function reset_password()
{
$email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
$user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
$key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
$target_id = WebUsers::getId($user);
$webUser = new WebUsers($target_id);
if (WebUsers::getIdFromEmail($email) == $target_id && hash('sha512', $webUser->getHashedPass()) == $key) {
//you are allowed on the page!
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$pageElements['getstring'] = $GETString;
return $pageElements;
} else {
global $WEBPATH;
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: " . $WEBPATH . "?page=error");
throw new SystemExit();
}
}
/**
* This function is used in deactivating plugins.
* This can be done by providing id using $_GET global variable of the plugin which
* we want to activate. After getting id we update the respective plugin with status
* deactivate which here means '0'.
*
* @author Shubham Meena, mentored by Matthew Lagoe
*/
function deactivate_plugin()
{
// if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_GET['id'])) {
// id of plugin to deactivate
$id = filter_var($_GET['id'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$db = new DBLayer('lib');
$result = $db->update("plugins", array('Status' => '0'), "Id = {$id}");
if ($result) {
// if result is successfull it redirects and shows success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=5");
throw new SystemExit();
} else {
// if result is unsuccessfull it redirects and shows success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=6");
throw new SystemExit();
}
} else {
//if $_GET variable is not set it redirects and shows error
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=6");
throw new SystemExit();
}
}
}
/**
* This function is beign used to load info that's needed for the login page.
* it will try to auto-login, this can only be used while ingame, the web browser sends additional cookie information that's also stored in the open_ring db.
* We will compare the values and if they match, the user will be automatically logged in!
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function login()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (helpers::check_if_game_client()) {
//check if you are logged in ingame, this should auto login
$result = Helpers::check_login_ingame();
if ($result) {
//handle successful login
$_SESSION['user'] = $result['name'];
$_SESSION['id'] = WebUsers::getId($result['name']);
$_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id']));
//go back to the index page.
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header('Location: ' . $INGAME_WEBPATH);
} else {
header('Location: ' . $WEBPATH);
}
throw new SystemExit();
}
}
$pageElements['ingame_webpath'] = $INGAME_WEBPATH;
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$pageElements['getstring'] = $GETString;
return $pageElements;
}
/**
* This function is beign used to load info that's needed for the userlist page.
* this function will return all users by using he pagination class, so that it can be used in the template. Only Mods and Admins can browse this page though.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function userlist()
{
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$pagination = new Pagination(WebUsers::getAllUsersQuery(), "web", 10, "WebUsers");
$pageResult['userlist'] = Gui_Elements::make_table($pagination->getElements(), array("getUId", "getUsername", "getEmail"), array("id", "username", "email"));
$pageResult['links'] = $pagination->getLinks(5);
$pageResult['lastPage'] = $pagination->getLast();
$pageResult['currentPage'] = $pagination->getCurrent();
$i = 0;
foreach ($pageResult['userlist'] as $user) {
$pageResult['userlist'][$i]['permission'] = Ticket_User::constr_ExternId($pageResult['userlist'][$i]['id'])->getPermission();
$i++;
}
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$pageResult['isAdmin'] = "TRUE";
}
global $INGAME_WEBPATH;
$pageResult['ingame_webpath'] = $INGAME_WEBPATH;
global $BASE_WEBPATH;
$pageResult['base_webpath'] = $BASE_WEBPATH;
return $pageResult;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
}
/**
* This function is beign used to change the users emailaddress info.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* The emailaddress will be validated first. If the checking was successful the email will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function userRegistration()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
$dbl = new DBLayer("lib");
$dbl->update("settings", array('Value' => $_POST['userRegistration']), "`Setting` = 'userRegistration'");
$result['target_id'] = $_GET['id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$pageElements = settings();
$pageElements = array_merge(settings(), $result);
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
// pass error and reload template accordingly
helpers::loadtemplate('settings', $pageElements);
throw new SystemExit();
} else {
//ERROR: user is not logged in
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the dashboard page.
* check if the person who wants to view this page is a mod/admin, if this is not the case, he will be redirected to an error page.
* next it will fetch a lot of information regarding to the status of the ticket system (eg return the total amount of tickets) and return this information so
* it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function dashboard()
{
//if logged in
if (WebUsers::isLoggedIn()) {
//is Mod
if (ticket_user::isMod(unserialize($_SESSION['ticket_user']))) {
//return useful information about the status of the ticket system.
$result['user_id'] = unserialize($_SESSION['ticket_user'])->getTUserId();
$result['nrToDo'] = Ticket_Queue_Handler::getNrOfTicketsToDo(unserialize($_SESSION['ticket_user'])->getTUserId());
$result['nrAssignedWaiting'] = Ticket_Queue_Handler::getNrOfTicketsAssignedWaiting(unserialize($_SESSION['ticket_user'])->getTUserId());
$result['nrTotalTickets'] = Ticket_Queue_Handler::getNrOfTickets();
$ticket = Ticket_Queue_Handler::getNewestTicket();
$result['newestTicketId'] = $ticket->getTId();
$result['newestTicketTitle'] = $ticket->getTitle();
$result['newestTicketAuthor'] = Ticket_User::get_username_from_id($ticket->getAuthor());
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is used in deleting plugins.
