function array_sort($array, $direction = "asc", $key = false) { global $_josh; $_josh["sort_key"] = $key ? $key : array_shift(array_keys($array[0])); error_debug("<b>arraySort</b> running for {$key}"); usort($array, "arrayKeyCompare" . format_title($direction)); return $array; }
function email($to, $message, $subject = "Email from Your Website", $from = false) { global $_josh; error_debug("<b>email </b> sending message to <i>" . $to . "</i> with subject " . $subject); $headers = "MIME-Version: 1.0" . $_josh["newline"]; $headers .= "Content-type: text/html; charset=iso-8859-1" . $_josh["newline"]; if (!$from) { if (isset($_josh["email_default"])) { $from = $_josh["email_default"]; } else { error_handle("email from address missing", "please call this function with a from address, or specify one in the config file.", true); } } $to = format_email($to); $headers .= "From: " . format_email($from) . $_josh["newline"]; if (!mail($to, $subject, $message, $headers)) { error_handle("email not sent", "sorry, an unexpected error occurred while sending your mail.", true); } return true; }
function emailITticket($id, $scenario, $admin = false, $debug = false) { global $_josh, $page; $ticket = db_grab('SELECT u.id, (SELECT COUNT(*) FROM users_to_modules a WHERE a.user_id = u.id AND a.module_id = 3) isUserAdmin, t.title, t.created_user, t.description, t.departmentID, ISNULL(u.nickname, u.firstname) first, u.lastname last, u.email, ' . db_updated('u') . ', t.created_date, t.priorityID, t.statusID, d.shortName department, t.type_id, y.description type, u2.email as ownerEmail, t.ownerID, ISNULL(u2.nickname, u2.firstname) as ownerName FROM helpdesk_tickets t LEFT JOIN helpdesk_tickets_types y ON t.type_id = y.id JOIN users u ON t.created_user = u.id JOIN departments d ON t.departmentID = d.departmentID LEFT JOIN users u2 ON t.ownerID = u2.id WHERE t.id = ' . $id); //yellow box if ($scenario == "followup") { $subject = "Followup On Your Helpdesk Ticket"; $message = drawMessage('There\'s been followup on your Helpdesk ticket - please see below. <b>Don\'t reply to this email!</b> Instead, please ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view your ticket') . ' in the intranet ticketing system.<br><br><b>Note:</b> if you add this sender to your "safe senders list," pictures will always download.'); } elseif ($scenario == "followupadmin") { $subject = "Admin Followup on Helpdesk Ticket"; $message = drawMessage(draw_link('/staff/view.php?id=' . user(), $_SESSION['full_name']) . ' just made an administrative followup on this Helpdesk ticket. Regular staff were not copied on this message.'); } elseif ($scenario == "closed") { $subject = "Your Ticket Has Been Closed"; $message = drawMessage('This is to let you know that your ticket has been closed. <b>Don\'t reply to this email!</b> You can still followup on this thread by ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'viewing your ticket') . ' in the intranet ticketing system.<br><br><b>Note:</b> if you add this sender to your "safe senders list," pictures will always download.'); } elseif ($scenario == "assign") { $subject = "Your Ticket Has Been Assigned"; $message = drawMessage(draw_link('/staff/view.php?id=' . user(), $_SESSION["full_name"]) . ' has assigned this ticket to ' . draw_link('/staff/view.php?id=' . $ticket['ownerID'], $ticket["ownerName"]) . '<b>Don\'t reply to this email!</b> Instead, please ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view your ticket') . ' in the intranet ticketing system.<br><br><b>Note:</b> if you add this sender to your "safe senders list," pictures will always download.'); } elseif ($scenario == "new") { $subject = "New " . $ticket["department"] . " Ticket Posted"; $message = drawMessage('This is to let you know that a new ticket has just been posted to the Helpdesk. You can ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view the ticket') . ' in the intranet ticketing system.'); } elseif ($scenario == "critical") { $subject = "Critical " . $ticket["department"] . " Ticket Still Open"; $message = drawMessage('A ticket flagged "Critical" is open on the Helpdesk. You can ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view the ticket') . ' in the intranet ticketing system.'); } //$message .