public function update()
 {
     $_GET['edit'] = (int) $_GET['edit'];
     mysql_query("UPDATE `" . DB_PREFIX . "departments` SET\n  `name`          = '" . mswSafeImportString($_POST['name']) . "',\n  `showDept`      = '" . (isset($_POST['showDept']) ? 'yes' : 'no') . "',\n  `dept_subject`  = '" . mswSafeImportString($_POST['dept_subject']) . "',\n  `dept_comments` = '" . mswSafeImportString($_POST['dept_comments']) . "',\n  `manual_assign` = '" . (isset($_POST['manual_assign']) ? 'yes' : 'no') . "'\n  WHERE `id`      = '{$_GET['edit']}'\n  ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
     // If manual assign is not set, remove from any tickets..
     if (isset($_POST['manual_assign']) && $_POST['manual_assign'] == 'no') {
         mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n    `assignedto`       = ''\n    WHERE `department` = '{$_GET['edit']}'\n    ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
     }
 }
Beispiel #2
0
 public function editCustomField()
 {
     // Defaults if not set..
     $_POST['fieldType'] = isset($_POST['fieldType']) && in_array($_POST['fieldType'], array('textarea', 'input', 'select', 'checkbox')) ? $_POST['fieldType'] : 'input';
     $_POST['fieldReq'] = isset($_POST['fieldReq']) ? 'yes' : 'no';
     $_POST['repeatPref'] = isset($_POST['repeatPref']) ? 'yes' : 'no';
     $_POST['enField'] = isset($_POST['enField']) ? 'yes' : 'no';
     $dept = empty($_POST['dept']) ? implode(',', $_POST['deptall']) : implode(',', $_POST['dept']);
     if (empty($_POST['fieldLoc'])) {
         $_POST['fieldLoc'][] = 'ticket';
     }
     if ((int) $_GET['edit'] > 0) {
         mysql_query("UPDATE `" . DB_PREFIX . "cusfields` SET\n    `fieldInstructions`  = '" . mswSafeImportString($_POST['fieldInstructions']) . "',\n    `fieldType`          = '{$_POST['fieldType']}',\n    `fieldReq`           = '{$_POST['fieldReq']}',\n    `fieldOptions`       = '" . mswSafeImportString($_POST['fieldOptions']) . "',\n    `fieldLoc`           = '" . implode(',', $_POST['fieldLoc']) . "',\n    `repeatPref`         = '{$_POST['repeatPref']}',\n    `enField`            = '{$_POST['enField']}',\n    `departments`        = '{$dept}'\n    WHERE `id`           = '{$_GET['edit']}'\n    ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
     }
 }
Beispiel #3
0
 public function updateB8()
 {
     $_POST['tokens'] = (int) $_POST['tokens'];
     $_POST['min_size'] = (int) $_POST['min_size'];
     $_POST['max_size'] = (int) $_POST['max_size'];
     $_POST['learning'] = isset($_POST['learning']) ? 'yes' : 'no';
     $_POST['num_parse'] = isset($_POST['num_parse']) ? 'yes' : 'no';
     $_POST['uri_parse'] = isset($_POST['uri_parse']) ? 'yes' : 'no';
     $_POST['html_parse'] = isset($_POST['html_parse']) ? 'yes' : 'no';
     $_POST['multibyte'] = isset($_POST['multibyte']) ? 'yes' : 'no';
     mysql_query("UPDATE `" . DB_PREFIX . "imap_b8` SET\n  `tokens`      = '{$_POST['tokens']}',\n  `min_size`    = '{$_POST['min_size']}',\n  `max_size`    = '{$_POST['max_size']}',\n  `min_dev`     = '" . mswSafeImportString($_POST['min_dev']) . "',\n  `x_constant`  = '" . mswSafeImportString($_POST['x_constant']) . "',\n  `s_constant`  = '" . mswSafeImportString($_POST['s_constant']) . "',\n  `learning`    = '{$_POST['learning']}',\n  `num_parse`   = '{$_POST['num_parse']}',\n  `uri_parse`   = '{$_POST['uri_parse']}',\n  `html_parse`  = '{$_POST['html_parse']}',\n  `multibyte`   = '{$_POST['multibyte']}',\n  `encoder`     = '" . mswSafeImportString($_POST['encoder']) . "',\n  `skipFilters` = '" . mswSafeImportString($_POST['skipFilters']) . "'\n  ");
     // Are we clearing the learning filters?
     if (isset($_POST['reset'])) {
         // Reset older than X days or truncate all?
         if (isset($_POST['reset_days']) && (int) $_POST['reset_days'] > 0) {
             $days = (int) $_POST['reset_days'];
             mysql_query("DELETE FROM `" . DB_PREFIX . "imap_b8_filter` \n\t  WHERE DATEDIFF(NOW(),DATE(FROM_UNIXTIME(`ts`))) >= " . $days . "\n\t  AND `token` NOT IN('b8*dbversion','b8*texts')\n\t  ");
         } else {
             mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "imap_b8_filter`");
             mysql_query("INSERT INTO `" . DB_PREFIX . "imap_b8_filter` (`token`,`count_ham`,`ts`) values ('b8*dbversion', '" . B8_VERSION . "','0')");
             mysql_query("INSERT INTO `" . DB_PREFIX . "imap_b8_filter` (`token`,`count_ham`,`count_spam`,`ts`) values ('b8*texts', '0', '0','0')");
         }
     } else {
         // Anything to classify?
         if ($_POST['add-to']) {
             // Load the b8 class..
             include REL_PATH . 'control/lib/b8/call_b8.php';
             switch ($_POST['classify']) {
                 case 'spam':
                     $MSB8->learn(htmlspecialchars($_POST['add-to']), b8::SPAM);
                     break;
                 case 'ham':
                     $MSB8->learn(htmlspecialchars($_POST['add-to']), b8::HAM);
                     break;
             }
         }
     }
 }
Beispiel #4
0
function mswManSchemaFix($s)
{
    if ($s->email == '' && $s->scriptpath == '' && $s->attachpath == '' && $s->attachhref == '') {
        $hdeskPath = 'http://www.example.com/helpdesk';
        if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['PHP_SELF'])) {
            $hdeskPath = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, -10);
        }
        $hdeskPathAtt = $hdeskPath . '/content/attachments';
        $hdeskPathFaq = $hdeskPath . '/content/attachments-faq';
        $attachPath = mswSafeImportString(PATH . 'content/attachments');
        $attFaqPath = mswSafeImportString(PATH . 'content/attachments-faq');
        $apiKey = strtoupper(substr(md5(uniqid(rand(), 1)), 3, 10) . '-' . substr(md5(uniqid(rand(), 1)), 3, 8));
        mysql_query("UPDATE `" . DB_PREFIX . "settings` SET\n    `website`             = 'My Help Desk',\n    `email`               = '*****@*****.**',\n    `scriptpath`          = '{$hdeskPath}',\n    `attachpath`          = '{$attachPath}',\n\t`attachhref`          = '{$hdeskPathAtt}',\n\t`attachpathfaq`       = '{$attFaqPath}',\n\t`attachhreffaq`       = '{$hdeskPathFaq}',\n    `adminFooter`         = 'To add your own footer code, click "Settings & Tools > Other Options > Edit Footers"',\n    `publicFooter`        = 'To add your own footer code, click "Settings & Tools > Other Options > Edit Footers"',\n    `prodKey`             = '" . mswProdKeyGen() . "',\n    `encoderVersion`      = '" . (function_exists('ioncube_loader_version') ? ioncube_loader_version() : 'XX') . "',\n    `softwareVersion`     = '" . SCRIPT_VERSION . "',\n\t`apiKey`              = '{$apiKey}'\n    LIMIT 1\n    ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
        // Insert user..
        if (mswRowCount('users') == 0) {
            mysql_query("INSERT INTO `" . DB_PREFIX . "users` (\n      `id`, `ts`, `name`, `email`, `accpass`, `signature`, `notify`, `pageAccess`, `emailSigs`, `notePadEnable`, `delPriv`,\n      `nameFrom`, `emailFrom`, `assigned`, `timezone`\n      ) VALUES (\n      1, UNIX_TIMESTAMP(UTC_TIMESTAMP), 'admin', '*****@*****.**', '" . md5(SECRET_KEY . 'admin') . "', '', 'yes', '', 'no', 'yes', 'yes',\n      '', '', 'no', 'Europe/London'\n      )");
        } else {
            mysql_query("UPDATE `" . DB_PREFIX . "users` SET\n\t  `accpass`  = '" . md5(SECRET_KEY . 'admin') . "'\n\t  WHERE `id` = '1'\n\t  ");
        }
        // Page reload..
        header("Location: index.php");
        exit;
    }
}
 public function updateResponse()
 {
     $ID = (int) $_GET['edit'];
     $dept = empty($_POST['dept']) ? implode(',', $_POST['deptall']) : implode(',', $_POST['dept']);
     mysql_query("UPDATE `" . DB_PREFIX . "responses` SET\n  `ts`          = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n  `title`       = '" . mswSafeImportString($_POST['title']) . "',\n  `answer`      = '" . mswSafeImportString($_POST['answer']) . "',\n  `departments` = '" . mswSafeImportString($dept) . "',\n  `enResponse`  = '" . (isset($_POST['enResponse']) ? 'yes' : 'no') . "'\n  WHERE `id`    = '{$ID}'\n  ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
 }
Beispiel #6
0
// Load the skip words array..
include PATH . 'control/skipwords.php';
// Variables..