* It removes the plugin from the codebase as well as
* from the Database. When user request to delete a plugin
* id of that plugin is sent in $_GET global variable.
*
* @author Shubham Meena, mentored by Matthew Lagoe
*/
function delete_plugin()
{
// if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_GET['id'])) {
// id of plugin to delete after filtering
$id = filter_var($_GET['id'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$db = new DBLayer('lib');
$sth = $db->selectWithParameter("FileName", "plugins", array('id' => $id), "Id=:id");
$name = $sth->fetch();
if (is_dir("{$name['FileName']}")) {
// removing plugin directory from the code base
if (Plugincache::rrmdir("{$name['FileName']}")) {
$db->delete('plugins', array('id' => $id), "Id=:id");
//if result successfull redirect and show success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=2");
throw new SystemExit();
} else {
// if result unsuccessfull redirect and show error message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=0");
throw new SystemExit();
}
}
} else {
// if result unsuccessfull redirect and show error message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=0");
throw new SystemExit();
}
}
}
/**
* This function is beign used to login a user.
* It will first check if the sent POST data returns a match with the DB, if it does, some session variables will be appointed to the user and he will be redirected to the index page again.
* If it didn't match, the template will be reloaded and a matching error message will be shown.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function login()
{
global $INGAME_WEBPATH;
global $WEBPATH;
try {
$login_value = filter_var($_POST['LoginValue'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['Password'], FILTER_SANITIZE_STRING);
//check if the filtered sent POST data returns a match with the DB
$result = WebUsers::checkLoginMatch($login_value, $password);
if ($result != "fail") {
//handle successful login
$_SESSION['user'] = $result['Login'];
$_SESSION['id'] = $result['UId'];
$_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id']));
$user = new WebUsers($_SESSION['id']);
$_SESSION['Language'] = $user->getLanguage();
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
//go back to the index page.
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header('Location: ' . $INGAME_WEBPATH . $GETString);
} else {
header('Location: ' . $WEBPATH . $GETString);
}
throw new SystemExit();
} else {
//handle login failure
$result = array();
$result['login_error'] = 'TRUE';
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('login', $result);
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to reply on a ticket.
* It will first check if the user who executed this function is a mod/admin or the topic creator himself. If this is not the case the page will be redirected to an error page.
* in case the isset($_POST['hidden'] is set and the user is a mod, the message will be hidden for the topic starter. The reply will be created. If $_POST['ChangeStatus']) & $_POST['ChangePriority'] is set
* it will try to update the status and priority. Afterwards the page is being redirecte to the ticket again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function reply_on_ticket()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn() && isset($_POST['ticket_id'])) {
$ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($ticket_id);
//check if the user who executed this function is a mod/admin or the topic creator himself.
if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
try {
$author = unserialize($_SESSION['ticket_user'])->getTUserId();
if (isset($_POST['Content'])) {
$content = $_POST['Content'];
} else {
$content = "";
}
$hidden = 0;
if (isset($_POST['hidden']) && Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$hidden = 1;
}
//create the reply
Ticket::createReply($content, $author, $ticket_id, $hidden);
//try to update the status & priority in case these are set.
if (isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
Ticket::updateTicketStatusAndPriority($ticket_id, $newStatus, $newPriority, $author);
}
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_ticket&id=" . $ticket_id);
} else {
header("Location: " . $WEBPATH . "?page=show_ticket&id=" . $ticket_id);
}
throw new SystemExit();
} catch (PDOException $e) {
//ERROR: LIB DB is not online!
print_r($e);
//header("Location: index.php");
throw new SystemExit();
}
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to modify the email related to a support group.
* It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page.
* the new email will be validated and in case it's valid we'll add it to the db. Before adding it, we will encrypt the password by using the MyCrypt class. Afterwards the password gets
* updated and the page redirected again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function modify_email_of_sgroup()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
//check if user is an admin
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user'])) && isset($_POST['target_id'])) {
$sgroupid = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT);
$group = Support_Group::getGroup($sgroupid);
$groupemail = filter_var($_POST['GroupEmail'], FILTER_SANITIZE_STRING);
if (Users::validEmail($groupemail) || $groupemail == "") {
$password = filter_var($_POST['IMAP_Password'], FILTER_SANITIZE_STRING);
$group->setGroupEmail($groupemail);
$group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'], FILTER_SANITIZE_STRING));
$group->setIMAP_Username(filter_var($_POST['IMAP_Username'], FILTER_SANITIZE_STRING));
//encrypt password!
global $cfg;
$crypter = new MyCrypt($cfg['crypt']);
$enc_password = $crypter->encrypt($password);
$group->setIMAP_Password($enc_password);
$group->update();
$result['RESULT_OF_MODIFYING'] = "SUCCESS";
if ($password == "") {
$result['RESULT_OF_MODIFYING'] = "NO_PASSWORD";
}
} else {
$result['RESULT_OF_MODIFYING'] = "EMAIL_NOT_VALID";
}
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
//global $SITEBASE;
//require_once($SITEBASE . 'inc/show_sgroup.php');
//$result= array_merge($result, show_sgroup());
//helpers :: loadtemplate( 'show_sgroup', $result);
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_sgroup&id=" . $sgroupid);
} else {
header("Location: " . $WEBPATH . "?page=show_sgroup&id=" . $sgroupid);
}
throw new SystemExit();
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the show_reply page.
