function validate_form()
{
$error = array();
$NumberTickets = clean_int($_POST['numberoftickets']);
$MaxMb = clean_number($_POST['MaxMb']);
$Max_Mb = clean_number($_POST['Max_Mb']);
$MaxTime = clean_int($_POST['MaxTime']);
$Max_Time = clean_int($_POST['Max_Time']);
$error[] = validate_int($NumberTickets);
if (!\Grase\Validate::numericLimit($MaxMb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $MaxMb);
}
if (!\Grase\Validate::numericLimit($Max_Mb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $Max_Mb);
}
if (!\Grase\Validate::numericLimit($MaxTime)) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $MaxTime);
}
if (!\Grase\Validate::numericLimit($Max_Time)) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $Max_Time);
}
if ((is_numeric($Max_Mb) || $_POST['Max_Mb'] == 'inherit') && is_numeric($MaxMb)) {
$error[] = T_("Only set one Data limit field");
}
if ((is_numeric($Max_Time) || $_POST['Max_Time'] == 'inherit') && is_numeric($MaxTime)) {
$error[] = T_("Only set one Time limit field");
}
// 1000 seems like a reasonable number, if someone wants it increased we can now that we can delete batches
if ($NumberTickets > 1000) {
$error[] = T_("Max of 1000 tickets per batch");
}
$error[] = validate_group($_POST['Group']);
return array_filter($error);
}
<?php
// PREDEFINED VALUE
$inspiration_id = clean_number($_REQUEST['ins_id']);
// CALL FUNCTION
$inspiration = get_inspiration($inspiration_id);
$banner = get_inspiration_images($inspiration_id);
$latest_id_img = get_latest_inspiration_image_id();
$count_images = count_inspiration_images($inspiration_id);
$products = get_products();
$featured_ct = get_inspiration_featured($inspiration_id);
$featured_js = get_inspiration_featured($inspiration_id);
$category = get_category();
/* -- FUNCTIONS -- */
if(isset($_POST['btn_edit_inspiration'])){
/* -- INSPIRATION -- */
// PREDEFINED VALUE
$name = addslashes($_POST['inspiration_name']);
$description = '';
$date_created = current_date_sql();
$active = 1;
$visibility = 1;
$sort = $_POST['order_banner'];
$category = $_POST['inspiration_category'];
$address = preg_replace("/[^a-z0-9]/i", '', $_GET['arg1']);
$confs = empty($_GET['arg2']) ? 1 : (int) $_GET['arg2'];
$ainfo = $_SESSION[$rpc_client]->listbalances($confs, array($address));
$result = remove_ep($ainfo[0]['limit']);
break;
}
case 'addresslastseen':
////////////////////////////////////////////
if (empty($_GET['arg1'])) {
die('address was not specified');
} else {
$address = preg_replace("/[^a-z0-9]/i", '', $_GET['arg1']);
$confs = empty($_GET['arg2']) ? 1 : (int) $_GET['arg2'];
$ainfo = $_SESSION[$rpc_client]->listbalances($confs, array($address));
$balance = remove_ep($ainfo[0]['balance']);
if (clean_number($balance) === '0') {
$last_used = 'unknown';
} else {
$last_used = $ainfo[0]['age'];
}
$result = $last_used;
break;
}
case 'addresscount':
////////////////////////////////////////////
$tx_stats = $_SESSION[$rpc_client]->gettxoutsetinfo();
$result = $tx_stats['accounts'];
break;
case 'getinfo':
////////////////////////////////////////////
$ginfo = $getinfo;
if (!\Grase\Validate::bandwidthOptions($groupBandwidthDownLimit[$key], bandwidth_options())) {
$error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthDownLimit[$key]);
}
if (!\Grase\Validate::bandwidthOptions($groupBandwidthUpLimit[$key], bandwidth_options())) {
$error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthUpLimit[$key]);
}
//TODO we don't validate that it's not 0, relying on HTML5 to do that
$error[] = @validate_int($groupSimultaneousUse[$key], true);
// TODO: Validate Login-Time
$error[] = @validate_uucptimerange($groupLoginTime[$key]);
$error = array_filter($error);
if (isset($groupRecurTime[$key]) xor isset($groupRecurTimeLimit[$key])) {
$error[] = sprintf(T_("Need both a time limit and recurrance for '%s'"), \Grase\Clean::text($name));
}
$groups[\Grase\Clean::groupName($name)] = array_filter(array('DataRecurTime' => \Grase\Clean::text($groupRecurData[$key]), 'DataRecurLimit' => clean_number($groupRecurDataLimit[$key]), 'TimeRecurTime' => @\Grase\Clean::text($groupRecurTime[$key]), 'TimeRecurLimit' => @clean_int($groupRecurTimeLimit[$key]), 'BandwidthDownLimit' => @clean_int($groupBandwidthDownLimit[$key]), 'BandwidthUpLimit' => @clean_int($groupBandwidthUpLimit[$key]), 'SimultaneousUse' => @clean_int($groupSimultaneousUse[$key]), 'LoginTime' => @$groupLoginTime[$key], 'IdleTimeout' => @clean_int($groupIdleTimeout[$key])));
$groupSettings[\Grase\Clean::groupName($name)] = array_filter(array('GroupName' => \Grase\Clean::groupName($name), 'Comment' => \Grase\Clean::text($groupComment[$key]), 'GroupLabel' => \Grase\Clean::text($name), 'Expiry' => @$groupExpiry[$key], 'ExpireAfter' => @$groupExpireAfter[$key], 'MaxMb' => @clean_number($groupDataLimit[$key]), 'MaxTime' => @clean_int($groupTimeLimit[$key])));
}
if (sizeof($error) == 0) {
// No errors. Save groups
foreach ($groupSettings as $attributes) {
$Settings->setGroup($attributes);
}
// Delete groups no longer referenced
foreach ($Settings->getGroup() as $oldgroup => $oldgroupsettings) {
if (!isset($groupSettings[$oldgroup])) {
$Settings->deleteGroup($oldgroup);
}
}
// Delete groups from radgroupreply not in groupExpiries...
