function array_sort($array, $direction = "asc", $key = false)
{
global $_josh;
$_josh["sort_key"] = $key ? $key : array_shift(array_keys($array[0]));
error_debug("<b>arraySort</b> running for {$key}");
usort($array, "arrayKeyCompare" . format_title($direction));
return $array;
}
function email($to, $message, $subject = "Email from Your Website", $from = false)
{
global $_josh;
error_debug("<b>email </b> sending message to <i>" . $to . "</i> with subject " . $subject);
$headers = "MIME-Version: 1.0" . $_josh["newline"];
$headers .= "Content-type: text/html; charset=iso-8859-1" . $_josh["newline"];
if (!$from) {
if (isset($_josh["email_default"])) {
$from = $_josh["email_default"];
} else {
error_handle("email from address missing", "please call this function with a from address, or specify one in the config file.", true);
}
}
$to = format_email($to);
$headers .= "From: " . format_email($from) . $_josh["newline"];
if (!mail($to, $subject, $message, $headers)) {
error_handle("email not sent", "sorry, an unexpected error occurred while sending your mail.", true);
}
return true;
}
function emailITticket($id, $scenario, $admin = false, $debug = false)
{
global $_josh, $page;
$ticket = db_grab('SELECT
u.id,
(SELECT COUNT(*) FROM users_to_modules a WHERE a.user_id = u.id AND a.module_id = 3) isUserAdmin,
t.title,
t.created_user,
t.description,
t.departmentID,
ISNULL(u.nickname, u.firstname) first,
u.lastname last,
u.email,
' . db_updated('u') . ',
t.created_date,
t.priorityID,
t.statusID,
d.shortName department,
t.type_id,
y.description type,
u2.email as ownerEmail,
t.ownerID,
ISNULL(u2.nickname, u2.firstname) as ownerName
FROM helpdesk_tickets t
LEFT JOIN helpdesk_tickets_types y ON t.type_id = y.id
JOIN users u ON t.created_user = u.id
JOIN departments d ON t.departmentID = d.departmentID
LEFT JOIN users u2 ON t.ownerID = u2.id
WHERE t.id = ' . $id);
//yellow box
if ($scenario == "followup") {
$subject = "Followup On Your Helpdesk Ticket";
$message = drawMessage('There\'s been followup on your Helpdesk ticket - please see below. <b>Don\'t reply to this email!</b> Instead, please ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view your ticket') . ' in the intranet ticketing system.<br><br><b>Note:</b> if you add this sender to your "safe senders list," pictures will always download.');
} elseif ($scenario == "followupadmin") {
$subject = "Admin Followup on Helpdesk Ticket";
$message = drawMessage(draw_link('/staff/view.php?id=' . user(), $_SESSION['full_name']) . ' just made an administrative followup on this Helpdesk ticket. Regular staff were not copied on this message.');
} elseif ($scenario == "closed") {
$subject = "Your Ticket Has Been Closed";
$message = drawMessage('This is to let you know that your ticket has been closed. <b>Don\'t reply to this email!</b> You can still followup on this thread by ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'viewing your ticket') . ' in the intranet ticketing system.<br><br><b>Note:</b> if you add this sender to your "safe senders list," pictures will always download.');
} elseif ($scenario == "assign") {
$subject = "Your Ticket Has Been Assigned";
$message = drawMessage(draw_link('/staff/view.php?id=' . user(), $_SESSION["full_name"]) . ' has assigned this ticket to ' . draw_link('/staff/view.php?id=' . $ticket['ownerID'], $ticket["ownerName"]) . '<b>Don\'t reply to this email!</b> Instead, please ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view your ticket') . ' in the intranet ticketing system.<br><br><b>Note:</b> if you add this sender to your "safe senders list," pictures will always download.');
