function delete_signature($sig_id) { global $dbEmailSig; $sql = "DELETE FROM `{$dbEmailSig}` WHERE id = {$sig_id}"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'Global Signature deleted', "A global signature was deleted", CFG_JOURNAL_ADMIN, 0); html_redirect("edit_global_signature.php"); exit; }
} // NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0 $sql = "UPDATE `{$dbMaintenance}` SET reseller={$reseller}, expirydate='{$expirydate}', licence_quantity='{$licence_quantity}', "; $sql .= "licence_type={$licence_type}, notes='{$notes}', admincontact={$admincontact}, term='{$terminated}', servicelevelid='{$servicelevelid}', "; $sql .= "incident_quantity='{$incident_quantity}', "; $sql .= "incidentpoolid='{$incidentpoolid}', productonly='{$productonly}', "; $sql .= "supportedcontacts='{$amount}', allcontactssupported='{$allcontacts}'"; if (!empty($product) and user_permission($sit[2], 22)) { $sql .= ", product='{$product}'"; } $sql .= " WHERE id='{$maintid}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } // show error message if addition failed if (!$result) { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo user_alert("Update failed", E_USER_WARNING); include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { journal(CFG_LOGGING_NORMAL, 'Contract Edited', "contract {$maintid} modified", CFG_JOURNAL_MAINTENANCE, $maintid); html_redirect("contract_details.php?id={$maintid}"); } } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo $errors_string; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } } }
$destination_filepath = $CONFIG['ftp_path'] . $file_name; // check the source file exists if (!file_exists($filepath)) { trigger_error("Source file cannot be found: {$filepath}", E_USER_WARNING); } // set passive mode if required if (!ftp_pasv($conn_id, $CONFIG['ftp_pasv'])) { trigger_error("Problem setting passive ftp mode", E_USER_WARNING); } // upload the file $upload = ftp_put($conn_id, "{$destination_filepath}", "{$filepath}", FTP_BINARY); // close the FTP stream ftp_close($conn_id); // check upload status if (!$upload) { trigger_error($strUploadFailed, E_USER_ERROR); } else { // store file details in database // important: path must be blank for public files (all go in same dir) $sql = "INSERT INTO `{$dbFiles}` (filename, size, userid, shortdescription, longdescription, path, filedate, expiry, fileversion) "; $sql .= "VALUES ('{$file_name}', '{$filesize}', '" . $sit[2] . "', '{$shortdescription}', '{$longdescription}', '{$CONFIG['ftp_path']}', '{$now}', '{$expirydate}' ,'{$fileversion}')"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'FTP File Uploaded', sprintf($strFTPFileXUploaded, $filename), CFG_JOURNAL_OTHER, 0); html_redirect('ftp_upload_file.php'); echo "<code>{$ftp_url}</code>"; } } }
$errors = 0; // check for blank name if ($name == '') { $errors++; $_SESSION['formerrors']['add_product']['name'] = sprintf($strFieldMustNotBeBlank, $strProduct); } if ($vendor == '' or $vendor == "0") { $errors++; $_SESSION['formerrors']['add_product']['vendor'] = sprintf($strFieldMustNotBeBlank, $strVendor); } // add product if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbProducts}` (name, vendorid, description) VALUES ('{$name}', '{$vendor}', '{$description}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (!$result) { echo "<p class='error'>" . sprintf($strAddXfailed, $strProduct) . "\n"; } else { $id = mysql_insert_id(); journal(CFG_LOGGING_NORMAL, 'Product Added', "Product {$id} was added", CFG_JOURNAL_PRODUCTS, $id); html_redirect("products.php"); } clear_form_errors('add_product'); clear_form_data('add_product'); } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; html_redirect("product_add.php", FALSE); } }
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } if ($target != 'none') { // Reset the slaemail sent column, so that email reminders can be sent if the new sla target goes out $sql = "UPDATE `{$dbIncidents}` SET slaemail='0', slanotice='0' WHERE id='{$id}' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } if (!$result) { include APPLICATION_INCPATH . 'incident_html_top.inc.php'; echo "<p class='error'>{$strUpdateIncidentFailed}</p>\n"; include APPLICATION_INCPATH . 'incident_html_bottom.inc.php'; } else { if ($draftid != -1 and !empty($draftid)) { $sql = "DELETE FROM `{$dbDrafts}` WHERE id = {$draftid}"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } } journal(CFG_LOGGING_MAX, 'Incident Updated', "Incident {$id} Updated", CFG_JOURNAL_SUPPORT, $id); html_redirect("incident_details.php?id={$id}"); } } } } } include APPLICATION_INCPATH . 'incident_html_bottom.inc.php';
trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($result) >= 1) { $errors++; } // Check there is no software linked to this product $sql = "SELECT productid FROM `{$dbSoftwareProducts}` WHERE productid={$productid} LIMIT 1"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($result) >= 1) { $errors++; } if ($errors == 0) { $sql = "DELETE FROM `{$dbProducts}` WHERE id = {$productid} LIMIT 1"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'Product Removed', "Product {$productid} was removed", CFG_JOURNAL_PRODUCTS, $productid); html_redirect("products.php"); } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<p class='error'>{$strSorryProductCantBeDeteled}</p>"; echo "<p align='center'><a href='products.php#{$productid}'>{$strReturnToProductList}</a></p>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } } else { trigger_error($strInvalidParameter, E_USER_ERROR); }
// // SiT (Support Incident Tracker) - Support call tracking system // Copyright (C) 2000-2009 Salford Software Ltd. and Contributors // // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // // Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net> require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; session_name($CONFIG['session_name']); session_start(); if ($_SESSION['portalauth']) { journal(CFG_LOGGING_NORMAL, 'Logout', "Portal user " . contact_realname($_SESSION['contactid']) . " logged out", CFG_JOURNAL_LOGIN, $_SESSION['contactid']); } else { journal(CFG_LOGGING_NORMAL, 'Logout', "User {$_SESSION['userid']} logged out", CFG_JOURNAL_LOGIN, ''); } // End the session, remove the cookie and destroy all data registered with the session $_SESSION['auth'] = FALSE; $_SESSION['portalauth'] = FALSE; $_SESSION = array(); session_unset(); session_destroy(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } // redirect if (!empty($CONFIG['logout_url'])) { $url = $CONFIG['logout_url']; } else { $url = $CONFIG['application_webpath'] . "index.php";
if ($maintid == 0) { $errors = 1; $errors_string .= user_alert("{$strYouMustSelectAmaintenanceContract}", E_USER_ERROR); } // delete maintenance support contact if no errors if ($errors == 0) { $sql = "DELETE FROM `{$dbSupportContacts}` WHERE maintenanceid='{$maintid}' AND contactid='{$contactid}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } // show error message if deletion failed if (!$result) { include APPLICATION_INCPATH . 'htmlheader.inc.php'; trigger_error("Deletion of maintenance support conact failed: {$sql}", E_USER_WARNING); include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { journal(CFG_LOGGING_NORMAL, 'Supported Contact Removed', "Contact {$contactid} removed from maintenance contract {$maintid}", CFG_JOURNAL_MAINTENANCED, $maintid); if ($context == 'maintenance') { html_redirect("contract_details.php?id={$maintid}"); } else { html_redirect("contact_details.php?id={$contactid}"); } } } else { // show error message if errors include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo $errors_string; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } }
if (!file_exists($source_file)) { trigger_error(sprintf($strSourceFailCannotBeFoundX, $source_file), E_USER_WARNING); } // set passive mode if (!ftp_pasv($conn_id, TRUE)) { trigger_error($strProblemSettingPassiveFTPMode, E_USER_WARNING); } // upload the file $upload = ftp_put($conn_id, "{$destination_filepath}", "{$source_file}", FTP_BINARY); // check upload status if (!$upload) { echo "{$strUploadFailed}<br />"; } else { echo sprintf($strUpdatedXToYAsZ, $source_file, $CONFIG['ftp_hostname'], $destination_filepath) . "<br />"; echo "<code>{$ftp_url}</code>"; journal(CFG_LOGGING_NORMAL, 'FTP File Published', "File {$destination_file_file} was published to {$CONFIG['ftp_hostname']}", CFG_JOURNAL_OTHER, 0); switch ($expiry_none) { case 'none': $expirydate = 0; break; case 'time': if ($expiry_days < 1 && $expiry_hours < 1 && $expiry_minutes < 1) { $expirydate = 0; } else { // uses calculate_time_of_next_action() because the function suits our purpose $expirydate = calculate_time_of_next_action($expiry_days, $expiry_hours, $expiry_minutes); } break; case 'date': // $now + ($days * 86400) + ($hours * 3600) + ($minutes * 60); $unixdate = mktime(9, 0, 0, $month, $day, $year);