// Deleting groups out of radgroupreply will modify current users
// Need to do check for any users still using group, if no user then delete
$conf['metriccols'] = clean_number($_GET["mc"]);
}
# Flag, whether or not to show a list of hosts
$user['showhosts'] = isset($_GET["sh"]) ? clean_number($_GET["sh"]) : NULL;
# The 'p' variable specifies the verbosity level in the physical view.
$user['physical'] = isset($_GET["p"]) ? clean_number($_GET["p"]) : NULL;
$user['tree'] = isset($_GET["t"]) ? escapeshellcmd($_GET["t"]) : NULL;
# A custom range value for job graphs, in -sec.
$user['jobrange'] = isset($_GET["jr"]) ? clean_number($_GET["jr"]) : NULL;
# A red vertical line for various events. Value specifies the event time.
$user['jobstart'] = isset($_GET["js"]) ? clean_number($_GET["js"]) : NULL;
# custom start and end
$user['cs'] = isset($_GET["cs"]) ? escapeshellcmd($_GET["cs"]) : NULL;
$user['ce'] = isset($_GET["ce"]) ? escapeshellcmd($_GET["ce"]) : NULL;
# Custom step, primarily for use in exporting the raw data from graph.php
$user['step'] = isset($_GET["step"]) ? clean_number($_GET["step"]) : NULL;
# The direction we are travelling in the grid tree
$user['gridwalk'] = isset($_GET["gw"]) ? escapeshellcmd(clean_string($_GET["gw"])) : NULL;
# Size of the host graphs in the cluster view
$user['clustergraphsize'] = isset($_GET["z"]) && in_array($_GET['z'], $conf['graph_sizes_keys']) ? escapeshellcmd($_GET["z"]) : NULL;
# A stack of grid parents. Prefer a GET variable, default to cookie.
if (isset($_GET["gs"]) and $_GET["gs"]) {
$user['gridstack'] = explode(">", rawurldecode($_GET["gs"]));
} else {
if (isset($_COOKIE['gs']) and $_COOKIE['gs']) {
$user['gridstack'] = explode(">", $_COOKIE["gs"]);
}
}
if (isset($user['gridstack']) and $user['gridstack']) {
foreach ($user['gridstack'] as $key => $value) {
$user['gridstack'][$key] = clean_string($value);
if($page != 1){
$start = ($page - 1) * $query_per_page;
}else{
$start = ($page - 1) * ($page * $query_per_page);
}
}else{
$start = 0;
}
$total_record = $record;
$total_page = ceil($total_record / $query_per_page);
if(empty($_REQUEST['shop_view'])){
$query_per_page = $query_per_page;
}else{
$query_per_page = clean_number($_REQUEST['shop_view']);
}
/* --- NORMALIZE URL PAGINATION -- */
if($page != 1 && $page > $total_page){
$tester = str_replace('page='.$page, 'page=1', CURR_URL);
$len_base_url = strlen(BASE_URL);
$len_curr_url = strlen($tester);
$normalize_url = substr($tester, $len_base_url, $len_curr_url);
safe_redirect($normalize_url);
}
if (isset($_GET["mc"]))
$conf['metriccols'] = clean_number($_GET["mc"]);
# Flag, whether or not to show a list of hosts
$user['showhosts'] = isset($_GET["sh"]) ?
clean_number( $_GET["sh"] ) : NULL;
# The 'p' variable specifies the verbosity level in the physical view.
$user['physical'] = isset($_GET["p"]) ?
clean_number( $_GET["p"] ) : NULL;
$user['tree'] = isset($_GET["t"]) ?
escapeshellcmd($_GET["t"] ) : NULL;
# A custom range value for job graphs, in -sec.
$user['jobrange'] = isset($_GET["jr"]) ?
clean_number( $_GET["jr"] ) : NULL;
# A red vertical line for various events. Value specifies the event time.
$user['jobstart'] = isset($_GET["js"]) ?
clean_number( $_GET["js"] ) : NULL;
# custom start and end
$user['cs'] = isset($_GET["cs"]) ?
