function static_var($VAR)
{
global $smarty;
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
$arr = $static_var->generate_form('staff', 'add', 'update');
if (gettype($arr) == 'array') {
### Set everything as a smarty array, and return:
$smarty->assign('show_static_var', true);
$smarty->assign('static_var', $arr);
return true;
} else {
### Or if no results:
$smarty->assign('show_static_var', false);
return false;
}
}
function subscribe_confirm($VAR)
{
global $C_debug, $C_translate;
### validate that the user provided their email
/*
We need the following vars to confirm:
'email'
'validate'
*/
if (!isset($VAR['email']) || !isset($VAR['validate'])) {
### ERROR: bad link....
$url = '<br><a href="' . URL . '?_page=newsletter:subscribe">' . $C_translate->translate('submit', 'CORE', '') . '</a>';
$message = eregi_replace('%here%', $url, $C_translate->translate('subscribe_confirm_fail', 'newsletter', ''));
echo $message;
return;
} else {
### Confirm the email/timestamp match
$email = @$VAR['email'];
$time = @$VAR['validate'];
$db =& DB();
$sql = 'SELECT data FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
date_orig = ' . $db->qstr($time) . ' AND
field1 = ' . $db->qstr($email);
$result = $db->Execute($sql);
if ($result->RecordCount() == 0) {
### ERROR: no match for submitted link, invalid or expired.
$url = '<br><a href="' . URL . '?_page=newsletter:subscribe">' . $C_translate->translate('submit', 'CORE', '') . '</a>';
$message = eregi_replace('%here%', $url, $C_translate->translate('subscribe_confirm_fail', 'newsletter', ''));
echo $message;
return;
}
$arr = unserialize($result->fields['data']);
@($varstored['static_relation'] = unserialize(base64_decode($arr['var'])));
###############################################################
### Delete the temporary record
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field1 = ' . $db->qstr($email);
$db->Execute($sql);
###############################################################
### Create the newsletter subscription(s):
$db =& DB();
for ($i = 0; $i < count($arr['newsletter_id']); $i++) {
#########################################################
### Drop any existing subscriptions to avoid duplicates!
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'newsletter_subscriber WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
newsletter_id=' . $db->qstr($arr["newsletter_id"][$i]) . ' AND
email = ' . $db->qstr($email);
$db->Execute($sql);
### Insert
$id = $db->GenID(AGILE_DB_PREFIX . "" . 'newsletter_subscriber_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'newsletter_subscriber SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($id) . ',
date_orig = ' . $db->qstr(time()) . ',
newsletter_id= ' . $db->qstr($arr["newsletter_id"][$i]) . ',
email = ' . $db->qstr($arr["email"]) . ',
html = ' . $db->qstr($arr["html"]) . ',
first_name = ' . $db->qstr($arr["first_name"]) . ',
last_name = ' . $db->qstr($arr["last_name"]);
$result = $db->Execute($sql);
### Set the static vars:
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
$static_var->add($varstored, 'newsletter_subscriber', $id);
}
### Return the success message:
echo $C_translate->translate('subscribe_confirm_success', 'newsletter', '');
}
}
function user_add($VAR)
{
$this->construct();
global $C_debug, $C_translate, $C_vars, $smarty;
### Strip Slashes
global $VAR;
$C_vars->strip_slashes_all();
####################################################################
### Check that the required fields are set:
### ticket_department_id, ticket_subject, ticket_body
####################################################################
$fields = array('priority', 'department_id', 'subject', 'body');
for ($i = 0; $i < count($fields); $i++) {