} elseif ($scenario == "new") {
$subject = "New " . $ticket["department"] . " Ticket Posted";
$message = drawMessage('This is to let you know that a new ticket has just been posted to the Helpdesk. You can ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view the ticket') . ' in the intranet ticketing system.');
} elseif ($scenario == "critical") {
$subject = "Critical " . $ticket["department"] . " Ticket Still Open";
$message = drawMessage('A ticket flagged "Critical" is open on the Helpdesk. You can ' . draw_link('/helpdesk/ticket.php?id=' . $id, 'view the ticket') . ' in the intranet ticketing system.');
}
//$message .= drawtableStart() . drawHeaderRow(false, 2);
//recipients arrays
$users = array();
$admins = array();
if ($ticket["isUserAdmin"]) {
$admins[] = $ticket["email"];
} else {
$users[] = $ticket["email"];
}
if ($page['is_admin']) {
$admins[] = $_SESSION["email"];
} else {
$users[] = $_SESSION["email"];
}
//add owner if ticket is assigned
if ($ticket["ownerEmail"]) {
$admins[] = $ticket["ownerEmail"];
}
//owner logically has to be admin
$d_user = new display($page['breadcrumbs'] . $ticket['title'], false, false, 'thread');
$d_admin = new display($page['breadcrumbs'] . $ticket['title'], false, false, 'thread');
$d_user->row(drawName($ticket['created_user'], $ticket['first'] . ' ' . $ticket['last'], $ticket['created_date'], true, BR, $ticket['updated']), draw_h1($ticket['title']) . $ticket['description']);
$d_admin->row(drawName($ticket['created_user'], $ticket['first'] . ' ' . $ticket['last'], $ticket['created_date'], true, BR, $ticket['updated']), draw_h1($ticket['title']) . $ticket['description']);
//get followups
$followups = db_query('SELECT
u.id,
f.message,
(SELECT COUNT(*) FROM users_to_modules u2m WHERE u2m.user_id = u.id AND u2m.module_id = 3 AND u2m.is_admin = 1) isUserAdmin,
ISNULL(u.nickname, u.firstname) firstname,
u.lastname,
u.email,
f.created_date,
f.is_admin,
f.created_user,
' . db_updated('u') . '
FROM helpdesk_tickets_followups f
INNER JOIN users u ON f.created_user = u.id
WHERE f.ticketID = ' . $id . ' ORDER BY f.created_date');
while ($f = db_fetch($followups)) {
$d_admin->row(drawName($f['created_user'], $f['firstname'] . ' ' . $f['lastname'], $f['created_date'], true, BR, $f['updated']), $f['message']);
if (!$f['is_admin']) {
$d_user->row(drawName($f['created_user'], $f['firstname'] . ' ' . $f['lastname'], $f['created_date'], true, BR, $f['updated']), $f['message']);
}
if ($f['isUserAdmin']) {
$admins[] = $f['email'];
} else {
$users[] = $f['email'];
}
}
$admins = array_remove($_SESSION['email'], array_unique($admins));
$users = array_remove($_SESSION['email'], array_unique($users));
if ($debug) {
die(drawEmail($message . $d_admin->draw()));
}
//special codes for email
//todo: put this in db, possibly by adding something to the users table or something
if ($scenario == "new" && $ticket["departmentID"] == 3) {
$admins = array('*****@*****.**', '*****@*****.**', '*****@*****.**');
}
if ($scenario == "new" && $ticket["departmentID"] == 13) {
$admins = array('*****@*****.**', '*****@*****.**');
}
if ($scenario == "new" && $ticket["departmentID"] == 2) {
