function subscribe($VAR)
{
$LIMIT_SECONDS = 120;
global $C_debug, $C_translate;
### Include the validation class
include_once PATH_CORE . 'validate.inc.php';
### store the details in a temporary database, and email the user
### a link with the time() string from the creation date of the
### record
### Check that the required variables are set:
if (!isset($VAR['newsletter_id']) || gettype($VAR['newsletter_id']) != 'array') {
if (isset($VAR['newsletter_type'])) {
#ERROR!
$C_debug->alert($C_translate->translate('subscribe_newsletter_req', 'newsletter', ''));
return;
} else {
return;
}
}
$newsletter_id = @$VAR['newsletter_id'];
if (isset($VAR['newsletter_html'])) {
$html = 1;
} else {
$html = 0;
}
if (isset($VAR['newsletter_type'])) {
if (empty($VAR['newsletter_first_name'])) {
#### ERROR!
if (isset($VAR['newsletter_type'])) {
$C_debug->alert($C_translate->translate('subscribe_name_req', 'newsletter', ''));
}
return;
}
$validate = new CORE_validate();
if (empty($VAR['newsletter_email']) || !$validate->validate_email($VAR['newsletter_email'], '')) {
### ERROR!
if (isset($VAR['newsletter_type'])) {
$C_debug->alert($C_translate->translate('subscribe_email_req', 'newsletter', ''));
}
return;
}
$first_name = @$VAR['newsletter_first_name'];
$last_name = @$VAR['newsletter_last_name'];
$email = @$VAR['newsletter_email'];
} else {
if (!isset($VAR['account_first_name']) || $VAR['account_first_name'] == '') {
return;
}
$validate = new CORE_validate();
if (!isset($VAR['account_email']) || $validate->validate_email($VAR['account_email'], '') == false) {
return;
}
$first_name = @$VAR['account_first_name'];
$last_name = @$VAR['account_last_name'];
$email = @$VAR['account_email'];
}
### Check that this email has not been requested already
### In the last 60 seconds
$db =& DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field1 = ' . $db->qstr($email);
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
$limit = $result->fields['date_orig'] + $LIMIT_SECONDS;
if ($limit > time()) {
### ERROR!
if (isset($VAR['newsletter_type'])) {
$error1 = $C_translate->translate("subscribe_spam_limit", "newsletter", "");
$error = ereg_replace('%limit%', "{$LIMIT_SECONDS}", $error1);
$C_debug->alert($error);
}
return;
} else {
### Delete the old request
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field1 = ' . $db->qstr($email);
$db->Execute($sql);
}
}
#####################################################
### Ok to continue:
$now = time();
$expire = time() + 86400 * 3;
$data = serialize(array('html' => $html, 'email' => $email, 'first_name' => $first_name, 'last_name' => $last_name, 'newsletter_id' => $newsletter_id, 'var' => base64_encode(serialize(@$VAR['static_relation']))));
#####################################################
### Create the temporary DB Record:
$db =& DB();
$id = $db->GenID(AGILE_DB_PREFIX . "" . 'temporary_data_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'temporary_data SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($id) . ',
date_orig = ' . $db->qstr($now) . ',
date_expire = ' . $db->qstr($expire) . ',
field1 = ' . $db->qstr($email) . ',
data = ' . $db->qstr($data);
$result = $db->Execute($sql);
#####################################################
### Send the subscription confirmation email :
$E['html'] = 0;
$E['priority'] = 0;
$E['to_email'] = $email;
$E['to_name'] = $first_name;
global $C_translate;
$E['body_text'] = $C_translate->translate('subscribe_body', 'newsletter', '');
$E['subject'] = $C_translate->translate('subscribe_subj', 'newsletter', '');
$E['body_text'] = eregi_replace('%name%', $first_name, $E['body_text']);
$E['body_text'] = eregi_replace('%email%', $email, $E['body_text']);
$E['body_text'] = eregi_replace('%confirm_url%', URL . '?_page=newsletter:subscribe_confirm&email=' . $email . '&validate=' . $now, $E['body_text']);
$E['body_text'] = eregi_replace('%site_name%', SITE_NAME, $E['body_text']);
#####################################################
### Get the setup email settings:
$db =& DB();
$q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL);
$setup_email = $db->Execute($q);
if ($setup_email->fields['type'] == 0) {
$type = 0;
} else {
$type = 1;
$E['server'] = $setup_email->fields['server'];
$E['account'] = $setup_email->fields['username'];
$E['password'] = $setup_email->fields['password'];
}
$E['from_name'] = $setup_email->fields['from_name'];
$E['from_email'] = $setup_email->fields['from_email'];
######################################################
### SEND THE MESSAGE!
require_once PATH_CORE . 'email.inc.php';
$email = new CORE_email();
if ($type == 0) {
### SEND THE MESSAGE
$email->PHP_Mail($E);
} else {
### SEND TEXT VERSION
$email->SMTP_Mail($E);
