQUEST['pay_rate'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."'".$password." WHERE id = '".$_REQUEST['request_id']."'");
  236. $destination = "dialog,Info,user,".$_REQUEST['request_id'].",lg";
  237. }
  238. // edit: group
  239. if ($_REQUEST['request_type'] == "group") {
  240. $query = $db->query("UPDATE ".$dbdb.".equate_customer_groups SET `name` = '".$db->quote($_REQUEST['name'])."', `desc` = '".$db->quote($_REQUEST['desc'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  241. }
  242. // edit: workgroup
  243. if ($_REQUEST['request_type'] == "workgroup") {
  244. $query = $db->query("UPDATE ".$dbdb.".equate_tickets_groups SET `name` = '".$db->quote($_REQUEST['name'])."', `members` = '".serialize($_REQUEST['members'])."' WHERE `id` = '".$_REQUEST['request_id']."'");
  245. }
  246. // edit: security group
  247. if ($_REQUEST['request_type'] == "security") {
  248. $query = $db->query("UPDATE ".$dbdb.".equate_system_accessgroups SET `name` = '".$db->quote($_REQUEST['name'])."', `desc` = '".$db->quote($_REQUEST['desc'])."', `access` = '".serialize($_REQUEST['access'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  249. }
  250. // edit: reason
  251. if ($_REQUEST['request_type'] == "reason") {
  252. $query = $db->query("UPDATE ".$dbdb.".equate_system_refundreasons SET `name` = '".$db->quote($_REQUEST['name'])."', `type` = '".$db->quote($_REQUEST['type'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  253. }
  254. // edit: operator
  255. if ($_REQUEST['request_type'] == "operator") {
  256. if ($_REQUEST['password'] == "") { $password = ""; } else { $password = ", `pass` = '".$db->quote($_REQUEST['password'])."'"; }
  257. $query = $db->query("UPDATE ".$dbdb.".equate_operators SET `operator` = '".$db->quote($_REQUEST['operator'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."'".$password." WHERE `operator` = '".$_REQUEST['request_id']."'");
  258. }
  259. // edit: category
  260. if ($_REQUEST['request_type'] == "category") {
  261. $query = $db->query("UPDATE ".$dbdb.".equate_inventory_categories SET `name` = '".$db->quote($_REQUEST['name'])."', `pid` = '".$db->quote($_REQUEST['pid'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  262. }
  263. // edit: attribute
  264. if ($_REQUEST['request_type'] == "attribute") {
  265. $query = $db->query("UPDATE ".$dbdb.".equate_attributes SET `name` = '".$db->quote($_REQUEST['name'])."', `type` = '".$db->quote($_REQUEST['type'])."' `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  266. }
  267. // edit: value
  268. if ($_REQUEST['request_type'] == "value") {
  269. $query = $db->query("UPDATE ".$dbdb.".equate_attribute_values SET `name` = '".$db->quote($_REQUEST['name'])."', `group_id` = '".$db->quote($_REQUEST['group_id'])."' `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  270. }
  271. // edit: payment method
  272. if ($_REQUEST['request_type'] == "payment_method") {
  273. $query = $db->query("UPDATE ".$dbdb.".equate_invoicing_paymethods SET `name` = '".$db->quote($_REQUEST['name'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  274. }
  275. // edit: coupon
  276. if ($_REQUEST['request_type'] == "coupon") {
  277. if ($_REQUEST['expire_control'] == "1") {
  278. $date = explode(' - ',$_REQUEST['range']);
  279. $to = strtotime($date[1]);
  280. $from = strtotime($date[0]);
  281. } else {
  282. $to = "0";
  283. $from = "0";
  284. }
  285. if ($_REQUEST['type'] == "1") { $value = $_REQUEST['percentage']; }
  286. if ($_REQUEST['type'] == "2") { $value = $_REQUEST['dollar']; }
  287. $query = $db->select("SELECT * FROM ".$dbdb.".equate_invoicing_coupons WHERE `id` = '".$_REQUEST['request_id']."'");
  288. foreach ($query as $row) {
  289. $value_chk = $row['value'];
  290. }
  291. if ($value_chk != $value && $value != "") { $value = $value; } else { $value = $value_chk; }
  292. $query = $db->query("UPDATE ".$dbdb.".equate_invoicing_coupons SET `name` = '".$db->quote($_REQUEST['name'])."', `sku` = '".$db->quote($_REQUEST['sku'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `wid` = '".$db->quote($_REQUEST['wid'])."', `type` = '".$db->quote($_REQUEST['type'])."', `template` = '".$db->quote($_REQUEST['template'])."', `value` = '".$db->quote($value)."', `criteria` = '".serialize($_REQUEST['criteria'])."', `to` = '".$db->quote($to)."', `from` = '".$db->quote($from)."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  293. }