= drawtableStart() . drawHeaderRow(false, 2); //recipients arrays $users = array(); $admins = array(); if ($ticket["isUserAdmin"]) { $admins[] = $ticket["email"]; } else { $users[] = $ticket["email"]; } if ($page['is_admin']) { $admins[] = $_SESSION["email"]; } else { $users[] = $_SESSION["email"]; } //add owner if ticket is assigned if ($ticket["ownerEmail"]) { $admins[] = $ticket["ownerEmail"]; } //owner logically has to be admin $d_user = new display($page['breadcrumbs'] . $ticket['title'], false, false, 'thread'); $d_admin = new display($page['breadcrumbs'] . $ticket['title'], false, false, 'thread'); $d_user->row(drawName($ticket['created_user'], $ticket['first'] . ' ' . $ticket['last'], $ticket['created_date'], true, BR, $ticket['updated']), draw_h1($ticket['title']) . $ticket['description']); $d_admin->row(drawName($ticket['created_user'], $ticket['first'] . ' ' . $ticket['last'], $ticket['created_date'], true, BR, $ticket['updated']), draw_h1($ticket['title']) . $ticket['description']); //get followups $followups = db_query('SELECT u.id, f.message, (SELECT COUNT(*) FROM users_to_modules u2m WHERE u2m.user_id = u.id AND u2m.module_id = 3 AND u2m.is_admin = 1) isUserAdmin, ISNULL(u.nickname, u.firstname) firstname, u.lastname, u.email, f.created_date, f.is_admin, f.created_user, ' . db_updated('u') . ' FROM helpdesk_tickets_followups f INNER JOIN users u ON f.created_user = u.id WHERE f.ticketID = ' . $id . ' ORDER BY f.created_date'); while ($f = db_fetch($followups)) { $d_admin->row(drawName($f['created_user'], $f['firstname'] . ' ' . $f['lastname'], $f['created_date'], true, BR, $f['updated']), $f['message']); if (!$f['is_admin']) { $d_user->row(drawName($f['created_user'], $f['firstname'] . ' ' . $f['lastname'], $f['created_date'], true, BR, $f['updated']), $f['message']); } if ($f['isUserAdmin']) { $admins[] = $f['email']; } else { $users[] = $f['email']; } } $admins = array_remove($_SESSION['email'], array_unique($admins)); $users = array_remove($_SESSION['email'], array_unique($users)); if ($debug) { die(drawEmail($message . $d_admin->draw())); } //special codes for email //todo: put this in db, possibly by adding something to the users table or something if ($scenario == "new" && $ticket["departmentID"] == 3) { $admins = array('*****@*****.**', '*****@*****.**', '*****@*****.**'); } if ($scenario == "new" && $ticket["departmentID"] == 13) { $admins = array('*****@*****.**', '*****@*****.**'); } if ($scenario == "new" && $ticket["departmentID"] == 2) { $admins = array('*****@*****.**', '*****@*****.**', '*****@*****.**', '*****@*****.**', '*****@*****.**'); } if ($scenario == "critical" && $ticket["departmentID"] == 8) { $admins = array('*****@*****.**'); } if (count($admins)) { //$admins = join(", ", $admins); email($admins, drawEmail($message . $d_admin->draw()), $subject); error_debug('admin message emailed to ' . implode(', ', $admins) . ' admins', __FILE__, __LINE__); } if (count($users) && $scenario != "followupadmin" && !$admin) { //$users = join(", ", $users); email($users, drawEmail($message . $d_user->draw()), $subject); error_debug('user message emailed to ' . implode(', ', $users) . ' users', __FILE__, __LINE__); } }