escapeshellcmd($_GET["cs"]) : NULL;
$user['ce'] = isset($_GET["ce"]) ?
escapeshellcmd($_GET["ce"]) : NULL;
# The direction we are travelling in the grid tree
$user['gridwalk'] = isset($_GET["gw"]) ?
escapeshellcmd( clean_string( $_GET["gw"] ) ) : NULL;
# Size of the host graphs in the cluster view
$user['clustergraphsize'] = isset($_GET["z"]) && in_array( $_GET[ 'z' ], $conf['graph_sizes_keys'] ) ?
escapeshellcmd($_GET["z"]) : NULL;
# A stack of grid parents. Prefer a GET variable, default to cookie.
if (isset($_GET["gs"]) and $_GET["gs"])
$user['gridstack'] = explode( ">", rawurldecode( $_GET["gs"] ) );
else if ( isset($_COOKIE['gs']) and $_COOKIE['gs'])
# Default value set in conf.php, Allow URL to overrride
if (isset($_GET["hc"])) {
$hostcols = clean_number($_GET["hc"]);
}
if (isset($_GET["mc"])) {
$metriccols = clean_number($_GET["mc"]);
}
# Flag, whether or not to show a list of hosts
$showhosts = isset($_GET["sh"]) ? clean_number($_GET["sh"]) : NULL;
# The 'p' variable specifies the verbosity level in the physical view.
$physical = isset($_GET["p"]) ? clean_number($_GET["p"]) : NULL;
$tree = isset($_GET["t"]) ? escapeshellcmd($_GET["t"]) : NULL;
# A custom range value for job graphs, in -sec.
$jobrange = isset($_GET["jr"]) ? clean_number($_GET["jr"]) : NULL;
# A red vertical line for various events. Value specifies the event time.
$jobstart = isset($_GET["js"]) ? clean_number($_GET["js"]) : NULL;
# custom start and end
$cs = isset($_GET["cs"]) ? escapeshellcmd($_GET["cs"]) : NULL;
$ce = isset($_GET["ce"]) ? escapeshellcmd($_GET["ce"]) : NULL;
# The direction we are travelling in the grid tree
$gridwalk = isset($_GET["gw"]) ? escapeshellcmd(clean_string($_GET["gw"])) : NULL;
# Size of the host graphs in the cluster view
$clustergraphsize = isset($_GET["z"]) && in_array($_GET['z'], $graph_sizes_keys) ? escapeshellcmd($_GET["z"]) : NULL;
# A stack of grid parents. Prefer a GET variable, default to cookie.
if (isset($_GET["gs"]) and $_GET["gs"]) {
$gridstack = explode(">", rawurldecode($_GET["gs"]));
} else {
if (isset($_COOKIE['gs']) and $_COOKIE['gs']) {
$gridstack = explode(">", $_COOKIE["gs"]);
}
}
function clean_value($num)
{
return clean_number(float_format($num));
}
$PAGE = 'users';
require_once 'includes/pageaccess.inc.php';
require_once 'includes/session.inc.php';
require_once 'includes/misc_functions.inc.php';
$DBF = DatabaseFunctions::getInstance();
if (isset($_GET['user'])) {
$users = $DBF->getMultipleUsersDetails(array(\Grase\Clean::text($_GET['user'])));
if (!is_array($users)) {
$users = array();
}
$title = \Grase\Clean::text($_GET['user']) . ' Voucher';
} elseif (isset($_GET['batch'])) {
$batches = explode(',', $_GET['batch']);
$users = array();
foreach ($batches as $batch) {
$batch = clean_number($batch);
$usersInBatch = $DBF->getMultipleUsersDetails($Settings->getBatch($batch));
if (is_array($usersInBatch)) {
$users = array_merge($users, $usersInBatch);
}
}
// TODO: replace , with _ in below
$title = sprintf(T_('Batch_%s_details'), implode('-', $batches));
} elseif (isset($_GET['group'])) {
$groups = explode(',', $_GET['group']);
$users = array();
foreach ($groups as $group) {
$group = \Grase\Clean::groupName($group);
$usersInGroup = $DBF->getMultipleUsersDetails($DBF->getUsersByGroup($group));
if (is_array($usersInGroup)) {
$users = array_merge($users, $usersInGroup);
$vlabel = isset($_GET["vl"]) ? sanitize($_GET["vl"]) : NULL;
$graph_scale = isset($_GET["gs"]) ? sanitize($_GET["gs"]) : NULL;
$scale = isset($_GET["scale"]) ? sanitize($_GET["scale"]) : NULL;
$show_total = isset($_GET["show_total"]) ? sanitize($_GET["show_total"]) : NULL;
$value = isset($_GET["v"]) ? sanitize($_GET["v"]) : NULL;
# Max, min, critical and warning values
$max = isset($_GET["x"]) && is_numeric($_GET["x"]) ? $_GET["x"] : NULL;
$min = isset($_GET["n"]) && is_numeric($_GET["n"]) ? $_GET["n"] : NULL;
$critical = isset($_GET["crit"]) && is_numeric($_GET["crit"]) ? $_GET["crit"] : NULL;
$warning = isset($_GET["warn"]) && is_numeric($_GET["warn"]) ? $_GET["warn"] : NULL;
$sourcetime = isset($_GET["st"]) ? clean_number(sanitize($_GET["st"])) : NULL;
$load_color = isset($_GET["l"]) && is_valid_hex_color(rawurldecode($_GET['l'])) ? sanitize($_GET["l"]) : NULL;
$summary = isset($_GET["su"]) ? 1 : 0;
$debug = isset($_GET['debug']) ? clean_number(sanitize($_GET["debug"])) : 0;
$showEvents = isset($_GET["event"]) ? sanitize($_GET["event"]) : "show";
$user['time_shift'] = isset($_GET["ts"]) ? clean_number(sanitize($_GET["ts"])) : 0;
#
$user['view_name'] = isset($_GET["vn"]) ? sanitize($_GET["vn"]) : NULL;