  294. // edit: tax
  295. if ($_REQUEST['request_type'] == "tax") {
  296. $query = $db->query("UPDATE ".$dbdb.".equate_tax SET `name` = '".$db->quote($_REQUEST['name'])."', `rate` = '".$db->quote(($_REQUEST['rate'] / 100))."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `default` = '".$db->quote($_REQUEST['default'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  297. }
  298. // edit: entry (timecard)
  299. if ($_REQUEST['request_type'] == "entry") {
  300. $date = explode(' - ',$_REQUEST['date']);
  301. $query = $db->query("UPDATE ".$dbdb.".equate_timecard SET `op_id` = '".$db->quote($_REQUEST['value'])."', `time` = '".$db->quote(strtotime($date[0]))."', `outtime` = '".$db->quote(strtotime($date[1]))."', `total` = '".$db->quote((strtotime($date[1]) - strtotime($date[0])))."', `lastupdated` = '".time()."' WHERE `ref` = '".$_REQUEST['request_id']."'");
  302. $destination = "dialog,Info,timecard,".$_REQUEST['value'].",lg";
  303. }
  304. // edit: currency
  305. if ($_REQUEST['request_type'] == "currency") {
  306. $query = $db->query("UPDATE ".$dbdb.".equate_system_currency SET `name` = '".$db->quote($_REQUEST['name'])."', `code` = '".$db->quote($_REQUEST['code'])."', `symbol` = '".$db->quote($_REQUEST['symbol'])."', `rate` = '".$db->quote($_REQUEST['rate'])."', `lastupdated` = '".time()."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `autoupdate` = '".$db->quote($_REQUEST['autoupdate'])."' WHERE `id` = '".$_REQUEST['request_id']."'");
  307. }
  308. // edit: ticket
  309. if ($_REQUEST['request_type'] == "ticket") {
  310. $query = $db->query("UPDATE ".$dbdb.".equate_tickets SET `subject` = '".$db->quote($_REQUEST['subject'])."', `owner` = '".$db->quote($_REQUEST['owner'])."', `status` = '".$db->quote($_REQUEST['status'])."', `severity` = '".$db->quote($_REQUEST['severity'])."', `lastupdated` = '".time()."', `details` = '".$db->quote($_REQUEST['details'])."', `custid` = '".$db->quote($_REQUEST['customer'])."', `tranid` = '".$db->quote($_REQUEST['transaction'])."' WHERE `id` = '".$_REQUEST['request_id']."'");
  311. }
  312. // edit: gift card
  313. if ($_REQUEST['request_type'] == "gift_card") {
  314. $query = $db->select("SELECT * FROM ".$dbdb.".equate_giftcards WHERE `id` = '".$_REQUEST['request_id']."'");
  315. foreach ($query as $row) {
  316. $original_total = $row['total'];
  317. $original_balance = $row['balance'];
  318. }
  319. if ($_REQUEST['total'] == "") { $_REQUEST['total'] = $original_total; }
  320. $total_difference = $original_total - $_REQUEST['total'];
  321. $total = $original_total - $total_difference;
  322. $balance = $original_balance - $total_difference;
  323. if ($_REQUEST['expire_control'] == "1" ) { $expire = strtotime($_REQUEST['expire']); } else { $expire = ""; }
  324. $query = $db->query("UPDATE ".$dbdb.".equate_giftcards SET `sku` = '".$db->quote($_REQUEST['sku'])."', `total` = '".$db->quote(HumanDollar($total))."', `balance` = '".$db->quote(HumanDollar($balance))."', `expire` = '".$db->quote($expire)."', `lastupdated` = '".time()."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `user` = '".$db->quote($_REQUEST['customer'])."' WHERE `id` = '".$_REQUEST['request_id']."'");
  325. }
  326. // edit: calendar
  327. if ($_REQUEST['request_type'] == "calendar") {
  328. $labels['label'] = $_REQUEST['label'];
  329. $labels['label_color'] = $_REQUEST['label_color'];
  330. $query = $db->query("UPDATE ".$dbdb.".equate_calendar_calendars SET `name` = '".$db->quote($_REQUEST['name'])."', `desc` = '".$db->quote($_REQUEST['desc'])."', `view` = '".$db->quote($_REQUEST['view'])."', `view_list` = '".serialize($_REQUEST['view_list'])."', `edit` = '".$db->quote($_REQUEST['edit'])."', `edit_list` = '".serialize($_REQUEST['edit_list'])."', `labels` = '".serialize($labels)."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `type` = '".$db->quote($_REQUEST['type'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  331. }
  332. // add: event
  333. if ($_REQUEST['request_type'] == "event") {
  334. // explode date/time field
  335. // if (isset($_REQUEST['start'])) { $stmt_start = "`start` = '".$db->quote(strtotime(str_replace("T", " ", $_REQUEST['start'])))."', "; }