$admins = array('*****@*****.**', '*****@*****.**', '*****@*****.**', '*****@*****.**', '*****@*****.**');
}
if ($scenario == "critical" && $ticket["departmentID"] == 8) {
$admins = array('*****@*****.**');
}
if (count($admins)) {
//$admins = join(", ", $admins);
email($admins, drawEmail($message . $d_admin->draw()), $subject);
error_debug('admin message emailed to ' . implode(', ', $admins) . ' admins', __FILE__, __LINE__);
}
if (count($users) && $scenario != "followupadmin" && !$admin) {
//$users = join(", ", $users);
email($users, drawEmail($message . $d_user->draw()), $subject);
error_debug('user message emailed to ' . implode(', ', $users) . ' users', __FILE__, __LINE__);
}
}
function db_query($query, $limit = false, $suppress_error = false, $offset = false)
{
global $_josh;
db_open();
$query = trim($query);
if (isset($_josh["basedblanguage"]) && $_josh["basedblanguage"] != $_josh["db"]["language"]) {
$query = db_translate($query, $_josh["basedblanguage"], $_josh["db"]["language"]);
}
$_josh["queries"][] = $query;
if ($_josh["db"]["language"] == "mysql") {
if ($limit) {
$query .= " LIMIT " . $limit;
}
if ($offset) {
$query .= " OFFSET " . $offset;
}
if ($result = @mysql_query($query, $_josh["db"]["pointer"])) {
error_debug("<b>db_query</b> <i>" . $query . "</i>, " . db_found($result) . " results returned");
if (format_text_starts("insert", $query)) {
return db_id();
}
return $result;
} else {
error_debug("<b>db_query</b> failed <i>" . $query . "</i>");
if ($suppress_error) {
return false;
}
error_handle("mysql error", format_code($query) . "<br>" . mysql_error());
}
} elseif ($_josh["db"]["language"] == "mssql") {
//echo $_josh["db"]["location"]. " db";
if ($limit) {
$query = "SELECT TOP " . $limit . substr($query, 6);
}
if ($result = @mssql_query($query, $_josh["db"]["pointer"])) {
error_debug("<b>db_query</b> <i>" . $query . "</i>, " . db_found($result) . " results returned");
if (format_text_starts("insert", $query)) {
return db_id();
}
return $result;
} else {
if ($suppress_error) {
return false;
}
error_handle("mssql error", format_code($query) . "<br>" . mssql_get_last_message());
}
}
}
function url_parse($url)
{
error_debug("<b>url_parse</b> running for " . $url);
global $_GET;
$gtlds = explode(',', str_replace(' ', '', "aero, biz, com, coop, dev, info,\n\tjobs, museum, name, net, org, pro, travel, gov, edu, mil, int, site"));
$ctlds = explode(',', str_replace(' ', '', "ac, ad, ae, af, ag, ai, al,\n\tam, an, ao, aq, ar, as, at, au, aw, az, ax, ba, bb, bd, be, bf, bg, bh,\n\tbi, bj, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch,\n\tci, ck, cl, cm, cn, co, cr, cs, cu, cv, cx, cy, cz, de, dj, dk, dm, do,\n\tdz, ec, ee, eg, eh, er, es, et, eu, fi, fj, fk, fm, fo, fr, ga, gb, gd,\n\tge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm,\n\thn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jm, jo, jp,\n\tke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls,\n\tlt, lu, lv, ly, ma, mc, md, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms,\n\tmt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nu,\n\tnz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re,\n\tro, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr,\n\tst, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tp, tr, tt,\n\ttv, tw, tz, ua, ug, uk, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf,\n\tws, ye, yt, yu, za, zm, zw"));
//add protocol if missing. when would this be missing?