}
#####################################################
### Success message!
if (isset($VAR['newsletter_type'])) {
$message = $C_translate->translate('subscribe_confirm', 'newsletter', '');
$C_debug->alert($message);
}
}
function contact($VAR)
{
global $C_translate, $C_debug, $C_vars;
## Validate the required vars (account_id, message, subject)
if (@$VAR['mail_email'] != "" && @$VAR['mail_name'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "") {
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
if (!$validate->validate_email($VAR['mail_email'], '')) {
$C_debug->alert($C_translate->translate('validate_email', '', ''));
$C_vars->strip_slashes_all();
return;
}
@($s = $VAR['mail_staff_id']);
@($d = $VAR['mail_department_id']);
if ($s > 0) {
## Nothing to do
} else {
if ($d > 0) {
## Verify the specified department && get the associated account:
$db =& DB();
$sql = 'SELECT default_staff_id FROM ' . AGILE_DB_PREFIX . 'staff_department WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($d);
$dept = $db->Execute($sql);
if ($dept->RecordCount() == 0) {
$C_debug->alert($C_translate->translate('error_dept_non_exist', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
$s = $dept->fields['default_staff_id'];
} else {
## staff/dept not specified
$C_debug->alert($C_translate->translate('error_staff_dept', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
}
## Verify the specified staff account && get the associated account:
$db =& DB();
$sql = 'SELECT account_id FROM ' . AGILE_DB_PREFIX . 'staff WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($s);
$staff = $db->Execute($sql);
if ($staff->RecordCount() == 0) {
$C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
$account_id = $staff->fields['account_id'];
$sql = 'SELECT email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$account = $db->Execute($sql);
if ($account->RecordCount() == 0) {
$C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
### Validate any static vars, if defined
$this->validated = true;
if (!empty($VAR['static_relation'])) {
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form('staff', $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
# Get the fields and values and append to the message text...
while (list($id, $value) = each($VAR['static_relation'])) {
if (!empty($value) && !empty($id)) {
# Get the name:
$db =& DB();
$sql = "SELECT static_var_id FROM " . AGILE_DB_PREFIX . "static_relation WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE);
$rs = $db->Execute($sql);
$var_id = $rs->fields['static_var_id'];
$sql = "SELECT name FROM " . AGILE_DB_PREFIX . "static_var WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($var_id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE);
$rs = $db->Execute($sql);
$name = $rs->fields['name'];
$ul = preg_replace("/\\./", "-", $name);
$VAR['mail_message'] .= "\r\n\r\n";
$VAR['mail_message'] .= "{$ul}";
$VAR['mail_message'] .= "\r\n";
$VAR['mail_message'] .= "{$name}";
$VAR['mail_message'] .= "\r\n";
$VAR['mail_message'] .= "{$ul}";
$VAR['mail_message'] .= "\r\n";
$VAR['mail_message'] .= "{$value}";
}
}
}
}
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
################################################################
## OK to send the email:
$E['from_html'] = true;
$E['from_name'] = $VAR['mail_name'];
$E['from_email'] = $VAR['mail_email'];
$db =& DB();
$q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL);
$setup_email = $db->Execute($q);
$E['priority'] = $VAR['mail_priority'];
$E['html'] = '0';
$E['subject'] = $VAR['mail_subject'];
$E['body_text'] = $VAR['mail_message'];
$E['to_email'] = $account->fields['email'];
$E['to_name'] = $account->fields['first_name'];
if ($setup_email->fields['type'] == 0) {
$type = 0;
} else {
$type = 1;
$E['server'] = $setup_email->fields['server'];
$E['account'] = $setup_email->fields['username'];
$E['password'] = $setup_email->fields['password'];
}
if ($setup_email->fields['cc_list'] != '') {
$E['cc_list'] = explode(',', $setup_email->fields['cc_list']);
}
if ($setup_email->fields['bcc_list'] != '') {
$E['bcc_list'] = explode(',', $setup_email->fields['bcc_list']);
}
### Call the mail() or smtp() function to send
require_once PATH_CORE . 'email.inc.php';
$email = new CORE_email();
if ($type == 0) {
$email->PHP_Mail($E);
} else {
$email->SMTP_Mail($E);
}
} else {
## Error message:
$C_debug->alert($C_translate->translate('error_req_fields', 'staff', ''));
$C_vars->strip_slashes_all();
return;
}
## Success message:
$C_debug->alert($C_translate->translate('mail_sent', 'staff', ''));
# Stripslashes
$C_vars->strip_slashes_all();
}
function user_add($VAR)
{
$this->construct();
global $C_debug, $C_translate, $C_vars, $smarty;
### Strip Slashes
global $VAR;
$C_vars->strip_slashes_all();
####################################################################
### Check that the required fields are set:
### ticket_department_id, ticket_subject, ticket_body
####################################################################
$fields = array('priority', 'department_id', 'subject', 'body');
for ($i = 0; $i < count($fields); $i++) {