  336. $date = explode(' - ',$_REQUEST['date']);
  337. $query = $db->select("SELECT * FROM ".$dbdb.".equate_calendar WHERE `ref` = '".$_REQUEST['request_id']."'");
  338. foreach ($query as $row) {
  339. $cid = $row['cid'];
  340. }
  341. $query = $db->select("SELECT * FROM ".$dbdb.".equate_calendar_calendars WHERE `id` = '".$cid."'");
  342. foreach ($query as $row) {
  343. $labels = unserialize($row['labels']);
  344. }
  345. foreach($labels['label'] as $index => $label) {
  346. if ($label == $_REQUEST['label']) { $type = $labels['label_color']{$index}; }
  347. }
  348. if ($_REQUEST['request_event_type'] == "schedule") {
  349. $query = $db->select("SELECT * FROM ".$dbdb.".equate_admins WHERE `id` = '".$_REQUEST['value']."'");
  350. foreach ($query as $row) {
  351. $title = $row['first']." ".$row['last']." (".$_REQUEST['label'].")";
  352. }
  353. } else { $title = $_REQUEST['title']; }
  354. $query = $db->query("UPDATE ".$dbdb.".equate_calendar SET `class` = '".$db->quote($_REQUEST['label'])."', `value` = '".$db->quote($_REQUEST['value'])."', `type` = '".$db->quote($type)."', `title` = '".$db->quote($title)."', `details` = '".$db->quote(seo($_REQUEST['desc']))."', `start` = '".strtotime($date[0])."', `end` = '".strtotime($date[1])."', `lastupdated` = '".time()."' WHERE `ref` = '".$_REQUEST['request_id']."'");
  355. $destination = "calendarrefresh,".$_REQUEST['request_id'];
  356. }
  357. // edit: adapter
  358. if ($_REQUEST['request_type'] == "adapter") {
  359. $query = $db->select("SELECT `password` FROM ".$dbdb.".`equate_adapters` WHERE `id` = '".$_REQUEST['request_id']."'");
  360. if ($query->num_rows != "0") {
  361. foreach ($query as $row) {
  362. $current_password = $row['password'];
  363. }
  364. }
  365. if ($_REQUEST['password'] == "") { $current_password = $current_password; } else { $current_password = $_REQUEST['password']; }
  366. if (strpos($_REQUEST['ip'], ':') == true) { $explode = explode(":", $_REQUEST['ip']); $host = $explode[0]; $port = $explode[1]; } else { $host = $_REQUEST['ip']; $port = null; }
  367. $link = mysqli_connect($host, $_REQUEST['username'], $current_password, $_REQUEST['database'], $port);
  368. if (!$link) {
  369. echo "error,Cannot connect to SQL server: ".mysqli_connect_error();
  370. exit;
  371. } else {
  372. if ($_REQUEST['type'] == "ps1") {
  373. $querytest = $link->query("SELECT * FROM `".$_REQUEST['database']."`.`".$_REQUEST['prefix']."shop`");
  374. }
  375. if ($_REQUEST['type'] == "vm2") {
  376. $querytest = $link->query("SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE `TABLE_NAME` LIKE '".$prefix."virtuemart_%'");
  377. if ($querytest->num_rows == "0") { return false; } else { return true; }
  378. }
  379. if ($querytest) {
  380. if ($_REQUEST['password'] == "") { $password = ""; } else { $password = ", `password` = '".$db->quote($_REQUEST['password'])."'"; }
  381. $query = $db->query("UPDATE ".$dbdb.".equate_adapters SET `name` = '".$db->quote($_REQUEST['name'])."', `type` = '".$db->quote($_REQUEST['type'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `ip` = '".$db->quote($_REQUEST['ip'])."', `database` = '".$db->quote($_REQUEST['database'])."', `username` = '".$db->quote($_REQUEST['username'])."', `prefix` = '".$db->quote($_REQUEST['prefix'])."', `lastupdated` = '".time()."'".$password." WHERE id = '".$_REQUEST['request_id']."'");
  382. $destination = "dialog,Info,adapter,".$_REQUEST['request_id']."";
  383. } else { echo "error,Cannot locate adapter tables. Please check adapter type or table prefix settings."; exit; }
  384. }
  385. }
  386. // edit: terminals
  387. if ($_REQUEST['request_type'] == "terminal") {
  388. $query = $db->query("UPDATE ".$dbdb.".equate_system SET `company` = '".$db->quote($_REQUEST['company'])."', `address` = '".$db->quote($_REQUEST['address'])."', `address2` = '".$db->quote($_REQUEST['address2'])."', `city` = '".$db->quote($_REQUEST['city'])."', `province` = '".$db->quote($_REQUEST['province'])."', `country` = '".$db->quote($_REQUEST['country'])."', `postalcode` = '".$db->quote($_REQUEST['postalcode'])."', `phone` = '".$db->quote($_REQUEST['phone'])."', `phone2` = '".$db->quote($_REQUEST['phone2'])."', `web` = '".$db->quote($_REQUEST['web'])."', `email` = '".$db->quote($_REQUEST['email'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `wid` = '".$db->quote($_REQUEST['wid'])."', `lastupdated` = '".time()."' WHERE `register` = '".$_REQUEST['request_id']."'");