if (!strstr($url, 'http://') && !strstr($url, 'https://')) {
$url = "http://" . $url;
}
$subs = '';
$domainname = '';
$tld = '';
$tldarray = array_merge($gtlds, $ctlds);
$tld_isReady = false;
$return = parse_url(trim($url));
$domainarray = explode('.', $return["host"]);
$top = count($domainarray);
for ($i = 0; $i < $top; $i++) {
$_domainPart = array_pop($domainarray);
if (!$tld_isReady) {
if (in_array($_domainPart, $tldarray)) {
$tld = ".{$_domainPart}" . $tld;
} else {
$domainname = $_domainPart;
$tld_isReady = 1;
}
} else {
$subs = ".{$_domainPart}" . $subs;
}
}
if (!isset($return["path"])) {
$return["path"] = "";
}
$return["domainname"] = $domainname;
$return["domain"] = $domainname . $tld;
$return["usingwww"] = substr($return["host"], 0, 4) == "www." ? 1 : 0;
$return["sanswww"] = $return["usingwww"] ? substr($return["host"], 4) : $return["host"];
$return["subdomain"] = substr($subs, 1);
$return["path"] = str_replace("index.php", "", $return["path"]);
$return["path_query"] = $return["path"];
//get folder, subfolder
$urlparts = explode("/", $return["path_query"]);
$urlcount = count($urlparts);
if ($urlcount < 3) {
$return["folder"] = false;
$return["subfolder"] = false;
$return["subsubfolder"] = false;
} elseif ($urlcount == 3) {
$return["folder"] = $urlparts[1];
$return["subfolder"] = false;
$return["subsubfolder"] = false;
} elseif ($urlcount == 4) {
$return["folder"] = $urlparts[1];
$return["subfolder"] = $urlparts[2];
$return["subsubfolder"] = false;
} else {
$return["folder"] = $urlparts[1];
$return["subfolder"] = $urlparts[2];
$return["subsubfolder"] = $urlparts[3];
}
//add query string to path_query
//don't use $_GET because we might be parsing a different address
if (isset($return["query"])) {
$return["path_query"] .= "?" . $return["query"];
} else {
$return["query"] = false;
}
//protocol is a better word than scheme
$return["protocol"] = $return["scheme"];
//get full browser address
$return["uri"] = $return["protocol"] . "://" . $return["host"] . $return["path_query"];
//handle possible mod_rewrite slots
if (isset($_GET["slot1"])) {
$return["folder"] = $_GET["slot1"];
$return["path"] = "/" . $_GET["slot1"] . "/";
if (isset($_GET["slot2"])) {
$return["subfolder"] = $_GET["slot2"];
$return["path"] .= $_GET["slot2"] . "/";
if (isset($_GET["slot3"])) {
$return["subsubfolder"] = $_GET["slot3"];
$return["path"] .= $_GET["slot3"] . "/";
}
}
$return["path_query"] = $return["path"];
}
ksort($return);
//die(draw_array($return));
return $return;
}
<?php
include '../include.php';
if ($posting) {
error_debug('user is posting', __FILE__, __LINE__);
if ($uploading) {
list($_POST['content'], $_POST['type_id']) = file_get_uploaded('content', 'docs_types');
}
langTranslatePost('title,description');
$id = db_save('docs');
//debug();
db_checkboxes('categories', 'docs_to_categories', 'documentID', 'categoryID', $id);
if (getOption('channels')) {
db_checkboxes('channels', 'docs_to_channels', 'doc_id', 'channel_id', $id);
}
url_change('info.php?id=' . $id);
}
if (url_id()) {
$d = db_grab('SELECT title, description FROM docs WHERE id = ' . $_GET['id']);
$pageAction = getString('edit');
} else {
$pageAction = getString('add_new');
}
echo drawTop();
//load code for JS
$extensions = array();
$doctypes = array();
$types = db_query('SELECT description, extension FROM docs_types ORDER BY description');
while ($t = db_fetch($types)) {
$extensions[] = '(extension != "' . $t['extension'] . '")';
$doctypes[] = ' - ' . $t['description'] . ' (.' . $t['extension'] . ')';
function addField($array)
{
//defaults
$type = $value = $class = $name = $label = $required = $append = $sql = $action = $additional = $maxlength = $options_table = $options = $linking_table = false;