$limitvalue = $page * $SETTINGS->quePerPage - $SETTINGS->quePerPage;
$pageNumbers = '';
$html = '';
$title = $msg_pkbase;
$dataCount = 0;
// Build search query..
$SQL = '';
if ($_GET['q']) {
    $chop = array_map('trim', explode(' ', $_GET['q']));
    if (!empty($chop)) {
        foreach ($chop as $word) {
            if (!in_array($word, $searchSkipWords)) {
                $SQL .= (!$SQL ? 'WHERE (' : 'OR (') . "`question` LIKE '%" . mswCleanData(mswSafeImportString($word)) . "%' OR `answer` LIKE '%" . mswCleanData(mswSafeImportString($word)) . "%')";
            }
        }
    }
    // Are we searching for anything..
    if ($SQL) {
        $html = $FAQ->questions(0, $limitvalue, $SETTINGS, array($SQL, 'no'));
        $dataCount = $FAQ->questions(0, $limitvalue, $SETTINGS, array($SQL, 'yes'));
    }
}
// Pagination..
if ($dataCount > $SETTINGS->quePerPage) {
    define('PER_PAGE', $SETTINGS->quePerPage);
    $PTION = new pagination($dataCount, '?q=' . urlencode($_GET['q']) . mswQueryParams(array('q', 'p', 'next')) . '&next=');
    $pageNumbers = $PTION->display();
}
Beispiel #7
0
 case 'login':
     $redr = 'index.php?p=dashboard';
     // If login limit and ban time is enabled, check first..
     if ($SETTINGS->loginLimit > 0) {
         $ban = $MSACC->checkban($SETTINGS, $MSDT);
         if ($ban == 'fail') {
             $json = array('status' => 'err', 'field' => 'email', 'msg' => $msg_public_login4);
         }
     }
     if (!isset($json['status']) && isset($_POST['email'], $_POST['pass']) && $_POST['email'] && $_POST['pass']) {
         // Check for valid e-mail..
         if (!mswIsValidEmail($_POST['email'])) {
             $json = array('status' => 'err', 'field' => 'email', 'msg' => $msg_main13);
         } else {
             // Now check account..
             $ACC = mswGetTableData('portal', 'email', mswSafeImportString($_POST['email']), 'AND `userPass` = \'' . md5(SECRET_KEY . $_POST['pass']) . '\' AND `verified` = \'yes\'');
             if (isset($ACC->email)) {
                 // Check access..
                 if ($ACC->enabled == 'yes') {
                     $_SESSION[md5(SECRET_KEY) . '_msw_support'] = $ACC->email;
                     // Ticket/dispute redirection..
                     if (isset($_SESSION['ticketAccessID']) && (int) $_SESSION['ticketAccessID'] > 0) {
                         $redr = 'index.php?t=' . $_SESSION['ticketAccessID'];
                         unset($_SESSION['ticketAccessID']);
                     }
                     if (isset($_SESSION['disputeAccessID']) && (int) $_SESSION['disputeAccessID'] > 0) {
                         $redr = 'index.php?d=' . $_SESSION['disputeAccessID'];
                         unset($_SESSION['disputeAccessID']);
                     }
                     if (isset($_SESSION['redirectPage'])) {
                         $redr = 'index.php?p=open';
Beispiel #8
0
 public function folders($staff)
 {
     $deleted = 0;
     $folders = array("'inbox'", "'outbox'", "'bin'");
     // Existing..
     if (!empty($_POST['folder'])) {
         // Update..
         foreach ($_POST['folder'] as $fK => $fV) {
             mysql_query("UPDATE `" . DB_PREFIX . "mailfolders` SET\n      `folder`      = '" . mswSafeImportString($fV) . "'\n      WHERE `id`    = '{$fK}'\n\t  AND `staffID` = '{$staff}'\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             $folders[] = "'" . $fK . "'";
         }
         // Delete messages if folder no longer exists..
         if (!empty($folders)) {
             mysql_query("DELETE FROM `" . DB_PREFIX . "mailassoc`\n\t  WHERE `staffID`   = '{$staff}'\n\t  AND `folder` NOT IN(" . implode(',', $folders) . ")\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             $deleted = mysql_affected_rows();
             if (mswRowCount('mailassoc') == 0) {
                 @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "mailassoc`");
             }
             // Now delete folders not in array..
             mysql_query("DELETE FROM `" . DB_PREFIX . "mailfolders`\n\t  WHERE `staffID`   = '{$staff}'\n\t  AND `id`     NOT IN(" . implode(',', $folders) . ")\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             if (mswRowCount('mailfolders') == 0) {
                 @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "mailfolders`");
             }
         }
     }
     // New..
     if (!empty($_POST['new'])) {
         foreach ($_POST['new'] as $fV) {
             if ($fV) {
                 mysql_query("INSERT INTO `" . DB_PREFIX . "mailfolders` (\n        `staffID`,\n        `folder`\n        ) VALUES (\n        '{$staff}',\n        '" . mswSafeImportString($fV) . "'\n        )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
             }
         }
     }
     return $deleted;
 }
Beispiel #9
0
if (isset($_GET['keys'])) {
    // Filters..
    if ($_GET['keys']) {
        $_GET['keys'] = mswSafeImportString(strtolower($_GET['keys']));
        $filters[] = "LOWER(`" . DB_PREFIX . "portal`.`name`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "portal`.`email`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "portal`.`notes`) LIKE '%" . $_GET['keys'] . "%'";
    }
    if (isset($_GET['ip']) && $_GET['ip']) {
        $filters[] = "`ip` = '" . mswSafeImportString($_GET['ip']) . "'";
    }
    if (isset($_GET['from'], $_GET['to']) && $_GET['from'] && $_GET['to']) {
        $from = $MSDT->mswDatePickerFormat($_GET['from']);
        $to = $MSDT->mswDatePickerFormat($_GET['to']);
        $filters[] = "DATE(FROM_UNIXTIME(`ts`)) BETWEEN '{$from}' AND '{$to}'";
    }
    if (isset($_GET['timezone']) && $_GET['timezone']) {
        $filters[] = "`timezone` = '" . mswSafeImportString($_GET['timezone']) . "'";
    }
    if (isset($_GET['status']) && in_array($_GET['status'], array('yes', 'no'))) {
        $filters[] = "`enabled` = '{$_GET['status']}'";
    }
    if (isset($_GET['c1'], $_GET['c2']) && $_GET['c2'] > 0) {
        $_GET['c1'] = (int) $_GET['c1'];
        $_GET['c2'] = (int) $_GET['c2'];
        $filters[] = "(SELECT count(*) FROM `" . DB_PREFIX . "tickets` WHERE `" . DB_PREFIX . "portal`.`email` = `" . DB_PREFIX . "tickets`.`email` AND `spamFlag` = 'no') BETWEEN '{$_GET['c1']}' AND '{$_GET['c2']}'";
    }
    // Build search string..
    if (!empty($filters)) {
        for ($i = 0; $i < count($filters); $i++) {
            $searchParams .= ($i ? ' AND (' : 'WHERE (') . $filters[$i] . ')';
        }
    }
Beispiel #10
0
<?php

if (!defined('PARENT')) {
    exit;
}
include PATH . 'templates/system/tickets/global/order-by.php';
include PATH . 'templates/system/tickets/global/filter-by.php';
$dis = array();
$SQL = '';
if (isset($_GET['keys'])) {
    $_GET['keys'] = mswSafeImportString(strtolower($_GET['keys']));
    $SQL = 'AND (LOWER(`' . DB_PREFIX . 'tickets`.`subject`) LIKE \'%' . $_GET['keys'] . '%\' OR LOWER(`' . DB_PREFIX . 'tickets`.`comments`) LIKE \'%' . $_GET['keys'] . '%\')';
}
// Disputes..
if ($SETTINGS->disputes == 'yes' && isset($_GET['disputes'])) {
    // Disputes in other tickets..