* check if the person is allowed to see the reply, if not he'll be redirected to an error page.
* data regarding to the reply will be returned by this function that will be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_reply()
{
//if logged in
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
$result['reply_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$reply = new Ticket_Reply();
$reply->load_With_TReplyId($result['reply_id']);
$ticket = new Ticket();
$ticket->load_With_TId($reply->getTicket());
//check if the user is allowed to see the reply
if ($ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() && !$reply->getHidden() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$content = new Ticket_Content();
$content->load_With_TContentId($reply->getContent());
$author = new Ticket_User();
$author->load_With_TUserId($reply->getAuthor());
$result['hidden'] = $reply->getHidden();
$result['ticket_id'] = $reply->getTicket();
$result['reply_timestamp'] = $reply->getTimestamp();
$result['author_permission'] = $author->getPermission();
$result['reply_content'] = $content->getContent();
$result['author'] = $author->getExternId();
$webUser = new WebUsers($author->getExternId());
$result['authorName'] = $webUser->getUsername();
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$result['isMod'] = "TRUE";
}
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the show_user page.
* Users can only browse their own user page, while mods/admins can browse all user pages. The current settings of the user being browsed will be loaded, as also their created tickets
* and this info will be returned so it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_user()
{
//if logged in
if (WebUsers::isLoggedIn()) {
//Users can only browse their own user page, while mods/admins can browse all user pages
if (!isset($_GET['id']) || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) || $_GET['id'] == $_SESSION['id']) {
if (isset($_GET['id'])) {
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
} else {
$result['target_id'] = $_SESSION['id'];
}
$webUser = new WebUsers($result['target_id']);
$result['target_name'] = $webUser->getUsername();
$result['mail'] = $webUser->getEmail();
$info = $webUser->getInfo();
$result['firstName'] = $info['FirstName'];
$result['lastName'] = $info['LastName'];
$result['country'] = $info['Country'];
$result['gender'] = $info['Gender'];
$ticket_user = Ticket_User::constr_ExternId($result['target_id']);
$result['userPermission'] = $ticket_user->getPermission();
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$result['isAdmin'] = "TRUE";
}
$ticketlist = Ticket::getTicketsOf($ticket_user->getTUserId());
$result['ticketlist'] = Gui_Elements::make_table($ticketlist, array("getTId", "getTimestamp", "getTitle", "getStatus", "getStatusText", "getStatusText", "getCategoryName"), array("tId", "timestamp", "title", "status", "statustext", "statusText", "category"));
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
function reset_password()
{
//filter all data
$email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
$user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
$key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['NewPass'], FILTER_SANITIZE_STRING);
$confirmpass = filter_var($_POST['ConfirmNewPass'], FILTER_SANITIZE_STRING);
$target_id = WebUsers::getId($user);
$webUser = new WebUsers($target_id);
if (WebUsers::getIdFromEmail($email) == $target_id && hash('sha512', $webUser->getHashedPass()) == $key) {
$params = array('user' => $user, 'CurrentPass' => "dummy", 'NewPass' => $password, 'ConfirmNewPass' => $confirmpass, 'adminChangesOther' => true);
$result = $webUser->check_change_password($params);
if ($result == "success") {
$result = array();
$status = WebUsers::setPassword($user, $password);
if ($status == 'ok') {
$result['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$result['SUCCESS_PASS'] = "******";
}
}
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_success', $result);
throw new SystemExit();
}
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$result['getstring'] = $GETString;
$result['prevNewPass'] = $password;
$result['prevConfirmNewPass'] = $confirmpass;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_password', $result);
throw new SystemExit();
}
}
function forgot_password()
{
$email = filter_var($_POST["Email"], FILTER_SANITIZE_EMAIL);
$target_id = WebUsers::getIdFromEmail($email);
if ($target_id == "FALSE") {
//the email address doesn't exist.
$result['prevEmail'] = $email;
$result['EMAIL_ERROR'] = 'TRUE';
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
$webUser = new WebUsers($target_id);
$target_username = $webUser->getUsername();
$target_hashedPass = $webUser->getHashedPass();
$hashed_key = hash('sha512', $target_hashedPass);
if (isset($_COOKIE['Language'])) {
$lang = $_COOKIE['Language'];
} else {
global $DEFAULT_LANGUAGE;
$lang = $DEFAULT_LANGUAGE;
}
global $AMS_TRANS;
$variables = parse_ini_file($AMS_TRANS . '/' . $lang . '.ini', true);
$mailText = array();
foreach ($variables['email'] as $key => $value) {
$mailText[$key] = $value;
}
//create the reset url
global $WEBPATH;
$resetURL = $WEBPATH . "?page=reset_password&user="******"&email=" . $email . "&key=" . $hashed_key;
//set email stuff
$recipient = $email;
$subject = $mailText['email_subject_forgot_password'];
$body = $mailText['email_body_forgot_password_header'] . $resetURL . $mailText['email_body_forgot_password_footer'];
Mail_Handler::send_mail($recipient, $subject, $body, NULL);
$result['EMAIL_SUCCESS'] = 'TRUE';
$result['prevEmail'] = $email;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
/**
* This function is beign used to load info that's needed for the settings page.
