Example #1
0
function purgeticket($msg, $id = null)
{
    global $db, $auth;
    // check id validity
    if (empty($id) || !isTicketId($id)) {
        return array('httpBadRequest', 'bad parameters');
    }
    // fetch the ticket id
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    if ($DATA === false || isTicketExpired($DATA)) {
        return array('httpNotFound', 'not found');
    }
    // check for permissions
    if (!$auth["admin"] && $DATA["user_id"] != $auth["id"]) {
        return array('httpUnauthorized', 'not authorized');
    }
    // actually purge the ticket
    ticketPurge($DATA, false);
    return array(false, false);
}
Example #2
0
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    $DATA['pass'] = empty($_POST["pass"]) ? NULL : $_POST["pass"];
    // trigger update hooks
    onTicketUpdate($DATA);
    return $DATA;
}
// fetch the ticket id and check for permissions
$DATA = false;
$id =& $_REQUEST['id'];
if (empty($id) || !isTicketId($id)) {
    $id = false;
} else {
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    if ($DATA === false || isTicketExpired($DATA) || !$auth["admin"] && $DATA["user_id"] != $auth["id"]) {
        $DATA = false;
    }
}
// handle update
if ($DATA) {
    if (validateParams($ticketEditParams, $_POST)) {
        // if update succeeds, return to listings
        if (handleUpdate($id)) {
            $DATA = false;
        }
    }
}
// resulting page
$src = array_key_exists(@$_REQUEST['src'], $pages) ? $_REQUEST['src'] : 'tlist';
if ($DATA === false) {
Example #3
0
?>
</th>
        <th data-sort="int" class="sorting-desc"><?php 
echo T_("Date");
?>
</th>
        <th data-sort="int"><?php 
echo T_("Expiration");
?>
</th>
      </tr>
    </thead>
    <tbody>
<?php 
foreach ($db->query($sql) as $DATA) {
    if (isTicketExpired($DATA)) {
        continue;
    }
    $totalSize += $DATA["size"];
    $our = $DATA["user_id"] == $auth["id"];
    $class = "file expanded " . $DATA['id'];
    if ($our) {
        $class .= " our";
    }
    echo "<tr class=\"{$class}\">";
    // selection
    echo "<td><input class=\"element checkbox\" type=\"checkbox\" name=\"sel[]\" value=\"" . $DATA['id'] . "\"/></td>";
    // tick
    echo '<td data-sort-value="' . ($DATA["downloads"] ? 1 : 0) . '">';
    if ($DATA["downloads"]) {
        echo '<img title="' . T_("Successfully downloaded") . "\" src=\"{$style}/static/tick.png\"/>";
Example #4
0
File: ticket.php Project: dg-wfk/dl 
<?php

// process a ticket
require_once "ticketfuncs.php";
// try to fetch the ticket
$id = $_REQUEST["t"];
if (!isTicketId($id)) {
    $id = false;
    $DATA = false;
} else {
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
}
$ref = "{$masterPath}?t={$id}";
if ($DATA === false || isTicketExpired($DATA)) {
    includeTemplate("{$style}/include/noticket.php", array('id' => $id));
    exit;
}
// check for password
if (hasPassHash($DATA) && !isset($_SESSION['t'][$id])) {
    if (!empty($_POST['p']) && checkPassHash('ticket', $DATA, $_POST['p'])) {
        // authorize the ticket for this session
        $_SESSION['t'][$id] = array('pass' => $_POST["p"]);
    } else {
        include "ticketp.php";
        exit;
    }
}
// fix IE total crap by moving to a new location containing the resulting file
// name in the URL (this could be improved for browsers known to work by
// starting to send the file immediately)