$var_langCode = $var_row["vLangCode"];
$var_langDesc = $var_row["vLangDesc"];
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
mysql_free_result($var_result);
} elseif ($_POST["postback"] == "A") {
if ($user_flag == 1 or $staff_flag == 1 or $admin_flag == 1 or $parser_flag == 1) {
$var_message = TEXT_ENABLE_WRITE_PERMISSION;
$flag_msg = 'class="msg_error"';
} else {
$var_langCode = trim($_POST["txtLangCode"]);
$var_langDesc = trim($_POST["txtLangDesc"]);
if (isValidlangcode($var_langCode) and isValidlangcode($var_langDesc)) {
if (validateAddition($var_langCode, $var_langDesc) == true) {
/* copy language file to folder*/
$totalfile = 0;
$numberoffileinen_admin = getnumfiles("./languages/en/");
$totalfile = 0;
$numberoffileinen_staff = getnumfiles("../staff/languages/en/");
$totalfile = 0;
$numberoffileinen_user = getnumfiles("../languages/en/");
$totalfile = 0;
$totalfile = 0;
$numberoffileinen_parser = getnumfiles("../parser/languages/en/");
$dfen = number_format(getsize("./languages/en/"), 0, ',', '');
$stafffilemissing = 0;
$adminfilemissing = 0;
$userfilemissing = 0;
$parserfilemissing = 0;
function validateUpdation()
{
global $var_time;
if (validateAddition() == false) {
return false;
} else {
return true;
}
}
} else {
$var_id = "";
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
}
} elseif ($_POST["postback"] == "A") {
$var_title = trim($_POST["txtTitle"]);
$var_desc = trim($_POST["txtDesc"]);
$dup_flag = 0;
//check duplicate name template title to block page refrsh
$sql = "select * from sptbl_templates WHERE vTemplateTitle ='" . mysql_real_escape_string($var_title) . "'";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
$dup_flag = 1;
}
if (validateAddition() == true and $dup_flag == 0) {
$sql = "Insert into sptbl_templates (nTemplateId,vTemplateTitle,dDate,tTemplateDesc,nStaffId,vStatus";
$sql .= ") Values('','" . mysql_real_escape_string($var_title) . "',now(),'" . mysql_real_escape_string($var_desc) . "','{$var_staffid}','1')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Templates','" . mysql_real_escape_string($var_insert_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = 'class="msg_success"';
$var_title = "";
$var_desc = "";
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
$file_uploaded = 0;
} else {
if (!is_uploaded_file($_FILES['txtExtensionFile']['tmp_name']) or trim(mysql_real_escape_string($_POST["txtExtension"])) == "") {
$var_message = TXT_FILE_NOT_UPLOADED;
$flag_msg = 'class="msg_error"';
$file_uploaded = 0;
} else {
$file_type = $_FILES['txtExtensionFile']['type'];
//echo "filetype==$file_type";
$file_uploaded = 1;
}
}
if ($file_uploaded == 1) {
$fileext_type = mysql_real_escape_string($_POST["txtExtension"]) . "|" . $file_type;
if (validateAddition(mysql_real_escape_string($fileext_type))) {
$sql = "Insert into sptbl_lookup(nLookUpId,vLookUpName,vLookUpValue) values('','Attachments','" . $fileext_type . "')";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Lookup/Attachment','" . mysql_real_escape_string($_POST["txtExtension"]) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = 'class="msg_success"';
} else {
$var_message = MESSAGE_RECORD_DUPLICATE;
$flag_msg = 'class="msg_error"';
}
}
}
$var_styleminus = $_GET["styleminus"];
$var_stylename = $_GET["stylename"];
$var_styleplus = $_GET["styleplus"];
} else {
$var_styleminus = $_POST["styleminus"];
$var_stylename = $_POST["stylename"];
$var_styleplus = $_POST["styleplus"];
}
$var_staffid = $_SESSION["sess_staffid"];
$var_message = "";
if ($_POST["postback"] == "A") {
$var_title = $_POST["txtTitle"];
$var_description = $_POST["txtDescription"];
$var_status = $_POST["rdSts"];
$var_date = date("Y-m-d");
if (validateAddition() == true) {
//Insert into the company table
$sql = "Insert into sptbl_cannedmessages(nMsgId,vTitle,vDescription,vStatus,nStaffId,dDate)";
$sql .= " Values('','" . mysql_real_escape_string($var_title) . "','" . mysql_real_escape_string($var_description) . "','" . mysql_real_escape_string($var_status) . "','" . mysql_real_escape_string($var_staffid) . "',\r\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_date) . "')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . mysql_real_escape_string(TEXT_ADDITION) . "','Canned Message','{$var_insert_id}',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = "class='msg_success'";