* check if the person who wants to view this page is a mod/admin or the user to whom te settings belong himself, if this is not the case, he will be redirected to an error page.
* it will return a lot of information of that user, that's being used for loading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function settings()
{
if (WebUsers::isLoggedIn()) {
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if (isset($_GET['id'])) {
if ($_GET['id'] != $_SESSION['id'] && !Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
} else {
$webUser = new Webusers($_GET['id']);
$result = $webUser->getInfo();
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_GET['id'] != $_SESSION['id']) {
$result['changesOther'] = "TRUE";
}
$result['target_id'] = $_GET['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
} else {
$webUser = new Webusers($_SESSION['id']);
$result = $webUser->getInfo();
$result['target_id'] = $_SESSION['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
//Sanitize Data
$result['current_mail'] = filter_var($result['current_mail'], FILTER_SANITIZE_EMAIL);
$result['target_username'] = filter_var($result['target_username'], FILTER_SANITIZE_STRING);
$result['FirstName'] = filter_var($result['FirstName'], FILTER_SANITIZE_STRING);
$result['LastName'] = filter_var($result['LastName'], FILTER_SANITIZE_STRING);
$result['Country'] = filter_var($result['Country'], FILTER_SANITIZE_STRING);
$result['Gender'] = filter_var($result['Gender'], FILTER_SANITIZE_NUMBER_INT);
$result['ReceiveMail'] = filter_var($result['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
$result['country_array'] = getCountryArray();
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
$dbl = new DBLayer("lib");
$statement = $dbl->executeWithoutParams("SELECT * FROM settings");
$rows = $statement->fetchAll();
foreach ($rows as &$value) {
$result[$value['Setting']] = $value['Value'];
}
return $result;
} else {
//ERROR: not logged in!
header("Location: index.php");
header("Cache-Control: max-age=1");
throw new SystemExit();
}
}
/**
* This function is beign used to add a user to a support group.
* It will first check if the user who executed this function is an admin. If the user exists it will try to add it to the supportgroup, in case it's not a mod or admin it will not
* add it to the group. if the executing user is not an admin or not logged in, the page will be redirected to the error page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function add_user_to_sgroup()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
//check if the that executed the task is an admin.
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user'])) && isset($_POST['target_id'])) {
$name = filter_var($_POST['Name'], FILTER_SANITIZE_STRING);
$id = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT);
$user_id = WebUsers::getId($name);
if ($user_id != "") {
//if the target user is a mod/admin
if (Ticket_User::constr_ExternId($user_id)->getPermission() > 1) {
//add it to the support group
$result['RESULT_OF_ADDING'] = Support_Group::addUserToSupportGroup($user_id, $id);
} else {
//return error message.
$result['RESULT_OF_ADDING'] = "NOT_MOD_OR_ADMIN";
}
} else {
$result['RESULT_OF_ADDING'] = "USER_NOT_EXISTING";
}
//$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
//$result['no_visible_elements'] = 'FALSE';
//$result['username'] = $_SESSION['user'];
//global $SITEBASE;
//require_once($SITEBASE . 'inc/show_sgroup.php');
//$result= array_merge($result, show_sgroup());
//helpers :: loadtemplate( 'show_sgroup', $result);
if (Helpers::check_if_game_client()) {
header("Cache-Control: max-age=1");
header("Location: " . $INGAME_WEBPATH . "?page=show_sgroup&id=" . $id);
} else {
header("Cache-Control: max-age=1");
header("Location: " . $WEBPATH . "?page=show_sgroup&id=" . $id);
}
throw new SystemExit();
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the show_ticket_info page.
* check if the person browsing this page is a mod/admin or the ticket creator himself, if not he'll be redirected to an error page.
* not all tickets have this page related to it, only tickets created ingame will have additional information. The returned info will be used by the template to show the show_ticket_info page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_ticket_info()
{
//if logged in
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
if ($target_ticket->hasInfo() && ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])))) {
$result['ticket_title'] = $target_ticket->getTitle();
$result['ticket_author'] = $target_ticket->getAuthor();
$ticket_info = new Ticket_Info();
$ticket_info->load_With_Ticket($result['ticket_id']);
$result['shard_id'] = $ticket_info->getShardId();
$result['user_position'] = $ticket_info->getUser_Position();
$result['view_position'] = $ticket_info->getView_Position();
$result['client_version'] = $ticket_info->getClient_Version();
$result['patch_version'] = $ticket_info->getPatch_Version();
$result['server_tick'] = $ticket_info->getServer_Tick();
$result['connect_state'] = $ticket_info->getConnect_State();
$result['local_address'] = $ticket_info->getLocal_Address();
$result['memory'] = $ticket_info->getMemory();
$result['os'] = $ticket_info->getOS();
$result['processor'] = $ticket_info->getProcessor();
$result['cpu_id'] = $ticket_info->getCPUId();
$result['cpu_mask'] = $ticket_info->getCPU_Mask();
$result['ht'] = $ticket_info->getHT();
$result['nel3d'] = $ticket_info->getNel3D();
$result['user_id'] = $ticket_info->getUser_Id();
global $IMAGELOC_WEBPATH;
$result['IMAGELOC_WEBPATH'] = $IMAGELOC_WEBPATH;
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$result['isMod'] = "TRUE";
}
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to change the users receiveMail setting.
