$link_back = isset($_REQUEST['link_back']) && $_REQUEST['link_back'] != '' ? $_REQUEST['link_back'] : $_SERVER['REQUEST_URI'];
$db = new db();
switch ($task) {
case 'send':
if ($_REQUEST['message'] == '') {
$feedback .= 'Message is empty';
} else {
if ($receipient_id > 0) {
if ($db->query("SELECT * FROM messages_users WHERE user_id='{$receipient_id}'") && $db->next_record()) {
$has_permission = $GO_SECURITY->has_permission($GO_SECURITY->user_id, $db->f('acl_write'));
} else {
$has_permission = true;
}
if ($has_permission) {
$msg_id = $db->nextid("messages_messages");
$db->query("INSERT INTO messages_messages (id,user_id,sender_id,ctime, text) VALUES ('{$msg_id}','{$receipient_id}','{$GO_SECURITY->user_id}','" . get_gmt_time() . "','" . smart_addslashes($_REQUEST['message']) . "')");
$db->query("INSERT INTO messages_new (id) VALUES ('{$msg_id}')");
} else {
$feedback .= "You are not allowed to send message to the receipient";
}
} else {
$feedback .= 'You did not specify receipient';
}
}
break;
case 'delete':
if (is_array($_REQUEST['msgs'])) {
$db->query("DELETE FROM messages_messages WHERE id in (" . implode(',', $_REQUEST['msgs']) . ")");
$db->query("DELETE FROM messages_new WHERE id in (" . implode(',', $_REQUEST['msgs']) . ")");
}
break;
function sqlsecure($query, $format = "str")
{
#return str_replace('<','<',$query);
return smart_addslashes($query);
}
if ($pass1 == '' || $username == '') {
$feedback = '<font color="red">Please enter a password and a username!</font>';
} elseif (strlen($pass1) < 4) {
$feedback = '<font color="red">Password can\'t be shorter then 4 characters!</font>';
} elseif ($pass1 != $pass2) {
$feedback = '<font color="red">Passwords did not match!</font>';
} elseif (!eregi("^([a-z0-9]+)([._-]([a-z0-9]+))*[@]([a-z0-9]+)([._-]([a-z0-9]+))*[.]([a-z0-9]){2}([a-z0-9])?\$", $email)) {
$feedback = '<font color="red">Invalid E-mail address!</font>';
} else {
$GO_USERS->get_users();
$new_user_id = $GO_USERS->nextid("users");
$GO_GROUPS->query("DELETE FROM db_sequence WHERE seq_name='groups'");
$GO_GROUPS->query("DELETE FROM groups");
$admin_group_id = $GO_GROUPS->add_group($new_user_id, 'Admins');
$root_group_id = $GO_GROUPS->add_group($new_user_id, 'Everyone');
$new_user_id = $GO_USERS->add_user(smart_addslashes($username), smart_addslashes($pass1), '', '', '', '', '', 'M', '', smart_addslashes($email), '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', true, $new_user_id);
$old_umask = umask(00);
mkdir($GO_CONFIG->file_storage_path . 'users', $GO_CONFIG->create_mode);
mkdir($GO_CONFIG->file_storage_path . 'common', $GO_CONFIG->create_mode);
mkdir($GO_CONFIG->file_storage_path . 'users/' . smartstrip($username), $GO_CONFIG->create_mode);
umask($old_umask);
//grant administrator privileges
$GO_GROUPS->add_user_to_group($new_user_id, $GO_CONFIG->group_root);
$_SESSION['completed']['administrator'] = true;
}
break;
case 'license':
$_SESSION['completed']['license'] = true;
break;
case 'release_notes':
$_SESSION['completed']['release_notes'] = true;
$cellular = smart_addslashes($_POST["cellular"]); $country = smart_addslashes($_POST["country"]); $state = smart_addslashes($_POST["state"]); $city = smart_addslashes($_POST["city"]); $zip = smart_addslashes($_POST["zip"]); $address = smart_addslashes($_POST["address"]); $department = smart_addslashes($_POST["department"]); $function = smart_addslashes($_POST["function"]); $company = smart_addslashes($_POST["company"]); $work_country = smart_addslashes($_POST["work_country"]); $work_state = smart_addslashes($_POST["work_state"]); $work_city = smart_addslashes($_POST["work_city"]); $work_zip = smart_addslashes($_POST["work_zip"]); $work_address = smart_addslashes($_POST["work_address"]); $work_fax = smart_addslashes($_POST["work_fax"]); $homepage = smart_addslashes($_POST["homepage"]); require $GO_CONFIG->class_path . "/validate.class.inc"; $val = new validate(); //translate the given birthdayto gmt unix time $birthday = date_to_db_date($_POST['birthday']); $val->error_required = $error_required; $val->error_min_length = $error_min_length; $val->error_max_length = $error_max_length; $val->error_expression = $error_email; $val->error_match = $error_match_auth; $val->name = "first_name"; $val->input = $_POST['first_name']; $val->max_length = 50; $val->required = true; $val->validate_input(); $val->name = "last_name";
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
*/
require "../../Group-Office.php";
$GO_SECURITY->authenticate();
require $GO_LANGUAGE->get_base_language_file('preferences');
$return_to = $GO_CONFIG->host . 'configuration/';
$save_action = isset($_POST['save_action']) ? $_POST['save_action'] : false;