  389. }
  390. // edit: warehouse
  391. if ($_REQUEST['request_type'] == "warehouse") {
  392. $query = $db->query("UPDATE ".$dbdb.".equate_inventory_warehouse SET `name` = '".$db->quote($_REQUEST['name'])."', `contact` = '".$db->quote($_REQUEST['contact'])."', `address` = '".$db->quote($_REQUEST['address'])."', `city` = '".$db->quote($_REQUEST['city'])."', `province` = '".$db->quote($_REQUEST['province'])."', `country` = '".$db->quote($_REQUEST['country'])."', `postalcode` = '".$db->quote($_REQUEST['postalcode'])."', `phone1` = '".$db->quote($_REQUEST['phone'])."', `phone2` = '".$db->quote($_REQUEST['phone2'])."', `email` = '".$db->quote($_REQUEST['email'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  393. }
  394. // edit: manufacturer
  395. if ($_REQUEST['request_type'] == "manufacturer") {
  396. $query = $db->query("UPDATE ".$dbdb.".equate_inventory_manufacturers SET `name` = '".$db->quote($_REQUEST['name'])."', `contact` = '".$db->quote($_REQUEST['contact'])."', `address` = '".$db->quote($_REQUEST['address'])."', `city` = '".$db->quote($_REQUEST['city'])."', `province` = '".$db->quote($_REQUEST['province'])."', `country` = '".$db->quote($_REQUEST['country'])."', `postalcode` = '".$db->quote($_REQUEST['postalcode'])."', `phone1` = '".$db->quote($_REQUEST['phone'])."', `phone2` = '".$db->quote($_REQUEST['phone2'])."', `email` = '".$db->quote($_REQUEST['email'])."', `website` = '".$db->quote($_REQUEST['web'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  397. }
  398. // edit: supplier
  399. if ($_REQUEST['request_type'] == "supplier") {
  400. $query = $db->query("UPDATE ".$dbdb.".equate_po_suppliers SET `name` = '".$db->quote($_REQUEST['name'])."', `contact` = '".$db->quote($_REQUEST['contact'])."', `address` = '".$db->quote($_REQUEST['address'])."', `city` = '".$db->quote($_REQUEST['city'])."', `province` = '".$db->quote($_REQUEST['province'])."', `country` = '".$db->quote($_REQUEST['country'])."', `postalcode` = '".$db->quote($_REQUEST['postalcode'])."', `phone1` = '".$db->quote($_REQUEST['phone'])."', `phone2` = '".$db->quote($_REQUEST['phone2'])."', `email` = '".$db->quote($_REQUEST['email'])."', `website` = '".$db->quote($_REQUEST['web'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  401. }
  402. // edit: custom field
  403. if ($_REQUEST['request_type'] == "custom_field") {
  404. $query = $db->query("UPDATE ".$dbdb.".equate_system_customfields SET `label` = '".$db->quote($_REQUEST['label'])."', `enabled` = '".$db->quote($_REQUEST['enabled'])."', `required` = '".$db->quote($_REQUEST['required'])."', `lastupdated` = '".time()."' WHERE `id` = '".$_REQUEST['request_id']."'");
  405. }
  406. }
  407. if ($_REQUEST['request'] == "settings") {
  408. if ($_REQUEST['request_type'] == "locale") {
  409. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('billing_tax', '".$db->quote($_REQUEST['set_pref_billing_tax'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_billing_tax'])."'");
  410. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_date_display'])."' WHERE `property` = 'date_display'");
  411. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_date_time'])."' WHERE `property` = 'date_time'");
  412. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_date_timezone'])."' WHERE `property` = 'date_timezone'");
  413. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_billing_currency_decimal'])."' WHERE `property` = 'billing_currency_decimal'");
  414. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_billing_currency_position'])."' WHERE `property` = 'billing_currency_position'");
  415. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_billing_currency_thousand'])."' WHERE `property` = 'billing_currency_thousand'");
  416. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_billing_currency'])."' WHERE `property` = 'billing_currency'");
  417. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_billing_currency_autoupdate'])."' WHERE `property` = 'billing_currency_autoupdate'");
