post only. $var_page_type = $_REQUEST['var_selected_app']; // get name and title for correspondence from tb_Users $getNameTitle_sql = " Select col_NameForCorrespondence, col_TitleForCorrespondence from tb_Users where col_UsersName = '$LoggedInUser' "; $getNameTitle_result = mysql_query($getNameTitle_sql, $db); $getNameTitle_myrow = mysql_fetch_array($getNameTitle_result); $var_From_Name = $getNameTitle_myrow['col_NameForCorrespondence']; $var_From_Title = $getNameTitle_myrow['col_TitleForCorrespondence']; /********************************* END INCLUDES AND CONSTANTS **************************************/ /********************************* BEGIN PHP FUNCTIONS **************************************/ /********************************* END PHP FUNCTIONS ****************************************/ /********************************* BEGIN REQUEST LOOP ***************************************/ // if we have a letter to generate (this is letter step 1) if($_REQUEST['PostLetter']=="Finalize Letter") { // print_r($_REQUEST); // suppress drawing the editor page. $var_Suppress=1; // get the values from the REQUEST $var_CompanyName = $_REQUEST['var_CompanyName']; $var_CompanyAddr_1 = $_REQUEST['var_CompanyAddr_1']; $var_CompanyAddr_2 = $_REQUEST['var_CompanyAddr_2']; $var_CompanyAddr_3 = $_REQUEST['var_CompanyAddr_3']; $var_CompanyPhone = $_REQUEST['var_CompanyPhone']; $var_CompanyFax = $_REQUEST['var_CompanyFax']; $var_To_Names = $_REQUEST['var_To_Names']; $var_To_Addr_1 = $_REQUEST['var_To_Addr_1']; $var_To_Addr_2 = $_REQUEST['var_To_Addr_2']; $var_To_Addr_3 = $_REQUEST['var_To_Addr_3']; $var_Content = $_REQUEST['var_Content']; $var_Parting = $_REQUEST['var_Parting']; $var_Contact_Name = $_REQUEST['var_Contact_Name']; $var_Contact_Suffix = $_REQUEST['var_Contact_Suffix']; $var_CompletedDate = $_REQUEST['var_CompletedDate']; $var_Today = date("F d, Y"); $var_Vendor = $_REQUEST['var_vendor']; $var_Per_Section = $_REQUEST['per_section']; $var_cc_String = $_REQUEST['cc_String']; $var_RegisteredMail = $_REQUEST['registeredmail']; $var_RegularMail = $_REQUEST['regularmail']; $var_RegisteredMail_Instructions = $_REQUEST['regmail_inst']; // for formatting the contents of the textarea. $arr_Content_by_Line = array(); $arr_Content_by_Line = explode("\n", $var_Content); // button for accept, spawns a print dialog. echo "
"; // need these variables to push a completion into the database. echo " "; // draw the letter for printing. if($var_RegisteredMail_Instructions) { echo "
$var_RegisteredMail_Instructions
"; } echo "
"; if($var_RegisteredMail_Instructions) echo "

"; for($i=0; $i<$var_LinesToSkipInCorrespondence; $i++) { echo "

 
"; } echo "
$var_CompanyName
$var_CompanyAddr_1
$var_CompanyAddr_2
$var_CompanyAddr_3
$var_CompanyPhone
$var_CompanyFax

$var_Today
 
$var_Names
$var_To_Addr_1
$var_To_Addr_2
$var_To_Addr_3
"; // echo "registered is $var_RegisteredMail regular is $var_RegularMail"; if($var_RegisteredMail == 'Yes') echo "** SENT VIA REGISTERED MAIL **"; elseif($var_RegularMail == 'Yes') echo "** SENT VIA REGULAR MAIL **"; echo "
$var_To_Names
"; // textareas use legacy newlines, php uses html. // to solve this quandry, we've broken the text into an array // split on newlines. So for each line, write it, then use
where there was // a \n. foreach($arr_Content_by_Line as $Line) { echo $Line; echo "
"; } echo "
$var_Parting