    $qD = mysql_query("SELECT `ticketID` FROM `" . DB_PREFIX . "disputes` \n        WHERE `visitorID` = '{$ACC->id}'\n\t    GROUP BY `ticketID`\n\t    ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
    while ($DP = mysql_fetch_object($qD)) {
        $dis[] = $DP->ticketID;
    }
    // Disputes from started tickets..
    $qD2 = mysql_query("SELECT `id` FROM `" . DB_PREFIX . "tickets` \n         WHERE `visitorID` = '{$ACC->id}'\n\t\t AND `isDisputed`  = 'yes'\n\t\t AND `spamFlag`    = 'no'\n\t     ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
    while ($DP2 = mysql_fetch_object($qD2)) {
        $dis[] = $DP2->id;
    }
}
$q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n     `" . DB_PREFIX . "tickets`.`id` AS `ticketID`,\n\t `" . DB_PREFIX . "portal`.`name` AS `ticketName`,\n\t `" . DB_PREFIX . "tickets`.`ts` AS `ticketStamp`,\n\t `" . DB_PREFIX . "departments`.`name` AS `deptName`,\n\t `" . DB_PREFIX . "levels`.`name` AS `levelName`,\n\t (SELECT count(*) FROM `" . DB_PREFIX . "disputes` \n\t  WHERE `" . DB_PREFIX . "disputes`.`ticketID` = `" . DB_PREFIX . "tickets`.`id`\n\t ) AS `disputeCount`\n\t FROM `" . DB_PREFIX . "tickets` \n     LEFT JOIN `" . DB_PREFIX . "departments`\n\t ON `" . DB_PREFIX . "tickets`.`department` = `" . DB_PREFIX . "departments`.`id`\n\t LEFT JOIN `" . DB_PREFIX . "portal`\n\t ON `" . DB_PREFIX . "tickets`.`visitorID`  = `" . DB_PREFIX . "portal`.`id`\n\t LEFT JOIN `" . DB_PREFIX . "levels`\n\t ON `" . DB_PREFIX . "tickets`.`priority`   = `" . DB_PREFIX . "levels`.`id`\n\t  OR `" . DB_PREFIX . "tickets`.`priority`  = `" . DB_PREFIX . "levels`.`marker`\n     " . (empty($dis) ? 'WHERE `' . DB_PREFIX . 'portal`.`email` = \'' . $ACC->email . '\'' : '') . "\n\t " . (!empty($dis) ? 'WHERE `' . DB_PREFIX . 'tickets`.`id` IN(' . implode(',', $dis) . ')' : '') . "\n\t {$SQL}\n\t AND `spamFlag` = 'no'\n     " . $filterBy . mswSQLDepartmentFilter($ticketFilterAccess) . "\n     " . $orderBy . "\n     LIMIT {$limitvalue},{$limit}\n     ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`"));
$countedRows = isset($c->rows) ? $c->rows : '0';
$searchBoxUrl = 'acchistory&id=' . $_GET['id'] . (isset($_GET['disputes']) ? '&disputes=yes' : '');
?>
Beispiel #11
0
 public function updateSettings()
 {
     $_POST = mswMultiDimensionalArrayMap('mswSafeImportString', $_POST);
     // Defaults if not set..
     $_POST['attachment'] = isset($_POST['attachment']) ? 'yes' : 'no';
     $_POST['rename'] = isset($_POST['rename']) ? 'yes' : 'no';
     $_POST['weekStart'] = isset($_POST['weekStart']) && in_array($_POST['weekStart'], array('sun', 'mon')) ? $_POST['weekStart'] : 'sun';
     $_POST['enSpamSum'] = isset($_POST['enSpamSum']) && in_array($_POST['enSpamSum'], array('yes', 'no')) ? $_POST['enSpamSum'] : 'yes';
     $_POST['enableBBCode'] = isset($_POST['enableBBCode']) ? 'yes' : 'no';
     $_POST['disputes'] = isset($_POST['disputes']) ? 'yes' : 'no';
     $_POST['multiplevotes'] = isset($_POST['multiplevotes']) ? 'yes' : 'no';
     $_POST['enableVotes'] = isset($_POST['enableVotes']) ? 'yes' : 'no';
     $_POST['enCapLogin'] = isset($_POST['enCapLogin']) ? 'yes' : 'no';
     $_POST['sysstatus'] = isset($_POST['sysstatus']) ? 'yes' : 'no';
     $_POST['autoenable'] = $_POST['autoenable'] ? $this->datetime->mswDatePickerFormat($_POST['autoenable']) : '0000-00-00';
     $_POST['kbase'] = isset($_POST['kbase']) ? 'yes' : 'no';
     $_POST['scriptpath'] = systemSettings::filterInstallationPath($_POST['scriptpath']);
     $_POST['attachpath'] = systemSettings::filterInstallationPath($_POST['attachpath']);
     $_POST['attachhref'] = systemSettings::filterInstallationPath($_POST['attachhref']);
     $_POST['attachpathfaq'] = systemSettings::filterInstallationPath($_POST['attachpathfaq']);
     $_POST['attachhreffaq'] = systemSettings::filterInstallationPath($_POST['attachhreffaq']);
     $_POST['imap_param'] = $_POST['imap_param'] ? $_POST['imap_param'] : 'pipe';
     $_POST['renamefaq'] = isset($_POST['renamefaq']) ? 'yes' : 'no';
     $_POST['smtp_debug'] = isset($_POST['smtp_debug']) ? 'yes' : 'no';
     $_POST['createPref'] = isset($_POST['createPref']) ? 'yes' : 'no';
     $_POST['createAcc'] = isset($_POST['createAcc']) ? 'yes' : 'no';
     $_POST['ticketHistory'] = isset($_POST['ticketHistory']) ? 'yes' : 'no';
     $_POST['closenotify'] = isset($_POST['closenotify']) ? 'yes' : 'no';
     $_POST['accProfNotify'] = isset($_POST['accProfNotify']) ? 'yes' : 'no';
     $_POST['newAccNotify'] = isset($_POST['newAccNotify']) ? 'yes' : 'no';
     $_POST['enableLog'] = isset($_POST['enableLog']) ? 'yes' : 'no';
     $_POST['enableMail'] = isset($_POST['enableMail']) ? 'yes' : 'no';
     $_POST['imap_debug'] = isset($_POST['imap_debug']) ? 'yes' : 'no';
     $_POST['apiLog'] = isset($_POST['apiLog']) ? 'yes' : 'no';
     $_POST['disputeAdminStop'] = isset($_POST['disputeAdminStop']) ? 'yes' : 'no';
     // Enforce digits..
     $_POST['maxsize'] = (int) $_POST['maxsize'] > 0 ? $_POST['maxsize'] : '0';
     $_POST['popquestions'] = (int) $_POST['popquestions'] > 0 ? $_POST['popquestions'] : '10';
     $_POST['quePerPage'] = (int) $_POST['quePerPage'] > 0 ? $_POST['quePerPage'] : '10';
     $_POST['cookiedays'] = (int) $_POST['cookiedays'] > 0 ? $_POST['cookiedays'] : '60';
     $_POST['attachboxes'] = (int) $_POST['attachboxes'] > 0 ? $_POST['attachboxes'] : '1';
     $_POST['autoClose'] = (int) $_POST['autoClose'] > 0 ? $_POST['autoClose'] : '0';
     $_POST['smtp_port'] = (int) $_POST['smtp_port'] > 0 ? $_POST['smtp_port'] : '25';
     $_POST['loginLimit'] = (int) $_POST['loginLimit'] > 0 ? $_POST['loginLimit'] : '0';
     $_POST['banTime'] = (int) $_POST['banTime'] > 0 ? $_POST['banTime'] : '25';
     $_POST['minPassValue'] = (int) $_POST['minPassValue'] > 0 ? $_POST['minPassValue'] : '8';
     $_POST['minTickDigits'] = (int) $_POST['minTickDigits'] > 0 ? $_POST['minTickDigits'] : '5';
     $_POST['imap_timeout'] = (int) $_POST['imap_timeout'] > 0 ? $_POST['imap_timeout'] : '0';
     $_POST['imap_memory'] = (int) $_POST['imap_memory'] > 0 ? $_POST['imap_memory'] : '0';
     // Restrictions..
     if (LICENCE_VER == 'locked') {
         $_POST['attachboxes'] = RESTR_ATTACH;
         $_POST['adminFooter'] = 'To add your own footer code, click &quot;Settings &amp; Tools > Other Options > Edit Footers&quot;';
         $_POST['publicFooter'] = 'To add your own footer code, click &quot;Settings &amp; Tools > Other Options > Edit Footers&quot;';
     }
     // Serialized data..
