当前位置: 首页>>代码示例>>PHP>>正文


PHP CI_Input::xss_clean方法代码示例

本文整理汇总了PHP中CI_Input::xss_clean方法的典型用法代码示例。如果您正苦于以下问题:PHP CI_Input::xss_clean方法的具体用法?PHP CI_Input::xss_clean怎么用?PHP CI_Input::xss_clean使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在CI_Input的用法示例。


在下文中一共展示了CI_Input::xss_clean方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: validate

 /**
  * Validate that the given username and password are valid
  *
  * @param string  $user     Username
  * @param string  $pass     Password
  * @param boolean $isMd5    Flag to indicate whether incoming password 
  *                          is plaintext or md5
  *
  * @return boolean
  */
 public function validate($user, $userPass, $isMd5 = false, CI_Input $input = null)
 {
     $ret = $this->getUserByUsername($user);
     // make sure we're using an md5 format, passwords are hashed md5s (yes, really)
     $pass = $isMd5 ? $userPass : md5($userPass);
     // did we get a row and do the passwords match?
     if (isset($ret[0])) {
         if (password_verify($pass, $ret[0]->password)) {
             return true;
         } else {
             // may be the password in the database was stored when CI's
             // global_xss_filtering was set to true. We can only test for
             // this if the password passed in was not md5'd.
             if (false === $isMd5) {
                 $pass = $input->xss_clean($userPass);
                 $pass = md5($pass);
                 if (password_verify($pass, $ret[0]->password)) {
                     // it was! Let's store the actually $userPass
                     $password = password_hash(md5($userPass), PASSWORD_DEFAULT);
                     $this->db->where('username', $user);
                     $this->db->update('user', array('password' => $password));
                     return true;
                 }
             }
         }
     }
     return false;
 }
开发者ID:asgrim,项目名称:joind.in,代码行数:38,代码来源:user_model.php

示例2: customers_form

function customers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('customers');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: Country
    $combo_Country = new Combo();
    $combo_Country->ListType = 0;
    $combo_Country->MultipleSeparator = ', ';
    $combo_Country->ListBoxHeight = 10;
    $combo_Country->RadiosPerLine = 1;
    if (is_file(dirname(__FILE__) . '/hooks/customers.Country.csv')) {
        $Country_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/customers.Country.csv')));
        $combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($Country_data)));
        $combo_Country->ListData = $combo_Country->ListItem;
    } else {
        $combo_Country->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Afghanistan;;Albania;;Algeria;;American Samoa;;Andorra;;Angola;;Anguilla;;Antarctica;;Antigua, Barbuda;;Argentina;;Armenia;;Aruba;;Australia;;Austria;;Azerbaijan;;Bahamas;;Bahrain;;Bangladesh;;Barbados;;Belarus;;Belgium;;Belize;;Benin;;Bermuda;;Bhutan;;Bolivia;;Bosnia, Herzegovina;;Botswana;;Bouvet Is.;;Brazil;;Brunei Darussalam;;Bulgaria;;Burkina Faso;;Burundi;;Cambodia;;Cameroon;;Canada;;Canary Is.;;Cape Verde;;Cayman Is.;;Central African Rep.;;Chad;;Channel Islands;;Chile;;China;;Christmas Is.;;Cocos Is.;;Colombia;;Comoros;;Congo, D.R. Of;;Congo;;Cook Is.;;Costa Rica;;Croatia;;Cuba;;Cyprus;;Czech Republic;;Denmark;;Djibouti;;Dominica;;Dominican Republic;;Ecuador;;Egypt;;El Salvador;;Equatorial Guinea;;Eritrea;;Estonia;;Ethiopia;;Falkland Is.;;Faroe Is.;;Fiji;;Finland;;France;;French Guiana;;French Polynesia;;French Territories;;Gabon;;Gambia;;Georgia;;Germany;;Ghana;;Gibraltar;;Greece;;Greenland;;Grenada;;Guadeloupe;;Guam;;Guatemala;;Guernsey;;Guinea-bissau;;Guinea;;Guyana;;Haiti;;Heard, Mcdonald Is.;;Honduras;;Hong Kong;;Hungary;;Iceland;;India;;Indonesia;;Iran;;Iraq;;Ireland;;Israel;;Italy;;Ivory Coast;;Jamaica;;Japan;;Jersey;;Jordan;;Kazakhstan;;Kenya;;Kiribati;;Korea, D.P.R Of;;Korea, Rep. Of;;Kuwait;;Kyrgyzstan;;Lao Peoples D.R.;;Latvia;;Lebanon;;Lesotho;;Liberia;;Libyan Arab Jamahiriya;;Liechtenstein;;Lithuania;;Luxembourg;;Macao;;Macedonia, F.Y.R Of;;Madagascar;;Malawi;;Malaysia;;Maldives;;Mali;;Malta;;Mariana Islands;;Marshall Islands;;Martinique;;Mauritania;;Mauritius;;Mayotte;;Mexico;;Micronesia;;Moldova;;Monaco;;Mongolia;;Montserrat;;Morocco;;Mozambique;;Myanmar;;Namibia;;Nauru;;Nepal;;Netherlands Antilles;;Netherlands;;New Caledonia;;New Zealand;;Nicaragua;;Niger;;Nigeria;;Niue;;Norfolk Island;;Norway;;Oman;;Pakistan;;Palau;;Palestinian Terr.;;Panama;;Papua New Guinea;;Paraguay;;Peru;;Philippines;;Pitcairn;;Poland;;Portugal;;Puerto Rico;;Qatar;;Reunion;;Romania;;Russian Federation;;Rwanda;;Samoa;;San Marino;;Sao Tome, Principe;;Saudi Arabia;;Senegal;;Seychelles;;Sierra Leone;;Singapore;;Slovakia;;Slovenia;;Solomon Is.;;Somalia;;South Africa;;South Georgia;;South Sandwich Is.;;Spain;;Sri Lanka;;St. Helena;;St. Kitts, Nevis;;St. Lucia;;St. Pierre, Miquelon;;St. Vincent, Grenadines;;Sudan;;Suriname;;Svalbard, Jan Mayen;;Swaziland;;Sweden;;Switzerland;;Syrian Arab Republic;;Taiwan;;Tajikistan;;Tanzania;;Thailand;;Timor-leste;;Togo;;Tokelau;;Tonga;;Trinidad, Tobago;;Tunisia;;Turkey;;Turkmenistan;;Turks, Caicoss;;Tuvalu;;Uganda;;Ukraine;;United Arab Emirates;;United Kingdom;;United States;;Uruguay;;Uzbekistan;;Vanuatu;;Vatican City;;Venezuela;;Viet Nam;;Virgin Is. British;;Virgin Is. U.S.;;Wallis, Futuna;;Western Sahara;;Yemen;;Yugoslavia;;Zambia;;Zimbabwe")));
        $combo_Country->ListData = $combo_Country->ListItem;
    }
    $combo_Country->SelectName = 'Country';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='customers' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `customers` where `CustomerID`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_Country->SelectedData = $row['Country'];
    } else {
        $combo_Country->SelectedText = $_REQUEST['FilterField'][1] == '9' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
    }
    $combo_Country->Render();
    // code for template based detail view forms
    // open the detail view template
    if ($dvprint) {
        $templateCode = @file_get_contents('./templates/customers_templateDVP.html');
    } else {
        $templateCode = @file_get_contents('./templates/customers_templateDV.html');
    }
    // process form title
    $templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Detail View', $templateCode);
    $templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
    $templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
    // process buttons
    if ($arrPerm[1] && !$selected_id) {
        // allow insert and no record selected?
        if (!$selected_id) {
            $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
        }
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return customers_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
    } else {
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
    }
    // 'Back' button action
    if ($_REQUEST['Embedded']) {
        $backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
    } else {
        $backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
    }
    if ($selected_id) {
        if (!$_REQUEST['Embedded']) {
            $templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
//.........这里部分代码省略.........
开发者ID:ahmedandroid1980,项目名称:appgini,代码行数:101,代码来源:customers_dml.php

