function saveCache($appid, $appsecrect)
{
$gettime = time();
$GLOBALS["atoken"] = getToken($appid, $appsecrect);
$GLOBALS["aticket"] = getTicket($GLOBALS["atoken"]);
if ($GLOBALS["aticket"] == -1) {
$GLOBALS["atoken"] = getToken($appid, $appsecrect);
$GLOBALS["aticket"] = getTicket($GLOBALS["atoken"]);
}
if ($GLOBALS["aticket"] == -1) {
$GLOBALS["atoken"] = getToken($appid, $appsecrect);
$GLOBALS["aticket"] = getTicket($GLOBALS["atoken"]);
}
$arr = array("token" => $GLOBALS["atoken"], "ticket" => $GLOBALS["aticket"], "time" => $gettime);
$ss = serialize($arr);
$fp = fopen($GLOBALS["file"], "w");
fputs($fp, $ss);
fclose($fp);
$logf = file_get_contents($GLOBALS["file"] . "log");
$logf .= "\n";
$logf .= json_encode($arr);
$fp = fopen($GLOBALS["file"] . "log", "w");
fputs($fp, $logf);
fclose($fp);
}
function macro_login($formatter, $value = "", $options = "")
{
global $DBInfo;
$url = $formatter->link_url('UserPreferences');
$urlpage = $formatter->link_url($formatter->page->urlname);
$user =& $DBInfo->user;
# get from COOKIE VARS
$jscript = '';
$onsubmit = '';
$passwd_hidden = '';
if ($user->id == 'Anonymous' and !empty($DBInfo->use_safelogin)) {
$onsubmit = ' onsubmit="javascript:_chall.value=challenge.value;password.value=hex_hmac_md5(challenge.value, hex_md5(password.value))"';
$jscript .= "<script src='{$DBInfo->url_prefix}/local/md5.js'></script>";
$time_seed = time();
$chall = md5(base64_encode(getTicket($time_seed, $_SERVER['REMOTE_ADDR'], 10)));
$passwd_hidden = "<input type='hidden' name='_seed' value='{$time_seed}' />";
$passwd_hidden .= "<input type='hidden' name='challenge' value='{$chall}' />";
$passwd_hidden .= "<input type='hidden' name='_chall' />\n";
}
$id = _("ID");
$pass = _("Password");
$join = _("Join");
$login = _("Login");
if (!empty($formatter->lang)) {
$lang = ' lang="' . substr($formatter->lang, 0, 2) . '"';
}
if ($user->id == 'Anonymous') {
return <<<LOGIN
<div id='wikiLogin'{$lang}>{$jscript}
<form method='post' action='{$urlpage}' {$onsubmit}>
<div>
<input type="hidden" name="action" value="userform" />
<table border='0' cellpadding='2' cellspacing='0'>
<tr><td class='label'>{$id}</td><td><input type='text' name='login_id' size='10' /></td></tr>
<tr><td class='label'>{$pass}</td><td><input name='password' type='password' size='10' /></td></tr>
<tr><td class='label'><a href='{$url}'>{$join}</a></td><td class='submit'><span class='button'><input type='submit' class='button' value='{$login}' /></span>{$passwd_hidden}</td></tr>
</table>
</div>
</form>
</div>
LOGIN;
}
$button = _("Logout");
$option = _("UserPreferences");
$msg = sprintf(_("%s or %s"), "<a href='{$url}'>{$option}</a>", "<span class='button'><input type='submit' class='button' name='logout' value='{$button}' /></span>");
return <<<LOGOUT
<div id='wikiLogin'>
<form method='post' action='{$urlpage}'>
<input type="hidden" name="action" value="userform" />
{$msg}
</form>
</div>
LOGOUT;
}
function getDetails($action, $id_ticket, $pdo)
{
// récupération du ticket
$table = getTicket($id_ticket, $pdo);
foreach ($table as $row) {
$id_ticket = $row['ID_TICKET'];
$titre = $row['TITRE'];
$description = $row['DESCRIPTION'];
$num_categorie = $row['NUM_CATEGORIE'];
$nom_categorie = $row['NOM_CATEGORIE'];
$num_importance = $row['NUM_IMPORTANCE'];
$nom_importance = $row['NOM_IMPORTANCE'];
$num_lieu = $row['NUM_LIEU'];
$nom_lieu = $row['NOM_LIEU'];
$num_statut = $row['NUM_STATUT'];
$nom_statut = $row['NOM_STATUT'];
$d_ouverture = $row['D_OUVERTURE'];
$id_responsable = $row['ID_RESPONSABLE'];
$nom_responsable = $row['NOM_RESPONSABLE'];
}
// Bouton édition
if (isset($_POST['edition'])) {
$bouton_edition = '<input type="submit" name="annul_edition" value="Annuler les modifications" class="button">';
} elseif ($action == 'historique' || $_SESSION['usr_connected']['classe'] == 3) {
$bouton_edition = '';
} else {
$bouton_edition = '<input type="submit" name="edition" value="Modifier le ticket" class="button">';
}
// création du formulaire
$details = '<form class="info_ticket" method="post" action="' . htmlspecialchars($_SERVER["PHP_SELF"] . '?ticketid=' . $_GET['ticketid']) . '">' . '<h2>' . "Information sur le ticket" . '</h2>' . $bouton_edition . '<!--';
switch ($action) {
case 'attribuer':
$details .= getFormElt('mi_largeur', $titre, 'Titre') . getFormSelect('mi_largeur highlight', listerImportance($num_importance, $pdo) . getIconImportance($num_importance), 'Importance') . getFormElt('pleine_largeur', $description, 'Description') . getFormSelect('mi_largeur highlight', listerLieu($num_lieu, $pdo), 'Lieu') . getFormSelect('mi_largeur highlight', listerCategorie($num_categorie, $pdo), 'Catégorie') . getFormSelect('mi_largeur highlight', listerAgent($id_responsable, $pdo), 'Agent') . getFormElt('mi_largeur', $nom_statut, 'Statut') . '-->' . '<!--' . '-->' . '<div class="boutons">' . '<input type="submit" name="attribuer" class="button details" value="Attribuer le ticket">' . '</div>' . '<!--';
break;
case 'encours':
$details .= getFormElt('mi_largeur', $titre, 'Titre') . getFormElt('mi_largeur', $nom_importance . getIconImportance($num_importance), 'Importance') . getFormElt('pleine_largeur', $description, 'Description') . getFormElt('mi_largeur', $nom_lieu, 'Lieu') . getFormElt('mi_largeur', $nom_categorie, 'Catégorie') . getFormElt('mi_largeur', $nom_responsable, 'Agent') . getFormElt('mi_largeur', $nom_statut, 'Statut') . '-->' . '<div class="boutons">' . '<input type="submit" name="resoudre" class="button details" value="Résoudre le ticket">' . '</div>' . '<div class="boutons">' . '<input type="submit" name="attente" class="button details" value="Mettre le ticket en attente">' . '</div>' . '<!--';
break;
case 'resoudre':
$boutons_res = $_SESSION['usr_connected']['classe'] == 3 ? "" : '<div class="boutons">' . '<input type="submit" name="cloturer" class="button details" value="Valider et cloturer le ticket">' . '</div>' . '<div class="boutons">' . '<input type="submit" name="refuser" class="button details" value="Refuser le ticket et le remettre en cours">' . '</div>';
$details .= getFormElt('mi_largeur', $titre, 'Titre') . getFormElt('mi_largeur', $nom_importance . getIconImportance($num_importance), 'Importance') . getFormElt('pleine_largeur', $description, 'Description') . getFormElt('mi_largeur', $nom_lieu, 'Lieu') . getFormElt('mi_largeur', $nom_categorie, 'Catégorie') . getFormElt('mi_largeur', $nom_responsable, 'Agent') . getFormElt('mi_largeur', $nom_statut, 'Statut') . '-->' . '<!--' . '-->' . $boutons_res . '<!--';
break;
case 'edition':
$details .= getFormEltInput('mi_largeur', 'titre', $titre, 'Titre') . getFormSelect('mi_largeur', listerImportance($num_importance, $pdo) . getIconImportance($num_importance), 'Importance') . getFormEltTA('pleine_largeur', 'description', $description, 'Description') . getFormSelect('mi_largeur', listerLieu($num_lieu, $pdo), 'Lieu') . getFormSelect('mi_largeur', listerCategorie($num_categorie, $pdo), 'Catégorie') . getFormSelect('mi_largeur', listerAgent($id_responsable, $pdo), 'Agent') . getFormElt('mi_largeur', $nom_statut, 'Statut') . '-->' . '<!--' . '-->' . '<div class="boutons">' . '<input type="submit" name="editer" class="button details" value="Enregistrer les modifications">' . '</div>' . '<!--';
break;
case 'historique':
$details .= getFormElt('mi_largeur', $titre, 'Titre') . getFormElt('mi_largeur', $nom_importance . getIconImportance($num_importance), 'Importance') . getFormElt('pleine_largeur', $description, 'Description') . getFormElt('mi_largeur', $nom_lieu, 'Lieu') . getFormElt('mi_largeur', $nom_categorie, 'Catégorie') . getFormElt('mi_largeur', $nom_responsable, 'Agent') . getFormElt('mi_largeur', $nom_statut, 'Statut');
break;
default:
$details .= getFormElt('mi_largeur', $titre, 'Titre') . getFormElt('mi_largeur', $nom_importance . getIconImportance($num_importance), 'Importance') . getFormElt('pleine_largeur', $description, 'Description') . getFormElt('mi_largeur', $nom_lieu, 'Lieu') . getFormElt('mi_largeur', $nom_categorie, 'Catégorie') . getFormElt('mi_largeur', $nom_responsable, 'Agent') . getFormElt('mi_largeur', $nom_statut, 'Statut');
break;
}
$details .= '-->' . '</form>';
return $details;
}
function changeTicketStatus($user, $ticket, $status)
{
global $db;
$statuses = getTicketsStatuses();
$old_ticket = getTicket($ticket);
$comments = $old_ticket['comments_id'];
$autocomment = "Изменил статус на \"" . $statuses[$status]["name"] . "\".";
$query_autocomment = $db->query("INSERT INTO helpdesk_comments (`creator`, `date`, `text`,`autocomment`)\r\n VALUES ('{$user}', NOW(), '{$autocomment}',true)");
if ($query_autocomment) {
$autocomment_id = $db->insert_id();
$comments = $comments . (strlen($comments) > 0 ? "," : "") . $autocomment_id;
}
if ($status != $old_ticket["status"]) {
$change_status_query = "INSERT INTO helpdesk_history (`changed`, `changer`, `ticket`, `status`)\r\n VALUES ( NOW(), '{$user}', '{$ticket}', '{$status}')";
$db->query($change_status_query);
}
$changed = "";
if (in_array($status, [1, 2, 3, 5, 7, 8])) {
$changed = ", `changed`=NOW(), `changer`='{$user}'";
}
$query_upd = $db->query("UPDATE helpdesk SET `status`='{$status}', `comments`='{$comments}' " . $changed . " WHERE `id`='{$ticket}'");
if ($query_upd) {
$result['success'] = true;
$result['msg'] = "Статус изменен на \"" . $statuses[$status]["name"] . "\"!";
} else {
$result['success'] = false;
}
return $result;
}
function do_Blog($formatter, $options)
{
global $DBInfo;
$COLS_MSIE = 80;
$COLS_OTHER = 85;
$cols = preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT']) ? $COLS_MSIE : $COLS_OTHER;
$rows = (!empty($options['rows']) and $options['rows'] > 5) ? $options['rows'] : 8;
$cols = (!empty($options['cols']) and $options['cols'] > 60) ? $options['cols'] : $cols;
$name = !empty($options['name']) ? $options['name'] : '';
$url = $formatter->link_url($formatter->page->urlname);