     $langSets = !empty($_POST['templateSet']) ? serialize($_POST['templateSet']) : '';
     if ($_POST['defKeepLogs']['user'] == '') {
         $_POST['defKeepLogs']['user'] = '******';
     }
     if ($_POST['defKeepLogs']['acc'] == '') {
         $_POST['defKeepLogs']['acc'] = '0';
     }
     $defLog = !empty($_POST['defKeepLogs']) ? serialize($_POST['defKeepLogs']) : '';
     $handlers = !empty($_POST['apiHandlers']) ? implode(',', $_POST['apiHandlers']) : '';
     mysql_query("UPDATE `" . DB_PREFIX . "settings` SET\n  `website`              = '{$_POST['website']}',\n  `email`                = '{$_POST['email']}',\n  `replyto`              = '{$_POST['replyto']}',\n  `scriptpath`           = '{$_POST['scriptpath']}',\n  `attachpath`           = '{$_POST['attachpath']}',\n  `attachhref`           = '{$_POST['attachhref']}',\n  `attachpathfaq`        = '{$_POST['attachpathfaq']}',\n  `attachhreffaq`        = '{$_POST['attachhreffaq']}',\n  `language`             = '{$_POST['language']}',\n  `langSets`             = '" . mswSafeImportString($langSets) . "',\n  `dateformat`           = '{$_POST['dateformat']}',\n  `timeformat`           = '{$_POST['timeformat']}',\n  `timezone`             = '{$_POST['timezone']}',\n  `weekStart`            = '{$_POST['weekStart']}',\n  `jsDateFormat`         = '{$_POST['jsDateFormat']}',\n  `kbase`                = '{$_POST['kbase']}',\n  `enableVotes`          = '{$_POST['enableVotes']}',\n  `multiplevotes`        = '{$_POST['multiplevotes']}',\n  `popquestions`         = '{$_POST['popquestions']}',\n  `quePerPage`           = '{$_POST['quePerPage']}',\n  `cookiedays`           = '{$_POST['cookiedays']}',\n  `renamefaq`            = '{$_POST['renamefaq']}',\n  `attachment`           = '{$_POST['attachment']}',\n  `rename`               = '{$_POST['rename']}',\n  `attachboxes`          = '{$_POST['attachboxes']}',\n  `filetypes`            = '{$_POST['filetypes']}',\n  `maxsize`              = '{$_POST['maxsize']}',\n  `enableBBCode`         = '{$_POST['enableBBCode']}',\n  `afolder`              = '{$_POST['afolder']}',\n  `autoClose`            = '{$_POST['autoClose']}',\n  `smtp_host`            = '{$_POST['smtp_host']}',\n  `smtp_user`            = '{$_POST['smtp_user']}',\n  `smtp_pass`            = '{$_POST['smtp_pass']}',\n  `smtp_port`            = '{$_POST['smtp_port']}',\n  `smtp_security`        = '{$_POST['smtp_security']}',\n  `smtp_debug`           = '{$_POST['smtp_debug']}',\n  `adminFooter`          = '{$_POST['adminFooter']}',\n  `publicFooter`         = '{$_POST['publicFooter']}',\n  `apiKey`               = '{$_POST['apiKey']}',\n  `apiLog`               = '{$_POST['apiLog']}',\n  `apiHandlers`          = '{$handlers}',\n  `recaptchaPrivateKey`  = '{$_POST['recaptchaPrivateKey']}',\n  `recaptchaPublicKey`   = '{$_POST['recaptchaPublicKey']}',\n  `enCapLogin`           = '{$_POST['enCapLogin']}',\n  `sysstatus`            = '{$_POST['sysstatus']}',\n  `autoenable`           = '{$_POST['autoenable']}',\n  `disputes`             = '{$_POST['disputes']}',\n  `offlineReason`        = '{$_POST['offlineReason']}',\n  `createPref`           = '{$_POST['createPref']}',\n  `createAcc`            = '{$_POST['createAcc']}',\n  `loginLimit`           = '{$_POST['loginLimit']}',\n  `banTime`              = '{$_POST['banTime']}',\n  `ticketHistory`        = '{$_POST['ticketHistory']}',\n  `closenotify`          = '{$_POST['closenotify']}',\n  `accProfNotify`        = '{$_POST['accProfNotify']}',\n  `minPassValue`         = '{$_POST['minPassValue']}',\n  `newAccNotify`         = '{$_POST['newAccNotify']}',\n  `recaptchaLang`        = '{$_POST['recaptchaLang']}',\n  `recaptchaTheme`       = '{$_POST['recaptchaTheme']}',\n  `enableLog`            = '{$_POST['enableLog']}',\n  `defKeepLogs`          = '" . mswSafeImportString($defLog) . "',\n  `minTickDigits`        = '{$_POST['minTickDigits']}',\n  `enableMail`           = '{$_POST['enableMail']}',\n  `imap_debug`           = '{$_POST['imap_debug']}',\n  `imap_param`           = '{$_POST['imap_param']}',\n  `imap_memory`          = '{$_POST['imap_memory']}',\n  `imap_timeout`         = '{$_POST['imap_timeout']}',\n  `disputeAdminStop`     = '{$_POST['disputeAdminStop']}'\n  WHERE `id`             = '1'\n  ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
 }
Beispiel #12
0
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  
  This File: ticket-open.php
  Description: System File

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
if (!defined('PARENT')) {
    $HEADERS->err403(true);
}
// Access..
if (!in_array($cmd, $userAccess) && $MSTEAM->id != '1') {
    $HEADERS->err403(true);
}
// Ticket preview message..
if (isset($_GET['loadTicketMessage']) && (int) $_GET['loadTicketMessage'] > 0) {
    $T = mswGetTableData('tickets', 'id', mswSafeImportString($_GET['loadTicketMessage']));
    echo $MSPARSER->mswTxtParsingEngine($T->comments);
    exit;
}
// Department check for filter..
if (isset($_GET['dept'])) {
    if (mswDeptPerms($MSTEAM->id, $_GET['dept'], $userDeptAccess) == 'fail') {
        $HEADERS->err403(true);
    }
}
// Call relevant classes..
include_once REL_PATH . 'control/classes/class.tickets.php';
$MSPTICKETS = new tickets();
$MSPTICKETS->settings = $SETTINGS;
$MSPTICKETS->datetime = $MSDT;
$title = $msg_adheader5;
Beispiel #13
0
 public function insert($ticketID, $fieldID, $replyID, $data)
 {
     mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n  `ticketID`,`fieldID`,`replyID`,`fieldData`\n  ) VALUES (\n  '{$ticketID}','{$fieldID}','{$replyID}','" . mswSafeImportString($data) . "'\n  )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
 }
Beispiel #14
0
<?php

if (!defined('PARENT') || !isset($toLoad)) {
    exit;
}
$orderBy = 'ORDER BY `' . DB_PREFIX . 'mailbox`.`ts` DESC';
$keys = isset($_GET['keys']) ? $_GET['keys'] : '';
$searchSQL = '';
// Are we searching?