//load inputs
if (!is_array($array)) {
return error_handle("array not set");
}
extract($array);
//type is required
if (!$type) {
return error_handle("type not set");
}
if ($type == "text" && !isset($array["additional"]) && $required) {
$additional = "(Required)";
}
error_debug("adding field " . $label);
if (!$name) {
$name = format_text_code($label);
}
if (!$label) {
$label = format_text_human($name);
}
if (!$value) {
$value = isset($this->values[$name]) ? $this->values[$name] : false;
}
if (!$class) {
$class = $type;
}
if ($type == "checkbox") {
$additional = $label;
$label = false;
}
//package and save
$this->fields[] = compact("name", "type", "label", "value", "append", "required", "sql", "class", "action", "additional", "options_table", "options", "linking_table", "maxlength");
}
<?php
include "include.php";
$redirect = false;
if (isset($_GET["logout"])) {
error_debug("<b>index.php</b> Logging Out");
cookie("last_login");
$redirect = "/";
} elseif (isset($_COOKIE["last_login"]) && login($_COOKIE["last_login"], "", true)) {
//log in with last login
error_debug("<b>index.php</b> Cookie Found (good)");
$redirect = !empty($_GET["goto"]) ? $_GET["goto"] : $user["url"];
} elseif ($posting) {
//logging in
error_debug("<b>index.php</b> Posting");
if (login($_POST["email"], $_POST["password"])) {
error_debug("<b>index.php</b> Login successful");
cookie("last_login", $_POST["email"]);
$redirect = !empty($_POST["goto"]) ? $_POST["goto"] : $user["url"];
} else {
error_debug("<b>index.php</b> Login unsuccessful");
$redirect = "/";
}
}
if ($redirect) {
url_change($redirect);
}
include "_hcfa-cc/login.php";
function drawTop()
{
global $user, $_josh, $page, $isAdmin, $printing, $locale;
error_debug("starting top");
$title = $page["module"] . " > " . $page["name"];
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php
echo $title;
?>
</title>
<link rel="stylesheet" type="text/css" href="/assets/vendor/bootstrap/dist/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="/assets/css/style.css">
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="<?php
echo $locale;
?>
style-ie.css" />
<![endif]-->
</head>
<body>
<?php
if (!$printing) {
?>
<div class="container">
<div class="row banner">
<div class="col-md-4">
<a href="/bb/"><img src="/assets/img/logo-cc.png" width="240" height="86" class="img-responsive"></a>
</div>
<div class="col-md-4">
<a href="/bb/"><img src="/assets/img/logo-hla.png" width="330" height="64" class="img-responsive"></a>
</div>
<div class="col-md-4">
<a href="/bb/"><img src="/assets/img/logo-hcfa.png" width="186" height="102" class="img-responsive"></a>
</div>
</div>
<div class="row">
<div id="left" class="col-md-8">
<div id="help">
<a class="button left" href="/bb/">
<i class="glyphicon glyphicon-home"></i>
Home
</a>
<a class="button right" href="<?php
echo url_query_add(array("toggleMenuPref" => "isOpenHelp"), false);
?>
">
<i class="glyphicon glyphicon-info-sign"></i>
<?php
if ($user["isOpenHelp"]) {
?>
Hide<?php
} else {
?>
Show<?php
}
?>
Help
</a>
<?php
if ($user["isOpenHelp"]) {
if ($user["isAdmin"]) {
?>
<a class="button right" href="/admin/edit-help.php?id=<?php
echo $page["id"];
?>
&returnTo=<?php
echo urlencode($_josh["request"]["path_query"]);
?>
">
<i class="glyphicon glyphicon-edit"></i>
Edit Page Info
</a>
<?php
}
?>
<div class="text">
<?php
echo $page["helpText"] ? $page["helpText"] : "No help is available for this page.";
?>
</div>
<?php
}
?>
</div>
<?php
}
if ($_josh["request"]["folder"] == "helpdesk") {
echo drawNavigationHelpdesk();
}
echo drawNavigation();
