public static function loadByNamn($namn)
{
global $db;
$sql = "SELECT id FROM " . self::classToTable(get_class()) . " WHERE namn='" . SECURITY::secure_postdata($namn) . "'";
$id = $db->value($sql);
if ($id) {
return parent::loadById($id, get_class());
} else {
return false;
}
}
public static function listByprofilData($profilData)
{
global $db;
$sql = "SELECT id FROM " . self::classToTable(get_class()) . " WHERE profilDataId='" . SECURITY::secure_postdata($profilData->getId()) . "'";
return self::listByIds(get_class(), $db->valuesAsArray($sql));
}
<?php
/**
* @Project: Virtual Airlines Manager (VAM)
* @Author: Alejandro Garcia
* @Web http://virtualairlinesmanager.net
* Copyright (c) 2013 - 2015 Alejandro Garcia
* VAM is licenced under the following license:
* Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
* View license.txt in the root, or visit http://creativecommons.org/licenses/by-nc-sa/4.0/
*/
include 'classes/security.php';
$secure = new SECURITY();
$secure->parse_incoming();
session_start();
include './db_login.php';
$db = new mysqli($db_host, $db_username, $db_password, $db_database);
$IP = $_SERVER["REMOTE_ADDR"];
$db->set_charset("utf8");
if ($db->connect_errno > 0) {
die('Unable to connect to database [' . $db->connect_error . ']');
}
$exists = 0;
$_SESSION["access"] = false;
if (isset($_POST['user']) and isset($_POST['password'])) {
$user = mysqli_real_escape_string($db, $_POST['user']);
$Encrypt_Pass = md5(mysqli_real_escape_string($db, $_POST["password"]));
$query = "SELECT * FROM staff where email='" . $user . "' and password='******'";
if (!($result = $db->query($query))) {
die('There was an error running the query [' . $db->error . ']');
}
function showtasks($query_condition = '')
{
global $Ticket_Number, $name, $tts, $prefix, $hlpdsk_prefix, $hlpdsk_theme, $acl_read, $acl_write, $GO_LANGUAGE;
require $GO_LANGUAGE->get_language_file('opentts');
if (Security::is_action_allowed("view_tasks", $acl_read, $acl_write)) {
$query = "select * from {$prefix}{$hlpdsk_prefix}_tasks where ticket_id='{$Ticket_Number}' {$query_condition} order by task_id asc";
if ($tts->query($query)) {
$file = "themes/{$hlpdsk_theme}/showline_task.html";
$file = addslashes(implode("", file($file)));
$_MIDDLE = '';
while ($tts->next_record()) {
$POST_DATE = "<tr><td class=textbox><font class=content>" . date($_SESSION['GO_SESSION']['date_format'], $tts->f('post_date')) . "<br> " . date("H:i", $tts->f('post_date')) . "</td>";
$SENDER = "<td class=textbox><font class=content>" . opentts::get_fullname($tts->f('sender_id')) . "</td>";
$comment = nl2br(Security::htmlsecure($tts->f('comment')));
$COMMENT = "<td class=textbox><font class=content>{$comment}</td>";
$_ACTION = "";
$tts_lang_mail_this = "";
$issuer_email = $tts->f('task_id');
$issuer_email = $tts->f('email_issuer');
$email_assigned = $tts->f('email_agent');
if ($issuer_email == 0) {
$issuer_email = "--";
} else {
$issuer_email = SECURITY::get_uname($issuer_email);
}
if ($email_assigned == 0) {
$email_assigned = "--";
} else {
$email_assigned = SECURITY::get_uname($email_assigned);
}
$t_email_issuer = "<TD align=center class=textbox>{$issuer_email}</TD>";
$t_email_assigned = "<TD align=center class=textbox>{$email_assigned}</TD></tr>";
$_MIDDLE .= $POST_DATE . $SENDER . $COMMENT . $t_email_issuer . $t_email_assigned;
}
eval("\$content=stripslashes(\"{$file}\");");
echo $content;
}
}
}