//Send mail with the password to the user here
} else {
$var_message = MESSAGE_RECORD_ERROR;
break;
default:
$file_name = $uploadstatus;
break;
}
$sql = "SELECT nCSSId FROM sptbl_css WHERE vCSSName ='" . mysql_real_escape_string($var_desc) . "'";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
if ($file_name != "") {
unlink("../styles/" . $file_name);
}
$dup_flag = 1;
}
if ($dup_flag == 1) {
$var_message = "<font color=red>Specified theme already exists, please use another name.</font>";
} elseif (validateAddition() == true and $errorcode == "") {
//Insert into the downloads table
$file_name = "styles/" . $file_name;
$sql = "Insert into sptbl_css(nCSSId,vCSSName,vCSSURL,dDate";
$sql .= ") Values('','" . mysql_real_escape_string($var_desc) . "','" . mysql_real_escape_string($file_name) . "',now())";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','CSS','" . mysql_real_escape_string($var_insert_id) . "',now())";
executeQuery($sql, $conn);
}
$var_desc = "";
$var_message = MESSAGE_RECORD_ADDED;
} else {
$var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . $errorcode . "</font>";
case "IF":
$errorcode = MESSAGE_UPLOAD_ERROR_6;
break;
default:
$file_name = $uploadstatus;
break;
}
$sql = "SELECT nDLId FROM sptbl_downloads WHERE vDescription ='" . mysql_real_escape_string($var_desc) . "'";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
if ($file_name != "") {
unlink("../downloads/" . $file_name);
}
$dup_flag = 1;
}
if (validateAddition() == true and $errorcode == "" and $dup_flag == 0) {
//Insert into the downloads table
$file_name = "downloads/" . $file_name;
$sql = "Insert into sptbl_downloads(nDLId,vDescription,vURL,dPostdate,vType";
$sql .= ") Values('','" . mysql_real_escape_string($var_desc) . "','" . mysql_real_escape_string($file_name) . "',now(),'1')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Downloads','" . mysql_real_escape_string($var_insert_id) . "',now())";
executeQuery($sql, $conn);
}
$var_desc = "";
$var_message = MESSAGE_RECORD_ADDED;
} else {
$var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . $errorcode . "</font>";
$var_staffLogin = $_POST["txtStaffLogin"];
$var_password = $_POST["txtPassword"];
$var_email = $_POST["txtEmail"];
$var_yim = $_POST["txtYim"];
$var_smsMail = $_POST["txtSmsMail"];
$var_mobile = $_POST["txtMobile"];
$var_cssId = $_POST["cmbCssId"];
$var_refreshRate = $_POST["cmbRefresh"];
settype($var_refreshRate, integer);
$var_notifyAssign = $_POST["rdNotifyAssign"] == "1" ? $_POST["rdNotifyAssign"] : "0";
$var_notifyPvtMsg = $_POST["rdNotifyPvtMsg"] == "1" ? $_POST["rdNotifyPvtMsg"] : "0";
$var_notifyKB = $_POST["rdNotifyKB"] == "1" ? $_POST["rdNotifyKB"] : "0";
$var_watcher = $_POST["rdWatcher"] == "1" ? $_POST["rdWatcher"] : "0";
$var_notifyArrival = $_POST["rdNotifyArrival"] == "1" ? $_POST["rdNotifyArrival"] : "0";
$var_signature = $_POST["txtSignature"];
$addition_flag = validateAddition();
if ($addition_flag == 1) {
if (!isUniqueEmail($var_email)) {
$var_message = MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = 'class="msg_error"';
} else {
//Insert into the company table
$sql = "Insert into sptbl_staffs(nStaffId,vStaffname,vLogin,vPassword,vOnline,vMail,vYIM,vSMSMail,vMobileNo,nCSSId,nRefreshRate,nNotifyAssign,";
$sql .= "nNotifyPvtMsg,nNotifyKB,nNotifyArrival,vType,nWatcher,tSignature) Values('','" . mysql_real_escape_string($var_staffName) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_staffLogin) . "','" . md5($var_password) . "','0','" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_yim) . "','" . mysql_real_escape_string($var_smsMail) . "','" . mysql_real_escape_string($var_mobile) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_cssId) . "','" . mysql_real_escape_string($var_refreshRate) . "','" . $var_notifyAssign . "',\n\t\t\t\t\t\t'" . $var_notifyPvtMsg . "','" . $var_notifyKB . "','" . $var_notifyArrival . "','S',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_watcher) . "','" . mysql_real_escape_string($var_signature) . "')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
