function drawAdminTools_Whois($admin, $eddomain)
{
global $adm_login;
global $adm_pass;
global $addrlink;
global $pro_mysql_handle_table;
global $pro_mysql_domain_table;
global $conf_addr_primary_dns;
global $conf_addr_secondary_dns;
$domain_name = $eddomain["name"];
$out = "";
if ($eddomain["whois"] == "away") {
if (isset($_REQUEST["dtcrm_action"]) && $_REQUEST["dtcrm_action"] == "transfer_domain") {
$out .= drawNameTransfer($admin, $domain_name);
} else {
$out .= _("Your domain name has been registred elsewhere (i.e. not on this site). To order its transfer, please click ") . "<a href=\"" . $_SERVER["PHP_SELF"] . "?adm_login={$adm_login}&adm_pass={$adm_pass}&addrlink={$addrlink}&add_domain_type=domregandhosting&dtcrm_action=transfer_domain\">" . _("here") . "</a>.<br><br>\n" . _("If you want to keep your current registrar, you have to make the whois point to these DNS:") . "<br><br>\n" . _("Primary DNS:") . "<b>{$conf_addr_primary_dns}</b><br>\n" . _("Secondary DNS:") . "<b>{$conf_addr_secondary_dns}</b>\n";
}
} else {
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "update_whois_infoz") {
$owner_id = $_REQUEST["dtcrm_owner_hdl"];
$billing_id = $_REQUEST["dtcrm_billing_hdl"];
$admin_id = $_REQUEST["dtcrm_admin_hdl"];
$teck_id = $_REQUEST["dtcrm_teck_hdl"];
if (!isRandomNum($owner_id) || !isRandomNum($billing_id) || !isRandomNum($admin_id) || !isRandomNum($teck_id)) {
die("Admin contact is not a number: exiting!");
}
$query = "SELECT * FROM {$pro_mysql_handle_table} WHERE id='{$owner_id}' AND owner='{$adm_login}';";
$result = mysql_query($query) or die("Cannot query \"{$query}\" !!!" . mysql_error());
if (mysql_num_rows($result) != 1) {
die("Handle ID not found !");
}
$contacts["owner"] = mysql_fetch_array($result) or die("Cannot fetch array !");
$query = "SELECT * FROM {$pro_mysql_handle_table} WHERE id='{$billing_id}' AND owner='{$adm_login}';";
$result = mysql_query($query) or die("Cannot query \"{$query}\" !!!" . mysql_error());
if (mysql_num_rows($result) != 1) {
die("Handle ID not found !");
}
$contacts["billing"] = mysql_fetch_array($result) or die("Cannot fetch array !");
$query = "SELECT * FROM {$pro_mysql_handle_table} WHERE id='{$admin_id}' AND owner='{$adm_login}';";
$result = mysql_query($query) or die("Cannot query \"{$query}\" !!!" . mysql_error());
if (mysql_num_rows($result) != 1) {
die("Handle ID not found !");
}
$contacts["admin"] = mysql_fetch_array($result) or die("Cannot fetch array !");
$query = "SELECT * FROM {$pro_mysql_handle_table} WHERE id='{$teck_id}' AND owner='{$adm_login}';";
$result = mysql_query($query) or die("Cannot query \"{$query}\" !!!" . mysql_error());
if (mysql_num_rows($result) != 1) {
die("Handle ID not found !");
}
$contacts["teck"] = mysql_fetch_array($result) or die("Cannot fetch array !");
$regz = registry_update_whois_info($adm_login, $adm_pass, $domain_name, $contacts);
if ($regz["is_success"] != 1) {
$out .= "<font color=\"red\"><b>" . _("Update of whois contact informations failed") . "</b></font><br>\n" . "Server said:" . " <i>" . $regz["response_text"] . "</i><br>";
} else {
$out .= "<font color=\"green\"><b>" . _("Update of whois contact informations succesfull") . "</b></font><br>\n" . _("Server said:") . " <i>" . $regz["response_text"] . "</i><br>\n";
$query = "UPDATE {$pro_mysql_domain_table} SET owner_id='{$owner_id}',billing_id='{$billing_id}',admin_id='{$admin_id}',teck_id='{$teck_id}' WHERE name='{$domain_name}';";
$result = mysql_query($query) or die("Cannot query: \"{$query}\" !!!" . mysql_error());
}
}
$query = "SELECT * FROM {$pro_mysql_domain_table} WHERE name='" . $eddomain["name"] . "';";
$result = mysql_query($query) or die("Cannot query: \"{$query}\" !!!" . mysql_error());
if (mysql_num_rows($result) != 1) {
die("Whois row not found !");
}
$row = mysql_fetch_array($result);
$out .= "<br><h3>" . _("Your domain name whois data:") . "</h3>\n";
$out .= "<form action=\"" . $_SERVER["PHP_SELF"] . "\">\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<input type=\"hidden\" name=\"action\" value=\"update_whois_infoz\">\n";
$out .= whoisHandleSelection($admin, "yes", $row["owner_id"], $row["billing_id"], $row["admin_id"], $row["teck_id"]);
$out .= submitButtonStart() . _("Update whois") . submitButtonEnd() . "</form><br>";
}
$out .= "<br><h3>" . _("The current whois for this domain is as follow:") . "</h3>";
$ret = registry_get_whois($domain_name);
// print_r($ret);
$out .= nl2br($ret["response_text"]);
return $out;
}
require_once "new_account_form.php";
require_once "new_account_renewal.php";
get_secpay_conf();
// The language stuff...
$anotherTopBanner = anotherTopBanner("DTC");
if (isset($txt_top_menu_entrys)) {
$anotherMenu = makeHoriMenu($txt_top_menu_entrys[$lang], 2);
}
$anotherLanguageSelection = anotherLanguageSelection();
$lang_sel = skin($conf_skin, $anotherLanguageSelection, _("Language"));
$proceed = "yes";
if (!isset($_REQUEST["hash_check"]) || !isRandomNum($_REQUEST["hash_check"])) {
$form = _("Hash check not in correct format: cannot validate payment.");
$proceed = "no";
}
if (!isset($_REQUEST["item_id"]) || !isRandomNum($_REQUEST["item_id"])) {
$form = _("Hash check not in correct format: cannot validate payment.");
$proceed = "no";
}
if ($proceed == "yes") {
$q = "SELECT * FROM {$pro_mysql_pay_table} WHERE hash_check_key='" . $_REQUEST["hash_check"] . "' AND id='" . $_REQUEST["item_id"] . "'";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__);
$n = mysql_num_rows($r);
if ($n != 1) {
$form = _("Could not find your registration in the database.");
$proceed = "no";
}
}
if ($proceed == "yes") {
if (isset($_REQUEST["payment_type"]) && $_REQUEST["payment_type"] == "cheque") {
$payment_type = 'cheque';
function registration_form()
{
global $conf_this_server_country_code;
global $conf_skin;
global $pro_mysql_product_table;
global $pro_mysql_vps_ip_table;
global $pro_mysql_vps_server_table;
global $conf_selling_conditions_url;
global $secpayconf_currency_symbol;
global $conf_main_domain;
global $conf_provide_own_domain_hosts;
get_secpay_conf();
if (isset($_REQUEST["product_id"]) && isRandomNum($_REQUEST["product_id"])) {
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . $_REQUEST["product_id"] . "';";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
die("Product ID not found here line " . __LINE__ . " file " . __FILE__);
}
$a = mysql_fetch_array($r);
$heb_type_condition = " heb_type='" . $a["heb_type"] . "' ";
$heb_type = $a["heb_type"];
} else {
$heb_type_condition = " 1 ";
$heb_type = "all";
}
$prod_popup = "";
$p_jscript = " prod_popup_htype = new Array();";
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE {$heb_type_condition} AND renew_prod_id='0' AND private='no' ORDER BY id";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
$prod_popup .= "<option value=\"-1\">" . _("Please select!") . "</optioon>";
for ($i = 0; $i < $n; $i++) {
$a = mysql_fetch_array($r);
$p_jscript .= " prod_popup_htype[" . $a["id"] . "] = '" . $a["heb_type"] . "';\n";
if (isset($_REQUEST["product_id"]) && $a["id"] == $_REQUEST["product_id"]) {
$prod_popup .= "<option value=\"" . $a["id"] . "\" selected>" . $a["name"] . " / " . $a["price_dollar"] . "{$secpayconf_currency_symbol}</option>\n";
} else {
$prod_popup .= "<option value=\"" . $a["id"] . "\">" . $a["name"] . " / " . $a["price_dollar"] . "{$secpayconf_currency_symbol}</option>\n";
}
}
$prod_popup = "<select onChange=\"hostingProductChanged();\" name=\"product_id\">" . $prod_popup . "</select>";
/* $q = "SELECT $pro_mysql_vps_server_table.hostname,$pro_mysql_vps_server_table.location
FROM $pro_mysql_vps_ip_table,$pro_mysql_vps_server_table
WHERE $pro_mysql_vps_ip_table.vps_server_hostname=$pro_mysql_vps_server_table.hostname
AND $pro_mysql_vps_ip_table.available='yes'
GROUP BY $pro_mysql_vps_server_table.location;";
$r = mysql_query($q)or die("Cannot execute query \"$q\" ! line: ".__LINE__." file: ".__FILE__." sql said: ".mysql_error());
$n = mysql_num_rows($r);
$vps_location_popup = "<option value=\"-1\">Please select!</optioon>";
for($i=0;$i<$n;$i++){
$a = mysql_fetch_array($r);
if(isset($_REQUEST["vps_server_hostname"]) && $_REQUEST["vps_server_hostname"] == $a["hostname"]){
$selected = " selected ";
}else{
$selected = "";
}
$vps_location_popup .= "<option value=\"".$a["hostname"]."\" $selected>".$a["location"]."</optioon>";
}*/
$vps_location_popup = vpsLocationSelector();
if (isset($_REQUEST["reqadm_login"])) {
$frm_login = htmlspecialchars($_REQUEST["reqadm_login"]);
} else {
$frm_login = "";
}
if (isset($_REQUEST["domain_name"])) {
$frm_domain_name = htmlspecialchars($_REQUEST["domain_name"]);
} else {
$frm_domain_name = "";
}
if (isset($_REQUEST["domain_tld"])) {
$frm_domain_tld = htmlspecialchars($_REQUEST["domain_tld"]);
} else {
$frm_domain_tld = "";
}
if (isset($_REQUEST["firstname"])) {
$frm_firstname = htmlspecialchars($_REQUEST["firstname"]);
} else {
$frm_firstname = "";
}
if (isset($_REQUEST["familyname"])) {
$frm_family_name = htmlspecialchars($_REQUEST["familyname"]);
} else {
$frm_family_name = "";
}
if (isset($_REQUEST["compname"])) {
$frm_compname = htmlspecialchars($_REQUEST["compname"]);
} else {
$frm_compname = "";
}
if (isset($_REQUEST["vat_num"])) {
$frm_vat_num = htmlspecialchars($_REQUEST["vat_num"]);
} else {
$frm_vat_num = "";
}
if (isset($_REQUEST["email"])) {
$frm_email = htmlspecialchars($_REQUEST["email"]);
} else {
$frm_email = "";
}
if (isset($_REQUEST["phone"])) {
$frm_phone = htmlspecialchars($_REQUEST["phone"]);
} else {
$frm_phone = "";
}
if (isset($_REQUEST["fax"])) {
$frm_fax = htmlspecialchars($_REQUEST["fax"]);
} else {
$frm_fax = "";
}
if (isset($_REQUEST["address1"])) {
$frm_addr1 = htmlspecialchars($_REQUEST["address1"]);
} else {
$frm_addr1 = "";
}
if (isset($_REQUEST["address2"])) {
$frm_addr2 = htmlspecialchars($_REQUEST["address2"]);
} else {
$frm_addr2 = "";
}
if (isset($_REQUEST["address3"])) {
$frm_addr3 = htmlspecialchars($_REQUEST["address3"]);
} else {
$frm_addr3 = "";
}
if (isset($_REQUEST["zipcode"])) {
$frm_zipcode = htmlspecialchars($_REQUEST["zipcode"]);
} else {
$frm_zipcode = "";
}
if (isset($_REQUEST["city"])) {
$frm_city = htmlspecialchars($_REQUEST["city"]);
} else {
$frm_city = "";
}
if (isset($_REQUEST["state"])) {
$frm_state = htmlspecialchars($_REQUEST["state"]);
} else {
$frm_state = "";
}
if (isset($_REQUEST["country"])) {
$frm_country = htmlspecialchars($_REQUEST["country"]);
} else {
$frm_country = "";
}
if (isset($_REQUEST["custom_notes"])) {
$frm_custom_notes = htmlspecialchars($_REQUEST["custom_notes"]);
} else {
$frm_custom_notes = "";
}
if ($heb_type == "all" || $heb_type == "shared" || $heb_type == "ssl") {
$domname_hidden = " style=\"white-space:nowrap;\" ";
} else {
$domname_hidden = " style=\"display:none;visibility:hidden;white-space:nowrap;\" ";
}
if ($heb_type == "all" || $heb_type == "vps") {
$vps_hidden = " ";
} else {
$vps_hidden = " style=\"display:none;visibility:hidden;\" ";
}
$debian_selected = " ";
$debiandtc_selected = " ";
$centos_selected = " ";
$gentoo_selected = " ";
$netbsd_selected = " ";
if (isset($_REQUEST["vps_os"]) && $_REQUEST["vps_os"] == "debian") {
