//https://sourceforge.net/tracker/?func=detail&aid=3114571&group_id=190396&atid=933192
         if (empty($H[0]['ip']) || $H[0]['ip'] == '0.0.0.0') {
             $QUEUE->setHIP($H[0]['id'], getIP());
             //save ip
         }
         if ($H[0]['status'] != 7) {
             //7:unsubscribed
             $QUEUE->setHStatus($h_id, 3);
             //view
         }
     }
     //isset H[0]
 }
 //checkid h_id
 //adressid? wenn ja status aendern und view zaehlen
 if (checkid($a_id)) {
     $ADDRESS = new tm_ADR();
     $ADR = $ADDRESS->getAdr($a_id);
     if (isset($ADR[0])) {
         //https://sourceforge.net/tracker/?func=detail&aid=3114571&group_id=190396&atid=933192
         //only set view status if not waiting status or unsubscribed // !5 && !11
         if ($ADR[0]['status'] != 5 && $ADR[0]['status'] != 11) {
             $ADDRESS->setStatus($a_id, 4);
             //view
         }
         //adr view counter ++
         $ADDRESS->addView($a_id);
         //view
         //save memo
         $created = date("Y-m-d H:i:s");
         $memo = "viewed (" . $NL[0]['subject'] . ")";
Beispiel #2
0
function removelink()
{
    global $settings;
    $id = checkid();
    $found = 0;
    $i = 0;
    $lines = file($settings['logfile']);
    foreach ($lines as $thisline) {
        if (strpos($thisline, $id . '%%') === 0) {
            unset($lines[$i]);
            $found = 1;
            break;
        }
        $i++;
    }
    if ($found != 1) {
        error('This ID doesn\'t exist!');
    }
    $content = implode('', $lines);
    $fp = @fopen($settings['logfile'], 'w') or error('Can\'t write to log file! Please Change the file permissions (CHMOD to 666 on UNIX machines!)');
    flock($fp, LOCK_EX);
    fputs($fp, $content);
    flock($fp, LOCK_UN);
    fclose($fp);
    if ($found != 1) {
        error('This ID doesn\'t exist!');
    }
    mainpage('Link with ID ' . $id . ' was successfully removed!');
}
//unsubscribe
if ($check && $set == "unsubscribe") {
    //unbedingt ^^^ pruefen auf gueltige email!
    //sonst findet getAdr alle adressen!!! da search - email null ist / leer ist
    //adr anhand email suchen!
    $search['email'] = $email;
    $search['email_exact_match'] = true;
    $ADR = $ADDRESS->getAdr(0, 0, 1, 0, $search);
    //print_r($ADR);
    if (count($ADR) > 0) {
        //noch nicht abgemeldet?
        if ($ADR[0]['status'] != 11) {
            /*
            if ($ADR[0]['code']==$code) {
            */
            if (checkid($h_id)) {
                $QUEUE = new tm_Q();
                $QUEUE->setHStatus($h_id, 7);
                //unsubscribe!
            }
            $created = date("Y-m-d H:i:s");
            //im memo speichern wir den namen des newsletter etc.
            $memo = "unsubscribed";
            $NEWSLETTER = new tm_NL();
            $NL = $NEWSLETTER->getNL($nl_id);
            if (count($NL) > 0) {
                $memo .= " (" . $NL[0]['subject'] . ")";
            }
            //set status adresse, set editor...
            $author = "unsubscribe";
            //always unsubscribe ...
/**
 * Handle a consumer's request to see if the user is logged in, but be willing
 * to wait for them to perform a login if they're not
 */
function checkid_setup_mode()
{
    if (!isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'checkid_setup') {
        error_500();
    }
    checkid(true);
}
Beispiel #5
0
<input type='hidden' name='note_id' value='<?php 
    echo checkid($_GET['note_id']);
    ?>
'>
</form>
<h5><i class="fa fa-arrow-left"></i> <a href="fhd_call_edit.php?call_id=<?php 
    echo $call_id;
    ?>
">back to ticket details</a></h5>
<?php 
}
//ADD note
//check type variable
$action = $db->escape($_GET['action']);
if ($action == "add") {
    $call_id = checkid($_GET['call_id']);
    $nacl = md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"));
    ?>
<h4>Add Note</h4>
<table class="<?php 
    echo $table_style_2;
    ?>
" style='width: 75%;'>
<form action="fhd_add_note.php" method="post" class="form-horizontal">
<input type='hidden' name='nacl' value='<?php 
    echo $nacl;
    ?>
'>
<input type='hidden' name='note_relation' value='<?php 
    echo $call_id;
    ?>
            if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
                //authentication verified, continue.
                $call_id = checkid($_GET['call_id']);
                $db->query("UPDATE site_calls SET call_status = 3 WHERE call_id = {$call_id} limit 1;");
                $db->query("UPDATE site_notes SET note_type = 0 WHERE note_relation = {$call_id};");
                header("Location: fhd_calls.php");
            }
        }
    }
}
//</DELETE>
//<UPDATE>
if (isset($_POST['nacl'])) {
    if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
        //authentication verified, continue.
        $call_id = checkid($_POST['call_id']);
        //call details
        $call_first_name = $db->escape($_POST['call_first_name']);
        $call_email = $db->escape($_POST['call_email']);
        $call_phone = $db->escape($_POST['call_phone']);
        $call_department = $db->escape($_POST['call_department']);
        $call_request = $db->escape($_POST['call_request']);
        $call_device = $db->escape($_POST['call_device']);
        $call_details = $db->escape($_POST['call_details']);
        $call_solution = $db->escape($_POST['call_solution']);
        $call_staff = $db->escape($_POST['call_staff']);
        //call status
        $call_status = $db->escape($_POST['call_status']);
        $call_status_now = $db->escape($_POST['call_status_now']);
        if (isset($_POST['call_date2'])) {
            $call_date2 = strtotime($_POST['call_date2']);
    $headers .= "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
    $subject = "Ticket " . FHD_TITLE . " [# {$insert_id}]";
    $message = "\n\t\t<html>\n\t\t<head>\n\t\t  <title>Ticket</title>\n\t\t</head>\n\t\t<body>\n\t\t  <p>Ticket Request Received.</p>\n\t\t  <p>Ticket Number: {$insert_id}</p>\n\t\t  <p>Name: {$call_first_name}</p>\n\t\t  <p>Ticket Details: {$call_details}</p>\n\t\t\t";
    mail($call_email, $subject, $message, $headers);
    $mailsent = "&mailsent=yes";
    //notify admin
    mail(TO_EMAIL, "New Ticket [# {$insert_id}]", $message, $headers);
    //</SEND EMAIL>
    header("Location: fhd_any_call_add.php?added=yes&mailsent&insert_id={$insert_id}");
}
//</ADD>
//RESULT >
if (isset($_GET['added'])) {
    if (isset($_GET['insert_id'])) {
        $insert_id = checkid($_GET['insert_id']);
        $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 350px;\">\n\t    <button type=\"button\" class=\"close\" data-dismiss=\"alert\">&times;</button>\n\t    Ticket Created &bull; Email Sent &bull; Ticket ID: {$insert_id}</div>";
        echo $actionstatus;
    }
}
?>
<p><a href="index.php" class="btn btn-default"><i class='fa fa-arrow-left'></i> <?php 
echo FHD_TITLE;
?>
</a></p>
<h4><i class='fa fa-tag'></i> Open Ticket</h4>