* It will first check if the user who executed this function is the person of whom the setting is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* it will check if the new value equals 1 or 0 and it will update the setting and redirect the page again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_receivemail()
{
try {
//if logged in
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
//check if the user who executed this function is the person of whom the setting is or if it's a mod/admin.
if (($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) && isset($_POST['ReceiveMail'])) {
$user_id = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT);
$receiveMail = filter_var($_POST['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
if ($receiveMail == 0 || $receiveMail == 1) {
WebUsers::setReceiveMail($user_id, $receiveMail);
}
if (Helpers::check_if_game_client()) {
header("Cache-Control: max-age=1");
header("Location: " . $INGAME_WEBPATH . "?page=settings&id=" . $user_id);
} else {
header("Cache-Control: max-age=1");
header("Location: " . $WEBPATH . "?page=settings&id=" . $user_id);
}
throw new SystemExit();
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to add a new Support Group to the database.
* What it will do is check if the user who executed the function is an Admin, if so then it will filter all POST'ed data and use it to create a new Support_Group entry.
* if not logged in or not an admin, an appropriate redirection to an error page will take place.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function add_sgroup()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
//check if admin
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$name = filter_var($_POST['Name'], FILTER_SANITIZE_STRING);
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
$tag = "[" . $inner_tag . "]";
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
$groupemail = filter_var($_POST['GroupEmail'], FILTER_SANITIZE_STRING);
$imap_mailserver = filter_var($_POST['IMAP_MailServer'], FILTER_SANITIZE_STRING);
$imap_username = filter_var($_POST['IMAP_Username'], FILTER_SANITIZE_STRING);
$imap_password = filter_var($_POST['IMAP_Password'], FILTER_SANITIZE_STRING);
//create a new support group
$result['RESULT_OF_ADDING'] = Support_Group::createSupportGroup($name, $tag, $groupemail, $imap_mailserver, $imap_username, $imap_password);
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
global $SITEBASE;
require $SITEBASE . '/inc/sgroup_list.php';
$result = array_merge($result, sgroup_list());
return $result;
header("Cache-Control: max-age=1");
/*if (Helpers::check_if_game_client()) {
header("Location: ".$INGAME_WEBPATH."?page=sgroup_list");
}else{
header("Location: ".$WEBPATH."?page=sgroup_list");
}
exit;
*/
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to change the permission of a ticket_user.
* It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page.
* in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1), the change will be executed and the page will
* redirect to the users profile page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_permission()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn()) {
//check if user who executed this function is an admin
if (ticket_user::isAdmin(unserialize($_SESSION['ticket_user']))) {
//in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1)
if (isset($_GET['user_id']) && isset($_GET['value']) && $_GET['user_id'] != 1 && $_GET['value'] < 4) {
$user_id = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);
$value = filter_var($_GET['value'], FILTER_SANITIZE_NUMBER_INT);
//execute change.
Ticket_User::change_permission(Ticket_User::constr_ExternId($user_id)->getTUserId(), $value);
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_user&id=" . $user_id);
} else {
header("Location: " . $WEBPATH . "?page=show_user&id=" . $user_id);
}
throw new SystemExit();
} else {
//ERROR: GET PARAMS not given or trying to change admin
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_user&id=" . $user_id);
} else {
header("Location: " . $WEBPATH . "?page=show_user&id=" . $user_id);
}
throw new SystemExit();
}
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
function settings()
{
if (WebUsers::isLoggedIn()) {
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if (isset($_GET['id'])) {
if ($_GET['id'] != $_SESSION['id'] && !Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
exit;
} else {
$webUser = new Webusers($_GET['id']);
//$result = $webUser->getInfo();
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_GET['id'] != $_SESSION['id']) {
$result['changesOther'] = "TRUE";
}
$result['target_id'] = $_GET['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
} else {
$webUser = new Webusers($_SESSION['id']);
//$result = $webUser->getInfo();
$result['target_id'] = $_SESSION['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
//Sanitize Data
$result['current_mail'] = filter_var($result['current_mail'], FILTER_SANITIZE_EMAIL);
$result['target_username'] = filter_var($result['target_username'], FILTER_SANITIZE_STRING);
//$result['FirstName'] = filter_var($result['FirstName'], FILTER_SANITIZE_STRING);
//$result['LastName'] = filter_var($result['LastName'], FILTER_SANITIZE_STRING);
//$result['Country'] = filter_var($result['Country'], FILTER_SANITIZE_STRING);
//$result['Gender'] = filter_var($result['Gender'], FILTER_SANITIZE_NUMBER_INT);
//$result['ReceiveMail'] = filter_var($result['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
//$result['country_array'] = getCountryArray();
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: not logged in!
