Beispiel #1
0
/**
 * function plugins_update to get
 * plugins updates from the Database using pagination object.
 *
 * @author shubham meena mentored by Matthew Lagoe
 */
function plugins_update()
{
    if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
        $pagination = new Pagination("SELECT * FROM plugins INNER JOIN updates ON plugins.Id=updates.PluginId", "lib", 5, "Plugincache");
        $pageResult['plug'] = Gui_Elements::make_table($pagination->getElements(), array("getId", "getPluginName", "getPluginInfo", "getUpdateInfo"), array("id", "plugin_name", "plugin_info", "update_info"));
        $pageResult['links'] = $pagination->getLinks(5);
        $pageResult['lastPage'] = $pagination->getLast();
        $pageResult['currentPage'] = $pagination->getCurrent();
        global $INGAME_WEBPATH;
        $pageResult['ingame_webpath'] = $INGAME_WEBPATH;
        // check if shard is online
        try {
            $dbs = new DBLayer("shard");
            $pageResult['shard'] = "online";
        } catch (PDOException $e) {
            $pageResult['shard'] = "offline";
        }
        return $pageResult;
    } else {
        // ERROR: No access!
        $_SESSION['error_code'] = "403";
        header("Cache-Control: max-age=1");
        header("Location: index.php?page=error");
        throw new SystemExit();
    }
}
Beispiel #2
0
/**
* This function is beign used to load info that's needed for the userlist page.
* this function will return all users by using he pagination class, so that it can be used in the template. Only Mods and Admins can browse this page though.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function userlist()
{
    if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
        $pagination = new Pagination(WebUsers::getAllUsersQuery(), "web", 10, "WebUsers");
        $pageResult['userlist'] = Gui_Elements::make_table($pagination->getElements(), array("getUId", "getUsername", "getEmail"), array("id", "username", "email"));
        $pageResult['links'] = $pagination->getLinks(5);
        $pageResult['lastPage'] = $pagination->getLast();
        $pageResult['currentPage'] = $pagination->getCurrent();
        $i = 0;
        foreach ($pageResult['userlist'] as $user) {
            $pageResult['userlist'][$i]['permission'] = Ticket_User::constr_ExternId($pageResult['userlist'][$i]['id'])->getPermission();
            $i++;
        }
        if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
            $pageResult['isAdmin'] = "TRUE";
        }
        global $INGAME_WEBPATH;
        $pageResult['ingame_webpath'] = $INGAME_WEBPATH;
        global $BASE_WEBPATH;
        $pageResult['base_webpath'] = $BASE_WEBPATH;
        return $pageResult;
    } else {
        //ERROR: No access!
        $_SESSION['error_code'] = "403";
        header("Cache-Control: max-age=1");
        header("Location: index.php?page=error");
        throw new SystemExit();
    }
}
Beispiel #3
0
/**
* This function is beign used to reply on a ticket.
* It will first check if the user who executed this function is a mod/admin or the topic creator himself. If this is not the case the page will be redirected to an error page.
* in case the isset($_POST['hidden'] is set and the user is a mod, the message will be hidden for the topic starter. The reply will be created. If $_POST['ChangeStatus']) & $_POST['ChangePriority'] is set
* it will try to update the status and priority. Afterwards the page is being redirecte to the ticket again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function reply_on_ticket()
{
    global $INGAME_WEBPATH;
    global $WEBPATH;
    //if logged in
    if (WebUsers::isLoggedIn() && isset($_POST['ticket_id'])) {
        $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
        $target_ticket = new Ticket();
        $target_ticket->load_With_TId($ticket_id);
        //check if the user who executed this function is a mod/admin or the topic creator himself.
        if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            try {
                $author = unserialize($_SESSION['ticket_user'])->getTUserId();
                if (isset($_POST['Content'])) {
                    $content = $_POST['Content'];
                } else {
                    $content = "";
                }
                $hidden = 0;
                if (isset($_POST['hidden']) && Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                    $hidden = 1;
                }
                //create the reply
                Ticket::createReply($content, $author, $ticket_id, $hidden);
                //try to update the status & priority in case these are set.
                if (isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                    $newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
                    $newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
                    Ticket::updateTicketStatusAndPriority($ticket_id, $newStatus, $newPriority, $author);
                }
                header("Cache-Control: max-age=1");
                if (Helpers::check_if_game_client()) {
                    header("Location: " . $INGAME_WEBPATH . "?page=show_ticket&id=" . $ticket_id);
                } else {
                    header("Location: " . $WEBPATH . "?page=show_ticket&id=" . $ticket_id);
                }
                throw new SystemExit();
            } catch (PDOException $e) {
                //ERROR: LIB DB is not online!
                print_r($e);
                //header("Location: index.php");
                throw new SystemExit();
            }
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #4
0
/**
* This function is beign used to load info that's needed for the settings page.
* check if the person who wants to view this page is a mod/admin or the user to whom te settings belong himself, if this is not the case, he will be redirected to an error page.
* it will return a lot of information of that user, that's being used for loading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function settings()
{
    if (WebUsers::isLoggedIn()) {
        //in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
        if (isset($_GET['id'])) {
            if ($_GET['id'] != $_SESSION['id'] && !Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                //ERROR: No access!
                $_SESSION['error_code'] = "403";
                header("Cache-Control: max-age=1");
                header("Location: index.php?page=error");
                throw new SystemExit();
            } else {
                $webUser = new Webusers($_GET['id']);
                $result = $webUser->getInfo();
                if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_GET['id'] != $_SESSION['id']) {
                    $result['changesOther'] = "TRUE";
                }
                $result['target_id'] = $_GET['id'];
                $result['current_mail'] = $webUser->getEmail();
                $result['target_username'] = $webUser->getUsername();
            }
        } else {
            $webUser = new Webusers($_SESSION['id']);
            $result = $webUser->getInfo();
            $result['target_id'] = $_SESSION['id'];
            $result['current_mail'] = $webUser->getEmail();
            $result['target_username'] = $webUser->getUsername();
        }
        //Sanitize Data
        $result['current_mail'] = filter_var($result['current_mail'], FILTER_SANITIZE_EMAIL);
        $result['target_username'] = filter_var($result['target_username'], FILTER_SANITIZE_STRING);
        $result['FirstName'] = filter_var($result['FirstName'], FILTER_SANITIZE_STRING);
        $result['LastName'] = filter_var($result['LastName'], FILTER_SANITIZE_STRING);
        $result['Country'] = filter_var($result['Country'], FILTER_SANITIZE_STRING);
        $result['Gender'] = filter_var($result['Gender'], FILTER_SANITIZE_NUMBER_INT);
        $result['ReceiveMail'] = filter_var($result['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
        $result['country_array'] = getCountryArray();
        global $INGAME_WEBPATH;
        $result['ingame_webpath'] = $INGAME_WEBPATH;
        $dbl = new DBLayer("lib");
        $statement = $dbl->executeWithoutParams("SELECT * FROM settings");
        $rows = $statement->fetchAll();
        foreach ($rows as &$value) {
            $result[$value['Setting']] = $value['Value'];
        }
        return $result;
    } else {
        //ERROR: not logged in!
        header("Location: index.php");
        header("Cache-Control: max-age=1");
        throw new SystemExit();
    }
}
Beispiel #5
0
/**
* This function is beign used to load info that's needed for the show_ticket_info page.