function db_query($query, $limit = false, $suppress_error = false, $offset = false) { global $_josh; db_open(); $query = trim($query); if (isset($_josh["basedblanguage"]) && $_josh["basedblanguage"] != $_josh["db"]["language"]) { $query = db_translate($query, $_josh["basedblanguage"], $_josh["db"]["language"]); } $_josh["queries"][] = $query; if ($_josh["db"]["language"] == "mysql") { if ($limit) { $query .= " LIMIT " . $limit; } if ($offset) { $query .= " OFFSET " . $offset; } if ($result = @mysql_query($query, $_josh["db"]["pointer"])) { error_debug("<b>db_query</b> <i>" . $query . "</i>, " . db_found($result) . " results returned"); if (format_text_starts("insert", $query)) { return db_id(); } return $result; } else { error_debug("<b>db_query</b> failed <i>" . $query . "</i>"); if ($suppress_error) { return false; } error_handle("mysql error", format_code($query) . "<br>" . mysql_error()); } } elseif ($_josh["db"]["language"] == "mssql") { //echo $_josh["db"]["location"]. " db"; if ($limit) { $query = "SELECT TOP " . $limit . substr($query, 6); } if ($result = @mssql_query($query, $_josh["db"]["pointer"])) { error_debug("<b>db_query</b> <i>" . $query . "</i>, " . db_found($result) . " results returned"); if (format_text_starts("insert", $query)) { return db_id(); } return $result; } else { if ($suppress_error) { return false; } error_handle("mssql error", format_code($query) . "<br>" . mssql_get_last_message()); } } }
function url_parse($url) { error_debug("<b>url_parse</b> running for " . $url); global $_GET; $gtlds = explode(',', str_replace(' ', '', "aero, biz, com, coop, dev, info,\n\tjobs, museum, name, net, org, pro, travel, gov, edu, mil, int, site")); $ctlds = explode(',', str_replace(' ', '', "ac, ad, ae, af, ag, ai, al,\n\tam, an, ao, aq, ar, as, at, au, aw, az, ax, ba, bb, bd, be, bf, bg, bh,\n\tbi, bj, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch,\n\tci, ck, cl, cm, cn, co, cr, cs, cu, cv, cx, cy, cz, de, dj, dk, dm, do,\n\tdz, ec, ee, eg, eh, er, es, et, eu, fi, fj, fk, fm, fo, fr, ga, gb, gd,\n\tge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm,\n\thn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jm, jo, jp,\n\tke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls,\n\tlt, lu, lv, ly, ma, mc, md, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms,\n\tmt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nu,\n\tnz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re,\n\tro, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr,\n\tst, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tp, tr, tt,\n\ttv, tw, tz, ua, ug, uk, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf,\n\tws, ye, yt, yu, za, zm, zw")); //add protocol if missing. when would this be missing? if (!strstr($url, 'http://') && !strstr($url, 'https://')) { $url = "http://" . $url; } $subs = ''; $domainname = ''; $tld = ''; $tldarray = array_merge($gtlds, $ctlds); $tld_isReady = false; $return = parse_url(trim($url)); $domainarray = explode('.', $return["host"]); $top = count($domainarray); for ($i = 0; $i < $top; $i++) { $_domainPart = array_pop($domainarray); if (!$tld_isReady) { if (in_array($_domainPart, $tldarray)) { $tld = ".{$_domainPart}" . $tld; } else { $domainname = $_domainPart; $tld_isReady = 1; } } else { $subs = ".{$_domainPart}" . $subs; } } if (!isset($return["path"])) { $return["path"] = ""; } $return["domainname"] = $domainname; $return["domain"] = $domainname . $tld; $return["usingwww"] = substr($return["host"], 0, 4) == "www." ? 1 : 0; $return["sanswww"] = $return["usingwww"] ? substr($return["host"], 4) : $return["host"]; $return["subdomain"] = substr($subs, 1); $return["path"] = str_replace("index.php", "", $return["path"]); $return["path_query"] = $return["path"]; //get folder, subfolder $urlparts = explode("/", $return["path_query"]); $urlcount = count($urlparts); if ($urlcount < 3) { $return["folder"] = false; $return["subfolder"] = false; $return["subsubfolder"] = false; } elseif ($urlcount == 3) { $return["folder"] = $urlparts[1]; $return["subfolder"] = false; $return["subsubfolder"] = false; } elseif ($urlcount == 4) { $return["folder"] = $urlparts[1]; $return["subfolder"] = $urlparts[2]; $return["subsubfolder"] = false; } else { $return["folder"] = $urlparts[1]; $return["subfolder"] = $urlparts[2]; $return["subsubfolder"] = $urlparts[3]; } //add query string to path_query //don't use $_GET because we might be parsing a different address if (isset($return["query"])) { $return["path_query"] .