$user['item_id'] = isset($_GET["item_id"]) ? sanitize($_GET["item_id"]) : NULL;
$command = '';
$graphite_url = '';
$user['json_output'] = isset($_GET["json"]) ? 1 : NULL;
# Request for live dashboard
if (isset($_REQUEST['live'])) {
$user['live_dashboard'] = 1;
$user['json_output'] = 1;
} else {
$user['live_output'] = NULL;
}
$user['csv_output'] = isset($_GET["csv"]) ? 1 : NULL;
$user['graphlot_output'] = isset($_GET["graphlot"]) ? 1 : NULL;
}
// LOGIN
if (isset($_POST['btn_login'])) {
/*
if($_SESSION['alert_front'] != "error"){
header("Location:http://".$_SERVER['HTTP_HOST'].get_dirname($_SERVER['PHP_SELF'])."/my-account/");
}else{
header("Location:http://".$_SERVER['HTTP_HOST'].get_dirname($_SERVER['PHP_SELF'])."/login");
}
*/
} else {
if (isset($_POST['btn_confirm'])) {
if ($_SESSION['alert'] == "error") {
header("Location:http://" . $_SERVER['HTTP_HOST'] . get_dirname($_SERVER['PHP_SELF']) . "/confirm");
} else {
header("Location:http://" . $_SERVER['HTTP_HOST'] . get_dirname($_SERVER['PHP_SELF']) . "/admin/emails/admin_confirmed.php?act=&ornum=" . clean_alphanumeric($_POST['order_number']) . "&amount=" . clean_number($_POST['order_confirm_amount']));
}
} else {
if (isset($_POST['btn_contact'])) {
header("Location:http://" . $_SERVER['HTTP_HOST'] . get_dirname($_SERVER['PHP_SELF']) . "/contact");
} else {
if (isset($_POST['btn_search'])) {
header("Location:http://" . $_SERVER['HTTP_HOST'] . get_dirname($_SERVER['PHP_SELF']) . "/shop-search/name-" . $_POST['search_bar']);
} else {
if ($_POST['btn_edit_account']) {
header("Location:http://" . $_SERVER['HTTP_HOST'] . get_dirname($_SERVER['PHP_SELF']) . "/account-details");
} else {
if ($_REQUEST['act'] == "order_/wishlist" && $_SESSION['user_id'] == null) {
header("location:http://" . $_SERVER['HTTP_HOST'] . get_dirname($_SERVER['PHP_SELF']) . "/login");
}
}
if (!\Grase\Validate::numericLimit($addMb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $addMb);
} else {
DatabaseFunctions::getInstance()->increaseUserDatalimit($username, $addMb);
DatabaseFunctions::getInstance()->setUserExpiry($username, expiry_for_group(DatabaseFunctions::getInstance()->getUserGroup($username)));
// TODO: Check return for success
$success[] = T_("Data Limit Increased");
AdminLog::getInstance()->log(sprintf(T_("Data Limit increased for %s"), $username));
}
}
// If Data Limit is changed and Not added too, Change Data Limit
if ($maxMb !== '' && !$addMb && $maxMb != clean_number($user['MaxMb'])) {
if (!\Grase\Validate::numericLimit($maxMb)) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $maxMb);
} else {
DatabaseFunctions::getInstance()->setUserDataLimit($username, clean_number($_POST['MaxMb']));
DatabaseFunctions::getInstance()->setUserExpiry($username, expiry_for_group(DatabaseFunctions::getInstance()->getUserGroup($username)));
// TODO: Check return for success
$success[] = T_("Max Data Limit Updated");
AdminLog::getInstance()->log(sprintf(T_("Max Data Limit changed for %s"), $username));
}
}
// Increase Time Limit
if ($addTime) {
if (!\Grase\Validate::numericLimit($addTime)) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $addTime);
} else {
DatabaseFunctions::getInstance()->increaseUserTimelimit($username, $addTime);
DatabaseFunctions::getInstance()->setUserExpiry($username, expiry_for_group(DatabaseFunctions::getInstance()->getUserGroup($username)));
// TODO: Check return for success
$success[] = T_("Time Limit Increased");
$x = 0;
for ($row = $_POST['first_row']; $row <= sizeof($arr); $row++) {
$sql1 = "INSERT INTO customers (";
$sql2 = " VALUES (";
for ($col = $start; $col <= sizeof($arr[$row]); $col++) {
if (isset($_POST['col_' . $col]) && $_POST['col_' . $col] != "null") {
if ($_POST['col_' . $col] == "phone") {
$phone = $arr[$row][$col];
}
$sql1 .= sanitize($_POST['col_' . $col], false) . ",";
$sql2 .= sanitize($arr[$row][$col]) . ",";
}
//echo "x".$_POST['col_'.$col].": ".$arr[$row][$col]."<br />";
}
$sql1 .= "cleaned_number,list_id) ";
$sql2 .= "'" . clean_number($phone) . "'," . sanitize($_POST['list_id']) . ")";
$sql = $sql1 . $sql2;
//echo "<!-- -->$sql<br />";
$z++;
if ($z > 100) {
$x++;
if ($x > 100) {
$x = 0;
echo "<br />";
}
$z = 0;
echo ".";
if (ob_get_length()) {
@ob_flush();
@flush();
@ob_end_flush();
function clean_int($number)
{
if (!is_numeric(clean_number($number))) {
return clean_number($number);
}
return \Grase\Util::bigIntVal(clean_number($number));
//ereg_replace("[^0-9]", "", \Grase\Clean::text($number));
}
if (isset($_GET["hc"])) {
//TODO: shouldn't set $conf from user input.