header("Location: index.php");
exit;
}
}
function write_user($newUser)
{
//create salt here, because we want it to be the same on the web/server
$hashpass = crypt($newUser["pass"], WebUsers::generateSALT());
$params = array('Login' => $newUser["name"], 'Password' => $hashpass, 'Email' => $newUser["mail"]);
try {
//make new webuser
$user_id = WebUsers::createWebuser($params['Login'], $params['Password'], $params['Email']);
//Create the user on the shard + in case shard is offline put copy of query in query db
//returns: ok, shardoffline or liboffline
$result = WebUsers::createUser($params, $user_id);
Users::createPermissions(array($newUser["name"]));
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
return $result;
}
/**
* This function is beign used to load info that's needed for the sgroup_list page.
* check if the person who wants to view this page is a mod/admin, if this is not the case, he will be redirected to an error page.
* It will return all suppport groups information. Also if the $_GET['delete'] var is set and the user is an admin, he will delete a specific entry.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function sgroup_list()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn()) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
//if delete GET var is set and user is admin, then delete the groups entry.
if (isset($_GET['delete']) && Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
$result['delete'] = Support_Group::deleteSupportGroup($delete_id);
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=sgroup_list");
} else {
header("Location: " . $WEBPATH . "?page=sgroup_list");
}
throw new SystemExit();
}
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$result['isAdmin'] = "TRUE";
}
$result['grouplist'] = Gui_Elements::make_table(Support_Group::getGroups(), array("getSGroupId", "getName", "getTag", "getGroupEmail"), array("sGroupId", "name", "tag", "groupemail"));
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the createticket page.
* the $_GET['user_id'] identifies for which user you try to create a ticket. A normal user can only create a ticket for himself, a mod/admin however can also create tickets for other users.
* It will also load all categories and return these, they will be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function createticket()
{
//if logged in
if (WebUsers::isLoggedIn()) {
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
if (isset($_GET['user_id'])) {
//check if you are a mod/admin or you try to create a ticket for your own, if this is not the case redirect to error page
if ($_GET['user_id'] != $_SESSION['id'] && !ticket_user::isMod(unserialize($_SESSION['ticket_user']))) {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
} else {
//if user_id is given, then set it as the target_id
$result['target_id'] = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);
}
} else {
//set session_id as target_id
$result['target_id'] = $_SESSION['id'];
}
if (Helpers::check_if_game_client()) {
//get all additional info, which is needed for adding the extra info page
$result[] = $_GET;
$result['ingame'] = true;
}
//create array of category id & names
$catArray = Ticket_Category::getAllCategories();
$result['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId");
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
$result['TITLE_ERROR'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is used in installing updates for plugins.
* It takes id of the plugin whose update is available using
* $_GET global variable and then extract the update details
* from db and then install it in the plugin.
*
* @author Shubham Meena, mentored by Matthew Lagoe
*/
function update_plugin()
{
// if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_GET['id'])) {
// id of plugin to update
$id = filter_var($_GET['id'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$db = new DBLayer('lib');
$sth = $db->executeWithoutParams("SELECT * FROM plugins INNER JOIN updates ON plugins.Id=updates.PluginId Where plugins.Id={$id}");
$row = $sth->fetch();
// replacing update in the database
Plugincache::rrmdir($row['FileName']);
Plugincache::zipExtraction($row['UpdatePath'], rtrim($row['FileName'], strtolower($row['Name'])));
$db->update("plugins", array('Info' => $row['UpdateInfo']), "Id={$row['Id']}");
// deleting the previous update
$db->delete("updates", array('id' => $row['s.no']), "s.no=:id");
// if update is installed succesffully redirect to show success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=8");
throw new SystemExit();
}
}
}
/**
* Handles the language specific aspect.
* The language can be changed by setting the $_GET['Language'] & $_GET['setLang'] together. This will also change the language entry of the user in the db.
* Cookies are also being used in case the user isn't logged in.
*
* @return returns the parsed content of the language .ini file related to the users language setting.
*/
public static function handle_language()
{
global $DEFAULT_LANGUAGE;
global $AMS_TRANS;
// if user wants to change the language
if (isset($_GET['Language']) && isset($_GET['setLang'])) {
// The ingame client sometimes sends full words, derive those!
switch ($_GET['Language']) {
case "English":
$lang = "en";
break;
case "French":
$lang = "fr";
break;
default:
$lang = $_GET['Language'];
}
// if the file exists en the setLang = true
if (file_exists($AMS_TRANS . '/' . $lang . '.ini') && $_GET['setLang'] == "true") {
// set a cookie & session var and incase logged in write it to the db!