$debian_selected = " selected ";
}
if (isset($_REQUEST["vps_os"]) && $_REQUEST["vps_os"] == "debian-dtc") {
$debiandtc_selected = " selected ";
}
if (isset($_REQUEST["vps_os"]) && $_REQUEST["vps_os"] == "centos") {
$centos_selected = " selected ";
}
if (isset($_REQUEST["vps_os"]) && $_REQUEST["vps_os"] == "netbsd") {
$netbsd_selected = " selected ";
}
$tld_popup = "";
if ($conf_provide_own_domain_hosts == "yes") {
$tld_popup = "<option value=\".{$conf_main_domain}\">.{$conf_main_domain}</option>";
}
$tld_popup .= domainNamePopup($frm_domain_tld);
$rek = "<font color=\"red\">*</font>";
$prod_popup = "<table>\n<tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Product") . ": </td><td>" . $prod_popup . "</td>\n</td><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\"><div name=\"domname_text\" id=\"domname_text\" {$domname_hidden}>" . _("Desired domain name") . ":</div></td>\n\t<td><div name=\"domname_field\" id=\"domname_field\" {$domname_hidden}>www.<input type=\"text\" name=\"domain_name\" value=\"{$frm_domain_name}\"><select name=\"domain_tld\">" . $tld_popup . "</select></div></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\"><div name=\"vps_popup_text\" id=\"vps_popup_text\" {$vps_hidden}>" . _("VPS location: ") . "</div></td>\n\t<td><div name=\"vps_popup_field\" id=\"vps_popup_field\" {$vps_hidden}><select name=\"vps_server_hostname\">{$vps_location_popup}</select></div></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\"><div name=\"vps_ospopup_text\" id=\"vps_ospopup_text\" {$vps_hidden}></div></td>\n\t<td><div name=\"vps_ospopup_field\" id=\"vps_ospopup_field\" {$vps_hidden}><select name=\"vps_os\">\n\t\t<option value=\"debian\" {$debian_selected}>Debian (" . _("network install with debootstrap") . ")</option>\n\t\t<option value=\"debian-dtc\" {$debiandtc_selected}>Debian with DTC panel (" . _("network install with debootstrap") . ")</option>\n\t\t<option value=\"centos\" {$centos_selected}>CentOS (" . _("network install with yum") . ")</option>\n\t\t<option value=\"netbsd\" {$netbsd_selected}>NetBSD (" . _("network setup with install kernel") . ")</option></select></div></td>\n</tr></table>";
$login_info = "<table>\n<tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Login: "******"</td>\n\t<td><input type=\"text\" name=\"reqadm_login\" value=\"{$frm_login}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Password: "******"</td>\n\t<td><input type=\"password\" name=\"reqadm_pass\" value=\"\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Confirm pass: "******"</td>\n\t<td><input type=\"password\" name=\"reqadm_pass2\" value=\"\"></td>\n</tr></table>";
# $login_skined = skin("frame",$login_info,"");
$login_skined = $login_info;
$compyes = "";
$compno = "";
if (isset($_REQUEST["iscomp"]) && $_REQUEST["iscomp"] == "yes") {
$compyes = "checked";
} else {
if (isset($_REQUEST["iscomp"]) && $_REQUEST["iscomp"] == "no") {
$compno = " checked";
}
}
$client_info = "<table>\n<tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Familly name: ") . $rek . "</td>\n\t<td><input type=\"text\" name=\"familyname\" value=\"{$frm_family_name}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("First name: ") . $rek . "</td>\n\t<td><input type=\"text\" name=\"firstname\" value=\"{$frm_firstname}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Is it a company: ") . $rek . "</td>\n\t<td><input type=\"radio\" name=\"iscomp\" value=\"yes\"{$compyes}>" . _("Yes") . "\n<input type=\"radio\" name=\"iscomp\" value=\"no\"{$compno}>" . _("No") . "</td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Company name: ") . "</td>\n\t<td><input type=\"text\" name=\"compname\" value=\"{$frm_compname}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("VAT/GST Number: ") . "</td>\n\t<td><input type=\"text\" name=\"vat_num\" value=\"{$frm_vat_num}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Email: ") . $rek . "</td>\n\t<td><input type=\"text\" name=\"email\" value=\"{$frm_email}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Phone number: ") . $rek . "</td>\n\t<td><input type=\"text\" name=\"phone\" value=\"{$frm_phone}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Fax: ") . "</td>\n\t<td><input type=\"text\" name=\"fax\" value=\"{$frm_fax}\"></td>\n</tr></table>";
$client_skined = $client_info;
if ($frm_country == "" && !isset($db_product) || $frm_country == "" && $db_product["heb_type"] == "shared") {
$frm_country = $conf_this_server_country_code;
}
$client_addr = "<table>\n<tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Address (line1): ") . $rek . "</td>\n\t<td><input type=\"text\" name=\"address1\" value=\"{$frm_addr1}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Address (line2): ") . "</td>\n\t<td><input type=\"text\" name=\"address2\" value=\"{$frm_addr2}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Address (line3): ") . "</td>\n\t<td><input type=\"text\" name=\"address3\" value=\"{$frm_addr3}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Zipcode: ") . $rek . "</td>\n\t<td><input type=\"text\" name=\"zipcode\" value=\"{$frm_zipcode}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("City: ") . $rek . "</td>\n\t<td><input type=\"text\" name=\"city\" value=\"{$frm_city}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("State: ") . "</td>\n\t<td><input type=\"text\" name=\"state\" value=\"{$frm_state}\"></td>\n</tr><tr>\n\t<td style=\"white-space: nowrap;text-align: right;\">" . _("Country: ") . $rek . "</td>\n\t<td><select name=\"country\">" . cc_code_popup($frm_country) . "</select></td>\n</tr></table>";
# $addr_skined = skin("frame",$client_addr,"");
$addr_skined = $client_addr;
if ($conf_selling_conditions_url != "none") {
$conditions = "<input type=\"checkbox\" name=\"condition\" value=\"yes\"> " . $rek . _("I agree to the") . " <a href=\"{$conf_selling_conditions_url}\">" . _("selling conditions") . "</a>";
} else {
$conditions = "";
}
$HTML_admin_edit_data = "<a href=\"/dtc\">" . _("Go to login") . "</a>\n<script language=\"javascript\">\n\n{$p_jscript}\n\nvar DHTML = (document.getElementById || document.all || document.layers);\nfunction getObj(name){\n\tif (document.getElementById){\n\t\tthis.obj = document.getElementById(name);\n\t\tthis.style = document.getElementById(name).style;\n\t}else if(document.all){\n\t\tthis.obj = document.all[name];\n\t\tthis.style = document.all[name].style;\n\t}else{\n\t\tthis.obj = document.layers[name];\n\t\tthis.style = document.layers[name];\n\t}\n}\n\nfunction hostingProductChanged(){\n\tif (!DHTML) return;\n\tif(document.newuser_form.product_id.value == -1){\n\t\treturn;\n\t}\n\thosting_type = prod_popup_htype[document.newuser_form.product_id.value];\n\tvar a = new getObj('domname_field');\n\tvar b = new getObj('domname_text');\n\tvar c = new getObj('vps_popup_field');\n\tvar d = new getObj('vps_popup_text');\n\tvar e = new getObj('vps_ospopup_text');\n\tvar f = new getObj('vps_ospopup_field');\n\tif(hosting_type == 'vps'){\n\t\ta.style.visibility = 'hidden';\n\t\ta.style.display = 'none';\n\t\tb.style.visibility = 'hidden';\n\t\tb.style.display = 'none';\n\n\t\tc.style.visibility = 'visible';\n\t\tc.style.display = 'block';\n\t\td.style.visibility = 'visible';\n\t\td.style.display = 'block';\n\t\te.style.visibility = 'visible';\n\t\te.style.display = 'block';\n\t\tf.style.visibility = 'visible';\n\t\tf.style.display = 'block';\n\t}else{\n\t\ta.style.visibility = 'visible';\n\t\ta.style.display = 'block';\n\t\tb.style.visibility = 'visible';\n\t\tb.style.display = 'block';\n\n\t\tc.style.visibility = 'hidden';\n\t\tc.style.display = 'none';\n\t\td.style.visibility = 'hidden';\n\t\td.style.display = 'none';\n\t\te.style.visibility = 'hidden';\n\t\te.style.display = 'none';\n\t\tf.style.visibility = 'hidden';\n\t\tf.style.display = 'none';\n\t}\n}\n\n</script><br>\n<br>\n<i>" . _("Feilds with a <font color=\"red\">*</font> are mandatory.") . "</i><br>\n<form name=\"newuser_form\" action=\"" . $_SERVER["PHP_SELF"] . "\" methode=\"post\">\n<input type=\"hidden\" name=\"action\" value=\"new_user_request\">\n<table>\n<tr>\n\t<td valign=\"top\"><h3>" . _("Product:") . "</h3>\n\t{$prod_popup}<br>\n<h3>" . _("Login info") . ":</h3> " . $login_skined . "</td>\n\t<td width=\"4\" background=\"gfx/border_2.gif\"></td>\n\t<td valign=\"top\"><h3>" . _("Client info") . "</h3> {$client_skined}</td>\n\t<td width=\"4\" background=\"gfx/border_2.gif\"></td>\n\t<td valign=\"top\"><h3>" . _("Customer's address") . "</h3> {$addr_skined}</td>\n</tr></table>\n{$conditions}\n<table border=\"0\">\n<tr>\n\t<td>" . _("Leave a message describing any specific requirements you might have for your account:") . "</td>\n\t<td><textarea name=\"custom_notes\" cols=\"50\" rows=\"5\">{$frm_custom_notes}</textarea></td>\n\t<td><input type=\"submit\" name=\"Login\" value=\"Register\"></td>\n</tr>\n</table>\n</form>";
// return $login_skined;
return $HTML_admin_edit_data;
}
$num_rows = mysql_num_rows($result);
if ($num_rows != 1) {
die("Client id not found in client table !");
}
$row = mysql_fetch_array($result);
$funds = $row["dolar"];
$funds += $_REQUEST["refund_amount"];
$query = "UPDATE {$pro_mysql_client_table} SET dolar='{$funds}' WHERE id='{$id_client}';";
$result = mysql_query($query) or die("Cannot execute query \"{$query}\" !!!" . mysql_error());
} else {
die("You don't have a client ID !!!");
}
}
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "registry_renew_domain") {
checkLoginPassAndDomain($adm_login, $adm_pass, $edit_domain);
if (!isRandomNum($_REQUEST["num_years"]) || strlen($_REQUEST["num_years"]) != 1) {
echo _("Number of years is not a number between 1 and 9.");
} else {
$q = "SELECT id_client FROM {$pro_mysql_admin_table} WHERE adm_login='******';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
die("ID client not found line " . __LINE__ . " file " . __FILE__);
}
$admin = mysql_fetch_array($r);
$id_client = $admin["id_client"];
$q = "SELECT * FROM {$pro_mysql_client_table} WHERE id='{$id_client}';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
die("Client record not found line " . __LINE__ . " file " . __FILE__);
$charset = $stt->ctype_parameters["charset"];
}
//echo "$charset\n";
$body = mb_convert_encoding($body, "UTF-8", strtoupper($charset));
//echo $body;
//exit(1);
// Check if the To: has the support ID number in it
// emails are sent to something like: support-3bc8212a0@dtc.example.com
// and that a record really exists for it
if (preg_match("/" . $tik_regexp . "/", $email_to)) {
// If the To: match an existing ID of a previous ticket, then we should search for that ticket
$start = strlen($conf_support_ticket_email) + 1;
$end = strlen($email_to) - $start - strlen($tik_domain) - 1;
// Size of the email - size of "support+" - size of "@domain.tld"
$ticket_hash = substr($email_to, $start, $end);
if (isRandomNum($ticket_hash)) {
$q = "SELECT * FROM {$pro_mysql_tik_queries_table} WHERE hash='{$ticket_hash}';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n == 1) {
// We have a match, we should consider inserting this ticket as a reply...