示例3: categories_form

function categories_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('categories');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='categories' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `categories` where `CategoryID`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
    } else {
    }
    ob_start();
    ?>

	<script>
		// initial lookup values

		jQuery(function() {
		});
	</script>
	<?php 
    $lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
    ob_end_clean();
    // code for template based detail view forms
    // open the detail view template
    if ($dvprint) {
        $templateCode = @file_get_contents('./templates/categories_templateDVP.html');
    } else {
        $templateCode = @file_get_contents('./templates/categories_templateDV.html');
    }
    // process form title
    $templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Add/Edit Product Categories', $templateCode);
    $templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
    $templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
    // process buttons
    if ($arrPerm[1] && !$selected_id) {
        // allow insert and no record selected?
        if (!$selected_id) {
            $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
        }
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
    } else {
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
    }
    // 'Back' button action
    if ($_REQUEST['Embedded']) {
        $backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
    } else {
        $backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
    }
    if ($selected_id) {
        if (!$_REQUEST['Embedded']) {
            $templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
        }
        if ($AllowUpdate) {
            $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return categories_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
        } else {
            $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
        }
//.........这里部分代码省略.........
开发者ID:bigprof,项目名称:appgini-mssql,代码行数:101,代码来源:categories_dml.php

示例4: Render


//.........这里部分代码省略.........
                 $attr_id = htmlspecialchars($row[$FieldCountTV], ENT_QUOTES, 'iso-8859-1');
                 /* pk value suitable for inserting into html tag attributes */
                 $js_id = addslashes($row[$FieldCountTV]);
                 /* pk value suitable for inserting into js strings */
                 $alt = ($i - $FirstRecord) % 2;
                 if (($PrintTV || $Print_x) && count($_POST['record_selector']) && !in_array($row[$FieldCountTV], $_POST['record_selector'])) {
                     continue;
                 }
                 $class = "TableBody" . ($alt ? 'Selected' : '') . ($fNumeric ? 'Numeric' : '');
                 if ($Print_x != '') {
                     $this->HTML .= '<tr>';
                 }
                 if (!$Print_x) {
                     $this->HTML .= $SelectedID == $row[$FieldCountTV] ? '<tr class="active">' : '<tr>';
                     $checked = is_array($_POST['record_selector']) && in_array($row[$FieldCountTV], $_POST['record_selector']) ? ' checked' : '';
                     $this->HTML .= "<td class=\"text-center\"><input class=\"hidden-print record_selector\" type=\"checkbox\" id=\"record_selector_{$attr_id}\" name=\"record_selector[]\" value=\"{$attr_id}\"{$checked}></td>";
                 }
                 // templates
                 if ($rowTemplate != '') {
                     if ($this->AllowSelection == 1 && $SelectedID == $row[$FieldCountTV] && $selrowTemplate != '') {
                         $rowTemp = $selrowTemplate;
                     } else {
                         $rowTemp = $rowTemplate;
                     }
                     if ($this->AllowSelection == 1 && $SelectedID != $row[$FieldCountTV]) {
                         $rowTemp = str_replace('<%%SELECT%%>', "<a onclick=\"document.myform.SelectedField.value=this.parentNode.cellIndex; document.myform.SelectedID.value='" . addslashes($row[$FieldCountTV]) . "'; document.myform.submit(); return false;\" href=\"{$this->ScriptFileName}?SelectedID=" . htmlspecialchars($row[$FieldCountTV], ENT_QUOTES) . "\" class=\"{$class}\" style=\"display: block; padding:0px;\">", $rowTemp);
                         $rowTemp = str_replace('<%%ENDSELECT%%>', '</a>', $rowTemp);
                     } else {
                         $rowTemp = str_replace('<%%SELECT%%>', '', $rowTemp);
                         $rowTemp = str_replace('<%%ENDSELECT%%>', '', $rowTemp);
                     }
                     for ($j = 0; $j < $FieldCountTV; $j++) {
                         $fieldTVCaption = current(array_slice($this->QueryFieldsTV, $j, 1));
                         $fd = $hc->xss_clean(nl2br($row[$j]));
                         /* Sanitize output against XSS attacks */
                         /*
                         	the TV template could contain field placeholders in the format 
                         	<%%FIELD_n%%> or <%%VALUE(Field name)%%> 
                         */
                         $rowTemp = str_replace("<%%FIELD_{$j}%%>", thisOr($fd), $rowTemp);
                         $rowTemp = str_replace("<%%VALUE({$fieldTVCaption})%%>", thisOr($fd), $rowTemp);
                         if (strpos($rowTemp, "<%%YOUTUBETHUMB({$fieldTVCaption})%%>") !== false) {
                             $rowTemp = str_replace("<%%YOUTUBETHUMB({$fieldTVCaption})%%>", thisOr(get_embed('youtube', $fd, '', '', 'thumbnail_url'), 'blank.gif'), $rowTemp);
                         }
                         if (strpos($rowTemp, "<%%GOOGLEMAPTHUMB({$fieldTVCaption})%%>") !== false) {
                             $rowTemp = str_replace("<%%GOOGLEMAPTHUMB({$fieldTVCaption})%%>", thisOr(get_embed('googlemap', $fd, '', '', 'thumbnail_url'), 'blank.gif'), $rowTemp);
                         }
                         if (thisOr($fd) == '&nbsp;' && preg_match('/<a href=".*?&nbsp;.*?<\\/a>/i', $rowTemp, $m)) {
                             $rowTemp = str_replace($m[0], '', $rowTemp);
                         }
                     }
                     if ($alt && $SelectedID != $row[$FieldCountTV]) {
                         $rowTemp = str_replace("TableBody", "TableBodySelected", $rowTemp);
                         $rowTemp = str_replace("TableBodyNumeric", "TableBodySelectedNumeric", $rowTemp);
                         $rowTemp = str_replace("SelectedSelected", "Selected", $rowTemp);
                     }
                     if ($SearchString != '') {
                         $rowTemp = highlight($SearchString, $rowTemp);
                     }
                     $this->HTML .= $rowTemp;
                     $rowTemp = '';
                 } else {
                     // end of templates
                     for ($j = 0; $j < $FieldCountTV; $j++) {
                         $fType = db_field_type($result, $j);
                         $fNumeric = stristr($fType, 'int') || stristr($fType, 'float') || stristr($fType, 'decimal') || stristr($fType, 'numeric') || stristr($fType, 'real') || stristr($fType, 'double') ? true : false;
开发者ID:ahmedandroid1980,项目名称:appgini,代码行数:67,代码来源:datalist.php