* check if the person browsing this page is a mod/admin or the ticket creator himself, if not he'll be redirected to an error page.
* not all tickets have this page related to it, only tickets created ingame will have additional information. The returned info will be used by the template to show the show_ticket_info page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_ticket_info()
{
    //if logged in
    if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
        $result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
        $target_ticket = new Ticket();
        $target_ticket->load_With_TId($result['ticket_id']);
        if ($target_ticket->hasInfo() && ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])))) {
            $result['ticket_title'] = $target_ticket->getTitle();
            $result['ticket_author'] = $target_ticket->getAuthor();
            $ticket_info = new Ticket_Info();
            $ticket_info->load_With_Ticket($result['ticket_id']);
            $result['shard_id'] = $ticket_info->getShardId();
            $result['user_position'] = $ticket_info->getUser_Position();
            $result['view_position'] = $ticket_info->getView_Position();
            $result['client_version'] = $ticket_info->getClient_Version();
            $result['patch_version'] = $ticket_info->getPatch_Version();
            $result['server_tick'] = $ticket_info->getServer_Tick();
            $result['connect_state'] = $ticket_info->getConnect_State();
            $result['local_address'] = $ticket_info->getLocal_Address();
            $result['memory'] = $ticket_info->getMemory();
            $result['os'] = $ticket_info->getOS();
            $result['processor'] = $ticket_info->getProcessor();
            $result['cpu_id'] = $ticket_info->getCPUId();
            $result['cpu_mask'] = $ticket_info->getCPU_Mask();
            $result['ht'] = $ticket_info->getHT();
            $result['nel3d'] = $ticket_info->getNel3D();
            $result['user_id'] = $ticket_info->getUser_Id();
            global $IMAGELOC_WEBPATH;
            $result['IMAGELOC_WEBPATH'] = $IMAGELOC_WEBPATH;
            if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                $result['isMod'] = "TRUE";
            }
            global $INGAME_WEBPATH;
            $result['ingame_webpath'] = $INGAME_WEBPATH;
            return $result;
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #6
0
/**
* This function is beign used to change the users receiveMail setting.
* It will first check if the user who executed this function is the person of whom the setting is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* it will check if the new value equals 1 or 0 and it will update the setting and redirect the page again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_receivemail()
{
    try {
        //if logged in
        global $INGAME_WEBPATH;
        global $WEBPATH;
        if (WebUsers::isLoggedIn()) {
            if (isset($_POST['target_id'])) {
                //check if the user who executed this function is the person of whom the setting is or if it's a mod/admin.
                if (($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) && isset($_POST['ReceiveMail'])) {
                    $user_id = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT);
                    $receiveMail = filter_var($_POST['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
                    if ($receiveMail == 0 || $receiveMail == 1) {
                        WebUsers::setReceiveMail($user_id, $receiveMail);
                    }
                    if (Helpers::check_if_game_client()) {
                        header("Cache-Control: max-age=1");
                        header("Location: " . $INGAME_WEBPATH . "?page=settings&id=" . $user_id);
                    } else {
                        header("Cache-Control: max-age=1");
                        header("Location: " . $WEBPATH . "?page=settings&id=" . $user_id);
                    }
                    throw new SystemExit();
                } else {
                    //ERROR: permission denied!
                    $_SESSION['error_code'] = "403";
                    header("Cache-Control: max-age=1");
                    header("Location: index.php?page=error");
                    throw new SystemExit();
                }
            } else {
                //ERROR: The form was not filled in correclty
                header("Cache-Control: max-age=1");
                header("Location: index.php?page=settings");
                throw new SystemExit();
            }
        } else {
            //ERROR: user is not logged in
            header("Cache-Control: max-age=1");
            header("Location: index.php");
            throw new SystemExit();
        }
    } catch (PDOException $e) {
        //go to error page or something, because can't access website db
        print_r($e);
        throw new SystemExit();
    }
}
Beispiel #7
0
function settings()
{
    if (WebUsers::isLoggedIn()) {
        //in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
        if (isset($_GET['id'])) {
            if ($_GET['id'] != $_SESSION['id'] && !Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                //ERROR: No access!
                $_SESSION['error_code'] = "403";
                header("Location: index.php?page=error");
                exit;
            } else {
                $webUser = new Webusers($_GET['id']);
                //$result = $webUser->getInfo();
                if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_GET['id'] != $_SESSION['id']) {
                    $result['changesOther'] = "TRUE";
                }
                $result['target_id'] = $_GET['id'];
                $result['current_mail'] = $webUser->getEmail();
                $result['target_username'] = $webUser->getUsername();
            }
        } else {
            $webUser = new Webusers($_SESSION['id']);
            //$result = $webUser->getInfo();
            $result['target_id'] = $_SESSION['id'];
            $result['current_mail'] = $webUser->getEmail();
            $result['target_username'] = $webUser->getUsername();
        }
        //Sanitize Data
        $result['current_mail'] = filter_var($result['current_mail'], FILTER_SANITIZE_EMAIL);
        $result['target_username'] = filter_var($result['target_username'], FILTER_SANITIZE_STRING);
        //$result['FirstName'] = filter_var($result['FirstName'], FILTER_SANITIZE_STRING);
        //$result['LastName'] = filter_var($result['LastName'], FILTER_SANITIZE_STRING);
        //$result['Country'] = filter_var($result['Country'], FILTER_SANITIZE_STRING);
        //$result['Gender'] = filter_var($result['Gender'], FILTER_SANITIZE_NUMBER_INT);
        //$result['ReceiveMail'] = filter_var($result['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
        //$result['country_array'] = getCountryArray();
        global $INGAME_WEBPATH;
        $result['ingame_webpath'] = $INGAME_WEBPATH;
        return $result;
    } else {
        //ERROR: not logged in!
        header("Location: index.php");
        exit;
    }
}
Beispiel #8
0
/**
* This function is beign used to load info that's needed for the show_reply page.
* check if the person is allowed to see the reply, if not he'll be redirected to an error page.
* data regarding to the reply will be returned by this function that will be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_reply()
{
    //if logged in
    if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
        $result['reply_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
        $reply = new Ticket_Reply();
        $reply->load_With_TReplyId($result['reply_id']);
        $ticket = new Ticket();
        $ticket->load_With_TId($reply->getTicket());
        //check if the user is allowed to see the reply
        if ($ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() && !$reply->getHidden() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            $content = new Ticket_Content();
            $content->load_With_TContentId($reply->getContent());
            $author = new Ticket_User();
            $author->load_With_TUserId($reply->getAuthor());
            $result['hidden'] = $reply->getHidden();
            $result['ticket_id'] = $reply->getTicket();
            $result['reply_timestamp'] = $reply->getTimestamp();
            $result['author_permission'] = $author->getPermission();
            $result['reply_content'] = $content->getContent();
            $result['author'] = $author->getExternId();
            $webUser = new WebUsers($author->getExternId());
            $result['authorName'] = $webUser->getUsername();
            if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                $result['isMod'] = "TRUE";
            }
            global $INGAME_WEBPATH;
            $result['ingame_webpath'] = $INGAME_WEBPATH;
            return $result;
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #9
0
/**
* This function is beign used to load info that's needed for the show_user page.