$start_tik = mysql_fetch_array($r);
// Reopen the ticket if it was closed
$q = "UPDATE {$pro_mysql_tik_queries_table} SET closed='no' WHERE hash='{$ticket_hash}';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$last_id = findLastTicketID($ticket_hash);
if ($last_id != 0) {
$q = "INSERT INTO {$pro_mysql_tik_queries_table} (id,adm_login,date,time,in_reply_of_id,reply_id,admin_or_user,text,initial_ticket)\n\t\t\t\tVALUES('','" . $start_tik["adm_login"] . "','" . date('Y-m-d') . "','" . date('H:m:i') . "','{$last_id}','0','user','" . mysql_real_escape_string($body) . "','no');";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$new_id = mysql_insert_id();
$q = "UPDATE {$pro_mysql_tik_queries_table} SET reply_id='{$new_id}' WHERE id='{$last_id}';";
function renew_form()
{
global $pro_mysql_admin_table;
global $pro_mysql_new_admin_table;
global $pro_mysql_product_table;
global $pro_mysql_pending_renewal_table;
global $pro_mysql_client_table;
global $pro_mysql_companies_table;
global $pro_mysql_vps_table;
global $pro_mysql_dedicated_table;
global $pro_mysql_vps_server_table;
global $conf_webmaster_email_addr;
global $conf_message_subject_header;
global $conf_this_server_country_code;
global $secpayconf_currency_letters;
global $cc_europe;
get_secpay_conf();
// Do field format checking and escaping for all fields
if (!isFtpLogin($_REQUEST["adm_login"])) {
$ret["err"] = 2;
$ret["mesg"] = "User login format incorrect. Please use letters and numbers only and from 4 to 16 chars.";
return $ret;
}
$q = "SELECT adm_login,id_client FROM {$pro_mysql_admin_table} WHERE adm_login='******';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 3;
$ret["mesg"] = "Username not found in database! Try again.";
return $ret;
} else {
$admin = mysql_fetch_array($r);
}
if (isset($_REQUEST["renew_type"]) && ($_REQUEST["renew_type"] == "ssl" || $_REQUEST["renew_type"] == "ssl_renew")) {
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE heb_type ='ssl';";
} else {
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . addslashes($_REQUEST["product_id"]) . "';";
}
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 3;
$ret["mesg"] = "<font color=\"red\">Cannot find product id!</font>";
return $ret;
}
$a = mysql_fetch_array($r);
$product = $a;
$the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})";
$prod_id = $a["id"];
$form = "<b><u>" . _("Renewal for login:"******"</u></b> " . $_REQUEST["adm_login"] . "<br>";
$form .= "<b><u>" . _("Product to renew:") . "</u></b> " . $a["name"] . " (" . number_format($a["price_dollar"], 2) . " {$secpayconf_currency_letters})<br><br>";
switch ($_REQUEST["renew_type"]) {
case "vps":
if (!isRandomNum($_REQUEST["vps_id"])) {
$ret["err"] = 3;
$ret["mesg"] = "<font color=\"red\">VPS id is not a valid number!</font>";
return $ret;
}
$client_id = $_REQUEST["vps_id"];
$q = "SELECT country_code FROM {$pro_mysql_vps_table},{$pro_mysql_vps_server_table}\n\t\tWHERE {$pro_mysql_vps_table}.id='" . $_REQUEST["vps_id"] . "' AND {$pro_mysql_vps_server_table}.hostname = {$pro_mysql_vps_table}.vps_server_hostname";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 3;
$ret["mesg"] = "<font color=\"red\">Cannot find vps server country</font>";
return $ret;
}
$ax = mysql_fetch_array($r);
$country = $ax["country_code"];
break;
case "shared":
case "ssl":
if (!isRandomNum($_REQUEST["client_id"])) {
$ret["err"] = 3;
$ret["mesg"] = "<font color=\"red\">Client id is not a valid number!</font>";
return $ret;
}
$client_id = $_REQUEST["client_id"];
$country = $conf_this_server_country_code;
break;
case "ssl_renew":
if (!isRandomNum($_REQUEST["ssl_ip_id"])) {
$ret["err"] = 3;
$ret["mesg"] = "<font color=\"red\">ssl_ip_id is not a valid number!</font>";
return $ret;
}
$client_id = $_REQUEST["ssl_ip_id"];
$country = $conf_this_server_country_code;
break;
case "server":
if (!isRandomNum($_REQUEST["server_id"])) {
$ret["err"] = 3;
$ret["mesg"] = "<font color=\"red\">Server id is not a valid number!</font>";
return $ret;
}
$client_id = $_REQUEST["server_id"];
$q = "SELECT country_code FROM {$pro_mysql_dedicated_table} WHERE id='" . $_REQUEST["server_id"] . "';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " mysql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 3;
$ret["mesg"] = "<font color=\"red\">Cannot find dedicated server country</font>";
return $ret;
}
$ax = mysql_fetch_array($r);
$country = $ax["country_code"];
break;
default:
die("Renew type unknown line " . __LINE__ . " file " . __FILE__);
// To be implemented for other means!
break;
}
$mail_content = "\nSomebody tried to renew a contract. Here is the details of the renewal:\n\nlogin: "******"adm_login"] . "\nProduct name: {$the_prod}\nRenew product type: " . $_REQUEST["renew_type"] . "\nService country: {$country}\n";
if ($admin["id_client"] == 0) {
$ret["err"] = 3;
$ret["mesg"] = "Admin does not link to a client.";
return $ret;
}
// Get the client ID so we can get the country
$q = "SELECT * FROM {$pro_mysql_client_table} WHERE id='" . $admin["id_client"] . "'";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 3;
$ret["mesg"] = "Client not found in database! Try again.";
return $ret;
} else {
$client = mysql_fetch_array($r);
}
// Get the VAT from the invoicing company
$company_invoicing_id = findInvoicingCompany($country, $client["country"]);
$q = "SELECT * FROM {$pro_mysql_companies_table} WHERE id='{$company_invoicing_id}';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
if ($n != 1) {
$ret["err"] = 3;
$ret["mesg"] = "Cannot find company for invoicing.";
return $ret;
}
$company_invoicing = mysql_fetch_array($r);
// If VAT is set, use it.
if ($company_invoicing["vat_rate"] == 0 || $company_invoicing["vat_number"] == "") {
$vat_rate = 0;
$use_vat = "no";
} else {
// Both companies are in europe, in different countries, and customer as a VAT number,
// then there is no VAT and the customer shall pay the VAT in it's own country
// These are the VAT rules in the European Union...
if ($client["is_company"] == "yes" && $client["vat_num"] != "" && isset($cc_europe[$client["country"]]) && isset($cc_europe[$company_invoicing["country"]]) && $client["country"] != $company_invoicing["country"]) {
$vat_rate = 0;
$use_vat = "no";
} else {
$use_vat = "yes";
$vat_rate = $company_invoicing["vat_rate"];
}
}
$headers = "From: DTC Robot <{$conf_webmaster_email_addr}>";
$subject = $admin["adm_login"] . " tried to renew {$the_prod}";
mail($conf_webmaster_email_addr, "{$conf_message_subject_header} {$subject}", $mail_content, $headers);
// Save the values in SQL and process the paynow buttons
$q = "INSERT INTO {$pro_mysql_pending_renewal_table} (id,adm_login,renew_date,renew_time,product_id,renew_id,heb_type,country_code)\n\tVALUES ('','" . $_REQUEST["adm_login"] . "',now(),now(),'" . $prod_id . "','" . $client_id . "','" . $_REQUEST["renew_type"] . "','{$country}');";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$renew_id = mysql_insert_id();
$payid = createCreditCardPaiementID($a["price_dollar"], $renew_id, $a["name"] . " (login: "******"adm_login"] . ")", "no", $prod_id, $vat_rate);
$q = "UPDATE {$pro_mysql_pending_renewal_table} SET pay_id='{$payid}' WHERE id='{$renew_id}';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$return_url = $_SERVER["PHP_SELF"] . "?action=return_from_pay®id={$payid}";
$paybutton = paynowButton($payid, $a["price_dollar"], $a["name"] . " (login: "******"adm_login"] . ")", $return_url, $vat_rate);
$form .= _("Please click on the button below to send money in your account:") . "<br><br>" . $paybutton;
$ret["err"] = 0;
$ret["mesg"] = $form;
return $ret;
}
}
// action=new_ticket&subject=test+subject&server_hostname=test.vpsserver.com%3A01&issue_cat_id=network&ticketbody=I+can%27t+connect+to+my+VPS%21
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "new_ticket") {
checkLoginPass($adm_login, $adm_pass);
if (strlen($_REQUEST["subject"]) == 0) {
echo _("Subject line empty: cannot send ticket!");
} else {
$hash = createSupportHash();
$q = "INSERT INTO {$pro_mysql_tik_queries_table} (id,adm_login,date,time,subject,text,cat_id,initial_ticket,server_hostname,hash)\n\t\tVALUES ('','{$adm_login}','" . date("Y-m-d") . "','" . date("H:i:s") . "','" . addslashes($_REQUEST["subject"]) . "','" . addslashes($_REQUEST["ticketbody"]) . "','" . addslashes($_REQUEST["issue_cat_id"]) . "','yes','" . addslashes($_REQUEST["server_hostname"]) . "','{$hash}');";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
mailTicketToAllAdmins($_REQUEST["subject"], $_REQUEST["ticketbody"], $adm_login);
}
}
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "add_ticket_reply") {
checkLoginPass($adm_login, $adm_pass);
if (!isRandomNum($_REQUEST["last_tik_id"]) || !isRandomNum($_REQUEST["tik_id"])) {
echo _("last_tick_id or tik_id is not a number: hacking attempt!");
} else {
// Insert the new ticket
$q = "INSERT INTO {$pro_mysql_tik_queries_table} (id,adm_login,date,time,subject,text,cat_id,initial_ticket,server_hostname,in_reply_of_id,request_close)\n\t\tVALUES ('','{$adm_login}','" . date("Y-m-d") . "','" . date("H:i:s") . "','" . addslashes($_REQUEST["subject"]) . "','" . addslashes($_REQUEST["ticketbody"]) . "','" . addslashes($_REQUEST["cat_id"]) . "','no','" . addslashes($_REQUEST["server_hostname"]) . "','" . addslashes($_REQUEST["last_tik_id"]) . "','" . addslashes($_REQUEST["request_to_close"]) . "');";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$ins_id = mysql_insert_id();
// Update the chained list of tickets
$q = "UPDATE {$pro_mysql_tik_queries_table} SET reply_id='{$ins_id}' WHERE id='" . $_REQUEST["last_tik_id"] . "';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
// Set the initial ticket as reopen in case it was closed
$q = "UPDATE {$pro_mysql_tik_queries_table} SET closed='no' WHERE id='" . $_REQUEST["tik_id"] . "';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
mailTicketToAllAdmins($_REQUEST["subject"], $_REQUEST["ticketbody"], $adm_login);
}
}
<?php
// get_install_log.php?adm_login=$adm_login&adm_pass=$adm_pass&vps_node=$vps_node&vps_name=$vps_name
$panel_type = "admin";
require_once "../shared/autoSQLconfig.php";
require_once "{$dtcshared_path}/dtc_lib.php";
$vps_name = $_REQUEST["vps_name"];
$vps_node = $_REQUEST["vps_node"];
if (!isRandomNum($vps_name)) {
die("Not a vps number...");
}
if (!isHostname($vps_node)) {
die("Not a vps name...");
}
if (checkVPSAdmin($adm_login, $adm_pass, $vps_node, $vps_name) == false) {
die("Login, pass, vps number or node name incorrect: access not granted!");
}
$soap_client = connectToVPSServer($vps_node);
if ($soap_client != false) {
// getVPSInstallLog(vpsname,numlines)
$r = $soap_client->call("getVPSInstallLog", array("vpsname" => $vps_name, "numlines" => "0"), "", "", "");
$err = $soap_client->getError();
if ($err) {
die("Could not get VPS install log. Error: " . $err);
}
// prepare to send JSON
header('Content-type: application/json');
// disable cookies (so script works for privacy conscious users too)
ini_set('session.use_cookies', false);
// start ongoing or new session
if (isset($_GET["PHPSESSID"])) {
// action=modify_fetchmail&boxid=5&email_addr=zigo%40pplchat.com&mailbox_type=POP3&server_addr=gplhost.com&login=zigo%40pplchat.com&server_addr=master
// action=dtcemail_change_pass&newpass1=&newpass2=&submit=Ok
// $q = " WHERE id='$user' AND mbox_host='$host';";
// action=modify_fetchmail&boxid=5&email_addr=zigo%40pplchat.com&mailbox_type=POP3&server_addr=gplhost.com&login=zigo%40pplchat.com&server_addr=master
// action=dtcemail_change_pass&newpass1=&newpass2=&submit=Ok
case "modify_fetchmail":
if (!isRandomNum($_REQUEST["boxid"])) {
die("Box id is not a number!");
}
if (checkMailbox($user, $host, $_REQUEST["email_addr"], $_REQUEST["mailbox_type"], $_REQUEST["server_addr"], $_REQUEST["login"], $_REQUEST["pass"])) {
$q = "UPDATE {$pro_mysql_fetchmail_table} SET pop3_email='" . $_REQUEST["email_addr"] . "',\n\t\tpop3_server='" . $_REQUEST["server_addr"] . "',pop3_login='******',pop3_pass='******' WHERE domain_user='******' AND domain_name='{$host}' AND id='" . $_REQUEST["boxid"] . "';";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
}
break;
case "del_fetchmail":
if (!isRandomNum($_REQUEST["boxid"])) {
die("Box id is not a number!");
}
$q = "DELETE FROM {$pro_mysql_fetchmail_table} WHERE domain_user='******' AND domain_name='{$host}' AND id='" . $_REQUEST["boxid"] . "';";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
break;
case "dtcemail_change_pass":
if (!isDTCPassword($_REQUEST["newpass1"])) {
die("Incorrect password format!");
}
if (!isDTCPassword($_REQUEST["newpass2"])) {
die("Incorrect password format!");
}
if ($_REQUEST["newpass1"] != $_REQUEST["newpass2"]) {
die("Password 1 does not match password 2!");
}
function drawAdminTools_AddDomain($admin)
{
global $adm_login;
global $adm_pass;
global $addrlink;
global $registration_added_price;
global $conf_addr_primary_dns;
global $conf_addr_secondary_dns;
global $form_enter_dns_infos;
global $form_enter_domain_name;
global $whois_forwareded_params;
global $form_period_popup;
global $conf_webmaster_email_addr;
global $conf_use_registrar_api;
global $pro_mysql_pending_queries_table;
global $pro_mysql_domain_table;
global $pro_mysql_client_table;
global $pro_mysql_product_table;
global $registry_api_modules;
global $secpayconf_currency_letters;
global $pro_mysql_handle_table;
get_secpay_conf();
$out = "";
$form_start = "\n<form action=\"" . $_SERVER["PHP_SELF"] . "\">\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<input type=\"hidden\" name=\"action\" value=\"dtcrm_add_domain\">\n";
// User is trying to add a new service, let's complete the form!
