list.php

泛微协同办公系统标准版E-office V5.5的源代码内含泛微办公系统V5.5自动注册文件。

<?php

function default_validate( )
{
	global $connection;
	global $customer_id;
	global $customer_name;
	global $manage_user;
	$query2 = "select up.* from user_priv as up, user as u where up.USER_PRIV=u.USER_PRIV and u.USER_ID='".$manage_user."'";
	$cursor2 = exequery( $connection, $query2 );
	if ( $row2 = mysql_fetch_array( $cursor2 ) )
	{
		$priv_no = $row2['PRIV_NO'];
	}
	$query3 = "select up.* from user_priv as up, user as u where up.USER_PRIV=u.USER_PRIV and u.USER_ID='".$_SESSION['LOGIN_USER_ID']."'";
	$cursor3 = exequery( $connection, $query3 );
	if ( $row3 = mysql_fetch_array( $cursor3 ) )
	{
		$login_priv_no = $row3['PRIV_NO'];
	}
	if ( $login_priv_no < $priv_no )
	{
		$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
	}
	else
	{
		$purview_ses = false;
	}
	return $purview_ses;
}

function dept_validate( )
{
	global $connection;
	global $purview_dept;
	if ( $purview_dept == "ALL_DEPT" )
	{
		return true;
	}
	$query2 = "select d.* from department as d, user as u where u.DEPT_ID=d.DEPT_ID and u.USER_ID='".$_SESSION['LOGIN_USER_ID']."'";
	$cursor2 = exequery( $connection, $query2 );
	if ( $row2 = mysql_fetch_array( $cursor2 ) )
	{
		$dept_id = $row2['DEPT_ID'];
	}
	if ( array_search( $dept_id, explode( ",", $purview_dept ) ) !== false )
	{
		return true;
	}
	else
	{
		return false;
	}
}

function role_validate( )
{
	global $connection;
	global $purview_role;
	$query2 = "select up.* from user_priv as up, user as u where up.USER_PRIV=u.USER_PRIV and u.USER_ID='".$_SESSION['LOGIN_USER_ID']."'";
	$cursor2 = exequery( $connection, $query2 );
	if ( $row2 = mysql_fetch_array( $cursor2 ) )
	{
		$login_priv_no = $row2['USER_PRIV'];
	}
	if ( array_search( $login_priv_no, explode( ",", $purview_role ) ) !== false )
	{
		return true;
	}
	else
	{
		return false;
	}
}

function user_validate( )
{
	global $connection;
	global $purview_user;
	if ( array_search( $_SESSION['LOGIN_USER_ID'], explode( ",", $purview_user ) ) !== false )
	{
		return true;
	}
	else
	{
		return false;
	}
}