$conf['hostcols'] = clean_number($_GET["hc"]);
}
if (isset($_GET["mc"])) {
$conf['metriccols'] = clean_number($_GET["mc"]);
}
# Flag, whether or not to show a list of hosts
$user['showhosts'] = isset($_GET["sh"]) ? clean_number($_GET["sh"]) : NULL;
# The 'p' variable specifies the verbosity level in the physical view.
$user['physical'] = isset($_GET["p"]) ? clean_number($_GET["p"]) : NULL;
$user['tree'] = isset($_GET["t"]) ? escapeshellcmd($_GET["t"]) : NULL;
# A custom range value for job graphs, in -sec.
$user['jobrange'] = isset($_GET["jr"]) ? clean_number($_GET["jr"]) : NULL;
# A red vertical line for various events. Value specifies the event time.
$user['jobstart'] = isset($_GET["js"]) ? clean_number($_GET["js"]) : NULL;
# custom start and end
$user['cs'] = isset($_GET["cs"]) ? escapeshellcmd($_GET["cs"]) : NULL;
$user['ce'] = isset($_GET["ce"]) ? escapeshellcmd($_GET["ce"]) : NULL;
# The direction we are travelling in the grid tree
$user['gridwalk'] = isset($_GET["gw"]) ? escapeshellcmd(clean_string($_GET["gw"])) : NULL;
# Size of the host graphs in the cluster view
$user['clustergraphsize'] = isset($_GET["z"]) && in_array($_GET['z'], $conf['graph_sizes_keys']) ? escapeshellcmd($_GET["z"]) : NULL;
# A stack of grid parents. Prefer a GET variable, default to cookie.
if (isset($_GET["gs"]) and $_GET["gs"]) {
$user['gridstack'] = explode(">", rawurldecode($_GET["gs"]));
} else {
if (isset($_COOKIE['gs']) and $_COOKIE['gs']) {
$user['gridstack'] = explode(">", $_COOKIE["gs"]);
}
}
actually plot the charts. The rrdtool program requires that
this come *last* in the argument string; we make sure that it
is put in it's proper place. The $extras variable is used
for other arguemnts that may not fit nicely for other reasons.
Complicated requests for --color, or adding --ridgid, for example.
It is simply a way for the graph writer to add an arbitrary
options when calling rrdtool, and to forcibly override other
settings, since rrdtool will use the last version of an
option passed. (For example, if you call 'rrdtool' with
two --title statements, the second one will be used.)
See ${conf['graphdir']}/sample.php for more documentation, and
details on the common variables passed and used.
*/
// Calculate time range.
$sourcetime = isset($_GET["st"]) ? clean_number(sanitize($_GET["st"])) : NULL;
if ($sourcetime) {
$end = $sourcetime;
// Get_context makes start negative.
$start = $sourcetime + $start;
}
// Fix from Phil Radden, but step is not always 15 anymore.