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "add_new_service") {
if (!isRandomNum($_REQUEST["product_id"])) {
$out .= _("The product ID is not a valid integer number.");
return $out;
}
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . $_REQUEST["product_id"] . "';";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$out .= _("Cannot reselect product: registration failed!");
return $out;
}
$product = mysql_fetch_array($r);
switch ($product["heb_type"]) {
default:
case "shared":
// -> Something has to be done to select dedicated servers location in the form !!!
// -> Something has to be done to select dedicated servers location in the form !!!
case "server":
$added1 = "<input type=\"hidden\" name=\"vps_location\" value=\"node0001.example.com\">\n<input type=\"hidden\" name=\"vps_os\" value=\"debian\">";
break;
case "vps":
$added1 = _("VPS location: ") . "<select name=\"vps_location\">" . vpsLocationSelector() . "</select><br>" . _("VPS OS: ") . "<select name=\"vps_os\">\n<option value=\"debian\">Debian</option>\n<option value=\"centos\">CentOS</option>\n<option value=\"gentoo\">Gentoo</option>\n<option value=\"netbsd\">NetBSD</option>\n</select><br>";
break;
}
$out .= "<br><br><h3>" . _("Add another service to your account:") . "</h3>" . "<br><form action=\"/dtc/new_account.php\">\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<input type=\"hidden\" name=\"product_id\" value=\"" . $_REQUEST["product_id"] . "\">\n<input type=\"hidden\" name=\"action\" value=\"add_new_service\">" . $added1 . "\n" . _("Special notes for the setup") . ":<textarea name=\"custom_notes\" cols=\"50\" rows=\"5\"></textarea><br>\n" . submitButtonStart() . _("Register") . submitButtonEnd() . "\n";
return $out;
}
// Registration, hosting, or both ?
if (!isset($_REQUEST["add_domain_type"]) || $_REQUEST["add_domain_type"] != "domregandhosting" && $_REQUEST["add_domain_type"] != "domreg" && $_REQUEST["add_domain_type"] != "hosting") {
$out .= "<br><h3>" . _("What do you want to add:") . "</h3>\n{$form_start}";
if ($conf_use_registrar_api == "yes") {
$out .= "<input type=\"radio\" name=\"add_domain_type\" value=\"domregandhosting\" checked>" . _("Hosting + domain name registration or transfer") . "<br>";
$add_domain_type_checked = " ";
} else {
$add_domain_type_checked = " checked ";
}
$out .= "<input type=\"radio\" name=\"add_domain_type\" value=\"hosting\" checked>" . _("Hosting only") . "<br>\n" . submitButtonStart() . _("Ok") . submitButtonEnd() . "\n</form>\n";
$out .= "<br><br><h3>" . _("Add another service to your account:") . "</h3>";
if (isset($admin["data"])) {
$added_conditions = " AND heb_type NOT LIKE 'shared' ";
} else {
$added_conditions = "";
}
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE private='no' AND renew_prod_id='0' AND heb_type NOT LIKE 'ssl' {$added_conditions};";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
for ($i = 0; $i < $n; $i++) {
$a = mysql_fetch_array($r);
// if($i > 0){
// $out .= " - ";
// }
$out .= "<form action=\"" . $_SERVER["PHP_SELF"] . "\">\n\t\t\t<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n\t\t\t<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n\t\t\t<input type=\"hidden\" name=\"action\" value=\"add_new_service\">\n\t\t\t<input type=\"hidden\" name=\"product_id\" value=\"" . $a["id"] . "\">\n\t\t\t<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n\t\t\t" . submitButtonStart() . $a["name"] . submitButtonEnd() . "</form>";
// $out .= "<a href=\"/dtc/new_account.php?action=add_new_service&adm_login=$adm_login&product_id=".$a["id"]."\">".$a["name"]."</a>";
}
return $out;
}
$form_start .= "<input type=\"hidden\" name=\"add_domain_type\" value=\"" . $_REQUEST["add_domain_type"] . "\">";
// $form_start .= "<input type=\"hidden\" name=\"add_domain_type\" value=\"domregandhosting\">";
if ($_REQUEST["add_domain_type"] == "hosting") {
// The don't want name registration or transfer,
// Simply add the domain.
if ($admin["info"]["allow_add_domain"] == "no") {
return _("You curently don't have enough privileges to add domain names. If you often add domain names, you can ask the administrator to do so. To request hosting for a new domain without domain name registration, please write to:") . "<br>" . "<a href=\"mailto:{$conf_webmaster_email_addr}?subject=[DTC] More domains\">{$conf_webmaster_email_addr}</a>.";
}
if ($admin["info"]["max_domain"] != 0) {
$maxdomq = "SELECT COUNT(name) AS numofdomains FROM {$pro_mysql_domain_table} WHERE owner='{$adm_login}';";
$maxdomr = mysql_query($maxdomq) or die("Cannot query {$maxdomq} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$maxdoma = mysql_fetch_array($maxdomr);
$num_of_installed_domains = $maxdoma["numofdomains"];
if ($num_of_installed_domains >= $admin["info"]["max_domain"]) {
return _("You have reached the maximum number of domains that you are allowed to run with this type of account.\nIf you want to add more domain names, you should get in touch by opening a new support ticket.");
}
}
if (!isset($_REQUEST["domain_name"]) || $_REQUEST["domain_name"] == "") {
return "<br><b><u>" . _("Please enter the domain name you wish to add:") . "</u></b><br>\n{$form_start}<input type=\"text\" name=\"domain_name\" value=\"\">\n" . submitButtonStart() . _("Ok") . submitButtonEnd() . "\n</form>";
}
if (!isHostname($_REQUEST["domain_name"])) {
return _("Domain name is not in correct format. Please enter another name.");
}
$q = "SELECT * FROM {$pro_mysql_domain_table} WHERE name='" . $_REQUEST["domain_name"] . "';";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
return _("This domain name already hosted here, please enter another name.");
}
if ($admin["info"]["allow_add_domain"] == "check") {
$q = "INSERT INTO {$pro_mysql_pending_queries_table} (adm_login,domain_name,date) VALUES ('{$adm_login}','" . $_REQUEST["domain_name"] . "','" . date("Y-m-d H:i") . "');";
$r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error());
return "<br><u><b>" . _("Your domain name will be soon validated:") . "</b></u><br>" . _("An administrator will examine your request shortly, and validate the addition of this domain name to your account. You curently don't have enough privileges to add domain names. If you often add domain names, you can ask the administrator to grant you the privilege of automatic domain name addition. To request hosting for a new domain name, without administrator validation or domain name registration, please write to:") . "<br>\n<a href=\"{$conf_webmaster_email_addr}?subject=[DTC] More domains\">{$conf_webmaster_email_addr}</a>.<br>\n<br>\n" . _("You can add another domain name:") . "\n{$form_start}<input type=\"text\" name=\"domain_name\" value=\"\">\n" . submitButtonStart() . _("Ok") . submitButtonEnd() . "\n</form>\n";
}
addDomainToUser($adm_login, $adm_pass, $_REQUEST["domain_name"]);
return "<br><u><b>" . _("Your domain name is now ready:") . "</b></u><br>\n" . _("Now you can go to check its configuration by clicking here:") . "<br>\n<a href=\"" . $_SERVER["PHP_SELF"] . "?adm_login={$adm_login}&adm_pass={$adm_pass}&addrlink=" . $_REQUEST["domain_name"] . "\">" . $_REQUEST["domain_name"] . "</a><br>\n<br>\n" . _("Alternatively, you can add another domain name:") . "\n{$form_start}<input type=\"text\" name=\"domain_name\" value=\"\">\n" . submitButtonStart() . _("Ok") . submitButtonEnd() . "\n</form>\n";
}
// Registration or domain transfer ?
if (!isset($_REQUEST["add_regortrans"]) || $_REQUEST["add_regortrans"] != "register" && $_REQUEST["add_regortrans"] != "transfer") {
$out .= "<br><h3>" . _("Do you want to transfer an existing domain or register a new domain?") . "</h3>\n{$form_start}\n<input type=\"radio\" name=\"add_regortrans\" value=\"register\" checked>" . _("Register a new domain") . "<br>\n<input type=\"radio\" name=\"add_regortrans\" value=\"transfer\">" . _("Transfer an existing domain from another registrar") . "<br>\n" . submitButtonStart() . _("Ok") . submitButtonEnd() . "\n</form>\n";
return $out;
}
if ($_REQUEST["add_regortrans"] == "transfer") {
return drawNameTransfer($admin);
}
$form_start .= "<input type=\"hidden\" name=\"add_regortrans\" value=\"register\">";
// Start registration procedure (with or without hosting)
$out .= "<br><h3>" . _("Register a domain name") . "</h3>";
$out .= "<i><u>" . _("Step 1: Verify availability") . "</u></i><br>";
if (!isset($_REQUEST["toreg_domain"]) || $_REQUEST["toreg_domain"] == "" || !isset($_REQUEST["toreg_extention"]) || $_REQUEST["toreg_extention"] == "") {
$out .= "<br>" . _("Enter the domain name you want to register:") . "<br>\n{$form_start} " . make_registration_tld_popup() . "</form>";
return $out;
}
$fqdn = $_REQUEST["toreg_domain"] . $_REQUEST["toreg_extention"];
$domlookup = registry_check_availability($fqdn);
if ($domlookup["is_success"] != 1) {
$out .= "<font color=\"red\">" . _("Could not connect to domain registration server: please try again later!") . "</font><br>" . $domlookup['response_text'];
return $out;
}
if ($domlookup["attributes"]["status"] != "available") {
$out .= "<br>\n" . _("Sorry, the domain name ") . " <b>{$fqdn}</b> " . _("is NOT available for registration. The registration server returned: ") . "<br><font color=\"red\">" . $domlookup["response_text"] . "</font>\n<br><br>\nHave another try:<br>{$form_start} " . make_registration_tld_popup() . "</form>";
return $out;
}
$form_start .= "<input type=\"hidden\" name=\"toreg_domain\" value=\"" . $_REQUEST["toreg_domain"] . "\">\n<input type=\"hidden\" name=\"toreg_extention\" value=\"" . $_REQUEST["toreg_extention"] . "\">";
$q = "SELECT * FROM {$pro_mysql_domain_table} WHERE name='{$fqdn}';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 0) {
$out .= "<br>\n" . _("The domain name") . " <b>{$fqdn}</b> " . _("is already in use in this server: you can't register that domain name.") . "<br>" . _("Have another try:") . "<br>{$form_start} " . make_registration_tld_popup() . "</form>";
return $out;
}
// DOMAIN IS AVAILABLE, PROCEED DO REGISTRATION
$out .= "Domain name <b>{$fqdn}</b> is available for registration.<br><br>\n<i><u>" . _("Step 2: Enter whois information") . "</u></i><br>\n";
//http://dtc.example.com/dtc/index.php?adm_login=dtc&adm_pass=bemybest&
//addrlink=myaccount%2Fadddomain&
//action=dtcrm_add_domain&add_domain_type=domreg&add_regortrans=register&
//toreg_domain=yugluxrfvcd&toreg_extention=.com&
//dtcrm_owner_hdl=1&dtcrm_billing_hdl=1&dtcrm_admin_hdl=1&
//toreg_dns1=default&toreg_dns2=default&
//toreg_period=1
if (!isset($_REQUEST["dtcrm_owner_hdl"]) || $_REQUEST["dtcrm_owner_hdl"] == "" || !isset($_REQUEST["dtcrm_admin_hdl"]) || $_REQUEST["dtcrm_admin_hdl"] == "" || !isset($_REQUEST["dtcrm_billing_hdl"]) || $_REQUEST["dtcrm_billing_hdl"] == "" || !isset($_REQUEST["dtcrm_teck_hdl"]) || $_REQUEST["dtcrm_teck_hdl"] == "" || !isset($_REQUEST["toreg_dns1"]) || $_REQUEST["toreg_dns1"] == "" || !isset($_REQUEST["toreg_dns2"]) || $_REQUEST["toreg_dns2"] == "" || $_REQUEST["toreg_period"] < 1 || $_REQUEST["toreg_period"] > 10) {
$year = _("year");
$years = _("years");
$out .= _("Please select registran and the 3 contact handles you want to use for registering that domain name.") . "<br><br>{$form_start}";
$out .= whoisHandleSelection($admin);
if (isset($domlookup["attributes"]["minperiod"])) {
$minreg = str_replace("Y", "", $domlookup["attributes"]["maxperiod"]);
} else {
$minreg = 1;
}
if (isset($domlookup["attributes"]["maxperiod"])) {
$maxreg = str_replace("Y", "", $domlookup["attributes"]["maxperiod"]);
} else {
$maxreg = 10;
}
$out .= "<br>{$form_enter_dns_infos}<br><br>\n" . _("Select how long you want to register this domain name:") . "<br>\n<select name=\"toreg_period\"><option value=\"1\">1 {$year}</option>";
for ($p = 2; $p <= $maxreg; $p++) {
$out .= "<option value=\"{$p}\"";
if ($p == $minreg) {
$out .= " selected>Minimum";
} else {
$out .= ">";
}
$out .= " {$p} {$years}</option>";
}
$out .= "</select><br><br>\n" . submitButtonStart() . _("Ok") . submitButtonEnd() . "\n</form>\n";
return $out;
}
$form_start .= "{$whois_forwareded_params}\n<input type=\"hidden\" name=\"toreg_period\" value=\"" . $_REQUEST["toreg_period"] . "\">";
$out .= "Registration for <b>" . $_REQUEST["toreg_period"] . " years</b><br>";
$out .= "DNS1: " . $_REQUEST["toreg_dns1"] . "<br>";
$out .= "DNS2: " . $_REQUEST["toreg_dns2"] . "<br><br>";
$out .= "<i><u>" . _("Step 3: Proceed to registration") . "</u></i>\n{$form_start}\n";
// Check if paiement has just occured !