示例5: orders_form

function orders_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('orders');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    $filterer_CustomerID = thisOr(undo_magic_quotes($_REQUEST['filterer_CustomerID']), '');
    $filterer_EmployeeID = thisOr(undo_magic_quotes($_REQUEST['filterer_EmployeeID']), '');
    $filterer_ShipVia = thisOr(undo_magic_quotes($_REQUEST['filterer_ShipVia']), '');
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: CustomerID
    $combo_CustomerID = new DataCombo();
    // combobox: EmployeeID
    $combo_EmployeeID = new DataCombo();
    // combobox: OrderDate
    $combo_OrderDate = new DateCombo();
    $combo_OrderDate->DateFormat = "mdy";
    $combo_OrderDate->MinYear = 1900;
    $combo_OrderDate->MaxYear = 2100;
    $combo_OrderDate->DefaultDate = parseMySQLDate('1', '1');
    $combo_OrderDate->MonthNames = $Translation['month names'];
    $combo_OrderDate->NamePrefix = 'OrderDate';
    // combobox: RequiredDate
    $combo_RequiredDate = new DateCombo();
    $combo_RequiredDate->DateFormat = "mdy";
    $combo_RequiredDate->MinYear = 1900;
    $combo_RequiredDate->MaxYear = 2100;
    $combo_RequiredDate->DefaultDate = parseMySQLDate('1', '1');
    $combo_RequiredDate->MonthNames = $Translation['month names'];
    $combo_RequiredDate->NamePrefix = 'RequiredDate';
    // combobox: ShippedDate
    $combo_ShippedDate = new DateCombo();
    $combo_ShippedDate->DateFormat = "mdy";
    $combo_ShippedDate->MinYear = 1900;
    $combo_ShippedDate->MaxYear = 2100;
    $combo_ShippedDate->DefaultDate = parseMySQLDate('', '');
    $combo_ShippedDate->MonthNames = $Translation['month names'];
    $combo_ShippedDate->NamePrefix = 'ShippedDate';
    // combobox: ShipVia
    $combo_ShipVia = new DataCombo();
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='orders' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `orders` where `OrderID`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_CustomerID->SelectedData = $row['CustomerID'];
        $combo_EmployeeID->SelectedData = $row['EmployeeID'];
        $combo_OrderDate->DefaultDate = $row['OrderDate'];
        $combo_RequiredDate->DefaultDate = $row['RequiredDate'];
        $combo_ShippedDate->DefaultDate = $row['ShippedDate'];
        $combo_ShipVia->SelectedData = $row['ShipVia'];
    } else {
        $combo_CustomerID->SelectedData = $filterer_CustomerID;
        $combo_EmployeeID->SelectedData = $filterer_EmployeeID;
        $combo_ShipVia->SelectedData = $filterer_ShipVia;
    }
    $combo_CustomerID->HTML = '<span id="CustomerID-container' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
    $combo_CustomerID->MatchText = '<span id="CustomerID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="CustomerID" id="CustomerID' . $rnd1 . '" value="' . htmlspecialchars($combo_CustomerID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
    $combo_EmployeeID->HTML = '<span id="EmployeeID-container' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
    $combo_EmployeeID->MatchText = '<span id="EmployeeID-container-readonly' . $rnd1 . '"></span><input type="hidden" name="EmployeeID" id="EmployeeID' . $rnd1 . '" value="' . htmlspecialchars($combo_EmployeeID->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
    $combo_ShipVia->HTML = '<span id="ShipVia-container' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
    $combo_ShipVia->MatchText = '<span id="ShipVia-container-readonly' . $rnd1 . '"></span><input type="hidden" name="ShipVia" id="ShipVia' . $rnd1 . '" value="' . htmlspecialchars($combo_ShipVia->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
//.........这里部分代码省略.........
开发者ID:bigprof,项目名称:appgini-mssql,代码行数:101,代码来源:orders_dml.php