$sql = "Insert into sptbl_stafffields(nStaffId,nFieldId) Values('{$var_insert_id}','1'),('{$var_insert_id}','2'),('{$var_insert_id}','3'),('{$var_insert_id}','4')";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Staff','{$var_insert_id}',now())";
$var_companyid = trim($_POST["cmbCompany"]);
$var_parentid = trim($_POST["cmbParentDepartment"]);
$var_deptname = trim($_POST["txtDepartmentName"]);
$var_email = trim($_POST["txtEmail"]);
$var_deptcode = trim($_POST["txtDeptCode"]);
$var_responsetime = trim($_POST["txtResponseTime"]);
$dup_flag = 0;
//check duplicate name department name
//$sql="SELECT nDeptId FROM sptbl_depts WHERE nCompId=$var_companyid and nDeptParent=$var_parentid and vDeptDesc='".mysql_real_escape_string($var_deptname) . "'";
$sql = "SELECT nDeptId FROM sptbl_depts WHERE (nCompId={$var_companyid} and nDeptParent={$var_parentid} and vDeptDesc='" . mysql_real_escape_string($var_deptname) . "') or ";
$sql .= " (nCompId={$var_companyid} and vDeptCode='" . mysql_real_escape_string($var_deptcode) . "') ";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
$dup_flag = 1;
}
if (validateAddition($var_parentid) == true and $dup_flag == 0) {
if (!isUniqueEmail($var_email)) {
$var_message = MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = 'class="msg_error"';
} else {
//Insert into the company table
$sql = "Insert into sptbl_depts(nDeptId,nCompId,vDeptDesc,nDeptParent,vDeptMail,vDeptCode,nResponseTime";
$sql .= ") Values('','" . mysql_real_escape_string($var_companyid) . "','" . mysql_real_escape_string($var_deptname) . "','" . mysql_real_escape_string($var_parentid) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_deptcode) . "','" . mysql_real_escape_string($var_responsetime) . "')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Department','" . mysql_real_escape_string($var_insert_id) . "',now())";
executeQuery($sql, $conn);
}
//insert into staff assign
}
mysql_free_result($var_result);
} elseif ($_POST["postback"] == "A") {
$var_companyName = trim($_POST["txtCompanyName"]);
$var_address1 = trim($_POST["txtAddress1"]);
$var_address2 = trim($_POST["txtAddress2"]);
$var_city = trim($_POST["txtCity"]);
$var_state = trim($_POST["txtState"]);
$var_phone = trim($_POST["txtPhone"]);
$var_fax = trim($_POST["txtFax"]);
$var_email = trim($_POST["txtEmail"]);
$var_zip = trim($_POST["txtZip"]);
$var_contact = trim($_POST["txtContact"]);
$var_country = trim($_POST["cmbCountry"]);
$var_message = "";
if (validateAddition($var_email, $var_message) == true) {
//Insert into the company table
$sql = "Insert into sptbl_companies(nCompId,vCompName,vCompAddress1,vCompAddress2,vCompCity,vCompState,nCompZip,vCompCountry,vCompPhone,";
$sql .= "vCompFax,vCompMail,vCompContact) Values('','" . mysql_real_escape_string($var_companyName) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_address1) . "','" . mysql_real_escape_string($var_address2) . "','" . mysql_real_escape_string($var_city) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_state) . "','" . mysql_real_escape_string($var_zip) . "','" . mysql_real_escape_string($var_country) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_phone) . "','" . mysql_real_escape_string($var_fax) . "','" . mysql_real_escape_string($var_email) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_contact) . "')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Company','{$var_insert_id}',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = 'class="msg_success"';
$var_companyName = "";
$var_address1 = "";
$var_address2 = "";
$var_date = $var_row["ddate"];
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = "class='msg_error'";
}
mysql_free_result($var_result);
} elseif ($_POST["postback"] == "A") {
$var_userName = $_POST["txtUserName"];
$var_userLogin = $_POST["txtUserLogin"];
$var_password = $_POST["txtPassword"];
$var_online = "";
$var_email = $_POST["txtEmail"];
$var_banned = $_POST["rdBanned"] == "1" ? $_POST["rdBanned"] : "0";
$var_compId = $_POST["cmbCompanyId"];
$var_date = date("m-d-Y h:i:s");
$validate_msg = validateAddition();
if ($validate_msg != "failure" && strlen($validate_msg) < 8) {
if (isUniqueEmailUser($var_email, 0, $var_compId)) {
//Insert into the company table
$sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,ddate,vOnline,";