* Users can only browse their own user page, while mods/admins can browse all user pages. The current settings of the user being browsed will be loaded, as also their created tickets
* and this info will be returned so it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_user()
{
    //if logged in
    if (WebUsers::isLoggedIn()) {
        //Users can only browse their own user page, while mods/admins can browse all user pages
        if (!isset($_GET['id']) || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) || $_GET['id'] == $_SESSION['id']) {
            if (isset($_GET['id'])) {
                $result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
            } else {
                $result['target_id'] = $_SESSION['id'];
            }
            $webUser = new WebUsers($result['target_id']);
            $result['target_name'] = $webUser->getUsername();
            $result['mail'] = $webUser->getEmail();
            $info = $webUser->getInfo();
            $result['firstName'] = $info['FirstName'];
            $result['lastName'] = $info['LastName'];
            $result['country'] = $info['Country'];
            $result['gender'] = $info['Gender'];
            $ticket_user = Ticket_User::constr_ExternId($result['target_id']);
            $result['userPermission'] = $ticket_user->getPermission();
            if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
                $result['isAdmin'] = "TRUE";
            }
            $ticketlist = Ticket::getTicketsOf($ticket_user->getTUserId());
            $result['ticketlist'] = Gui_Elements::make_table($ticketlist, array("getTId", "getTimestamp", "getTitle", "getStatus", "getStatusText", "getStatusText", "getCategoryName"), array("tId", "timestamp", "title", "status", "statustext", "statusText", "category"));
            global $INGAME_WEBPATH;
            $result['ingame_webpath'] = $INGAME_WEBPATH;
            return $result;
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #10
0
/**
* This function is beign used to load info that's needed for the sgroup_list page.
* check if the person who wants to view this page is a mod/admin, if this is not the case, he will be redirected to an error page.
* It will return all suppport groups information. Also if the $_GET['delete'] var is set and the user is an admin, he will delete a specific entry.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function sgroup_list()
{
    global $INGAME_WEBPATH;
    global $WEBPATH;
    //if logged in
    if (WebUsers::isLoggedIn()) {
        if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            //if delete GET var is set and user is admin, then delete the groups entry.
            if (isset($_GET['delete']) && Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
                $delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
                $result['delete'] = Support_Group::deleteSupportGroup($delete_id);
                header("Cache-Control: max-age=1");
                if (Helpers::check_if_game_client()) {
                    header("Location: " . $INGAME_WEBPATH . "?page=sgroup_list");
                } else {
                    header("Location: " . $WEBPATH . "?page=sgroup_list");
                }
                throw new SystemExit();
            }
            if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
                $result['isAdmin'] = "TRUE";
            }
            $result['grouplist'] = Gui_Elements::make_table(Support_Group::getGroups(), array("getSGroupId", "getName", "getTag", "getGroupEmail"), array("sGroupId", "name", "tag", "groupemail"));
            global $INGAME_WEBPATH;
            $result['ingame_webpath'] = $INGAME_WEBPATH;
            return $result;
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #11
0
/**
* This function is beign used to change the users emailaddress info.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* The emailaddress will be validated first. If the checking was successful the email will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_mail()
{
    try {
        //if logged in
        if (WebUsers::isLoggedIn()) {
            if (isset($_POST['target_id'])) {
                //check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin.
                if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                    if ($_POST['target_id'] == $_SESSION['id']) {
                        //if the email is of the executing user himself
                        $target_username = $_SESSION['user'];
                    } else {
                        //if its from someone else.
                        $webUser = new WebUsers($_POST['target_id']);
                        $target_username = $webUser->getUsername();
                    }
                    $webUser = new WebUsers($_POST['target_id']);
                    //check if emailaddress is valid.
                    $reply = $webUser->checkEmail($_POST['NewEmail']);
                    global $SITEBASE;
                    require_once $SITEBASE . '/inc/settings.php';
                    $result = settings();
                    if ($reply != "success") {
                        $result['EMAIL_ERROR'] = 'TRUE';
                    } else {
                        $result['EMAIL_ERROR'] = 'FALSE';
                    }
                    $result['prevNewEmail'] = filter_var($_POST["NewEmail"], FILTER_SANITIZE_EMAIL);
                    if ($reply == "success") {
                        //if validation was successful, update the emailaddress
                        $status = WebUsers::setEmail($target_username, filter_var($_POST["NewEmail"], FILTER_SANITIZE_EMAIL));
                        if ($status == 'ok') {
                            $result['SUCCESS_MAIL'] = "OK";
                        } else {
                            if ($status == 'shardoffline') {
                                $result['SUCCESS_MAIL'] = "SHARDOFF";
                            }
                        }
                        $result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
                        $result['no_visible_elements'] = 'FALSE';
                        $result['username'] = $_SESSION['user'];
                        $result['target_id'] = $_POST['target_id'];
                        if (isset($_GET['id'])) {
                            if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_POST['target_id'] != $_SESSION['id']) {
                                $result['isMod'] = "TRUE";
                            }
                        }
                        helpers::loadtemplate('settings', $result);
                        throw new SystemExit();
                    } else {
                        $result['EMAIL'] = $reply;
                        $result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
                        $result['no_visible_elements'] = 'FALSE';
                        $result['username'] = $_SESSION['user'];
                        $result['target_id'] = $_POST['target_id'];
                        if (isset($_GET['id'])) {
                            if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_POST['target_id'] != $_SESSION['id']) {
                                $result['isMod'] = "TRUE";
                            }
                        }
                        $result['CEMAIL_ERROR'] = true;
                        helpers::loadtemplate('settings', $result);
                        throw new SystemExit();
                    }
                } else {
                    //ERROR: permission denied!
                    $_SESSION['error_code'] = "403";
                    header("Location: index.php?page=error");
                    throw new SystemExit();
                }
            } else {
                //ERROR: The form was not filled in correctly
                header("Location: index.php?page=settings");
                throw new SystemExit();
            }
        } else {
            //ERROR: user is not logged in
            header("Location: index.php");
            throw new SystemExit();
        }
    } catch (PDOException $e) {
        //go to error page or something, because can't access website db
        print_r($e);
        throw new SystemExit();
    }
}
Beispiel #12
0
/**
* This function is beign used to change the users password.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* If the executing user tries to change someone elses password, he doesn't has to fill in the previous password. The password will be validated first. If the checking was successful the password will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_password()
{
    try {
        //if logged in
        if (WebUsers::isLoggedIn()) {
            if (isset($_POST['target_id'])) {
                $adminChangesOther = false;
                //if target_id is the same as session id or is admin
                if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                    if ($_POST['target_id'] == $_SESSION['id']) {
                        //if the password is of the executing user himself
                        $target_username = $_SESSION['user'];
                    } else {
                        //if the password is of someone else.