$value = cleanvar($value); // Remove the software listed that we don't support $sql = "DELETE FROM `{$dbUserSoftware}` WHERE userid='{$user}' AND softwareid='{$value}' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } // If we are providing backup for a skill we don't have - reset that back to nobody providing backup $sql = "UPDATE `{$dbUserSoftware}` SET backupid='0' WHERE backupid='{$user}' AND softwareid='{$value}' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } } journal(CFG_LOGGING_MAX, 'Skillset Updated', "Users Skillset was Changed", CFG_JOURNAL_USER, 0); // Have a look to see if any of the software we support is lacking a backup/substitute engineer $sql = "SELECT userid FROM `{$dbUserSoftware}` WHERE userid='{$user}' AND backupid='0' LIMIT 1"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING); } $lacking = mysql_num_rows($result); if ($lacking >= 1) { html_redirect("edit_backup_users.php?user={$user}", TRUE, $strYouShouldNowDefineSubstituteEngineers); } else { if ($_REQUEST['user'] == $sit[2]) { html_redirect("edit_user_skills.php?user={$user}"); } else { html_redirect("manage_users.php"); }
/** * Authenticate a user with a username/password pair * @author Ivan Lucas * @param string $username. A username * @param string $password. A password (non-md5) * @return an integer to indicate whether the user authenticated against the database * @retval int 0 the credentials were wrong or the user was not found. * @retval int 1 to indicate user is authenticated and allowed to continue. */ function authenticateSQL($username, $password) { global $dbUsers; $password = md5($password); if ($_SESSION['auth'] == TRUE) { // Already logged in return 1; } // extract user $sql = "SELECT id FROM `{$dbUsers}` "; $sql .= "WHERE username = '******' AND password = '******' AND status != 0 "; // a status of 0 means the user account is disabled $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } // return appropriate value if (mysql_num_rows($result) == 0) { mysql_free_result($result); return 0; } else { journal(CFG_LOGGING_MAX, 'User Authenticated', "{$username} authenticated from " . getenv('REMOTE_ADDR'), CFG_JOURNAL_LOGIN, 0); return 1; } }
$isql .= "VALUES ('{$rolerow->id}', '" . $x[1] . "', 'true')"; $iresult = mysql_query($isql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_affected_rows() < 1) { echo user_alert("{$strUpdateUserPermission} " . $x[1] . " {$strFailedOnPass2}", E_USER_WARNING); } } } } } html_redirect("manage_users.php"); exit; } journal(CFG_LOGGING_NORMAL, '{$strUserPermissionsEdited}', "{$strUserXPermissionsEdited}", CFG_JOURNAL_USERS, $user); // Edit the users permissions if (empty($role) and !empty($user)) { // First pass, set all access to false $sql = "UPDATE `{$dbUserPermissions}` SET granted='false' WHERE userid='{$user}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } // Second pass, loop through checkbox array setting access to true where boxes are checked if (is_array($permselection)) { //reset ($permselection); while ($x = each($permselection)) { $sql = "UPDATE `{$dbUserPermissions}` SET granted='true' WHERE userid='{$user}' AND permissionid='" . $x[1] . "' "; # echo "Updating permission ".$x[1]."<br />"; # flush();
/** * Authenticate a user * @author Lea Anthony * @param string $username. Username * @param string $password. Password * @return an integer to indicate whether the user authenticated against any authentication backends * @retval bool false the credentials were wrong or the user was not found. * @retval bool true to indicate user is authenticated and allowed to continue. */ function authenticate($username, $password) { global $CONFIG; $toReturn = false; $sql = "SELECT id, password, status, user_source FROM `{$GLOBALS['dbUsers']}` WHERE username = '******'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($result) == 1) { // Exist in SiT DB $obj = mysql_fetch_object($result); if ($obj->user_source == 'sit') { if (md5($password) == $obj->password and $obj->status != 0) { $toReturn = true; } else { $toReturn = false; } } elseif ($obj->user_source == 'ldap') { // Auth against LDAP and sync $toReturn = authenticateLDAP($username, $password, $obj->id); if ($toReturn === -1) { // Communication with LDAP server failed if ($CONFIG['ldap_allow_cached_password']) { // Use cached password if (md5($password) == $obj->password and $obj->status != 0) { $toReturn = true; } else { $toReturn = false; } } else { $toReturn = false; } } elseif ($toReturn) { $toReturn = true; } else { $toReturn = false; } } } elseif (mysql_num_rows($result) > 1) { // Multiple this should NEVER happen trigger_error("Username not unique", E_USER_ERROR); $toReturn = false; } else { // Don't exist, check LDAP etc if ($CONFIG['use_ldap']) { $toReturn = authenticateLDAP($username, $password); if ($toReturn === -1) { $toReturn = false; } } } if ($toReturn) { journal(CFG_LOGGING_MAX, 'User Authenticated', "{$username} authenticated from " . getenv('REMOTE_ADDR'), CFG_JOURNAL_LOGIN, 0); debug_log("Authenticate: User authenticated", TRUE); } else { debug_log("authenticate: User NOT authenticated", TRUE); } return $toReturn; }
