Eco-$mart Quote Notes

Not Authorized.

"); exit(); } $QID=$_POST['QID']; if($QID==""){ $QID=$_GET['QID']; } if($QID==""){ echo("

Cannot Continue without Quote Number.

"); exit(); } $CID=$_POST['CID']; if($CID==""){ $CID=$_GET['CID']; } $usrn=$_POST['usrn']; if($usrn==""){ $usrn=$_GET['usrn']; } if($usrn==""){ echo("

Cannot Continue without Representative.

"); exit(); } $dbcnx = @mysql_connect('mysql.plainhost.com', 'ecosmar_ecosmart', 'ecoman1'); $usr=$_POST['usr']; if($usr==""){ $usr=$_GET['usr']; } if($usr==""){ $own='only'; }else{ if($usr != "Matt Ross" AND $usr!="Kent Grubbs"){ $exusr=explode(" ",$usr); mysql_select_db('ecosmar_website', $dbcnx); $getusr=mysql_query("SELECT region FROM repcon WHERE name_1='$exusr[0]' AND name_2='$exusr[1]'"); if(!$getusr){ $air[]="Could not get region."; }else{ $reg = mysql_fetch_array($getusr); $region=$reg[0]; if($region==""){ $unaccepted[]=$usr; }//region is blank else{ $dir=$region; $auths[]=$usr; }//region is not blank }//got usr }//user is not Matt Ross or Kent Grubbs else{ $auths[]=$usr; }//usr is MR or KG }//usr is not blank ////////////////////////////////////////////START DELETE $ot=$_GET['ot']; if($ot=="yes"){ $nID=$_GET['nID']; mysql_select_db('ecosmar_inv', $dbcnx); $outy=mysql_query("DELETE FROM q_notes WHERE ID='$nID' LIMIT 1"); if(!$outy){ $air[]="Could not delete note. Lost connect to Data Base."; }else{ $wonderputt="on"; } }//ot is yes ///////////////////////////////////////////////END DELETE ///////////////////////////////////////////////NEW MESSAGE $messer=$_POST['messer']; if($messer!=""){ mysql_select_db('ecosmar_website', $dbcnx); $pstchk = mysql_query("SELECT ID FROM psw WHERE usrn='$messer'"); if(!$pstchk){ $air[]="Cannot check usrn. Cannot post note."; //echo mysql_error(); }else{ $nuber=mysql_num_rows($pstchk); if($nuber >0){ $auths[]=$messer; }//there is a row with that username }//got pstchk if(empty($air)){ if(in_array($messer,$auths)){ if($messers == "Matt Ross"){ $title="Eco-\$mart President"; } if($messers == "Kent Grubbs"){ $title = "Web Developer"; } if($dir != ""){ $title = "Director: ".$dir; }//a region else{ $title = "Eco-\$mart Representative"; }//no region so obviously... $mess=stripslashes($_POST['mess']); if($mess != ""){ $messo = htmlspecialchars($mess, ENT_QUOTES, 'utf-8'); $today = date("D M j h:i T Y"); mysql_select_db('ecosmar_inv', $dbcnx); $innit = mysql_query("INSERT INTO q_notes SET QID='$QID',CID='$CID',author='$messer',who='$title',messon='$messo',datnum='$today',dtnum='$dtnum'"); if(!$innit){ $air[]="Could not post note. Lost connect with DB."; }else{ $goodjob="yes"; }//postedit }else{ $air[]="Did not post note. No Message."; }//nomessage }//if messer is in auths }//if air is empty else{ echo("

"); foreach($air as $value){ echo(" ¦ $value"); }//4each air echo("

"); }//air is not empty }//messer is not blank ///////////////////////////////////////////////////////////END NEW MESSAGE mysql_select_db('ecosmar_inv', $dbcnx); $qetquote=mysql_query("SELECT CID,PO,Terms,started,due,printed,Project FROM quotes WHERE ID='$QID'"); if(!$qetquote){ echo("

Cannot get Quote Info

"); }else{ $rowq=mysql_fetch_array($qetquote); $CID=$rowq['CID']; $PO=$rowq['PO']; $Terms=$rowq['Terms']; $started=$rowq['started']; $due=$rowq['due']; $printed=$rowq['printed']; $Project=$rowq['Project']; if($CID!= ""){ mysql_select_db('ecosmar_contacts', $dbcnx); $getcon=mysql_query("SELECT first_Name,Name,Company,price_level FROM con_main WHERE ID='$CID'"); if(!$getcon){ echo("

Cannot get Contact Info

"); }else{ $rowc=mysql_fetch_array($getcon); $first_Name=$rowc['first_Name']; $Name=$rowc['Name']; $Company=$rowc['Company']; $price_level=$rowc['price_level']; if($Company!=""){ $to=$Company; }//company is not blank else{ $to=$first_Name." ".$Name; } }//gotcon }//CID is not blank }//gotquote ?> Eco-$mart Quote Notes - Quote Note Posted - $today

"); }//good job! if($wonderputt=="on"){ echo("

Note Deleted

"); } ?>

QUOTE:

TO:

LEVEL:

New Note: (Dated Automatically)
Your Name:

Could not connect to the Data Base.

"); echo mysql_error(); }else{ $countem=mysql_num_rows($getnotes); if($countem < 1){ echo("

No Notes For This Quote.

"); }else{ while($rows = mysql_fetch_array($getnotes)){ $nID=$rows['ID']; $nby=$rows['author']; $ntitle=$rows['who']; $nmess=$rows['messon']; $ndat=$rows['datnum']; $ndtnum=$rows['dtnum']; if($usr !=""){ if($usr=="Matt Ross" or $usr == "Kent Grubbs"){ $outauth="yes"; }else{ if($nby==$usr){ $outauth="yes"; }//usr is author }//usr is not MR or KG }//usr is not blank else{ if($nby==$usrn){ $outauth="yes"; }else{ $outauth="no"; }//author is not here }//usr is blank echo("" . "" . "

"); if($outauth=="yes"){ echo("" . " X "); } echo(" $ndat - $nby , $ntitle

$nmess" . "

"); }//while fetching note rows }//there are rows }//gotnotes ?>