                        $webUser = new WebUsers($_POST['target_id']);
                        $target_username = $webUser->getUsername();
                        //isAdmin is true when it's the admin, but the target_id != own id
                        $adminChangesOther = true;
                        $_POST["CurrentPass"] = "******";
                    }
                    $webUser = new WebUsers($_POST['target_id']);
                    $params = array('user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
                    $result = $webUser->check_change_password($params);
                    if ($result == "success") {
                        //edit stuff into db
                        global $SITEBASE;
                        require_once $SITEBASE . '/inc/settings.php';
                        $succresult = settings();
                        $status = WebUsers::setPassword($target_username, $_POST["NewPass"]);
                        if ($status == 'ok') {
                            $succresult['SUCCESS_PASS'] = "******";
                        } else {
                            if ($status == 'shardoffline') {
                                $succresult['SUCCESS_PASS'] = "******";
                            }
                        }
                        $succresult['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
                        $succresult['no_visible_elements'] = 'FALSE';
                        $succresult['username'] = $_SESSION['user'];
                        $succresult['target_id'] = $_POST['target_id'];
                        helpers::loadtemplate('settings', $succresult);
                        throw new SystemExit();
                    } else {
                        $result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
                        $result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
                        $result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);
                        $result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
                        $result['no_visible_elements'] = 'FALSE';
                        $result['username'] = $_SESSION['user'];
                        $result['target_id'] = $_POST['target_id'];
                        global $SITEBASE;
                        require_once $SITEBASE . '/inc/settings.php';
                        $settings = settings();
                        $result = array_merge($result, $settings);
                        helpers::loadtemplate('settings', $result);
                        throw new SystemExit();
                    }
                } else {
                    //ERROR: permission denied!
                    $_SESSION['error_code'] = "403";
                    header("Cache-Control: max-age=1");
                    header("Location: index.php?page=error");
                    throw new SystemExit();
                }
            } else {
                //ERROR: The form was not filled in correclty
                header("Cache-Control: max-age=1");
                header("Location: index.php?page=settings");
                throw new SystemExit();
            }
        } else {
            //ERROR: user is not logged in
            header("Cache-Control: max-age=1");
            header("Location: index.php");
            throw new SystemExit();
        }
    } catch (PDOException $e) {
        //go to error page or something, because can't access website db
        print_r($e);
        throw new SystemExit();
    }
}
Beispiel #13
0
/**
 * This function is used in installing plugins or adding updates
 * for previously installed plugins.
 *
 */
function install_plugin()
{
    $result = array();
    // if logged in
    if (WebUsers::isLoggedIn()) {
        // path of temporary folder for storing files
        $temp_path = "../../ams_lib/temp";
        // create a temp directory if not exist
        // temp folder where we first store all uploaded plugins before install
        if (!file_exists("{$temp_path}")) {
            mkdir($temp_path);
        }
        // checking the server if file is uploaded or not
        if (isset($_FILES["file"]) && $_FILES["file"]["size"] > 0) {
            $fileName = $_FILES["file"]["name"];
            //the files name takes from the HTML form
            $fileTmpLoc = $_FILES["file"]["tmp_name"];
            //file in the PHP tmp folder
            $dir = trim($_FILES["file"]["name"], ".zip");
            $target_path = "../../ams_lib/plugins/{$dir}";
            //path in which the zip extraction is to be done
            $destination = "../../ams_lib/plugins/";
            // scanning plugin folder if plugin with same name is already exists or not
            $x = checkForUpdate($dir, $destination, $fileTmpLoc, $temp_path);
            if ($x == '1') {
                echo "update found";
                throw new SystemExit();
            } else {
                if ($x == '2') {
                    echo "Plugin already exists with same name .";
                    throw new SystemExit();
                } else {
                    if ($x == '3') {
                        echo "Update info is not present in the update";
                        throw new SystemExit();
                    }
                }
            }
            // checking for the command to install plugin is given or not
            if (!isset($_POST['install_plugin'])) {
                if ($_FILES["file"]["type"] == 'application/zip') {
                    if (move_uploaded_file($fileTmpLoc, $temp_path . "/" . $fileName)) {
                        echo "{$fileName} upload is complete.</br>" . "<button type='submit' class='btn btn-primary' style='margin-left:5px; margin-top:10px;' name='install_plugin'>Install Plugin</button></br>";
                        throw new SystemExit();
                    } else {
                        echo "Error in uploading file.";
                        throw new SystemExit();
                    }
                } else {
                    echo "Please select a file with .zip extension to upload.";
                    throw new SystemExit();
                }
            } else {
                // calling function to unzip archives
                if (zipExtraction($temp_path . "/" . $fileName, $destination)) {
                    if (file_exists($target_path . "/.info")) {
                        $result = readPluginFile(".info", $target_path);
                        // sending all info to the database
                        $install_result = array();
                        $install_result['FileName'] = $target_path;
                        $install_result['Name'] = $result['PluginName'];
                        $install_result['Type'] = $result['Type'];
                        if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                            $install_result['Permission'] = 'admin';
                        } else {
                            $install_result['Permission'] = 'user';
                        }
                        $install_result['Info'] = json_encode($result);
                        // connection with the database
                        $dbr = new DBLayer("lib");
                        $dbr->insert("plugins", $install_result);
                        // if everything is successfull redirecting to the plugin template
                        header("Cache-Control: max-age=1");
                        header("Location: index.php?page=plugins&result=1");
                        throw new SystemExit();
                    } else {
                        // file .info not exists
                        rmdir($target_path);
                        header("Cache-Control: max-age=1");
                        header("Location: index.php?page=install_plugin&result=2");
                        throw new SystemExit();
                    }
                } else {
                    // extraction failed
                    header("Cache-Control: max-age=1");
                    header("Location: index.php?page=install_plugin&result=0");
                    throw new SystemExit();
                }
            }
        } else {
            echo "Please Browse for a file before clicking the upload button";
            throw new SystemExit();
        }
    }
}
Beispiel #14
0
/**
* This function is beign used to create a new ticket.
* It will first check if the user who executed this function is the person of whom the setting is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* next it will filter the POST data and it will try to create the new ticket. Afterwards a redirecion to the ticket will occur.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function create_ticket()
{
    //if logged in
    global $INGAME_WEBPATH;
    global $WEBPATH;
    $return = array();
    $error = false;
    if (WebUsers::isLoggedIn() && isset($_SESSION['ticket_user'])) {
        if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Title'])) < 2) {
            $return = array_merge($_POST, $return);
            $return['no_visible_elements'] = 'FALSE';
            $catArray = Ticket_Category::getAllCategories();
            $return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
            $return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId");
            $return['TITLE_ERROR_MESSAGE'] = "Title must not be blank!";
            $return['TITLE_ERROR'] = true;
            $error = true;
        }
        if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Content'])) < 2) {
            $return = array_merge($_POST, $return);
            $return['no_visible_elements'] = 'FALSE';
            $catArray = Ticket_Category::getAllCategories();
            $return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
            $return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId");
            $return['CONTENT_ERROR_MESSAGE'] = "Content must not be blank!";
            $return['CONTENT_ERROR'] = true;
            $error = true;
        }
        if ($error) {
            helpers::loadTemplate('createticket', $return);
            throw new SystemExit();
        }
        if (isset($_POST['target_id'])) {
            //if target_id is the same as session id or is admin
            if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                $category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
                $title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
                $content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
                try {
                    if ($_POST['target_id'] == $_SESSION['id']) {
                        //if the ticket is being made for the executing user himself
                        $author = unserialize($_SESSION['ticket_user'])->getTUserId();
                    } else {
                        //if a mod tries to make a ticket for someone else
                        $author = Ticket_User::constr_ExternId($_POST['target_id'])->getTUserId();
                    }
                    //create the ticket & return the id of the newly created ticket.