require $GO_THEME->theme_path . "header.inc";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if ($save_action) {
$mail_client = isset($_POST['mail_client']) ? $_POST['mail_client'] : "0";
$DST = isset($_POST['DST']) ? '1' : '0';
//if date formats are not present in the settings then use this default
$date_format = isset($_POST['date_format']) && $_POST['date_format'] != '' ? $_POST['date_format'] : 'd-m-Y H:i';
$GO_USERS->set_preferences($GO_SECURITY->user_id, smart_addslashes($_POST['date_format']), smart_addslashes($_POST['time_format']), smart_addslashes($_POST['thousands_seperator']), smart_addslashes($_POST['decimal_seperator']), smart_addslashes($_POST['currency']), $mail_client, $_POST['max_rows_list'], $_POST['timezone'], $DST, $_POST['start_module'], $_POST['language'], $_POST['theme'], $_POST['first_weekday']);
$save_action = false;
echo '<script type="text/javascript">';
if ($_POST['close'] == 'true') {
echo 'parent.location="' . $GO_CONFIG->host . 'index.php?return_to=' . urlencode($return_to) . '";';
} else {
echo 'parent.location="' . $GO_CONFIG->host . 'index.php?return_to=' . urlencode($_SERVER['PHP_SELF']) . '";';
}
echo '</script>';
}
}
$tabtable = new tabtable('preferences_tab', $menu_preferences, '100%', '400', '120', '', true);
$tabtable->add_tab('preferences', $menu_preferences_tab);
$tabtable->add_tab('modules', $menu_modules_tab);
?>
<form name="preferences" method="post" action="<?php
echo smartstrip($_REQUEST['query']);
}
echo '"></td></tr>';
echo '<tr><td colspan="2">';
echo '<table><tr><td>';
$button = new button($cmdSearch, 'javascript:add_users()');
echo '</td><td>';
$button = new button($cmdShowAll, "javascript:document.group.query.value='';add_users()");
echo '</td><td>';
$button = new button($cmdCancel, 'javascript:return_to_group()');
echo '</td></tr></table>';
echo '</td></tr></table>';
if (isset($_REQUEST['query'])) {
echo '<table border="0" cellpadding="3" cellspacing="0"><tr><td>';
if ($_REQUEST['query'] != '') {
$GO_USERS->search('%' . smart_addslashes($_REQUEST['query']) . '%', smart_addslashes($search_field), $GO_SECURITY->user_id);
} else {
$GO_USERS->get_authorized_users($GO_SECURITY->user_id);
}
echo '<select name="group_users[]" multiple="true" style="width: 250px;height: 200px;" class="textbox">';
while ($GO_USERS->next_record()) {
$middle_name = $GO_USERS->f('middle_name') == '' ? '' : $GO_USERS->f('middle_name') . ' ';
//$name = $GO_USERS->f('first_name').' '.$middle_name.$GO_USERS->f('last_name');
$name = $GO_USERS->f('last_name') . ' ' . $middle_name . $GO_USERS->f('first_name');
echo '<option value="' . $GO_USERS->f('id') . '">' . $name . '</option>';
}
echo '</select>';
echo '<table><tr><td>';
$button = new button($cmdAdd, 'javascript:save_add_users()');
echo '</td></tr></table>';
echo '</td></tr></table>';
header('Location: ' . $return_to);
exit;
}
}
}
} else {
if ($name == '' || $task_template_id == 0) {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} elseif ($projects->get_project_by_name($name)) {
$feedback = '<p class="Error">' . $pm_project_exists . '</p>';
} else {
$acl_read = $GO_SECURITY->get_new_acl('Project read: ' . $name);
$acl_write = $GO_SECURITY->get_new_acl('Project write: ' . $name);
if ($acl_read > 0 && $acl_write > 0) {
if ($GO_SECURITY->add_user_to_acl($GO_SECURITY->user_id, $acl_write)) {
if (!($project_id = $projects->add_project($GO_SECURITY->user_id, $name, smart_addslashes($_GET['description']), $_GET['contact_id'], smart_addslashes($_GET['comments']), $start_date, $end_date, STATUS_BEGIN, $_GET['responsible_user_id'], $_GET['probability'], $_GET['fee_id'], $_GET['budget'], $acl_read, $acl_write, $_GET['task_template_id'], $_GET['catalog']))) {
$GO_SECURITY->delete_acl($acl_read);
$GO_SECURITY->delete_acl($acl_write);
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
$is_brandnew_project = true;
$task = 'write_permissions';
$active_tab = 1;
}
} else {
$GO_SECURITY->delete_acl($acl_read);
$GO_SECURITY->delete_acl($acl_write);
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
} else {
$feedback = '<p class="Error">' . $strAclError . '</p>';
$tabtable->add_tab('write_permissions', $strWriteRights);
if ($site['acl_read'] > 0) {
$tabtable->add_tab('read_permissions', $strReadRights);
}
if ($task == 'edit_search_words') {
$tabtable->set_active_tab('search_words');
}
} else {
$tabtable = new tabtable('properties', $cms_new_site, '600', '400');
}
switch ($task) {
case 'save_search_word':
if ($_POST['close'] == 'false') {
$task = 'add_search_word';
}
$search_word_name = smart_addslashes(trim($_POST['search_word_name']));