// delete_product_software.php // // SiT (Support Incident Tracker) - Support call tracking system // Copyright (C) 2000-2009 Salford Software Ltd. and Contributors // // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // // Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net> // Removes link between a product and software $permission = 24; // Add Product require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; $title = "{$strDisassociateSkillWithProduct}"; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; // External variables $productid = cleanvar($_REQUEST['productid']); $softwareid = cleanvar($_REQUEST['softwareid']); if (!empty($productid) && !empty($softwareid)) { $sql = "DELETE FROM `{$dbSoftwareProducts}` WHERE productid='{$productid}' AND softwareid='{$softwareid}' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'Skill Unlinked', "Skill {$softwareid} was unlinked from Product {$productid}", CFG_JOURNAL_PRODUCTS, $productid); html_redirect("products.php"); } else { html_redirect("products.php", FALSE, "{$strRequiredDataMissing}"); }
// save to db if (!empty($newcontact)) { $sql = "UPDATE `{$dbSupportContacts}` SET contactid='{$newcontact}' WHERE contactid='{$id}' "; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } $sql = "UPDATE `{$dbIncidents}` SET contact='{$newcontact}' WHERE contact='{$id}' "; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } $sql = "UPDATE `{$dbMaintenance}` SET admincontact='{$newcontact}' WHERE admincontact='{$id}' "; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } // do the delete $sql = "DELETE FROM `{$dbContacts}` WHERE id='{$id}' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'Contact Deleted', "Contact {$id} was deleted", CFG_JOURNAL_CONTACTS, $id); if (!empty($newcontact)) { html_redirect("contact_details.php?id={$newcontact}"); } else { html_redirect("contacts.php"); } }
$lifetime_end = date('Y-m-d', strtotime($_REQUEST['lifetime_end'])); } else { $lifetime_end = ''; } // Add new $errors = 0; // check for blank name if ($name == '') { $errors = 1; $errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR); } // add product if no errors if ($errors == 0) { replace_tags(TAG_SKILL, $id, $tags); $sql = "UPDATE `{$dbSoftware}` SET "; $sql .= "name='{$name}', vendorid='{$vendor}', lifetime_start='{$lifetime_start}', lifetime_end='{$lifetime_end}' "; $sql .= "WHERE id = '{$id}'"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } else { $id = mysql_insert_id(); journal(CFG_LOGGING_DEBUG, 'Skill Edited', "Skill {$id} was edited", CFG_JOURNAL_DEBUG, $id); html_redirect("products.php?display=skills"); } } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo $errors_string; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } }
// External variables $name = cleanvar($_REQUEST['name']); $_SESSION['formdata'] = $_REQUEST; // Add new $errors = 0; // check for blank name if ($name == '') { $errors++; $_SESSION['formerrors']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strVendorName}'"), E_USER_ERROR); } // add product if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbVendors}` (name) VALUES ('{$name}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (!$result) { echo "<p class='error'>{$strAdditionFail}</p>\n"; } else { $id = mysql_insert_id(); journal(CFG_LOGGING_DEBUG, 'Vendor Added', "Vendor {$id} was added", CFG_JOURNAL_DEBUG, $id); html_redirect("products.php"); } clear_form_data('add_vendor'); clear_form_errors('add_vendor'); } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; html_redirect($_SERVER['PHP_SELF'], FALSE); } }
replace_tags(3, $site, $tags); if (isset($licenserx)) { $licenserx = '1'; } else { $licenserx = '0'; } // update site if ($active == 'true') { $activeStr = 'true'; } else { $activeStr = 'false'; } $sql = "UPDATE `{$dbSites}` SET name='{$name}', department='{$department}', address1='{$address1}', address2='{$address2}', city='{$city}', "; $sql .= "county='{$county}', postcode='{$postcode}', country='{$country}', telephone='{$telephone}', fax='{$fax}', email='{$email}', "; $sql .= "websiteurl='{$websiteurl}', notes='{$notes}', typeid='{$typeid}', owner='{$owner}', freesupport='{$incident_quantity}', active='{$activeStr}' WHERE id='{$site}' LIMIT 1"; // licenserx='$licenserx' $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } else { plugin_do('edit_site_save'); journal(CFG_LOGGING_NORMAL, $strSiteEdited, sprintf($strSiteXEdited, $site), CFG_JOURNAL_SITES, $site); html_redirect($_SERVER['PHP_SELF']); exit; } } else { echo $errors_string; } } echo show_edit_site($site, 'external'); include APPLICATION_INCPATH . 'htmlfooter.inc.php';
