public function update() { $_GET['edit'] = (int) $_GET['edit']; mysql_query("UPDATE `" . DB_PREFIX . "departments` SET\n `name` = '" . mswSafeImportString($_POST['name']) . "',\n `showDept` = '" . (isset($_POST['showDept']) ? 'yes' : 'no') . "',\n `dept_subject` = '" . mswSafeImportString($_POST['dept_subject']) . "',\n `dept_comments` = '" . mswSafeImportString($_POST['dept_comments']) . "',\n `manual_assign` = '" . (isset($_POST['manual_assign']) ? 'yes' : 'no') . "'\n WHERE `id` = '{$_GET['edit']}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); // If manual assign is not set, remove from any tickets.. if (isset($_POST['manual_assign']) && $_POST['manual_assign'] == 'no') { mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n `assignedto` = ''\n WHERE `department` = '{$_GET['edit']}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); } }
public function editCustomField() { // Defaults if not set.. $_POST['fieldType'] = isset($_POST['fieldType']) && in_array($_POST['fieldType'], array('textarea', 'input', 'select', 'checkbox')) ? $_POST['fieldType'] : 'input'; $_POST['fieldReq'] = isset($_POST['fieldReq']) ? 'yes' : 'no'; $_POST['repeatPref'] = isset($_POST['repeatPref']) ? 'yes' : 'no'; $_POST['enField'] = isset($_POST['enField']) ? 'yes' : 'no'; $dept = empty($_POST['dept']) ? implode(',', $_POST['deptall']) : implode(',', $_POST['dept']); if (empty($_POST['fieldLoc'])) { $_POST['fieldLoc'][] = 'ticket'; } if ((int) $_GET['edit'] > 0) { mysql_query("UPDATE `" . DB_PREFIX . "cusfields` SET\n `fieldInstructions` = '" . mswSafeImportString($_POST['fieldInstructions']) . "',\n `fieldType` = '{$_POST['fieldType']}',\n `fieldReq` = '{$_POST['fieldReq']}',\n `fieldOptions` = '" . mswSafeImportString($_POST['fieldOptions']) . "',\n `fieldLoc` = '" . implode(',', $_POST['fieldLoc']) . "',\n `repeatPref` = '{$_POST['repeatPref']}',\n `enField` = '{$_POST['enField']}',\n `departments` = '{$dept}'\n WHERE `id` = '{$_GET['edit']}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); } }
public function updateB8() { $_POST['tokens'] = (int) $_POST['tokens']; $_POST['min_size'] = (int) $_POST['min_size']; $_POST['max_size'] = (int) $_POST['max_size']; $_POST['learning'] = isset($_POST['learning']) ? 'yes' : 'no'; $_POST['num_parse'] = isset($_POST['num_parse']) ? 'yes' : 'no'; $_POST['uri_parse'] = isset($_POST['uri_parse']) ? 'yes' : 'no'; $_POST['html_parse'] = isset($_POST['html_parse']) ? 'yes' : 'no'; $_POST['multibyte'] = isset($_POST['multibyte']) ? 'yes' : 'no'; mysql_query("UPDATE `" . DB_PREFIX . "imap_b8` SET\n `tokens` = '{$_POST['tokens']}',\n `min_size` = '{$_POST['min_size']}',\n `max_size` = '{$_POST['max_size']}',\n `min_dev` = '" . mswSafeImportString($_POST['min_dev']) . "',\n `x_constant` = '" . mswSafeImportString($_POST['x_constant']) . "',\n `s_constant` = '" . mswSafeImportString($_POST['s_constant']) . "',\n `learning` = '{$_POST['learning']}',\n `num_parse` = '{$_POST['num_parse']}',\n `uri_parse` = '{$_POST['uri_parse']}',\n `html_parse` = '{$_POST['html_parse']}',\n `multibyte` = '{$_POST['multibyte']}',\n `encoder` = '" . mswSafeImportString($_POST['encoder']) . "',\n `skipFilters` = '" . mswSafeImportString($_POST['skipFilters']) . "'\n "); // Are we clearing the learning filters? if (isset($_POST['reset'])) { // Reset older than X days or truncate all? if (isset($_POST['reset_days']) && (int) $_POST['reset_days'] > 0) { $days = (int) $_POST['reset_days']; mysql_query("DELETE FROM `" . DB_PREFIX . "imap_b8_filter` \n\t WHERE DATEDIFF(NOW(),DATE(FROM_UNIXTIME(`ts`))) >= " . $days . "\n\t AND `token` NOT IN('b8*dbversion','b8*texts')\n\t "); } else { mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "imap_b8_filter`"); mysql_query("INSERT INTO `" . DB_PREFIX . "imap_b8_filter` (`token`,`count_ham`,`ts`) values ('b8*dbversion', '" . B8_VERSION . "','0')"); mysql_query("INSERT INTO `" . DB_PREFIX . "imap_b8_filter` (`token`,`count_ham`,`count_spam`,`ts`) values ('b8*texts', '0', '0','0')"); } } else { // Anything to classify? if ($_POST['add-to']) { // Load the b8 class.. include REL_PATH . 