include_once( "inc/auth.php" );
include_once( "inc/function_page_01.php" );
if ( $_REQUEST['cur_page'] == "" )
{
	$cur_page = 1;
}
else
{
	$cur_page = $_REQUEST['cur_page'];
}
$connection = openconnection( );
$query = "SELECT s.*, c.*, p.PRODUCT_NAME, p.PRODUCT_ID from sale_history as s, customer as c, product as p where s.CUSTOMER_ID=c.CUSTOMER_ID and s.PRODUCT_ID=p.PRODUCT_ID";
$where_str = "";
if ( $_REQUEST['CUSTOMER_NAME'] != "" )
{
	$where_str .= " and c.CUSTOMER_NAME like '%".$_REQUEST['CUSTOMER_NAME']."%'";
}
if ( $_REQUEST['PRODUCT_ID'] != "" )
{
	$where_str .= " and p.PRODUCT_ID=".$_REQUEST['PRODUCT_ID']."";
}
if ( $_REQUEST['DATE'] != "" )
{
	$where_str .= " and to_days(s.DATE) >= to_days('".$_REQUEST['DATE']."')";
}
if ( $_REQUEST['DATE2'] != "" )
{
	$where_str .= " and to_days(s.DATE) <= to_days('".$_REQUEST['DATE2']."')";
}
if ( $_REQUEST['AMT'] != "" )
{
	$where_str .= " and s.AMT >= ".$_REQUEST['AMT']."";
}
if ( $_REQUEST['AMT2'] != "" )
{
	$where_str .= " and s.AMT <= ".$_REQUEST['AMT2']."";
}
if ( $_REQUEST['PRICE'] != "" )
{
	$where_str .= " and s.PRICE >= '".$_REQUEST['PRICE']."'";
}
if ( $_REQUEST['PRICE2'] != "" )
{
	$where_str .= " and s.PRICE <= '".$_REQUEST['PRICE2']."'";
}
if ( $_REQUEST['DISCOUNT'] != "" )
{
	$where_str .= " and s.DISCOUNT >= '".$_REQUEST['DISCOUNT']."'";
}
if ( $_REQUEST['DISCOUNT2'] != "" )
{
	$where_str .= " and s.DISCOUNT <= '".$_REQUEST['DISCOUNT2']."'";
}
if ( $_REQUEST['SALESMAN'] != "" )
{
	$where_str .= " and s.SALESMAN like '%".$_REQUEST['SALESMAN']."%'";
}
if ( $_REQUEST['MEMO'] != "" )
{
	$where_str .= " and s.MEMO like '%".$_REQUEST['MEMO']."%'";
}
$query .= $where_str;
$cursor = exequery( $connection, $query );
while ( $row = mysql_fetch_array( $cursor ) )
{
	++$count;
	$history_id = $row['HISTORY_ID'];
	$old_customer_name = $row['CUSTOMER_NAME'];
	$customer_id = $row['CUSTOMER_ID'];
	$product_id = $row['PRODUCT_ID'];
	$product_name = $row['PRODUCT_NAME'];
	$date = $row['DATE'];
	$amt = $row['AMT'];
	$price = $row['PRICE'];
	$salesman = $row['SALESMAN'];
	$discount = $row['DISCOUNT'];
	$memo = $row['MEMO'];
	$sale_history_create_user = $row['SALE_HISTORY_CREATE_USER'];
	$purview_dept = $row['PURVIEW_DEPT'];
	$purview_role = $row['PURVIEW_ROLE'];
	$purview_user = $row['PURVIEW_USER'];
	$createor = $row['CREATEOR'];
	$manage_user = $row['MANAGE_USER'];
	$purview = $row['PURVIEW'];
	switch ( $purview )
	{
	case "1" :
		$purview_ses = default_validate( );
		break;
	case "2" :
		$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
		break;
	case "3" :
		$dept_validate = dept_validate( );
		$role_validate = role_validate( );
		$user_validate = user_validate( );
		if ( ( $dept_validate || $role_validate || $user_validate ) === false )
		{
			$purview_ses = default_validate( );
		}
		else
		{
			$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
		}
	}