                    $ticket_id = Ticket::create_Ticket($title, $content, $category, $author, unserialize($_SESSION['ticket_user'])->getTUserId(), 0, $_POST);
                    //redirect to the new ticket.
                    if (Helpers::check_if_game_client()) {
                        header("Cache-Control: max-age=1");
                        header("Location: " . $INGAME_WEBPATH . "?page=show_ticket&id=" . $ticket_id);
                    } else {
                        header("Cache-Control: max-age=1");
                        header("Location: " . $WEBPATH . "?page=show_ticket&id=" . $ticket_id);
                        throw new SystemExit();
                    }
                } catch (PDOException $e) {
                    //ERROR: LIB DB is not online!
                    print_r($e);
                    throw new SystemExit();
                    header("Cache-Control: max-age=1");
                    header("Location: index.php");
                    throw new SystemExit();
                }
            } else {
                //ERROR: permission denied!
                $_SESSION['error_code'] = "403";
                header("Cache-Control: max-age=1");
                header("Location: index.php?page=error");
                throw new SystemExit();
            }
        } else {
            //ERROR: The form was not filled in correclty
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=createticket");
            throw new SystemExit();
        }
    } else {
        //ERROR: user is not logged in
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #15
0
/**
* This function is beign used to load info that's needed for the show_ticket_log page.
* This page shows the logs related to a ticket: who created the ticket, who replied on it, who viewed it, assigned or forwarded it.
* Only mods/admins are able to browse the log though. The found information is returned so it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_ticket_log()
{
    global $INGAME_WEBPATH;
    global $WEBPATH;
    //if logged in
    if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
        //only allow admins to browse the log!
        if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            $result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
            $target_ticket = new Ticket();
            $target_ticket->load_With_TId($result['ticket_id']);
            $result['ticket_title'] = $target_ticket->getTitle();
            //return all logs related to a ticket.
            $ticket_logs = Ticket_Log::getLogsOfTicket($result['ticket_id']);
            $log_action_array = Ticket_Log::getActionTextArray();
            //fetch information about each returned ticket in a format that is usable for the template
            $result['ticket_logs'] = Gui_Elements::make_table($ticket_logs, array("getTLogId", "getTimestamp", "getAuthor()->getExternId", "getAction", "getArgument()"), array("tLogId", "timestamp", "authorExtern", "action", "argument"));
            $i = 0;
            //for each ticket add action specific informaton to the to-be-shown text: uses the query_backpart
            foreach ($result['ticket_logs'] as $log) {
                $webUser = new WebUsers($log['authorExtern']);
                $author = $webUser->getUsername();
                $result['ticket_logs'][$i]['author'] = $author;
                $query_backpart = "";
                if ($log['action'] == 2) {
                    $webUser2 = new WebUsers($log['argument']);
                    $query_backpart = $webUser2->getUsername();
                } else {
                    if ($log['action'] == 4) {
                        if (Helpers::check_if_game_client()) {
                            $query_backpart = "<a href='" . $INGAME_WEBPATH . "?page=show_reply&id=" . $log['argument'] . "'>ID#" . $log['argument'] . "</a>";
                        } else {
                            $query_backpart = "<a href='" . $WEBPATH . "?page=show_reply&id=" . $log['argument'] . "'>ID#" . $log['argument'] . "</a>";
                        }
                    } else {
                        if ($log['action'] == 5) {
                            $statusArray = Ticket::getStatusArray();
                            $query_backpart = $statusArray[$log['argument']];
                        } else {
                            if ($log['action'] == 6) {
                                $priorityArray = Ticket::getPriorityArray();
                                $query_backpart = $priorityArray[$log['argument']];
                            } else {
                                if ($log['action'] == 8) {
                                    if (Helpers::check_if_game_client()) {
                                        $query_backpart = "<a href='" . $INGAME_WEBPATH . "?page=show_sgroupy&id=" . $log['argument'] . "'>" . Support_Group::getGroup($log['argument'])->getName() . "</a>";
                                    } else {
                                        $query_backpart = "<a href='" . $WEBPATH . "?page=show_sgroupy&id=" . $log['argument'] . "'>" . Support_Group::getGroup($log['argument'])->getName() . "</a>";
                                    }
                                }
                            }
                        }
                    }
                }
                $result['ticket_logs'][$i]['query'] = $author . " " . $log_action_array[$log['action']] . " " . $query_backpart;
                $result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
                $i++;
            }
            if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                $result['isMod'] = "TRUE";
            }
            global $INGAME_WEBPATH;
            $result['ingame_webpath'] = $INGAME_WEBPATH;
            return $result;
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #16
0
 header("Cache-Control: max-age=1");
 header("Cache-Control: no-store, no-cache, must-revalidate");
 header("Cache-Control: post-check=0, pre-check=0", false);
 header("Pragma: no-cache");
 // Running Cron
 if (isset($_GET["cron"])) {
     if ($_GET["cron"] == "true") {
         Sync::syncdata(false);
     }
 }
 // Always try to sync on page load, ie "lazy" cron
 Sync::syncdata(false);
 // Decide what page to load
 if (!isset($_GET["page"])) {
     if (isset($_SESSION['user'])) {
         if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
             $page = 'dashboard';
         } else {
             $page = 'show_user';
         }
     } else {
         // default page
         $page = 'login';
     }
 } else {
     // if the session exists load page with $_GET requests
     if (isset($_SESSION['user'])) {
         $page = $_GET["page"];
     } else {
         switch ($_GET["page"]) {
             case 'register':
Beispiel #17
0
/**
* This function is beign used to load info that's needed for the show_sgroup page.
* check if the person browsing this page is a mod/admin, if not he'll be redirected to an error page.
* if the $_GET['delete'] var is set and the user executing is an admin, an entry will be deleted out of the support group.
* A list of users that are member of the group will be returned, which can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_sgroup()
{
    global $INGAME_WEBPATH;
    global $WEBPATH;
    //if logged in
    if (WebUsers::isLoggedIn()) {
        if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            if (isset($_GET['id'])) {
                //['target_id'] holds the id of the group!
                $result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
                //if the $_GET['delete'] var is set and the user executing is an admin, an entry will be deleted out of the support group.
                if (isset($_GET['delete']) && Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
                    $delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
                    $result['delete'] = Support_Group::deleteUserOfSupportGroup($delete_id, $result['target_id']);
                    header("Cache-Control: max-age=1");
                    if (Helpers::check_if_game_client()) {
                        header("Location: " . $INGAME_WEBPATH . "?page=show_sgroup&id=" . $result['target_id']);
                    } else {
                        header("Location: " . $WEBPATH . "?page=show_sgroup&id=" . $result['target_id']);
                    }
                    throw new SystemExit();
                }
                if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
                    $result['isAdmin'] = "TRUE";
                }
                $group = Support_Group::getGroup($result['target_id']);
                $result['groupsname'] = $group->getName();
                $result['groupemail'] = $group->getGroupEmail();
                $result['imap_mailserver'] = $group->getIMAP_MailServer();
                $result['imap_username'] = $group->getIMAP_Username();
                $result['userlist'] = Gui_Elements::make_table(Support_Group::getAllUsersOfSupportGroup($result['target_id']), array("getTUserId", "getPermission", "getExternId"), array("tUserId", "permission", "externId"));
                $i = 0;
                foreach ($result['userlist'] as $user) {
                    $webuser = new Webusers($user['externId']);
                    $result['userlist'][$i]['name'] = $webuser->getUsername();
                    $i++;
                }
                global $INGAME_WEBPATH;
                $result['ingame_webpath'] = $INGAME_WEBPATH;
                $result['teamlist'] = Gui_Elements::make_table(Ticket_User::getModsAndAdmins(), array("getTUserId", "getExternId"), array("tUserId", "externId"));
                $i = 0;
                foreach ($result['teamlist'] as $member) {
                    $web_teammember = new Webusers($member['externId']);
                    if (!In_Support_Group::userExistsInSGroup($member['externId'], $result['target_id'])) {
                        $result['users'][$i]['name'] = $web_teammember->getUsername();
                    }
                    $i++;
                }
                return $result;
            } else {
                //ERROR: No page specified!