if ($range == "month") {
$rrdtool_graph['end'] = floor($rrdtool_graph['end'] / 672) * 672;
}
///////////////////////////////////////////////////////////////////////////////
// Are we generating aggregate graphs
///////////////////////////////////////////////////////////////////////////////
if (isset($_GET["aggregate"]) && $_GET['aggregate'] == 1) {
// Set start time, assume that start is negative number of seconds
$start = time() + $start;
echo '<center><a href="javascript:void(0)" onclick="save_customer_details();appointment();">Create an appointment</a>';
echo "</div>";
}
if (isset($_GET['nomenu'])) {
?>
<script>
if (window.opener && !window.opener.closed) {
window.opener.location.href = "index.php";
}
</script>
<?php
}
/* ========================== */
/* Load a phone number record */
/* ========================== */
$phone_number = clean_number($_GET['phone_number']);
/* Get the details of the campaigns that relate to the job the agent is in */
$sql = "SELECT list_id FROM SmoothOperator.campaigns WHERE job_id = " . sanitize($_SESSION['job_id']);
$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
if (mysqli_num_rows($result) > 0) {
/* We have found details - extract the list ID they're working on */
$row = mysqli_fetch_assoc($result);
$list_id = $row['list_id'];
$get_number_sql = "SELECT * FROM SmoothOperator.customers WHERE cleaned_number = '{$phone_number}' and list_id = {$list_id} order by id desc limit 1";
$result = mysqli_query($connection, $get_number_sql);
if (mysqli_num_rows($result) == 0) {
/* If there is no number in that list, try doing a generic search */
$get_number_sql = "SELECT * FROM SmoothOperator.customers WHERE cleaned_number = '{$phone_number}' order by id desc limit 1";
$result = mysqli_query($connection, $get_number_sql);
}
} else {
$singleLoginOptions = array('hideheader' => array("label" => T_("Login Screen Title"), "description" => T_("Hide Title (header) from login screen"), "type" => "bool"), 'hidemenu' => array("label" => T_("Login Screen Menu"), "description" => T_("Hide Menubar from login screen"), "type" => "bool"), 'hidefooter' => array("label" => T_("Login Screen Footer"), "description" => T_("Hide footer from login screen.\n Please consider adding a link back to http://grasehotspot.org if you are hiding the footer"), "type" => "bool"), 'hidehelplink' => array("label" => T_("Help Link"), "description" => T_("Hide Help link from menu and footer"), "type" => "bool"), 'disablejavascript' => array("label" => T_("Disable Javascript Login"), "description" => T_("Force all logins to be through the less secure non-javascript method"), "type" => "bool"), 'disableallcss' => array("label" => T_("Disable All Default CSS"), "description" => T_("All css files will be excluded from the login pages, and only the css below (Main CSS) will be used"), "type" => "bool"), 'logintitle' => array("label" => T_("Page Title"), "description" => T_("The page title that is displayed on the login page"), "type" => "text"), 'autocreategroup' => array("label" => T_("Free Login Group"), "description" => T_("The group to create 'Free Login' users in. Leave blank to disable free logins"), "type" => "text"), 'freeloginbuttontext' => array("label" => T_("Free Login Button Text"), "description" => T_("Text to show on the Free Login button if enabled above. Defaults to 'Free Access'"), "type" => "text"), 'hidenormallogin' => array("label" => T_("Hide Username/Password (Voucher) login form"), "description" => T_("Hides the login form (username/password fields). Useful if you only want a free login button"), "type" => "bool"));
// Templates
$templateOptions = array('termsandconditions' => array("label" => T_("Terms and Conditions"), "description" => T_("Terms and Conditions of use (HTML) - Leave empty to not display"), "type" => "html"), 'maincss' => array("label" => T_("Main CSS"), "description" => T_("Cascading style sheet that is applied to all portal pages (use !important to override a style if your\n settings here don't seem to work, it may be that the builtin css has a more specific selector than your one\n here, look at radmin.css for id's and classes)"), "type" => "css"), 'helptext' => array("label" => T_("Help and Information Page"), "description" => T_("Help and Information page contents, leaving this blank does not remove the link, see above options for removing the link."), "type" => "html"), 'aboveloginhtml' => array("label" => T_("HTML Above login form"), "description" => T_("HTML to insert above login form (and free login)"), "type" => "html"), 'belowloginhtml' => array("label" => T_("HTML Below login form"), "description" => T_("HTML to insert below login form"), "type" => "html"), 'loggedinnojshtml' => array("label" => T_("Logged In HTML"), "description" => T_("HTML for successful login when not using javascript"), "type" => "html"));
