/**
  * Called from a mouse click,
  * works out what we want to do with attachments and actions it.
  * Accessed by ?action=attachapprove
  */
 public function action_attachapprove()
 {
     global $user_info;
     // Security is our primary concern...
     checkSession('get');
     // If it approve or delete?
     $is_approve = !isset($_GET['sa']) || $_GET['sa'] != 'reject' ? true : false;
     $attachments = array();
     require_once SUBSDIR . '/ManageAttachments.subs.php';
     // If we are approving all ID's in a message , get the ID's.
     if ($_GET['sa'] == 'all' && !empty($_GET['mid'])) {
         $id_msg = (int) $_GET['mid'];
         $attachments = attachmentsOfMessage($id_msg);
     } elseif (!empty($_GET['aid'])) {
         $attachments[] = (int) $_GET['aid'];
     }
     if (empty($attachments)) {
         fatal_lang_error('no_access', false);
     }
     // @todo nb: this requires permission to approve posts, not manage attachments
     // Now we have some ID's cleaned and ready to approve, but first - let's check we have permission!
     $allowed_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts');
     if ($allowed_boards == array(0)) {
         $approve_query = '';
     } elseif (!empty($allowed_boards)) {
         $approve_query = ' AND m.id_board IN (' . implode(',', $allowed_boards) . ')';
     } else {
         $approve_query = ' AND 0';
     }
     // Validate the attachments exist and have the right approval state.
     $attachments = validateAttachments($attachments, $approve_query);
     // Set up a return link based off one of the attachments for this message
     $attach_home = attachmentBelongsTo($attachments[0]);
     $redirect = 'topic=' . $attach_home['id_topic'] . '.msg' . $attach_home['id_msg'] . '#msg' . $attach_home['id_msg'];
     if (empty($attachments)) {
         fatal_lang_error('no_access', false);
     }
     // Finally, we are there. Follow through!
     if ($is_approve) {
         // Checked and deemed worthy.
         approveAttachments($attachments);
     } else {
         removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
     }
     // We approved or removed, either way we reset those numbers
     cache_put_data('num_menu_errors', null, 900);
     // Return to the topic....
     redirectexit($redirect);
 }
function enterReply($var_ticketid, $var_userid, $var_deptid, $var_refno, $var_mail_subject)
{
    global $conn, $var_message_main, $var_machineip, $mimedecoder, $var_valid_size;
    $sql = "insert into sptbl_replies(nReplyId,nTicketId,nUserId,dDate,tReply,vMachineIP) Values('',\n\t\t\t'" . addslashes($var_ticketid) . "',\n\t\t\t'" . addslashes($var_userid) . "',\n\t\t\tnow(),\n\t\t\t'" . addslashes($var_message_main) . "',\n\t\t\t'" . addslashes($var_machineip) . "')";
    executeQuery($sql, $conn);
    $var_replyid = mysql_insert_id();
    $sql = "update sptbl_tickets set vStatus='open',dLastAttempted=now()  where nTicketId='" . addslashes($var_ticketid) . "'";
    executeQuery($sql, $conn);
    $sql1 = "insert into sptbl_attachments(nReplyId,vAttachReference,vAttachUrl) values";
    $sql = "";
    foreach ($mimedecoder->_attachments as $objattach) {
        if (validateAttachments($objattach->_attachmentname, $objattach->_attachmenttype) == true && getDataSize($objattach->_attachmentcontent) < $var_valid_size) {
            $var_act_filename = uniqid("fl", true) . "." . getExtension($objattach->_attachmentname);
            $sql .= ",('" . $var_replyid . "','" . $objattach->_attachmentname . "','" . addslashes($var_act_filename) . "')";
            $fp = fopen("{$dotdotreal}/attachments/" . $var_act_filename, "w");
            fwrite($fp, $objattach->_attachmentcontent);
            fclose($fp);
        }
    }
    $sql != "" ? executeQuery($sql1 . substr($sql, 1), $conn) : "";
    mailAllStaff($var_deptid, $var_refno);
    acknowledgeUserOnReply($var_deptid, $var_refno, $var_mail_subject);
}
Beispiel #3
0
             $var_insert_id = "00" . $var_insert_id;
         } else {
             if ($var_insert_id < 10000) {
                 // 9999   09999
                 $var_insert_id = "0" . $var_insert_id;
             }
         }
     }
 }
 $var_refno = $var_tmp_compid . $val_dept_id . $var_tmp_userid . $var_insert_id;
 $sql_update_ticket = "update sptbl_tickets set vRefNo='" . $var_refno . "' where nTicketId='" . $var_ticket_id . "'";
 executeQuery($sql_update_ticket, $conn);
 $sql1 = "insert into sptbl_attachments(nTicketId,vAttachReference,vAttachUrl) values";
 $sql = "";
 foreach ($mimedecoder->_attachments as $objattach) {
     if (validateAttachments($objattach->_attachmentname, $objattach->_attachmenttype) == true && getDataSize($objattach->_attachmentcontent) < $var_valid_size) {
         $var_act_filename = uniqid("fl", true) . "." . getExtension($objattach->_attachmentname);
         $sql .= ",('" . $var_ticket_id . "','" . $objattach->_attachmentname . "','" . addslashes($var_act_filename) . "')";
         $fp = fopen("{$dotdotreal}/attachments/" . $var_act_filename, "w");
         fwrite($fp, $objattach->_attachmentcontent);
         fclose($fp);
     }
 }
 $sql != "" ? executeQuery($sql1 . substr($sql, 1), $conn) : "";
 /// check admin auto return mail status
 if (isAutoReturnMailNeeded()) {
     mailUserOnTicketCreationPop3($val, $total_count, $var_refno, $var_tmp_userid, $mimedecoder->_mailheader->_headersubject);
 }
 //
 mailAllStaff($val, $var_refno);
 mailWatcher($val, $var_refno);
    /**
     * View all unapproved attachments.