  418. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('display_name', '".$db->quote($_REQUEST['set_pref_display_name'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_display_name'])."'");
  419. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('display_product', '".$db->quote($_REQUEST['set_pref_display_product'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_display_product'])."'");
  420. // get new currency rates from base currency
  421. $query = $db->select("SELECT * FROM ".$dbdb.".`equate_system_currency`");
  422. foreach ($query as $row) {
  423. $curr_avail[] = $row['code'];
  424. }
  425. // get currency rates
  426. $json_url = "http://api.fixer.io/latest?base=".$_REQUEST['set_pref_billing_currency'];
  427. $data = json_decode(file_get_contents($json_url), TRUE);
  428. $array = $data['rates'];
  429. // update base rate to 1.000000
  430. $query = $db->query("UPDATE ".$dbdb.".equate_system_currency SET `rate` = '1.000000', lastupdated = '".time()."' WHERE `code` = '".$_REQUEST['set_pref_billing_currency']."'");
  431. // update other rates
  432. foreach ($array as $iso => $rate) {
  433. if (in_array($iso, $curr_avail)) {
  434. $query = $db->query("UPDATE ".$dbdb.".equate_system_currency SET `rate` = '".$rate."', lastupdated = '".strtotime($data['date'])."' WHERE `code` = '".$iso."'");
  435. }
  436. }
  437. }
  438. if ($_REQUEST['request_type'] == "system") {
  439. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_billing_pricedisplay'])."' WHERE `property` = 'billing_pricedisplay'");
  440. $query = $db->query("UPDATE ".$dbdb.".equate_preferences SET `value` = '".$db->quote($_REQUEST['set_pref_display_disabled'])."' WHERE `property` = 'display_disabled'");
  441. // update general preferences
  442. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('default_calendar', '".$db->quote($_REQUEST['set_pref_default_calendar'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_default_calendar'])."'");
  443. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('default_schedule', '".$db->quote($_REQUEST['set_pref_default_schedule'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_default_schedule'])."'");
  444. }
  445. if ($_REQUEST['request_type'] == "terminals") {
  446. $query = $db->query("UPDATE ".$dbdb.".equate_system SET `receiptnotes` = '".$db->quote($_REQUEST['set_pref_pos_footer'])."', `oplogin` = '".$db->quote($_REQUEST['set_pref_pos_oplogin'])."', `stockcontrol` = '".$db->quote($_REQUEST['set_pref_pos_stockcontrol'])."', `action` = '".$db->quote($_REQUEST['set_pref_pos_action'])."'");
  447. // update default register data
  448. $query = $db->query("UPDATE ".$dbdb.".equate_system SET `wid` = '".$db->quote($_REQUEST['wid'])."' WHERE `register` = '000'");
  449. }
  450. if ($_REQUEST['request_type'] == "general") {
  451. $query = $db->query("UPDATE ".$dbdb.".equate_system SET `company` = '".$db->quote($_REQUEST['set_pref_company_name'])."', `address` = '".$db->quote($_REQUEST['set_pref_company_address'])."', `address2` = '".$db->quote($_REQUEST['set_pref_company_address2'])."', `city` = '".$db->quote($_REQUEST['set_pref_company_city'])."', `province` = '".$db->quote($_REQUEST['set_pref_company_province'])."', `country` = '".$db->quote($_REQUEST['set_pref_company_country'])."', `postalcode` = '".$db->quote($_REQUEST['set_pref_company_postalcode'])."', `phone` = '".$db->quote($_REQUEST['set_pref_company_phone'])."', `phone2` = '".$db->quote($_REQUEST['set_pref_company_phone2'])."', `web` = '".$db->quote($_REQUEST['set_pref_company_web'])."', `email` = '".$db->quote($_REQUEST['set_pref_company_email'])."' WHERE `register` = '000'");
  452. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('groups_users', '".$db->quote($_REQUEST['set_pref_groups_users'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_groups_users'])."'");
  453. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('groups_customer', '".serialize($_REQUEST['set_pref_groups_customer'])."', '') ON DUPLICATE KEY UPDATE `value` = '".serialize($_REQUEST['set_pref_groups_customer'])."'");
  454. }
  455. if ($_REQUEST['request_type'] == "security") {
  456. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('security_expire', '".$db->quote($_REQUEST['set_pref_security_expire'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_security_expire'])."'");