"; if($var_Contact_Name) { echo "
$var_Contact_Name
"; } if($var_Contact_Suffix) { echo "
$var_Contact_Suffix
"; } if($var_Vendor) { echo "
$var_Vendor
"; } elseif($var_CompanyName) { echo "
$var_CompanyName
"; } echo "
"; if($var_Per_Section == "show") { echo "
Per:
$LoggedInUser

$var_cc_String"; } echo "
"; } // if we have a letter to print (this is letter step 2) if($_REQUEST['PostLetter']=="Print Letter") { // print_r($_REQUEST); // pipe the data to the create pdf page. echo ""; } // if we have an email to send (NOT VALIDATING) if(( $_REQUEST['PostEmail'] == 'Send Email')&&($_REQUEST['var_Type'] != "Validate Email")) { // echo "in !Type

"; $var_From = $_REQUEST['var_email_From']; $var_To = $_REQUEST['var_email_To']; $var_Subject = $_REQUEST['var_Subject']; $var_Body = $_REQUEST['var_Content']; $var_CompletedDate = date("Y-m-d"); // keep the smtp server happy $Body = str_replace("\n.", "\n..", $Body); // cross your fingers. // mail returns a boolean so lets use it to decide success/failure. $var_Push = SendMailVince($var_From, '', $var_To, '', $var_Subject, $var_Body, '',''); // if our mail went out, update the database. if($var_Push) { // get the ContactAutoID for the record we're about to modify. // we only want the last row of data. $sql = "Select col_ContactAutoID from tb_Contact where col_Centre='$var_Centre' and col_Phase='$var_Phase' and col_Lot='$var_Lot' and col_Type='$var_Type' and col_Method='$var_Method' ORDER BY col_ContactAutoID DESC LIMIT 1; "; if($result = mysql_query($sql,$db)) { $myrow = mysql_fetch_array($result); $var_ContactAutoID = $myrow['col_ContactAutoID']; } // push completion to database. $push_sql= " update tb_Contact set col_Status = 'Completed On', col_CompletedOn = '$var_CompletedDate' where col_ContactAutoID='$var_ContactAutoID'; "; // echo $push_sql; $result = mysql_query($push_sql,$db); if(!$result) { echo "generate error here"; } else // if everything has gone smoothly, close the page. echo ""; } // otherwise, tell the user about it and leave the db alone. else { echo "

send failed.
"; } $var_Suppress = 1; } // if we have an email address to validate if(( $_REQUEST['PostEmail'] == 'Send Email')&&($_REQUEST['var_Type'] == "Validate Email")) { // print_r($_REQUEST); // get the variables $var_From = $_REQUEST['var_email_From']; $var_To = $_REQUEST['var_email_To']; $var_Subject = $_REQUEST['var_Subject']; $var_Body = $_REQUEST['var_Content']; $var_ICameFrom = $_REQUEST['var_ICameFrom']; $var_Centre = $_REQUEST['var_Centre']; $var_Phase = $_REQUEST['var_Phase']; $var_Lot = $_REQUEST['var_Lot']; $var_ID = $_REQUEST['var_ID']; $var_page_type = $_REQUEST['var_selected_app']; // echo $var_Body; // echo "