<form action="fhd_any_call_add.php" method="post" class="form-horizontal" data-parsley-validate>
<table class="<?php 
echo $table_style_2;
?>
Beispiel #8
0
function check($dbObj)
{
    date_default_timezone_set('PRC');
    $logfile = fopen("./check.log", "a");
    fwrite($logfile, date('Y-m-d H:i:s') . "\t" . $_SERVER["REMOTE_ADDR"] . "\t" . $_POST["schoolnum"] . "\t" . $_POST["password"] . "\t");
    include_once "filter.php";
    if (checkid($schoolnum, $password) == -1) {
        fwrite($logfile, "FAIL\n");
        fclose($logfile);
        return -1;
    }
    $sql = "SELECT * FROM app_join_info WHERE sno = '" . $schoolnum . "'";
    $result = $dbObj->query($sql);
    if ($result->num_rows > 0) {
        $com = $result->fetch_assoc();
        fwrite($logfile, "SUCCESS\t" . $row["profileid"] . "\n");
        fclose($logfile);
        return json_encode($com);
    } else {
        fwrite($logfile, "NO_RECORD\n");
        fclose($logfile);
        return -2;
    }
}
//<DELETE>
if (isset($_GET['nacl'])) {
    if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
        //authentication verified, continue.
        $type_id = checkid($_GET['type_id']);
        $action = $db->escape($_GET['action']);
        $type = checkid($_GET['type']);
        if ($action == 'delete') {
            $db->query("DELETE FROM site_types where type_id = {$type_id};");
            header("Location: fhd_settings_action.php?type={$type}");
        }
    }
}
//</DELETE>
//check type variable
$type = checkid($_GET['type']);
?>
<p><a href="fhd_settings.php">Settings</a></p>