     */
    public function action_unapproved_attachments()
    {
        global $txt, $scripturl, $context, $user_info, $modSettings;
        $context['page_title'] = $txt['mc_unapproved_attachments'];
        // Once again, permissions are king!
        $approve_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts');
        if ($approve_boards == array(0)) {
            $approve_query = '';
        } elseif (!empty($approve_boards)) {
            $approve_query = ' AND m.id_board IN (' . implode(',', $approve_boards) . ')';
        } else {
            $approve_query = ' AND 0';
        }
        // Get together the array of things to act on, if any.
        $attachments = array();
        if (isset($_GET['approve'])) {
            $attachments[] = (int) $_GET['approve'];
        } elseif (isset($_GET['delete'])) {
            $attachments[] = (int) $_GET['delete'];
        } elseif (isset($_POST['item'])) {
            foreach ($_POST['item'] as $item) {
                $attachments[] = (int) $item;
            }
        }
        // Are we approving or deleting?
        if (isset($_GET['approve']) || isset($_POST['do']) && $_POST['do'] == 'approve') {
            $curAction = 'approve';
        } elseif (isset($_GET['delete']) || isset($_POST['do']) && $_POST['do'] == 'delete') {
            $curAction = 'delete';
        }
        // Something to do, let's do it!
        if (!empty($attachments) && isset($curAction)) {
            checkSession('request');
            // This will be handy.
            require_once SUBSDIR . '/ManageAttachments.subs.php';
            // Confirm the attachments are eligible for changing!
            $attachments = validateAttachments($attachments, $approve_query);
            // Assuming it wasn't all like, proper illegal, we can do the approving.
            if (!empty($attachments)) {
                if ($curAction == 'approve') {
                    approveAttachments($attachments);
                } else {
                    removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
                }
                cache_put_data('num_menu_errors', null, 900);
            }
        }
        require_once SUBSDIR . '/GenericList.class.php';
        require_once SUBSDIR . '/ManageAttachments.subs.php';
        $listOptions = array('id' => 'mc_unapproved_attach', 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_unapproved_attachments_none_found'], 'base_href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'default_sort_col' => 'attach_name', 'get_items' => array('function' => 'list_getUnapprovedAttachments', 'params' => array($approve_query)), 'get_count' => array('function' => 'list_getNumUnapprovedAttachments', 'params' => array($approve_query)), 'columns' => array('attach_name' => array('header' => array('value' => $txt['mc_unapproved_attach_name']), 'data' => array('db' => 'filename'), 'sort' => array('default' => 'a.filename', 'reverse' => 'a.filename DESC')), 'attach_size' => array('header' => array('value' => $txt['mc_unapproved_attach_size']), 'data' => array('db' => 'size'), 'sort' => array('default' => 'a.size', 'reverse' => 'a.size DESC')), 'attach_poster' => array('header' => array('value' => $txt['mc_unapproved_attach_poster']), 'data' => array('function' => create_function('$data', '
							return $data[\'poster\'][\'link\'];')), 'sort' => array('default' => 'm.id_member', 'reverse' => 'm.id_member DESC')), 'date' => array('header' => array('value' => $txt['date'], 'style' => 'width: 18%;'), 'data' => array('db' => 'time', 'class' => 'smalltext', 'style' => 'white-space:nowrap;'), 'sort' => array('default' => 'm.poster_time', 'reverse' => 'm.poster_time DESC')), 'message' => array('header' => array('value' => $txt['post']), 'data' => array('function' => create_function('$data', '
							global $modSettings;

							return \'<a href="\' . $data[\'message\'][\'href\'] . \'">\' . Util::shorten_text($data[\'message\'][\'subject\'], !empty($modSettings[\'subject_length\']) ? $modSettings[\'subject_length\'] : 24) . \'</a>\';'), 'class' => 'smalltext', 'style' => 'width:15em;'), 'sort' => array('default' => 'm.subject', 'reverse' => 'm.subject DESC')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="item[]" value="%1$d" class="input_check" />', 'params' => array('id' => false))))), 'form' => array('href' => $scripturl . '?action=moderate;area=attachmod;sa=attachments', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id']), 'token' => 'mod-ap'), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => '
						<select name="do" onchange="if (this.value != 0 &amp;&amp; confirm(\'' . $txt['mc_unapproved_sure'] . '\')) submit();">
							<option value="0">' . $txt['with_selected'] . ':</option>
							<option value="0" disabled="disabled">' . str_repeat('&#8212;', strlen($txt['approve'])) . '</option>
							<option value="approve">' . (isBrowser('ie8') ? '&#187;' : '&#10148;') . '&nbsp;' . $txt['approve'] . '</option>
							<option value="delete">' . (isBrowser('ie8') ? '&#187;' : '&#10148;') . '&nbsp;' . $txt['delete'] . '</option>
						</select>
						<noscript><input type="submit" name="ml_go" value="' . $txt['go'] . '" class="right_submit" /></noscript>', 'class' => 'floatright')));
        // Create the request list.
        createToken('mod-ap');
        createList($listOptions);
        $context['sub_template'] = 'show_list';
        $context['default_list'] = 'mc_unapproved_attach';
        $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_unapproved_attachments'], 'help' => '', 'description' => $txt['mc_unapproved_attachments_desc']);
    }