if ($search_word_name == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
$task = 'add_search_word';
} else {
$search_word_id = isset($_POST['search_word_id']) ? $_POST['search_word_id'] : 0;
if ($search_word_id > 0) {
$search_word = $cms->get_search_word_by_name($site_id, $search_word_name);
if ($search_word && $search_word['id'] != $search_word_id) {
$feedback = '<p class="Error">' . $fbNameExists . '</p>';
$task = 'add_search_word';
} else {
$cms->update_search_word($search_word_id, $search_word_name);
}
} else {
if ($cms->get_search_word_by_name($site_id, $search_word_name)) {
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
*/
require "../../Group-Office.php";
$GO_SECURITY->authenticate();
require $GO_LANGUAGE->get_language_file('bookmarks');
$GO_MODULES->authenticate('bookmarks');
require $GO_MODULES->path . 'classes/bookmarks.class.inc';
$bookmarks = new bookmarks();
$bookmark_id = isset($_REQUEST['bookmark_id']) ? $_REQUEST['bookmark_id'] : 0;
$task = isset($_REQUEST['task']) ? $_REQUEST['task'] : '';
switch ($task) {
case 'save':
$URL = smart_addslashes(trim($_REQUEST['URL']));
$name = smart_addslashes(trim($_REQUEST['name']));
$invalid[] = "\"";
$invalid[] = "&";
$invalid[] = "?";
if (!validate_input($name, $invalid)) {
$feedback = "<p class=\"Error\">" . $invalid_chars . ": \" & ?</p>";
} else {
if ($URL != "" && $name != "") {
/*if (!eregi('(^http[s]*:[/]+)(.*)', $URL))
{
$URL= "http://".$URL;
}*/
$new_window = isset($_REQUEST['new_window']) ? $_REQUEST['new_window'] : 0;
if ($bookmark_id > 0) {
if (!$bookmarks->update_bookmark($bookmark_id, $_POST['catagory_id'], $URL, $name, $new_window)) {
$feedback = "<p class=\"Error\">" . $strSaveError . "</p>";
} else {
while ($mailbox = array_shift($subscribed)) {
if ($mail->unsubscribe($mailbox['name'])) {
$email->unsubscribe($account['id'], addslashes($mailbox['name']));
}
}
}
$sent = isset($_POST['sent']) ? smart_addslashes($_POST['sent']) : '';
$draft = isset($_POST['draft']) ? smart_addslashes($_POST['draft']) : '';
$spam = isset($_POST['spam']) ? smart_addslashes($_POST['spam']) : '';
$trash = isset($_POST['trash']) ? smart_addslashes($_POST['trash']) : '';
$email->update_folders($account['id'], $sent, $spam, $trash, $draft);
if (isset($_POST['new_name'])) {
$new_name = smart_addslashes(trim($_POST['new_name']));
$old_name = smart_addslashes(trim($_POST['old_name']));
$location = smart_addslashes(trim($_POST['location']));
if ($new_name == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} else {
if ($mail->rename_folder($old_name, $location . $new_name)) {
$email->rename_folder($account_id, $old_name, $location . $new_name);
}
}
}
}
if (isset($_POST['close']) && $_POST['close'] == 'true') {
header('Location: ' . $return_to);
exit;
}
require $GO_THEME->theme_path . "header.inc";
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '" name="email_client">';
case 'save_company':
$name = trim(smart_addslashes($_POST['name']));
$shortname = trim(smart_addslashes($_POST['shortname']));
$engname = trim(smart_addslashes($_POST['engname']));
$relation_date = smart_addslashes($_POST["relation_date"]);
$address = smart_addslashes($_POST["address"]);
$zip = smart_addslashes($_POST["zip"]);
$city = smart_addslashes($_POST["city"]);
$state = smart_addslashes($_POST["state"]);
$country = smart_addslashes($_POST["country"]);
$email = smart_addslashes($_POST["email"]);
$phone = smart_addslashes($_POST["phone"]);
$fax = smart_addslashes($_POST["fax"]);
$homepage = smart_addslashes($_POST["homepage"]);
$bank_no = smart_addslashes($_POST["bank_no"]);
$vat_no = smart_addslashes($_POST["vat_no"]);
$parent_id = $_POST['parent_id'];
$relation_date = date_to_db_date($_POST['relation_date']);
if ($name == '') {
$feedback = "<p class=\"Error\">" . $error_missing_field . "</p>";
} else {
if ($_POST['company_id'] > 0) {
$seen = array();
$seen[$_POST['company_id']] = 1;
$parent = $parent_id;
while ($parent != 0 && !isset($seen[$parent])) {
$seen[$parent] = 1;
$sql = "SELECT parent FROM ab_companies WHERE id='{$parent}'";
if ($ab->query($sql) && $ab->next_record()) {
$parent = $ab->f('parent');
}
$button = new button($cmdSearch, "javascript:search()");
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
<br />
<?php
if ($task == 'search' || $task == 'show_letter') {
if ($task == 'show_letter') {
$query = smart_addslashes($_POST['query']) . '%';
} else {
$query = '%' . smart_addslashes($_POST['query']) . '%';
}
if ($search_type == 'contacts' || $search_type == 'users') {
if ($search_type == 'users') {
$click_type = 'user';
$array_name = 'users[]';
$ab1 = new GO_USERS();