示例6: outcomes_form

function outcomes_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('outcomes');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    $filterer_outcome_area = thisOr(undo_magic_quotes($_REQUEST['filterer_outcome_area']), '');
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: outcome_area
    $combo_outcome_area = new DataCombo();
    // combobox: strata
    $combo_strata = new Combo();
    $combo_strata->ListType = 0;
    $combo_strata->MultipleSeparator = ', ';
    $combo_strata->ListBoxHeight = 10;
    $combo_strata->RadiosPerLine = 1;
    if (is_file(dirname(__FILE__) . '/hooks/outcomes.strata.csv')) {
        $strata_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/outcomes.strata.csv')));
        $combo_strata->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($strata_data)));
        $combo_strata->ListData = $combo_strata->ListItem;
    } else {
        $combo_strata->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Individuals;;Community, Sector & Society")));
        $combo_strata->ListData = $combo_strata->ListItem;
    }
    $combo_strata->SelectName = 'strata';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='outcomes' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='outcomes' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `outcomes` where `outcome_id`='" . makeSafe($selected_id) . "'", $eo);
        $row = mysql_fetch_array($res);
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_outcome_area->SelectedData = $row['outcome_area'];
        $combo_strata->SelectedData = $row['strata'];
    } else {
        $combo_outcome_area->SelectedData = $filterer_outcome_area;
        $combo_strata->SelectedText = $_REQUEST['FilterField'][1] == '4' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
    }
    $combo_outcome_area->HTML = $combo_outcome_area->MatchText = '<span id="outcome_area-container' . $rnd1 . '"></span><input type="hidden" name="outcome_area" id="outcome_area' . $rnd1 . '">';
    $combo_strata->Render();
    ob_start();
    ?>

	<script>
		// initial lookup values
		var current_outcome_area__RAND__ = { text: "", value: "<?php 
    echo addslashes($selected_id ? $urow['outcome_area'] : $filterer_outcome_area);
    ?>
"};
		
		jQuery(function() {
			outcome_area_reload__RAND__();
		});
		function outcome_area_reload__RAND__(){
		<?php 
    if (($AllowUpdate || $AllowInsert) && !$dvprint) {
        ?>

			jQuery("#outcome_area-container__RAND__").select2({
				/* initial default value */
				initSelection: function(e, c){
					jQuery.ajax({
						url: 'ajax_combo.php',
						dataType: 'json',
						data: { id: current_outcome_area__RAND__.value, t: 'outcomes', f: 'outcome_area' }
					}).done(function(resp){
						c({
//.........这里部分代码省略.........
开发者ID:centaurustech,项目名称:git-SID,代码行数:101,代码来源:outcomes_dml.php

示例7: residence_and_rental_history_form

function residence_and_rental_history_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('residence_and_rental_history');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    $filterer_tenant = thisOr(undo_magic_quotes($_REQUEST['filterer_tenant']), '');
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: tenant
    $combo_tenant = new DataCombo();
    // combobox: duration_of_residency_from
    $combo_duration_of_residency_from = new DateCombo();
    $combo_duration_of_residency_from->DateFormat = "mdy";
    $combo_duration_of_residency_from->MinYear = 1900;
    $combo_duration_of_residency_from->MaxYear = 2100;
    $combo_duration_of_residency_from->DefaultDate = parseMySQLDate('', '');
    $combo_duration_of_residency_from->MonthNames = $Translation['month names'];
    $combo_duration_of_residency_from->NamePrefix = 'duration_of_residency_from';
    // combobox: to
    $combo_to = new DateCombo();
    $combo_to->DateFormat = "mdy";
    $combo_to->MinYear = 1900;
    $combo_to->MaxYear = 2100;
    $combo_to->DefaultDate = parseMySQLDate('', '');
    $combo_to->MonthNames = $Translation['month names'];
    $combo_to->NamePrefix = 'to';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='residence_and_rental_history' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='residence_and_rental_history' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `residence_and_rental_history` where `id`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_tenant->SelectedData = $row['tenant'];
        $combo_duration_of_residency_from->DefaultDate = $row['duration_of_residency_from'];
        $combo_to->DefaultDate = $row['to'];
    } else {
        $combo_tenant->SelectedData = $filterer_tenant;
    }
    $combo_tenant->HTML = '<span id="tenant-container' . $rnd1 . '"></span><input type="hidden" name="tenant" id="tenant' . $rnd1 . '">';
    $combo_tenant->MatchText = '<span id="tenant-container-readonly' . $rnd1 . '"></span><input type="hidden" name="tenant" id="tenant' . $rnd1 . '">';
    ob_start();
    ?>

	<script>
		// initial lookup values
		var current_tenant__RAND__ = { text: "", value: "<?php 
    echo addslashes($selected_id ? $urow['tenant'] : $filterer_tenant);
    ?>
"};

		jQuery(function() {
			tenant_reload__RAND__();
		});
		function tenant_reload__RAND__(){
		<?php 
    if (($AllowUpdate || $AllowInsert) && !$dvprint) {
        ?>

			jQuery("#tenant-container__RAND__").select2({
				/* initial default value */
				initSelection: function(e, c){
					jQuery.ajax({
						url: 'ajax_combo.php',
//.........这里部分代码省略.........
开发者ID:vishwanathhsinhaa,项目名称:tieuthuong-org,代码行数:101,代码来源:residence_and_rental_history_dml.php