	if ( $manage_user == $_SESSION['LOGIN_USER_ID'] || $manage_user == "" )
	{
		$purview_ses = "<a href=\"#\" onclick=\"customer_detail('".$customer_id."');\">".$customer_name."</a>";
	}
	if ( $purview_ses == false )
	{
	}
	else
	{
		$str_history_id .= $history_id.",";
	}
}
$str_history_id = substr( $str_history_id, 0, -1 );
$str_history_id = $str_history_id == "" ? 0 : $str_history_id;
echo "\r\n<html>\r\n<head>\r\n<title>销售记录查询结果 </title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n";
echo "<s";
echo "cript>\r\nfunction del(history_id)\r\n{\r\n\tvar msg\t= \"你确认要删除所选记录吗?\";\r\n\tif(window.confirm(msg))\r\n\t{\r\n\t\tvar url\t= \"delete.php?history_id=\"+history_id+\"&cur_page=";
echo $cur_page;
echo "&sens=";
echo $_REQUEST['sens'];
echo "&order=";
echo $_REQUEST['order'];
echo "&del_r=list_r&CUSTOMER_NAME=";
echo $_REQUEST['CUSTOMER_NAME'];
echo "&PRODUCT_ID=";
echo $_REQUEST['PRODUCT_ID'];
echo "&DATE=";
echo $_REQUEST['DATE'];
echo "&DATE2=";
echo $_REQUEST['DATE2'];
echo "&AMT=";
echo $_REQUEST['AMT'];
echo "&AMT2=";
echo $_REQUEST['AMT2'];
echo "&PRICE=";
echo $_REQUEST['PRICE'];
echo "&PRICE2=";
$_REQUEST['PRICE2'];
echo "&DISCOUNT=";
echo $_REQUEST['DISCOUNT'];
echo "&DISCOUNT2=";
echo $_REQUEST['DISCOUNT2'];
echo "&SALESMAN=";
echo $_REQUEST['SALESMAN'];
echo "&MEMO=";
echo $_REQUEST['MEMO'];
echo "\";\r\n\t\tlocation = url;\r\n\t}\r\n}\r\n\r\nfunction edt(history_id)\r\n{\r\n\tvar url\t= \"edit.php?history_id=\"+history_id+\"&edt_r=list_r&cur_page=";
echo $cur_page;
echo "&sens=";
echo $_REQUEST['sens'];
echo "&order=";
echo $_REQUEST['order'];
echo "&CUSTOMER_NAME=";
echo $_REQUEST['CUSTOMER_NAME'];
echo "&PRODUCT_ID=";
echo $_REQUEST['PRODUCT_ID'];
echo "&DATE=";
echo $_REQUEST['DATE'];
echo "&DATE2=";
echo $_REQUEST['DATE2'];
echo "&AMT=";
echo $_REQUEST['AMT'];
echo "&AMT2=";
echo $_REQUEST['AMT2'];
echo "&PRICE=";
echo $_REQUEST['PRICE'];
echo "&PRICE2=";
$_REQUEST['PRICE2'];
echo "&DISCOUNT=";
echo $_REQUEST['DISCOUNT'];
echo "&DISCOUNT2=";
echo $_REQUEST['DISCOUNT2'];
echo "&SALESMAN=";
echo $_REQUEST['SALESMAN'];
echo "&MEMO=";
echo $_REQUEST['MEMO'];
echo "\";\r\n\tlocation = url;\r\n}\r\n\r\nfunction customer_detail(customer_id)\r\n{\r\n\tvar url\t= \"../../crm/customer/detail.php?CUSTOMER_ID=\"+customer_id;\r\n\twindow.open(url,\"\",\"height=650,width=900,status=1,toolbar=no,menubar=no,location=no,scrollbars=yes,top=30,left=30,resizable=yes\");\r\n}\r\n\r\nfunction product_detail(product_id)\r\n{\r\n\tvar url\t= \"detail.php?product_id=\"+product_id;\r\n\twindow.open(url, '', 'height=600,";
echo "width=800,top=50, left=100,toolbar=no,menubar=no,scrollbars=no, resizable=yes,location=no, status=yes');\r\n}\r\n</script>\r\n</head>\r\n\r\n<body class=\"bodycolor\" topmargin=\"5\">\r\n<form action=\"list.php\"  method=\"post\" name=\"form1\" >  \r\n<table border=\"0\" width=\"100%\" cellspacing=\"1\" cellpadding=\"0\" >\r\n  <tr class=\"tablehead1\">\r\n    <td ><img src=\"/images/notify_new.gif\" align=\"absmiddle\">销售记录查询结果</td>\r\n  </t";