= "?" . $return["query"]; } else { $return["query"] = false; } //protocol is a better word than scheme $return["protocol"] = $return["scheme"]; //get full browser address $return["uri"] = $return["protocol"] . "://" . $return["host"] . $return["path_query"]; //handle possible mod_rewrite slots if (isset($_GET["slot1"])) { $return["folder"] = $_GET["slot1"]; $return["path"] = "/" . $_GET["slot1"] . "/"; if (isset($_GET["slot2"])) { $return["subfolder"] = $_GET["slot2"]; $return["path"] .= $_GET["slot2"] . "/"; if (isset($_GET["slot3"])) { $return["subsubfolder"] = $_GET["slot3"]; $return["path"] .= $_GET["slot3"] . "/"; } } $return["path_query"] = $return["path"]; } ksort($return); //die(draw_array($return)); return $return; }
<?php include '../include.php'; if ($posting) { error_debug('user is posting', __FILE__, __LINE__); if ($uploading) { list($_POST['content'], $_POST['type_id']) = file_get_uploaded('content', 'docs_types'); } langTranslatePost('title,description'); $id = db_save('docs'); //debug(); db_checkboxes('categories', 'docs_to_categories', 'documentID', 'categoryID', $id); if (getOption('channels')) { db_checkboxes('channels', 'docs_to_channels', 'doc_id', 'channel_id', $id); } url_change('info.php?id=' . $id); } if (url_id()) { $d = db_grab('SELECT title, description FROM docs WHERE id = ' . $_GET['id']); $pageAction = getString('edit'); } else { $pageAction = getString('add_new'); } echo drawTop(); //load code for JS $extensions = array(); $doctypes = array(); $types = db_query('SELECT description, extension FROM docs_types ORDER BY description'); while ($t = db_fetch($types)) { $extensions[] = '(extension != "' . $t['extension'] . '")'; $doctypes[] = ' - ' . $t['description'] . ' (.' . $t['extension'] . ')';
function addField($array) { //defaults $type = $value = $class = $name = $label = $required = $append = $sql = $action = $additional = $maxlength = $options_table = $options = $linking_table = false; //load inputs if (!is_array($array)) { return error_handle("array not set"); } extract($array); //type is required if (!$type) { return error_handle("type not set"); } if ($type == "text" && !isset($array["additional"]) && $required) { $additional = "(Required)"; } error_debug("adding field " . $label); if (!$name) { $name = format_text_code($label); } if (!$label) { $label = format_text_human($name); } if (!$value) { $value = isset($this->values[$name]) ? $this->values[$name] : false; } if (!$class) { $class = $type; } if ($type == "checkbox") { $additional = $label; $label = false; } //package and save $this->fields[] = compact("name", "type", "label", "value", "append", "required", "sql", "class", "action", "additional", "options_table", "options", "linking_table", "maxlength"); }
<?php include "include.php"; $redirect = false; if (isset($_GET["logout"])) { error_debug("<b>index.php</b> Logging Out"); cookie("last_login"); $redirect = "/"; } elseif (isset($_COOKIE["last_login"]) && login($_COOKIE["last_login"], "", true)) { //log in with last login error_debug("<b>index.php</b> Cookie Found (good)"); $redirect = !empty($_GET["goto"]) ? $_GET["goto"] : $user["url"]; } elseif ($posting) { //logging in error_debug("<b>index.php</b> Posting"); if (login($_POST["email"], $_POST["password"])) { error_debug("<b>index.php</b> Login successful"); cookie("last_login", $_POST["email"]); $redirect = !empty($_POST["goto"]) ? $_POST["goto"] : $user["url"]; } else { error_debug("<b>index.php</b> Login unsuccessful"); $redirect = "/"; } } if ($redirect) { url_change($redirect); } include "_hcfa-cc/login.php";