示例8: submitlog_form

function submitlog_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('submitlog');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: pdate
    $combo_pdate = new DateCombo();
    $combo_pdate->DateFormat = "mdy";
    $combo_pdate->MinYear = 1900;
    $combo_pdate->MaxYear = 2100;
    $combo_pdate->DefaultDate = parseMySQLDate('', '');
    $combo_pdate->MonthNames = $Translation['month names'];
    $combo_pdate->NamePrefix = 'pdate';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='submitlog' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='submitlog' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `submitlog` where `submid`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_pdate->DefaultDate = $row['pdate'];
    } else {
    }
    // code for template based detail view forms
    // open the detail view template
    $templateCode = @file_get_contents('./templates/submitlog_templateDV.html');
    // process form title
    $templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Filtered Submissions', $templateCode);
    $templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
    $templateCode = str_replace('<%%EMBEDDED%%>', $_REQUEST['Embedded'] ? 'Embedded=1' : '', $templateCode);
    // process buttons
    if ($arrPerm[1] && !$selected_id) {
        // allow insert and no record selected?
        if (!$selected_id) {
            $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return submitlog_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
        }
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return submitlog_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
    } else {
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
    }
    // 'Back' button action
    if ($_REQUEST['Embedded']) {
        $backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
    } else {
        $backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
    }
    if ($selected_id) {
        if ($AllowUpdate) {
            $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return submitlog_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
        } else {
            $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
        }
        if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
            // allow delete?
            $templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
        } else {
            $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
        }
        $templateCode = str_replace('<%%DESELECT_BUTTON%%>', '<button type="submit" class="btn btn-default" id="deselect" name="deselect_x" value="1" onclick="' . $backAction . '"><i class="glyphicon glyphicon-chevron-left"></i> ' . $Translation['Back'] . '</button>', $templateCode);
    } else {
        $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
        $templateCode = str_replace('<%%DELETE_BUTTON%%>', '', $templateCode);
//.........这里部分代码省略.........
开发者ID:WebxOne,项目名称:swldbav0.6,代码行数:101,代码来源:submitlog_dml.php

示例9: outcome_areas_form

function outcome_areas_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('outcome_areas');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='outcome_areas' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='outcome_areas' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `outcome_areas` where `outcome_area_id`='" . makeSafe($selected_id) . "'", $eo);
        $row = mysql_fetch_array($res);
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
    } else {
    }
    ob_start();
    ?>

	<script>
		// initial lookup values
		
		jQuery(function() {
		});
	</script>
	<?php 
    $lookups = str_replace('__RAND__', $rnd1, ob_get_contents());
    ob_end_clean();
    // code for template based detail view forms
    // open the detail view template
    if ($dvprint) {
        $templateCode = @file_get_contents('./templates/outcome_areas_templateDVP.html');
    } else {
        $templateCode = @file_get_contents('./templates/outcome_areas_templateDV.html');
    }
    // process form title
    $templateCode = str_replace('<%%DETAIL_VIEW_TITLE%%>', 'Outcome area details', $templateCode);
    $templateCode = str_replace('<%%RND1%%>', $rnd1, $templateCode);
    // process buttons
    if ($arrPerm[1]) {
        // allow insert?
        if (!$selected_id) {
            $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success" id="insert" name="insert_x" value="1" onclick="return outcome_areas_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save New'] . '</button>', $templateCode);
        }
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="insert" name="insert_x" value="1" onclick="return outcome_areas_validateData();"><i class="glyphicon glyphicon-plus-sign"></i> ' . $Translation['Save As Copy'] . '</button>', $templateCode);
    } else {
        $templateCode = str_replace('<%%INSERT_BUTTON%%>', '', $templateCode);
    }
    // 'Back' button action
    if ($_REQUEST['Embedded']) {
        $backAction = 'window.parent.jQuery(\'.modal\').modal(\'hide\'); return false;';
    } else {
        $backAction = '$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;';
    }
    if ($selected_id) {
        if (!$_REQUEST['Embedded']) {
            $templateCode = str_replace('<%%DVPRINT_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-default" id="dvprint" name="dvprint_x" value="1" onclick="$$(\'form\')[0].writeAttribute(\'novalidate\', \'novalidate\'); document.myform.reset(); return true;"><i class="glyphicon glyphicon-print"></i> ' . $Translation['Print Preview'] . '</button>', $templateCode);
        }
        if ($AllowUpdate) {
            $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-success btn-lg" id="update" name="update_x" value="1" onclick="return outcome_areas_validateData();"><i class="glyphicon glyphicon-ok"></i> ' . $Translation['Save Changes'] . '</button>', $templateCode);
        } else {
            $templateCode = str_replace('<%%UPDATE_BUTTON%%>', '', $templateCode);
        }
        if ($arrPerm[4] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[4] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[4] == 3) {
            // allow delete?
            $templateCode = str_replace('<%%DELETE_BUTTON%%>', '<button tabindex="2" type="submit" class="btn btn-danger" id="delete" name="delete_x" value="1" onclick="return confirm(\'' . $Translation['are you sure?'] . '\');"><i class="glyphicon glyphicon-trash"></i> ' . $Translation['Delete'] . '</button>', $templateCode);
        } else {
//.........这里部分代码省略.........
开发者ID:centaurustech,项目名称:git-SID,代码行数:101,代码来源:outcome_areas_dml.php