                $_SESSION['error_code'] = "404";
                header("Cache-Control: max-age=1");
                header("Location: ams?page=error");
                throw new SystemExit();
            }
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #18
0
/**
* This function is beign used to load info that's needed for the show_queue page.
* check if the person who wants to view this page is a mod/admin, if this is not the case, he will be redirected to an error page.
* if an action is set (this is done by $_GET['action']) it will try to execute it first, actions are: assign a ticket, unassign a ticket an create a queue.
* There are a few predefined queues which is the 'all tickets' queue, 'archive' queue, 'todo' queue, .. these are passed by $_GET['get'].
* if  $_GET['get'] = create; then it's a custom made queue, this will call the createQueue function which builds the query that we will later use to get the tickets.
* The tickets fetched will be returned and used in the template. Now why use POST and GET params here and have a createQueue function twice? Well the first time someone creates
* a queue the POST variables will be used, however after going to the next page it will use the GET params.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_queue()
{
    global $INGAME_WEBPATH;
    global $WEBPATH;
    //if logged in  & queue id is given
    if (WebUsers::isLoggedIn() && isset($_GET['get'])) {
        if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            //the  queue you want to see.
            $result['queue_view'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
            $user_id = unserialize($_SESSION['ticket_user'])->getTUserId();
            $queueArray = array();
            $queue_handler = new Ticket_Queue_handler();
            //Pagination Base Links
            if (Helpers::check_if_game_client()) {
                $result['pagination_base_link'] = $INGAME_WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
            } else {
                $result['pagination_base_link'] = $WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
            }
            //form url to keep the getters constant
            if (Helpers::check_if_game_client()) {
                $result['getURL'] = $INGAME_WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
            } else {
                $result['getURL'] = $WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
            }
            if (isset($_GET['pagenum'])) {
                $result['getURL'] = $result['getURL'] . "&pagenum=" . $_GET['pagenum'];
            }
            if (isset($_GET['get']) && $_GET['get'] == "create" && isset($_GET['userid']) && isset($_GET['groupid']) && isset($_GET['what']) && isset($_GET['how']) && isset($_GET['who'])) {
                $userid = filter_var($_GET['userid'], FILTER_SANITIZE_NUMBER_INT);
                $groupid = filter_var($_GET['groupid'], FILTER_SANITIZE_NUMBER_INT);
                $what = filter_var($_GET['what'], FILTER_SANITIZE_STRING);
                $how = filter_var($_GET['how'], FILTER_SANITIZE_STRING);
                $who = filter_var($_GET['who'], FILTER_SANITIZE_STRING);
                //create the custom queue
                $queue_handler->CreateQueue($userid, $groupid, $what, $how, $who);
                if (Helpers::check_if_game_client()) {
                    $result['pagination_base_link'] = $INGAME_WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
                } else {
                    $result['pagination_base_link'] = $WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
                }
                $result['prev_created_userid'] = $userid;
                $result['prev_created_groupid'] = $groupid;
                $result['prev_created_what'] = $what;
                $result['prev_created_how'] = $how;
                $result['prev_created_who'] = $who;
                $result['getURL'] = $result['getURL'] . "&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
            }
            //if an action is set
            if (isset($_POST['action'])) {
                switch ($_POST['action']) {
                    case "assignTicket":
                        $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
                        $result['ACTION_RESULT'] = Ticket::assignTicket($user_id, $ticket_id);
                        break;
                    case "unAssignTicket":
                        $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
                        $result['ACTION_RESULT'] = Ticket::unAssignTicket($user_id, $ticket_id);
                        break;
                    case "create_queue":
                        $userid = filter_var($_POST['userid'], FILTER_SANITIZE_NUMBER_INT);
                        if (isset($_POST['groupid'])) {
                            $groupid = filter_var($_POST['groupid'], FILTER_SANITIZE_NUMBER_INT);
                        } else {
                            $groupid = 0;
                        }
                        $what = filter_var($_POST['what'], FILTER_SANITIZE_STRING);
                        $how = filter_var($_POST['how'], FILTER_SANITIZE_STRING);
                        $who = filter_var($_POST['who'], FILTER_SANITIZE_STRING);
                        //create the custom queue
                        $queue_handler->CreateQueue($userid, $groupid, $what, $how, $who);
                        if (Helpers::check_if_game_client()) {
                            $result['pagination_base_link'] = $INGAME_WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
                        } else {
                            $result['pagination_base_link'] = $WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
                        }
                        $result['prev_created_userid'] = $userid;
                        $result['prev_created_groupid'] = $groupid;
                        $result['prev_created_what'] = $what;
                        $result['prev_created_how'] = $how;
                        $result['prev_created_who'] = $who;
                        $result['getURL'] = $result['getURL'] . "&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
                        break;
                }
            }
            $queueArray = $queue_handler->getTickets($result['queue_view'], $user_id);
            //pagination
            $result['links'] = $queue_handler->getPagination()->getLinks(5);
            $result['lastPage'] = $queue_handler->getPagination()->getLast();
            $result['currentPage'] = $queue_handler->getPagination()->getCurrent();
            //if queue_view is a valid parameter value
            if ($queueArray != "ERROR") {
                $result['tickets'] = Gui_Elements::make_table($queueArray, array("getTId", "getTitle", "getTimestamp", "getAuthor()->getExternId", "getTicket_Category()->getName", "getStatus", "getStatusText", "getAssigned", "getForwardedGroupName", "getForwardedGroupId"), array("tId", "title", "timestamp", "authorExtern", "category", "status", "statusText", "assigned", "forwardedGroupName", "forwardedGroupId"));
                $i = 0;
                foreach ($result['tickets'] as $ticket) {
                    $web_author = new WebUsers($ticket['authorExtern']);
                    $result['tickets'][$i]['author'] = $web_author->getUsername();
                    $web_assigned = new WebUsers($ticket['assigned']);
                    $result['tickets'][$i]['assignedText'] = $web_assigned->getUsername();
                    $result['tickets'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($ticket['timestamp']);
                    $i++;
                }
                $result['user_id'] = unserialize($_SESSION['ticket_user'])->getTUserId();
                //Queue creator field info
                $result['grouplist'] = Gui_Elements::make_table(Support_Group::getGroups(), array("getSGroupId", "getName"), array("sGroupId", "name"));
                $result['teamlist'] = Gui_Elements::make_table(Ticket_User::getModsAndAdmins(), array("getTUserId", "getExternId"), array("tUserId", "externId"));
                $i = 0;
                foreach ($result['teamlist'] as $member) {
                    $web_teammember = new Webusers($member['externId']);
                    $result['teamlist'][$i]['name'] = $web_teammember->getUsername();
                    $i++;
                }
                global $INGAME_WEBPATH;
                $result['ingame_webpath'] = $INGAME_WEBPATH;
                return $result;
            } else {
                //ERROR: Doesn't exist!