setcookie('Language', $lang, time() + 60 * 60 * 24 * 30);
$_SESSION['Language'] = $lang;
if (WebUsers::isLoggedIn()) {
WebUsers::setLanguage($_SESSION['id'], $lang);
}
} else {
$_SESSION['Language'] = $DEFAULT_LANGUAGE;
}
} else {
// if the session var is not set yet
if (!isset($_SESSION['Language'])) {
// check if a cookie already exists for it
if (isset($_COOKIE['Language'])) {
$_SESSION['Language'] = $_COOKIE['Language'];
// else use the default language
} else {
$_SESSION['Language'] = $DEFAULT_LANGUAGE;
}
}
}
if ($_SESSION['Language'] == "") {
$_SESSION['Language'] = $DEFAULT_LANGUAGE;
}
return parse_ini_file($AMS_TRANS . '/' . $_SESSION['Language'] . '.ini', true);
}
/**
* Global Hook to return global variables which contains
* the content to use in the smarty templates extracted from
* the database
*
* @return $domain_management_return_set global array returns the template data
*/
function domain_management_hook_get_db()
{
global $domain_management_return_set;
if (isset($_GET['ModifyDomain']) && ($_GET['ModifyDomain'] = '1' && isset($_POST['domain_name']))) {
try {
$dbs = new DBLayer('shard');
$dbs->update("domain", array('domain_name' => $_POST['domain_name'], 'status' => $_POST['status'], 'patch_version' => $_POST['patch_version'], 'backup_patch_url' => $_POST['backup_patch_url'], 'patch_urls' => $_POST['patch_urls'], 'login_address' => $_POST['login_address'], 'session_manager_address' => $_POST['session_manager_address'], 'ring_db_name' => $_POST['ring_db_name'], 'web_host' => $_POST['web_host'], 'web_host_php' => $_POST['web_host_php'], 'description' => $_POST['description']), '`domain_id` = ' . $_GET['edit_domain']);
} catch (Exception $e) {
return null;
}
}
if (isset($_GET['ModifyPermission']) && ($_GET['ModifyPermission'] = '1' && isset($_POST['user']))) {
try {
$dbl = new DBLayer("lib");
$statement = $dbl->execute("SELECT * FROM `settings` WHERE `Setting` = :setting", array('setting' => 'Domain_Auto_Add'));
$json = $statement->fetch();
$json = json_decode($json['Value'], true);
$json[$_GET['edit_domain']]['1'] = $_POST['user'];
$json[$_GET['edit_domain']]['2'] = $_POST['moderator'];
$json[$_GET['edit_domain']]['3'] = $_POST['admin'];
$update = json_encode($json);
$dbl->update("settings", array('Value' => $update), "`Setting` = 'Domain_Auto_Add'");
} catch (Exception $e) {
return null;
}
}
try {
$db = new DBLayer('shard');
// get all domains
$statement = $db->executeWithoutParams("SELECT * FROM domain");
$rows = $statement->fetchAll();
$domain_management_return_set['domains'] = $rows;
if (isset($_GET['edit_domain'])) {
// get permissions
$statement = $db->executeWithoutParams("SELECT * FROM `domain` WHERE `domain_id` = '" . $_GET['edit_domain'] . "'");
$rows = $statement->fetchAll();
$domain_management_return_set['domains'] = $rows;
$statement = $db->executeWithoutParams("SELECT * FROM `permission` WHERE `DomainId` = '" . $_GET['edit_domain'] . "'");
$rows = $statement->fetchAll();
$domain_management_return_set['permissions'] = $rows;
// get all users
$pagination = new Pagination(WebUsers::getAllUsersQuery(), "web", 10, "WebUsers");
$domain_management_return_set['userlist'] = Gui_Elements::make_table($pagination->getElements(), array("getUId", "getUsername", "getEmail"), array("id", "username", "email"));
$dbl = new DBLayer("lib");
$statement = $dbl->execute("SELECT * FROM `settings` WHERE `Setting` = :setting", array('setting' => 'Domain_Auto_Add'));
$json = $statement->fetch();
$json = json_decode($json['Value'], true);
$domain_management_return_set['Domain_Auto_Add'] = $json[$_GET['edit_domain']];
}
return $rows;
} catch (Exception $e) {
return null;
}
}
/**
* Wrapper for sending emails, creates the content of the email
* Based on the type of the ticketing mail it will create a specific email, it will use the language.ini files to load the correct language of the email for the receiver.
* Also if the $TICKET_MAILING_SUPPORT is set to false or if the user's personal 'ReceiveMail' entry is set to false then no mail will be sent.
* @param $receiver if integer, then it refers to the id of the user to whom we want to mail, if it's a string(email-address) then we will use that.
* @param $ticketObj the ticket object itself, this is being used for including ticket related information into the email.
* @param $content the content of a reply or new ticket
* @param $type REPLY, NEW, WARNAUTHOR, WARNSENDER, WARNUNKNOWNSENDER
* @param $sender (default = 0 (if it is not forwarded)) else use the id of the support group to which the ticket is currently forwarded, the support groups email address will be used to send the ticket.
*/
public static function send_ticketing_mail($receiver, $ticketObj, $content, $type, $sender = 0)
{
global $TICKET_MAILING_SUPPORT;
if ($TICKET_MAILING_SUPPORT) {
global $MAIL_LOG_PATH;
//error_log("Receiver: {$receiver}, content: {$content}, type: {$type}, SendingId: {$sender} \n", 3, $MAIL_LOG_PATH);
if ($sender == 0) {
//if it is not forwarded (==public == which returns 0) then make it NULL which is needed to be placed in the DB.