示例10: entries_form


//.........这里部分代码省略.........
        $equivalence_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/entries.equivalence.csv')));
        $combo_equivalence->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($equivalence_data)));
        $combo_equivalence->ListData = $combo_equivalence->ListItem;
    } else {
        $combo_equivalence->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("1;;2;;3;;4;;5")));
        $combo_equivalence->ListData = $combo_equivalence->ListItem;
    }
    $combo_equivalence->SelectName = 'equivalence';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='entries' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='entries' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `entries` where `entry_id`='" . makeSafe($selected_id) . "'", $eo);
        $row = mysql_fetch_array($res);
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_created->DefaultDate = $row['created'];
        $combo_report->SelectedData = $row['report'];
        $combo_outcome->SelectedData = $row['outcome'];
        $combo_indicator->SelectedData = $row['indicator'];
        $combo_beneficiary_group->SelectedData = $row['beneficiary_group'];
        $combo_beneficiary_group_relevance->SelectedData = $row['beneficiary_group_relevance'];
        $combo_reliability->SelectedData = $row['reliability'];
        $combo_intentionality->SelectedData = $row['intentionality'];
        $combo_equivalence->SelectedData = $row['equivalence'];
    } else {
        $combo_report->SelectedData = $filterer_report;
        $combo_outcome->SelectedData = $filterer_outcome;
        $combo_indicator->SelectedData = $filterer_indicator;
        $combo_beneficiary_group->SelectedData = $filterer_beneficiary_group;
        $combo_beneficiary_group_relevance->SelectedText = $_REQUEST['FilterField'][1] == '10' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_reliability->SelectedText = $_REQUEST['FilterField'][1] == '13' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_intentionality->SelectedText = $_REQUEST['FilterField'][1] == '14' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_equivalence->SelectedText = $_REQUEST['FilterField'][1] == '15' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
    }
    $combo_report->HTML = $combo_report->MatchText = '<span id="report-container' . $rnd1 . '"></span><input type="hidden" name="report" id="report' . $rnd1 . '">';
    $combo_outcome->HTML = $combo_outcome->MatchText = '<span id="outcome-container' . $rnd1 . '"></span><input type="hidden" name="outcome" id="outcome' . $rnd1 . '">';
    $combo_indicator->HTML = $combo_indicator->MatchText = '<span id="indicator-container' . $rnd1 . '"></span><input type="hidden" name="indicator" id="indicator' . $rnd1 . '">';
    $combo_beneficiary_group->HTML = $combo_beneficiary_group->MatchText = '<span id="beneficiary_group-container' . $rnd1 . '"></span><input type="hidden" name="beneficiary_group" id="beneficiary_group' . $rnd1 . '">';
    $combo_beneficiary_group_relevance->Render();
    $combo_reliability->Render();
    $combo_intentionality->Render();
    $combo_equivalence->Render();
    ob_start();
    ?>

	<script>
开发者ID:centaurustech,项目名称:git-SID,代码行数:67,代码来源:entries_dml.php

示例11: properties_form


//.........这里部分代码省略.........
        $combo_State->ListData = $combo_State->ListItem;
    } else {
        $combo_State->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("AL;;AK;;AS;;AZ;;AR;;CA;;CO;;CT;;DE;;DC;;FM;;FL;;GA;;GU;;HI;;ID;;IL;;IN;;IA;;KS;;KY;;LA;;ME;;MH;;MD;;MA;;MI;;MN;;MS;;MO;;MT;;NE;;NV;;NH;;NJ;;NM;;NY;;NC;;ND;;MP;;OH;;OK;;OR;;PW;;PA;;PR;;RI;;SC;;SD;;TN;;TX;;UT;;VT;;VI;;VA;;WA;;WV;;WI;;WY")));
        $combo_State->ListData = $combo_State->ListItem;
    }
    $combo_State->SelectName = 'State';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='properties' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='properties' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `properties` where `id`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_type->SelectedData = $row['type'];
        $combo_owner->SelectedData = $row['owner'];
        $combo_operating_account->SelectedData = $row['operating_account'];
        $combo_country->SelectedData = $row['country'];
        $combo_State->SelectedData = $row['State'];
    } else {
        $combo_type->SelectedText = $_REQUEST['FilterField'][1] == '3' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_owner->SelectedData = $filterer_owner;
        $combo_operating_account->SelectedText = $_REQUEST['FilterField'][1] == '7' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_country->SelectedText = $_REQUEST['FilterField'][1] == '10' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_State->SelectedText = $_REQUEST['FilterField'][1] == '13' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
    }
    $combo_type->Render();
    $combo_owner->HTML = '<span id="owner-container' . $rnd1 . '"></span><input type="hidden" name="owner" id="owner' . $rnd1 . '">';
    $combo_owner->MatchText = '<span id="owner-container-readonly' . $rnd1 . '"></span><input type="hidden" name="owner" id="owner' . $rnd1 . '">';
    $combo_operating_account->Render();
    $combo_country->Render();
    $combo_State->Render();
    ob_start();
    ?>

	<script>
		// initial lookup values
		var current_owner__RAND__ = { text: "", value: "<?php 
    echo addslashes($selected_id ? $urow['owner'] : $filterer_owner);
    ?>
"};

		jQuery(function() {
			owner_reload__RAND__();
		});
开发者ID:vishwanathhsinhaa,项目名称:tieuthuong-org,代码行数:67,代码来源:properties_dml.php

示例12: units_form

function units_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('units');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    $filterer_property = thisOr(undo_magic_quotes($_REQUEST['filterer_property']), '');
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: property
    $combo_property = new DataCombo();
    // combobox: status
    $combo_status = new Combo();
    $combo_status->ListType = 2;
    $combo_status->MultipleSeparator = ', ';
    $combo_status->ListBoxHeight = 10;
    $combo_status->RadiosPerLine = 1;
    if (is_file(dirname(__FILE__) . '/hooks/units.status.csv')) {
        $status_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/units.status.csv')));
        $combo_status->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($status_data)));
        $combo_status->ListData = $combo_status->ListItem;
    } else {
        $combo_status->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Occupied;;Listed;;Unlisted")));
        $combo_status->ListData = $combo_status->ListItem;
    }
    $combo_status->SelectName = 'status';
    $combo_status->AllowNull = false;
    // combobox: features
    $combo_features = new Combo();
    $combo_features->ListType = 3;
    $combo_features->MultipleSeparator = ', ';
    $combo_features->ListBoxHeight = 10;
    $combo_features->RadiosPerLine = 1;
    if (is_file(dirname(__FILE__) . '/hooks/units.features.csv')) {
        $features_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/units.features.csv')));
        $combo_features->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($features_data)));
        $combo_features->ListData = $combo_features->ListItem;
    } else {
        $combo_features->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Cable ready;; Micorwave;;Hardwood floors;; High speed internet;;Air conditioning;;Refrigerator;;Dishwasher;;Walk-in closets;;Balcony;;Deck;;Patio;;Garage parking;;Carport;;Fenced yard;;Laundry room / hookups;; Fireplace;;Oven / range;;Heat - electric;; Heat - gas;; Heat - oil")));
        $combo_features->ListData = $combo_features->ListItem;
    }
    $combo_features->SelectName = 'features';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='units' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='units' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `units` where `id`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_property->SelectedData = $row['property'];
        $combo_status->SelectedData = $row['status'];
        $combo_features->SelectedData = $row['features'];
    } else {
        $combo_property->SelectedData = $filterer_property;
        $combo_status->SelectedText = $_REQUEST['FilterField'][1] == '5' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
    }
    $combo_property->HTML = '<span id="property-container' . $rnd1 . '"></span><input type="hidden" name="property" id="property' . $rnd1 . '">';
    $combo_property->MatchText = '<span id="property-container-readonly' . $rnd1 . '"></span><input type="hidden" name="property" id="property' . $rnd1 . '">';
    $combo_status->Render();
    $combo_features->Render();
    ob_start();
    ?>