echo "r>\r\n  <tr class=\"tablehead2\">\r\n   <td><BUTTON class=btn onClick=\"javscript:history.back();\" title=\"返回\"><table><tr valign=top ><td><img src=\"/images/littlegif/b_u.gif\" align=\"center\"></td> <td>";
echo "<s";
echo "pan id=\"showallid\">返回</span></td></tr></table></BUTTON></td>\r\n  </tr>\r\n</table>\r\n<br>\r\n";
$connection = openconnection( );
$query = "SELECT s.*, c.*, p.PRODUCT_NAME, p.PRODUCT_ID from sale_history as s, customer as c, product as p where s.CUSTOMER_ID=c.CUSTOMER_ID and s.PRODUCT_ID=p.PRODUCT_ID AND s.HISTORY_ID IN(".$str_history_id.")";
$where_str = "";
if ( $_REQUEST['CUSTOMER_NAME'] != "" )
{
	$where_str .= " and c.CUSTOMER_NAME like '%".$_REQUEST['CUSTOMER_NAME']."%'";
}
if ( $_REQUEST['PRODUCT_ID'] != "" )
{
	$where_str .= " and p.PRODUCT_ID=".$_REQUEST['PRODUCT_ID']."";
}
if ( $_REQUEST['DATE'] != "" )
{
	$where_str .= " and to_days(s.DATE) >= to_days('".$_REQUEST['DATE']."')";
}
if ( $_REQUEST['DATE2'] != "" )
{
	$where_str .= " and to_days(s.DATE) <= to_days('".$_REQUEST['DATE2']."')";
}
if ( $_REQUEST['AMT'] != "" )
{
	$where_str .= " and s.AMT >= ".$_REQUEST['AMT']."";
}
if ( $_REQUEST['AMT2'] != "" )
{
	$where_str .= " and s.AMT <= ".$_REQUEST['AMT2']."";
}
if ( $_REQUEST['PRICE'] != "" )
{
	$where_str .= " and s.PRICE >= '".$_REQUEST['PRICE']."'";
}
if ( $_REQUEST['PRICE2'] != "" )
{
	$where_str .= " and s.PRICE <= '".$_REQUEST['PRICE2']."'";
}
if ( $_REQUEST['DISCOUNT'] != "" )
{
	$where_str .= " and s.DISCOUNT >= '".$_REQUEST['DISCOUNT']."'";
}
if ( $_REQUEST['DISCOUNT2'] != "" )
{
	$where_str .= " and s.DISCOUNT <= '".$_REQUEST['DISCOUNT2']."'";
}
if ( $_REQUEST['SALESMAN'] != "" )
{
	$where_str .= " and s.SALESMAN like '%".$_REQUEST['SALESMAN']."%'";
}
if ( $_REQUEST['MEMO'] != "" )
{
	$where_str .= " and s.MEMO like '%".$_REQUEST['MEMO']."%'";
}
$query .= $where_str;
switch ( $_REQUEST['order'] )
{
case "customer_name" :
	$query .= " order by c.CUSTOMER_NAME";
	break;
case "product_name" :
	$query .= " order by p.PRODUCT_NAME";
	break;
case "date" :
	$query .= " order by s.DATE";
	break;
case "amt" :
	$query .= " order by s.AMT";
	break;
case "price" :
	$query .= " order by s.PRICE";
	break;
case "discount" :
	$query .= " order by s.DISCOUNT";
	break;
case "salesman" :
	$query .= " order by s.SALESMAN";
	break;
default :
	$query .= " order by s.HISTORY_ID";
	break;
}
$query .= $_REQUEST['sens'] ? " ASC" : " DESC";
$query = page( $query, 15 );
$cursor = exequery( $connection, $query );
$count = 0;
echo "<table border=\"0\" cellspacing=\"1\" width=\"100%\" cellpadding=\"5\" class=\"small\">\r\n";
while ( $row = mysql_fetch_array( $cursor ) )
{
	++$count;
	$history_id = $row['HISTORY_ID'];
	$old_customer_name = $row['CUSTOMER_NAME'];
	$customer_id = $row['CUSTOMER_ID'];