function drawTop() { global $user, $_josh, $page, $isAdmin, $printing, $locale; error_debug("starting top"); $title = $page["module"] . " > " . $page["name"]; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title><?php echo $title; ?> </title> <link rel="stylesheet" type="text/css" href="/assets/vendor/bootstrap/dist/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="/assets/css/style.css"> <!--[if IE]> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style-ie.css" /> <![endif]--> </head> <body> <?php if (!$printing) { ?> <div class="container"> <div class="row banner"> <div class="col-md-4"> <a href="/bb/"><img src="/assets/img/logo-cc.png" width="240" height="86" class="img-responsive"></a> </div> <div class="col-md-4"> <a href="/bb/"><img src="/assets/img/logo-hla.png" width="330" height="64" class="img-responsive"></a> </div> <div class="col-md-4"> <a href="/bb/"><img src="/assets/img/logo-hcfa.png" width="186" height="102" class="img-responsive"></a> </div> </div> <div class="row"> <div id="left" class="col-md-8"> <div id="help"> <a class="button left" href="/bb/"> <i class="glyphicon glyphicon-home"></i> Home </a> <a class="button right" href="<?php echo url_query_add(array("toggleMenuPref" => "isOpenHelp"), false); ?> "> <i class="glyphicon glyphicon-info-sign"></i> <?php if ($user["isOpenHelp"]) { ?> Hide<?php } else { ?> Show<?php } ?> Help </a> <?php if ($user["isOpenHelp"]) { if ($user["isAdmin"]) { ?> <a class="button right" href="/admin/edit-help.php?id=<?php echo $page["id"]; ?> &returnTo=<?php echo urlencode($_josh["request"]["path_query"]); ?> "> <i class="glyphicon glyphicon-edit"></i> Edit Page Info </a> <?php } ?> <div class="text"> <?php echo $page["helpText"] ? $page["helpText"] : "No help is available for this page."; ?> </div> <?php } ?> </div> <?php } if ($_josh["request"]["folder"] == "helpdesk") { echo drawNavigationHelpdesk(); } echo drawNavigation(); $_josh["drawn"]["top"] = true; error_debug("finished drawing top"); }
<?php include 'include.php'; if ($posting) { error_debug('handling bb post', __FILE__, __LINE__); format_post_bits('is_admin'); langTranslatePost('title,description'); $id = db_save('bb_topics'); db_query('UPDATE bb_topics SET thread_date = GETDATE(), replies = (SELECT COUNT(*) FROM bb_followups WHERE topic_id = ' . $id . ') WHERE id = ' . $id); if (getOption('channels')) { db_checkboxes('channels', 'bb_topics_to_channels', 'topic_id', 'channel_id', $id); } //notification if ($_POST['is_admin'] == '1') { //get addresses of everyone & send with message emailUser(db_array('SELECT email FROM users WHERE is_active = 1'), $_POST['title'], drawEmail(bbDrawTopic($id, true))); } elseif (getOption('bb_notifypost') && getOption('channels') && getOption('languages')) { //get addresses of everyone with indicated interests and send $channels = array_post_checkboxes('channels'); $languages = db_table('SELECT id, code FROM languages'); foreach ($languages as $l) { $addresses = db_array('SELECT DISTINCT u.email FROM users u JOIN users_to_channels_prefs u2cp ON u.id = u2cp.user_id WHERE u.is_active = 1 AND u.language_id = ' . $l['id'] . ' AND u2cp.channel_id IN (' . implode(',', $channels) . ')'); $topic = db_grab('SELECT ISNULL(u.nickname, u.firstname) firstname, u.lastname, t.title' . langExt($l['code']) . ' title, t.description' . langExt($l['code']) . ' description, y.title' . langExt($l['code']) . ' type, t.created_date FROM bb_topics t LEFT JOIN bb_topics_types y ON t.type_id = y.id
function format_verify($variable, $type = "int") { error_debug("<b>format_verify</b> for " . $variable); if ($type == "int") { if (!is_numeric($variable)) { $variable += 0; if (!is_int($variable)) { return false; } } } elseif ($type == "num") { if (!is_numeric($variable)) { return false; } } elseif ($type == "key") { if (strlen($variable) > 13) { return false; } } elseif ($type == "string") { if (!is_string($variable)) { return false; } } return true; }