if (!empty($formatter->refresh) or !empty($options['button_refresh'])) {
updateBlogList($formatter);
$options['msg'] = sprintf(_("Blog cache of \"%s\" is refreshed"), $formatter->page->name);
}
$savetext = "";
if (!empty($options['savetext'])) {
$savetext = _stripslashes($options['savetext']);
$savetext = str_replace("\r", "", $savetext);
$savetext = str_replace("----\n", "-''''''---\n", $savetext);
$savetext = rtrim($savetext);
#$savetext=str_replace("<","<",$savetext);
}
# for conflict check
if (!empty($options['datestamp'])) {
$datestamp = $options['datestamp'];
} else {
$datestamp = $formatter->page->mtime();
}
if (!empty($options['title'])) {
$options['title'] = _stripslashes($options['title']);
} else {
$options['title'] = '';
}
$button_preview = $options['button_preview'];
if (!empty($savetext)) {
$ok_ticket = 0;
if (empty($use_any) and !empty($DBInfo->use_ticket) and $options['id'] == 'Anonymous') {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$options['msg'] = _("Invalid ticket !");
$button_preview = 1;
}
} else {
if (!$button_preview) {
$options['msg'] = _("You need a ticket !");
}
$button_preview = 1;
}
} else {
$ok_ticket = 1;
}
}
if (empty($button_preview) && !empty($savetext)) {
$savetext = preg_replace("/(?<!\\\\)}}}/", "\\}}}", $savetext);
$url = $formatter->link_tag($formatter->page->urlname, "", $options['page']);
$options['msg'] = sprintf(_("\"%s\" is updated"), $url);
if ($formatter->page->exists()) {
$raw_body = $formatter->page->_get_raw_body();
} else {
$raw_body = "#action Blog " . _("Add Blog") . "\n##Blog\n";
}
$lines = explode("\n", $raw_body);
$count = count($lines);
if ($options['id'] == 'Anonymous') {
$id = $options['name'] ? _stripslashes($options['name']) : $_SERVER['REMOTE_ADDR'];
} else {
$id = $options['id'];
}
if (!empty($options['value'])) {
# add comment
for ($i = 0; $i < $count; $i++) {
if (preg_match("/^({{{)?#!blog (.*)\$/", $lines[$i], $match)) {
if (md5($match[2]) == $options['value']) {
list($tag, $user, $date, $title) = explode(" ", $lines[$i], 4);
$found = 1;
if ($match[1]) {
$endtag = '}}}';
}
break;
}
}
}
if (!empty($found)) {
if (!empty($endtag)) {
for (; $i < $count; $i++) {
if (preg_match("/^}}}\$/", $lines[$i])) {
$found = 1;
break;
}
}
} else {
# XXX
$lines = explode("\n", rtrim($raw_body));
$i = count($lines);
}
if (!empty($options['nosig'])) {
$lines[$i] = "----\n{$savetext}\n{$endtag}";
} else {
$lines[$i] = "----\n{$savetext} @SIG@\n{$endtag}";
}
$raw_body = join("\n", $lines);
} else {
$formatter->send_header("", $options);
$formatter->send_title(_("Error: No blog entry found!"), "", $options);
$formatter->send_footer("", $options);
return;
}
} else {
# Blog entry
// check timestamp
if ($formatter->page->mtime() > $datestamp) {
$options['msg'] = '';
if ($options['action_mode'] == 'ajax') {
print "false\n";
print _("Error: Don't make a clone!");
} else {
$formatter->send_title(_("Error: Don't make a clone!"), "", $options);
$formatter->send_footer("", $options);
}
return;
}
$entry = "{{{#!blog {$id} @date@";
if (!empty($options['title'])) {
$entry .= " " . $options['title'];
}
$entry .= "\n{$savetext}\n}}}\n\n";
if (preg_match("/\n##Blog\n/i", $raw_body)) {
$raw_body = preg_replace("/\n##Blog\n/i", "\n##Blog\n{$entry}", $raw_body, 1);
} else {
$raw_body .= $entry;
}
}
$myrefresh = '';
if (!empty($DBInfo->use_save_refresh)) {
$sec = $DBInfo->use_save_refresh - 1;
$lnk = $formatter->link_url($formatter->page->urlname, "?action=show");
$myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
}
$formatter->send_header($myrefresh, $options);
if (!empty($options['value'])) {
$formatter->send_title(sprintf(_("Comment added to \"%s\""), $title), "", $options);
$log = "Add Comment to \"{$title}\"";
} else {
$formatter->send_title(sprintf(_("Blog entry added to \"%s\""), $options['page']), "", $options);
if (!empty($options['title'])) {
$log = sprintf(_("Blog entry \"%s\" added"), $options['title']);
} else {
$log = _("Blog entry added");
}
}
$formatter->page->write($raw_body);
$DBInfo->savePage($formatter->page, $log, $options);
updateBlogList($formatter);
if ($options['action_mode'] == 'ajax') {
print "true\n";
print $options['msg'];
} else {
$formatter->send_page();
}
} else {
# add entry or comment
$formatter->send_header("", $options);
if (!empty($options['value'])) {
$raw_body = $formatter->page->_get_raw_body();
$lines = explode("\n", $raw_body);
$count = count($lines);
for ($i = 0; $i < $count; $i++) {
if (preg_match("/^({{{)?#!blog (.*)\$/", $lines[$i], $match)) {
if (md5($match[2]) == $options['value']) {
list($tag, $user, $date, $title) = explode(" ", $lines[$i], 4);
$found = 1;
$lines[$i] = '#!blog ' . $match[2];
break;
}
}
}
if (!empty($found)) {
$quote = '';
for (; $i < $count; $i++) {
if (preg_match("/^}}}\$/", $lines[$i])) {
break;
}
$quote .= $lines[$i] . "\n";
}
}
if (empty($title)) {
$title = $options['page'];
}
if (empty($found)) {
$formatter->send_title("Error: No entry found!", "", $options);
$formatter->send_footer("", $options);
return;
}
$formatter->send_title(sprintf(_("Add Comment to \"%s\""), $title), "", $options);
} else {
$formatter->send_title(sprintf(_("Add Blog entry to \"%s\""), $options['page']), "", $options);
}
$options['noaction'] = 1;
if (!empty($quote)) {
$quote = str_replace('\\}}}', '}}}', $quote);
print $formatter->processor_repl('blog', $quote, $options);
#print $formatter->send_page($quote,$options);
}
$extra = '';
$btn = _("Refresh");
if ($options['id'] != 'Anonymous') {
$extra = '<div style="text-align:right">' . '
<span class="button"><input type="submit" class="button" name="button_refresh" value="' . $btn . '" /></span></div>';
}
if (!empty($options['value'])) {
print "<a name='BlogComment'></a>";
}
print '<div id="editor_area">';
print "<form method='post' action='{$url}'>\n";
$myinput = '';
if ($options['id'] == 'Anonymous') {
$myinput .= '<b>' . _("Name") . "</b>: <input name='name' size='15' maxlength='15' value='{$name}' />\n";
}
if (empty($options['value'])) {
$myinput .= '<b>' . _("Title") . "</b>: <input name='title' value='{$options['title']}' size='70' maxlength='70' style='width:300px' /><br />\n";
} else {
print "<input type='hidden' name='value' value='{$options['value']}' />\n";
}
print '<div class="editor_area_extra">' . $myinput . "</div>\n";
$savetext = $savetext ? $savetext : 'Enter blog entry';
if (!empty($DBInfo->use_wikiwyg)) {
$wysiwyg_msg = _("GUI");
$wysiwyg_btn = ' <span class="button"><input class="button" type="button" tabindex="7" value="' . $wysiwyg_msg . '" onclick="javascript:sectionEdit(null,null,null)" /></span>';
}
if ($DBInfo->use_resizer > 1) {
echo <<<JS
<script type="text/javascript" src="{$DBInfo->url_prefix}/local/textarea.js"></script>
JS;
}
print <<<FORM
<div class="resizable-textarea" style='position:relative'><!-- IE hack -->
<textarea class="wiki resizable" id="content" wrap="virtual" name="savetext"
rows="{$rows}" cols="{$cols}" class="wiki">{$savetext}</textarea></div>
FORM;
if (!empty($options['value'])) {
print "<input name='nosig' type='checkbox' />" . _("Don't add a signature") . "<br />";
}
$save_msg = _("Save");
$preview_msg = _("Preview");
if (empty($use_any) and !empty($DBInfo->use_ticket) and $options['id'] == 'Anonymous') {
$seed = md5(base64_encode(time()));
$ticketimg = $formatter->link_url($formatter->page->urlname, '?action=ticket&__seed=' . $seed);
$captcha = <<<EXTRA
<div class='captcha'><span class='captchaImg'><img src="{$ticketimg}" alt="captcha" /></span><input type="text" size="10" name="check" />
<input type="hidden" name="__seed" value="{$seed}" /></div>
EXTRA;
}
print <<<FORM2
{$captcha}
<input type="hidden" name="action" value="Blog" />
<input type="hidden" name="datestamp" value="{$datestamp}" />
<span class="button"><input type="submit" class="button" value="{$save_msg}" /></span>
<span class="button"><input type="submit" class="button" name="button_preview" value="{$preview_msg}" /></span>
{$wysiwyg_btn}{$extra}
</form>
</div>
FORM2;
if (!empty($DBInfo->use_wikiwyg) and $DBInfo->use_wikiwyg >= 3) {
print <<<JS
<script type='text/javascript'>
/*<![CDATA[*/
sectionEdit(null,null,null);
/*]]>*/
</script>
JS;
}
}
if (empty($savetext)) {
#print $formatter->macro_repl('SmileyChooser');
print macro_EditHints($formatter);
print "<div class='wikiHints'>" . _("<b>horizontal rule</b> ---- is not applied on the blog mode.") . "</div>\n";
}
if (!empty($options['button_preview']) && !empty($options['savetext'])) {
if (!empty($options['title'])) {
$formatter->send_page("== {$options['title']} ==\n");
}
$formatter->send_page($savetext);
}
$formatter->send_footer("", $options);
return;
}
function do_ticket($formatter, $options)
{
global $DBInfo;
$word_length = 4;
if (!empty($options['__seed'])) {
// check seed
// check referer
$passwd = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], $word_length);
} else {
$options['title'] = _("Invalid use of ticket");
do_invalid($formatter, $options);
return;
}
if (!empty($DBInfo->gdfontpath)) {
putenv('GDFONTPATH=' . $DBInfo->gdfontpath);
} else {
// set default GDFONTPATH
$old = getenv('GDFONTPATH');
$path = $DBInfo->data_dir;
if ($old) {
$path = $old . ':' . $new;
}
putenv('GDFONTPATH=' . $path);
}
if (function_exists('ImageTtfText')) {
while (!empty($DBInfo->ticket_font)) {
if (is_numeric($DBInfo->ticket_font)) {
break;
}
$FONT = $DBInfo->ticket_font;
//$FONT="/home/foobar/data/PenguinAttack.ttf";
if ($FONT[0] == '/' and !file_exists($FONT)) {
$use_ttf = 0;
} else {
$FONT = $DBInfo->ticket_font;
$use_ttf = 1;
}
break;
}
}
if (!empty($use_ttf)) {
$pointsize = !empty($DBInfo->ticket_font_size) ? $DBInfo->ticket_font_size : 16;
$angle = 0;
//$size = Imagettfbbox($pointsize, 0, $FONT, $passwd);
// XXX segfault :(
$margin = $pointsize / 2;
$size = array(0, 0, 0, 20, 65);
//$size=array(0,0,0,20,50);
//$w=$size[4]+20; # margin=20 ?
