function checkPermission($action, $noredirect = "") { static $AdminRoleID = 0; static $AdminRolePerms = array(); $permid = array_search($action, getAdminPermsArray()); if (isset($_SESSION['adminid'])) { if (!$AdminRoleID) { $result = select_query("tbladmins", "roleid", array("id" => $_SESSION['adminid'])); $data = mysql_fetch_array($result); $roleid = $data['roleid']; $AdminRoleID = $roleid; } if (!count($AdminRolePerms)) { $result = select_query("tbladminperms", "permid", array("roleid" => $AdminRoleID)); while ($data = mysql_fetch_array($result)) { $AdminRolePerms[] = $data[0]; } } } $match = in_array($permid, $AdminRolePerms) ? true : false; if ($noredirect) { if ($match) { return true; } return false; } if (!$match) { redir("permid=" . $permid, "accessdenied.php"); } }
exit("This file cannot be accessed directly"); } if (!function_exists("getAdminPermsArray")) { require ROOTDIR . "/includes/adminfunctions.php"; } $result = select_query("tbladmins", "id,firstname,lastname,notes,signature,roleid,supportdepts", array("id" => $_SESSION['adminid'])); $data = mysql_fetch_array($result); $adminid = $data['id']; $firstname = $data['firstname']; $lastname = $data['lastname']; $notes = $data['notes']; $signature = $data['signature']; $adminroleid = $data['roleid']; $supportdepts = $data['supportdepts']; $apiresults = array("result" => "success", "adminid" => $adminid, "name" => "" . $firstname . " " . $lastname, "notes" => $notes, "signature" => $signature); $adminpermsarray = getAdminPermsArray(); $result = select_query("tbladminperms", "", array("roleid" => $adminroleid)); while ($data = mysql_fetch_array($result)) { $permid = $data['permid']; $apiresults->allowedpermissions .= $adminpermsarray[$permid] . ","; } $apiresults->departments .= $supportdepts; $apiresults['allowedpermissions'] = substr($apiresults['allowedpermissions'], 0, 0 - 1); if ($iphone) { if (defined("IPHONELICENSE")) { exit("License Hacking Attempt Detected"); } global $licensing; define("IPHONELICENSE", $licensing->isActiveAddon("iPhone App")); $apiresults['iphone'] = IPHONELICENSE; }
public function display() { global $templates_compiledir; global $CONFIG; global $disable_admin_ticket_page_counts; global $_ADMINLANG; $this->smarty = new Smarty(); $this->smarty->template_dir = $this->getTemplatePath(); $this->smarty->compile_dir = $templates_compiledir; if ($this->inClientsProfile) { $this->title = "Clients Profile"; $this->sidebar = "clients"; $this->icon = "clientsprofile"; } if (count($this->chartFunctions)) { $chartredrawjs = "function redrawCharts() { "; foreach ($this->chartFunctions as $chartfunc) { $chartredrawjs .= $chartfunc . "(); "; } $chartredrawjs .= "}"; $this->extrajscode[] = $chartredrawjs; $this->extrajscode[] = "\$(window).bind(\"resize\", function(event) { redrawCharts(); });"; } $jquerycode = count($this->internaljquerycode) ? implode("\r\n", $this->internaljquerycode) : ""; if ($this->jquerycode) { $jquerycode .= "\r\n" . $this->jquerycode; } $this->assign("charset", $CONFIG['Charset']); $this->assign("template", $this->adminTemplate); $this->assign("pagetemplate", $this->template); if (isset($_SESSION['adminid'])) { $this->assign("adminid", $_SESSION['adminid']); } $this->assign("filename", $this->filename); $this->assign("pagetitle", $this->title); $this->assign("helplink", str_replace(" ", "_", $this->helplink)); $this->assign("sidebar", $this->sidebar); $this->assign("minsidebar", isset($_COOKIE['WHMCSMinSidebar']) ? true : false); $this->assign("pageicon", $this->icon); $this->assign("jquerycode", $jquerycode); $this->assign("jscode", $this->jscode . implode("\r\n", $this->extrajscode)); $this->assign("_ADMINLANG", $_ADMINLANG); $this->assign("csrfToken", generate_token("plain")); $addonmodulesperms = unserialize($CONFIG['AddonModulesPerms']); $this->assign("datepickerformat", str_replace(array("DD", "MM", "YYYY"), array("dd", "mm", "yy"), $CONFIG['DateFormat'])); if (isset($_SESSION['adminid'])) { $result = select_query("tbladmins", "firstname,lastname,notes,supportdepts,roleid", array("id" => $_SESSION['adminid'])); $data = mysql_fetch_array($result); $admin_username = $data['firstname'] . " " . $data['lastname']; $admin_notes = $data['notes']; $admin_supportdepts = $data['supportdepts']; $admin_roleid = $data['roleid']; $this->assign("admin_username", ucfirst($admin_username)); $this->assign("admin_notes", $admin_notes); $admin_perms = array(); $adminpermsarray = getAdminPermsArray(); $result = select_query("tbladminperms", "permid", array("roleid" => $admin_roleid)); while ($data = mysql_fetch_array($result)) { $admin_perms[] = $adminpermsarray[$data[0]]; } $this->assign("admin_perms", $admin_perms); $this->assign("addon_modules", $addonmodulesperms[$admin_roleid]); } $admins = ""; $query = "SELECT DISTINCT adminusername FROM tbladminlog WHERE lastvisit>='" . date("Y-m-d H:i:s", mktime(date("H"), date("i") - 15, date("s"), date("m"), date("d"), date("Y"))) . "' AND logouttime='0000-00-00' ORDER BY lastvisit ASC"; $result = full_query($query); while ($data = mysql_fetch_array($result)) { $admins .= $data['adminusername'] . ", "; } $this->assign("adminsonline", substr($admins, 0, 0 - 2)); $flaggedticketschecked = false; $flaggedtickets = 0; if ($this->sidebar == "support") { $allactive = $awaitingreply = 0; $ticketcounts = array(); $admin_supportdepts_qry = array(); $admin_supportdepts = explode(",", $admin_supportdepts); foreach ($admin_supportdepts as $deptid) { if (trim($deptid)) { $admin_supportdepts_qry[] = (int) $deptid; continue; } } if (count($admin_supportdepts_qry) < 1) { $admin_supportdepts_qry[] = 0; } if ($disable_admin_ticket_page_counts) { $query = "SELECT tblticketstatuses.title,'x',showactive,showawaiting FROM tblticketstatuses ORDER BY sortorder ASC"; } else { $query = "SELECT tblticketstatuses.title,(SELECT COUNT(tbltickets.id) FROM tbltickets WHERE did IN (" . db_build_in_array($admin_supportdepts_qry) . ") AND tbltickets.status=tblticketstatuses.title),showactive,showawaiting FROM tblticketstatuses ORDER BY sortorder ASC"; } $result = full_query($query); while ($data = mysql_fetch_array($result)) { $ticketcounts[] = array("title" => $data[0], "count" => $data[1]); if ($data['showactive']) { $allactive += $data[1]; } if ($data['showawaiting']) { $awaitingreply += $data[1]; } } if (!$disable_admin_ticket_page_counts) { $result = select_query("tbltickets", "COUNT(*)", "status!='Closed' AND flag='" . (int) $_SESSION['adminid'] . "'"); $data = mysql_fetch_array($result); $flaggedtickets = $data[0]; $flaggedticketschecked = true; } $this->assign("ticketsallactive", $allactive); $this->assign("ticketsawaitingreply", $awaitingreply); $this->assign("ticketsflagged", $flaggedtickets); $this->assign("ticketcounts", $ticketcounts); $this->assign("ticketstatuses", $ticketcounts); $departments = array(); $result = select_query("tblticketdepartments", "id,name", "id IN (" . db_build_in_array($admin_supportdepts_qry) . ")", "order", "ASC"); while ($data = mysql_fetch_array($result)) { $departments[] = array("id" => $data['id'], "name" => $data['name']); } $this->assign("ticketdepts", $departments); } if (checkPermission("Sidebar Statistics", true)) { $templatevars = array(); $pendingorderstatuses = array(); $result = select_query("tblorderstatuses", "title", "showpending=1"); while ($data = mysql_fetch_array($result)) { $pendingorderstatuses[] = $data['title']; } $query = "SELECT COUNT(*) FROM tblorders INNER JOIN tblclients ON tblclients.id=tblorders.userid WHERE tblorders.status IN (" . db_build_in_array($pendingorderstatuses) . ")"; $result = full_query($query); $data = mysql_fetch_array($result); $templatevars['orders']['pending'] = $data[0]; $templatevars['clients']['active'] = $templatevars['clients']['inactive'] = $templatevars['clients']['closed'] = 0; $query = "SELECT status,COUNT(*) FROM tblclients GROUP BY status"; $result = full_query($query); while ($data = mysql_fetch_array($result)) { $templatevars['clients'][strtolower($data[0])] = $data[1]; } $templatevars['services']['pending'] = $templatevars['services']['active'] = $templatevars['services']['suspended'] = $templatevars['services']['terminated'] = $templatevars['services']['cancelled'] = $templatevars['services']['fraud'] = 0; $query = "SELECT domainstatus,COUNT(*) FROM tblhosting GROUP BY domainstatus"; $result = full_query($query); while ($data = mysql_fetch_array($result)) { $templatevars['services'][strtolower($data[0])] = $data[1]; } $templatevars['domains']['pending'] = $templatevars['domains']['active'] = $templatevars['domains']['pendingtransfer'] = $templatevars['domains']['expired'] = $templatevars['domains']['cancelled'] = $templatevars['domains']['fraud'] = 0; $query = "SELECT status,COUNT(*) FROM tbldomains GROUP BY status"; $result = full_query($query); while ($data = mysql_fetch_array($result)) { $templatevars['domains'][str_replace(" ", "", strtolower($data[0]))] = $data[1]; } $query = "SELECT COUNT(id) FROM tblinvoices WHERE status='Unpaid'"; $result = full_query($query); $data = mysql_fetch_array($result); $templatevars['invoices']['unpaid'] = $data[0]; $query = "SELECT COUNT(id) FROM tblinvoices WHERE status='Unpaid' AND duedate<'" . date("Ymd") . "'"; $result = full_query($query); $data = mysql_fetch_array($result); $templatevars['invoices']['overdue'] = $data[0]; if (!$disable_admin_ticket_page_counts) { $query = "SELECT COUNT(*) FROM tbltickets WHERE status!='Closed'"; $result = full_query($query); $data = mysql_fetch_array($result); $templatevars['tickets']['active'] = $data[0]; $query = "SELECT COUNT(*) FROM tbltickets WHERE status IN (SELECT title FROM `tblticketstatuses` WHERE showawaiting = '1')"; $result = full_query($query); $data = mysql_fetch_array($result); $templatevars['tickets']['awaitingreply'] = $data[0]; if ($flaggedticketschecked) { $templatevars['tickets']['flagged'] = $flaggedtickets; } else { $query = "SELECT COUNT(*) FROM tbltickets WHERE status!='Closed' AND flag='" . (int) $_SESSION['adminid'] . "'"; $result = full_query($query); $data = mysql_fetch_array($result); $templatevars['tickets']['flagged'] = $data[0]; } $ticketstats = array(); $query = "SELECT status,COUNT(*) FROM tbltickets GROUP BY status"; $result = full_query($query); while ($data = mysql_fetch_array($result)) { $ticketstats[$data[0]] = $data[1]; } $templatevars['tickets']['onhold'] = array_key_exists("On Hold", $ticketstats) ? $ticketstats["On Hold"] : "0"; $templatevars['tickets']['inprogress'] = array_key_exists("In Progress", $ticketstats) ? $ticketstats["In Progress"] : "0"; } $this->assign("sidebarstats", $templatevars); } $this->assignToSmarty(); $this->output(); }