function draw_page($title, $html, $severe = false, $keepalive = false) { global $_josh; error_debug("drawing page"); $_josh["drawn"]["css"] = false; if ($severe) { $title = "<font color='" . $_josh["colors"]["red2"] . "'>" . $title . "</font>"; } $return = "<html>\n\t\t<head>\n\t\t\t<title>" . strip_tags($title) . "</title>\n\t\t\t" . draw_css($keepalive) . "\n\t\t\t<script language='javascript'>\n\t\t\t\t<!--\n\t\t\t\tfunction josh_confirm(action, message, id) {\n\t\t\t\t\tvar url = '/j/' + action + '/';\n\t\t\t\t\tif (id) url += '/' + id + '/';\n\t\t\t\t\tif (confirm('Are you sure you want to ' + message + '?')) location.href = url;\n\t\t\t\t}\n\t\t\t\t//-->\n\t\t\t</script>\n\t\t</head>\n\t\t<body class='josh_body' bgcolor='" . $_josh["colors"]["grey3"] . "'>\n\t\t\t<table width='100%' height='100%' cellpadding='0' cellspacing='0' border='0'>\n\t\t\t\t<tr height='90%'>\n\t\t\t\t\t<td align='center' height='350'>\n\t\t\t\t\t\t<table width='400' height='250' cellpadding='20' cellspacing='0' border='0' bgcolor='" . $_josh["colors"]["white"] . "'>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td valign='top'>\n\t\t\t\t\t\t\t\t<div class='josh_title'>" . $title . "</div>\n\t\t\t\t\t\t\t\t<br>\n\t\t\t\t\t\t\t\t<div class='josh_message'>" . $html . "</div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</table>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</body>\n\t</html>"; if ($keepalive) { return $return; } echo $return; db_close(); }
<?php error_debug("~ including error.php"); function error_break() { global $_josh; unset($_josh["ignored_words"]); //too long. gets in the way! echo draw_array($_josh); exit; } function error_debug($message) { global $_josh; if ($_josh["debug"]) { $backtrace = debug_backtrace(); $level = 0; echo $message . "<br/>" . $backtrace[$level]["file"] . ", line " . $backtrace[$level]["line"] . "<br/><hr noshade color='#cccccc' size='1'/>"; } } function error_handle($type, $message, $run_trace = true) { global $_josh; if ($run_trace) { $backtrace = debug_backtrace(); $level = count($backtrace) - 1; $message .= " on line " . $backtrace[$level]["line"] . " of file " . $backtrace[$level]["file"]; } if (function_exists("error_email")) { $email = $message; $email .= "<br><br>Of page: <a href='" . $_josh["request"]["uri"] . "'>" . $_josh["request"]["uri"] . "</a>";
} } } //send invite if (!$editing) { emailInvite($id); } if (url_id() == user()) { //todo, fix this and make it more user-update dependent $_SESSION['update_days'] = 0; $_SESSION['updated_date'] = 'foo'; } //clean up users requests if (url_id('requestID')) { db_delete('users_requests', $_GET['requestID']); error_debug('deleted user request', __FILE__, __LINE__); } url_change('view.php?id=' . $id); } elseif (url_id('requestID')) { $values = db_grab('SELECT * FROM users_requests WHERE id = ' . $_GET['requestID']); } else { $values = false; } echo drawTop(); $f = new form('users', @$_GET['id'], $page['title']); $f->set_title_prefix($page['breadcrumbs']); //public info $f->set_group(getString('public_info'), increment()); $f->unset_fields(array('image_medium', 'image_small', 'password', 'lastLogin', 'imageID', 'layoutID', 'homepage', 'notify_topics')); $f->set_field(array('name' => 'firstname', 'type' => 'text', 'label' => getString('name_first'), 'position' => increment())); $f->set_field(array('name' => 'nickname', 'type' => 'text', 'label' => getString('nickname'), 'position' => increment()));
error_debug("<b>index.php</b> Logging Out", __FILE__, __LINE__); cookie("last_login"); $_SESSION["user_id"] = false; $redirect = "/"; } elseif (login(@$_COOKIE["last_login"], "", true)) { //log in with last login error_debug("<b>index.php</b> Cookie Found (good)", __FILE__, __LINE__); $redirect = empty($_GET["goto"]) ? $_SESSION["homepage"] : $_GET["goto"]; } elseif ($posting) { //logging in error_debug("<b>index.php</b> Posting", __FILE__, __LINE__); if (login($_POST["email"], $_POST["password"])) { error_debug("<b>index.php</b> Login successful", __FILE__, __LINE__); $redirect = empty($_POST["goto"]) ? $_SESSION["homepage"] : $_POST["goto"]; } else { error_debug("<b>index.php</b> Login unsuccessful", __FILE__, __LINE__); $redirect = "/"; } } if ($redirect) { url_change($redirect); } url_header_utf8(); ?> <html> <head> <?php echo draw_meta_utf8(); ?> <title><?php echo getString("app_name");