$ab1->search($query, $search_field, $GO_SECURITY->user_id);
} else {
$click_type = 'contact';
$array_name = 'contacts[]';
$ab1->search_contacts($GO_SECURITY->user_id, $query, $search_field, $ab_settings['search_addressbook_id']);
}
$search_results = '';
while ($ab1->next_record()) {
if ((!$require_email_address || $ab1->f("email") != '') && ($search_type == 'users' && $GO_SECURITY->has_permission($GO_SECURITY->user_id, $ab1->f('acl_id')) || $search_type != 'users' && ($GO_SECURITY->has_permission($GO_SECURITY->user_id, $ab1->f('acl_read')) || $GO_SECURITY->has_permission($GO_SECURITY->user_id, $ab1->f('acl_write'))))) {
exit;
}
if ($task == 'save') {
if ($file_id > 0) {
//fix for inserted iframes
$content = preg_replace("'<iframe([^>]*)/>'si", "<iframe\$1></iframe>", $_POST['content']);
$cms->update_file($file_id, smart_addslashes($_POST['name']), smart_addslashes($content), smart_addslashes($_POST['title']), smart_addslashes($_POST['description']), smart_addslashes($_POST['keywords']), $_POST['priority'], $_POST['hot_item']);
} else {
$name = smart_addslashes(trim($_POST['name']));
if ($name == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} else {
$filename = $name . '.html';
if ($cms->file_exists($folder_id, $filename)) {
$feedback = '<p class="Error">' . $fbNameExists . '</p>';
} elseif (!($file_id = $cms->add_file($folder_id, $filename, smart_addslashes($_POST['content']), '', '', '', $_POST['priority']))) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
}
}
}
if ($file_id > 0) {
$file = $cms->get_file($file_id);
$content = $file['content'];
$name = $file['name'];
$title = $file['title'];
$description = $file['description'];
$keywords = $file['keywords'];
$priority = $file['priority'];
$hot_item = $file['hot_item'];
} else {
}
break;
case 'save_template_item':
$task = 'template_item';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = trim($_POST['name']);
if ($name == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} else {
if (isset($_FILES['content_file']) && is_uploaded_file($_FILES['content_file']['tmp_name'])) {
$fp = fopen($_FILES['content_file']['tmp_name'], 'r');
$_POST['content'] = addslashes(fread($fp, $_FILES['content_file']['size']));
fclose($fp);
unlink($_FILES['content_file']['tmp_name']);
} else {
$_POST['content'] = smart_addslashes($_POST['content']);
}
$content = get_html_body($_POST['content']);
$template_item_id = isset($_POST['template_item_id']) ? $_POST['template_item_id'] : 0;
if ($template_item_id > 0) {
if ($template_item = $cms->get_template_by_name($template_id, $name) && $template_item['id'] != $template_item_id) {
$feedback = '<p class="Error">' . $fbNameExists . '</p>';
} else {
if (!$cms->update_template_item($template_item_id, $name, $_POST['content'])) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
}
} else {
if ($cms->get_template_item_by_name($template_id, $name)) {
$feedback = '<p class="Error">' . $fbNameExists . '</p>';
} else {
if (!$is_subscribed && $in_array)
{
$cms2->subscribe_site($GO_SECURITY->user_id, $cms->f('id'));
}
}
}
break;
*/
case 'configuration':
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['publish_path'])) {
$publish_path = smart_addslashes(trim($_POST['publish_path']));
if (!is_writable($publish_path)) {
$feedback = '<p class="Error">' . $cms_path_not_writable . '</p>';
} else {
$publish_url = smart_addslashes(trim($_POST['publish_url']));
if (substr($publish_path, -1) != $GO_CONFIG->slash) {
$publish_path = $publish_path . $GO_CONFIG->slash;
}
if (!eregi('(^http[s]*:[/]+)(.*)', $publish_url)) {
$publish_url = "http://" . $publish_url;
}
if (substr($publish_url, -1) != '/') {
$publish_url = $publish_url . '/';
}
$GO_CONFIG->save_setting('cms_publish_path', $publish_path);
$GO_CONFIG->save_setting('cms_publish_url', $publish_url);
}
} else {
$GO_CONFIG->delete_setting('cms_publish_path');
$GO_CONFIG->delete_setting('cms_publish_url');
}
}
require $GO_THEME->theme_path . "header.inc";
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '" name="email_client">';
echo '<input type="hidden" name="task" value="" />';
echo '<input type="hidden" name="close" value="false" />';
echo '<input type="hidden" name="return_to" value="' . $return_to . '" />';
echo '<input type="hidden" name="link_back" value="' . $link_back . '" />';
echo '<input type="hidden" name="delete_account_id" />';
$tabtable = new tabtable('accounts_list', $ml_your_accounts, '600', '300', '100', '', true);
$tabtable->print_head();
if (!function_exists('imap_open')) {
echo 'Error: the imap extension for PHP is not installed';
} else {
if (isset($_REQUEST['delete_account_id']) && $_REQUEST['delete_account_id'] > 0) {