$w = $pointsize * $word_length + $margin;
$h = $pointsize + $margin;
if ($DBInfo->use_ticket & 23) {
$h += $pointsize / 3;
}
} else {
$FONT = 5;
// giant
if (!empty($DBInfo->ticket_gdfont)) {
$FONT = $DBInfo->ticket_gdfont;
}
$w = imagefontwidth($FONT) * strlen($passwd) + 10;
$h = imagefontheight($FONT);
$pointsize = $h;
$h += 10;
}
$im = ImageCreate($w, $h);
$color = array();
if (isset($DBInfo->captcha_bgcolor) and preg_match('/^#[0-9a-fA-F]$/', $DBInfo->captcha_bgcolor)) {
$r = substr($DBInfo->captcha_bgcolor, 1, 2);
$g = substr($DBInfo->captcha_bgcolor, 3, 2);
$b = substr($DBInfo->captcha_bgcolor, 5, 2);
$color[] = ImageColorAllocate($im, hexdec($r), hexdec($g), hexdec($b));
// background
} else {
$color[] = ImageColorAllocate($im, 240, 240, 240);
// default background
}
$color[] = ImageColorAllocate($im, 0, 0, 0);
// black
$color[] = ImageColorAllocate($im, 255, 255, 255);
// white
$pen = rand(3, 19);
$pen1 = rand(3, 19);
for ($i = 0; $i < 18; $i++) {
$color[] = ImageColorAllocate($im, rand(100, 200), rand(100, 200), rand(100, 200));
}
if (!empty($use_ttf)) {
$sx = $margin;
$sy = $margin / 2 + $pointsize;
ImageTtfText($im, $pointsize, $angle, $sx, $sy + 1, $color[$pen], $FONT, $passwd);
ImageTtfText($im, $pointsize, $angle, $sx + 1, $sy, $color[$pen], $FONT, $passwd);
} else {
ImageString($im, $FONT, 5, 3, $passwd, $color[$pen]);
ImageString($im, $FONT, 4, 4, $passwd, $color[$pen]);
}
$grad = '';
if ($DBInfo->use_ticket & 8) {
$grad = 1;
}
if ($DBInfo->use_ticket & 4) {
_effect_distort($im, $pointsize, $grad);
} else {
if ($DBInfo->use_ticket & 16) {
_effect_distort($im, $pointsize, $grad, 1);
}
}
if ($DBInfo->use_ticket & 1) {
_effect_blur($im, $color, 1, 1);
}
if ($DBInfo->use_ticket & 2) {
_effect_grid($im, $color, $pen1);
}
if (function_exists("imagepng")) {
header("Content-Type: image/png");
imagepng($im);
} else {
if (function_exists("imagegif")) {
header("Content-Type: image/gif");
imagegif($im);
} else {
if (function_exists("imagejpeg")) {
$jpeg_quality = 5;
header("Content-Type: image/jpeg");
imagejpeg($im, null, $jpeg_quality);
}
}
}
ImageDestroy($im);
}
<?php
header("content-type:text/html;charset=utf-8");
$cfg = array('appid' => "wx6b3d0038bcd9f337", 'appsecret' => "d4624c36b6795d1d99dcf0547af5443d");
$access_token = getAccessToken($cfg['appid'], $cfg['appsecret']);
$tempewm = '{"expire_seconds": 604800, "action_name": "QR_SCENE", "action_info": {"scene": {"scene_id": 1234}}}';
$ticket = getTicket($access_token, $tempewm);
//创建临时二维码票据
//用ticket换取二维码图片
$url2 = "https://mp.weixin.qq.com/cgi-bin/showqrcode?ticket=" . urlencode($ticket);
$imageInfo = downloadWeixinFile($url2);
$filename = "qrcode.jpg";
$local_file = fopen($filename, 'w');
if (false !== $local_file) {
if (false !== fwrite($local_file, $imageInfo["body"])) {
echo '<img src="' . $filename . '" />';
fclose($local_file);
}
}
function downloadWeixinFile($url)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_NOBODY, 0);
//只取body头
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$package = curl_exec($ch);
$httpinfo = curl_getinfo($ch);
curl_close($ch);
function User_xe17($id = '')
{
global $Config;
parent::WikiUser($id);
$cookie_id = $this->id != 'Anonymous' ? $this->id : '';
// set xe_root_dir config option
$xe_root_dir = !empty($Config['xe_root_dir']) ? $Config['xe_root_dir'] : dirname(__FILE__) . '/../../../xe';
// default xe_root_dir is 'xe' subdirectory of the parent dir of the moniwiki
$sessid = session_name();
// PHPSESSID
// set the session_id() using saved cookie
if (isset($_COOKIE[$sessid])) {
session_id($_COOKIE[$sessid]);
}
// do not use cookies for varnish cache server
ini_set("session.use_cookies", 0);
session_cache_limiter('');
// Cache-Control manually for varnish cache
session_start();
// is it a valid user ?
$udb = new UserDB($Config);
$user = $udb->getUser($cookie_id);
$update = false;
if (!empty($cookie_id)) {
// not found
if ($user->id == 'Anonymous') {
$this->setID('Anonymous');
$update = true;
$cookie_id = '';
} else {
// check ticket
$ticket = getTicket($user->id, $_SERVER['REMOTE_ADDR']);
if ($this->ticket != $ticket) {
// not a valid user
$this->ticket = '';
$this->setID('Anonymous');
$update = true;
//$cookie_id = '';
} else {
// OK good user
$this->setID($cookie_id);
$id = $cookie_id;
$this->nick = $user->info['nick'];
$this->tz_offset = $user->info['tz_offset'];
$this->info = $user->info;
$this->ticket = $ticket;
}
}
} else {
// empty cookie
$update = true;
}
if ($update && !empty($_SESSION['is_logged'])) {
// init XE17, XE18
define('__XE__', true);
require_once $xe_root_dir . "/config/config.inc.php";
$context =& Context::getInstance();
$this->xe_context_init($context);
// simplified init context method
// $context->init(); // slow slow
$oMemberModel =& getModel('member');
$oMemberController =& getController('member');
$oMemberController->setSessionInfo();
$member = new memberModel();
$xeinfo = $member->getLoggedInfo();
$id = $xeinfo->user_id;
$user = $udb->getUser($id);
// get user info again
// not a registered user ?
if ($user->id == 'Anonymous' || $update || empty($user->info['nick'])) {
// check groups
$groups = array_keys($xeinfo->group_list);
$wikigroups = array();
$group_ok = $xeinfo->is_admin == 'Y' ? true : false;
if (!empty($Config['xe_allowed_groups'])) {
$allowed_groups = $Config['xe_allowed_groups'];
for ($i = 0; $i < sizeof($groups); $i++) {
if (isset($allowed_groups[$groups[$i]])) {
$group_ok = true;
$groupname = $allowed_groups[$groups[$i]];
if (!empty($groupname)) {
$wikigroups[] = $groupname;
}
}
}
} else {
$group_ok = true;
}
if ($group_ok) {
if (!empty($wikigroups)) {
$this->groups = $wikigroups;
$user->info['groups'] = implode(',', $wikigroups);
$this->info['groups'] = $user->info['groups'];
} else {
if (!empty($this->info['groups'])) {
$user->info['groups'] = '@User';
$this->info['groups'] = $user->info['groups'];
}
}
$this->setID($id);
// not found case
$this->info = $user->info;
// already registered case
$ticket = getTicket($id, $_SERVER['REMOTE_ADDR']);
// get ticket
if ($this->nick != $xeinfo->nick_name) {
$this->nick = $xeinfo->nick_name;
$this->info['nick'] = $xeinfo->nick_name;
}
if ($this->info['email'] == '') {
$this->info['email'] = $xeinfo->email_address;
}
$this->info['tz_offset'] = $this->tz_offset;
$this->ticket = $ticket;
} else {
if (!empty($cookie_id)) {
header($this->unsetCookie());
}
$this->setID('Anonymous');
$id = 'Anonymous';
}
}
} else {
// not logged in
if (empty($_SESSION['is_logged'])) {
if (!empty($cookie_id)) {
header($this->unsetCookie());
}
$this->setID('Anonymous');
$id = 'Anonymous';
}
}
if ($update || !empty($id) and $id != 'Anonymous') {
if ($cookie_id != $id) {
header($this->setCookie());
}
}
if ($update || !$udb->_exists($id)) {
if (!$udb->_exists($id)) {
if (!empty($Config['use_agreement']) && empty($this->info['join_agreement'])) {
$this->info['join_agreement'] = 'disagree';
}
}
// automatically save/register user
$dummy = $udb->saveUser($this);
}
}
function do_revoke($formatter, $options)
{
global $DBInfo;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$DBInfo->security->writable($options)) {
$options['title'] = _("Page is not writable");
return do_invalid($formatter, $options);
}
$is_new = false;
if (!$formatter->page->exists()) {
$is_new = true;
}
if ($is_new) {
$formatter->send_header('', $options);
$title = _("You can't revoke already deleted page.");
$formatter->send_title($title, '', $options);
$formatter->send_footer('', $options);
return;
}
// check revocable
$params = array();
$retval = array();
$params['retval'] =& $retval;
macro_Stat($formatter, $value, $params);
$is_ok = false;
if ($retval['first_author'] == $options['id'] || in_array($options['id'], $DBInfo->members)) {
$is_ok = true;
}
// get the site specific hash code
$ticket = $formatter->page->mtime() . getTicket($DBInfo->user->id, $_SERVER['REMOTE_ADDR']);
$hash = md5($ticket);
$formatter->send_header('', $options);
if ($is_ok && $_SERVER['REQUEST_METHOD'] == 'POST' && $hash == $options['hash']) {
// simple comment check
$comment = _stripslashes($options['comment']);
$comment = trim($comment);
$default = _("Revoke");
if (isset($comment[0]) && ($p = strpos($comment, $default)) === 0) {
$comment = substr($comment, strlen($default));
$comment = trim($comment);
$comment = ltrim($comment, ': ');
}
$options['comment'] = isset($comment[0]) ? $default . ': ' . $comment : $default;
$options['.revoke'] = true;
$ret = $DBInfo->deletePage($formatter->page, $options);
if ($ret == -1) {
if (!empty($options['retval']['msg'])) {
$title = $options['retval']['msg'];
} else {
$title = sprintf(_("Fail to revoke \"%s\""), _html_escape($formatter->page->name));
