if (!empty($_GET['relinqush'])) { $db->Execute("UPDATE user SET rights = REPLACE(rights,'ticketmod','') WHERE user_id = {$USER->user_id}"); //reload the user object $_SESSION['user'] = new GeographUser($USER->user_id); header("Location: /profile.php?edit=1"); } if (isset($_GET['gridimage_ticket_id'])) { require_once 'geograph/gridimage.class.php'; require_once 'geograph/gridsquare.class.php'; require_once 'geograph/gridimagetroubleticket.class.php'; //user may have an expired session, or playing silly buggers, //either way, we want to check for admin status on the session $gridimage_ticket_id = intval($_GET['gridimage_ticket_id']); $hours = isset($_GET['hours']) && is_numeric($_GET['hours']) ? intval($_GET['hours']) : 24; $ticket = new GridImageTroubleTicket($gridimage_ticket_id); if ($ticket->isValid()) { $ticket->setDefer("DATE_ADD(NOW(), INTERVAL {$hours} HOUR)"); echo "Ticket Deferred for {$hours} hours"; } else { echo "FAIL"; } exit; } if (!empty($_GET['Submit'])) { //if changing state, release locks $db->Execute("DELETE FROM gridimage_moderation_lock WHERE user_id = {$USER->user_id}"); header("Location: /admin/tickets.php?" . str_replace('Submit=' . $_GET['Submit'], '', $_SERVER['QUERY_STRING'])); exit; } ############################# # form input
} $smarty->assign('moderated_count', $moderated_count); $smarty->assign('all_moderated', $moderated_count == count($moderated)); //when starting we dont use imageclassother $smarty->assign('imageclassother', ''); //process a trouble ticket? if (isset($_POST['gridimage_ticket_id'])) { //we really need this not be interupted ignore_user_abort(TRUE); set_time_limit(3600); //ok, we're processing a ticket update, but lets //exercise some healty paranoia.. $gridimage_ticket_id = intval($_POST['gridimage_ticket_id']); $ticket = new GridImageTroubleTicket($gridimage_ticket_id); //you sure this is a ticket? if (!$ticket->isValid()) { die("invalid ticket id"); } //definitely for this image? if ($ticket->gridimage_id != $image->gridimage_id) { die("ticket/image mismatch"); } $issuggester = $ticket->user_id == $USER->user_id ? 1 : 0; if (!$issuggester) { $ticket->setNotify(!empty($_POST['notify']) ? preg_replace('/[^\\w]+/', '', $_POST['notify']) : ''); } $thankyou = ''; //now lets do our thing depending on your permission level.. $comment = stripslashes($_POST['comment']); if ($isadmin) { if (isset($_POST['disown'])) {