function login($username, $password, $skippass = false) { global $_SESSION; //need id, fullname, email departmentid, ishelpdesk, homepage, update_days, updated_on, first if ($skippass) { $where = ''; error_debug('<b>login</b> running without password', __FILE__, __LINE__); } else { $where = ' AND ' . db_pwdcompare($password, 'u.password') . ' = 1'; error_debug('<b>login</b> running with password', __FILE__, __LINE__); } if ($user = db_grab('SELECT u.id, ISNULL(u.nickname, u.firstname) firstname, u.lastname, u.email, ' . db_pwdcompare('', 'u.password') . ' password, u.departmentID, d.isHelpdesk, u.help, u.is_admin, u.updated_date, u.language_id, l.code language, ' . db_datediff('u.updated_date', 'GETDATE()') . ' update_days FROM users u LEFT JOIN languages l ON u.language_id = l.id LEFT JOIN departments d ON u.departmentID = d.departmentID WHERE u.email = \'' . $username . '\' AND u.is_active = 1' . $where)) { //login was good db_query('UPDATE users SET lastlogin = GETDATE() WHERE id = ' . $user['id']); $_SESSION['user_id'] = $user['id']; $_SESSION['is_admin'] = $user['is_admin']; $_SESSION['email'] = $user['email']; $_SESSION['homepage'] = '/bb/'; $_SESSION['departmentID'] = $user['departmentID']; $_SESSION['isHelpdesk'] = $user['isHelpdesk']; $_SESSION['update_days'] = $user['update_days']; $_SESSION['updated_date'] = $user['updated_date']; $_SESSION['password'] = $user['password']; $_SESSION['language_id'] = $user['language_id']; $_SESSION['language'] = $user['language']; $_SESSION['full_name'] = $user['firstname'] . ' ' . $user['lastname']; $_SESSION['isLoggedIn'] = true; cookie('last_login', $user['email']); cookie('last_email', $user['email']); return true; } $_SESSION['user_id'] = false; return false; }
function file_sister($filename, $ext) { global $_josh; //this will tell you if there's a 'sister file' in the same directory, eg picture.jpg && picture.html if (file_exists($filename)) { list($file, $extension, $path) = file_name($filename); $sister = $path . $_josh["folder"] . $file . "." . $ext; if (file_exists($sister)) { error_debug("file sister file exists"); return $sister; } else { error_debug("file sister {$sister} does not exist"); } } return false; }
<?php include '../include.php'; if ($posting) { error_debug("handling bb post"); format_post_bits("isAdmin,temporary"); $id = db_enter("bulletin_board_topics", "title |description isAdmin temporary"); db_query("UPDATE bulletin_board_topics SET threadDate = GETDATE() WHERE id = " . $id); if ($_POST["isAdmin"] == "'1'") { //send admin email //get topic $r = db_grab("SELECT \n\t\t\t\tt.title,\n\t\t\t\tt.description,\n\t\t\t\tu.userID,\n\t\t\t\tISNULL(u.nickname, u.firstname) firstname,\n\t\t\t\tu.lastname,\n\t\t\t\tt.createdOn\n\t\t\t\tFROM bulletin_board_topics t\n\t\t\t\tJOIN intranet_users u ON t.createdBy = u.userID\n\t\t\t\tWHERE t.id = " . $id); //construct email $message = drawEmailHeader(); $message .= drawServerMessage("<b>Note</b>: This is an Administration/Human Resources topic from the <a href='http://" . $server . "/bulletin_board/'>Intranet Bulletin Board</a>. For more information, please contact the <a href='mailto:hrpayroll@seedco.org'>Human Resources Department</a>."); $message .= '<table class="center">'; $message .= drawHeaderRow("Email", 2); $message .= drawThreadTop($r["title"], $r["description"], $r["userID"], $r["firstname"] . " " . $r["lastname"], $r["createdOn"]); $message .= '</table>' . drawEmailFooter(); $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; $headers .= "From: " . $_josh["email_default"] . "\r\n"; //get addresses & send $users = db_query("SELECT email FROM intranet_users WHERE isactive = 1"); while ($u = db_fetch($users)) { mail($u["email"], $r["title"], $message, $headers); } } syndicateBulletinBoard(); url_change(); }