}
} else {
$title = sprintf(_("\"%s\" is successfully revoked !"), _html_escape($formatter->page->name));
}
$formatter->send_title($title, '', $options);
$formatter->send_footer('', $options);
return;
}
$pagename = $formatter->page->name;
$lab = _("Summary");
if (!$is_ok) {
$title = _("You are not the first author of this page or do not have enough revoke permission");
$formatter->send_title($title, '', $options);
$formatter->send_footer('', $options);
return;
}
if ($retval['first_author'] == $options['id']) {
$title = _("You are the first author of this page");
} else {
$title = _("Do you want to revoke this page?");
}
$formatter->send_title($title, '', $options);
$comment = _("Revoke");
print "<form method='post'>\n {$lab} : <input name='comment' size='80' value='{$comment}: ' /><br />\n";
$btn = _("Revoke page");
$msg = sprintf(_("Only WikiMaster can %s this page"), _("revoke"));
if ($DBInfo->security->is_protected("revoke", $options)) {
print _("Password") . ": <input type='password' name='passwd' size='20' value='' />\n{$msg}<br />\n";
}
print "\n <input type='hidden' name='action' value='revoke' />\n <input type='hidden' name='hash' value='{$hash}' />\n <input type='submit' value='{$btn}' />{$extra}\n </form>";
$formatter->send_footer('', $options);
return;
}
$c['row_count'] = getListRowCount($c['filter'], 'filter');
$c['pages'] = ceil($c['row_count'] / $c['r']);
$c['tickets'] = getTicketList($c['filter'], $c['ob'], $c['od'], $c['page'], $c['r'], 'filter');
if ($c['ob'] == $default_order) {
$c['ob'] = '';
}
} elseif (isset($_REQUEST['ticket'])) {
$section = 'ticket_view';
$id = checkRequest('ticket');
$rating = checkRequest('r');
if ($rating > 0) {
$message = rateTicket($uid, $id, $rating);
$c['msg_type'] = $message['success'] ? 'success' : 'error';
$c['msg'] = $message['msg'];
}
$c['ticket'] = getTicket($id);
$c['pagename'] = '#' . $c['ticket']['id'] . '. ' . $c['ticket']['title'] . ' :: Задачник';
$c['ticket']['performers'] = explode(',', $c['ticket']['performers']);
} elseif (isset($_REQUEST['save'])) {
$title = checkRequest('title');
$description = checkRequest('description');
if (isset($uid) and isset($title) and isset($description)) {
$description .= "\n\n-----\nКомпьютер:\t{$c['usercomp']}\nОС:\t\t\t{$c['useros']}\nБраузер:\t{$_SERVER['HTTP_USER_AGENT']}";
$query_add = $db->query("INSERT INTO helpdesk ( `created`, `creator`, `title`, `description` )\r\n VALUES ( NOW(), '{$uid}', '{$title}', '{$description}')");
$id = $db->insert_id();
$change_status_query = "INSERT INTO helpdesk_history (`changed`,`changer`,`ticket`,`status`)\r\n VALUES (NOW(), '{$uid}', '{$id}', '1')";
$db->query($change_status_query);
$url = "/helpdesk/client?ticket={$id}";
$c["title"] = $title;
$c["action"] = "your_ticket_created";
$c["creator"] = $c["lastname"] . " " . $c["firstname"];
function macro_login($formatter, $value = "", $options = "")
{
global $DBInfo;
$value = trim($value);
$use_js = $value == 'js';
if ($formatter->_macrocache and empty($options['call']) and !$use_js) {
return $formatter->macro_cache_repl('Login', $value);
}
if (empty($options['call']) and !$use_js) {
$formatter->_dynamic_macros['@Login'] = 1;
}
$url = $formatter->link_url('UserPreferences');
$urlpage = qualifiedUrl($formatter->link_url($formatter->page->urlname));
$return_url = $urlpage;
if (!empty($DBInfo->use_ssl_login)) {
$urlpage = preg_replace('@^http://@', 'https://', $urlpage);
}
$user =& $DBInfo->user;
# get from COOKIE VARS
$jscript = '';
$onsubmit = '';
$passwd_hidden = '';
if (!empty($DBInfo->use_safelogin)) {
$onsubmit = ' onsubmit="javascript:_chall.value=challenge.value;password.value=hex_hmac_md5(challenge.value, hex_md5(password.value))"';
$jscript .= "<script src='{$DBInfo->url_prefix}/local/md5.js'></script>";
$time_seed = time();
$chall = md5(base64_encode(getTicket($time_seed, $_SERVER['REMOTE_ADDR'], 10)));
$passwd_hidden = "<input type='hidden' name='_seed' value='{$time_seed}' />";
$passwd_hidden .= "<input type='hidden' name='challenge' value='{$chall}' />";
$passwd_hidden .= "<input type='hidden' name='_chall' />\n";
}
$id = _("ID");
$pass = _("Password");
$join = '';
if (empty($DBInfo->no_register)) {
$join = _("Join");
}
$login = _("Login");
if (!empty($formatter->lang)) {
$lang = ' lang="' . substr($formatter->lang, 0, 2) . '"';
}
$form = <<<LOGIN
<div class='wikiLogin'{$lang}>{$jscript}
<form method='post' action='{$urlpage}' {$onsubmit}>
<div>
<input type="hidden" name="action" value="userform" />
<input type="hidden" name="return_url" value="{$return_url}" />
<table border='0' cellpadding='2' cellspacing='0'>
<tr><td class='login-label'>{$id}</td><td><input type='text' name='login_id' size='10' /></td></tr>
<tr><td class='login-label'>{$pass}</td><td><input name='password' type='password' size='10' /></td></tr>
<tr><td class='login-label'><a href='{$url}'>{$join}</a></td><td class='submit'><span class='button'><input type='submit' class='button' value='{$login}' /></span>{$passwd_hidden}</td></tr>
</table>
</div>
</form>
</div>
LOGIN;
$button = _("Logout");
$option = _("UserPreferences");
$msg = sprintf(_("%s or %s"), "<a href='{$url}'>{$option}</a>", "<span class='button'><input type='submit' class='button' name='logout' value='{$button}' /></span>");
$attr = '';
if ($use_js) {
$attr = ' style="display:none"';
}
$logout = <<<LOGOUT
<div class='wikiLogout'{$attr}>
<form method='post' action='{$urlpage}'>
<input type="hidden" name="action" value="userform" />
{$msg}
</form>
</div>
LOGOUT;
if ($use_js) {
$mid = $formatter->mid++;
$url = $formatter->link_url('', '?action=login/ajax');
$js = <<<JS
<script type='text/javascript'>
/*<![CDATA[*/
(function() {
var oldOnload = window.onload;
window.onload = function(e) {
try { oldOnload(); } catch(e) {};
var url = "{$url}";
var status = HTTPGet(url);
if (status.substring(0, 4) == 'true') {
var macro = document.getElementById("macro-{$mid}");
var login = getElementsByClassName(macro, "wikiLogin")[0];
var logout = getElementsByClassName(macro, "wikiLogout")[0];
if (login) login.style.display = 'none';
if (logout) logout.style.display = 'block';
}
};
})();
/*]]>*/
</script>
JS;
return "<div id='macro-{$mid}'>" . $form . $logout . '</div>' . $js;
}
if ($options['id'] != 'Anonymous') {
return $logout;
}
return $form;
}
<script type="text/javascript" src="res/cotrip.js"></script>
</head>
<body>
<?php
require_once 'Token.php';
require_once 'Menu.class.php';
if (empty($_POST['AppID']) || empty($_POST['AppSecret'])) {
echo "非法访问";
}
$AppID = $_POST['AppID'];
$AppSecret = $_POST['AppSecret'];
$token = new Token();
$access_token = $token->getToken($AppID, $AppSecret);
if ($access_token != false) {
$ticket = getTicket($access_token);
if ($ticket != false) {
$menu = new Menu($access_token);
$res = $menu->createDefaultMenu() ? "菜单创建成功" : "菜单创建失败";
echo $res . "<br/>";
echo "以下为你的微信公众账号的永久二维码访问链接和图片,请妥善保存<br/>";
echo "<font color=\"red\">[重要提示]:由于微信服务器每天限制动态获取二维码,请不要频繁刷新本页面,以免造成微信服务器拒绝服务</font></br>";
echo "<font color=\"blue\">若要分享你的微信公众账号,请复制下面图片或者分享下面链接即可获取公众号永久二维码</font></br>";
echo "https://mp.weixin.qq.com/cgi-bin/showqrcode?ticket={$ticket}";
echo "<img src=\"https://mp.weixin.qq.com/cgi-bin/showqrcode?ticket={$ticket}\"/>";
} else {
echo "系统初始化失败,请检查微信“AppID”和“AppSecret”是否正确。";
}
}
function getTicket($access_token)
{
}
$DBInfo = new WikiDB($Config);
if (isset($options['timer']) and is_object($options['timer'])) {
$options['timer']->Check("load");
}
$lang = set_locale($Config['lang'], $Config['charset'], $Config['default_lang']);
init_locale($lang);
init_requests($options);
if (!isset($options['pagename'][0])) {
$options['pagename'] = get_frontpage($lang);
}
$DBInfo->lang = $lang;
$options['lang'] = $lang;
if (session_id() == '' and empty($Config['nosession']) and is_writable(ini_get('session.save_path'))) {
$prefix = !empty($DBInfo->session_seed) ? $DBInfo->session_seed : 'MONIWIKI';
$myseed = getTicket($prefix, $_SERVER['REMOTE_ADDR']);
$myid = $prefix . '-*-' . $myseed . '-*-' . $options['id'];
session_set_cookie_params(isset($Config['session_lifetime']) ? $Config['session_lifetime'] : 3600, get_scriptname());
// chceck some action and set expire
session_cache_limiter('');
session_name($myid);
session_start();
}
// set the s-maxage for proxy
$proxy_maxage = !empty($Config['proxy_maxage']) ? ', s-maxage=' . $Config['proxy_maxage'] : '';
// set maxage
$user_maxage = !empty($Config['user_maxage']) ? ', max-age=' . $Config['user_maxage'] : ', max-age=0';
// set the real IP address for proxy
$remote = $_SERVER['REMOTE_ADDR'];
$real = realIP();
if ($remote != $real) {
$id = checkRequest("id");