$storeinlog = 'No'; } switch ($template) { case 'email': $sql = "UPDATE `{$dbEmailTemplates}` SET name='{$name}', description='{$description}', tofield='{$tofield}', fromfield='{$fromfield}', "; $sql .= "replytofield='{$replytofield}', ccfield='{$ccfield}', bccfield='{$bccfield}', subjectfield='{$subjectfield}', "; $sql .= "body='{$bodytext}', customervisibility='{$cust_vis}', storeinlog='{$storeinlog}' "; $sql .= "WHERE id='{$id}' LIMIT 1"; break; case 'notice': $sql = "UPDATE `{$dbNoticeTemplates}` SET name='{$name}', description='{$description}', type='', "; $sql .= "linktext='{$linktext}', link='{$link}', durability='{$durability}', "; $sql .= "text='{$bodytext}' "; $sql .= "WHERE id='{$id}' LIMIT 1"; break; default: trigger_error('Error: Invalid template type', E_USER_WARNING); html_redirect($_SERVER['PHP_SELF'], FALSE); } // echo $sql; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if ($result) { journal(CFG_LOGGING_NORMAL, 'Email Template Updated', "Email Template {$type} was modified", CFG_JOURNAL_ADMIN, $type); html_redirect($_SERVER['PHP_SELF']); } else { html_redirect($_SERVER['PHP_SELF'], FALSE); } }
if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } else { // FIXME html headers need sorting here, we don't want the header before we do this html_redirect("sites.php?search_string=A"); } } include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { // Records need moving before we delete // Move contacts $sql = "UPDATE `{$dbContacts}` SET siteid='{$destinationid}' WHERE siteid='{$id}'"; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } // Move contracts $sql = "UPDATE `{$dbMaintenance}` SET site='{$destinationid}' WHERE site='{$id}'"; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } $sql = "DELETE FROM `{$dbSites}` WHERE id='{$id}' LIMIT 1"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'Site Deleted', "Site {$id} was deleted", CFG_JOURNAL_SITES, $id); html_redirect("sites.php?search_string=A"); } }
if ($oldincidentid == 0) { $oldincidentid = 'Inbox'; } $prettydate = ldate('r', $timestamp); // prepend 'moved' header to bodytext $body = sprintf($SYSLANG['strMovedFromXtoXbyX'], "<b>{$oldincidentid}</b>", "<b>{$incidentid}</b>", "<b>" . user_realname($sit[2]) . "</b>") . "\n"; $body .= sprintf($SYSLANG['strOriginalMessageReceivedAt'], "<b>{$prettydate}</b>") . "\n"; $body .= $SYSLANG['strStatus'] . " -> <b>{$SYSLANG['strActive']}</b>\n"; $bodytext = $body . $bodytext; $bodytext = mysql_real_escape_string($bodytext); // move the update. $sql = "UPDATE `{$dbUpdates}` SET incidentid='{$incidentid}', userid='{$sit[2]}', bodytext='{$bodytext}', timestamp='{$now}' WHERE id='{$updateid}'"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } //remove from tempincoming to prevent build up $sql = "DELETE FROM `{$dbTempIncoming}` WHERE updateid='{$updateid}'"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'Incident Update Moved', "Incident update {$update} moved to incident {$incidentid}", CFG_JOURNAL_INCIDENTS, $incidentid); html_redirect("incident_details.php?id={$incidentid}"); } } else { // no open incident with this number. Return to form. header("Location: {$_SERVER['PHP_SELF']}?id={$id}&updateid={$updateid}&error=1&win=incomingview"); exit; } }
/** * Modifie le contenu d'un objet * * Fonction generique pour l'API de modification de contenu, qui se * charge entre autres choses d'appeler les pipelines pre_edition * et post_edition * * Attention, pour éviter des hacks on interdit des champs * (statut, id_secteur, id_rubrique, id_parent), * mais la securite doit étre assurée en amont * * @api * @param string $objet * Type d'objet * @param int $id_objet * Identifiant de l'objet * @param array $options * Toutes les options * @param array|null $c * Couples champ/valeur à modifier * @param string $serveur * Nom du connecteur à la base de données * @return bool|string * - false : Aucune modification, aucun champ n'est à modifier * - chaîne vide : Vide si tout s'est bien passé * - chaîne : Texte d'un message d'erreur */ function objet_modifier_champs($objet, $id_objet, $options, $c = null, $serveur = '') { if (!