                $_SESSION['error_code'] = "404";
                header("Cache-Control: max-age=1");
                header("Location: ams?page=error");
                throw new SystemExit();
            }
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #19
0
 /**
  * Handles an incomming email
  * Read the content of one email by using imap's functionality. If a ticket id is found inside the message_id or else in the subject line, then a reply will be added
  * (if the email is not being sent from the authors email address it won't be added though and a warning will be sent to both parties).  If no ticket id is found, then a new
  * ticket will be created.
  * @param $mbox a mailbox object
  * @param $i the email's id in the mailbox (integer)
  * @param $group the group object that owns the inbox.
  * @return a string based on the found ticket i and timestamp (will be used to store a copy of the email locally)
  */
 function incoming_mail_handler($mbox, $i, $group)
 {
     global $MAIL_LOG_PATH;
     $header = imap_header($mbox, $i);
     $subject = self::decode_utf8($header->subject);
     $entire_email = imap_fetchheader($mbox, $i) . imap_body($mbox, $i);
     $subject = self::decode_utf8($header->subject);
     $to = $header->to[0]->mailbox;
     $from = $header->from[0]->mailbox . '@' . $header->from[0]->host;
     $fromEmail = $header->from[0]->mailbox . '@' . $header->from[0]->host;
     $txt = self::get_part($mbox, $i, "TEXT/PLAIN");
     //$html = self::get_part($mbox, $i, "TEXT/HTML");
     //get the id out of the email address of the person sending the email.
     if ($from !== NULL && !is_numeric($from)) {
         $from = Ticket_User::get_id_from_email($from);
     }
     //get ticket_id out of the message-id or else out of the subject line
     $ticket_id = 0;
     if (isset($header->references)) {
         $pieces = explode(".", $header->references);
         if ($pieces[0] == "<ams") {
             $ticket_id = $pieces[2];
         } else {
             $ticket_id = self::get_ticket_id_from_subject($subject);
         }
     } else {
         $ticket_id = self::get_ticket_id_from_subject($subject);
     }
     //if ticket id is found, that means it is a reply on an existing ticket
     if ($ticket_id && is_numeric($ticket_id) && $ticket_id > 0) {
         $ticket = new Ticket();
         $ticket->load_With_TId($ticket_id);
         //if email is sent from an existing email address in the db (else it will give an error while loading the user object)
         if ($from != "FALSE") {
             $user = new Ticket_User();
             $user->load_With_TUserId($from);
             //if user has access to it!
             if ((Ticket_User::isMod($user) or $ticket->getAuthor() == $user->getTUserId()) and $txt != "") {
                 Ticket::createReply($txt, $user->getTUserId(), $ticket->getTId(), 0);
                 error_log("Email found that is a reply to a ticket at:" . $group->getGroupEmail() . "\n", 3, $MAIL_LOG_PATH);
             } else {
                 //if user has no access to it
                 //Warn real ticket owner + person that send the mail
                 Mail_Handler::send_ticketing_mail($ticket->getAuthor(), $ticket, NULL, "WARNAUTHOR", $from);
                 Mail_Handler::send_ticketing_mail($from, $ticket, NULL, "WARNSENDER", NULL);
                 error_log("Email found that was a reply to a ticket, though send by another user to " . $group->getGroupEmail() . "\n", 3, $MAIL_LOG_PATH);
             }
         } else {
             //if a reply to a ticket is being sent by a non-user!
             //Warn real ticket owner + person that send the mail
             Mail_Handler::send_ticketing_mail($ticket->getAuthor(), $ticket, NULL, "WARNAUTHOR", $fromEmail);
             Mail_Handler::send_ticketing_mail($fromEmail, $ticket, NULL, "WARNUNKNOWNSENDER", NULL);
             error_log("Email found that was a reply to a ticket, though send by an unknown email address to " . $group->getGroupEmail() . "\n", 3, $MAIL_LOG_PATH);
         }
         return $ticket_id . "." . time();
     } else {
         if ($from != "FALSE") {
             //if ticket_id isn't found, create a new ticket!
             //if an existing email address mailed the ticket
             //if not default group, then forward it by giving the $group->getSGroupId's param
             $newTicketId = Ticket::create_Ticket($subject, $txt, 1, $from, $from, $group->getSGroupId());
             error_log("Email regarding new ticket found at:" . $group->getGroupEmail() . "\n", 3, $MAIL_LOG_PATH);
             return $newTicketId . "." . time();
         } else {
             //if it's a email that has nothing to do with ticketing, return 0;
             error_log("Email found that isn't a reply or new ticket, at:" . $group->getGroupEmail() . "\n", 3, $MAIL_LOG_PATH);
             return 0;
         }
     }
 }
Beispiel #20
0
require '../../config.php';
require_once $AMS_LIB . '/libinclude.php';
$id = $_POST['PHPSESSID'];
session_id($id);
session_start();
// Set permission
if (isset($_SESSION['ticket_user'])) {
    $return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
} else {
    // default permission
    $return['permission'] = 0;
}
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
    $ticket_id = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
    $target_ticket = new Ticket();
    $target_ticket->load_With_TId($ticket_id);
    if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
        if (!empty($_FILES)) {
            $tempFile = $_FILES['Filedata']['tmp_name'];
            $fileParts = pathinfo($_FILES['Filedata']['name']);
            Ticket::add_Attachment($_GET['id'], $_FILES['Filedata']['name'], $_SESSION['id'], $tempFile);
            echo "Uploaded :" . $_FILES['Filedata']['name'];
        } else {
            echo "Upload Failed!";
        }
        echo "Upload Failed!";
    }
    echo "Upload Failed!";
}
echo "Upload Failed!";
Beispiel #21
0
/**
* This function is beign used to load info that's needed for the show_ticket page.
* check if the person browsing this page is a mod/admin or the ticket creator himself, if not he'll be redirected to an error page.
