Example #1
0
function purgeticket($msg, $id = null)
{
    global $db, $auth;
    // check id validity
    if (empty($id) || !isTicketId($id)) {
        return array('httpBadRequest', 'bad parameters');
    }
    // fetch the ticket id
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    if ($DATA === false || isTicketExpired($DATA)) {
        return array('httpNotFound', 'not found');
    }
    // check for permissions
    if (!$auth["admin"] && $DATA["user_id"] != $auth["id"]) {
        return array('httpUnauthorized', 'not authorized');
    }
    // actually purge the ticket
    ticketPurge($DATA, false);
    return array(false, false);
}
Example #2
0
File: funcs.php Project: dg-wfk/dl 
function isGrantId($str)
{
    return isTicketId($str);
}
Example #3
0
    $sql = "UPDATE ticket SET " . join(", ", $tmp) . " WHERE id = " . $db->quote($id);
    if ($db->exec($sql) != 1) {
        return false;
    }
    // fetch defaults
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    $DATA['pass'] = empty($_POST["pass"]) ? NULL : $_POST["pass"];
    // trigger update hooks
    onTicketUpdate($DATA);
    return $DATA;
}
// fetch the ticket id and check for permissions
$DATA = false;
$id =& $_REQUEST['id'];
if (empty($id) || !isTicketId($id)) {
    $id = false;
} else {
    $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
    $DATA = $db->query($sql)->fetch();
    if ($DATA === false || isTicketExpired($DATA) || !$auth["admin"] && $DATA["user_id"] != $auth["id"]) {
        $DATA = false;
    }
}
// handle update
if ($DATA) {
    if (validateParams($ticketEditParams, $_POST)) {
        // if update succeeds, return to listings
        if (handleUpdate($id)) {
            $DATA = false;
        }
Example #4
0
require_once "pages.php";
require_once "ticketfuncs.php";
require_once "{$style}/include/style.php";
$act = "tlista";
$ref = pageLinkAct();
pageHeader();
if (isset($_REQUEST["purge"]) && !empty($_REQUEST["sel"])) {
    $list = array();
    $sel =& $_REQUEST["sel"];
    if (!is_array($sel)) {
        $sel = array($sel);
    }
    // purge immediately
    foreach ($sel as $id) {
        if (!isTicketId($id)) {
            continue;
        }
        $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
        $DATA = $db->query($sql)->fetch();
        if ($DATA === false) {
            continue;
        }
        // actually purge the ticket
        $list[] = htmlEntUTF8(ticketStr($DATA));
        ticketPurge($DATA, false);
    }
    if (count($list)) {
        infoMessage(T_("Purged"), $list);
    }
}
Example #5
0
File: ticketr.php Project: beuss/dl 
<?php

// download a ticket
require_once "ticketfuncs.php";
// fetch the ticket id
if (!isset($_SERVER["PATH_INFO"])) {
    logError("missing PATH_INFO, cannot continue");
    httpBadRequest();
}
$id = false;
if (preg_match("/^\\/([^\\/]+)/", $_SERVER["PATH_INFO"], $tmp)) {
    $id = $tmp[1];
}
if ($id === false || !isTicketId($id)) {
    logError("invalid ticket id/request");
    httpNotFound();
}
// try to fetch the id
$sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
$DATA = $db->query($sql)->fetch();
if ($DATA === false || isTicketExpired($DATA)) {
    if ($DATA === false) {
        logEvent("unknown ticket requested");
    } else {
        logTicketEvent($DATA, "expired ticket requested");
    }
    httpNotFound();
}
// check for password
if (hasPassHash($DATA) && !isset($_SESSION['t'][$id])) {
    logTicketEvent($DATA, "missing credentials", LOG_ERR);