called with from: $var_From,'',$var_To,'',$var_Subject,'',$var_Body,''"; // $From,$FromName,$To,$ToName,$Subject,$Text,$Html,$AttmFiles $Success = SendMailVince($var_From,'',$var_To,'',$var_Subject, '', $var_Body,''); // if email went off, push record to database if($Success) { // get the latest entry for this id $sql=" select col_SentItemID from tb_SentItem where col_ID='$var_ID' order by col_SentItemID desc limit 1"; $result = mysql_query($sql,$db); $myrow = mysql_fetch_array($result); $var_SentItemID = $myrow['col_SentItemID']; $sql=" update tb_SentItem set col_SentTo = '$var_To', col_SentFrom = '$LoggedInUser', col_Type = 'Email Confirm' where col_SentItemID = $var_SentItemID; "; mysql_query($sql,$db); } else { echo "send failed."; } // then send the user back to the referring page. Now that we're spanning directories // we need to reform the ICameFrom variable. if($var_ICameFrom=="AEContact.php") { $var_ICameFrom = "../_gen/AEContact.php"; } elseif($var_ICameFrom == "HSPurchaserInfo.php3") { $var_ICameFrom = "../_gen/HSPurchaserInfo.php3"; } // $var_ICamefrom?var_ID=$var_ID&var_Centre=$var_Centre&var_Phase=$var_Phase&var_Lot=$var_Lot echo ""; $var_Suppress = 1; } /********************************* END REQUEST LOOP *****************************************/ /********************************* BEGIN MAIN CODEBLOCK *************************************/ // print_r($_REQUEST); $var_ID = $_REQUEST['var_ID']; $var_Comms_Method = $_REQUEST['var_Method']; $var_Comms_Type = $_REQUEST['var_Type']; $var_Centre = $_REQUEST['var_Centre']; $var_Phase = $_REQUEST['var_Phase']; $var_Lot = $_REQUEST['var_Lot']; $var_CompletedDate = $_REQUEST['var_CompletedDate']; // echo "Comms type is $var_Comms_Type"; // echo "site path is $PathToFiles"; // output City, Province $var_co_CityProv = "$ThisCompanyCity". ", " ."$ThisCompanyProvince"; // get the security level and email address for this user. $sql = "select col_AccessLevelCorrespondence, col_EmailAddress from tb_Users where col_UsersName = '$LoggedInUser';"; $result = mysql_query($sql,$db); $myrow = mysql_fetch_array($result); $var_UserSecLevel = $myrow['col_AccessLevelCorrespondence']; $var_UserEmail = $myrow['col_EmailAddress']; // include the verbiage file. // get the filenames. // echo "path to files is: $PathToFiles
"; if($var_Comms_Type == 'validate_Email') $var_Comms_Type = "Validate Email"; $sql = " select col_MiscValue from tb_Lists where col_Value = '$var_Comms_Type' "; // echo $sql; $myrow = mysql_fetch_array(mysql_query($sql)); $var_Filename = $myrow['col_MiscValue']; // echo "got $var_FileName from db.
"; if(file_exists($PathToFiles .'_builder/' .$var_BuilderPrefix.$var_Filename)) $var_UseThisFile = $PathToFiles .'_builder/' . $var_BuilderPrefix.$var_Filename; else $var_UseThisFile = $PathToFiles.'_builder/'.$var_Filename; // echo "going to use $var_UseThisFile