$delete_account_id = smart_addslashes($_REQUEST['delete_account_id']);
if (!$email->delete_account($GO_SECURITY->user_id, $delete_account_id)) {
echo $strDeleteError;
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['account_id']) && $_REQUEST['delete_account_id'] < 1) {
$email->set_as_default($_POST['account_id'], $GO_SECURITY->user_id);
}
?>
<br />
<a href="account.php?return_to=<?php
echo urlencode($link_back);
?>
" class="normal"><?php
echo $ml_new_account;
?>
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
*/
require "../../Group-Office.php";
$GO_SECURITY->authenticate();
$GO_MODULES->authenticate('squirrelmail');
require $GO_MODULES->class_path . "email.class.inc";
require $GO_LANGUAGE->get_language_file('squirrelmail');
$email = new email();
$task = isset($_REQUEST['task']) ? $_REQUEST['task'] : '';
$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : 0;
$return_to = isset($_REQUEST['return_to']) && $_REQUEST['return_to'] != '' ? $_REQUEST['return_to'] : $_SERVER['HTTP_REFERER'];
if ($task == 'save_filter') {
if ($_POST['keyword'] != "" && $_POST['folder'] != "") {
if ($email->add_filter($id, smart_addslashes($_POST['field']), smart_addslashes($_POST['keyword']), smart_addslashes($_POST['folder']))) {
header('Location: ' . $return_to);
exit;
} else {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
} else {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
}
}
require $GO_THEME->theme_path . "header.inc";
$tabtable = new tabtable('filters_list', $ml_filters, '600', '300', '100', '', true);
$tabtable->print_head();
?>
<form method="POST" action="<?php
echo $_SERVER['PHP_SELF'];
}
require $GO_THEME->theme_path . "frames.inc";
exit;
}
//if form was posted user wants to login
//set cookies to remember login before headers are sent
if ($_SERVER['REQUEST_METHOD'] == "POST" || isset($_COOKIE['GO_UN']) && isset($_COOKIE['GO_PW'])) {
if ($_SERVER['REQUEST_METHOD'] != "POST") {
$remind = true;
$password = smart_addslashes($_COOKIE['GO_PW']);
$username = smart_addslashes($_COOKIE['GO_UN']);
$auth_source_key = isset($_COOKIE['GO_AUTH_SOURCE_KEY']) ? $_COOKIE['GO_AUTH_SOURCE_KEY'] : 0;
} else {
$remind = isset($_POST['remind']) ? true : false;
$username = smart_addslashes($_POST['username']);
$password = smart_addslashes($_POST['password']);
$auth_source_key = isset($_POST['auth_source_key']) ? $_POST['auth_source_key'] : 0;
}
//check if both fields were filled
if (!$username || !$password) {
$feedback = "<p class=\"Error\">" . $login_missing_field . "</p>";
} else {
SetCookie("GO_AUTH_SOURCE_KEY", $auth_source_key, time() + 3600 * 24 * 30, "/", '', 0);
$_COOKIE['GO_AUTH_SOURCE_KEY'] = $auth_source_key;
//attempt login using security class inherited from index.php
if ($GO_AUTH->login($username, $password, $auth_sources[$auth_source_key])) {
//login is correct final check if login registration was ok
if ($GO_SECURITY->logged_in == true) {
if ($remind) {
SetCookie("GO_UN", $username, time() + 3600 * 24 * 30, "/", '', 0);
SetCookie("GO_PW", $password, time() + 3600 * 24 * 30, "/", '', 0);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$first_name = smart_addslashes(trim($_POST['first_name']));
$middle_name = smart_addslashes(trim($_POST['middle_name']));
$last_name = smart_addslashes(trim($_POST['last_name']));
$initials = smart_addslashes($_POST["initials"]);
$birthday = smart_addslashes($_POST["birthday"]);
$email = smart_addslashes($_POST["email"]);
$home_phone = smart_addslashes($_POST["home_phone"]);
$fax = smart_addslashes($_POST["fax"]);
$cellular = smart_addslashes($_POST["cellular"]);
$country = smart_addslashes($_POST["country"]);
$state = smart_addslashes($_POST["state"]);
$city = smart_addslashes($_POST["city"]);
$zip = smart_addslashes($_POST["zip"]);
$address = smart_addslashes($_POST["address"]);
$company = smart_addslashes($_POST["company"]);
if ($first_name == '' || $last_name == '' || $email == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} elseif (!validate_email($email)) {
$feedback = '<p class="Error">' . $error_email . '</p>';
} else {
$mailbody = '
<html>
<head>
<title>' . $GO_CONFIG->title . '</title>
</head>
<body>
<table border="0" class="normal" cellpadding="0" cellspacing="3" width="100%">
<tr>
<td align="right" nowrap>' . $strFirstName . ': </td>
<td width="100%">' . empty_to_stripe($first_name) . '</td>
}
if ($id == 0) {
/* $nouser_link = '<p><a href="'.$GO_MODULES->full_url.
'accept.php?event_id='.$event_id.
'&member=false&email='.$participants[$i].
'" class="blue">'.$sc_accept.'</a> | <a href="'.
$GO_MODULES->url.'decline.php?event_id='.
$event_id.'&member=false&email='.$participants[$i].