if ($keys) {
    $searchSQL = 'AND (`' . DB_PREFIX . 'mailbox`.`subject` LIKE \'%' . mswSafeImportString($keys) . '%\' OR `' . DB_PREFIX . 'mailbox`.`message` LIKE \'%' . mswSafeImportString($keys) . '%\')';
}
$q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n     `" . DB_PREFIX . "mailbox`.`staffID` AS `starter`,\n\t `" . DB_PREFIX . "mailbox`.`ts` AS `mailStamp`,\n\t `" . DB_PREFIX . "mailassoc`.`mailID` AS `messageID`\n\t FROM `" . DB_PREFIX . "mailassoc`\n\t LEFT JOIN `" . DB_PREFIX . "mailbox`\n\t ON `" . DB_PREFIX . "mailassoc`.`mailID`   = `" . DB_PREFIX . "mailbox`.`id`\n\t LEFT JOIN `" . DB_PREFIX . "users`\n\t ON `" . DB_PREFIX . "users`.`id`           = `" . DB_PREFIX . "mailbox`.`staffID`\n\t WHERE `folder`                         = '{$toLoad}' \n     AND `" . DB_PREFIX . "mailassoc`.`staffID` = '{$MSTEAM->id}'\n\t " . ($searchSQL ? $searchSQL . mswDefineNewline() . 'GROUP BY `' . DB_PREFIX . 'mailassoc`.`mailID`' : '') . "\n\t " . $orderBy . "\n     LIMIT {$limitvalue},{$limit}\n     ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`"));
$countedRows = isset($c->rows) ? $c->rows : '0';
?>
<div class="content">
        
  <div class="header">
    
	<button class="btn search-bar-button" type="button" onclick="mswToggle('b1','b2','keys','mailbox')"><i class="icon-search" id="search-icon-button"></i></button>
	<h1 class="page-title"><?php 
echo $msg_adheader61;
?>
 (<?php 
echo $boxName;
?>
)</h1>
	
	<span class="clearfix"></span>
	
Beispiel #15
0
 public function getTicketID($subject, $email)
 {
     $ticketid = 0;
     if (preg_match("[[#][0-9]{1,12}]", $subject, $regs)) {
         $ticketid = mswReverseTicketNumber(trim(preg_replace('/[^0-9]/', '', $regs[0])));
         $PORTAL = mswGetTableData('portal', 'email', mswSafeImportString($email), '', '`id`');
         if (isset($PORTAL->id) && mswRowCount('tickets WHERE `id` = \'' . (int) $ticketid . '\' AND `visitorID` = \'' . $PORTAL->id . '\' AND `spamFlag` = \'no\'') > 0) {
             return array('yes', $ticketid);
         }
     }
     return array('no', 0);
 }
Beispiel #16
0
include_once REL_PATH . 'control/classes/class.fields.php';
include_once REL_PATH . 'control/classes/class.accounts.php';
$MSACC = new accounts();
$MSPORTAL = new accountSystem();
$MSPTICKETS = new tickets();
$MSCFMAN = new customFieldManager();
$MSACC->settings = $SETTINGS;
$MSPTICKETS->settings = $SETTINGS;
$MSPTICKETS->datetime = $MSDT;
$MSPORTAL->settings = $SETTINGS;
// Add ticket..
if (isset($_POST['process'])) {
    $OK = 'fail';
    if ($_POST['subject'] && $_POST['comments'] && $_POST['name'] && mswIsValidEmail($_POST['email'])) {
        // Check if account exists for email address..
        $PORTAL = mswGetTableData('portal', 'email', mswSafeImportString($_POST['email']));
        // Check language..
        if (isset($_PORTAL->id) && $PORTAL->language && file_exists(LANG_BASE_PATH . $PORTAL->language . '/mail-templates/admin-add-ticket.txt')) {
            $mailT = LANG_BASE_PATH . $PORTAL->language . '/mail-templates/admin-add-ticket.txt';
            $pLang = $PORTAL->language;
        } else {
            $mailT = LANG_PATH . 'admin-add-ticket.txt';
        }
        $pass = '';
        // If portal account doesn`t exist, we need to create it..
        if (!isset($PORTAL->id)) {
            $pass = $MSPORTAL->ms_generate();
            $mailT = LANG_PATH . 'admin-add-ticket-new.txt';
            $userID = $MSACC->add(array('name' => $_POST['name'], 'email' => $_POST['email'], 'userPass' => $pass, 'enabled' => 'yes', 'timezone' => '', 'ip' => '', 'notes' => '', 'language' => $SETTINGS->language));
        }
        // Add ticket to database..
         @mysql_query("update `" . DB_PREFIX . "settings` set `timezone` = '" . (isset($flip[$diff]) ? $flip[$diff] : 'Europe/London') . "'");
     } else {
         @mysql_query("update `" . DB_PREFIX . "settings` set `timezone` = 'Europe/London'");
     }
 }
 // v3.0 Changes..
 mswUpgradeLog('< v3.0 updates completed...Starting settings updates for v3.0+');
 // HTTP Paths..
 $hdeskPath = 'http://www.example.com/helpdesk';
 if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['PHP_SELF'])) {
     $hdeskPath = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], 'install') - 1);
 }
 $hdeskPathAtt = $hdeskPath . '/content/attachments';
 $hdeskPathFaq = $hdeskPath . '/content/attachments-faq';
 // Server Paths..
 $attFaqPath = mswSafeImportString(substr(PATH, 0, strpos(PATH, 'install') - 1) . '/content/attachments-faq');
 if (!isset($SETTINGS->disputes)) {
     @mysql_query("alter table `" . DB_PREFIX . "settings` add column `disputes` enum('yes','no') not null default 'no'");
     if (mswRowCount('tickets WHERE `isDisputed` = \'yes\'') > 0) {
         @mysql_query("update `" . DB_PREFIX . "settings` set `disputes` = 'yes'");
     }
 }
 if (isset($SETTINGS->smtp)) {
     @mysql_query("alter table `" . DB_PREFIX . "settings` drop column `smtp`");
 }
 if (!isset($SETTINGS->smtp_security)) {
     @mysql_query("alter table `" . DB_PREFIX . "settings` add column `smtp_security` varchar(10) not null default '' after `smtp_port`");
 }
 if (!isset($SETTINGS->smtp_debug)) {
     @mysql_query("alter table `" . DB_PREFIX . "settings` add column `smtp_debug` enum('yes','no') not null default 'no' after `smtp_security`");
 }
Beispiel #18
0
<?php

/*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  Script: Maian Support
  Written by: David Ian Bennett
  E-Mail: support@maianscriptworld.co.uk
  Software Website: http://www.maiansupport.com
  Script Portal: http://www.maianscriptworld.co.uk

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  
  This File: user.php
  Description: Installer File

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
if (!defined('PARENT')) {
    msw403();
}
$data = array();
//=========================
// INSTALL USER
//=========================
$q = mysql_query("INSERT INTO `" . DB_PREFIX . "users` (\n`id`, `ts`, `name`, `email`, `accpass`, `signature`, `notify`, `pageAccess`, `emailSigs`, `notePadEnable`, `delPriv`, `helplink`\n) VALUES (\n1, UNIX_TIMESTAMP(UTC_TIMESTAMP), '" . mswSafeImportString($_POST['user']) . "', '" . mswSafeImportString($_POST['email']) . "', \n'" . md5(SECRET_KEY . $_POST['pass']) . "', '', 'yes', '', 'no', 'yes', 'yes', 'yes'\n)");
if (!$q) {
    $data[] = DB_PREFIX . 'users';
    mswlogDBError(DB_PREFIX . 'users', mysql_error(), mysql_errno(), __LINE__, __FILE__, 'Insert');
}
Beispiel #19
0
// HTTP Paths..
$hdeskPath = 'http://www.example.com/helpdesk';
if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['PHP_SELF'])) {
    $hdeskPath = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], 'install') - 1);
}
$hdeskPathAtt = $hdeskPath . '/content/attachments';
$hdeskPathFaq = $hdeskPath . '/content/attachments-faq';
// Server Paths..
$attachPath = mswSafeImportString(substr(PATH, 0, strpos(PATH, 'install') - 1) . '/content/attachments');
$attFaqPath = mswSafeImportString(substr(PATH, 0, strpos(PATH, 'install') - 1) . '/content/attachments-faq');
// Other..