'control/lib/b8/call_b8.php'; switch ($_POST['classify']) { case 'spam': $MSB8->learn(htmlspecialchars($_POST['add-to']), b8::SPAM); break; case 'ham': $MSB8->learn(htmlspecialchars($_POST['add-to']), b8::HAM); break; } } } }
function mswManSchemaFix($s) { if ($s->email == '' && $s->scriptpath == '' && $s->attachpath == '' && $s->attachhref == '') { $hdeskPath = 'http://www.example.com/helpdesk'; if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['PHP_SELF'])) { $hdeskPath = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, -10); } $hdeskPathAtt = $hdeskPath . '/content/attachments'; $hdeskPathFaq = $hdeskPath . '/content/attachments-faq'; $attachPath = mswSafeImportString(PATH . 'content/attachments'); $attFaqPath = mswSafeImportString(PATH . 'content/attachments-faq'); $apiKey = strtoupper(substr(md5(uniqid(rand(), 1)), 3, 10) . '-' . substr(md5(uniqid(rand(), 1)), 3, 8)); mysql_query("UPDATE `" . DB_PREFIX . "settings` SET\n `website` = 'My Help Desk',\n `email` = '*****@*****.**',\n `scriptpath` = '{$hdeskPath}',\n `attachpath` = '{$attachPath}',\n\t`attachhref` = '{$hdeskPathAtt}',\n\t`attachpathfaq` = '{$attFaqPath}',\n\t`attachhreffaq` = '{$hdeskPathFaq}',\n `adminFooter` = 'To add your own footer code, click "Settings & Tools > Other Options > Edit Footers"',\n `publicFooter` = 'To add your own footer code, click "Settings & Tools > Other Options > Edit Footers"',\n `prodKey` = '" . mswProdKeyGen() . "',\n `encoderVersion` = '" . (function_exists('ioncube_loader_version') ? ioncube_loader_version() : 'XX') . "',\n `softwareVersion` = '" . SCRIPT_VERSION . "',\n\t`apiKey` = '{$apiKey}'\n LIMIT 1\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); // Insert user.. if (mswRowCount('users') == 0) { mysql_query("INSERT INTO `" . DB_PREFIX . "users` (\n `id`, `ts`, `name`, `email`, `accpass`, `signature`, `notify`, `pageAccess`, `emailSigs`, `notePadEnable`, `delPriv`,\n `nameFrom`, `emailFrom`, `assigned`, `timezone`\n ) VALUES (\n 1, UNIX_TIMESTAMP(UTC_TIMESTAMP), 'admin', '*****@*****.**', '" . md5(SECRET_KEY . 'admin') . "', '', 'yes', '', 'no', 'yes', 'yes',\n '', '', 'no', 'Europe/London'\n )"); } else { mysql_query("UPDATE `" . DB_PREFIX . "users` SET\n\t `accpass` = '" . md5(SECRET_KEY . 'admin') . "'\n\t WHERE `id` = '1'\n\t "); } // Page reload.. header("Location: index.php"); exit; } }
public function updateResponse() { $ID = (int) $_GET['edit']; $dept = empty($_POST['dept']) ? implode(',', $_POST['deptall']) : implode(',', $_POST['dept']); mysql_query("UPDATE `" . DB_PREFIX . "responses` SET\n `ts` = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n `title` = '" . mswSafeImportString($_POST['title']) . "',\n `answer` = '" . mswSafeImportString($_POST['answer']) . "',\n `departments` = '" . mswSafeImportString($dept) . "',\n `enResponse` = '" . (isset($_POST['enResponse']) ? 'yes' : 'no') . "'\n WHERE `id` = '{$ID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); }