'" class="blue">'.$sc_decline.'</a></p>';
*/
$nouser_link = '<p><a href="' . $GO_MODULES->full_url . 'accept.php?event_id=' . $event_id . '&member=false&email=' . $participants[$i] . '" class="blue">' . $sc_accept . '</a> | <a href="' . $GO_MODULES->full_url . 'decline.php?event_id=' . $event_id . '&member=false&email=' . $participants[$i] . '" class="blue">' . $sc_decline . '</a></p>';
$mail->Body = $mail_body . $nouser_link;
$mail->ClearAllRecipients();
$mail->AddAddress($participants[$i]);
if ($mail->Send()) {
$cal->add_participant($event_id, smart_addslashes($participants[$i]));
}
} else {
/* $user_link = '<p class="cmd"><a href="'.$GO_CONFIG->full_url.
'index.php?return_to='. urlencode($GO_MODULES->url.
'accept.php?event_id='.$event_id.'&member=true&email='.
$participants[$i]).'" class="blue">'.$sc_accept.
'</a> | <a href="'.$GO_CONFIG->full_url.
'index.php?return_to='.urlencode($GO_MODULES->url.
'decline.php?event_id='.$event_id.'&member=true&email='.
$participants[$i]).'" class="blue">'.$sc_decline.'</a></p>';
*/
$user_link = '<p class="cmd"><a href="' . $GO_CONFIG->full_url . 'index.php?return_to=' . urlencode($GO_MODULES->full_url . 'accept.php?event_id=' . $event_id . '&member=true&email=' . $participants[$i]) . '" class="blue">' . $sc_accept . '</a> | <a href="' . $GO_CONFIG->full_url . 'index.php?return_to=' . urlencode($GO_MODULES->full_url . 'decline.php?event_id=' . $event_id . '&member=true&email=' . $participants[$i]) . '" class="blue">' . $sc_decline . '</a></p>';
if ($GO_SECURITY->user_id != $id) {
$mail->Body = $mail_body . $user_link;
$mail->ClearAllRecipients();
if ($_POST['close'] == 'true') {
header('Location: ' . $return_to);
exit;
}
}
}
} else {
if ($name == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} elseif ($notes->get_note_by_name($name)) {
$feedback = '<p class="Error">' . $pm_note_exists . '</p>';
} else {
$acl_read = $GO_SECURITY->get_new_acl('note read');
$acl_write = $GO_SECURITY->get_new_acl('note write');
if ($acl_read > 0 && $acl_write > 0) {
if (!($note_id = $notes->add_note($_POST['user_id'], $_POST['contact_id'], $_POST['project_id'], addslashes($_POST['file_path']), $_POST['catagory_id'], $_POST['responsible_user_id'], $due_date, $name, smart_addslashes($_POST['content']), $acl_read, $acl_write))) {
$GO_SECURITY->delete_acl($acl_read);
$GO_SECURITY->delete_acl($acl_write);
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
if ($_POST['contact_id'] > 0) {
$addressbook = $ab->get_contact($_POST['contact_id']);
$GO_SECURITY->copy_acl($addressbook['acl_read'], $acl_read);
$GO_SECURITY->copy_acl($addressbook['acl_write'], $acl_write);
} elseif ($_POST['project_id'] > 0) {
$projects = new projects();
$project = $projects->get_project($_POST['project_id']);
$GO_SECURITY->copy_acl($project['acl_read'], $acl_read);
$GO_SECURITY->copy_acl($project['acl_write'], $acl_write);
} elseif ($_POST['file_path'] != '') {
require_once $GO_CONFIG->class_path . 'filesystem.class.inc';
}
} else {
$remind_style = '0';
$remind_time = '0';
}
if ($todo_id > 0) {
if (!$todos->update_todo($todo_id, $_POST['contact_id'], $_POST['res_user_id'], $start_time, $due_time, $status, $_POST['priority'], $completion_time, $remind_time, $remind_style, $name, smart_addslashes($_POST['description']), smart_addslashes($_POST['location']), $_POST['background'])) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
if ($_POST['close'] == 'true') {
header('Location: ' . $return_to);
exit;
}
}
} else {
if (!($todo_id = $todos->add_todo($GO_SECURITY->user_id, $_POST['contact_id'], $_POST['res_user_id'], $start_time, $due_time, $status, $_POST['priority'], $completion_time, $remind_time, $remind_style, $name, smart_addslashes($_POST['description']), smart_addslashes($_POST['location']), $_POST['background']))) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
if ($_POST['close'] == 'true') {
header('Location: ' . $return_to);
exit;
}
}
}
}
}
if ($todo_id > 0 && $task != 'save_todo') {
//get the todo
$todo = $todos->get_todo($todo_id);
$todo['start_time'] += $_SESSION['GO_SESSION']['timezone'] * 3600;
$todo['start_hour'] = date('G', $todo['start_time']);
$home_phone = smart_addslashes($_POST["home_phone"]);
$fax = smart_addslashes($_POST["fax"]);
$work_fax = smart_addslashes($_POST["work_fax"]);
$cellular = smart_addslashes($_POST["cellular"]);
$country = smart_addslashes($_POST["country"]);
$state = smart_addslashes($_POST["state"]);
$city = smart_addslashes($_POST["city"]);
$zip = smart_addslashes($_POST["zip"]);
$address = smart_addslashes($_POST["address"]);
$department = smart_addslashes($_POST["department"]);