$back = checkRequest("back");
$admin_id = $admin_login['uid'];
$admin_fio = $admin_login['lastname'] . " " . $admin_login['firstname'];
if ($id != '') {
// Апдейт заявки
foreach ($c['admins'] as $admin) {
$admins[$admin['uid']] = $admin['lastname'] . " " . $admin['firstname'];
}
// foreach ($c['tags'] as $tags) $tags[$tag['id']] = $tag['name'];
// foreach ($c['categories'] as $category) $categories[$category['id']] = $category['name'];
foreach ($c['statuses'] as $status) {
$statuses[$status['id']] = $status['name'];
}
$comment = checkRequest("comment");
$old_values = $c['ticket'] = getTicket($id);
$value_names = array('access' => $ACCESS_LEVEL, 'area' => $c['areas'], 'tags' => null, 'contractor' => $admins, 'deadline' => null, 'description' => null, 'performers' => $admins, 'status' => $statuses, 'title' => null, 'type' => $tag);
foreach ($value_names as $name => $value) {
$new_value = checkRequest($name);
$old_value = $old_values[$name];
if ($new_value and $new_value != $old_value or $name == 'deadline') {
$new_values[$name] = $new_value;
if (count($new_values) > 1) {
$and = ', ';
}
if ($name == 'deadline') {
if (strlen($new_value) == 0 or $new_value == 'не указан') {
$sql_columns .= "{$and}`{$name}`=null";
} else {
$sql_columns .= "{$and}`{$name}`='" . date("Y-m-d", strtotime($new_value)) . "'";
}
function User_g4($id = '')
{
global $DBInfo;
global $g4, $member, $g4_root_dir;
parent::WikiUser($id);
if ($this->id == 'Anonymous') {
return;
}
$cookie_id = $this->id;
// setup GnuBoard
$g4_root_dir = !empty($DBInfo->g4_root_dir) ? $DBInfo->g4_root_dir : __DIR__ . '/../../../gb4';
$g4_root_url = !empty($DBInfo->g4_root_url) ? $DBInfo->g4_root_url : '/gb4';
$g5_path = array();
$g5_path['path'] = realpath($g4_root_dir);
$g5_path['url'] = $g4_root_url;
include_once "{$g4_root_dir}/config.php";
// g4 config file
ini_set("url_rewriter.tags", "");
// session settings
session_save_path("{$g4_root_dir}/data/session");
ini_set("session.use_trans_sid", 1);
// default
//ini_set("session.cache_expire", 180); //default
//ini_set("session.gc_probability", 1); // default
//ini_set("session.gc_divisor", 100); // default
session_set_cookie_params(0, "/");
if (defined('G5_VERSION')) {
ini_set("session.cookie_domain", G5_COOKIE_DOMAIN);
} else {
ini_set("session.cookie_domain", $g4['cookie_domain']);
}
// do not use cookies for varnish cache server
ini_set("session.use_cookies", 0);
// set the session_id() using saved cookie
if (isset($_COOKIE['PHPSESSID'])) {
session_id($_COOKIE['PHPSESSID']);
}
session_cache_limiter('');
// Cache-Control manually for varnish cachie
session_start();
$udb = new UserDB($DBInfo);
$user = $udb->getUser($cookie_id);
$update = false;
if (!empty($cookie_id)) {
// not found
if ($user->id == 'Anonymous') {
$this->setID('Anonymous');
$update = true;
$cookie_id = '';
} else {
// check ticket
$ticket = getTicket($user->id, $_SERVER['REMOTE_ADDR']);
if ($this->ticket != $ticket) {
// not a valid user
$this->ticket = '';
$this->setID('Anonymous');
$update = true;
$cookie_id = '';
} else {
// OK good user
$this->setID($cookie_id);
$id = $cookie_id;
$this->nick = $user->info['nick'];
$this->tz_offset = $user->info['tz_offset'];
$this->info = $user->info;
}
}
} else {
$update = true;
}
if ($update && !empty($_SESSION['ss_mb_id'])) {
// init G4
$this->g4_init();
if (!empty($member['mb_id'])) {
$id = $member['mb_id'];
$user = $udb->getUser($id);
// get user info again
// not a registered user ?
if ($user->id == 'Anonymous' || $update || empty($user->info['nick'])) {
$this->setID($id);
// not found case
$this->info = $user->info;
// already registered case
if (isset($member['mb_nick']) and $this->nick != $member['mb_nick']) {
// G4
$this->info['nick'] = $member['mb_nick'];
$this->nick = $member['mb_nick'];
} else {
if (isset($member['nick']) and $this->nick != $member['nick']) {
// G5
$this->info['nick'] = $member['nick'];
$this->nick = $member['nick'];
}
}
if ($this->info['email'] == '') {
$this->info['email'] = $member['mb_email'];
}
$this->info['tz_offset'] = $this->tz_offset;
}
}
} else {
// not logged in
if (empty($_SESSION['ss_mb_id'])) {
if (!empty($cookie_id)) {
header($this->unsetCookie());
}
$this->setID('Anonymous');
$id = 'Anonymous';
}
}
// update timezone
if ($this->tz_offset != $user->info['tz_offset']) {
$this->info['tz_offset'] = $this->tz_offset;
$update = true;
}
if ($update || !empty($id) and $id != 'Anonymous') {
if ($cookie_id != $id) {
header($this->setCookie());
}
}
if ($update || !$udb->_exists($id)) {
if (!$udb->_exists($id)) {
if (!empty($DBInfo->use_agreement) && empty($this->info['join_agreement'])) {
$this->info['join_agreement'] = 'disagree';
}
}
// automatically save/register user
$dummy = $udb->saveUser($this);
}
}
function do_comment($formatter, $options = array())
{
global $DBInfo;
if (!$DBInfo->security->writable($options)) {
$formatter->preview = 1;
$options['title'] = _("Page is not writable");
return do_invalid($formatter, $options);
} else {
if (!$DBInfo->hasPage($options['page'])) {
$options['err'] = _("You are not allowed to add a comment.");
$options['title'] = _("Page does not exists");
return do_invalid($formatter, $options);
}
}
if (!empty($options['usemeta'])) {
$use_meta = 1;
}
$cols = get_textarea_cols();
$rows = (!empty($options['rows']) and $options['rows'] > 5) ? $options['rows'] : 8;
$cols = (!empty($options['cols']) and $options['cols'] > 60) ? $options['cols'] : $cols;
$url = $formatter->link_url($formatter->page->urlname);
$button_preview = !empty($options['button_preview']) ? $options['button_preview'] : 0;
$use_any = 0;
if (!empty($DBInfo->use_textbrowsers)) {
if (is_string($DBInfo->use_textbrowsers)) {
$use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
} else {
$use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
}
}
$ok_ticket = 0;
if (empty($use_any) and !empty($DBInfo->use_ticket) and $options['id'] == 'Anonymous') {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$options['msg'] = _("Invalid ticket !");
$button_preview = 1;
}
} else {
if (!$button_preview) {
$options['msg'] = _("You need a ticket !");
}
$button_preview = 1;
}
} else {
$ok_ticket = 1;
}
if ($options['savetext']) {
$savetext = _stripslashes($options['savetext']);
$savetext = str_replace("\r", "", $savetext);
$savetext = rtrim($savetext);
#$savetext=str_replace("<","<",$savetext);
}
if (!empty($savetext) and empty($button_preview) and !empty($DBInfo->spam_filter)) {
$text = $savetext;
$fts = preg_split('/(\\||,)/', $DBInfo->spam_filter);
foreach ($fts as $ft) {
$text = $formatter->filter_repl($ft, $text, $options);
}
if ($text != $savetext) {
$button_preview = 1;
$options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki.");
}
}
if (!empty($button_preview) && !empty($options['savetext'])) {
if (empty($options['action_mode']) or $options['action_mode'] != 'ajax') {
$formatter->send_header("", $options);
$formatter->send_title(_("Preview comment"), "", $options);
$formatter->send_page($savetext . "\n----");
$options['savetext'] = $savetext;
print macro_Comment($formatter, '', $options);
print $formatter->macro_repl('EditHints');
$formatter->send_footer("", $options);
}
return false;
} else {
if (empty($savetext)) {
if (empty($options['action_mode']) or $options['action_mode'] != 'ajax') {
$formatter->send_header("", $options);
$formatter->send_title(_("Add comment"), "", $options);
print macro_Comment($formatter, '', $options);
print $formatter->macro_repl('EditHints');
$formatter->send_footer("", $options);
}
return false;
}
}
$datestamp = $options['datestamp'];
if ($formatter->page->mtime() > $datestamp) {
$options['msg'] = '';
if (empty($options['action_mode']) or $options['action_mode'] != 'ajax') {
$formatter->send_header('', $options);
$formatter->send_title(_("Error: Don't make a clone!"), '', $options);
$formatter->send_footer('', $options);
}
return false;
}
$body = $formatter->page->get_raw_body();
if ($options['id'] == 'Anonymous') {
$id = $options['name'] ? _stripslashes($options['name']) : $_SERVER['REMOTE_ADDR'];
} else {
$id = $options['id'];
}
if (!empty($use_meta)) {
$date = gmdate('Y-m-d H:i:s') . ' GMT';
$savetext = rtrim($savetext) . "\n";
$boundary = strtoupper(md5("COMMENT"));
# XXX
$idx = 1;
if (preg_match_all('/-{4}(?:' . $boundary . ')?\\nComment-Id:\\s*(\\d+)\\n/m', $body, $m)) {
$idx = $m[1][sizeof($m[1]) - 1] + 1;
}
if ($options['id'] != 'Anonymous') {
$id = '@USERNAME@';
}
$meta = <<<META
Comment-Id: {$idx}
From: {$id}
Date: {$date}
META;
$savetext = "----" . $boundary . "\n{$meta}\n\n{$savetext}\n";
} else {
if (!empty($options['nosig'])) {
$savetext = "----\n{$savetext}\n";
} else {