$_josh["drawn"]["top"] = true;
error_debug("finished drawing top");
}
<?php
include 'include.php';
if ($posting) {
error_debug('handling bb post', __FILE__, __LINE__);
format_post_bits('is_admin');
langTranslatePost('title,description');
$id = db_save('bb_topics');
db_query('UPDATE bb_topics SET thread_date = GETDATE(), replies = (SELECT COUNT(*) FROM bb_followups WHERE topic_id = ' . $id . ') WHERE id = ' . $id);
if (getOption('channels')) {
db_checkboxes('channels', 'bb_topics_to_channels', 'topic_id', 'channel_id', $id);
}
//notification
if ($_POST['is_admin'] == '1') {
//get addresses of everyone & send with message
emailUser(db_array('SELECT email FROM users WHERE is_active = 1'), $_POST['title'], drawEmail(bbDrawTopic($id, true)));
} elseif (getOption('bb_notifypost') && getOption('channels') && getOption('languages')) {
//get addresses of everyone with indicated interests and send
$channels = array_post_checkboxes('channels');
$languages = db_table('SELECT id, code FROM languages');
foreach ($languages as $l) {
$addresses = db_array('SELECT DISTINCT u.email FROM users u JOIN users_to_channels_prefs u2cp ON u.id = u2cp.user_id WHERE u.is_active = 1 AND u.language_id = ' . $l['id'] . ' AND u2cp.channel_id IN (' . implode(',', $channels) . ')');
$topic = db_grab('SELECT
ISNULL(u.nickname, u.firstname) firstname,
u.lastname,
t.title' . langExt($l['code']) . ' title,
t.description' . langExt($l['code']) . ' description,
y.title' . langExt($l['code']) . ' type,
t.created_date
FROM bb_topics t
LEFT JOIN bb_topics_types y ON t.type_id = y.id
function format_verify($variable, $type = "int")
{
error_debug("<b>format_verify</b> for " . $variable);
if ($type == "int") {
if (!is_numeric($variable)) {
$variable += 0;
if (!is_int($variable)) {
return false;
}
}
} elseif ($type == "num") {
if (!is_numeric($variable)) {
return false;
}
} elseif ($type == "key") {
if (strlen($variable) > 13) {
return false;
}
} elseif ($type == "string") {
if (!is_string($variable)) {
return false;
}
}
return true;
}
function draw_page($title, $html, $severe = false, $keepalive = false)
{
global $_josh;
error_debug("drawing page");
$_josh["drawn"]["css"] = false;
if ($severe) {
$title = "<font color='" . $_josh["colors"]["red2"] . "'>" . $title . "</font>";
}
$return = "<html>\n\t\t<head>\n\t\t\t<title>" . strip_tags($title) . "</title>\n\t\t\t" . draw_css($keepalive) . "\n\t\t\t<script language='javascript'>\n\t\t\t\t<!--\n\t\t\t\tfunction josh_confirm(action, message, id) {\n\t\t\t\t\tvar url = '/j/' + action + '/';\n\t\t\t\t\tif (id) url += '/' + id + '/';\n\t\t\t\t\tif (confirm('Are you sure you want to ' + message + '?')) location.href = url;\n\t\t\t\t}\n\t\t\t\t//-->\n\t\t\t</script>\n\t\t</head>\n\t\t<body class='josh_body' bgcolor='" . $_josh["colors"]["grey3"] . "'>\n\t\t\t<table width='100%' height='100%' cellpadding='0' cellspacing='0' border='0'>\n\t\t\t\t<tr height='90%'>\n\t\t\t\t\t<td align='center' height='350'>\n\t\t\t\t\t\t<table width='400' height='250' cellpadding='20' cellspacing='0' border='0' bgcolor='" . $_josh["colors"]["white"] . "'>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td valign='top'>\n\t\t\t\t\t\t\t\t<div class='josh_title'>" . $title . "</div>\n\t\t\t\t\t\t\t\t<br>\n\t\t\t\t\t\t\t\t<div class='josh_message'>" . $html . "</div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</table>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</body>\n\t</html>";
if ($keepalive) {
return $return;
}
echo $return;
db_close();
}
<?php
error_debug("~ including error.php");
function error_break()
{
global $_josh;
unset($_josh["ignored_words"]);
//too long. gets in the way!