$field = $fields[$i];
$field_name = $this->table . '_' . $field;
if (!isset($VAR["{$field_name}"]) || trim($VAR["{$field_name}"]) == "") {
$this->val_error[] = array('field' => $this->table . '_' . $field, 'field_trans' => $C_translate->translate('field_' . $field, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", ""));
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form($this->module, $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
}
### Validate e-mail
if (!SESS_LOGGED) {
include_once PATH_CORE . 'validate.inc.php';
$C_validate = new CORE_validate();
if (empty($VAR['ticket_email'])) {
$this->validated = false;
$smarty->assign('ticket_email', true);
$all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_any', "", ""));
} elseif (!$C_validate->validate_email(@$VAR['ticket_email'], false)) {
$this->validated = false;
$smarty->assign('ticket_email', true);
$all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_email', "", ""));
}
$this->email = $VAR['ticket_email'];
} else {
# Get the e-mail addy from the user's account
$db =& DB();
$sql = 'SELECT email FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(SESS_ACCOUNT);
$result = $db->Execute($sql);
$VAR['ticket_email'] = $result->fields['email'];
$this->email = $result->fields['email'];
}
###################################################################
### Check that the user is authorized for this department
$db =& DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'ticket_department WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['ticket_department_id']) . ' AND
status = ' . $db->qstr('1');
$result = $db->Execute($sql);
if ($result->RecordCount() == 0) {
###################################################################
### ERROR: The selected department is inactive or invalid
$C_debug->alert($C_translate->translate('department_invalid', 'ticket', ''));
return false;
}
global $C_auth;
$i = 0;
$dept_auth = false;
while (!$result->EOF) {
$arr = unserialize($result->fields['group_id']);
if (!SESS_LOGGED) {
### Check if the specified department is authorized for the 'All Users' group (0):
for ($i = 0; $i < count($arr); $i++) {
if ($arr[$i] == '0') {
$dept_auth = true;
}
}
if (!$dept_auth) {
$C_debug->alert($C_translate->translate('login_required', '', ''));
return false;
}
} else {
for ($i = 0; $i < count($arr); $i++) {
if ($C_auth->auth_group_by_id($arr[$i])) {
$dept_auth = true;
}
}
}
$result->MoveNext();
}
if (!$dept_auth) {
###################################################################
### ERROR: The current user does not have access to the selected department!
$C_debug->alert($C_translate->translate('department_not_auth', 'ticket', ''));
return false;
} else {
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
###################################################################
### Assemble the SQL & Insert the ticket
$db =& DB();
$id = $db->GenID(AGILE_DB_PREFIX . 'ticket_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'ticket SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($id) . ',
date_orig = ' . $db->qstr(time()) . ',
date_last = ' . $db->qstr(time()) . ',
date_expire = ' . $db->qstr(time() + 86400 * 7) . ',
account_id = ' . $db->qstr(SESS_ACCOUNT) . ',
department_id=' . $db->qstr($VAR['ticket_department_id']) . ',
status = ' . $db->qstr(0) . ',
last_reply = 0,
priority = ' . $db->qstr($VAR['ticket_priority']) . ',
subject = ' . $db->qstr($VAR['ticket_subject']) . ',
email = ' . $db->qstr($VAR['ticket_email']) . ',
body = ' . $db->qstr(htmlspecialchars($VAR['ticket_body']));
$result = $db->Execute($sql);
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('ticket.inc.php', 'user_add', $db->ErrorMsg());
return false;