loadLoginOptions($Settings);
if (isset($_POST['submit'])) {
foreach ($singleLoginOptions as $singleOption => $attributes) {
switch ($attributes['type']) {
default:
case "string":
$postValue = trim(\Grase\Clean::text($_POST[$singleOption]));
break;
case "int":
$postValue = trim(clean_int($_POST[$singleOption]));
break;
case "number":
$postValue = trim(clean_number($_POST[$singleOption]));
break;
case "bool":
if (isset($_POST[$singleOption])) {
$postValue = 'TRUE';
} else {
$postValue = 'FALSE';
}
break;
}
if ($postValue != $attributes['value']) {
// Update options in database
$Settings->setSetting($singleOption, $postValue);
$success[] = sprintf(T_("%s login config option update"), $attributes['label']);
}
}
$type = 'User';
}
if (isset($_POST['newmachinesubmit'])) {
$type = 'Computer';
}
if ($type == 'User') {
$user['Username'] = \Grase\Clean::username($_POST['Username']);
$user['Password'] = \Grase\Clean::text($_POST['Password']);
}
if ($type == 'Computer') {
$user['Username'] = \Grase\Clean::username($_POST['mac']);
$user['mac'] = $user['Username'];
$user['Password'] = DatabaseFunctions::getInstance()->getChilliConfigSingle('macpasswd');
}
$user['MaxMb'] = $_POST['MaxMb'];
$user['Max_Mb'] = clean_number($_POST['Max_Mb']);
if ($_POST['Max_Mb'] == 'inherit') {
$user['Max_Mb'] = 'inherit';
}
$user['MaxTime'] = $_POST['MaxTime'];
$user['Max_Time'] = clean_int($_POST['Max_Time']);
if ($_POST['Max_Time'] == 'inherit') {
$user['Max_Time'] = 'inherit';
}
$user['Group'] = \Grase\Clean::text($_POST['Group']);
$user['Expiration'] = expiry_for_group(\Grase\Clean::text($_POST['Group']));
$user['Comment'] = \Grase\Clean::text($_POST['Comment']);
// Validate details
$error = validate_form($user, $type);
if ($error) {
$templateEngine->assign("user", $user);
$self = isset($_GET["me"]) ? sanitize ( $_GET["me"] ) : NULL;
$vlabel = isset($_GET["vl"]) ? sanitize ( $_GET["vl"] ) : NULL;
$value = isset($_GET["v"]) ? sanitize ( $_GET["v"] ) : NULL;
$metric_name = isset($_GET["m"]) ? sanitize ( $_GET["m"] ) : NULL;
$max = isset($_GET["x"]) ? clean_number ( sanitize ($_GET["x"] ) ) : NULL;
$min = isset($_GET["n"]) ? clean_number ( sanitize ($_GET["n"] ) ) : NULL;
$sourcetime = isset($_GET["st"]) ? clean_number ( sanitize( $_GET["st"] ) ) : NULL;
$load_color = isset($_GET["l"]) && is_valid_hex_color( rawurldecode( $_GET[ 'l' ] ) )
? sanitize ( $_GET["l"] ) : NULL;
$summary = isset( $_GET["su"] ) ? 1 : 0;
$debug = isset( $_GET['debug'] ) ? clean_number ( sanitize( $_GET["debug"] ) ) : 0;
//
$command = '';
$graphite_url = '';
$user['json_output'] = isset($_GET["json"]) ? 1 : NULL;
$user['csv_output'] = isset($_GET["csv"]) ? 1 : NULL;
$user['flot_output'] = isset($_GET["flot"]) ? 1 : NULL;
// Get hostname
$raw_host = isset($_GET["h"]) ? sanitize ( $_GET["h"] ) : "__SummaryInfo__";
// For graphite purposes we need to replace all dots with underscore. dot is
// separates subtrees in graphite
$host = str_replace(".","_", $raw_host);
$user_detail = $_get->get_detail_customer($get_user_id->user_id);
$getCountry = $_get->getCountry();
/* --- BUTTON HANDLER --- */
if (isset($_POST['btn-edit-customer']) && $_POST['btn-edit-customer'] == 'Save Changes') {
$user_id = $user_detail->user_id;
$first_name = filter_var($_POST['fname'], FILTER_SANITIZE_STRING);
$last_name = filter_var($_POST['lname'], FILTER_SANITIZE_STRING);
$name = $first_name . ' ' . $last_name;
$user_email = filter_var($_POST['email'], FILTER_SANITIZE_STRING);
$user_phone = filter_var($_POST['phone'], FILTER_SANITIZE_STRING);
$status = filter_var($_POST['status'], FILTER_SANITIZE_STRING);
$address = filter_var($_POST['address'], FILTER_SANITIZE_STRING);
$city = filter_var($_POST['city'], FILTER_SANITIZE_STRING);
$province = filter_var($_POST['province'], FILTER_SANITIZE_STRING);
$country = filter_var($_POST['country'], FILTER_SANITIZE_STRING);
$postal_code = filter_var(clean_number($_POST['postal']), FILTER_SANITIZE_STRING);
//$count_alias = checkAlias($cid, $user_detail->user_id);
$count_alias = $_get->countUser($name, $user_detail->user_id);
//$get_user = $_get->edit_get_user($uid);
$check_email = $_get->edit_get_email($user_email, $user_detail->user_id);
if ($check_email->rows > 0) {
$page = 'customer/' . $cid;
$type = 'danger';
$msg = $user_email . ' has been taken, please input email with other valid email address';
} else {
if ($count_alias->rows > 0) {
$_count_alias = $_get->get_user($name);
if ($_count_alias->user_alias == $user_detail->user_alias) {
$alias = $user_detail->user_alias;
} else {
$alias = strrchr($_count_alias->user_alias, '-');
