list.php

泛微协同办公系统标准版E-office V5.5的源代码内含泛微办公系统V5.5自动注册文件。

<?php

function default_validate( )
{
	global $connection;
	global $customer_id;
	global $customer_name;
	global $manage_user;
	$query2 = "select up.* from user_priv as up, user as u where up.USER_PRIV=u.USER_PRIV and u.USER_ID='".$manage_user."'";
	$cursor2 = exequery( $connection, $query2 );
	if ( $row2 = mysql_fetch_array( $cursor2 ) )
	{
		$priv_no = $row2['PRIV_NO'];
	}
	$query3 = "select up.* from user_priv as up, user as u where up.USER_PRIV=u.USER_PRIV and u.USER_ID='".$_SESSION['LOGIN_USER_ID']."'";
	$cursor3 = exequery( $connection, $query3 );
	if ( $row3 = mysql_fetch_array( $cursor3 ) )
	{
		$login_priv_no = $row3['PRIV_NO'];
	}
	if ( $login_priv_no < $priv_no )
	{
		$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
	}
	else
	{
		$purview_ses = false;
	}
	return $purview_ses;
}

function dept_validate( )
{
	global $connection;
	global $purview_dept;
	if ( $purview_dept == "ALL_DEPT" )
	{
		return true;
	}
	$query2 = "select d.* from department as d, user as u where u.DEPT_ID=d.DEPT_ID and u.USER_ID='".$_SESSION['LOGIN_USER_ID']."'";
	$cursor2 = exequery( $connection, $query2 );
	if ( $row2 = mysql_fetch_array( $cursor2 ) )
	{
		$dept_id = $row2['DEPT_ID'];
	}
	if ( array_search( $dept_id, explode( ",", $purview_dept ) ) !== false )
	{
		return true;
	}
	else
	{
		return false;
	}
}

function role_validate( )
{
	global $connection;
	global $purview_role;
	$query2 = "select up.* from user_priv as up, user as u where up.USER_PRIV=u.USER_PRIV and u.USER_ID='".$_SESSION['LOGIN_USER_ID']."'";
	$cursor2 = exequery( $connection, $query2 );
	if ( $row2 = mysql_fetch_array( $cursor2 ) )
	{
		$login_priv_no = $row2['USER_PRIV'];
	}
	if ( array_search( $login_priv_no, explode( ",", $purview_role ) ) !== false )
	{
		return true;
	}
	else
	{
		return false;
	}
}

function user_validate( )
{
	global $connection;
	global $purview_user;
	if ( array_search( $_SESSION['LOGIN_USER_ID'], explode( ",", $purview_user ) ) !== false )
	{
		return true;
	}
	else
	{
		return false;
	}
}