  457. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('security_username', '".$db->quote($_REQUEST['set_pref_security_username'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_security_username'])."'");
  458. }
  459. if ($_REQUEST['request_type'] == "data") {
  460. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_customer_name', '".$db->quote($_REQUEST['set_pref_data_customer_name'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_customer_name'])."'");
  461. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_customer_phone', '".$db->quote($_REQUEST['set_pref_data_customer_phone'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_customer_phone'])."'");
  462. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_customer_email', '".$db->quote($_REQUEST['set_pref_data_customer_email'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_customer_email'])."'");
  463. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_customer_address', '".$db->quote($_REQUEST['set_pref_data_customer_address'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_customer_address'])."'");
  464. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_product_name', '".$db->quote($_REQUEST['set_pref_data_product_name'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_product_name'])."'");
  465. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_product_short', '".$db->quote($_REQUEST['set_pref_data_product_short'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_product_short'])."'");
  466. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_product_long', '".$db->quote($_REQUEST['set_pref_data_product_long'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_product_long'])."'");
  467. $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('data_product_cost', '".$db->quote($_REQUEST['set_pref_data_product_cost'])."', '') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_data_product_cost'])."'");
  468. }
  469. }
  470. if ($_REQUEST['request'] == "settings_personal") {
  471. if ($_REQUEST['password'] == "") { $password = ""; } else { $password = ", `password` = '".$db->quote(md5($_REQUEST['password']))."'"; }
  472. $query = $db->query("UPDATE ".$dbdb.".equate_admins SET `first` = '".$db->quote($_REQUEST['first'])."', `last` = '".$db->quote($_REQUEST['last'])."', `phone` = '".$db->quote($_REQUEST['phone'])."', `email` = '".$db->quote($_REQUEST['email'])."', `address` = '".$db->quote($_REQUEST['address'])."', `city` = '".$db->quote($_REQUEST['city'])."', `province` = '".$db->quote($_REQUEST['province'])."', `country` = '".$db->quote($_REQUEST['country'])."', `postalcode` = '".$db->quote($_REQUEST['postal'])."'".$password." WHERE username = '".$_SESSION['equate_auth']."'");
  473. if ($_REQUEST['set_pref_billing_currency'] != $pref_billing_currency_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('billing_currency', '".$_REQUEST['set_pref_billing_currency']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_billing_currency']."'"); }
  474. if ($_REQUEST['set_pref_billing_currency_decimal'] != $pref_billing_currency_decimal_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('billing_currency_decimal', '".$_REQUEST['set_pref_billing_currency_decimal']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_billing_currency_decimal']."'"); }
  475. if ($_REQUEST['set_pref_billing_currency_position'] != $pref_billing_currency_position_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('billing_currency_position', '".$_REQUEST['set_pref_billing_currency_position']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_billing_currency_position']."'"); }
  476. if ($_REQUEST['set_pref_billing_currency_thousand'] != $pref_billing_currency_thousand_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('billing_currency_thousand', '".$_REQUEST['set_pref_billing_currency_thousand']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_billing_currency_thousand']."'"); }
  477. if ($_REQUEST['set_pref_billing_pricedisplay'] != $pref_billing_pricedisplay_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('billing_pricedisplay', '".$_REQUEST['set_pref_billing_pricedisplay']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_billing_pricedisplay']."'"); }