"; // die(); // ensure file exists, tell user if not. if(file_exists($var_UseThisFile)) { // echo $var_UseThisFile; // die(); include $var_UseThisFile; } else { echo "File does not exist. Please contact Builder Software Tools at 1-877-788-9988 or support@BuildersIT.com"; die; } // if we're not rendering the page on a $_REQUEST if(!$var_Suppress) { // get the names for this prospect. $sql = " Select col_Name1, col_Name2 From tb_Worksheet Where col_ID = '$var_ID' "; if($result = mysql_query($sql,$db)) { while ($myrow = mysql_fetch_array($result)) { $var_Name1 = $myrow['col_Name1']; $var_Name2 = $myrow['col_Name2']; // escape apostrophes in the names if there are any. $var_Name1 = str_replace("'", "\'", $var_Name1); $var_Name2 = str_replace("'", "\'", $var_Name2); } // if we get names, get the rest of the details from tb_Prospect. $sql = " Select col_City, col_Province, col_PhoneRes, col_Address, col_PostalCode From tb_Prospect Where col_ID = '$var_ID' "; if($result = mysql_query($sql,$db)) { while ($myrow = mysql_fetch_array($result)) { $var_To_City = $myrow['col_City' ]; $var_To_Province = $myrow['col_Province' ]; $var_To_PhoneRes = $myrow['col_PhoneRes' ]; $var_To_Address = $myrow['col_Address' ]; $var_To_PostalCode = $myrow['col_PostalCode']; } } } // closes if result // get the names string. $var_Names = Str_Generate_Names($var_Name1, $var_Name2); // if we're being asked to render a letter if($var_Comms_Method == "Letter") { echo "
"; echo " "; // get the vendor name $sql = " Select col_Project from tb_Phase where col_Centre = '$var_Centre' and col_Phase = '$var_Phase'; "; $myrow = mysql_fetch_array(mysql_query($sql,$db)); $var_Vendor = ucwords(strtolower($myrow['col_Project'])); // format the data. $var_FAddress = ucwords(strtolower($var_To_Address)); $var_To_CityProv = $var_To_City.", " .$var_To_Province; $var_To_CityProv = ucwords(strtolower($var_To_CityProv)); $var_Today = date("F d, Y"); /* deprecated. // default cases for editable fields (default is no access) // this prevents unintended privilege-escalation $var_Edit_Sensitive = "readonly='true'"; $var_Style_Sensitive = "style = \"border: none; text-align = left;\""; $var_Style_Sensitive_Left = "style = 'border: none; text-align = left; float: left;'"; $var_Edit_Simple = "readonly='true'"; $var_Style_Simple = "style = \"border: none; text-align = left; float: left;\""; $var_Style_Simple_Textbox = "style = \"border: none; text-align = left; overflow-y:visible; width =660; font-family: arial, 'lucida console', sans-serif; font-size: 14px;"; // for super-user if($var_UserSecLevel >= $var_ReqSecLevelSensitive) { $var_Edit_Sensitive = ""; $var_Style_Sensitive = "style = 'border: 1px solid #ccc; text-align = left;'"; $var_Style_Sensitive_Left = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; $var_Edit_Simple = ""; $var_Style_Simple = "style = \"border: 1px solid #ccc; text-align = left; float: left;\""; $var_Style_Simple_Textbox = "style = \"border: 1px solid #ccc; text-align = left; overflow-y:visible; width =660; font-family: arial, 'lucida console', sans-serif; font-size: 14px;"; } // for simple user elseif($var_UserSecLevel >= $var_ReqSecLevelSimple) { $var_Edit_Simple = ""; $var_Style_Simple = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; $var_Style_Simple_Textbox = "style = \"border: 1px solid #ccc; text-align = left; overflow-y:visible; width =660; font-family: arial, 'lucida console', sans-serif; font-size: 14px;"; } if($var_RegisteredMail == 'Yes') { echo "
$var_Regmail_Instructions