echo draw_array($_josh);
exit;
}
function error_debug($message)
{
global $_josh;
if ($_josh["debug"]) {
$backtrace = debug_backtrace();
$level = 0;
echo $message . "<br/>" . $backtrace[$level]["file"] . ", line " . $backtrace[$level]["line"] . "<br/><hr noshade color='#cccccc' size='1'/>";
}
}
function error_handle($type, $message, $run_trace = true)
{
global $_josh;
if ($run_trace) {
$backtrace = debug_backtrace();
$level = count($backtrace) - 1;
$message .= " on line " . $backtrace[$level]["line"] . " of file " . $backtrace[$level]["file"];
}
if (function_exists("error_email")) {
$email = $message;
$email .= "<br><br>Of page: <a href='" . $_josh["request"]["uri"] . "'>" . $_josh["request"]["uri"] . "</a>";
}
}
}
//send invite
if (!$editing) {
emailInvite($id);
}
if (url_id() == user()) {
//todo, fix this and make it more user-update dependent
$_SESSION['update_days'] = 0;
$_SESSION['updated_date'] = 'foo';
}
//clean up users requests
if (url_id('requestID')) {
db_delete('users_requests', $_GET['requestID']);
error_debug('deleted user request', __FILE__, __LINE__);
}
url_change('view.php?id=' . $id);
} elseif (url_id('requestID')) {
$values = db_grab('SELECT * FROM users_requests WHERE id = ' . $_GET['requestID']);
} else {
$values = false;
}
echo drawTop();
$f = new form('users', @$_GET['id'], $page['title']);
$f->set_title_prefix($page['breadcrumbs']);
//public info
$f->set_group(getString('public_info'), increment());
$f->unset_fields(array('image_medium', 'image_small', 'password', 'lastLogin', 'imageID', 'layoutID', 'homepage', 'notify_topics'));
$f->set_field(array('name' => 'firstname', 'type' => 'text', 'label' => getString('name_first'), 'position' => increment()));
$f->set_field(array('name' => 'nickname', 'type' => 'text', 'label' => getString('nickname'), 'position' => increment()));
error_debug("<b>index.php</b> Logging Out", __FILE__, __LINE__);
cookie("last_login");
$_SESSION["user_id"] = false;
$redirect = "/";
} elseif (login(@$_COOKIE["last_login"], "", true)) {
//log in with last login
error_debug("<b>index.php</b> Cookie Found (good)", __FILE__, __LINE__);
$redirect = empty($_GET["goto"]) ? $_SESSION["homepage"] : $_GET["goto"];
} elseif ($posting) {
//logging in
error_debug("<b>index.php</b> Posting", __FILE__, __LINE__);
if (login($_POST["email"], $_POST["password"])) {
error_debug("<b>index.php</b> Login successful", __FILE__, __LINE__);
$redirect = empty($_POST["goto"]) ? $_SESSION["homepage"] : $_POST["goto"];
} else {
error_debug("<b>index.php</b> Login unsuccessful", __FILE__, __LINE__);
$redirect = "/";
}
}
if ($redirect) {
url_change($redirect);
}
url_header_utf8();
?>
<html>
<head>
<?php
echo draw_meta_utf8();
?>
<title><?php
echo getString("app_name");
function login($username, $password, $skippass = false)
{
global $_SESSION;
//need id, fullname, email departmentid, ishelpdesk, homepage, update_days, updated_on, first
if ($skippass) {
$where = '';
error_debug('<b>login</b> running without password', __FILE__, __LINE__);
} else {
$where = ' AND ' . db_pwdcompare($password, 'u.password') . ' = 1';
error_debug('<b>login</b> running with password', __FILE__, __LINE__);
}
if ($user = db_grab('SELECT
u.id,
ISNULL(u.nickname, u.firstname) firstname,
u.lastname,
u.email,