if ($options['id'] == 'Anonymous') {
$savetext = "----\n{$savetext} -- {$id} @DATE@\n";
} else {
$savetext = "----\n{$savetext} @SIG@\n";
}
}
}
while ($options['comment_id']) {
list($nth, $dum, $v) = explode(',', base64_decode($options['comment_id']), 3);
if ($v) {
$check = '[[' . $dum . '(' . $v . ')]]';
} else {
$check = '[[' . $dum . ']]';
}
if ($v) {
$check2 = '<<' . $dum . '(' . $v . ')>>';
} else {
$check2 = '<<' . $dum . '>>';
}
if (is_numeric($nth)) {
$raw = str_replace("\n", "", $body);
$chunk = preg_split("/({{{.+}}})/U", $raw, -1, PREG_SPLIT_DELIM_CAPTURE);
// FIXME
$nc = '';
$k = 1;
$i = 1;
foreach ($chunk as $c) {
if ($k % 2) {
$nc .= $c;
} else {
$nc .= "" . $i . "";
$blocks[$i] = str_replace("", "\n", $c);
++$i;
}
$k++;
}
$nc = str_replace("", "\n", $nc);
if (preg_match_all('/(?!\\!)(?:\\<\\<|\\[\\[)Comment(?:.*?)(?:\\]\\]|>>)/', $nc, $m)) {
if (count($m[0]) == 1) {
break;
}
}
$chunk = preg_split('/((?!\\!)(?:\\<\\<|\\[\\[).+(?:\\]\\]|>>))/U', $nc, -1, PREG_SPLIT_DELIM_CAPTURE);
$nnc = '';
$ii = 1;
$matched = 0;
for ($j = 0, $sz = sizeof($chunk); $j < $sz; ++$j) {
if (($j + 1) % 2) {
$nnc .= $chunk[$j];
} else {
if ($nth == $ii) {
$new = $savetext . $chunk[$j];
if ($check != $chunk[$j] and $check2 != $chunk[$j]) {
break;
}
$nnc .= $new;
$matched = 1;
} else {
$nnc .= $chunk[$j];
}
++$ii;
}
}
if (!empty($blocks)) {
$formatter->_array_callback($blocks, true);
$nnc = preg_replace_callback("/(\\d+)/", array(&$formatter, '_array_callback'), $nnc);
}
}
if (!empty($matched)) {
$body = $nnc;
}
break;
}
if (empty($matched)) {
if ($options['comment_id'] and preg_match("/^((?:\\[\\[|\\<\\<)Comment\\(" . $options['comment_id'] . "\\)(?:\\]\\]|>>))/m", $body, $m)) {
$str = $m[1];
$body = preg_replace('/' . preg_quote($str) . '/', $savetext . $str, $body, 1);
} else {
if (preg_match("/\n##Comment\n/i", $body)) {
$body = preg_replace("/\n##Comment\n/i", "\n##Comment\n{$savetext}", $body, 1);
} else {
if (preg_match("/^((\\[\\[|\\<\\<)Comment(\\([^\\)]*\\))?(\\]\\]|>>)/m", $body)) {
$body = preg_replace("/^((\\[\\[|\\<\\<)Comment(\\([^\\)]*\\))?(\\]\\]|>>))/m", $savetext . "\\1", $body, 1);
} else {
$body .= $savetext;
}
}
}
}
$formatter->page->write($body);
$DBInfo->savePage($formatter->page, "Comment added", $options);
if ($options['action_mode'] == 'ajax') {
return true;
}
$options['msg'] = sprintf(_("%s is commented successfully"), $formatter->link_tag($formatter->page->urlname, "?action=show", $options['page']));
$title = _("Comment added successfully");
$myrefresh = '';
if ($DBInfo->use_save_refresh) {
$sec = $DBInfo->use_save_refresh - 1;
$lnk = $formatter->link_url($formatter->page->urlname, "?action=show");
$myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
}
$formatter->send_header($myrefresh, $options);
$formatter->send_title($title, '', $options);
$opt['pagelinks'] = 1;
# re-generates pagelinks
$formatter->send_page('', $opt);
$formatter->send_footer('', $options);
return;
}
function do_reverse($formatter, $options = array())
{
global $DBInfo;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$DBInfo->security->writable($options)) {
$options['title'] = _("Page is not writable");
return do_invalid($formatter, $options);
}
// check full permission to edit
$full_permission = true;
if (!empty($DBInfo->no_full_edit_permission) or $options['id'] == 'Anonymous' && !empty($DBInfo->anonymous_no_full_edit_permission)) {
$full_permission = false;
}
// members always have full permission to edit
if (in_array($options['id'], $DBInfo->members)) {
$full_permission = true;
}
$is_new = false;
if (!$formatter->page->exists()) {
$is_new = true;
}
if (!$is_new and !$full_permission) {
$formatter->send_header('', $options);
$title = _("You do not have full permission to rollback this page on this wiki.");
$formatter->send_title($title, '', $options);
$formatter->send_footer('', $options);
return;
}
$pagename = $formatter->page->urlname;
$force = 1;
if (isset($_POST['rev'][0]) && $DBInfo->hasPage($options['page'])) {
$force = 0;
if ($_POST['force']) {
$force = 1;
}
}
// validate rev
$rev = isset($_POST['rev'][0]) ? $_POST['rev'] : $options['rev'];
if (!empty($rev)) {
$info = array();
if (preg_match('/^[a-zA-Z0-9\\.]+$/', $rev)) {
$info = $formatter->page->get_info($rev);
}
if (empty($info[0])) {
// no version found
unset($rev);
unset($options['rev']);
unset($_POST['rev']);
}
}
// check ticket
$ticket = getTicket($formatter->page->mtime() . $options['id'] . $_SERVER['REMOTE_ADDRESS']);
if ($force and !empty($pagename) and !empty($_POST['rev']) and $ticket == $options['ticket']) {
// simple comment check
$comment = trim($options['comment']);
$default = sprintf(_("Rollback to revision %s"), $rev);
if (isset($comment[0]) && ($p = strpos($comment, $default)) === 0) {
$comment = substr($comment, strlen($default));
$comment = trim($comment);
$comment = ltrim($comment, ': ');
}
$comment = isset($comment[0]) ? $default . ': ' . $comment : $default;
// get current revision
$current_body = $formatter->page->_get_raw_body();
// get old revision
$body = $formatter->page->get_raw_body($options);
if ($body == $current_body) {
$title = sprintf(_("No change found."));
} else {
if ($body == '') {
$title = sprintf(_("Empty Page!"));
} else {
$options['.reverted'] = 1;
$formatter->page->write($body);
$ret = $DBInfo->savePage($formatter->page, $comment, $options);
if ($ret != -1) {
$title = sprintf(_("%s is successfully rollbacked."), _html_escape($page->name));
} else {
$title = sprintf(_("Failed to rollback %s page"), _html_escape($page->name));
}
}
}
$formatter->send_header('', $options);
$formatter->send_title($title, '', $options);
$formatter->send_footer('', $options);
return;
}
$extra = '';
if (empty($options['rev'])) {
$title = _("Please select old revision to revert.");
} else {
if ($DBInfo->hasPage($formatter->page->name)) {
if ($_POST['rev']) {
$title = sprintf(_("Please check force overwrite to revert %s revision."), $rev);
} else {
$title = sprintf(_("Are you really want to overwrite %s page to %s revision ?"), $options['page'], $rev);
}
$extra = '<input type="checkbox" name="force" />' . _("Force overwrite") . '<br />';
} else {
$title = sprintf(_("Are you really want to revert %s page to %s revision ?"), $options['page'], $rev);
}
}
$formatter->send_header('', $options);
$formatter->send_title($title, '', $options);
if ($rev) {
$msg = _("Summary");
$btn = _("Revert page");
$comment = sprintf(_("Rollback to revision %s"), $rev);
$hidden = '<input type="hidden" name="ticket" value="' . $ticket . '" />';
echo "<form method='post'>\n", "<span>{$msg}: </span><input name='comment' size='80' maxlength='80' value='{$comment}: ' />\n", "<input type='hidden' name='action' value='reverse' />\n", "<input type='hidden' name='rev' value='" . $rev . "' />\n", $hidden, "<br /><input type='submit' value='{$btn}' />{$extra}\n", "</form>";
}
$params = array();
$params['page'] = $options['page'];
$params['info_actions'] = array('recall' => 'view', 'reverse' => 'revert');
$params['title'] = '<h3>' . sprintf(_("Old Revisions of the %s"), _html_escape($formatter->page->name)) . '</h3>';
echo $formatter->macro_repl('Info', '', $params);
$formatter->send_footer('', $options);
}
}
$query_upd = $db->query("UPDATE helpdesk SET `comments`='{$new_comment}' WHERE `id`='{$ticket_id}'");
if ($query_upd) {
$result['success'] = true;
$result['msg'] = 'Комментарий сохранён';
}
// Если комментарий клиентский, уведомить исполнителей
if (!isAdmin($users, $admin_id)) {
require_once "../vendor/autoload.php";
// Twig инициализация
Twig_Autoloader::register();
$loader = new Twig_Loader_Filesystem("../templates");
// Twig папка с шаблонами
$twig = new Twig_Environment($loader, array("cache" => ""));
// Twig no cache
$c = getTicket($ticket_id);
$c["action"] = "user_add_comment";
$c["changer"] = getFullname($users, $admin_id);
$performers = explode(",", $c["performers"]);
foreach ($performers as $performer) {
$mailto[$performer] = $users[$performer]["email"];
}
$c['comment'] = $text;
$user_email_body = $twig->render("helpdesk/user_email.twig", $c);
email($mailto, "Заявка #{$ticket_id}. \"" . $c["title"] . "\": новый комментарий", $user_email_body);
}
break;
case "rateTicket":
$ticket = check_string($_REQUEST['ticket'], 'digits');
$rating = check_string($_REQUEST['rating'], 'digits');
$result = rateTicket($admin_login["uid"], $ticket, $rating);
function setCookie()
{
global $Config;
if ($this->id == "Anonymous") {
return false;
}
if (($sessid = session_id()) == '') {
// no session used. IP dependent.
$ticket = getTicket($this->id, $_SERVER['REMOTE_ADDR']);
} else {
// session enabled case. use session.