<h4><?php 
show_type_name($type);
?>
</h4>
<h5><i class="fa fa-plus"></i> <a href="fhd_add_type.php?type=<?php 
echo $type;
?>
">Add New</a></h5>
<?php 
$num = $db->get_var("select count(type_name) from site_types where type = {$type};");
if ($num == 0) {
    echo "<p>Invalid Type (error 2)</p>";
Beispiel #10
0
<?php

include "includes/session.php";
include "includes/checksession.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
	<title>My Account</title>
<?php 
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
$user_id = checkid($user_id);
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$actionstatus = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//check that user exists before continuing.
//$isuser = $db->get_var("SELECT count(*) from site_users WHERE (user_id = $user_id);");
//if ($isuser == 0) {
//	echo "<p>Error</p>";
//	echo exit;
//}
//check if user is locked out from changes
$user_protect_edit = $db->get_var("select user_protect_edit from site_users where user_id = {$user_id};");
if ($user_protect_edit == 1) {
    echo "<br /><div class=\"alert alert-success\" style=\"max-width: 220px;\"><i class='fa fa-lock'></i> Account Changes Locked</div>";
    include "includes/footer.php";
Beispiel #11
0
    }
} else {
    $action = htmlspecialchars($_REQUEST['action']);
}
/* Do the action that is set in $action variable */
if ($action == "login") {
    checkpassword();
    $_SESSION['logged'] = "Y";
    mainpage("welcome");
} elseif ($action == "remove") {
    checklogin();
    $id = checkid();
    removelink($id);
} elseif ($action == "reset") {
    checklogin();
    $id = checkid();
    resetlink($id);
} elseif ($action == "add") {
    checklogin();
    $url = checkurl($_POST['url']);
    add($url);
} elseif ($action == "restore") {
    checklogin();
    restore();
} elseif ($action == "logout") {
    logout();
} else {
    login();
}
exit;
function restore()
Beispiel #12
0
if (isset($_POST['nacl'])) {
    if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
        //authentication verified, continue.
        $type_id = checkid($_POST['type_id']);
        $type_name = $db->escape($_POST['type_name']);
        //	$type_email = $db->escape($_POST['type_email']);
        //	$type_location = $db->escape($_POST['type_location']);
        //	$type_phone = $db->escape($_POST['type_phone']);
        //	$db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;");
        $db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};");
        $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n    <button type=\"button\" class=\"close\" data-dismiss=\"alert\">&times;</button>\n    Updated.\n    </div>";
    }
}
// </UPDATE>
//check type variable
$type_id = checkid($_GET['id']);
$num = $db->get_var("select count(type_id) from site_types where type_id = {$type_id};");
if ($num == 0) {
    echo "<p>Type does not exist (error 2)</p>";
    include "includes/footer.php";
    exit;
}
$nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"));
?>

<h4>Edit Type</h4>
<?php 
echo $actionstatus;
?>

<?php