($id_objet = intval($id_objet))) { spip_log('Erreur $id_objet non defini', 'warn'); return _T('erreur_technique_enregistrement_impossible'); } include_spip('inc/filtres'); $table_objet = table_objet($objet, $serveur); $spip_table_objet = table_objet_sql($objet, $serveur); $id_table_objet = id_table_objet($objet, $serveur); $trouver_table = charger_fonction('trouver_table', 'base'); $desc = $trouver_table($spip_table_objet, $serveur); // Appels incomplets (sans $c) if (!is_array($c)) { spip_log('erreur appel objet_modifier_champs(' . $objet . '), manque $c'); return _T('erreur_technique_enregistrement_impossible'); } // Securite : certaines variables ne sont jamais acceptees ici // car elles ne relevent pas de autoriser(xxx, modifier) ; // il faut passer par instituer_XX() // TODO: faut-il passer ces variables interdites // dans un fichier de description separe ? unset($c['statut']); unset($c['id_parent']); unset($c['id_rubrique']); unset($c['id_secteur']); // Gerer les champs non vides if (isset($options['nonvide']) and is_array($options['nonvide'])) { foreach ($options['nonvide'] as $champ => $sinon) { if (isset($c[$champ]) and $c[$champ] === '') { $c[$champ] = $sinon; } } } // N'accepter que les champs qui existent // TODO: ici aussi on peut valider les contenus // en fonction du type $champs = array(); foreach ($desc['field'] as $champ => $ignore) { if (isset($c[$champ])) { $champs[$champ] = $c[$champ]; } } // Nettoyer les valeurs $champs = array_map('corriger_caracteres', $champs); // Envoyer aux plugins $champs = pipeline('pre_edition', array('args' => array('table' => $spip_table_objet, 'table_objet' => $table_objet, 'spip_table_objet' => $spip_table_objet, 'type' => $objet, 'id_objet' => $id_objet, 'champs' => isset($options['champs']) ? $options['champs'] : array(), 'serveur' => $serveur, 'action' => 'modifier'), 'data' => $champs)); if (!$champs) { return false; } // marquer le fait que l'objet est travaille par toto a telle date if ($GLOBALS['meta']['articles_modif'] != 'non') { include_spip('inc/drapeau_edition'); signale_edition($id_objet, $GLOBALS['visiteur_session'], $objet); } // Verifier si les mises a jour sont pertinentes, datees, en conflit etc include_spip('inc/editer'); $conflits = controler_md5($champs, $_POST, $objet, $id_objet, $serveur); // cas hypothetique : normalement inc/editer verifie en amont le conflit edition // et gere l'interface // ici on ne renvoie donc qu'un messsage d'erreur, au cas ou on y arrive quand meme if ($conflits) { return _T('titre_conflit_edition'); } if ($champs) { // cas particulier de la langue : passer par instituer_langue_objet if (isset($champs['lang'])) { if ($changer_lang = $champs['lang']) { $id_rubrique = 0; if ($desc['field']['id_rubrique']) { $parent = $objet == 'rubrique' ? 'id_parent' : 'id_rubrique'; $id_rubrique = sql_getfetsel($parent, $spip_table_objet, "{$id_table_objet}=" . intval($id_objet)); } $instituer_langue_objet = charger_fonction('instituer_langue_objet', 'action'); $champs['lang'] = $instituer_langue_objet($objet, $id_objet, $id_rubrique, $changer_lang); } // on laisse 'lang' dans $champs, // ca permet de passer dans le pipeline post_edition et de journaliser // et ca ne gene pas qu'on refasse un sql_updateq dessus apres l'avoir // deja pris en compte } // la modif peut avoir lieu // faut-il ajouter date_modif ? if (isset($options['date_modif']) and $options['date_modif'] and !isset($champs[$options['date_modif']])) { $champs[$options['date_modif']] = date('Y-m-d H:i:s'); } // allez on commit la modif sql_updateq($spip_table_objet, $champs, "{$id_table_objet}=" . intval($id_objet), $serveur); // on verifie si elle est bien passee $moof = sql_fetsel(array_keys($champs), $spip_table_objet, "{$id_table_objet}=" . intval($id_objet), array(), array(), '', array(), $serveur); // si difference entre les champs, reperer les champs mal enregistres if ($moof != $champs) { $liste = array(); foreach ($moof as $k => $v) { if ($v !== $champs[$k] and (!is_numeric($v) or intval($v) != intval($champs[$k]))) { $liste[] = $k; $conflits[$k]['post'] = $champs[$k]; $conflits[$k]['save'] = $v; // cas specifique MySQL+emoji : si l'un est la // conversion utf8_noplanes de l'autre alors c'est OK if (defined('_MYSQL_NOPLANES') && _MYSQL_NOPLANES) { include_spip('inc/charsets'); if ($v == utf8_noplanes($champs[$k])) { array_pop($liste); } } } } // si un champ n'a pas ete correctement enregistre, loger et retourner une erreur // c'est un cas exceptionnel if (count($liste)) { spip_log("Erreur enregistrement en base {$objet}/{$id_objet} champs :" . var_export($conflits, true), 'modifier.' . _LOG_CRITIQUE); return _T('erreur_technique_enregistrement_champs', array('champs' => "<i>'" . implode("'</i>,<i>'", $liste) . "'</i>")); } } // Invalider les caches if (isset($options['invalideur']) and $options['invalideur']) { include_spip('inc/invalideur'); if (is_array($options['invalideur'])) { array_map('suivre_invalideur', $options['invalideur']); } else { suivre_invalideur($options['invalideur']); } } // Notifications, gestion des revisions... // en standard, appelle |nouvelle_revision ci-dessous pipeline('post_edition', array('args' => array('table' => $spip_table_objet, 'table_objet' => $table_objet, 'spip_table_objet' => $spip_table_objet, 'type' => $objet, 'id_objet' => $id_objet, 'champs' => isset($options['champs']) ? $options['champs'] : array(), 'serveur' => $serveur, 'action' => 'modifier'), 'data' => $champs)); } // journaliser l'affaire // message a affiner :-) include_spip('inc/filtres_mini'); $qui = isset($GLOBALS['visiteur_session']['nom']) and $GLOBALS['visiteur_session']['nom'] ? $GLOBALS['visiteur_session']['nom'] : $GLOBALS['ip']; journal(_L($qui . ' a édité l’' . $objet . ' ' . $id_objet . ' (' . join('+', array_diff(array_keys($champs), array('date_modif'))) . ')'), array('faire' => 'modifier', 'quoi' => $objet, 'id' => $id_objet)); return ''; }
$sql .= "WHERE origcolref = '{$updateid}' "; $sql .= "AND linktype = 5 "; $sql .= "AND l.linkcolref = f.id "; if ($result = @mysql_query($sql)) { while ($row = mysql_fetch_object($result)) { $file = $path . $row->linkcolref . "-" . $row->filename; if (file_exists($file)) { $del = unlink($file); if (!$del) { trigger_error("Deleting attachment failed", E_USER_ERROR); $deleted = FALSE; } } } } if ($deleted_files) { // We delete using ID and timestamp to make sure we dont' delete the wrong update by accident $sql = "DELETE FROM `{$dbUpdates}` WHERE id='{$updateid}' AND timestamp='{$timestamp}'"; // We might in theory have more than one ... mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } $sql = "DELETE FROM `{$dbTempIncoming}` WHERE id='{$tempid}'"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } journal(CFG_LOGGING_NORMAL, 'Incident Log Entry Deleted', "Incident Log Entry {$updateid} was deleted from Incident {$incidentid}", CFG_JOURNAL_INCIDENTS, $incidentid); html_redirect("holding_queue.php");
$sql = "SELECT id FROM `{$dbUpdates}` WHERE userid={$userid} LIMIT 1"; $result = mysql_query($sql); if (mysql_num_rows($result) >= 1) { $errors++; } // FIXME need to check more tables for data possibly linked to userid // We break data integrity if we delete the user and there are things // related to him/her if ($errors == 0) { $sql = array(); $sql[] = "DELETE FROM `{$dbUsers}` WHERE id = {$userid} LIMIT 1"; $sql[] = "DELETE FROM `{$dbHolidays}` WHERE userid = {$userid}"; $sql[] = "DELETE FROM `{$dbUserGroups}` WHERE userid = {$userid}"; $sql[] = "DELETE FROM `{$dbUserPermissions}` WHERE userid = {$userid}"; foreach ($sql as $query) { $result = mysql_query($query); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } } journal(CFG_LOGGING_NORMAL, 'User Removed', "User {$userid} was removed", CFG_JOURNAL_USERS, $userid); html_redirect("users.php"); } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<p class='error'>{$strCannotDeleteUser}</p>"; echo "<p align='center'><a href='users.php#{$userid}'>{$strBackToList}</a></p>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } } else { trigger_error("Cound not delete user: Parameter(s) missing", E_USER_WARNING); }
$query[] = "INSERT INTO `{$dbKBContent}` (docid, ownerid, headerstyle, header, contenttype, content, distribution) VALUES ('{$docid}', '" . mysql_real_escape_string($sit[2]) . "', 'h1', 'Summary', '1', 'Enter details here...', 'restricted') "; } foreach ($query as $sql) { mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } // Add Software Record if ($softwareid > 0) { $sql = "INSERT INTO `{$dbKBSoftware}` (docid,softwareid) VALUES ('{$docid}', '{$softwareid}')"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } journal(CFG_LOGGING_NORMAL, 'KB Article Added', "KB Article {$docid} was added", CFG_JOURNAL_KB, $docid); } //html_redirect("incident_details.php?id={$id}", TRUE, "Knowledge Base Article {$CONFIG['kb_id_prefix']}{$docid} created"); plugin_do('incident_closing'); echo "<html>"; echo "<head></head>"; echo "<body onload=\"close_page_redirect('incident_details.php?id={$id}');\">"; echo "</body>"; echo "</html>"; } else { plugin_do('incident_closing'); echo "<html>"; echo "<head></head>"; echo "<body onload=\"close_page_redirect('incident_details.php?id={$id}');\">"; echo "</body>"; echo "</html>";