$defKeepLogs = mswSafeImportString('a:2:{s:4:"user";s:2:"50";s:3:"acc";s:2:"50";}');
$langSets = mswSafeImportString('a:1:{s:7:"english";s:12:"_default_set";}');
$apiKey = strtoupper(substr(md5(uniqid(rand(), 1)), 3, 10) . '-' . substr(md5(uniqid(rand(), 1)), 3, 8));
mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "settings`");
$q = mysql_query("INSERT INTO `" . DB_PREFIX . "settings` (\n`id`, `website`, `email`, `replyto`, `scriptpath`, `attachpath`, `attachhref`, `attachpathfaq`, `attachhreffaq`, \n`language`, `langSets`, `dateformat`, `timeformat`, `timezone`, `weekStart`, `jsDateFormat`, `kbase`, `enableVotes`, \n`multiplevotes`, `popquestions`, `quePerPage`, `cookiedays`, `renamefaq`, `attachment`, `rename`, `attachboxes`, \n`filetypes`, `maxsize`, `enableBBCode`, `afolder`, `autoClose`, `autoCloseMail`, `smtp_host`, `smtp_user`, `smtp_pass`, \n`smtp_port`, `smtp_security`, `smtp_debug`, `prodKey`, `publicFooter`, `adminFooter`, `encoderVersion`, `softwareVersion`, \n`apiKey`, `apiLog`, `apiHandlers`, `recaptchaPublicKey`, `recaptchaPrivateKey`, `enCapLogin`, `sysstatus`, `autoenable`, \n`disputes`, `offlineReason`, `createPref`, `createAcc`, `loginLimit`, `banTime`, `ticketHistory`, `backupEmails`, \n`closenotify`, `minPassValue`, `accProfNotify`, `newAccNotify`, `recaptchaTheme`, `recaptchaLang`, `enableLog`, \n`defKeepLogs`, `minTickDigits`, `enableMail`, `imap_debug`, `imap_param`, `imap_memory`, `imap_timeout`, \n`disputeAdminStop`\n) VALUES (\n1, '" . mswSafeImportString($_POST['website']) . "', '" . mswSafeImportString($_POST['email']) . "', '',\n'{$hdeskPath}', '{$attachPath}', '{$hdeskPathAtt}', '{$attFaqPath}', '{$hdeskPathFaq}', \n'english', '{$langSets}', 'd M Y', 'H:iA', '" . mswSafeImportString($_POST['timezone']) . "', 'sun', 'DD-MM-YYYY', 'yes', \n'yes', 'yes', 10, 10, 360, 'no', 'yes', 'yes', 5, '.jpg|.zip|.gif|.rar|.png|.pdf', 1048576, 'yes', \n'admin', 0, 'yes', '', '', '', 587, '', 'no', '{$prodKey}', '', '', '" . (function_exists('ioncube_loader_version') ? ioncube_loader_version() : 'XX') . "', \n'" . SCRIPT_VERSION . "', '{$apiKey}', 'yes', 'json,xml', '', '', 'yes', 'yes', '0000-00-00', 'no', '', 'no', 'yes', 5, 5, 'yes', '', 'no', 8, \n'yes', 'yes', 'white', 'en', 'yes', '{$defKeepLogs}', 5, 'yes', 'yes', 'pipe', '0', '0', 'no'\n)");
if (!$q) {
    $data[] = DB_PREFIX . 'settings';
    mswlogDBError(DB_PREFIX . 'settings', mysql_error(), mysql_errno(), __LINE__, __FILE__, 'Insert');
}
//=========================
// INSTALL DEPARTMENTS
//=========================
$depts = array('General Tickets', 'Sales and Billing', 'Technical Support');
mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "departments`");
for ($i = 0; $i < count($depts); $i++) {
    $deptID = $i + 1;
    $q = mysql_query("INSERT INTO `" . DB_PREFIX . "departments` (\n  `id`, `name`, `showDept`, `dept_subject`, `dept_comments`, `orderBy`, `manual_assign`\n  ) VALUES (\n  " . $deptID . ", '" . $depts[$i] . "', 'yes', '', '', '" . $deptID . "', 'no'\n  )");
    if (!$q) {
        $data[] = DB_PREFIX . 'departments';
        mswlogDBError(DB_PREFIX . 'departments', mysql_error(), mysql_errno(), __LINE__, __FILE__, 'Insert ' . $deptID);
Beispiel #20
0
<?php

if (!defined('PARENT')) {
    exit;
}
$from = isset($_GET['from']) && $MSDT->mswDatePickerFormat($_GET['from']) != '0000-00-00' ? $_GET['from'] : '';
$to = isset($_GET['to']) && $MSDT->mswDatePickerFormat($_GET['to']) != '0000-00-00' ? $_GET['to'] : '';
$type = isset($_GET['type']) && in_array($_GET['type'], array('user', 'acc')) ? $_GET['type'] : '';
$keys = '';
$where = array();
if (isset($_GET['q'])) {
    $chop = explode(' ', $_GET['q']);
    $words = '';
    for ($i = 0; $i < count($chop); $i++) {
        $words .= ($i ? 'OR ' : 'WHERE (') . "`" . DB_PREFIX . "portal`.`name` LIKE '%" . mswSafeImportString($chop[$i]) . "%' OR `" . DB_PREFIX . "users`.`name` LIKE '%" . mswSafeImportString($chop[$i]) . "%' ";
    }
    if ($words) {
        $where[] = $words . ')';
    }
}
if ($type) {
    $where[] = (!empty($where) ? 'AND ' : 'WHERE ') . '`type` = \'' . $type . '\'';
}
if ($from && $to) {
    $where[] = (!empty($where) ? 'AND ' : 'WHERE ') . 'DATE(FROM_UNIXTIME(`' . DB_PREFIX . 'log`.`ts`)) BETWEEN \'' . $MSDT->mswDatePickerFormat($from) . '\' AND \'' . $MSDT->mswDatePickerFormat($to) . '\'';
}
$q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n               `" . DB_PREFIX . "log`.`ts` AS `lts`,\n\t\t\t   `" . DB_PREFIX . "log`.`id` AS `logID`,\n\t\t\t   `" . DB_PREFIX . "log`.`userID` AS `personID`,\n\t\t\t   `" . DB_PREFIX . "log`.`ip` AS `entryLogIP`,\n\t\t\t   `" . DB_PREFIX . "portal`.`name` AS `portalName`,\n\t\t\t   `" . DB_PREFIX . "users`.`name` AS `userName`\n\t\t\t   FROM `" . DB_PREFIX . "log`\n               LEFT JOIN `" . DB_PREFIX . "users`\n               ON `" . DB_PREFIX . "log`.`userID` = `" . DB_PREFIX . "users`.`id` \n\t\t\t   LEFT JOIN `" . DB_PREFIX . "portal`\n               ON `" . DB_PREFIX . "log`.`userID` = `" . DB_PREFIX . "portal`.`id` \n\t\t\t   " . (!empty($where) ? implode(mswDefineNewline(), $where) : '') . "\n               ORDER BY `" . DB_PREFIX . "log`.`id` DESC\n               LIMIT {$limitvalue},{$limit}\n               ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`"));
$countedRows = isset($c->rows) ? $c->rows : '0';
$actualRows = mswRowCount('log');
// Export url..
Beispiel #21
0
 public function ticketList($email, $lv, $count = false, $queryAdd = '')
 {
     global $msg_portal8, $msg_public_history7, $msg_portal7, $msg_portal21, $msg_showticket23, $msg_showticket24, $msg_script30, $msg_public_dashboard6, $msg_public_dashboard7;
     $data = '';
     $sch = '';
     $qft = array();
     $oft = 'ORDER BY `' . DB_PREFIX . 'tickets`.`id` DESC';
     // Check for search mode..
     if (isset($_GET['qt'])) {
         // Load the skip words array..
         include PATH . 'control/skipwords.php';
         $chop = array_map('trim', explode(' ', urldecode($_GET['qt'])));
         if (!empty($chop)) {
             foreach ($chop as $word) {
                 if (!in_array($word, $searchSkipWords) && strlen($word) > 1) {
                     $word = strtolower($word);
                     $sch .= (!$sch ? '' : 'OR ') . "LOWER(`subject`) LIKE '%" . mswSafeImportString(mswCleanData($word)) . "%' OR LOWER(`comments`) LIKE '%" . mswSafeImportString(mswCleanData($word)) . "%'";
                 }
             }
             if ($sch) {
                 $qft[] = 'AND (' . $sch . ')';
             }
         }
     }
     // Order filters..
     if (isset($_GET['order'])) {
         switch ($_GET['order']) {
             // Subject (ascending)..
             case 'subject_asc':
                 $oft = 'ORDER BY `subject`';
                 break;
                 // Subject (descending)..
             // Subject (descending)..
             case 'subject_desc':
                 $oft = 'ORDER BY `subject` desc';
                 break;
                 // TicketID (ascending)..
             // TicketID (ascending)..
             case 'id_asc':
                 $oft = 'ORDER BY `ticketID`';
                 break;
                 // TicketID (descending)..
             // TicketID (descending)..
             case 'id_desc':
                 $oft = 'ORDER BY `ticketID` desc';
                 break;
                 // Priority (ascending)..
             // Priority (ascending)..
             case 'pr_asc':
                 $oft = 'ORDER BY `levelName`';
                 break;
                 // Priority (descending)..
             // Priority (descending)..
             case 'pr_desc':
                 $oft = 'ORDER BY `levelName` desc';
                 break;
                 // Department (ascending)..
             // Department (ascending)..
             case 'dept_asc':
                 $oft = 'ORDER BY `deptName`';
                 break;
                 // Department (descending)..
             // Department (descending)..
             case 'dept_desc':
                 $oft = 'ORDER BY `deptName` desc';
                 break;
                 // Date Updated (ascending)..
             // Date Updated (ascending)..
             case 'rev_asc':
                 $oft = 'ORDER BY `lastrevision`';
                 break;
                 // Date Updated (descending)..