if (isset($_REQUEST["inner_action"]) && $_REQUEST["inner_action"] == "return_from_paypal_domain_add") {
$ze_refund = isPayIDValidated(addslashes($_REQUEST["pay_id"]));
if ($ze_refund == 0) {
$out .= "<font color=\"red\">The transaction failed, please try again!</font>";
} else {
$out .= "<font color=\"green\">Funds added to your account</font>";
$q = "UPDATE {$pro_mysql_client_table} SET dollar = dollar+" . $ze_refund . " WHERE id='" . $admin["info"]["id_client"] . "';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$admin["client"]["dollar"] += $ze_refund;
}
}
// Check billing to know if user has enough money on his account
$price = find_domain_price($_REQUEST["toreg_extention"]);
$fqdn_price = $price;
$fqdn_price *= $_REQUEST["toreg_period"];
if ($admin["info"]["id_client"] != 0) {
$remaining = $admin["client"]["dollar"];
} else {
$out .= _("You don't have a client ID. Please contact us.") . "<br>";
$remaining = 0;
return $out;
}
$out .= _("Remaining on your account: ") . " {$secpayconf_currency_letters}" . $remaining . "<br>\n" . _("Total price: ") . " " . $secpayconf_currency_letters . "" . $fqdn_price . "<br><br>";
if ($fqdn_price > $remaining) {
$to_pay = $fqdn_price - $remaining;
$payid = createCreditCardPaiementID($to_pay, $admin["info"]["id_client"], "Domain name registration " . $_REQUEST["toreg_extention"], "no");
$return_url = $_SERVER["PHP_SELF"] . "?adm_login={$adm_login}&adm_pass={$adm_pass}" . "&addrlink={$addrlink}&action=dtcrm_add_domain&add_domain_type=" . $_REQUEST["add_domain_type"] . "&add_regortrans=" . $_REQUEST["add_regortrans"] . "&toreg_domain=" . $_REQUEST["toreg_domain"] . "&toreg_extention=" . $_REQUEST["toreg_extention"] . "&dtcrm_owner_hdl=" . $_REQUEST["dtcrm_owner_hdl"] . "&dtcrm_admin_hdl=" . $_REQUEST["dtcrm_admin_hdl"] . "&dtcrm_billing_hdl=" . $_REQUEST["dtcrm_billing_hdl"] . "&dtcrm_teck_hdl=" . $_REQUEST["dtcrm_teck_hdl"] . "&toreg_dns1=" . $_REQUEST["toreg_dns1"] . "&toreg_dns2=" . $_REQUEST["toreg_dns2"] . "&toreg_dns3=" . $_REQUEST["toreg_dns3"] . "&toreg_dns4=" . $_REQUEST["toreg_dns4"] . "&toreg_dns5=" . $_REQUEST["toreg_dns5"] . "&toreg_dns6=" . $_REQUEST["toreg_dns6"] . "&toreg_period=" . $_REQUEST["toreg_period"] . "&inner_action=return_from_paypal_domain_add&payid={$payid}";
$paybutton = paynowButton($payid, $to_pay, "Domain name registration " . $_REQUEST["toreg_extention"], $return_url);
$out .= _("You currently don't have enough funds on your account. You will be redirected to our payment system. Please click on the button below to pay.") . "<br>\n<br><br>\n{$form_start}\n" . submitButtonStart() . _("Payment complete. Proceed to checkout") . submitButtonEnd() . "\n</form> {$paybutton}";
return $out;
}
// Check for confirmation
if (!isset($_REQUEST["toreg_confirm_register"]) || $_REQUEST["toreg_confirm_register"] != "yes") {
$out .= _("You have enough funds on your account to proceed with registration. Press the confirm button to proceed.") . "<br><br>\n{$form_start}\n<input type=\"hidden\" name=\"toreg_confirm_register\" value=\"yes\">\n" . submitButtonStart() . _("Proceed to name-registration") . submitButtonEnd() . "\n</form>";
return $out;
}
///////////////////////////////////////
// START OF DOMAIN NAME REGISTRATION //
$owner_id = $_REQUEST["dtcrm_owner_hdl"];
$billing_id = $_REQUEST["dtcrm_billing_hdl"];
$admin_id = $_REQUEST["dtcrm_admin_hdl"];
$teck_id = $_REQUEST["dtcrm_teck_hdl"];
$contacts = getContactsArrayFromID($owner_id, $billing_id, $admin_id, $teck_id);
$dns_servers = array();
for ($i = 1; $i < 7; $i++) {
if (isset($_REQUEST["toreg_dns{$i}"]) && isHostname($_REQUEST["toreg_dns{$i}"])) {
$dns_servers[] = $_REQUEST["toreg_dns{$i}"];
} else {
if ($i == 1) {
$dns_servers[] = $conf_addr_primary_dns;
} else {
if ($i == 2) {
$dns_servers[] = $conf_addr_secondary_dns;
}
}
}
}
$q = "SELECT * FROM {$pro_mysql_domain_table} WHERE owner='{$adm_login}' AND whois='here';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$new_user = "******";
} else {
$new_user = "******";
}
// sleep(2);
$regz = registry_register_domain($adm_login, $adm_pass, $fqdn, $_REQUEST["toreg_period"], $contacts, $dns_servers, $new_user);
if ($regz["is_success"] != 1) {
$out .= "<font color=\"red\"><b>" . _("Registration failed") . "</b></font><br>\n" . _("Server said: ") . "<i>" . $regz["response_text"] . "</i>";
return $out;
}
$out .= "<font color=\"green\"><b>Registration succesfull</b></font><br>\nServer said: <i>" . $regz["response_text"] . "</i><br>";
$operation = $remaining - $fqdn_price;
$query = "UPDATE {$pro_mysql_client_table} SET dollar='{$operation}' WHERE id='" . $admin["info"]["id_client"] . "';";
mysql_query($query) or die("Cannot query \"{$query}\" !!!" . mysql_error());
addDomainToUser($adm_login, $adm_pass, $fqdn, $adm_pass);
if ($regz["is_success"] == 1) {
$id = find_registry_id($fqdn);
$q = "UPDATE {$pro_mysql_domain_table} SET registrar='" . $registry_api_modules[$id]["name"] . "' WHERE name='{$fqdn}';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
unset($ns_ar);
$ns_ar = array();
$ns_ar[] = $_REQUEST["toreg_dns1"];
$ns_ar[] = $_REQUEST["toreg_dns2"];
if (isset($_REQUEST["toreg_dns3"]) && $_REQUEST["toreg_dns3"] != "") {
$ns_ar[] = $_REQUEST["toreg_dns3"];
}
if (isset($_REQUEST["toreg_dns4"]) && $_REQUEST["toreg_dns4"] != "") {
$ns_ar[] = $_REQUEST["toreg_dns4"];
}
if (isset($_REQUEST["toreg_dns5"]) && $_REQUEST["toreg_dns5"] != "") {
$ns_ar[] = $_REQUEST["toreg_dns5"];
}
if (isset($_REQUEST["toreg_dns6"]) && $_REQUEST["toreg_dns6"] != "") {
$ns_ar[] = $_REQUEST["toreg_dns6"];
}
newWhois($fqdn, $owner_id, $billing_id, $admin_id, $teck_id, $_REQUEST["toreg_period"], $ns_ar, $registry_api_modules[$id]["name"]);
}
$out .= "<font color=\"green\"><b>" . _("Successfully added your domain name to the hosting database") . "</b></font><br>";
$out .= _("Click") . " " . "<a href=\"" . $_SERVER["PHP_SELF"] . "?adm_login={$adm_login}&adm_pass={$adm_pass}&addrlink={$addrlink}\">" . _("here") . "</a>" . " " . _("to refresh the menu or add another domain name.");
// END OF DOMAIN NAME REGISTRATION //
/////////////////////////////////////
return $out;
}
function dtcListItemsEdit($dsc)
{
global $adm_pass;
$out = "<h3>" . $dsc["title"] . "</u></b></h3>";
// Calculate the forwards parameters for links and forms
$nbr_forwards = sizeof($dsc["forward"]);
$keys_fw = array_keys($dsc["forward"]);
$fw = "";
$fw_link = $_SERVER["PHP_SELF"] . "?";
for ($i = 0; $i < $nbr_forwards; $i++) {
if ($dsc["forward"][$i] == "adm_pass") {
$fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $adm_pass . "\">";
} else {
$fw .= "<input type=\"hidden\" name=\"" . $dsc["forward"][$i] . "\" value=\"" . $_REQUEST[$dsc["forward"][$i]] . "\">";
}
if ($i != 0) {
$fw_link .= "&";
}
if ($dsc["forward"][$i] == "adm_pass") {
$fw_link .= $dsc["forward"][$i] . "={$adm_pass}";
} else {
$fw_link .= $dsc["forward"][$i] . "=" . $_REQUEST[$dsc["forward"][$i]];
}
}
// Condition to add to each queries
$where = "WHERE 1";
if (isset($dsc["order_by"])) {
$order_by = " ORDER BY " . $dsc["order_by"];
} else {
$order_by = "";
}
$added_insert_names = "";
$added_insert_values = "";
if (isset($dsc["where_list"])) {
$nbr_where = sizeof($dsc["where_list"]);
$where_keys = array_keys($dsc["where_list"]);
for ($i = 0; $i < $nbr_where; $i++) {
if ($i != 0) {
$added_insert_names .= ",";
$added_insert_values .= ",";
}
$added_insert_names .= $where_keys[$i];
$added_insert_values .= "'" . $dsc["where_list"][$where_keys[$i]] . "'";
$where .= " AND " . $where_keys[$i] . "='" . $dsc["where_list"][$where_keys[$i]] . "'";
}
// As there will be other fields, we need that one
$added_insert_names .= ",";
$added_insert_values .= ",";
}
// Number of fields that we are about to manage here and theire names
$nbr_fld = sizeof($dsc["cols"]);
$keys = array_keys($dsc["cols"]);
// We need the current number of items now to check against the max number for addition
$q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where};";
$r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error());
$current_num_items = mysql_num_rows($r_item_list);
// SQL submit stuffs
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_new_item") {
// Todo: do the fields checkings
$commit_flag = "yes";
$commit_err = "";
for ($i = 0; $i < $nbr_fld; $i++) {
switch ($dsc["cols"][$keys[$i]]["type"]) {
case "popup":
case "radio":
$nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
$is_one_of_them = "no";
for ($j = 0; $j < $nbr_choices; $j++) {
if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) {
$is_one_of_them = "yes";
}
}
if ($is_one_of_them == "no") {
$commit_flag = "no";
$commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>";
}
break;
default:
break;
}
if (isset($dsc["cols"][$keys[$i]]["check"])) {
switch ($dsc["cols"][$keys[$i]]["check"]) {
case "subdomain":
if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a subdomain<br>";
}
}
break;
case "subdomain_or_ip":
if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>";
}
}
break;
case "ip6":
if (!isIP6($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not an IPv6 address<br>";
}
}
}
break;
case "ip_addr":
if (!isIP($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not an IP address<br>";
}
}
break;
case "domain_or_ip":
if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a domain or IP addresse<br>";
}
}
break;
case "dtc_login":
if (!isFtpLogin($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct login format.<br>";
}
}
break;
case "dtc_login_or_email":
if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct login format.<br>";
}
}
break;
case "mail_alias_group":
$mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n");
$mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw);
$mail_alias_array = split("\n", $mail_alias_nocr);
for ($x = 0; $x < count($mail_alias_array); $x++) {
if (!isValidEmail($mail_alias_array[$x])) {
$commit_flag = "no";
$commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>";
}
}
break;
case "dtc_pass":
if (!isDTCPassword($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct password format<br>";
}
}
break;
case "email":
if (!isValidEmail($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct email format<br>";
}
}
break;
case "number":
if (!isRandomNum($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct number format<br>";
}
}
break;
case "max_value_2096":
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
if (!isRandomNum($_REQUEST[$keys[$i]])) {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct number format<br>";
}
if ($_REQUEST[$keys[$i]] >= 2096) {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>";
}
}
break;
default:
$commit_flag = "no";
$commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>";