$sender = NULL;
}
global $AMS_TRANS;
if (is_numeric($receiver)) {
$webUser = new WebUsers($receiver);
$lang = $webUser->getLanguage();
} else {
global $DEFAULT_LANGUAGE;
$lang = $DEFAULT_LANGUAGE;
}
$variables = parse_ini_file($AMS_TRANS . '/' . $lang . '.ini', true);
$mailText = array();
foreach ($variables['email'] as $key => $value) {
$mailText[$key] = $value;
}
switch ($type) {
case "REPLY":
$webUser = new WebUsers($receiver);
if ($webUser->getReceiveMail()) {
$subject = $mailText['email_subject_new_reply'] . $ticketObj->getTId() . "]";
$txt = $mailText['email_body_new_reply_1'] . $ticketObj->getTId() . $mailText['email_body_new_reply_2'] . $ticketObj->getTitle() . $mailText['email_body_new_reply_3'] . $content . $mailText['email_body_new_reply_4'];
self::send_mail($receiver, $subject, $txt, $ticketObj->getTId(), $sender);
}
break;
case "NEW":
$webUser = new WebUsers($receiver);
if ($webUser->getReceiveMail()) {
$subject = $mailText['email_subject_new_ticket'] . $ticketObj->getTId() . "]";
$txt = $mailText['email_body_new_ticket_1'] . $ticketObj->getTId() . $mailText['email_body_new_ticket_2'] . $ticketObj->getTitle() . $mailText['email_body_new_ticket_3'] . $content . $mailText['email_body_new_ticket_4'];
self::send_mail($receiver, $subject, $txt, $ticketObj->getTId(), $sender);
}
break;
case "WARNAUTHOR":
if (is_numeric($sender)) {
$sender = Ticket_User::get_email_by_user_id($sender);
}
$subject = $mailText['email_subject_warn_author'] . $ticketObj->getTId() . "]";
$txt = $mailText['email_body_warn_author_1'] . $ticketObj->getTitle() . $mailText['email_body_warn_author_2'] . $sender . $mailText['email_body_warn_author_3'] . $sender . $mailText['email_body_warn_author_4'];
self::send_mail($receiver, $subject, $txt, $ticketObj->getTId(), NULL);
break;
case "WARNSENDER":
$subject = $mailText['email_subject_warn_sender'];
$txt = $mailText['email_body_warn_sender'];
self::send_mail($receiver, $subject, $txt, $ticketObj->getTId(), NULL);
break;
case "WARNUNKNOWNSENDER":
$subject = $mailText['email_subject_warn_unknown_sender'];
$txt = $mailText['email_body_warn_unknown_sender'];
self::send_mail($receiver, $subject, $txt, $ticketObj->getTId(), NULL);
break;
}
}
}
/**
* This function is beign used to change the users password.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* If the executing user tries to change someone elses password, he doesn't has to fill in the previous password. The password will be validated first. If the checking was successful the password will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_password()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
$adminChangesOther = false;
//if target_id is the same as session id or is admin
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the password is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if the password is of someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
//isAdmin is true when it's the admin, but the target_id != own id
$adminChangesOther = true;
$_POST["CurrentPass"] = "******";
}
$webUser = new WebUsers($_POST['target_id']);
$params = array('user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
$result = $webUser->check_change_password($params);
if ($result == "success") {
//edit stuff into db
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$succresult = settings();
$status = WebUsers::setPassword($target_username, $_POST["NewPass"]);
if ($status == 'ok') {
$succresult['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$succresult['SUCCESS_PASS'] = "******";
}
}
$succresult['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$succresult['no_visible_elements'] = 'FALSE';
$succresult['username'] = $_SESSION['user'];
$succresult['target_id'] = $_POST['target_id'];
helpers::loadtemplate('settings', $succresult);
throw new SystemExit();
} else {
$result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
$result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
$result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$settings = settings();
$result = array_merge($result, $settings);
helpers::loadtemplate('settings', $result);
throw new SystemExit();
}
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* return the attachments list
* @param $ticket_id the id of the ticket.
* @return a ticket_reply object.
*/
public static function getAttachments($ticket_id)
{
$dbl = new DBLayer("lib");
$statement = $dbl->select("`ticket_attachments`", array('ticket_TId' => $ticket_id), "`ticket_TId` =:ticket_TId ORDER BY Timestamp DESC");
$fetchall = $statement->fetchall();
$base = 0;
foreach ($fetchall as &$value) {
$webUser = new WebUsers($value['Uploader']);
$fetchall[$base]['Username'] = $webUser->getUsername();
$bytes = $fetchall[$base]['Filesize'];
$precision = 2;
$units = array('B', 'KB', 'MB', 'GB', 'TB');
$bytes = max($bytes, 0);
$pow = floor(($bytes ? log($bytes) : 0) / log(1024));
$pow = min($pow, count($units) - 1);
$bytes /= pow(1024, $pow);
$fetchall[$base]['Filesize'] = round($bytes, $precision) . ' ' . $units[$pow];
$base++;
}
return $fetchall;
}