}
###################################################################
### Insert the static vars...
$static_var->add($VAR, $this->module, $id);
###################################################################
### Mail the user the new_ticket email template
require_once PATH_MODULES . 'email_template/email_template.inc.php';
$VAR['email'] = trim($this->email);
$VAR['key'] = $this->key($this->email);
$my = new email_template();
$my->send('ticket_user_add', $this->email, $id, '', '');
unset($VAR['key']);
unset($VAR['email']);
###################################################################
### Get any staff members who should be mailed
$db =& DB();
$sql = 'SELECT id,account_id,department_avail FROM ' . AGILE_DB_PREFIX . 'staff
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
notify_new = ' . $db->qstr("1");
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
while (!$result->EOF) {
@($avail = unserialize($result->fields['department_avail']));
for ($i = 0; $i < count($avail); $i++) {
if ($avail[$i] == $VAR['ticket_department_id']) {
###################################################################
### Mail staff members the new_ticket email template
$my = new email_template();
$my->send('ticket_user_add_staff', $result->fields['account_id'], $id, $avail[$i], 'sql3');
$i = count($avail);
}
}
$result->MoveNext();
}
}
}
global $C_debug, $C_translate;
$C_debug->alert($C_translate->translate('user_add_success', 'ticket', ''));
}
function update($VAR)
{
global $C_list, $C_debug;
if (!$this->checkLimits()) {
return false;
}
// check account limits
// validate the tax_id
global $VAR;
require_once PATH_MODULES . 'tax/tax.inc.php';
$taxObj = new tax();
$tax_arr = @$VAR['account_admin_tax_id'];
if (is_array($tax_arr)) {
foreach ($tax_arr as $country_id => $tax_id) {
if ($country_id == $VAR['account_admin_country_id']) {
$exempt = @$VAR["account_tax_id_exempt"][$country_id];
if (!($txRs = $taxObj->TaxIdsValidate($country_id, $tax_id, $exempt))) {
$this->validated = false;
global $C_translate;
$this->val_error[] = array('field' => 'account_admin_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", ""));
}
if ($exempt) {
$VAR['account_admin_tax_id'] = false;
} else {
$VAR['account_admin_tax_id'] = $tax_id;
}
}
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (!isset($this->val_error)) {
$this->val_error = false;
}
$all_error = $static_var->validate_form('account', $this->val_error);
if ($all_error != false && gettype($all_error) == 'array') {
$this->validated = false;
} else {
$this->validated = true;
}
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if (!$this->validated) {
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if (!defined("FORCE_PAGE")) {
define('FORCE_PAGE', $VAR['_page_current']);
}
return;
}
### Get the old username ( for db mapping )
$db =& DB();
$sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['account_admin_id']);
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
$old_username = $result->fields['username'];
}
### Update the password:
$update_password = false;
if (!empty($VAR['_password'])) {
$VAR['account_admin_password'] = $VAR['_password'];
/* check if new password is ok */
if ($C_list->is_installed('account_password_history')) {
include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php';
$accountHistory = new account_password_history();
if (!$accountHistory->getIsPasswordOk($VAR['account_admin_id'], $VAR['account_admin_password'], false)) {
$C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
unset($VAR['account_admin_password']);
} else {
$update_password = true;
}
}
}
### Update the record
$type = "update";
$this->method["{$type}"] = explode(",", $this->method["{$type}"]);
$db = new CORE_database();
$ok = $db->update($VAR, $this, $type);
if ($ok) {
/* password logging class */
if ($update_password && is_object($accountHistory)) {
$accountHistory->setNewPassword($VAR['account_admin_id'], $VAR["account_admin_password"], false);
}
### Update the static vars:
$static_var->update($VAR, 'account', $VAR['account_admin_id']);
### Do any db_mapping
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
if (!empty($VAR['account_admin_password'])) {
$db_map->plaintext_password = $VAR['account_admin_password'];
} else {
$db_map->plaintext_password = false;
}
$db_map->account_edit($VAR['account_admin_id'], $old_username);
}
// remove login lock
if ($VAR['account_admin_status']) {
$db =& DB();
$delrs = $db->Execute($sql = sqlDelete($db, "login_lock", "account_id={$VAR['account_admin_id']}"));
$delrs = $db->Execute($sql = sqlDelete($db, "login_log", "account_id={$VAR['account_admin_id']} AND status=0"));
}
return true;
}
}
function static_var($VAR)
{
global $smarty;
require_once PATH_CORE . 'static_var.inc.php';
$static_var = new CORE_static_var();
if (preg_match('/search/i', $VAR['_page'])) {
$arr = $static_var->generate_form($this->module, 'add', 'search');
} else {
$arr = $static_var->generate_form($this->module, 'add', 'update');
}
if (gettype($arr) == 'array') {
### Set everything as a smarty array, and return:
$smarty->assign('show_static_var', true);
$smarty->assign('static_var', $arr);
return true;
} else {
### Or if no results:
$smarty->assign('show_static_var', false);
return false;
}
}