$ticket = md5($this->id . $sessid);
}
$this->ticket = $ticket;
# set the fake cookie
$_COOKIE['MONI_ID'] = $ticket . '.' . urlencode($this->id);
if (!empty($this->info['nick'])) {
$_COOKIE['MONI_NICK'] = $this->info['nick'];
}
$domain = '';
if (!empty($Config['cookie_domain'])) {
$domain = '; Domain=' . $Config['cookie_domain'];
}
if (!empty($Config['cookie_path'])) {
$path = '; Path=' . $Config['cookie_path'];
} else {
$path = '; Path=' . dirname(get_scriptname());
}
return "Set-Cookie: MONI_ID=" . $ticket . '.' . urlencode($this->id) . '; expires=' . gmdate('l, d-M-Y H:i:s', time() + $this->cookie_expires) . ' GMT ' . $path . $domain;
}
function do_userform($formatter, $options)
{
global $DBInfo;
$user =& $DBInfo->user;
# get cookie
$id = !empty($options['login_id']) ? $options['login_id'] : '';
$use_any = 0;
if (!empty($DBInfo->use_textbrowsers)) {
if (is_string($DBInfo->use_textbrowsers)) {
$use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
} else {
$use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
}
}
$options['msg'] = '';
# e-mail conformation
if (!empty($options['ticket']) and $id and $id != 'Anonymous') {
$userdb =& $DBInfo->udb;
$suspended = false;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
} else {
if ($userdb->_exists($id, 1)) {
// suspended user
$suspended = true;
$user = $userdb->getUser($id, 1);
}
}
if ($user->id == $id) {
if ($user->info['eticket'] == $options['ticket']) {
list($dummy, $email) = explode('.', $options['ticket'], 2);
$user->info['email'] = $email;
$user->info['eticket'] = '';
if ($suspended) {
if (empty($DBInfo->register_confirm_admin)) {
$userdb->activateUser($id);
$userdb->saveUser($user);
} else {
$userdb->saveUser($user, array('suspended' => 1));
}
} else {
$userdb->saveUser($user);
}
$title = _("Successfully confirmed");
$options['msg'] = _("Your e-mail address is confirmed successfully");
if (!empty($DBInfo->register_confirm_admin)) {
$options['msg'] .= "<br />" . _("Your need to wait until your ID activated by admin");
}
} else {
if ($user->info['nticket'] == $options['ticket']) {
$title = _("Successfully confirmed");
$user->info['nticket'] = '';
$user->info['password'] = $user->info['npassword'];
$user->info['npassword'] = '';
$userdb->saveUser($user);
$options['msg'] = _("Your new password is confirmed successfully");
} else {
$title = _("Confirmation missmatched !");
$options['msg'] = _("Please try again to register your e-mail address");
}
}
} else {
if ($suspended) {
$title = _("Please wait until your ID is confirmed by admin!");
} else {
$title = _("ID does not exist !");
}
$options['msg'] = _("Please try again to register your e-mail address");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return '';
}
$title = '';
if ($user->id == "Anonymous" and !empty($options['emailreset'])) {
setcookie('MONI_VERIFIED_EMAIL', '', time() - 3600, get_scriptname());
$options['msg'] .= '<br />' . _("Verification E-mail removed.");
$options['verifyemail'] = '';
$user->verified_email = '';
} else {
if ($user->id == "Anonymous" and !empty($options['login']) and !empty($options['verify_email'])) {
$email = base64_decode($options['login']);
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $email, 10));
if ($ticket == $options['verify_email']) {
$options['msg'] .= '<br />' . _("Your email address is successfully verified.");
$user->verified_email = $email;
setcookie('MONI_VERIFIED_EMAIL', $email, time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$options['msg'] .= '<br />' . _("Verification missmatched.");
}
} else {
if ($user->id == "Anonymous" and $options['verify'] == _("Verify E-mail address") and !empty($DBInfo->anonymous_friendly) and !empty($options['verifyemail'])) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['verifyemail'])) {
if (($ret = verify_email($options['verifyemail'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
if (!empty($DBInfo->verify_email)) {
if ($DBInfo->verify_email == 1) {
$options['msg'] .= '<br/>' . _("Your email address is successfully verified.");
setcookie('MONI_VERIFIED_EMAIL', $options['verifyemail'], time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$opts = array();
$opts['subject'] = "[{$DBInfo->sitename}] " . _("Verify Email address");
$opts['email'] = $options['verifyemail'];
$opts['id'] = 'nobody';
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $opts['email'], 10));
$enc = base64_encode($opts['email']);
$body = qualifiedUrl($formatter->link_url('UserPreferences', "?action=userform&login={$enc}&verify_email={$ticket}"));
$body = _("Please confirm your e-mail address") . "\n" . $body . "\n";
$ret = wiki_sendmail($body, $opts);
$options['msg'] .= '<br/>' . _("E-mail verification mail sent");
}
}
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and isset($options['password']) and !isset($options['passwordagain'])) {
if (method_exists($user, 'login')) {
$user->login($formatter, $options);
$params = array();
$params['value'] = $options['page'];
do_goto($formatter, $params);
return;
}
# login
$userdb = $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
$login_ok = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['challenge']) and $options['_chall'] == $options['challenge']) {
#print '<pre>';
#print $options['password'].'<br />';
#print hmac($options['challenge'],$user->info['password']);
#print '</pre>';
if (hmac($options['challenge'], $user->info['password']) == $options['password']) {
$login_ok = 1;
}
} else {
# with no javascript browsers
$md5pw = md5($options['password']);
if ($md5pw == $user->info['password']) {
$login_ok = 1;
}
}
}
if ($login_ok or $user->checkPasswd($options['password']) === true) {
$options['msg'] = sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
if ($user->id == 'Anonymous') {
// special case. login success but ID is not acceptable
$options['msg'] = _("Invalid user ID. Please register again");
} else {
$formatter->header($user->setCookie());
if (!isset($user->info['login_success'])) {
$user->info['login_success'] = 0;
}
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_success']++;
$user->info['last_login'] = gmdate("Y/m/d H:i:s", time());
$user->info['login_fail'] = 0;
// reset login
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$use_refresh = 1;
}
$DBInfo->user = $user;
} else {
$title = sprintf(_("Invalid password !"));
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_fail']++;
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$user->setID('Anonymous');
}
} else {
if (isset($options['login_id'][0])) {
if ($userdb->_exists($id, 1)) {
// suspended user
$title = sprintf(_("\"%s\" is waiting for activated by admin !"), $options['login_id']);
} else {
$title = sprintf(_("\"%s\" does not exist on this wiki !"), $options['login_id']);
}
$options['login_id'] = '';
} else {
$title = _("Make new ID on this wiki");
}
$form = macro_UserPreferences($formatter, '', $options);
}
} else {
if (!empty($options['logout'])) {
# logout
header($user->unsetCookie(), false);
if (session_name() != '') {
$path = get_scriptname();
// for moniwiki internal
header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $path, false);
// for some user plugins
$params = session_get_cookie_params();
header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $params['path'], false);
}
// call logout method
if (method_exists($user, 'logout')) {
$user->logout($formatter, $options);
} else {
$options['msg'] = _("Cookie deleted !");
}
$user->id = 'Anonymous';
$DBInfo->user = $user;
$use_refresh = 1;
} else {
if (!empty($DBInfo->use_sendmail) and $options['login'] == _("E-mail new password") and $user->id == "Anonymous" and !empty($options['email']) and !empty($options['login_id'])) {
# email new password
$title = '';
if (!$use_any and $DBInfo->use_ticket) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$userdb =& $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
}
if ($ok_ticket and $user->id != "Anonymous") {
if ($options['email'] == $user->info['email'] and $user->info['eticket'] == '') {
#make new password
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$old_passwd = $user->info['password'];
if ($DBInfo->use_safelogin) {
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($mypass, $mypass);
}
$new_passwd = $user->info['password'];
$user->info['password'] = $old_passwd;
$user->info['npassword'] = $new_passwd;
#make ticket
$ticket = md5(time() . $user->id . $options['email']);
$user->info['nticket'] = $ticket . "." . $options['email'];
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$userdb->saveUser($user);
# XXX
$opts['subject'] = "[{$DBInfo->sitename}] " . _("New password confirmation");
$opts['email'] = $options['email'];
$opts['id'] = 'nobody';
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your new password") . "\n" . $body . "\n";
$body .= sprintf(_("Your new password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
$ret = wiki_sendmail($body, $opts);
if (is_array($ret)) {
$title = _("Fail to e-mail notification !");
$options['msg'] = $ret['msg'];
} else {
$title = _("New password is sent to your e-mail !");
$options['msg'] = _("Please check your e-mail");
}
} else {
if ($options['email'] != $user->info['email']) {
$title = _("Fail to e-mail notification !");
$options['msg'] = _("E-mail mismatch !");
} else {
$title = _("Invalid request");
$options['msg'] = _("Please confirm your e-mail address first !");
}
}
} else {
if (!$ok_ticket) {
$title = _("Invalid ticket !");
} else {
$title = _("ID and e-mail mismatch !");
}
$options['msg'] = _("Please try again or make a new profile");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return;
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and ($options['password'] and $options['passwordagain'] or $DBInfo->use_safelogin and $options['email'])) {
# create profile
$title = '';
if (!$use_any and !empty($DBInfo->use_ticket)) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$id = $user->getID($options['login_id']);
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $id)) {
if (($ret = verify_email($id)) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
$options['email'] = $id;
$user->setID($id);
}
} else {
if (!preg_match("/\\//", $id)) {
$user->setID($id);
}
}
// protect http:// style id
if (!empty($DBInfo->use_agreement) and empty($options['joinagreement'])) {
$title = _("Please check join agreement.");
} else {
if ($ok_ticket and $user->id != "Anonymous") {
if (!empty($DBInfo->use_safelogin)) {
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($options['password'], $options['passwordagain']);
}
if (!empty($DBInfo->password_length) and strlen($options['password']) < $DBInfo->password_length) {
$ret = 0;
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password!");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
} else {
if ($ret < 8 and empty($DBInfo->use_safelogin)) {
$options['msg'] = _("Your password is too simple to use as a password !");
}
$udb = $DBInfo->udb;
if ($options['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$options['email'] = '';
// reset email address
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Can't verify E-mail address! Please check your email address.");
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
}
if ($udb->isNotUser($user)) {
if (!empty($DBInfo->no_register)) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
$title = sprintf(_("Successfully added as '%s'"), _html_escape($user->id));
$options['id'] = $user->id;
$ticket = md5(time() . $user->id . $options['email']);
$user->info['eticket'] = $ticket . "." . $options['email'];
if (!empty($DBInfo->use_safelogin)) {
$options['msg'] = sprintf(_("Successfully added as '%s'"), $user->id);
$options['msg'] .= '<br />' . _("Please check your mailbox");
}
$args = array();
if ($options['email'] == $id or !empty($DBInfo->register_confirm_email)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
if (!empty($options['msg'])) {
$options['msg'] .= '<br />';
}
$options['msg'] .= _("Your need to wait until your ID activated by admin");
}
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
if (empty($DBInfo->use_safelogin) && empty($args['suspended'])) {
$formatter->header($user->setCookie());
}
$ret = $udb->addUser($user, $args);
# XXX
if (!empty($options['email']) and preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = '';
if (!empty($DBInfo->email_register_header) and file_exists($DBInfo->email_register_header)) {