include_once( "inc/auth.php" );
include_once( "inc/function_page_01.php" );
if ( $_REQUEST['cur_page'] == "" )
{
	$cur_page = 1;
}
else
{
	$cur_page = $_REQUEST['cur_page'];
}
$connection = openconnection( );
$query = "SELECT c.*, u.USER_NAME FROM customer as c, USER as u WHERE 1 ";
$where_str = "";
if ( $_REQUEST['MANAGE_USER'] != "" )
{
	$where_str .= " and c.MANAGE_USER = '".$_REQUEST['MANAGE_USER']."'";
}
if ( $_REQUEST['CUSTOMER_NO'] != "" )
{
	$where_str .= " and c.CUSTOMER_NUMBER like '%".$_REQUEST['CUSTOMER_NO']."%'";
}
if ( 0 < $_REQUEST['DOOR_TYPE'] )
{
	$where_str .= " and c.CUSTOMER_TYPE = '".$_REQUEST['DOOR_TYPE']."'";
}
if ( $_REQUEST['CUSTOMER_NAME'] != "" )
{
	$where_str .= " and c.CUSTOMER_NAME like '%".$_REQUEST['CUSTOMER_NAME']."%'";
}
if ( $_REQUEST['TEL_NO'] != "" )
{
	$where_str .= " and c.TEL_NO like '%".$_REQUEST['TEL_NO']."%'";
}
if ( $_REQUEST['FAX_NO'] != "" )
{
	$where_str .= " and c.FAX_NO like '%".$_REQUEST['FAX_NO']."%'";
}
if ( $_REQUEST['CUSTOMER_WWW'] != "" )
{
	$where_str .= " and c.CUSTOMER_WWW like '%".$_REQUEST['CUSTOMER_WWW']."%'";
}
if ( $_REQUEST['EMAIL'] != "" )
{
	$where_str .= " and c.EMAIL like '%".$_REQUEST['EMAIL']."%'";
}
if ( $_REQUEST['CUSTOMER_ADD'] != "" )
{
	$where_str .= " and c.CUSTOMER_ADD like '%".$_REQUEST['CUSTOMER_ADD']."%'";
}
if ( $_REQUEST['POSTALCODE'] != "" )
{
	$where_str .= " and c.POSTALCODE like '%".$_REQUEST['POSTALCODE']."%'";
}
if ( $_REQUEST['MEMO'] != "" )
{
	$where_str .= " and c.MEMO like '%".$_REQUEST['MEMO']."%'";
}
$query .= $where_str." group by c.CUSTOMER_NAME";
switch ( $_REQUEST['order'] )
{
case "customer_name" :
	$query .= " order by c.CUSTOMER_NAME";
	break;
case "tel_no" :
	$query .= " order by c.TEL_NO";
	break;
default :
	$query .= " order by c.CUSTOMER_ID";
	break;
}
$query .= $_REQUEST['sens'] ? " ASC" : " DESC";
$cursor = exequery( $connection, $query );
while ( $row = mysql_fetch_array( $cursor ) )
{
	$customer_id = $row['CUSTOMER_ID'];
	$old_customer_name = $row['CUSTOMER_NAME'];
	$tel_no = $row['TEL_NO'];
	$fax_no = $row['FAX_NO'];
	$customer_www = $row['CUSTOMER_WWW'];
	$email = $row['EMAIL'];
	$customer_add = $row['CUSTOMER_ADD'];
	$postalcode = $row['POSTALCODE'];
	$memo = $row['MEMO'];
	$manage_user = $row['MANAGE_USER'];
	$user_name = $row['USER_NAME'];
	$customer_type = $row['CUSTOMER_TYPE'];
	$purview = $row['PURVIEW'];
	$purview_dept = $row['PURVIEW_DEPT'];
	$purview_role = $row['PURVIEW_ROLE'];
	$purview_user = $row['PURVIEW_USER'];
	$createor = $row['CREATEOR'];
	$query2 = "select LINKMAN_ID, LINKMAN_NAME from linkman where CUSTOMER_ID=".$customer_id;
	$cursor2 = exequery( $connection, $query2 );
	if ( $row2 = mysql_fetch_row( $cursor2 ) )
	{
		$linkman_id = $row2[0];
		$linkman_name = $row2[1];
	}
	switch ( $purview )
	{
	case "1" :
		$purview_ses = default_validate( );
		break;
	case "2" :
		$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
		break;
	case "3" :
		$dept_validate = dept_validate( );
		$role_validate = role_validate( );
		$user_validate = user_validate( );
		if ( ( $dept_validate || $role_validate || $user_validate ) === false )
		{
			$purview_ses = default_validate( );
		}
		else
		{
			$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
		}
	}
	if ( $manage_user == $_SESSION['LOGIN_USER_ID'] || $manage_user == "" )