// Add product information $errors = 0; include APPLICATION_INCPATH . 'htmlheader.inc.php'; // check for blank product if ($product == 0) { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProduct}'"), E_USER_ERROR); } // check for blank information if ($information == '') { $errors = 1; echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strQuestion}'"), E_USER_ERROR); } // add product information if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbProductInfo}` (productid, information, moreinformation) "; $sql .= "VALUES ('{$product}', '{$information}', '{$moreinformation}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } if (!$result) { echo "<p class='error'>" . sprintf($strAddXfailed, $strProductInformation) . "\n"; } else { journal(CFG_LOGGING_NORMAL, 'Product Info Added', "Info was added to Product {$product}", CFG_JOURNAL_PRODUCTS, $product); html_redirect("products.php?productid={$product}"); exit; } } include APPLICATION_INCPATH . 'htmlfooter.inc.php'; }
$_SESSION['formerrors']['add_software']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR); } // Check this is not a duplicate $sql = "SELECT id FROM `{$dbSoftware}` WHERE LCASE(name)=LCASE('{$name}') LIMIT 1"; $result = mysql_query($sql); if (mysql_num_rows($result) >= 1) { $errors++; $_SESSION['formerrors']['add_software']['duplicate'] .= $strARecordAlreadyExistsWithTheSameName; } // add product if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbSoftware}` (name, vendorid, lifetime_start, lifetime_end) VALUES ('{$name}','{$vendor}','{$lifetime_start}','{$lifetime_end}')"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (!$result) { echo "<p class='error'>{$strAdditionFail}</p>"; } else { $id = mysql_insert_id(); replace_tags(TAG_SKILL, $id, $tags); journal(CFG_LOGGING_DEBUG, 'Skill Added', "Skill {$id} was added", CFG_JOURNAL_DEBUG, $id); html_redirect("products.php"); //clear form data $_SESSION['formdata']['add_software'] = NULL; } } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; html_redirect($_SERVER['PHP_SELF'], FALSE); } }
echo " {$strPermissionDenied}</h2>"; // FIXME 3.35 triggers if ($username != '') { $errdate = date('M j H:i'); $errmsg = "{$errdate} " . permission_name($id) . "({$id}) " . sprintf($strPermissionDeniedForX, $username); $errmsg .= "\n"; if (!empty($CONFIG['access_logfile'])) { $errlog = error_log($errmsg, 3, "{$CONFIG['access_logfile']}"); if (!$errlog) { echo "Fatal error logging this problem<br />"; } } unset($errdate); unset($errmsg); unset($errlog); } if (strpos($id, ',') !== FALSE) { $refused = explode(',', $id); } else { $refused = array($id); } echo "<p align='center' class='error'>{$strSorryNoPermissionToAreas}:</p>"; echo "<ul>"; foreach ($refused as $id) { echo "<li>{$id}: " . permission_name($id) . "</li>\n"; journal(CFG_LOGGING_MIN, 'Access Failure', "Access to " . permission_name($id) . " ({$id}) was denied", CFG_JOURNAL_OTHER, $id); } echo "</ul>"; echo "<p align='center'>{$strIfYouShouldHaveAccess}</p>"; echo "<p align='center'><a href=\"javascript:history.back();\">{$strPrevious}</a></p>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php';
// // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // $permission = 26; // Help require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; $title = "Help"; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; // External variables $id = cleanvar($_REQUEST['id']); $title = $strHelp; include APPLICATION_INCPATH . 'htmlheader.inc.php'; journal(CFG_LOGGING_MAX, 'Help Viewed', "Help document {$id} was viewed", CFG_JOURNAL_OTHER, $id); echo "<h2>" . icon('help', 32, $strHelp) . " "; if ($id > 0) { echo permission_name($id) . ' '; } echo "{$strHelp}</h2>"; echo "<div id='help'>"; $helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "help.html"; if (!file_exists($helpfile)) { $helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "en-GB/help.html"; } if (file_exists($helpfile)) { $helptext = file_get_contents($helpfile); } else { trigger_error("Error: Missing helpfile 'help.html'", E_USER_ERROR); }
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } $sql_update = "UPDATE `{$dbIncidents}` SET lastupdated = '{$now}' WHERE id = {$id}"; mysql_query($sql_update); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } if ($draftid != -1) { $sql = "DELETE FROM `{$dbDrafts}` WHERE id = {$draftid}"; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } } journal(CFG_LOGGING_FULL, $SYSLANG['strEmailSent'], "{$SYSLANG['strSubject']}: {$subjectfield}, {$SYSLANG['strIncident']}: {$id}", CFG_JOURNAL_INCIDENTS, $id); // FIXME i18n, maybe have a function that prints a dialog and then closes the window? echo "<html>"; echo "<head>"; ?> <script type="text/javascript"> function confirm_close_window() { if (window.confirm('The email was sent successfully, click OK to close this window')) { window.opener.location='incident_details.php?id=<?php echo $id; ?> '; window.close(); }