* if the $_GET['action'] var is set and the user executing is a mod/admin, it will try to execute the action. The actions here are: forwarding of a ticket,
* assigning a ticket and unassigning a ticket. This function returns a lot of information that will be used by the template to show the ticket. Mods/admins will be able to
* also see hidden replies to a ticket.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_ticket()
{
    //if logged in
    if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
        $result['user_id'] = unserialize($_SESSION['ticket_user'])->getTUserId();
        $result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
        $target_ticket = new Ticket();
        $target_ticket->load_With_TId($result['ticket_id']);
        if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            if (isset($_POST['action'])) {
                switch ($_POST['action']) {
                    case "forward":
                        $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
                        $group_id = filter_var($_POST['group'], FILTER_SANITIZE_NUMBER_INT);
                        $result['ACTION_RESULT'] = Ticket::forwardTicket($result['user_id'], $ticket_id, $group_id);
                        break;
                    case "assignTicket":
                        $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
                        $result['ACTION_RESULT'] = Ticket::assignTicket($result['user_id'], $ticket_id);
                        break;
                    case "unAssignTicket":
                        $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
                        $result['ACTION_RESULT'] = Ticket::unAssignTicket($result['user_id'], $ticket_id);
                        break;
                }
            }
        }
        if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
            $show_as_admin = false;
            if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                $show_as_admin = true;
            }
            $entire_ticket = Ticket::getEntireTicket($result['ticket_id'], $show_as_admin);
            Ticket_Log::createLogEntry($result['ticket_id'], unserialize($_SESSION['ticket_user'])->getTUserId(), 3);
            $result['ticket_tId'] = $entire_ticket['ticket_obj']->getTId();
            $result['ticket_forwardedGroupName'] = $entire_ticket['ticket_obj']->getForwardedGroupName();
            $result['ticket_forwardedGroupId'] = $entire_ticket['ticket_obj']->getForwardedGroupId();
            $result['ticket_title'] = $entire_ticket['ticket_obj']->getTitle();
            $result['ticket_timestamp'] = $entire_ticket['ticket_obj']->getTimestamp();
            $result['ticket_status'] = $entire_ticket['ticket_obj']->getStatus();
            $result['ticket_author'] = $entire_ticket['ticket_obj']->getAuthor();
            $result['ticket_prioritytext'] = $entire_ticket['ticket_obj']->getPriorityText();
            $result['ticket_priorities'] = Ticket::getPriorityArray();
            $result['ticket_priority'] = $entire_ticket['ticket_obj']->getPriority();
            $result['ticket_statustext'] = $entire_ticket['ticket_obj']->getStatusText();
            $result['ticket_lastupdate'] = Gui_Elements::time_elapsed_string(Ticket::getLatestReply($result['ticket_id'])->getTimestamp());
            $result['ticket_category'] = $entire_ticket['ticket_obj']->getCategoryName();
            $webUser = new WebUsers(Assigned::getUserAssignedToTicket($result['ticket_tId']));
            $result['ticket_assignedToText'] = $webUser->getUsername();
            $result['ticket_assignedTo'] = Assigned::getUserAssignedToTicket($result['ticket_tId']);
            $result['ticket_replies'] = Gui_Elements::make_table($entire_ticket['reply_array'], array("getTReplyId", "getContent()->getContent", "getTimestamp", "getAuthor()->getExternId", "getAuthor()->getPermission", "getHidden"), array("tReplyId", "replyContent", "timestamp", "authorExtern", "permission", "hidden"));
            $i = 0;
            global $FILE_WEB_PATH;
            $result['FILE_WEB_PATH'] = $FILE_WEB_PATH;
            global $BASE_WEBPATH;
            $result['BASE_WEBPATH'] = $BASE_WEBPATH;
            foreach ($result['ticket_replies'] as $reply) {
                $webReplyUser = new WebUsers($reply['authorExtern']);
                $result['ticket_replies'][$i]['author'] = $webReplyUser->getUsername();
                $i++;
            }
            if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                $result['isMod'] = "TRUE";
                $result['statusList'] = Ticket::getStatusArray();
                $result['sGroups'] = Gui_Elements::make_table_with_key_is_id(Support_Group::getAllSupportGroups(), array("getName"), "getSGroupId");
            }
            $result['hasInfo'] = $target_ticket->hasInfo();
            global $INGAME_WEBPATH;
            $result['ingame_webpath'] = $INGAME_WEBPATH;
            //get attachments
            $result['ticket_attachments'] = Ticket::getAttachments($result['ticket_id']);
            return $result;
        } else {
            //ERROR: No access!
            $_SESSION['error_code'] = "403";
            header("Cache-Control: max-age=1");
            header("Location: index.php?page=error");
            throw new SystemExit();
        }
    } else {
        //ERROR: not logged in!
        header("Cache-Control: max-age=1");
        header("Location: index.php");
        throw new SystemExit();
    }
}
Beispiel #22
0
/**
* This function is beign used to change the users personal info.
* It will first check if the user who executed this function is the person of whom the information is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* afterwards the current info will be loaded, which will be used to determine what to update. After updating the information, the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_info()
{
    try {
        //if logged in
        if (WebUsers::isLoggedIn()) {
            if (isset($_POST['target_id'])) {
                // check if the user who executed this function is the person of whom the information is or if it's a mod/admin.
                if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
                    if ($_POST['target_id'] == $_SESSION['id']) {
                        //if the info is of the executing user himself
                        $target_username = $_SESSION['user'];
                    } else {
                        //if the info is from someone else.
                        $webUser = new WebUsers($_POST['target_id']);
                        $target_username = $webUser->getUsername();
                    }
                    $webUser = new WebUsers($_POST['target_id']);
                    //use current info to check for changes
                    $current_info = $webUser->getInfo();
                    $current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING);
                    $current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING);
                    $current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING);
                    $current_info['Gender'] = filter_var($current_info['Gender'], FILTER_SANITIZE_NUMBER_INT);
                    $updated = false;
                    $values = array();
                    $values['user'] = $target_username;
                    //make the query that will update the data.
                    $query = "UPDATE ams_user SET ";
                    if ($_POST['FirstName'] != "" && $_POST['FirstName'] != $current_info['FirstName']) {
                        $query = $query . "FirstName = :fName ";
                        $updated = true;
                        $values['fName'] = filter_var($_POST['FirstName'], FILTER_SANITIZE_STRING);
                    }
                    if ($_POST['LastName'] != "" && $_POST['LastName'] != $current_info['LastName']) {
                        if ($updated) {
                            $query = $query . ", LastName = :lName ";
                        } else {
                            $query = $query . "LastName = :lName ";
                        }
                        $updated = true;
                        $values['lName'] = filter_var($_POST['LastName'], FILTER_SANITIZE_STRING);
                    }
                    if ($_POST['Country'] != "AA" && $_POST['Country'] != $current_info['Country']) {
                        if ($updated) {
                            $query = $query . ", Country = :country ";
                        } else {
                            $query = $query . "Country = :country ";
                        }
                        $updated = true;
                        $values['country'] = filter_var($_POST['Country'], FILTER_SANITIZE_STRING);
                    }
                    if ($_POST['Gender'] != $current_info['Gender']) {
                        if ($updated) {
                            $query = $query . ", Gender = :gender ";
                        } else {
                            $query = $query . "Gender = :gender ";
                        }
                        $updated = true;
                        $values['gender'] = filter_var($_POST['Gender'], FILTER_SANITIZE_NUMBER_INT);
                    }
                    //finish the query!
                    $query = $query . "WHERE Login = :user";
                    //if some field is update then:
                    if ($updated) {
                        //execute the query in the web DB.
                        $dbw = new DBLayer("web");
                        $dbw->execute($query, $values);
                    }
                    //reload the settings inc function before recalling the settings template.
                    global $SITEBASE;
                    require_once $SITEBASE . '/inc/settings.php';
                    $result = settings();
                    if ($updated) {
                        $result['info_updated'] = "OK";
                    }
                    $result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
                    $result['username'] = $_SESSION['user'];
                    $result['no_visible_elements'] = 'FALSE';
                    $result['target_id'] = $_POST['target_id'];
                    global $INGAME_WEBPATH;
                    $result['ingame_webpath'] = $INGAME_WEBPATH;
                    helpers::loadtemplate('settings', $result);
                    throw new SystemExit();
                } else {
                    //ERROR: permission denied!
                    $_SESSION['error_code'] = "403";
                    header("Cache-Control: max-age=1");
                    header("Location: index.php?page=error");
                    throw new SystemExit();
                }
            } else {
                //ERROR: The form was not filled in correclty
                header("Cache-Control: max-age=1");
                header("Location: index.php?page=settings");
                throw new SystemExit();
            }
        } else {
            //ERROR: user is not logged in
            header("Cache-Control: max-age=1");
            header("Location: index.php");
            throw new SystemExit();
        }
    } catch (PDOException $e) {
        //go to error page or something, because can't access website db
        print_r($e);
        throw new SystemExit();
    }
}