"; }*/ echo " "; /* Deprecated. echo "

"; for($i=0; $i<$var_LinesToSkipInCorrespondence; $i++) { echo "
 
"; } echo "
"; if($var_ShowCompanyInfo == 'Yes') { echo "

"; } else { echo "
"; } if($var_RegisteredMail == 'Yes') echo "** SENT VIA REGISTERED MAIL **"; elseif($var_RegularMail == 'Yes') echo "** SENT VIA REGULAR MAIL **"; echo "
"; echo "
"; echo "
$var_Today
 



"; if(($var_From_Name)&&($var_ShowNameTitle == 'Yes')) echo "
"; if(($var_From_Title)&&($var_ShowNameTitle == 'Yes')) echo "
"; if ($var_Vendor) echo "
"; echo "
"; if($var_Per_Section == "show") { echo "
Per:
$LoggedInUser

$var_cc_String"; echo "
"; } echo "
*/ echo " "; // send the user to the pdf -- we no longer show the finalize screen. echo ""; } // closes if letter // if we're being asked to render an email if(($var_Comms_Method == "E-Mail")&&($var_Comms_Type != "Validate Email")) { // echo "got here"; // print_r($_REQUEST); // die(); // format the data. $var_Today = date("F d, Y"); $var_Type = $_REQUEST['var_Type']; $var_ID = $_REQUEST['var_ID']; // get the prospect's email address. $sql = " Select col_Email from tb_Prospect where col_ID = '$var_ID'; "; if($result = mysql_query($sql,$db)) { // returns a single row $myrow = mysql_fetch_array($result); $var_To_Email = $myrow['col_Email']; } /* deprecated. // default cases for editable fields (default is no access) // this prevents unintended privilege-escalation $var_Edit_Sensitive = "readonly='true'"; $var_Style_Sensitive = "style = 'border: none; text-align: left; float: left;'"; $var_Edit_Simple = "readonly='true'"; $var_Style_Simple = "style = 'border: none; text-align: left; float: left;'"; // super-user has security level 4< in tb_Users. // simple-user has security level 3 in tb_Users. // for super-user if($var_UserSecLevel >= $var_ReqSecLevelSensitive) { $var_Edit_Sensitive = ""; $var_Style_Sensitive = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; $var_Edit_Simple = ""; $var_Style_Simple = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; } // for simple user elseif($var_UserSecLevel >= $var_ReqSecLevelSimple) { $var_Edit_Simple = ""; $var_Style_Simple = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; } */ // render the email screen. echo "
"; /* deprecated.
From:
To:
"; // show the CC field to the super-user if($var_UserSecLevel >= $var_ReqSecLevelSensitive) { echo "
CC:
"; } echo "
Subject:
"; // handle critical date subject line here. if($var_Type =="Notice to set Second Tentative Closing Date") echo ""; else echo ""; echo "
"; */ // at this point, we need to create a pdf and attach it to the email, this is the letter proper. // AND in both cases (letter or email) we need to hang on to a copy of the letter somewhere. // Talk to Vince to flesh this out. echo "
"; // send the user to the pdf -- we no longer show the finalize screen. echo ""; } // if we're verifying an email address if($var_Comms_Type == "Validate Email") { // print_r($_REQUEST); // for selecting between body strings. Logic is in the ValidateEmail.php file. $var_Supplemental_Type = $_REQUEST['var_supplemental_type']; // echo "


Supplemental_type is $var_Supplemental_Type

"; $var_From = $ThisCompanyEmail; $var_To = $_REQUEST['var_email_Address']; // push the attempt into the database. $sql=" insert into tb_SentItem ( col_PostDate, col_PostTime, col_ID, col_Type, col_SentFrom ) values( '" . date("Y-m-d") . "', '" . date("H:i:s") ."', '" . $var_ID. "', 'Email Confirm', '" . $LoggedInUser ."')"; // echo $sql; mysql_query($sql,$db); // including the file here rather than above to avoid a concurrency problem. include $var_UseThisFile; // generate the email for show. $var_Subject = "Email from $ThisCompanyName"; // format the data. $var_Today = date("F d, Y"); $var_Type = $_REQUEST['var_Type']; $var_ID = $_REQUEST['var_ID']; // get the prospect's email address from the request array. $var_To_Email = $_REQUEST['var_email_Address']; // default cases for editable fields (default is no access) // this prevents unintended privilege-escalation $var_Edit_Sensitive = "readonly='true'"; $var_Style_Sensitive = "style = 'border: none; text-align: left; float: left;'"; $var_Edit_Simple = "readonly='true'"; $var_Style_Simple = "style = 'border: none; text-align: left; float: left;'"; // super-user has security level 4< in tb_Users. // simple-user has security level 3 in tb_Users. // for super-user if($var_UserSecLevel >= $var_ReqSecLevelSensitive) { $var_Edit_Sensitive = ""; $var_Style_Sensitive = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; $var_Edit_Simple = ""; $var_Style_Simple = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; } // for simple user elseif($var_UserSecLevel >= $var_ReqSecLevelSimple) { $var_Edit_Simple = ""; $var_Style_Simple = "style = 'border: 1px solid #ccc; text-align = left; float: left;'"; } // render the email screen. echo "
From:
To:
"; // show the CC field to the super-user if($var_UserSecLevel >= $var_ReqSecLevelSensitive) { echo "
CC:
"; } echo "
Subject:
"; echo ""; echo "
"; if($var_UserSecLevel >= $var_ReqSecLevelSensitive) { // allow super-user to edit the raw html for the message. echo ""; } else { echo "
$var_Body
"; } echo "
"; echo "
"; } } // closes if !suppress. /********************************* END MAIN CODEBLOCK ***************************************/ ?>