	<script>
		// initial lookup values
//.........这里部分代码省略.........
开发者ID:vishwanathhsinhaa,项目名称:tieuthuong-org,代码行数:101,代码来源:units_dml.php

示例13: applicants_and_tenants_form

function applicants_and_tenants_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('applicants_and_tenants');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: birth_date
    $combo_birth_date = new DateCombo();
    $combo_birth_date->DateFormat = "mdy";
    $combo_birth_date->MinYear = 1900;
    $combo_birth_date->MaxYear = 2100;
    $combo_birth_date->DefaultDate = parseMySQLDate('', '');
    $combo_birth_date->MonthNames = $Translation['month names'];
    $combo_birth_date->NamePrefix = 'birth_date';
    // combobox: driver_license_state
    $combo_driver_license_state = new Combo();
    $combo_driver_license_state->ListType = 0;
    $combo_driver_license_state->MultipleSeparator = ', ';
    $combo_driver_license_state->ListBoxHeight = 10;
    $combo_driver_license_state->RadiosPerLine = 1;
    if (is_file(dirname(__FILE__) . '/hooks/applicants_and_tenants.driver_license_state.csv')) {
        $driver_license_state_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/applicants_and_tenants.driver_license_state.csv')));
        $combo_driver_license_state->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($driver_license_state_data)));
        $combo_driver_license_state->ListData = $combo_driver_license_state->ListItem;
    } else {
        $combo_driver_license_state->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("AL;;AK;;AS;;AZ;;AR;;CA;;CO;;CT;;DE;;DC;;FM;;FL;;GA;;GU;;HI;;ID;;IL;;IN;;IA;;KS;;KY;;LA;;ME;;MH;;MD;;MA;;MI;;MN;;MS;;MO;;MT;;NE;;NV;;NH;;NJ;;NM;;NY;;NC;;ND;;MP;;OH;;OK;;OR;;PW;;PA;;PR;;RI;;SC;;SD;;TN;;TX;;UT;;VT;;VI;;VA;;WA;;WV;;WI;;WY")));
        $combo_driver_license_state->ListData = $combo_driver_license_state->ListItem;
    }
    $combo_driver_license_state->SelectName = 'driver_license_state';
    // combobox: status
    $combo_status = new Combo();
    $combo_status->ListType = 2;
    $combo_status->MultipleSeparator = ', ';
    $combo_status->ListBoxHeight = 10;
    $combo_status->RadiosPerLine = 1;
    if (is_file(dirname(__FILE__) . '/hooks/applicants_and_tenants.status.csv')) {
        $status_data = addslashes(implode('', @file(dirname(__FILE__) . '/hooks/applicants_and_tenants.status.csv')));
        $combo_status->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions($status_data)));
        $combo_status->ListData = $combo_status->ListItem;
    } else {
        $combo_status->ListItem = explode('||', entitiesToUTF8(convertLegacyOptions("Applicant;;Tenant;;Previous tenant")));
        $combo_status->ListData = $combo_status->ListItem;
    }
    $combo_status->SelectName = 'status';
    $combo_status->AllowNull = false;
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='applicants_and_tenants' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='applicants_and_tenants' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `applicants_and_tenants` where `id`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_birth_date->DefaultDate = $row['birth_date'];
        $combo_driver_license_state->SelectedData = $row['driver_license_state'];
        $combo_status->SelectedData = $row['status'];
    } else {
        $combo_driver_license_state->SelectedText = $_REQUEST['FilterField'][1] == '8' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_status->SelectedText = $_REQUEST['FilterField'][1] == '13' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "Applicant";
    }
    $combo_driver_license_state->Render();
    $combo_status->Render();
    ob_start();
    ?>
//.........这里部分代码省略.........
开发者ID:vishwanathhsinhaa,项目名称:tieuthuong-org,代码行数:101,代码来源:applicants_and_tenants_dml.php

示例14: duck_mrs2016_form

function duck_mrs2016_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $ShowCancel = 0)
{
    // function to return an editable form for a table records
    // and fill it with data of record whose ID is $selected_id. If $selected_id
    // is empty, an empty form is shown, with only an 'Add New'
    // button displayed.
    global $Translation;
    // mm: get table permissions
    $arrPerm = getTablePermissions('duck_mrs2016');
    if (!$arrPerm[1] && $selected_id == '') {
        return '';
    }
    $AllowInsert = $arrPerm[1] ? true : false;
    // print preview?
    $dvprint = false;
    if ($selected_id && $_REQUEST['dvprint_x'] != '') {
        $dvprint = true;
    }
    $filterer_transaction_id = thisOr(undo_magic_quotes($_REQUEST['filterer_transaction_id']), '');
    // populate filterers, starting from children to grand-parents
    // unique random identifier
    $rnd1 = $dvprint ? rand(1000000, 9999999) : '';
    // combobox: transaction_id
    $combo_transaction_id = new DataCombo();
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='duck_mrs2016' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='duck_mrs2016' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `duck_mrs2016` where `duck_id`='" . makeSafe($selected_id) . "'", $eo);
        if (!($row = db_fetch_array($res))) {
            return error_message($Translation['No records found']);
        }
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_transaction_id->SelectedData = $row['transaction_id'];
    } else {
        $combo_transaction_id->SelectedData = $filterer_transaction_id;
    }
    $combo_transaction_id->HTML = '<span id="transaction_id-container' . $rnd1 . '"></span><input type="hidden" name="transaction_id" id="transaction_id' . $rnd1 . '" value="' . htmlspecialchars($combo_transaction_id->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
    $combo_transaction_id->MatchText = '<span id="transaction_id-container-readonly' . $rnd1 . '"></span><input type="hidden" name="transaction_id" id="transaction_id' . $rnd1 . '" value="' . htmlspecialchars($combo_transaction_id->SelectedData, ENT_QUOTES, 'iso-8859-1') . '">';
    ob_start();
    ?>