break;
}
}
}
if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) {
$commit_flag = "no";
$commit_err = "Max number of items reached!";
}
if (isset($dsc["check_unique"])) {
$nbr_unique_check = sizeof($dsc["check_unique"]);
$where_clause = "";
for ($i = 0; $i < $nbr_unique_check; $i++) {
if ($i != 0) {
$where_clause .= " AND ";
}
if (isset($dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"])) {
$where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . $dsc["cols"][$dsc["check_unique"][$i]]["happen_domain"] . "' ";
} else {
$where_clause .= $dsc["check_unique"][$i] . "='" . $_REQUEST[$dsc["check_unique"][$i]] . "' ";
}
}
if (!isset($dsc["check_unique_use_where_list"]) || $dsc["check_unique_use_where_list"] == "yes") {
$nbr_where_list_fld = sizeof($dsc["where_list"]);
$where_list_keys_fld = array_keys($dsc["where_list"]);
for ($i = 0; $i < $nbr_where_list_fld; $i++) {
$where_clause .= " AND " . $where_list_keys_fld[$i] . "='" . $dsc["where_list"][$where_list_keys_fld[$i]] . "'";
}
}
$q = "SELECT * FROM " . $dsc["table_name"] . " WHERE {$where_clause} ";
$r = mysql_query($q) or die("Cannot query \"{$q}\" line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$commit_flag = "no";
$commit_err = $dsc["check_unique_msg"];
}
}
// Build the request
$fld_names = "";
$values = "";
$added_one = "no";
for ($i = 0; $i < $nbr_fld; $i++) {
switch ($dsc["cols"][$keys[$i]]["type"]) {
case "password":
if ($added_one == "yes") {
$fld_names .= ",";
$values .= ",";
}
$fld_names .= $keys[$i];
if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") {
$values .= "NULL";
} else {
if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") {
$values .= "'default'";
} else {
if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
$values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'";
} else {
$values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'";
}
// if the crypt field is set, then we use this as the SQL field to populate the crypted password into
if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) {
if ($added_one == "yes") {
$fld_names .= ",";
$values .= ",";
}
$fld_names .= $dsc["cols"][$keys[$i]]["cryptfield"];
$values .= "'" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "'";
}
}
}
$added_one = "yes";
break;
case "text":
case "textarea":
if ($added_one == "yes") {
$fld_names .= ",";
$values .= ",";
}
$fld_names .= $keys[$i];
if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") {
$values .= "NULL";
} else {
if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") {
$values .= "'default'";
} else {
if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
$values .= "'" . addslashes($_REQUEST[$keys[$i]]) . $dsc["cols"][$keys[$i]]["happen_domain"] . "'";
} else {
$values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'";
}
}
}
$added_one = "yes";
break;
case "checkbox":
if ($added_one == "yes") {
$fld_names .= ",";
$values .= ",";
}
$added_one = "yes";
$fld_names .= $keys[$i];
if (isset($_REQUEST[$keys[$i]])) {
$values .= "'" . $dsc["cols"][$keys[$i]]["values"][0] . "'";
} else {
$values .= "'" . $dsc["cols"][$keys[$i]]["values"][1] . "'";
}
break;
case "popup":
case "radio":
if ($added_one == "yes") {
$fld_names .= ",";
$values .= ",";
}
$fld_names .= $keys[$i];
$values .= "'" . addslashes($_REQUEST[$keys[$i]]) . "'";
$added_one = "yes";
break;
}
}
if ($commit_flag == "yes") {
$q = "INSERT INTO " . $dsc["table_name"] . " ({$added_insert_names} {$fld_names}) VALUES ({$added_insert_values} {$values});";
$success = "yes";
$r = mysql_query($q) or $success = "no";
if ($success == "yes") {
$insert_id = mysql_insert_id();
if (isset($dsc["create_item_callback"])) {
$out .= $dsc["create_item_callback"]($insert_id);
}
} else {
$out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>";
}
} else {
$out .= "<font color=\"red\">Could not commit the changes because of an error in field format: <br>{$commit_err}</font><br>";
}
} else {
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_save_item") {
// Todo: do the fields checkings
$commit_flag = "yes";
$commit_err = "";
for ($i = 0; $i < $nbr_fld; $i++) {
switch ($dsc["cols"][$keys[$i]]["type"]) {
case "checkbox":
break;
case "popup":
case "radio":
case "checkbox":
$nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
$is_one_of_them = "no";
for ($j = 0; $j < $nbr_choices; $j++) {
if ($dsc["cols"][$keys[$i]]["values"][$j] == $_REQUEST[$keys[$i]]) {
$is_one_of_them = "yes";
}
}
if ($is_one_of_them == "no") {
$commit_flag = "no";
$commit_err = "the variable " . $keys[$i] . " is not one of the allowed values<br>";
}
break;
default:
break;
}
if (isset($dsc["cols"][$keys[$i]]["check"]) && (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes")) {
switch ($dsc["cols"][$keys[$i]]["check"]) {
case "subdomain":
if (!checkSubdomainFormat($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a subdomain<br>";
}
}
break;
case "subdomain_or_ip":
if (!checkSubdomainFormat($_REQUEST[$keys[$i]]) && !isIP($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a subdomain or IP addresse<br>";
}
}
break;
case "ip6":
if (!isIP6($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
if (!isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) || $dsc["cols"][$keys[$i]]["empty_makes_default"] != "yes" || $_REQUEST[$keys[$i]] != "default") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not an IPv6 address<br>";
}
}
}
break;
case "ip_addr":
if (!isIP($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not an IP address<br>";
}
}
break;
case "domain_or_ip":
if (!isIP($_REQUEST[$keys[$i]]) && !isHostname($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a domain or IP addresse<br>";
}
}
break;
case "dtc_login":
if (!isFtpLogin($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct login format.<br>";
}
}
break;
case "dtc_login_or_email":
if (!isFtpLogin($_REQUEST[$keys[$i]]) && !isValidEmail($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct login format.<br>";
}
}
break;
case "mail_alias_group":
$mail_alias_group_raw = trim($_REQUEST[$keys[$i]], "\r\n");
$mail_alias_nocr = str_replace("\r", "", $mail_alias_group_raw);
$mail_alias_array = split("\n", $mail_alias_nocr);
for ($x = 0; $x < count($mail_alias_array); $x++) {
if (!isValidEmail($mail_alias_array[$x])) {
$commit_flag = "no";
$commit_err .= $mail_alias_array[$x] . ": not a valid email format.<br>";
}
}
break;
case "dtc_pass":
if (!isDTCPassword($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct password format<br>";
}
}
break;
case "email":
if (!isValidEmail($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct email format<br>";
}
}
break;
case "number":
if (!isRandomNum($_REQUEST[$keys[$i]])) {
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct number format<br>";
}
}
break;
case "max_value_2096":
if (!isset($dsc["cols"][$keys[$i]]["can_be_empty"]) || $dsc["cols"][$keys[$i]]["can_be_empty"] != "yes" || $_REQUEST[$keys[$i]] != "") {
if (!isRandomNum($_REQUEST[$keys[$i]])) {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": not a correct number format<br>";
}
if ($_REQUEST[$keys[$i]] >= 2096) {
$commit_flag = "no";
$commit_err .= $keys[$i] . ": is greater or equal than the max value 2096<br>";
}
}
break;
default:
$commit_flag = "no";
$commit_err .= $keys[$i] . ": unknown field checking type (" . $dsc["cols"][$keys[$i]]["check"] . ").<br>";
break;
}
}
}
// Build the request
$added_one = "no";
$reqs = "";
for ($i = 0; $i < $nbr_fld; $i++) {
switch ($dsc["cols"][$keys[$i]]["type"]) {
case "id":
$id_fldname = $keys[$i];
$id_fld_value = addslashes($_REQUEST[$keys[$i]]);
break;
case "readonly":
break;
case "text":
case "textarea":
case "password":
if (!isset($dsc["cols"][$keys[$i]]["disable_edit"]) || $dsc["cols"][$keys[$i]]["disable_edit"] != "yes") {
if ($added_one == "yes") {
$reqs .= ",";
}
if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
$happen = $dsc["cols"][$keys[$i]]["happen_domain"];
} else {
$happen = "";
}
if (isset($dsc["cols"][$keys[$i]]["empty_makes_sql_null"]) && $dsc["cols"][$keys[$i]]["empty_makes_sql_null"] == "yes" && $_REQUEST[$keys[$i]] == "") {
$reqs .= $keys[$i] . "=NULL";
} else {
if (isset($dsc["cols"][$keys[$i]]["empty_makes_default"]) && $dsc["cols"][$keys[$i]]["empty_makes_default"] == "yes" && $_REQUEST[$keys[$i]] == "") {
$reqs .= $keys[$i] . "='default'";
} else {
$reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . $happen . "'";
// if the crypt field is set, then we use this as the SQL field to populate the crypted password into
if (isset($dsc["cols"][$keys[$i]]["cryptfield"])) {
if ($added_one == "yes") {
$reqs .= ", ";
}
$reqs .= " " . $dsc["cols"][$keys[$i]]["cryptfield"] . "='" . crypt($_REQUEST[$keys[$i]], dtc_makesalt()) . "' ";
}
}
}
$added_one = "yes";
}
break;
case "popup":
case "radio":
if ($added_one == "yes") {
$reqs .= ",";
}
$reqs .= $keys[$i] . "='" . addslashes($_REQUEST[$keys[$i]]) . "'";
$added_one = "yes";
break;
case "checkbox":
if ($added_one == "yes") {
$reqs .= ",";
}
if (isset($_REQUEST[$keys[$i]])) {
$reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][0] . "'";
} else {
$reqs .= $keys[$i] . "='" . $dsc["cols"][$keys[$i]]["values"][1] . "'";
}
break;
default:
die($dsc["cols"][$keys[$i]]["type"] . ": Not implemented yet line " . __LINE__ . " file " . __FILE__);
break;
}
}
if ($commit_flag != "yes") {
$out .= "<font color=\"red\">Could not commit the changes because of an error in field format: [todo: error desc]<br>{$commit_err}</font>";
} else {
if (!isset($id_fldname) || !isset($id_fld_value)) {
$out .= "<font color=\"red\">Could not commit the changes because the id is not set!</font>";
} else {
$q = "UPDATE " . $dsc["table_name"] . " SET {$reqs} {$where} AND {$id_fldname}='{$id_fld_value}';";
$r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>";
if (isset($dsc["edit_item_callback"])) {
$dsc["edit_item_callback"]($id_fld_value);
}
}
}
} else {
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == $dsc["action"] . "_delete_item") {
for ($i = 0; $i < $nbr_fld; $i++) {
if ($dsc["cols"][$keys[$i]]["type"] == "id") {
$id_fldname = $keys[$i];
$id_fld_value = addslashes($_REQUEST[$keys[$i]]);
}
}
if (isset($id_fldname) && isset($id_fld_value)) {
if (isset($dsc["delete_item_callback"])) {
$dsc["delete_item_callback"]($id_fld_value);
}
$q = "DELETE FROM " . $dsc["table_name"] . " {$where} AND {$id_fldname}='" . $id_fld_value . "';";
$r = mysql_query($q) or $out .= "<font color=\"red\">Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error() . "</font>";
} else {
$out .= "<font color=\"red\">Could not commit the deletion because the id field could not be found.</font>";
}
}
}
}
// We have to query it again, in case an insert or a delete has occured!