$body = file_get_contents($DBInfo->email_register_header);
$body = str_replace(array('@sitename@'), array($DBInfo->sitename), $body);
}
$body .= _("Please confirm your email address") . "\n\n";
$body .= qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body .= "\n";
if (!empty($DBInfo->use_safelogin)) {
$body .= "\n" . sprintf(_("Your initial password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
}
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] .= $ret['msg'];
} else {
$options['msg'] .= '<br/>' . _("Confirmation E-mail sent");
}
}
} else {
# already exist user
$user = $udb->getUser($user->id);
if ($user->checkPasswd($options['password']) === true) {
$options['msg'] .= sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
$formatter->header($user->setCookie());
$udb->saveUser($user);
# XXX
} else {
$title = _("Invalid password !");
}
}
}
} else {
if (empty($title)) {
$title = _("Invalid username !");
}
}
}
} else {
if ($user->id != "Anonymous") {
# save profile
$udb =& $DBInfo->udb;
$userinfo = $udb->getUser($user->id);
if (!empty($options['password']) and !empty($options['passwordagain'])) {
$chall = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['_chall'])) {
$chall = $options['challenge'];
} else {
$chall = rand(100000);
$options['password'] = hmac($chall, $options['password']);
}
}
//echo 'chall=',$chall,' ',$options['password'];
if ($userinfo->checkPasswd($options['password'], $chall) === true) {
if ($DBInfo->use_safelogin) {
$mypass = md5($options['passwordagain']);
// XXX
$ret = $userinfo->setPasswd($mypass, $mypass, 1);
} else {
$ret = $userinfo->setPasswd($options['passwordagain']);
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password !");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
$options['msg'] = _("Password is not changed !");
} else {
$title = _("Password is changed !");
if ($ret < 8) {
$options['msg'] = _("Password is too simple to use as a password !");
}
}
} else {
$title = _("Invalid password !");
$options['msg'] = _("Password is not changed !");
}
}
if (isset($options['user_css'])) {
$userinfo->info['css_url'] = $options['user_css'];
}
if (isset($options['timezone'])) {
list($hour, $min) = explode(':', $options['timezone']);
$min = $min * 60;
$min = $hour < 0 ? -1 * $min : $min;
$tz_offset = $hour * 3600 + $min;
$userinfo->info['tz_offset'] = $tz_offset;
}
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$userinfo->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$userinfo->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$button_check_email_again = !empty($options['button_check_email_again']) ? 1 : 0;
if ($button_check_email_again and !empty($userinfo->info['eticket'])) {
list($dummy, $email) = explode('.', $userinfo->info['eticket'], 2);
if (!empty($email)) {
$options['email'] = $email;
}
}
if (!empty($options['email']) and $options['email'] != $userinfo->info['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br />' . _("Invalid email address or can't verify it.");
} else {
$ticket = md5(time() . $userinfo->info['id'] . $options['email']);
$userinfo->info['eticket'] = $ticket . "." . $options['email'];
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your email address") . "\n" . $body;
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] = $ret['msg'];
} else {
$options['msg'] = _("E-mail confirmation mail sent");
}
}
} else {
$options['msg'] = _("Your email address is not valid");
}
}
if (!empty($userinfo->info['idtype']) and $userinfo->info['idtype'] == 'openid' and isset($options['nick']) and $options['nick'] != $userinfo->info['nick']) {
$nick = $userinfo->getID($options['nick']);
// nickname check XXX
if (!$udb->_exists($nick)) {
$userinfo->info['nick'] = $nick;
} else {
$options['msg'] = _("Your Nickname already used as ID in this wiki");
}
}
$udb->saveUser($userinfo);
#$options['css_url']=$options['user_css'];
if (!isset($options['msg'])) {
$options['msg'] = _("Profiles are saved successfully !");
}
} else {
if ($user->id == "Anonymous" and isset($options['openid_url'])) {
# login with openid
include_once 'lib/openid.php';
session_start();
$process_url = qualifiedUrl($formatter->link_url("UserPreferences", "?action=userform"));
$trust_root = qualifiedUrl($formatter->link_url(""));
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_url']);
$openid->SetTrustRoot($trust_root);
$openid->SetRequiredFields(array('nickname', 'email', 'fullname'));
$openid->SetOptionalFields(array('language', 'timezone'));
if ($openid->GetOpenIDServer()) {
$openid->SetApprovedURL($process_url);
// Send Response from OpenID server to this script
$openid->Redirect();
// This will redirect user to OpenID Server
return;
} else {
$error = $openid->GetError();
#echo "ERROR CODE: " . $error['code'] . "<br>";
#echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
}
} else {
if (!empty($options['openid_mode']) and $options['openid_mode'] == 'id_res') {
// OpenID result
include_once 'lib/openid.php';
if (!preg_match('/utf-?8/i', $DBInfo->charset)) {
$options['openid_sreg_nickname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_nickname']);
$options['openid_sreg_fullname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_fullname']);
}
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_identity']);
$openid_validation_result = $openid->ValidateWithServer();
if ($openid_validation_result == true) {
// OK HERE KEY IS VALID
$userdb =& $DBInfo->udb;
// XXX
$user->setID($options['openid_identity']);
// XXX
if (!empty($options['openid_language'])) {
$user->info['language'] = strtolower($options['openid_sreg_language']);
}
//$user->info['tz_offset']=$options['openid_timezone'];
if ($userdb->_exists($options['openid_identity'])) {
$user = $userdb->getUser($options['openid_identity']);
$user->info['idtype'] = 'openid';
$options['msg'] .= sprintf(_("Successfully login as '%s' via OpenID."), $options['openid_identity']);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
// always save
} else {
if (!empty($DBInfo->no_register) and $DBInfo->no_register == 1) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
if ($options['openid_sreg_nickname']) {
$nick = $user->getID($options['openid_sreg_nickname']);
if (!$userdb->_exists($nick)) {
$user->info['nick'] = $nick;
} else {
$options['msg'] = sprintf(_("Your Nickname %s already used as ID in this Wiki."), $nick);
}
}
$user->info['email'] = $options['openid_sreg_email'];
$user->info['idtype'] = 'openid';
$userdb->addUser($user);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
$options["msg"] .= sprintf(_("OpenID Authentication successful and saved as %s."), $options['openid_identity']);
}
$options['id'] = $user->id;
} else {
if ($openid->IsError() == true) {
// ON THE WAY, WE GOT SOME ERROR
$error = $openid->GetError();
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
} else {
// Signature Verification Failed
$options["msg"] = _("Invalid OpenID Authentication request");
echo "INVALID AUTHORIZATION";
}
}
} else {
if (!empty($DBInfo->use_agreement) and $options['login'] == _("Make profile")) {
$options['agreement'] = 1;
$form = macro_UserPreferences($formatter, '', $options);
} else {
$options["msg"] = _("Invalid request");
}
}
}
}
}
}
}
}
}
}
}
$myrefresh = '';
if (!empty($DBInfo->use_refresh) and !empty($use_refresh)) {
$sec = $DBInfo->use_refresh - 1;
if (!empty($options['return_url'])) {
$lnk = $options['return_url'];
} else {
$lnk = $formatter->link_url($formatter->page->urlname, '?action=show');
}
$myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
}
$formatter->send_header($myrefresh, $options);
$formatter->send_title($title, "", $options);
if (!$title && (empty($DBInfo->control_read) or $DBInfo->security->is_allowed('read', $options))) {
$lnk = $formatter->link_to('?action=show');
if (empty($form)) {
echo sprintf(_("return to %s"), $lnk);
} else {
echo $form;
}
} else {
if (!empty($form)) {
print $form;
}
# else $formatter->send_page("Goto UserPreferences");
}
$formatter->send_footer("", $options);
}
function getFormHistory($mobile)
{
$value = getTicket($mobile);
$con = mysql_connect(Callcenter_host, Callcenter_user, Callcenter_pass);
if (!$con) {
die('Could not connect callcenter database: ' . mysql_error());
}
mysql_select_db(Callcenter_db, $con);
$sql = "SELECT a.callerid AS phone, a.datetime_init AS calldate, a.duration, b.name AS agent, a.status, a.trunk, a.ticketid \n\tFROM call_entry a\n\tINNER JOIN agent b ON\n\ta.id_agent = b.id\n\twhere a.callerid = '{$mobile}'\n\tand a.status <> 'activa' \n\tORDER BY a.datetime_init DESC\n\tLIMIT 10";
$stt = array('abandonada' => 'abandoned', 'activa' => 'active', 'terminada' => 'completed', 'en-cola' => 'in-line');
$result = mysql_query($sql);
if (mysql_num_rows($result) == 0) {
} else {
$value = $value . "<br><br><td><label>10 cuộc gọi gần đây của số điện thoại này: </label></td>\n\t\t\t<TABLE BORDER='1' WIDTH='100%'>\n\t\t\t<tr>\n\t\t\t\t<td><label>Số điện thoại</label></td>\n\t\t\t\t<td><label>Ngày gọi</label></td>\n\t\t\t\t<td><label>Duration</label></td>\n\t\t\t\t<td><label>Agent</label></td>\n\t\t\t\t<td><label>Status</label></td>\n\t\t\t\t<td><label>Trunk</label></td>\n\t\t\t\t<td><label>Ticket ID</label></td>\n\t\t\t</tr>";
while ($row = mysql_fetch_array($result)) {
if ($row['ticketid'] == null) {
$ticket = 'No submit';
} else {
$ticket = "<a href='http://192.168.11.29/Ticket/Display.html?id=" . $row['ticketid'] . "' target='_blank'>" . $row['ticketid'] . "</a>";
}
$value = $value . "<tr>\n\t\t\t\t<td>" . $row['phone'] . "</td>\n\t\t\t\t<td>" . $row['calldate'] . "</td> \t\t\t\t\n\t\t\t\t<td>" . $row['duration'] . "</td>\n\t\t\t\t<td>" . $row['agent'] . "</td> \t\t\t\t\n\t\t\t\t<td>" . $stt[$row['status']] . "</td>\n\t\t\t\t<td>" . $row['trunk'] . "</td> \t\t\t\t \t\t\t\t \t\t\t\t \t\t\t\n\t\t\t\t<td>" . $ticket . "</a></td>\n\t\t\t</tr>";
}
$value = $value . "</TABLE>";
}
$sql = "SELECT a.callerid AS phone, a.datetime_init AS calldate, a.duration, b.name AS agent, a.status, a.trunk, a.ticketid \n\tFROM call_entry a\n\tINNER JOIN agent b ON\n\ta.id_agent = b.id\n\twhere a.status <> 'activa' \n\tORDER BY a.datetime_init DESC\n\tLIMIT 20";
$result = mysql_query($sql);
$value = $value . "<br><td><label>Lịch sử 20 cuộc gọi gần đây: </label></td>\n\t\t\t<TABLE BORDER='1' WIDTH='100%'>\n\t\t\t<tr>\n\t\t\t\t<td><label>Số điện thoại</label></td>\n\t\t\t\t<td><label>Ngày gọi</label></td>\n\t\t\t\t<td><label>Duration</label></td>\n\t\t\t\t<td><label>Agent</label></td>\n\t\t\t\t<td><label>Status</label></td>\n\t\t\t\t<td><label>Trunk</label></td>\n\t\t\t\t<td><label>Ticket ID</label></td>\n\t\t\t</tr>";
while ($row = mysql_fetch_array($result)) {
if ($row['ticketid'] == null) {
$ticket = 'No submit';
} else {
$ticket = "<a href='http://192.168.11.29/Ticket/Display.html?id=" . $row['ticketid'] . "' target='_blank'>" . $row['ticketid'] . "</a>";
}
$value = $value . "<tr>\n\t\t\t\t<td>" . $row['phone'] . "</td>\n\t\t\t\t<td>" . $row['calldate'] . "</td> \t\t\t\t\n\t\t\t\t<td>" . $row['duration'] . "</td>\n\t\t\t\t<td>" . $row['agent'] . "</td> \t\t\t\t\n\t\t\t\t<td>" . $stt[$row['status']] . "</td>\n\t\t\t\t<td>" . $row['trunk'] . "</td> \n\t\t\t\t<td>" . $ticket . "</td>\n\t\t\t</tr>";
}
$value = $value . "</TABLE>";
return $value;
}
/*
* Inclusion(s)
* ------------
* ~ Session
* ~ Connexion à la base
* ~ Retour (navigation)
*/
include_once "../struct/session.php";
include_once "../php/t_connex_bd.php";
include_once "../php/detail_back.php";
include_once "get_ticket.php";
$liste = "Oups ! c'est vide";
if (isset($_POST)) {
$liste = "";
foreach ($_POST as $rowpost) {
$table = getTicket($rowpost, $bdd);
foreach ($table as $row) {
$liste .= '<table id="table_print">' . '<tr>' . '<th colspan="2">' . "Titre" . '</th><th>' . "Importance" . '</th>' . '</tr>' . '<td colspan="2">' . $row['TITRE'] . '</td>' . '<td>' . $row['NOM_IMPORTANCE'] . '</td>' . '</tr><tr>' . '<th colspan="3">' . "Description" . '</th>' . '</tr><tr>' . '<td colspan="3">' . $row['DESCRIPTION'] . '</td>' . '</tr><tr>' . '<th>' . "Date ouverture" . '</th><th>' . "Lieu" . '</th>' . '<th>' . "Catégorie" . '</th>' . '</tr><tr>' . '<td>' . $row['D_OUVERTURE'] . '</td><td>' . $row['NOM_LIEU'] . '</td><td>' . $row['NOM_CATEGORIE'] . '</td>' . '</tr>';
$liste .= "</table>";
}
$liste .= '<hr>';
}
// $liste .= "<hr>";
}
?>
<!DOCTYPE html>
<html lang="fr-FR">
<head>
<?php
// Inclusion des éléments placé dans la balise <head>
include_once "../struct/head.php";
