function checkPermission($action, $noredirect = "")
{
static $AdminRoleID = 0;
static $AdminRolePerms = array();
$permid = array_search($action, getAdminPermsArray());
if (isset($_SESSION['adminid'])) {
if (!$AdminRoleID) {
$result = select_query("tbladmins", "roleid", array("id" => $_SESSION['adminid']));
$data = mysql_fetch_array($result);
$roleid = $data['roleid'];
$AdminRoleID = $roleid;
}
if (!count($AdminRolePerms)) {
$result = select_query("tbladminperms", "permid", array("roleid" => $AdminRoleID));
while ($data = mysql_fetch_array($result)) {
$AdminRolePerms[] = $data[0];
}
}
}
$match = in_array($permid, $AdminRolePerms) ? true : false;
if ($noredirect) {
if ($match) {
return true;
}
return false;
}
if (!$match) {
redir("permid=" . $permid, "accessdenied.php");
}
}
exit("This file cannot be accessed directly");
}
if (!function_exists("getAdminPermsArray")) {
require ROOTDIR . "/includes/adminfunctions.php";
}
$result = select_query("tbladmins", "id,firstname,lastname,notes,signature,roleid,supportdepts", array("id" => $_SESSION['adminid']));
$data = mysql_fetch_array($result);
$adminid = $data['id'];
$firstname = $data['firstname'];
$lastname = $data['lastname'];
$notes = $data['notes'];
$signature = $data['signature'];
$adminroleid = $data['roleid'];
$supportdepts = $data['supportdepts'];
$apiresults = array("result" => "success", "adminid" => $adminid, "name" => "" . $firstname . " " . $lastname, "notes" => $notes, "signature" => $signature);
$adminpermsarray = getAdminPermsArray();
$result = select_query("tbladminperms", "", array("roleid" => $adminroleid));
while ($data = mysql_fetch_array($result)) {
$permid = $data['permid'];
$apiresults->allowedpermissions .= $adminpermsarray[$permid] . ",";
}
$apiresults->departments .= $supportdepts;
$apiresults['allowedpermissions'] = substr($apiresults['allowedpermissions'], 0, 0 - 1);
if ($iphone) {
if (defined("IPHONELICENSE")) {
exit("License Hacking Attempt Detected");
}
global $licensing;
define("IPHONELICENSE", $licensing->isActiveAddon("iPhone App"));
$apiresults['iphone'] = IPHONELICENSE;
}
public function display()
{
global $templates_compiledir;
global $CONFIG;
global $disable_admin_ticket_page_counts;
global $_ADMINLANG;
$this->smarty = new Smarty();
$this->smarty->template_dir = $this->getTemplatePath();
$this->smarty->compile_dir = $templates_compiledir;
if ($this->inClientsProfile) {
$this->title = "Clients Profile";
$this->sidebar = "clients";
$this->icon = "clientsprofile";
}
if (count($this->chartFunctions)) {
$chartredrawjs = "function redrawCharts() { ";
foreach ($this->chartFunctions as $chartfunc) {
$chartredrawjs .= $chartfunc . "(); ";
}
$chartredrawjs .= "}";
$this->extrajscode[] = $chartredrawjs;
$this->extrajscode[] = "\$(window).bind(\"resize\", function(event) { redrawCharts(); });";
}
$jquerycode = count($this->internaljquerycode) ? implode("\r\n", $this->internaljquerycode) : "";
if ($this->jquerycode) {
$jquerycode .= "\r\n" . $this->jquerycode;
}
$this->assign("charset", $CONFIG['Charset']);
$this->assign("template", $this->adminTemplate);
$this->assign("pagetemplate", $this->template);
if (isset($_SESSION['adminid'])) {
$this->assign("adminid", $_SESSION['adminid']);
}
$this->assign("filename", $this->filename);
$this->assign("pagetitle", $this->title);
$this->assign("helplink", str_replace(" ", "_", $this->helplink));
$this->assign("sidebar", $this->sidebar);
$this->assign("minsidebar", isset($_COOKIE['WHMCSMinSidebar']) ? true : false);
$this->assign("pageicon", $this->icon);
$this->assign("jquerycode", $jquerycode);