$q = "SELECT " . $dsc["id_fld"] . "," . $dsc["list_fld_show"] . " FROM " . $dsc["table_name"] . " {$where} {$order_by};";
$r_item_list = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error());
$current_num_items = mysql_num_rows($r_item_list);
if (isset($dsc["max_item"])) {
if ($current_num_items >= $dsc["max_item"]) {
$out .= "<font color=\"red\">";
}
$out .= $dsc["num_item_txt"] . $current_num_items . "/" . $dsc["max_item"];
if ($current_num_items >= $dsc["max_item"]) {
$out .= "</font>";
}
$out .= "<br><br>";
}
// First display a list of items
for ($i = 0; $i < $current_num_items; $i++) {
$a = mysql_fetch_array($r_item_list);
if ($i != 0) {
$out .= " - ";
}
if (isset($_REQUEST["subaction"]) && $_REQUEST["subaction"] == $dsc["action"] . "_edit_item" && $_REQUEST["item"] == $a[$dsc["id_fld"]]) {
$out .= $a[$dsc["list_fld_show"]];
} else {
$out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_edit_item&item=" . $a[$dsc["id_fld"]] . "\">" . $a[$dsc["list_fld_show"]] . "</a>";
}
}
$out .= "<br><br>";
// Creation of new items
if (!isset($_REQUEST["subaction"]) || $_REQUEST["subaction"] != $dsc["action"] . "_edit_item") {
$out .= $dsc["new_item_link"] . "<br><br>";
$out .= "<h3>" . $dsc["new_item_title"] . "</h3><br>";
if (isset($dsc["max_item"]) && $current_num_items >= $dsc["max_item"]) {
$out .= "<font color=\"red\">" . _("Maximum number reached") . "!</font><br>";
} else {
$out .= "<form name=\"" . $dsc["action"] . "_new_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_new_item\">" . dtcFormTableAttrs();
for ($i = 0; $i < $nbr_fld; $i++) {
if (isset($dsc["cols"][$keys[$i]]["help"])) {
$help = $dsc["cols"][$keys[$i]]["help"];
} else {
$help = "";
}
switch ($dsc["cols"][$keys[$i]]["type"]) {
case "id":
$out .= "<input type=\"hidden\" name=\"" . $keys[$i] . "\" value=\"\">";
break;
case "password":
$genpass = autoGeneratePassButton($dsc["action"] . "_new_item_frm", $keys[$i]);
$ctrl = "<input type=\"password\" name=\"" . $keys[$i] . "\" value=\"\">{$genpass}";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
break;
case "text":
case "readonly":
if (isset($dsc["cols"][$keys[$i]]["hide_create"]) && $dsc["cols"][$keys[$i]]["hide_create"] == "yes") {
break;
}
if (isset($dsc["cols"][$keys[$i]]["happen_domain"])) {
$happen = $dsc["cols"][$keys[$i]]["happen_domain"];
} else {
$happen = "";
}
if (isset($dsc["cols"][$keys[$i]]["happen"])) {
$happen .= $dsc["cols"][$keys[$i]]["happen"];
}
if (isset($dsc["cols"][$keys[$i]]["default"])) {
$ctrl_value = $dsc["cols"][$keys[$i]]["default"];
} else {
$ctrl_value = "";
}
if ($dsc["cols"][$keys[$i]]["type"] == "readonly") {
$ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\" READONLY>{$happen}";
} else {
$ctrl = "<input type=\"text\" name=\"" . $keys[$i] . "\" value=\"{$ctrl_value}\">{$happen}";
}
$out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
break;
case "textarea":
if (isset($dsc["cols"][$keys[$i]]["cols"])) {
$ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$i]]["cols"] . "\" ";
} else {
$ctrl_cols = "";
}
if (isset($dsc["cols"][$keys[$i]]["rows"])) {
$ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$i]]["rows"] . "\" ";
} else {
$ctrl_rows = "";
}
$ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$i] . "\"></textarea>";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
break;
case "radio":
$nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
$ctrl = "";
for ($x = 0; $x < $nbr_choices; $x++) {
if (isset($dsc["cols"][$keys[$i]]["default"])) {
if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) {
$selected = " checked ";
} else {
$selected = "";
}
} else {
if ($x == 0) {
$selected = " checked ";
} else {
$selected = "";
}
}
if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) {
$display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x];
} else {
$display_val = $dsc["cols"][$keys[$i]]["values"][$x];
}
$ctrl .= "<input type=\"radio\" name=\"" . $keys[$i] . "\" value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}> ";
$ctrl .= $display_val;
}
$out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
break;
case "checkbox":
if (!isset($dsc["cols"][$keys[$i]]["default"])) {
$checked = " checked ";
} else {
$checked = " ";
}
$ctrl = "<input type=\"checkbox\" name=\"" . $keys[$i] . "\" value=\"yes\" {$checked}>";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
break;
case "popup":
$nbr_choices = sizeof($dsc["cols"][$keys[$i]]["values"]);
$ctrl = "<select name=\"" . $keys[$i] . "\">";
for ($x = 0; $x < $nbr_choices; $x++) {
$selected = "";
if (isset($dsc["cols"][$keys[$i]]["default"])) {
if ($dsc["cols"][$keys[$i]]["values"][$x] == $dsc["cols"][$keys[$i]]["default"]) {
$selected = " selected ";
} else {
$selected = "";
}
}
if (isset($dsc["cols"][$keys[$i]]["display_replace"][$x])) {
$display_val = $dsc["cols"][$keys[$i]]["display_replace"][$x];
} else {
$display_val = $dsc["cols"][$keys[$i]]["values"][$x];
}
$ctrl .= " <option value=\"" . $dsc["cols"][$keys[$i]]["values"][$x] . "\" {$selected}>{$display_val}</option>";
}
$out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
break;
default:
$ctrl = "Not implemented yet!!!";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$i]]["legend"], $ctrl, $i % 2, $help);
break;
}
}
$out .= dtcFromOkDraw();
$out .= "</table></form>";
}
// Edition of existing items
} else {
$out .= "<a href=\"{$fw_link}&subaction=" . $dsc["action"] . "_new_item\">" . $dsc["new_item_link"] . "</a><br><br>";
$out .= "<h3>" . $dsc["edit_item_title"] . "</h3><br>";
$q = "SELECT * FROM " . $dsc["table_name"] . " {$where} AND " . $dsc["id_fld"] . "='" . addslashes($_REQUEST["item"]) . "';";
$r = mysql_query($q) or die("Cannot query {$q} in " . __FILE__ . " line " . __LINE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n == 1) {
$a = mysql_fetch_array($r);
$out .= "<form name=\"" . $dsc["action"] . "_save_item_frm\" action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}";
$out .= "<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_save_item\">";
$out .= "<input type=\"hidden\" name=\"subaction\" value=\"" . $dsc["action"] . "_edit_item\">";
$out .= "<input type=\"hidden\" name=\"item\" value=\"" . $a[$dsc["id_fld"]] . "\">";
$out .= dtcFormTableAttrs();
for ($j = 0; $j < $nbr_fld; $j++) {
$the_fld = $dsc["cols"][$keys[$j]];
if (isset($dsc["cols"][$keys[$j]]["help"])) {
$help = $dsc["cols"][$keys[$j]]["help"];
} else {
$help = "";
}
switch ($the_fld["type"]) {
case "id":
$out .= "<input type=\"hidden\" name=\"" . $keys[$j] . "\" value=\"" . $a[$keys[$j]] . "\">";
$id_fldname = $keys[$j];
$id_fld_value = $a[$keys[$j]];
break;
case "textarea":
if (isset($dsc["cols"][$keys[$j]]["cols"])) {
$ctrl_cols = " cols=\"" . $dsc["cols"][$keys[$j]]["cols"] . "\" ";
} else {
$ctrl_cols = "";
}
if (isset($dsc["cols"][$keys[$j]]["rows"])) {
$ctrl_rows = " rows=\"" . $dsc["cols"][$keys[$j]]["rows"] . "\" ";
} else {
$ctrl_rows = "";
}
$ctrl = "<textarea {$ctrl_cols} {$ctrl_rows} name=\"" . $keys[$j] . "\">" . stripslashes($a[$keys[$j]]) . "</textarea>";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
break;
case "password":
case "text":
case "readonly":
if (isset($dsc["cols"][$keys[$j]]["disable_edit"]) && $dsc["cols"][$keys[$j]]["disable_edit"] == "yes") {
$disabled = " disabled ";
} else {
$disabled = " ";
}
if (isset($dsc["cols"][$keys[$j]]["size"])) {
$size = " size=\"" . $dsc["cols"][$keys[$j]]["size"] . "\" ";
} else {
$size = "";
}
if (isset($dsc["cols"][$keys[$j]]["happen_domain"]) && preg_match("/" . $dsc["cols"][$keys[$j]]["happen_domain"] . "\$/", $a[$keys[$j]])) {
$input_disp_value = substr($a[$keys[$j]], 0, strlen($a[$keys[$j]]) - strlen($dsc["cols"][$keys[$j]]["happen_domain"]));
$happen = $dsc["cols"][$keys[$j]]["happen_domain"];
} else {
if ($dsc["cols"][$keys[$j]]["type"] != "readonly") {
$input_disp_value = $a[$keys[$j]];
}
$happen = "";
}
if (isset($dsc["cols"][$keys[$j]]["happen"])) {
$happen .= $dsc["cols"][$keys[$j]]["happen"];
}
if ($the_fld["type"] == "password") {
$genpass = autoGeneratePassButton($dsc["action"] . "_save_item_frm", $keys[$j]);
$input_disp_type = "password";
} else {
$genpass = "";
$input_disp_type = "text";
}
// Do this only for readonly
if ($dsc["cols"][$keys[$j]]["type"] == "readonly") {
$disabled = " READONLY";
isset($dsc["cols"][$keys[$j]]["default"]) ? $input_disp_value = $dsc["cols"][$keys[$j]]["default"] : ($input_disp_value = '');
isset($dsc["cols"][$keys[$j]]["happen"]) ? $happen = $dsc["cols"][$keys[$j]]["happen"] : ($happen = '');
}
if (isset($dsc["cols"][$keys[$j]]["callback"])) {
$retArray = $dsc["cols"][$keys[$j]]["callback"]($id_fld_value);
$input_disp_value = $retArray["value"];
$happen = $retArray["happen"];
}
$ctrl = "<input type=\"{$input_disp_type}\" {$size} name=\"" . $keys[$j] . "\" value=\"" . stripslashes($input_disp_value) . "\" {$disabled}>{$genpass}{$happen}";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
break;
case "radio":
$nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]);
$ctrl = "";
for ($x = 0; $x < $nbr_choices; $x++) {
if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) {
$selected = " checked ";
} else {
$selected = "";
}
$ctrl .= " <input type=\"radio\" name=\"" . $keys[$j] . "\" value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}> ";
$ctrl .= $dsc["cols"][$keys[$j]]["values"][$x];
}
$out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
break;
case "checkbox":
if ($dsc["cols"][$keys[$j]]["values"][0] == $a[$keys[$j]]) {
$selected = " checked ";
} else {
$selected = " ";
}
$ctrl = "<input type=\"checkbox\" name=\"" . $keys[$j] . "\" value=\"yes\" " . $selected . ">";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
break;
case "popup":
$nbr_choices = sizeof($dsc["cols"][$keys[$j]]["values"]);
$ctrl = "<select name=\"" . $keys[$j] . "\">";
for ($x = 0; $x < $nbr_choices; $x++) {
if ($dsc["cols"][$keys[$j]]["values"][$x] == $a[$keys[$j]]) {
$selected = " selected ";
} else {
$selected = "";
}
if (isset($dsc["cols"][$keys[$j]]["display_replace"][$x])) {
$display_val = $dsc["cols"][$keys[$j]]["display_replace"][$x];
} else {
$display_val = $dsc["cols"][$keys[$j]]["values"][$x];
}
$ctrl .= " <option value=\"" . $dsc["cols"][$keys[$j]]["values"][$x] . "\" {$selected}>{$display_val}</option>";
}
$out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
break;
default:
$ctrl = "Not implemented yet!!!";
$out .= dtcFormLineDraw($dsc["cols"][$keys[$j]]["legend"], $ctrl, $j % 2, $help);
break;
}
}
$delete_button = "<form action=\"" . $_SERVER["PHP_SELF"] . "\">{$fw}\n\t\t\t<input type=\"hidden\" name=\"action\" value=\"" . $dsc["action"] . "_delete_item" . "\">\n\t\t\t<input type=\"hidden\" name=\"{$id_fldname}\" value=\"{$id_fld_value}\">\n\t\t\t" . dtcDeleteButton() . "</form>";
$out .= "<tr><td> </td><td><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">\n\t\t\t<tr><td>" . dtcApplyButton() . "</form></td><td>{$delete_button}</td></tr></table></td></tr>";
$out .= "</table>";
} else {
$out .= "No item by this number!";
}
}
return $out;
}
function randomizePassword($adm_login, $adm_input_pass)
{
global $pro_mysql_admin_table;
global $pro_mysql_tik_admins_table;
global $adm_realpass;
global $adm_pass;
global $adm_random_pass;
global $conf_session_expir_minute;
global $panel_type;
global $gettext_lang;
$ret["err"] = 0;
$ret["mesg"] = "No error";
if (isset($adm_random_pass) && strlen($adm_random_pass) > 0 && isRandomNum($adm_random_pass)) {
return $ret;
}
$query = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******' AND (adm_pass='******' OR (pass_next_req='{$adm_pass}' AND pass_expire > '" . mktime() . "'));";
$result = mysql_query($query);
if (!$result) {
$ret["err"] = 1;
$ret["mesg"] = "Cannot execute query for password line " . __LINE__ . " file " . __FILE__ . " (error message removed for security reasons).";
return $ret;
}
$num_rows = mysql_num_rows($result);
if ($num_rows != 1) {
$q = "SELECT * FROM {$pro_mysql_tik_admins_table} WHERE pass_next_req='{$adm_input_pass}' AND pass_expire > '" . mktime() . "';";
$r = mysql_query($q);
if (!$r) {
$ret["err"] = 2;
$ret["mesg"] = "Cannot execute query for password line " . __LINE__ . " file " . __FILE__ . " (error message removed for security reasons).";
return $ret;
}
$n = mysql_num_rows($r);
if ($n == 1) {
$is_root_admin = "yes";
$query = "SELECT * FROM {$pro_mysql_admin_table} WHERE adm_login='******';";
$result = mysql_query($query);
if (!$result) {
$ret["err"] = 3;
$ret["mesg"] = "Cannot execute query for password line " . __LINE__ . " file " . __FILE__ . " (error message removed for security reasons).";
return $ret;
}
$num_rows = mysql_num_rows($result);
if ($num_rows != 1) {
$ret["mesg"] = _("Wrong user or password, or timeout expired!");
$ret["err"] = -1;
return $ret;
}
} else {
$ret["mesg"] = _("Wrong user or password, or timeout expired!");
$ret["err"] = -1;
return $ret;
}
$is_root_admin = "yes";
} else {
$is_root_admin = "no";
}
$row = mysql_fetch_array($result);
if (!$row) {
$ret["err"] = 4;
$ret["mesg"] = "Cannot fetch user line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error();
return $ret;
}
// This stuff is rotating passwords helping NOT to save passwords on users browsers.