	<script>
		// initial lookup values
		var current_transaction_id__RAND__ = { text: "", value: "<?php 
    echo addslashes($selected_id ? $urow['transaction_id'] : $filterer_transaction_id);
    ?>
"};

		jQuery(function() {
			if(typeof(transaction_id_reload__RAND__) == 'function') transaction_id_reload__RAND__();
		});
		function transaction_id_reload__RAND__(){
		<?php 
    if (($AllowUpdate || $AllowInsert) && !$dvprint) {
        ?>

			jQuery("#transaction_id-container__RAND__").select2({
				/* initial default value */
				initSelection: function(e, c){
					jQuery.ajax({
						url: 'ajax_combo.php',
						dataType: 'json',
						data: { id: current_transaction_id__RAND__.value, t: 'duck_mrs2016', f: 'transaction_id' }
					}).done(function(resp){
						c({
							id: resp.results[0].id,
							text: resp.results[0].text
						});
						jQuery('[name="transaction_id"]').val(resp.results[0].id);
						jQuery('[id=transaction_id-container-readonly__RAND__]').html('<span id="transaction_id-match-text">' + resp.results[0].text + '</span>');


						if(typeof(transaction_id_update_autofills__RAND__) == 'function') transaction_id_update_autofills__RAND__();
					});
				},
				width: ($j('fieldset .col-xs-11').width() - 99) + 'px',
				formatNoMatches: function(term){ return '<?php 
        echo addslashes($Translation['No matches found!']);
        ?>
//.........这里部分代码省略.........
开发者ID:bigprof,项目名称:jaap,代码行数:101,代码来源:duck_mrs2016_dml.php

示例15: companies_form


//.........这里部分代码省略.........
    // combobox: created
    $combo_created = new DateCombo();
    $combo_created->DateFormat = "dmy";
    $combo_created->MinYear = 1900;
    $combo_created->MaxYear = 2100;
    $combo_created->DefaultDate = parseMySQLDate('<%%creationDate%%>', '<%%creationDate%%>');
    $combo_created->MonthNames = $Translation['month names'];
    $combo_created->NamePrefix = 'created';
    if ($selected_id) {
        // mm: check member permissions
        if (!$arrPerm[2]) {
            return "";
        }
        // mm: who is the owner?
        $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='companies' and pkValue='" . makeSafe($selected_id) . "'");
        $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='companies' and pkValue='" . makeSafe($selected_id) . "'");
        if ($arrPerm[2] == 1 && getLoggedMemberID() != $ownerMemberID) {
            return "";
        }
        if ($arrPerm[2] == 2 && getLoggedGroupID() != $ownerGroupID) {
            return "";
        }
        // can edit?
        if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) {
            $AllowUpdate = 1;
        } else {
            $AllowUpdate = 0;
        }
        $res = sql("select * from `companies` where `company_id`='" . makeSafe($selected_id) . "'", $eo);
        $row = mysql_fetch_array($res);
        $urow = $row;
        /* unsanitized data */
        $hc = new CI_Input();
        $row = $hc->xss_clean($row);
        /* sanitize data */
        $combo_client->SelectedData = $row['client'];
        $combo_industry->SelectedData = $row['industry'];
        $combo_country_hq->SelectedData = $row['country_hq'];
        $combo_country_operations->SelectedData = $row['country_operations'];
        $combo_company_type->SelectedData = $row['company_type'];
        $combo_sic_code->SelectedData = $row['sic_code'];
        $combo_created->DefaultDate = $row['created'];
    } else {
        $combo_client->SelectedData = $filterer_client;
        $combo_industry->SelectedText = $_REQUEST['FilterField'][1] == '7' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_country_hq->SelectedText = $_REQUEST['FilterField'][1] == '9' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "United Kingdom";
        $combo_company_type->SelectedText = $_REQUEST['FilterField'][1] == '12' && $_REQUEST['FilterOperator'][1] == '<=>' ? get_magic_quotes_gpc() ? stripslashes($_REQUEST['FilterValue'][1]) : $_REQUEST['FilterValue'][1] : "";
        $combo_sic_code->SelectedData = $filterer_sic_code;
    }
    $combo_client->HTML = $combo_client->MatchText = '<span id="client-container' . $rnd1 . '"></span><input type="hidden" name="client" id="client' . $rnd1 . '">';
    $combo_industry->Render();
    $combo_country_hq->Render();
    $combo_country_operations->Render();
    $combo_company_type->Render();
    $combo_sic_code->HTML = $combo_sic_code->MatchText = '<span id="sic_code-container' . $rnd1 . '"></span><input type="hidden" name="sic_code" id="sic_code' . $rnd1 . '">';
    ob_start();
    ?>

	<script>
		// initial lookup values
		var current_client__RAND__ = { text: "", value: "<?php 
    echo addslashes($selected_id ? $urow['client'] : $filterer_client);
    ?>
"};
		var current_sic_code__RAND__ = { text: "", value: "<?php 
    echo addslashes($selected_id ? $urow['sic_code'] : $filterer_sic_code);
开发者ID:centaurustech,项目名称:git-SID,代码行数:67,代码来源:companies_dml.php


注:本文中的CI_Input::xss_clean方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。