$this->assign("jscode", $this->jscode . implode("\r\n", $this->extrajscode));
$this->assign("_ADMINLANG", $_ADMINLANG);
$this->assign("csrfToken", generate_token("plain"));
$addonmodulesperms = unserialize($CONFIG['AddonModulesPerms']);
$this->assign("datepickerformat", str_replace(array("DD", "MM", "YYYY"), array("dd", "mm", "yy"), $CONFIG['DateFormat']));
if (isset($_SESSION['adminid'])) {
$result = select_query("tbladmins", "firstname,lastname,notes,supportdepts,roleid", array("id" => $_SESSION['adminid']));
$data = mysql_fetch_array($result);
$admin_username = $data['firstname'] . " " . $data['lastname'];
$admin_notes = $data['notes'];
$admin_supportdepts = $data['supportdepts'];
$admin_roleid = $data['roleid'];
$this->assign("admin_username", ucfirst($admin_username));
$this->assign("admin_notes", $admin_notes);
$admin_perms = array();
$adminpermsarray = getAdminPermsArray();
$result = select_query("tbladminperms", "permid", array("roleid" => $admin_roleid));
while ($data = mysql_fetch_array($result)) {
$admin_perms[] = $adminpermsarray[$data[0]];
}
$this->assign("admin_perms", $admin_perms);
$this->assign("addon_modules", $addonmodulesperms[$admin_roleid]);
}
$admins = "";
$query = "SELECT DISTINCT adminusername FROM tbladminlog WHERE lastvisit>='" . date("Y-m-d H:i:s", mktime(date("H"), date("i") - 15, date("s"), date("m"), date("d"), date("Y"))) . "' AND logouttime='0000-00-00' ORDER BY lastvisit ASC";
$result = full_query($query);
while ($data = mysql_fetch_array($result)) {
$admins .= $data['adminusername'] . ", ";
}
$this->assign("adminsonline", substr($admins, 0, 0 - 2));
$flaggedticketschecked = false;
$flaggedtickets = 0;
if ($this->sidebar == "support") {
$allactive = $awaitingreply = 0;
$ticketcounts = array();
$admin_supportdepts_qry = array();
$admin_supportdepts = explode(",", $admin_supportdepts);
foreach ($admin_supportdepts as $deptid) {
if (trim($deptid)) {
$admin_supportdepts_qry[] = (int) $deptid;
continue;
}
}
if (count($admin_supportdepts_qry) < 1) {
$admin_supportdepts_qry[] = 0;
}
if ($disable_admin_ticket_page_counts) {
$query = "SELECT tblticketstatuses.title,'x',showactive,showawaiting FROM tblticketstatuses ORDER BY sortorder ASC";
} else {
$query = "SELECT tblticketstatuses.title,(SELECT COUNT(tbltickets.id) FROM tbltickets WHERE did IN (" . db_build_in_array($admin_supportdepts_qry) . ") AND tbltickets.status=tblticketstatuses.title),showactive,showawaiting FROM tblticketstatuses ORDER BY sortorder ASC";
}
$result = full_query($query);
while ($data = mysql_fetch_array($result)) {
$ticketcounts[] = array("title" => $data[0], "count" => $data[1]);
if ($data['showactive']) {
$allactive += $data[1];
}
if ($data['showawaiting']) {
$awaitingreply += $data[1];
}
}
if (!$disable_admin_ticket_page_counts) {
$result = select_query("tbltickets", "COUNT(*)", "status!='Closed' AND flag='" . (int) $_SESSION['adminid'] . "'");
$data = mysql_fetch_array($result);
$flaggedtickets = $data[0];
$flaggedticketschecked = true;
}
$this->assign("ticketsallactive", $allactive);
$this->assign("ticketsawaitingreply", $awaitingreply);
$this->assign("ticketsflagged", $flaggedtickets);
$this->assign("ticketcounts", $ticketcounts);
$this->assign("ticketstatuses", $ticketcounts);
$departments = array();
$result = select_query("tblticketdepartments", "id,name", "id IN (" . db_build_in_array($admin_supportdepts_qry) . ")", "order", "ASC");
while ($data = mysql_fetch_array($result)) {
$departments[] = array("id" => $data['id'], "name" => $data['name']);
}