             // Date Updated (descending)..
             case 'rev_desc':
                 $oft = 'ORDER BY `lastrevision` desc';
                 break;
                 // Date Added (ascending)..
             // Date Added (ascending)..
             case 'date_asc':
                 $oft = 'ORDER BY `' . DB_PREFIX . 'tickets`.`ts`';
                 break;
                 // Date Added (descending)..
             // Date Added (descending)..
             case 'date_desc':
                 $oft = 'ORDER BY `' . DB_PREFIX . 'tickets`.`ts` desc';
                 break;
         }
     }
     // Service level and department filters..
     if (isset($_GET['filter'])) {
         $qft[] = 'AND `priority` = \'' . mswSafeImportString($_GET['filter']) . '\'';
     }
     if (isset($_GET['dept'])) {
         $qft[] = 'AND `department` = \'' . mswSafeImportString($_GET['dept']) . '\'';
     }
     $lWrap = file_get_contents(PATH . 'content/' . MS_TEMPLATE_SET . '/html/tickets/tickets-last-reply-date.htm');
     $q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n           `" . DB_PREFIX . "tickets`.`id` AS `ticketID`,\n\t\t   `" . DB_PREFIX . "tickets`.`ts` AS `ticketStamp`,\n\t       `" . DB_PREFIX . "portal`.`name` AS `ticketName`,\n\t       `" . DB_PREFIX . "departments`.`name` AS `deptName`,\n\t       `" . DB_PREFIX . "levels`.`name` AS `levelName`\n\t\t   FROM `" . DB_PREFIX . "tickets`\n\t\t   LEFT JOIN `" . DB_PREFIX . "departments`\n\t       ON `" . DB_PREFIX . "tickets`.`department` = `" . DB_PREFIX . "departments`.`id`\n\t\t   LEFT JOIN `" . DB_PREFIX . "portal`\n\t       ON `" . DB_PREFIX . "tickets`.`visitorID`  = `" . DB_PREFIX . "portal`.`id`\n\t       LEFT JOIN `" . DB_PREFIX . "levels`\n\t       ON `" . DB_PREFIX . "tickets`.`priority`   = `" . DB_PREFIX . "levels`.`id`\n\t        OR `" . DB_PREFIX . "tickets`.`priority`  = `" . DB_PREFIX . "levels`.`marker`\n           WHERE `" . DB_PREFIX . "portal`.`email`    = '{$email}'\n\t\t   AND `isDisputed`                       = 'no'\n\t\t   AND `spamFlag`                         = 'no'\n\t\t   " . $queryAdd . "\n\t\t   " . (!empty($qft) ? implode(mswDefineNewline(), $qft) : '') . "\n           {$oft}\n\t\t   LIMIT " . $lv[0] . "," . $lv[1] . "\n           ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
     if ($count) {
         $c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`"));
         return isset($c->rows) ? $c->rows : '0';
     }
     while ($T = mysql_fetch_object($q)) {
         $last = tickets::getLastReply($T->ticketID);
         // Ticket starter..
         $starter = mswSpecialChars($T->ticketName);
         $lastRep = '';
         $replyBy = '- - - -';
         if ($last[0] != '0') {
             $lastRep = str_replace(array('{date}', '{time}'), array($this->datetime->mswDateTimeDisplay($last[1], $this->settings->dateformat), $this->datetime->mswDateTimeDisplay($last[1], $this->settings->timeformat)), $lWrap);
             $replyBy = $last[0];
         }
         $data .= str_replace(array('{ticket_id}', '{subject}', '{priority}', '{dept}', '{started_by}', '{url}', '{text_alt}', '{start_date}', '{start_time}', '{last_reply}', '{status}', '{icon}', '{users_in_dispute}', '{view}', '{last_reply_dashboard}'), array(mswTicketNumber($T->ticketID), mswSpecialChars($T->subject), tickets::levels($T->priority), $this->system->department($T->department, $msg_script30), $starter, '?t=' . $T->ticketID, mswCleanData($msg_portal8), $this->datetime->mswDateTimeDisplay($T->ticketStamp, $this->settings->dateformat), $this->datetime->mswDateTimeDisplay($T->ticketStamp, $this->settings->timeformat), $replyBy . $lastRep, $T->ticketStatus == 'open' ? $msg_showticket23 : $msg_showticket24, $T->ticketStatus == 'open' ? 'eye-open' : 'eye-close', '', $msg_public_dashboard6, tickets::dashboardStatus($T, 'no')), file_get_contents(PATH . 'content/' . MS_TEMPLATE_SET . '/html/tickets/' . ($queryAdd ? 'tickets-dashboard' : 'ticket-list-entry') . '.htm'));
     }
     return $data ? trim($data) : str_replace('{text}', $sch ? $msg_portal21 : ($queryAdd ? $msg_public_dashboard7 : $msg_portal7), file_get_contents(PATH . 'content/' . MS_TEMPLATE_SET . '/html/tickets/tickets-no-data.htm'));
 }
Beispiel #22
0
 public function updateTicket()
 {
     $tickID = (int) $_GET['id'];
     $deptID = (int) $_POST['dept'];
     $rows = 0;
     mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n  `lastrevision` = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n  `department`   = '{$deptID}',\n  `subject`      = '" . mswSafeImportString($_POST['subject']) . "',\n  `comments`     = '" . mswSafeImportString($_POST['comments']) . "',\n  `priority`     = '" . mswSafeImportString($_POST['priority']) . "'\n  WHERE `id`     = '{$tickID}'\n  ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
     $rows = $rows + mysql_affected_rows();
     // Custom field data..
     if (!empty($_POST['customField'])) {
         // Check to see if any checkboxes arrays are now blank..
         // If there are, create empty array to prevent ommission in loop..
         if (!empty($_POST['hiddenBoxes'])) {
             foreach ($_POST['hiddenBoxes'] as $hb) {
                 if (!isset($_POST['customField'][$hb])) {
                     $_POST['customField'][$hb] = array();
                 }
             }
         }
         foreach ($_POST['customField'] as $k => $v) {
             $data = '';
             // If value is array, its checkboxes..
             if (is_array($v)) {
                 if (!empty($v)) {
                     $data = implode('#####', $v);
                 }
             } else {
                 $data = $v;
             }
             $k = (int) $k;
             // If data exists, update or add entry..
             // If blank or 'nothing-selected', delete if exists..
             if ($data != '' && $data != 'nothing-selected') {
                 if (mswRowCount('ticketfields WHERE `ticketID`  = \'' . $tickID . '\' AND `fieldID` = \'' . $k . '\' AND `replyID` = \'0\'') > 0) {
                     mysql_query("UPDATE `" . DB_PREFIX . "ticketfields` SET\n          `fieldData`       = '" . mswSafeImportString($data) . "'\n          WHERE `ticketID`  = '{$tickID}'\n          AND `fieldID`     = '{$k}'\n          AND `replyID`     = '0'\n          ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                     $rows = $rows + mysql_affected_rows();
                 } else {
                     mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n          `fieldData`,`ticketID`,`fieldID`,`replyID`\n          ) VALUES (\n          '" . mswSafeImportString($data) . "','{$tickID}','{$k}','0'\n          )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                     $rows = $rows + mysql_affected_rows();
                 }
             } else {
                 mysql_query("DELETE FROM `" . DB_PREFIX . "ticketfields`\n        WHERE `ticketID`  = '{$tickID}'\n        AND `fieldID`     = '{$k}'\n        AND `replyID`     = '0'\n        ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                 $rows = $rows + mysql_affected_rows();
                 if (mswRowCount('ticketfields') == 0) {
                     @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "ticketfields`");
                 }
             }
         }
     }
     // If department was changed, update attachments..
     if ($deptID != $_POST['odeptid']) {
         mysql_query("UPDATE `" . DB_PREFIX . "attachments` SET\n    `department`      = '{$deptID}'\n    WHERE `ticketID`  = '{$tickID}'\n    ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
         // Check assignment..If department has assign disabled, we need to clear assigned values from ticket..
         if (mswRowCount('departments WHERE `id` = \'' . $deptID . '\' AND `manual_assign` = \'no\'') > 0) {
             mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n      `assignedto` = ''\n      WHERE `id`   = '{$tickID}'\n      ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
         }
     }
     return $rows;
 }
Beispiel #23
0
 for ($i = 0; $i < $countOfTickets; $i++) {
     $name = trim($ticketData['tickets'][$i]['name']);
     $email = trim($ticketData['tickets'][$i]['email']);
     $deptID = trim($ticketData['tickets'][$i]['dept']);
     $subject = trim($ticketData['tickets'][$i]['subject']);
     $comments = trim($ticketData['tickets'][$i]['comments']);
     $priority = trim($ticketData['tickets'][$i]['priority']);
     $language = trim($ticketData['tickets'][$i]['language']);
     $attString = array();
     $pLang = $language;
     // Add ticket..
     if ($name && $email && $deptID > 0 && $subject && $comments && $priority) {
         $DP = mswGetTableData('departments', 'id', $deptID, '', '`manual_assign`');
         if (isset($DP->manual_assign)) {
             // Does account exist?