$rand = getRandomValue();
$adm_random_pass = $rand;
$expirationTIME = mktime() + 60 * $conf_session_expir_minute;
if ($panel_type == "admin" && $is_root_admin == "yes") {
$q = "UPDATE {$pro_mysql_tik_admins_table} SET pass_next_req='{$rand}', pass_expire='{$expirationTIME}' WHERE pseudo='" . $_SERVER["PHP_AUTH_USER"] . "';";
$r = mysql_query($q);
if (!$r) {
$ret["err"] = 5;
$ret["mesg"] = "Cannot execute query \"{$q}\" !";
return $ret;
}
} else {
$q = "UPDATE {$pro_mysql_admin_table} SET pass_next_req='{$rand}', pass_expire='{$expirationTIME}' WHERE adm_login='******'";
$r = mysql_query($q);
if (!$r) {
$ret["err"] = 6;
$ret["mesg"] = "Cannot execute query \"{$q}\" !";
return $ret;
}
}
// Save the last used language, so we know for future email sendings what to use.
if (isset($gettext_lang) && $panel_type == "client") {
$q = "UPDATE {$pro_mysql_admin_table} SET last_used_lang='{$gettext_lang}' WHERE adm_login='******';";
$r = mysql_query($q);
}
$adm_pass = $rand;
$adm_realpass = $row["adm_pass"];
}
function drawTickets($admin)
{
global $lang;
global $pro_mysql_tik_admins_table;
global $pro_mysql_tik_queries_table;
global $pro_mysql_tik_cats_table;
global $adm_login;
global $adm_pass;
global $addrlink;
global $conf_administrative_site;
$out = "<br>";
// New ticket form
if (isset($_REQUEST["subaction"]) && $_REQUEST["subaction"] == "new_ticket") {
$popup_hostname = "";
if (isset($admin["data"])) {
$popup_hostname .= "<option value=\"{$conf_administrative_site}\">{$conf_administrative_site}</option>";
}
if (isset($admin["vps"])) {
$nbr_vps = sizeof($admin["vps"]);
for ($i = 0; $i < $nbr_vps; $i++) {
$vps_name = $admin["vps"][$i]["vps_server_hostname"] . ":" . $admin["vps"][$i]["vps_xen_name"];
$popup_hostname .= "<option value=\"{$vps_name}\">{$vps_name}</option>";
}
}
$q = "SELECT * FROM {$pro_mysql_tik_cats_table} WHERE 1 ORDER BY id";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
$popup_cats = "";
for ($i = 0; $i < $n; $i++) {
$a = mysql_fetch_array($r);
$popup_cats .= "<option value=\"" . $a["id"] . "\">" . $a["catdescript"] . "</option>";
}
$out .= "<form action=\"" . $_SERVER["PHP_SELF"] . "\">\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<input type=\"hidden\" name=\"action\" value=\"new_ticket\">\n\n" . _("Subject") . " <input name=\"subject\" type=\"text\" size=\"40\" maxlength=\"40\"><br>\n\n" . _("What is your server hostname:") . "<br>\n<select name=\"server_hostname\">\n{$popup_hostname}\n</select><br>\n\n" . _("Type of problem:") . "<br>\n<select name=\"issue_cat_id\">\n{$popup_cats}\n</select><br><br>\n\n" . _("Full description of the trouble:") . "<br>\n<textarea name=\"ticketbody\" cols=\"60\" rows=\"10\" wrap=\"physical\"></textarea><br><br>\n\n<div class=\"input_btn_container\" onMouseOver=\"this.className='input_btn_container-hover';\" onMouseOut=\"this.className='input_btn_container';\">\n <div class=\"input_btn_left\"></div>\n <div class=\"input_btn_mid\"><input class=\"input_btn\" type=\"submit\" value=\"" . _("Send trouble ticket") . "\"></div>\n <div class=\"input_btn_right\"></div>\n</div>\n</form>";
// View a ticket
} else {
if (isset($_REQUEST["subaction"]) && $_REQUEST["subaction"] == "view_ticket") {
if (!isRandomNum($_REQUEST["tik_id"])) {
die("Selected ticket id is not valid!");
}
$q = "SELECT * FROM {$pro_mysql_tik_queries_table} WHERE adm_login='******' AND id='" . $_REQUEST["tik_id"] . "';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$out .= _("Ticket not found!");
} else {
$a_t = mysql_fetch_array($r);
$out .= _("Subject:") . " " . stripslashes($a_t["subject"]) . "<br>";
$q2 = "SELECT * FROM {$pro_mysql_tik_cats_table} WHERE id='" . $a_t["cat_id"] . "';";
$r2 = mysql_query($q2) or die("Cannot query {$q2} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n2 = mysql_num_rows($r2);
if ($n2 != 1) {
$out .= _("Type: type not found!");
} else {
$a2 = mysql_fetch_array($r2);
$out .= _("Type of problem:") . " " . $a2["catdescript"] . "<br>";
}
$out .= _("First query date") . ": " . $a_t["date"] . " " . $a_t["time"] . "<br>";
$out .= _("Server hostname related") . ": " . $a_t["server_hostname"] . "<br>";
if ($a_t["closed"] == "yes") {
$out .= "<font color=\"red\">" . _("Replying to an already closed ticket will reopen it.") . "</font><br>";
}
$out .= "<table cellspacing=\"0\" cellpadding=\"4\" border=\"0\">";
$next_tikq = $_REQUEST["tik_id"];
while ($next_tikq != 0) {
$q = "SELECT * FROM {$pro_mysql_tik_queries_table} WHERE adm_login='******' AND id='{$next_tikq}';";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$out .= _("Ticket not found!");
break;
}
$a = mysql_fetch_array($r);
$last_tik_id = $next_tikq;
$next_tikq = $a["reply_id"];
if ($a["admin_or_user"] == "user") {
$bg = " bgcolor=\"#AAAAFF\" ";
} else {
$bg = " bgcolor=\"#FFFFAA\" ";
}
if ($a["admin_or_user"] == "admin") {
$qr = "SELECT * FROM {$pro_mysql_tik_admins_table} WHERE pseudo='" . $a["admin_name"] . "';";
$rr = mysql_query($qr) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$nr = mysql_num_rows($rr);
if ($nr == 1) {
$ar = mysql_fetch_array($rr);
$realname = $ar["realname"];
} else {
$realname = _("Not found!");
}
$replied_by = "<br>" . _("Replied by:") . " " . $realname;
} else {
$replied_by = "";
}
$out .= "<tr><td{$bg} valign=\"top\"><i>" . $a["date"] . " " . $a["time"] . "</i>" . $replied_by . "</td><td{$bg}>" . nl2br(stripslashes($a["text"])) . "</td></tr>";
}
$out .= "</table>";
$out .= "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\">\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"subaction\" value=\"view_ticket\">\n<input type=\"hidden\" name=\"action\" value=\"add_ticket_reply\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<input type=\"hidden\" name=\"tik_id\" value=\"" . $_REQUEST["tik_id"] . "\">\n<input type=\"hidden\" name=\"last_tik_id\" value=\"{$last_tik_id}\">\n<input type=\"hidden\" name=\"subject\" value=\"" . $a_t["subject"] . "\">\n<input type=\"hidden\" name=\"cat_id\" value=\"" . $a_t["cat_id"] . "\">\n<input type=\"hidden\" name=\"server_hostname\" value=\"" . $a_t["server_hostname"] . "\">\n<textarea name=\"ticketbody\" cols=\"60\" rows=\"10\" wrap=\"physical\"></textarea><br>\n" . _("Request to close the issue:") . "<input type=\"radio\" name=\"request_to_close\" value=\"yes\" checked> " . _("Yes") . "\n<input type=\"radio\" name=\"request_to_close\" value=\"no\"> " . _("No") . "<br>\n<div class=\"input_btn_container\" onMouseOver=\"this.className='input_btn_container-hover';\" onMouseOut=\"this.className='input_btn_container';\">\n <div class=\"input_btn_left\"></div>\n <div class=\"input_btn_mid\"><input class=\"input_btn\" type=\"submit\" value=\"" . _("Submit new support issue") . "\"></div>\n <div class=\"input_btn_right\"></div>\n</div>\n</form>\n";
}
// The main screen
} else {
$out .= "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\">\n<input type=\"hidden\" name=\"adm_login\" value=\"{$adm_login}\">\n<input type=\"hidden\" name=\"adm_pass\" value=\"{$adm_pass}\">\n<input type=\"hidden\" name=\"subaction\" value=\"new_ticket\">\n<input type=\"hidden\" name=\"addrlink\" value=\"{$addrlink}\">\n<div class=\"input_btn_container\" onMouseOver=\"this.className='input_btn_container-hover';\" onMouseOut=\"this.className='input_btn_container';\">\n <div class=\"input_btn_left\"></div>\n <div class=\"input_btn_mid\"><input class=\"input_btn\" type=\"submit\" value=\"" . _("Submit new support issue") . "\"></div>\n <div class=\"input_btn_right\"></div>\n</div>\n</form>\n";
$out .= "<br><br><h3>" . _("Old tickets:") . "</h3>";
$q = "SELECT * FROM {$pro_mysql_tik_queries_table} WHERE adm_login='******' AND in_reply_of_id='0' ORDER BY date,time DESC;";
$r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
$out .= "<font color=\"red\">" . _("Replying to an already closed ticket will reopen it.") . "</font><br>";
$out .= "<table cellspacing=\"0\" cellpadding=\"0\" border=\"1\">\n\t<tr><td>" . _("Date") . "</td><td>" . _("Time") . "</td><td>" . _("Status") . "</td><td>" . _("Type") . "</td><td>" . _("Hostname") . "</td><td>" . _("Subject") . "</td></tr>";
for ($i = 0; $i < $n; $i++) {
$a = mysql_fetch_array($r);
$out .= "<tr><td>" . $a["date"] . "</td><td>" . $a["time"] . "</td>";
if ($a["closed"] == "yes") {
$out .= "<td><font color=\"green\">" . _("Closed") . "</font></td>";
} else {
$out .= "<td><font color=\"red\">" . _("Open") . "</font></td>";
}
$q2 = "SELECT * FROM {$pro_mysql_tik_cats_table} WHERE id='" . $a["cat_id"] . "';";
$r2 = mysql_query($q2) or die("Cannot query {$q2} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n2 = mysql_num_rows($r2);
if ($n2 != 1) {
$out .= "<td>Cat not found!</td>";
} else {
$a2 = mysql_fetch_array($r2);
$out .= "<td>" . $a2["catname"] . "</td>";
}
$out .= "<td>" . $a["server_hostname"] . "</td><td><a href=\"" . $_SERVER["PHP_SELF"] . "?adm_login={$adm_login}&adm_pass={$adm_pass}&addrlink={$addrlink}&subaction=view_ticket&tik_id=" . $a["id"] . "\">" . stripslashes($a["subject"]) . "</a></td>";
$out .= "</tr>";
}
$out .= "</table>";
}
}
return $out;
}
}
}
break;
// A cancel occured (currently only from eNETS)
// A cancel occured (currently only from eNETS)
case "enets-cancel":
$form .= "<h3><font color=\"red\">" . _("PAYMENT CANCELLED") . "<!-- PAYMENT CANCELED --></font></h3>" . _("You have canceled the payment, your account wont be validated. To start again the registration procedure, follow the link here:") . "<br>\n<a href=\"new_account.php\">" . _("Register a new account") . "</a>";
break;
case "enets-failed":
// The transaction have failed (currently only eNETS)
$form .= "<h3><font color=\"red\">" . _("PAYMENT FAILED") . "<!-- PAYMENT FAILED --></font></h3>" . _("The payment gateway have reported that your payment has failed. Contact us, we also accept checks and wire transfers.");
break;
// The customer wants to add: a shared account if he doesn't have one, a new dedicated or vps
// The customer wants to add: a shared account if he doesn't have one, a new dedicated or vps
case "add_new_service":
if (!isRandomNum($_REQUEST["product_id"])) {
$form = _("The product ID is not a valid integer number.");
break;
}
if (!isFtpLogin($_REQUEST["adm_login"])) {
$form = _("The requested login is not a valid login.");
break;
}
if (!isHostnameOrIP($_REQUEST["vps_location"])) {
$form = _("Location is not a valid hostname.");
break;
}
if (!isset($_REQUEST["vps_os"]) || $_REQUEST["vps_os"] != "debian" && $_REQUEST["vps_os"] != "centos" && $_REQUEST["vps_os"] != "gentoo" && $_REQUEST["vps_os"] != "netbsd") {
$form = _("VPS operating system not recognized");
break;
}