$this->assign("ticketdepts", $departments);
}
if (checkPermission("Sidebar Statistics", true)) {
$templatevars = array();
$pendingorderstatuses = array();
$result = select_query("tblorderstatuses", "title", "showpending=1");
while ($data = mysql_fetch_array($result)) {
$pendingorderstatuses[] = $data['title'];
}
$query = "SELECT COUNT(*) FROM tblorders INNER JOIN tblclients ON tblclients.id=tblorders.userid WHERE tblorders.status IN (" . db_build_in_array($pendingorderstatuses) . ")";
$result = full_query($query);
$data = mysql_fetch_array($result);
$templatevars['orders']['pending'] = $data[0];
$templatevars['clients']['active'] = $templatevars['clients']['inactive'] = $templatevars['clients']['closed'] = 0;
$query = "SELECT status,COUNT(*) FROM tblclients GROUP BY status";
$result = full_query($query);
while ($data = mysql_fetch_array($result)) {
$templatevars['clients'][strtolower($data[0])] = $data[1];
}
$templatevars['services']['pending'] = $templatevars['services']['active'] = $templatevars['services']['suspended'] = $templatevars['services']['terminated'] = $templatevars['services']['cancelled'] = $templatevars['services']['fraud'] = 0;
$query = "SELECT domainstatus,COUNT(*) FROM tblhosting GROUP BY domainstatus";
$result = full_query($query);
while ($data = mysql_fetch_array($result)) {
$templatevars['services'][strtolower($data[0])] = $data[1];
}
$templatevars['domains']['pending'] = $templatevars['domains']['active'] = $templatevars['domains']['pendingtransfer'] = $templatevars['domains']['expired'] = $templatevars['domains']['cancelled'] = $templatevars['domains']['fraud'] = 0;
$query = "SELECT status,COUNT(*) FROM tbldomains GROUP BY status";
$result = full_query($query);
while ($data = mysql_fetch_array($result)) {
$templatevars['domains'][str_replace(" ", "", strtolower($data[0]))] = $data[1];
}
$query = "SELECT COUNT(id) FROM tblinvoices WHERE status='Unpaid'";
$result = full_query($query);
$data = mysql_fetch_array($result);
$templatevars['invoices']['unpaid'] = $data[0];
$query = "SELECT COUNT(id) FROM tblinvoices WHERE status='Unpaid' AND duedate<'" . date("Ymd") . "'";
$result = full_query($query);
$data = mysql_fetch_array($result);
$templatevars['invoices']['overdue'] = $data[0];
if (!$disable_admin_ticket_page_counts) {
$query = "SELECT COUNT(*) FROM tbltickets WHERE status!='Closed'";
$result = full_query($query);
$data = mysql_fetch_array($result);
$templatevars['tickets']['active'] = $data[0];
$query = "SELECT COUNT(*) FROM tbltickets WHERE status IN (SELECT title FROM `tblticketstatuses` WHERE showawaiting = '1')";
$result = full_query($query);
$data = mysql_fetch_array($result);
$templatevars['tickets']['awaitingreply'] = $data[0];
if ($flaggedticketschecked) {
$templatevars['tickets']['flagged'] = $flaggedtickets;
} else {
$query = "SELECT COUNT(*) FROM tbltickets WHERE status!='Closed' AND flag='" . (int) $_SESSION['adminid'] . "'";
$result = full_query($query);
$data = mysql_fetch_array($result);
$templatevars['tickets']['flagged'] = $data[0];
}
$ticketstats = array();
$query = "SELECT status,COUNT(*) FROM tbltickets GROUP BY status";
$result = full_query($query);
while ($data = mysql_fetch_array($result)) {
$ticketstats[$data[0]] = $data[1];
}
$templatevars['tickets']['onhold'] = array_key_exists("On Hold", $ticketstats) ? $ticketstats["On Hold"] : "0";
$templatevars['tickets']['inprogress'] = array_key_exists("In Progress", $ticketstats) ? $ticketstats["In Progress"] : "0";
}
$this->assign("sidebarstats", $templatevars);
}
$this->assignToSmarty();
$this->output();
}