             $LI_ACC = mswGetTableData('portal', 'email', mswSafeImportString($email));
             if (isset($LI_ACC->id)) {
                 $name = $LI_ACC->name;
                 $email = $LI_ACC->email;
                 $pass = '';
                 $userID = $LI_ACC->id;
                 if (file_exists(PATH . 'content/language/' . $LI_ACC->language . '/mail-templates/new-ticket-visitor.txt')) {
                     $mailR = PATH . 'content/language/' . $LI_ACC->language . '/mail-templates/new-ticket-visitor.txt';
                     $pLang = $LI_ACC->language;
                 } else {
                     $mailR = PATH . 'content/language/' . $SETTINGS->language . '/mail-templates/new-ticket-visitor.txt';
                 }
                 $MSAPI->log('[' . strtoupper($MSAPI->handler) . '] Account does exist for ' . $email);
             } else {
                 $MSAPI->log('[' . strtoupper($MSAPI->handler) . '] New account to be created for email ' . $email);
                 $pass = $MSACC->ms_generate();
Beispiel #24
0
 public function check($data = '', $field = 'email')
 {
     $SQL = '';
     if (isset($_POST['currID']) && (int) $_POST['currID'] > 0) {
         $_POST['currID'] = (int) $_POST['currID'];
         $SQL = "AND `id` != '{$_POST['currID']}'";
     }
     $q = mysql_query("SELECT `id` FROM `" . DB_PREFIX . "portal`\n       WHERE `" . $field . "` = '" . mswSafeImportString($data ? $data : $_POST['checkEntered']) . "'\n\t   {$SQL}\n       LIMIT 1\n       ");
     $P = mysql_fetch_object($q);
     return isset($P->id) ? 'exists' : 'accept';
 }
Beispiel #25
0
  This File: create-account.php
  Description: System File

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
if (!defined('PARENT') || !defined('MS_PERMISSIONS')) {
    $HEADERS->err403();
}
// Account verification..
if (isset($_GET['va'])) {
    $code = $_GET['va'];
    $message = '';
    if ($code == '' || !ctype_alnum($code) || $SETTINGS->createAcc == 'no') {
        $HEADERS->err403();
    }
    // Get account..
    $A = mswGetTableData('portal', 'system1', mswSafeImportString($code));
    if (!isset($A->id)) {
        $message = $msg_public_create8;
    } else {
        if ($A->verified == 'yes') {
            $message = $msg_public_create9;
        } else {
            // Load mail params
            include PATH . 'control/mail-data.php';
            // Activate..
            $pass = $MSACC->ms_generate();
            $rows = $MSACC->activate(array('id' => $A->id, 'pass' => $pass));
            if ($rows > 0) {
                $MSMAIL->addTag('{NAME}', $A->name);
                $MSMAIL->addTag('{EMAIL}', $A->email);
                $MSMAIL->addTag('{PASS}', $pass);
Beispiel #26
0
 public function batchImportQuestions($lines, $del, $enc)
 {
     $count = 0;
     // Clear current questions..
     if (isset($_POST['clear'])) {
         $que = array();
         $chop = empty($_POST['cat']) ? $_POST['catall'] : $_POST['cat'];
         if (!empty($chop)) {
             $q = mysql_query("SELECT `question` FROM `" . DB_PREFIX . "faqassign`\n\t          WHERE `itemID` IN(" . implode(',', $chop) . ")\n\t\t\t  AND `desc`      = 'category'\n\t\t\t  GROUP BY `question`\n\t\t\t  ORDER BY `itemID`\n\t\t\t  ");
             while ($QUE = mysql_fetch_object($q)) {
                 $que[] = $QUE->question;
             }
             if (!empty($que)) {
                 mysql_query("DELETE FROM `" . DB_PREFIX . "faq` WHERE `id` IN(" . implode(',', $que) . ")") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                 if (mswRowCount('faq') == 0) {
                     @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "faq`");
                     @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "faqassign`");
                 }
             }
         }
     }
     // Upload CSV file..
     if (is_uploaded_file($_FILES['file']['tmp_name'])) {
         // If uploaded file exists, read CSV data...
         $handle = fopen($_FILES['file']['tmp_name'], 'r');
         if ($handle) {
             while (($CSV = fgetcsv($handle, $lines, $del, $enc)) !== false) {
                 // Clean array..
                 $CSV = array_map('trim', $CSV);
                 mysql_query("INSERT INTO `" . DB_PREFIX . "faq` (\n        `ts`,\n        `question`,\n        `answer`\n        ) VALUES (\n        UNIX_TIMESTAMP(UTC_TIMESTAMP),\n        '" . mswSafeImportString($CSV[0]) . "',\n        '" . mswSafeImportString($CSV[1]) . "'\n        )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                 $ID = mysql_insert_id();
                 // Assign categories..
                 $assign = empty($_POST['cat']) ? $_POST['catall'] : $_POST['cat'];
                 if (!empty($assign) && $ID > 0) {
                     foreach ($assign as $aID) {
                         mysql_query("INSERT INTO `" . DB_PREFIX . "faqassign` (\n            `question`,`itemID`,`desc`\n            ) VALUES (\n            '{$ID}','{$aID}','category'\n            )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
                     }
                 }
                 ++$count;
             }
             fclose($handle);
         }
     }
     // Clear temp file..
     if (file_exists($_FILES['file']['tmp_name'])) {
         @unlink($_FILES['file']['tmp_name']);
     }
     // Rebuild sequence..
     faqCentre::rebuildQueSequence();
     return $count;
 }
Beispiel #27
0
 public function ms_update($data = array())
 {
     // Update portal..
     $ID = (int) $data['id'];
     mysql_query("UPDATE `" . DB_PREFIX . "portal` SET\n  `name`      = '" . mswSafeImportString($data['name']) . "',\n  `email`     = '" . mswSafeImportString($data['email']) . "',\n  `userPass`  = '{$data['pass']}',\n  `timezone`  = '" . mswSafeImportString($data['timezone']) . "',\n  `language`  = '" . mswSafeImportString($data['language']) . "'\n  WHERE `id`  = '{$ID}'\n  ");
     // Update login so we don`t log visitor out..
     $_SESSION[md5(SECRET_KEY) . '_msw_support'] = $data['email'];
     return mysql_affected_rows();
 }
Beispiel #28
0
 public function insertField($ticket, $field, $data)
 {
     mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n  `ticketID`,\n  `fieldID`,\n  `replyID`,\n  `fieldData`\n  ) VALUES (\n  '{$ticket}',\n  '{$field}',\n  '0',\n  '" . mswSafeImportString($data) . "'\n  )");
 }
Beispiel #29
0
        unset($_SESSION['autoPurgeRan']);
    }
    if (isset($_COOKIE[md5(SECRET_KEY) . '_msc_mail'])) {
        @setcookie(md5(SECRET_KEY) . '_msc_mail', '');
        @setcookie(md5(SECRET_KEY) . '_msc_key', '');
        unset($_COOKIE[md5(SECRET_KEY) . '_msc_mail'], $_COOKIE[md5(SECRET_KEY) . '_msc_key']);
    }
    header("Location: index.php?p=login");
    exit;
}
if (isset($_POST['process'])) {
    if ($_POST['user'] && $_POST['pass']) {
        if (!mswIsValidEmail($_POST['user'])) {
            $U_ERROR = $msg_login6;
        } else {
            $USER = mswGetTableData('users', 'email', mswSafeImportString($_POST['user']), 'AND `accpass` = \'' . md5(SECRET_KEY . $_POST['pass']) . '\'');
            if (isset($USER->email)) {
                // Update page access..
                if ($USER->id > 0) {
                    $upa = userAccessPages($USER->id);
                    $USER->pageAccess = $upa;
                }
                // Add entry log..
                if ($USER->enableLog == 'yes') {
                    $MSUSERS->log($USER);
                }
                // Set session..
                $_SESSION[md5(SECRET_KEY) . '_ms_mail'] = $USER->email;
                $_SESSION[md5(SECRET_KEY) . '_ms_key'] = $USER->accpass;
                // Set cookie..
                if (isset($_POST['cookie']) && COOKIE_NAME) {