	{
		$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
	}
	if ( $purview_ses == false )
	{
	}
	else
	{
		$str_customer_id .= $customer_id.",";
	}
}
$str_customer_id = substr( $str_customer_id, 0, -1 );
echo "\r\n<html>\r\n<head>\r\n<title>客户查询结果</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n";
echo "<s";
echo "cript>\r\nfunction linkman(CUSTOMER_ID)\r\n{\r\n\tURL=\"../../../crm/linkman/query/list.php?BE_CALLED=YES&CUSTOMER_ID2=\"+CUSTOMER_ID;\r\n\twindow.open(URL,\"read_notify\",\"height=600,width=800,status=1,toolbar=no,menubar=no,location=no,scrollbars=yes,top=50,left=100,resizable=yes\");\r\n}\r\n\r\nfunction contact(CUSTOMER_ID)\r\n{\r\n\tURL=\"../../../crm/contact/query/list.php?BE_CALLED=YES&CUSTOMER_ID2=\"+CUSTOMER_ID;\r\n\twin";
echo "dow.open(URL,\"read_notify\",\"height=600,width=800,status=1,toolbar=no,menubar=no,location=no,scrollbars=yes,top=50,left=100,resizable=yes\");\r\n}\r\n\r\nfunction product(CUSTOMER_ID)\r\n{\r\n\tURL=\"../../../sale/sale_history/query/list.php?BE_CALLED=YES&CUSTOMER_ID2=\"+CUSTOMER_ID;\r\n\twindow.open(URL,\"read_notify\",\"height=600,width=800,status=1,toolbar=no,menubar=no,location=no,scrollbars=yes,top=50,left=100,re";
echo "sizable=yes\");\r\n}\r\n\r\nfunction customer_detail(customer_id)\r\n{\r\n\tvar url\t= \"../detail.php?CUSTOMER_ID=\"+customer_id;\r\n\twindow.open(url,\"\",\"height=650,width=900,status=1,toolbar=no,menubar=no,location=no,scrollbars=yes,top=30,left=30,resizable=yes\");\r\n}\r\n\r\nfunction linkman_detail(linkman_id)\r\n{\r\n\tURL=\"../../linkman/detail.php?linkman_id=\"+linkman_id;\r\n\twindow.open(URL,\"\",\"height=600,width=800,status";
echo "=1,toolbar=no,menubar=no,location=no,scrollbars=yes,top=50,left=100,resizable=yes\");\r\n}\r\n\r\nfunction exports(str){\r\n\tlocation\t= \"export.php?query=\"+str+\"&export_type=list\";\r\n}\r\n</script>\r\n</head>\r\n\r\n<body class=\"bodycolor\" topmargin=\"5\">\r\n<table border=\"0\" width=\"100%\" cellspacing=\"1\" cellpadding=\"0\">\r\n\t<tr class=\"tablehead1\">\r\n\t\t<td><img src=\"/images/manage/news.gif\" align=\"absmiddle\">客户查询结果</td>\r\n\t";
echo "</tr>\r\n\t<tr class=\"tablehead2\">\r\n\t\t<td><BUTTON class=btn onClick=\"location='/general/crm/customer/query/search.php'\" title=\"返回\"><table><tr valign=top ><td><img src=\"/images/littlegif/b_u.gif\" align=\"center\"></td> <td>";
echo "<s";
echo "pan id=\"showallid\">返回</span></td></tr></table></BUTTON></td></a>\r\n\t</tr>\r\n</table>\r\n<br>\r\n";
$str_customer_id = $str_customer_id == "" ? 0 : $str_customer_id;
$query = "SELECT c.*, u.USER_NAME FROM customer as c, USER as u WHERE 1 and c.CUSTOMER_ID IN(".$str_customer_id.")";
$where_str = "";
if ( $_REQUEST['MANAGE_USER'] != "" )
{
	$where_str .= " and c.MANAGE_USER = '".$_REQUEST['MANAGE_USER']."'";
}
if ( $_REQUEST['CUSTOMER_NO'] != "" )
{
	$where_str .= " and c.CUSTOMER_NUMBER like '%".$_REQUEST['CUSTOMER_NO']."%'";
}
if ( 0 < $_REQUEST['DOOR_TYPE'] )
{
	$where_str .= " and c.CUSTOMER_TYPE = '".$_REQUEST['DOOR_TYPE']."'";
}
if ( $_REQUEST['CUSTOMER_NAME'] != "" )
{
	$where_str .= " and c.CUSTOMER_NAME like '%".$_REQUEST['CUSTOMER_NAME']."%'";
}
if ( $_REQUEST['TEL_NO'] != "" )
{
	$where_str .= " and c.TEL_NO like '%".$_REQUEST['TEL_NO']."%'";
}
if ( $_REQUEST['FAX_NO'] != "" )
{