$sql .= "vBanned,vDelStatus) Values('','" . mysql_real_escape_string($var_compId) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_userName) . "','" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_userLogin) . "',\n\t\t\t\t\t\t'" . md5($var_password) . "',now(),'0','0','0')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . mysql_real_escape_string(TEXT_ADDITION) . "','Users','{$var_insert_id}',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = "class='msg_success'";
//Send mail with the password to the user here
}
mysql_free_result($var_result);
} elseif ($_POST["postback"] == "A") {
// Inserting New Rule
$ruleName = trim($_POST["txtRuleName"]);
$comapny = trim($_POST["txtCompany"]);
$dept = trim($_POST["txtDept"]);
$staff = trim($_POST["txtStaff"]);
$settings = trim($_POST["settings"]);
$txtResponseSetting = trim($_POST["txtResponseSetting"]);
$var_message = "";
$Time_settings = $settings == 'T' ? "Y" : "N";
$Count_settings = $settings == 'C' ? "Y" : "N";
$txtTime = $Time_settings == 'Y' ? $txtResponseSetting : "";
$txtCount = $Count_settings == 'Y' ? $txtResponseSetting : "";
if (validateAddition($ruleName, $var_message) == true) {
//Insert into the company table
$sql = "Insert into sptbl_escalationrules(nERId,vRuleName,nCompId,nDeptId,eRespTimeSetting,eRespCountSetting,nResponseTime,nResponseCount,nStaffId,";
$sql .= "nStatus) Values('','" . mysql_real_escape_string($ruleName) . "',\n\t\t\t\t\t'" . mysql_real_escape_string($comapny) . "','" . mysql_real_escape_string($dept) . "','" . mysql_real_escape_string($Time_settings) . "',\n\t\t\t\t\t'" . mysql_real_escape_string($Count_settings) . "','" . mysql_real_escape_string($txtTime) . "','" . mysql_real_escape_string($txtCount) . "',\n\t\t\t\t\t'" . mysql_real_escape_string($staff) . "','0')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = 'class="msg_success"';
$ruleName = "";
$comapny = "";
$dept = "";
$staff = "";
$settings = "";
$txtResponseSetting = "";
$var_id = "";
} else {
$var_message = MESSAGE_USER_NOTEXIST;
$flag_msg = 'class="msg_error"';
}
mysql_free_result($var_result);
} elseif ($_POST["postback"] == "A") {
$var_userName = $_POST["txtUserName"];
$var_userLogin = $_POST["txtUserLogin"];
$var_password = $_POST["txtPassword"];
$var_online = "";
$var_email = $_POST["txtEmail"];
$var_banned = $_POST["rdBanned"] == "1" ? $_POST["rdBanned"] : "0";
$var_compId = $_POST["cmbCompanyId"];
$var_date = date("m-d-Y h:i:s");
$var_active = $_POST["rdActive"] == "1" ? $_POST["rdActive"] : "0";
$addition_flag = validateAddition();
if (validateAddition() == 1) {
if (!isUniqueEmailUser($var_email, 0, $var_compId)) {
$var_message = MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = 'class="msg_error"';
} else {
//Insert into the company table
$sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,ddate,vOnline,";
$sql .= "vBanned,vDelStatus) Values('','" . mysql_real_escape_string($var_compId) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_userName) . "','" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_userLogin) . "',\n\t\t\t\t\t\t'" . md5($var_password) . "',now(),'0','{$var_banned}','{$var_active}')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Users','{$var_insert_id}',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
for ($i = 0; $i < count($_POST["chk"]); $i++) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Lookup/ExtraStatus','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())";
executeQuery($sql, $conn);
}
}
$var_message = MESSAGE_RECORD_DELETED;
$flag_msg = "class='msg_success'";
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = "class='msg_error'";
}
} elseif ($_POST["postback"] == "A") {
if (validateAddition(mysql_real_escape_string($_POST["txtExtraStatus"]))) {
$sql = "Insert into sptbl_lookup(nLookUpId,vLookUpName,vLookUpValue) values('','ExtraStatus','" . mysql_real_escape_string($_POST["txtExtraStatus"]) . "')";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Lookup/ExtraStatus','" . mysql_real_escape_string($_POST["txtExtraStatus"]) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = "class='msg_success'";
} else {
$var_message = MESSAGE_STATUS_ABORTED;
$flag_msg = "class='msg_error'";
}
}
function validateDeletion($var_list, $fl)