' . db_pwdcompare('', 'u.password') . ' password,
u.departmentID,
d.isHelpdesk,
u.help,
u.is_admin,
u.updated_date,
u.language_id,
l.code language,
' . db_datediff('u.updated_date', 'GETDATE()') . ' update_days
FROM users u
LEFT JOIN languages l ON u.language_id = l.id
LEFT JOIN departments d ON u.departmentID = d.departmentID
WHERE u.email = \'' . $username . '\' AND u.is_active = 1' . $where)) {
//login was good
db_query('UPDATE users SET lastlogin = GETDATE() WHERE id = ' . $user['id']);
$_SESSION['user_id'] = $user['id'];
$_SESSION['is_admin'] = $user['is_admin'];
$_SESSION['email'] = $user['email'];
$_SESSION['homepage'] = '/bb/';
$_SESSION['departmentID'] = $user['departmentID'];
$_SESSION['isHelpdesk'] = $user['isHelpdesk'];
$_SESSION['update_days'] = $user['update_days'];
$_SESSION['updated_date'] = $user['updated_date'];
$_SESSION['password'] = $user['password'];
$_SESSION['language_id'] = $user['language_id'];
$_SESSION['language'] = $user['language'];
$_SESSION['full_name'] = $user['firstname'] . ' ' . $user['lastname'];
$_SESSION['isLoggedIn'] = true;
cookie('last_login', $user['email']);
cookie('last_email', $user['email']);
return true;
}
$_SESSION['user_id'] = false;
return false;
}
function file_sister($filename, $ext)
{
global $_josh;
//this will tell you if there's a 'sister file' in the same directory, eg picture.jpg && picture.html
if (file_exists($filename)) {
list($file, $extension, $path) = file_name($filename);
$sister = $path . $_josh["folder"] . $file . "." . $ext;
if (file_exists($sister)) {
error_debug("file sister file exists");
return $sister;
} else {
error_debug("file sister {$sister} does not exist");
}
}
return false;
}
<?php
include '../include.php';
if ($posting) {
error_debug("handling bb post");
format_post_bits("isAdmin,temporary");
$id = db_enter("bulletin_board_topics", "title |description isAdmin temporary");
db_query("UPDATE bulletin_board_topics SET threadDate = GETDATE() WHERE id = " . $id);
if ($_POST["isAdmin"] == "'1'") {
//send admin email
//get topic
$r = db_grab("SELECT \n\t\t\t\tt.title,\n\t\t\t\tt.description,\n\t\t\t\tu.userID,\n\t\t\t\tISNULL(u.nickname, u.firstname) firstname,\n\t\t\t\tu.lastname,\n\t\t\t\tt.createdOn\n\t\t\t\tFROM bulletin_board_topics t\n\t\t\t\tJOIN intranet_users u ON t.createdBy = u.userID\n\t\t\t\tWHERE t.id = " . $id);
//construct email
$message = drawEmailHeader();
$message .= drawServerMessage("<b>Note</b>: This is an Administration/Human Resources topic from the <a href='http://" . $server . "/bulletin_board/'>Intranet Bulletin Board</a>. For more information, please contact the <a href='mailto:hrpayroll@seedco.org'>Human Resources Department</a>.");
$message .= '<table class="center">';
$message .= drawHeaderRow("Email", 2);
$message .= drawThreadTop($r["title"], $r["description"], $r["userID"], $r["firstname"] . " " . $r["lastname"], $r["createdOn"]);
$message .= '</table>' . drawEmailFooter();
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: " . $_josh["email_default"] . "\r\n";
//get addresses & send
$users = db_query("SELECT email FROM intranet_users WHERE isactive = 1");
while ($u = db_fetch($users)) {
mail($u["email"], $r["title"], $message, $headers);
}
}
syndicateBulletinBoard();
url_change();
}