$function = smart_addslashes($_POST["function"]);
$comment = smart_addslashes($_POST["comment"]);
if ($first_name == '' && $last_name == '') {
$feedback = "<p class=\"Error\">" . $error_missing_field . "</p>";
} else {
$company_name = isset($_POST['company_name']) ? smart_addslashes(trim($_POST['company_name'])) : '';
if (isset($_POST['company_name']) && $company_name == '') {
$company_id = 0;
} elseif ($company_name != '' && !($new_company_id = $ab->get_company_id_by_name($company_name, $addressbook_id))) {
$acl_read = $GO_SECURITY->get_new_acl('company read');
$acl_write = $GO_SECURITY->get_new_acl('company write');
if ($acl_read > 0 && $acl_write > 0 && ($company_id = $ab->add_company($addressbook_id, $GO_SECURITY->user_id, $company_name, '', '', '', '', '', '', '', '', '', '', '', '', '', '', $acl_read, $acl_write, 0))) {
if ($addressbook = $ab->get_addressbook($addressbook_id)) {
$GO_SECURITY->copy_acl($addressbook['acl_read'], $acl_read);
$GO_SECURITY->copy_acl($addressbook['acl_write'], $acl_write);
}
} else {
$GO_SECURITY->delete_acl($acl_read);
$GO_SECURITY->delete_acl($acl_write);
$feedback = "<p class=\"Error\">" . $strSaveError . "</p>";
}
$novalidate_cert = isset($_REQUEST['novalidate_cert']) ? '1' : '0';
$sent = $_POST['type'] == 'pop3' ? '' : smart_addslashes($_POST['sent']);
$draft = $_POST['type'] == 'pop3' ? '' : smart_addslashes($_POST['draft']);
$spam = $_POST['type'] == 'pop3' ? '' : smart_addslashes($_POST['spam']);
$trash = $_POST['type'] == 'pop3' ? '' : smart_addslashes($_POST['trash']);
$auto_check = isset($_POST['auto_check']) ? '1' : '0';
if (isset($_POST['account_id'])) {
if (!$email->update_account($_POST['account_id'], $_POST['type'], smart_addslashes($_POST['host']), $_POST['port'], $use_ssl, $novalidate_cert, $mbroot, smart_addslashes($_POST['user']), $_POST['pass'], smart_addslashes($_POST['name']), smart_addslashes($_POST['mail_address']), smart_addslashes($_POST['signature']), $sent, $spam, $trash, $draft, $auto_check)) {
$feedback = '<p class="Error">' . $ml_connect_failed . ' \'' . $_POST['host'] . '\' ' . $ml_at_port . ': ' . $_POST['port'] . '</p>';
$feedback .= '<p class="Error">' . $email->last_error . '</p>';
} else {
header('Location: ' . $return_to);
exit;
}
} else {
if (!($email_id = $email->add_account($GO_SECURITY->user_id, $_POST['type'], smart_addslashes($_POST['host']), $_POST['port'], $use_ssl, $novalidate_cert, $mbroot, smart_addslashes($_POST['user']), $_POST['pass'], smart_addslashes($_POST['name']), smart_addslashes($_POST['mail_address']), smart_addslashes($_POST['signature']), $sent, $spam, $trash, $draft, $auto_check))) {
$feedback = '<p class="Error">' . $ml_connect_failed . ' \'' . $_POST['host'] . '\' ' . $ml_at_port . ': ' . $_POST['port'] . '</p>' . '<p class="Error">' . $email->last_error . '</p>';
} else {
header('Location: ' . $return_to);
exit;
}
}
}
}
if (isset($_REQUEST['account_id']) && $_SERVER['REQUEST_METHOD'] != "POST") {
$account = $email->get_account($_REQUEST['account_id']);
if ($account['user_id'] != $GO_SECURITY->user_id) {
require $GO_CONFIG->root_path . "error_docs/403.inc";
require $GO_THEME->theme_path . "footer.inc";
exit;
}
<input type="hidden" name="link_back" value="<?php
echo $link_back;
?>
" />
<input type="hidden" name="account_id" value="<?php
echo $account['id'];
?>
" />
<?php
if ($account) {
if ($mail->open($account['host'], $account['type'], $account['port'], $account['username'], $GO_CRYPTO->decrypt($account['password']), $mailbox, 0, $account['use_ssl'], $account['novalidate_cert'])) {
//block email to spam folder
if (isset($_REQUEST['spam_uid']) && $_REQUEST['spam_uid'] > 0) {
$spam_folder = $account['spam'];
if ($_REQUEST['spam_address'] != '' && $spam_folder != '') {
$email->add_filter($account['id'], "sender", smart_addslashes($_REQUEST['spam_address']), addslashes($spam_folder));
$messages[] = $_REQUEST['spam_uid'];
$mail->move($spam_folder, $messages);
}
}
} else {
echo '<p class="Error">' . $ml_connect_failed . ' \'' . $account['host'] . '\' ' . $ml_at_port . ': ' . $account['port'] . '</p>';
echo '<p class="Error">' . imap_last_error() . '</p>';
require $GO_THEME->theme_path . 'footer.inc';
exit;
}
require "navigation.inc";
} else {
echo '<br /><h3>' . $ml_no_accounts . '</h3><p class="normal">' . $ml_text . '</p>';
}
echo '</form>';
require "../../Group-Office.php";
$GO_SECURITY->authenticate();
$GO_MODULES->authenticate('calendar');
require $GO_LANGUAGE->get_language_file('calendar');
require $GO_MODULES->class_path . 'calendar.class.inc';
$cal = new calendar();
$date = isset($_REQUEST['date']) ? $_REQUEST['date'] : getdate();