$field = $fields[$i];
$field_name = $this->table . '_' . $field;
if (!isset($VAR["{$field_name}"]) || trim($VAR["{$field_name}"]) == "") {
$this->val_error[] = array('field' => $this->table . '_' . $field, 'field_trans' => $C_translate->translate('field_' . $field, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form($this->module, $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
}
### Validate e-mail
if (!SESS_LOGGED) {
include_once PATH_CORE . 'validate.inc.php';
$C_validate = new CORE_validate();
if (empty($VAR['ticket_email'])) {
$this->validated = false;
$smarty->assign('ticket_email', true);
$all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_any', "", ""));
} elseif (!$C_validate->validate_email(@$VAR['ticket_email'], false)) {
$this->validated = false;
$smarty->assign('ticket_email', true);
$all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_email', "", ""));
}
$this->email = $VAR['ticket_email'];
} else {
# Get the e-mail addy from the user's account
$db =& DB();
$sql = 'SELECT email FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(SESS_ACCOUNT);
$result = $db->Execute($sql);
$VAR['ticket_email'] = $result->fields['email'];
$this->email = $result->fields['email'];
}
###################################################################
### Check that the user is authorized for this department
$db =& DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'ticket_department WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['ticket_department_id']) . ' AND
status = ' . $db->qstr('1');
$result = $db->Execute($sql);
if ($result->RecordCount() == 0) {
###################################################################
### ERROR: The selected department is inactive or invalid
$C_debug->alert($C_translate->translate('department_invalid', 'ticket', ''));
return false;
}
global $C_auth;
$i = 0;
$dept_auth = false;
while (!$result->EOF) {
$arr = unserialize($result->fields['group_id']);
if (!SESS_LOGGED) {
### Check if the specified department is authorized for the 'All Users' group (0):
for ($i = 0; $i < count($arr); $i++) {
if ($arr[$i] == '0') {
$dept_auth = true;
}
}
if (!$dept_auth) {
$C_debug->alert($C_translate->translate('login_required', '', ''));
return false;
}
} else {
for ($i = 0; $i < count($arr); $i++) {
if ($C_auth->auth_group_by_id($arr[$i])) {
$dept_auth = true;
}
}
}
$result->MoveNext();
}
if (!$dept_auth) {
###################################################################
### ERROR: The current user does not have access to the selected department!
$C_debug->alert($C_translate->translate('department_not_auth', 'ticket', ''));
return false;
} else {
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
###################################################################
### Assemble the SQL & Insert the ticket
$db =& DB();
$id = $db->GenID(AGILE_DB_PREFIX . 'ticket_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'ticket SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($id) . ',
date_orig = ' . $db->qstr(time()) . ',
date_last = ' . $db->qstr(time()) . ',
date_expire = ' . $db->qstr(time() + 86400 * 7) . ',
account_id = ' . $db->qstr(SESS_ACCOUNT) . ',
department_id=' . $db->qstr($VAR['ticket_department_id']) . ',
status = ' . $db->qstr(0) . ',
last_reply = 0,
priority = ' . $db->qstr($VAR['ticket_priority']) . ',
subject = ' . $db->qstr($VAR['ticket_subject']) . ',
email = ' . $db->qstr($VAR['ticket_email']) . ',
body = ' . $db->qstr(htmlspecialchars($VAR['ticket_body']));
$result = $db->Execute($sql);
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('ticket.inc.php', 'user_add', $db->ErrorMsg());
return false;
}
###################################################################
### Insert the static vars...
$static_var->add($VAR, $this->module, $id);
###################################################################
### Mail the user the new_ticket email template
require_once PATH_MODULES . 'email_template/email_template.inc.php';
$VAR['email'] = trim($this->email);
$VAR['key'] = $this->key($this->email);
$my = new email_template();
$my->send('ticket_user_add', $this->email, $id, '', '');
unset($VAR['key']);
unset($VAR['email']);
###################################################################
### Get any staff members who should be mailed
$db =& DB();
$sql = 'SELECT id,account_id,department_avail FROM ' . AGILE_DB_PREFIX . 'staff
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
notify_new = ' . $db->qstr("1");
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
while (!$result->EOF) {
@($avail = unserialize($result->fields['department_avail']));
for ($i = 0; $i < count($avail); $i++) {
if ($avail[$i] == $VAR['ticket_department_id']) {
###################################################################
### Mail staff members the new_ticket email template
$my = new email_template();
$my->send('ticket_user_add_staff', $result->fields['account_id'], $id, $avail[$i], 'sql3');
$i = count($avail);
}
}
$result->MoveNext();
}
}
}
global $C_debug, $C_translate;
$C_debug->alert($C_translate->translate('user_add_success', 'ticket', ''));
}