  478. if ($_REQUEST['set_pref_display_disabled'] != $pref_display_disabled_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('display_disabled', '".$_REQUEST['set_pref_display_disabled']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_display_disabled']."'"); }
  479. if ($_REQUEST['set_pref_date_display'] != $pref_date_display_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('date_display', '".$_REQUEST['set_pref_date_display']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_date_display']."'"); }
  480. if ($_REQUEST['set_pref_date_time'] != $pref_date_time_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('date_time', '".$_REQUEST['set_pref_date_time']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_date_time']."'"); }
  481. if ($_REQUEST['set_pref_date_timezone'] != $pref_date_timezone_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('date_timezone', '".$_REQUEST['set_pref_date_timezone']. "', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE value = '".$_REQUEST['set_pref_date_timezone']."'"); }
  482. if ($_REQUEST['set_pref_default_calendar'] != $pref_default_calendar_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('default_calendar', '".$db->quote($_REQUEST['set_pref_default_calendar'])."', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_default_calendar'])."'"); }
  483. if ($_REQUEST['set_pref_default_schedule'] != $pref_default_schedule_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('default_schedule', '".$db->quote($_REQUEST['set_pref_default_schedule'])."', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_default_schedule'])."'"); }
  484. if ($_REQUEST['set_pref_display_name'] != $pref_display_name_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('display_name', '".$db->quote($_REQUEST['set_pref_display_name'])."', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_display_name'])."'"); }
  485. if ($_REQUEST['set_pref_display_product'] != $pref_display_product_user) { $query = $db->query("INSERT INTO ".$dbdb.".equate_preferences (`property`, `value`, `owner`) VALUES ('display_product', '".$db->quote($_REQUEST['set_pref_display_product'])."', '".$_SESSION['equate_auth_id']."') ON DUPLICATE KEY UPDATE `value` = '".$db->quote($_REQUEST['set_pref_display_product'])."'"); }
  486. }
  487. if ($_REQUEST['request'] == "settings_adapter") {
  488. // parse parms
  489. $params = "?sync_customers=".$_REQUEST['sync_customers']."&sync_inventory=".$_REQUEST['sync_inventory']."&sync_orders=".$_REQUEST['sync_orders']."&sync_purchasing=".$_REQUEST['sync_purchasing'];
  490. $query = $db->query("UPDATE ".$dbdb.".equate_adapters SET `timezone` = '".$db->quote($_REQUEST['timezone'])."', `currency` = '".$db->quote($_REQUEST['currency'])."', `shop` = '".$db->quote($_REQUEST['shop'])."', `lang` = '".$db->quote($_REQUEST['lang'])."', `params` = '".$db->quote($params)."', `interval` = '".$db->quote($_REQUEST['sync_interval'])."', `configured` = '1' WHERE `id` = '".$_REQUEST['request_id']."'");
  491. }
  492. if ($_REQUEST['request'] == "calendar_event") {
  493. // parse parms
  494. if (isset($_REQUEST['start'])) { $stmt_start = "`start` = '".$db->quote(strtotime(str_replace("T", " ", $_REQUEST['start'])))."', "; }
  495. $query = $db->query("UPDATE ".$dbdb.".equate_calendar SET ".$stmt_start."`end` = '".$db->quote(strtotime(str_replace("T", " ", $_REQUEST['end'])))."', `lastupdated` = '".time()."' WHERE `ref` = '".$_REQUEST['request_id']."'");
  496. }
  497. if ($_REQUEST['request'] == "timecard_entry") {
  498. $query = $db->select("SELECT `time` FROM ".$dbdb.".`equate_timecard` WHERE `ref` = '".$_REQUEST['request_id']."'");
  499. if ($query->num_rows != "0") {
  500. foreach ($query as $row) {
  501. $start_time = $row['time'];
  502. }
  503. }
  504. // parse parms
  505. if (isset($_REQUEST['start'])) { $stmt_start = "`time` = '".$db->quote(strtotime(str_replace("T", " ", $_REQUEST['start'])))."', "; $start_time = strtotime(str_replace("T", " ", $_REQUEST['start'])); }
  506. $query = $db->query("UPDATE ".$dbdb.".equate_timecard SET ".$stmt_start."`outtime` = '".$db->quote(strtotime(str_replace("T", " ", $_REQUEST['end'])))."', `total` = '".$db->quote((strtotime(str_replace("T", " ", $_REQUEST['end'])) - $start_time))."', `lastupdated` = '".time()."' WHERE `ref` = '".$_REQUEST['request_id']."'");