$year = isset($_POST['year']) ? $_POST['year'] : $date["year"];
$month = isset($_POST['month']) ? $_POST['month'] : $date["mon"];
$day = isset($_POST['day']) ? $_POST['day'] : $date["mday"];
$task = isset($_POST['task']) ? $_POST['task'] : '';
$return_to = isset($_REQUEST['return_to']) ? $_REQUEST['return_to'] : $_SERVER['HTTP_REFERER'];
$view_id = isset($_REQUEST['view_id']) ? $_REQUEST['view_id'] : 0;
$hours = array("00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23");
if ($task == 'save') {
$name = smart_addslashes(trim($_POST['name']));
if ($name != "") {
if ($view_id > 0) {
$existing_view = $cal->get_view_by_name($GO_SECURITY->user_id, $name);
if ($existing_view && $existing_view['id'] != $view_id) {
$feedback = "<p class=\"Error\">" . $sc_view_exists . "</p>";
} elseif (!$cal->update_view($view_id, $name, $_POST['view_start_hour'], $_POST['view_end_hour'], $_POST['type'])) {
$feedback = "<p class=\"Error\">" . $strSaveError . "</p>";
}
} else {
if ($cal->get_view_by_name($GO_SECURITY->user_id, $name)) {
$feedback = "<p class=\"Error\">" . $sc_view_exists . "</p>";
} else {
if (!($view_id = $cal->add_view($GO_SECURITY->user_id, $name, $_POST['view_start_hour'], $_POST['view_end_hour'], $_POST['type']))) {
$feedback = "<p class=\"Error\">" . $strSaveError . "</p>";
} else {
require "../../Group-Office.php";
$GO_SECURITY->authenticate();
$GO_MODULES->authenticate('projects');
require $GO_LANGUAGE->get_language_file('projects');
require $GO_MODULES->class_path . "projects.class.inc";
$projects = new projects();
$fee_id = isset($_REQUEST['fee_id']) ? $_REQUEST['fee_id'] : 0;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($GO_MODULES->write_permissions) {
$name = smart_addslashes(trim($_POST['name']));
$value = trim(str_replace(',', '.', smart_addslashes($_POST['value'])));
if ($name == '' || $value == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} else {
if (isset($_POST['fee_id'])) {
if ($projects->update_fee($_POST['fee_id'], $name, $value, smart_addslashes($_POST['time']))) {
header('Location: ' . $GO_MODULES->url . 'index.php?post_action=fees');
exit;
} else {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
} else {
if ($projects->add_fee($name, $value, $_POST['time'])) {
header('Location: ' . $GO_MODULES->url . 'index.php?post_action=fees');
exit;
} else {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
}
}
} else {
$city = smart_addslashes($_POST["city"]); $zip = smart_addslashes($_POST["zip"]); $address = smart_addslashes($_POST["address"]); $department = smart_addslashes($_POST["department"]); $function = smart_addslashes($_POST["function"]); $company = smart_addslashes($_POST["company"]); $work_country = smart_addslashes($_POST["work_country"]); $work_state = smart_addslashes($_POST["work_state"]); $work_city = smart_addslashes($_POST["work_city"]); $work_zip = smart_addslashes($_POST["work_zip"]); $work_address = smart_addslashes($_POST["work_address"]); $work_fax = smart_addslashes($_POST["work_fax"]); $homepage = smart_addslashes($_POST["homepage"]); $pass1 = smartstrip($_POST["pass1"]); $pass2 = smartstrip($_POST["pass2"]); $username = smart_addslashes($_POST['username']); $val->error_required = $error_required; $val->error_min_length = $error_min_length; $val->error_max_length = $error_max_length; $val->error_expression = $error_email; $val->name = "first_name"; $val->input = $first_name; $val->max_length = 50; $val->required = true; $val->validate_input(); $val->name = "last_name"; $val->input = $last_name; $val->max_length = 50; $val->required = true; $val->validate_input(); $val->name = "username";
if ($title == '') {
$feedback = '<p class="Error">' . $error_missing_field . '</p>';
} else {
if ($announcement_id > 0) {
if (!$announcements->update_announcement($_POST['announcement_id'], $title, smart_addslashes($_POST['content']), $due_time)) {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
if ($_POST['close'] == 'true') {
header('Location: ' . $return_to);
exit;
}
}
} else {
$acl_id = $GO_SECURITY->get_new_acl('announcement');
if ($acl_id > 0) {
if (!($announcement_id = $announcements->add_announcement($_POST['user_id'], $due_time, $title, smart_addslashes($_POST['content']), $acl_id))) {
$GO_SECURITY->delete_acl($acl_id);
$feedback = '<p class="Error">' . $strSaveError . '</p>';
} else {
if (!isset($_POST['private'])) {
$GO_SECURITY->add_group_to_acl($GO_CONFIG->group_everyone, $acl_id);
}
if ($_POST['close'] == 'true') {
header('Location: ' . $return_to);
exit;
}
}
} else {
$feedback = '<p class="Error">' . $strSaveError . '</p>';
}
}