break;
}
$networkOptions[$selectOption] = $postValue;
}
foreach ($multiNetworkOptions as $multiOption => $attributes) {
$postValue = array();
foreach ($_POST[$multiOption] as $value) {
switch ($attributes['type']) {
case "string":
$postValue[] = \Grase\Clean::text($value);
break;
case "int":
$postValue[] = clean_int($value);
break;
case "number":
$postValue[] = clean_number($value);
break;
case "ip":
if (trim($value)) {
$postValue[] = long2ip(ip2long(trim($value)));
}
break;
}
}
$postValue = array_filter($postValue);
$networkOptions[$multiOption] = $postValue;
}
// TODO: validate network settings
$Settings->setSetting('networkoptions', serialize($networkOptions));
// Update last change timestamp if we actually changed something
//if(sizeof($success) > 0)
}
if (!(isset($vouchermaxmb[$key]) || isset($vouchermaxtime[$key]))) {
$warning[] = T_("It is not recommended having vouchers without a data or time limit");
}
// validate limits
//$error[] = validate_datalimit($groupdatalimit[$key]);
// Silence warnings (@) as we don't care if they are set or not'
if (!\Grase\Validate::numericLimit($vouchermaxtime[$key])) {
$error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $vouchermaxtime[$key]);
}
if (!\Grase\Validate::numericLimit($vouchermaxmb[$key])) {
$error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $vouchermaxmb[$key]);
}
// TODO validate groupname, it already comes in in the correct format though
$error = array_filter($error);
$vouchersettings[\Grase\Clean::groupName($name)] = array_filter(array('VoucherName' => \Grase\Clean::groupName($name), 'VoucherLabel' => \Grase\Clean::text($name), 'VoucherPrice' => @clean_number($voucherprice[$key]), 'VoucherGroup' => $vouchergroup[$key], 'MaxMb' => @clean_number($vouchermaxmb[$key]), 'MaxTime' => @clean_int($vouchermaxtime[$key]), 'Description' => @\Grase\Clean::text($voucherdesc[$key]), 'TopupVoucher' => $vouchertopup[$key] ? TRUE : FALSE, 'InitVoucher' => $voucherinit[$key] ? TRUE : FALSE));
}
if (sizeof($error) == 0) {
// No errors. Save groups
//$Settings->setSetting("groups", serialize($groupexpiries));
foreach ($vouchersettings as $attributes) {
//$Settings->setGroup($attributes);
$Settings->setVoucher($attributes);
}
// Delete vouchers no longer referenced
foreach ($Settings->getVoucher() as $oldvoucher => $oldvouchersettings) {
if (!isset($vouchersettings[$oldvoucher])) {
$Settings->deleteVoucher($oldvoucher);
}
}
$success[] = T_("Vouchers updated");
if($_POST['btn-edit-order'] == "Save Changes"){
// if(empty($_POST['chk_qty'])){
$_update->update_order_header($data_header_method, $data_header_name, $data_header_amount, $data_purchase_amount, $data_total, $data_shipping, $ship_address, $ship_country, $ship_province, $ship_city, $data_order_id);
//}else{
//update_order_header($data_header_method, $data_header_name, $data_header_amount, $data_purchase_amount, $data_total, $data_shipping, $ship_address, $ship_country, $ship_province, $ship_city, $data_order_id);
/* --- UPDATE QTY PRODUCT --- */
$items = $_POST['chk_qty'];
$data_order_detail = get_order_item($detail['order_id']);
foreach($items as $items){
$data_qty = clean_number($_POST['product_qty_'.$items]);
$_update->update_order_qty($data_qty, $items);
}
/* --- TOTAL PURCHASE --- */
/*
foreach($data_order_detail as $data_order_detail){
/* --- CALL FUNCTION --- */
/*
$temp_weight = get_order_weight($data_order_detail['type_id']);
$total_purchase_item += $data_order_detail['item_quantity'] * ($data_order_detail['item_price'] - $data_order_detail['item_discount_price']);
$total_temp_amount += $data_order_detail['item_quantity'] * $temp_weight['type_weight'];
$ex_vars .= "&filter={$filter}";
}
if ($num_pages > 1) {
$p_active = $p == 1 ? " class='active'" : '';
$nav_html = "<li{$p_active}><a href='./?address={$address}&p=1{$ex_vars}'>First</a></li>";
for ($i = $start_page; $i <= $end_page; $i++) {
$p_active = $i == $p ? " class='active'" : '';
$nav_html .= "<li{$p_active}><a href='./?address={$address}&p={$i}{$ex_vars}'>{$i}</a></li>";
}
$p_active = $p == $num_pages ? " class='active'" : '';
$nav_html .= "<li{$p_active}><a href='./?address={$address}&p={$num_pages}{$ex_vars}'>Last</a></li>";
}
$clean_bal = remove_ep($ainfo[0]['balance']);
$clean_lim = remove_ep($ainfo[0]['limit']);
$clean_fli = remove_ep($ainfo[0]['futurelimit']);
if (clean_number($clean_bal) === '0') {
$last_used = 'unknown';
} else {
$last_used = 'block ' . $ainfo[0]['age'];
}
?>
<h1>Address Details</h1><br />
<div class='row-fluid'>
<div class='span4'>
<table class='table table-striped table-condensed'>
<tr><td><b>Address:</b></td><td><?php
echo $ainfo[0]['address'];
?>
</td></tr>
<tr><td><b>Balance:</b></td><td><?php