  507. $destination = "dialog,Info,timecard,".$_REQUEST['request_id'].",lg";
  508. }
  509. if ($_REQUEST['request'] == "delete") {
  510. if ($_REQUEST['table'] == "equate_products") {
  511. $query = $db->select("SELECT `id` FROM ".$dbdb.".`equate_products` WHERE `storeid` = '".$_REQUEST['id']."'");
  512. foreach ($query as $row) {
  513. $pid = $row['id'];
  514. }
  515. $query = $db->query("DELETE FROM ".$dbdb.".equate_product_descriptions WHERE `pid` = '".$pid."'");
  516. $query = $db->query("DELETE FROM ".$dbdb.".equate_inventory_supply WHERE `pid` = '".$pid."'");
  517. $query = $db->query("DELETE FROM ".$dbdb.".equate_inventory_warehouse_stock WHERE `storeid` = '".$_REQUEST['id']."'");
  518. }
  519. if ($_REQUEST['table'] == "equate_attributes") {
  520. // delete all sub values
  521. $query = $db->query("DELETE FROM ".$dbdb.".equate_attribute_values WHERE `group_id` = '".$_REQUEST['id']."'");
  522. }
  523. $query = $db->query("DELETE FROM ".$dbdb.".".$_REQUEST['table']." WHERE `".$_REQUEST['column']."` = '".$_REQUEST['id']."'");
  524. $query = $db->query("INSERT INTO ".$dbdb.".equate_deleted (`table`, `column`, `identifier`, `lastupdated`) VALUES ('".str_replace('equate_', '', $_REQUEST['table'])."', '".$_REQUEST['column']."', '".$_REQUEST['id']."', '".time()."')");
  525. }
  526. if ($_REQUEST['request'] == "toggle") {
  527. $query = $db->select("SELECT `enabled` FROM ".$dbdb.".`".$_REQUEST['table']."` WHERE `".$_REQUEST['column']."` = '".$_REQUEST['id']."'");
  528. if ($query->num_rows != "0") {
  529. foreach ($query as $row) {
  530. $status = $row['enabled'];
  531. }
  532. } else { echo "error"; }
  533. if ($status == "1") {
  534. // disable
  535. $new_status = "0";
  536. } else {
  537. // enabled
  538. $new_status = "1";
  539. }
  540. $query = $db->query("UPDATE ".$dbdb.".`".$_REQUEST['table']."` SET `lastupdated` = '".time()."', `enabled` = '".$db->quote($new_status)."' WHERE `".$_REQUEST['column']."` = '".$_REQUEST['id']."'");
  541. }
  542. if ($_REQUEST['request'] == "ajax_customers") {
  543. $row = array();
  544. $return_arr = array();
  545. $row_array = array();
  546. $query = $db->select("SELECT storeid,first,last FROM ".$dbdb.".`equate_customers` WHERE `first` LIKE '%".$_REQUEST['q']."%' OR `last` LIKE '%".$_REQUEST['q']."%' OR `sku` = '".$_REQUEST['q']."' OR `address2` = '".$_REQUEST['q']."'");
  547. foreach ($query as $row) {
  548. $row_array['id'] = $row['storeid'];
  549. $row_array['text'] = utf8_encode(Name('customer','storeid',$row['storeid']));
  550. array_push($return_arr,$row_array);
  551. }
  552. $ret = array();
  553. $ret['items'] = $return_arr;
  554. echo json_encode($ret);
  555. $query = "1";
  556. }
  557. if ($_REQUEST['request'] == "ajax_transactions") {
  558. $row = array();
  559. $return_arr = array();
  560. $row_array = array();
  561. $query = $db->select("SELECT id FROM ".$dbdb.".`equate_transactions` WHERE `id` LIKE '%".$_REQUEST['q']."%'");
  562. foreach ($query as $row) {
  563. $row_array['id'] = $row['id'];
  564. $row_array['text'] = $row['id'];
  565. array_push($return_arr,$row_array);
  566. }
  567. $ret = array();
  568. $ret['items'] = $return_arr;
  569. echo json_encode($ret);
  570. $query = "1";
  571. }
  572. if ($_REQUEST['request'] == "ajax_products") {
  573. $row = array();
  574. $return_arr = array();
  575. $row_array = array();
  576. $query = $db->select("SELECT `desc`,id,storeid FROM ".$dbdb.".`equate_products` WHERE `desc` LIKE '%".$_REQUEST['q']."%' ORDER BY storeid ASC");
  577. foreach ($query as $row) {
  578. $row_array['id'] = $row['storeid'];
  579. $row_array['text'] = utf8_encode(Name('product','id',$row['id']));
  580. array_push($return_arr,$row_array);
  581. }
  582. $ret = array();
  583. $ret['items'] = $return_arr;
  584. echo json_encode($ret);
  585. $query = "1";
  586. }
  587.  
  588. // check and return errors
  589. if (is_array($query)) { $query = $query[0]; } else { $query = $query; }
  590. if ($query != "1") {
  591. echo "error,".$query;
  592. } else {
  593. echo $destination;
  594. }
  595. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!