// Load the skip words array.. include PATH . 'control/skipwords.php'; // Variables.. $limitvalue = $page * $SETTINGS->quePerPage - $SETTINGS->quePerPage; $pageNumbers = ''; $html = ''; $title = $msg_pkbase; $dataCount = 0; // Build search query.. $SQL = ''; if ($_GET['q']) { $chop = array_map('trim', explode(' ', $_GET['q'])); if (!empty($chop)) { foreach ($chop as $word) { if (!in_array($word, $searchSkipWords)) { $SQL .= (!$SQL ? 'WHERE (' : 'OR (') . "`question` LIKE '%" . mswCleanData(mswSafeImportString($word)) . "%' OR `answer` LIKE '%" . mswCleanData(mswSafeImportString($word)) . "%')"; } } } // Are we searching for anything.. if ($SQL) { $html = $FAQ->questions(0, $limitvalue, $SETTINGS, array($SQL, 'no')); $dataCount = $FAQ->questions(0, $limitvalue, $SETTINGS, array($SQL, 'yes')); } } // Pagination.. if ($dataCount > $SETTINGS->quePerPage) { define('PER_PAGE', $SETTINGS->quePerPage); $PTION = new pagination($dataCount, '?q=' . urlencode($_GET['q']) . mswQueryParams(array('q', 'p', 'next')) . '&next='); $pageNumbers = $PTION->display(); }
case 'login': $redr = 'index.php?p=dashboard'; // If login limit and ban time is enabled, check first.. if ($SETTINGS->loginLimit > 0) { $ban = $MSACC->checkban($SETTINGS, $MSDT); if ($ban == 'fail') { $json = array('status' => 'err', 'field' => 'email', 'msg' => $msg_public_login4); } } if (!isset($json['status']) && isset($_POST['email'], $_POST['pass']) && $_POST['email'] && $_POST['pass']) { // Check for valid e-mail.. if (!mswIsValidEmail($_POST['email'])) { $json = array('status' => 'err', 'field' => 'email', 'msg' => $msg_main13); } else { // Now check account.. $ACC = mswGetTableData('portal', 'email', mswSafeImportString($_POST['email']), 'AND `userPass` = \'' . md5(SECRET_KEY . $_POST['pass']) . '\' AND `verified` = \'yes\''); if (isset($ACC->email)) { // Check access.. if ($ACC->enabled == 'yes') { $_SESSION[md5(SECRET_KEY) . '_msw_support'] = $ACC->email; // Ticket/dispute redirection.. if (isset($_SESSION['ticketAccessID']) && (int) $_SESSION['ticketAccessID'] > 0) { $redr = 'index.php?t=' . $_SESSION['ticketAccessID']; unset($_SESSION['ticketAccessID']); } if (isset($_SESSION['disputeAccessID']) && (int) $_SESSION['disputeAccessID'] > 0) { $redr = 'index.php?d=' . $_SESSION['disputeAccessID']; unset($_SESSION['disputeAccessID']); } if (isset($_SESSION['redirectPage'])) { $redr = 'index.php?p=open';
public function folders($staff) { $deleted = 0; $folders = array("'inbox'", "'outbox'", "'bin'"); // Existing.. if (!empty($_POST['folder'])) { // Update.. foreach ($_POST['folder'] as $fK => $fV) { mysql_query("UPDATE `" . DB_PREFIX . "mailfolders` SET\n `folder` = '" . mswSafeImportString($fV) . "'\n WHERE `id` = '{$fK}'\n\t AND `staffID` = '{$staff}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $folders[] = "'" . $fK . "'"; } // Delete messages if folder no longer exists.. if (!empty($folders)) { mysql_query("DELETE FROM `" . DB_PREFIX . "mailassoc`\n\t WHERE `staffID` = '{$staff}'\n\t AND `folder` NOT IN(" . implode(',', $folders) . ")\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $deleted = mysql_affected_rows(); if (mswRowCount('mailassoc') == 0) { @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "mailassoc`"); } // Now delete folders not in array.. mysql_query("DELETE FROM `" . DB_PREFIX . "mailfolders`\n\t WHERE `staffID` = '{$staff}'\n\t AND `id` NOT IN(" . implode(',', $folders) . ")\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); if (mswRowCount('mailfolders') == 0) { @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "mailfolders`"); } } } // New.. if (!empty($_POST['new'])) { foreach ($_POST['new'] as $fV) { if ($fV) { mysql_query("INSERT INTO `" . DB_PREFIX . "mailfolders` (\n `staffID`,\n `folder`\n ) VALUES (\n '{$staff}',\n '" . mswSafeImportString($fV) . "'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); } } } return $deleted; }
if (isset($_GET['keys'])) { // Filters.. if ($_GET['keys']) { $_GET['keys'] = mswSafeImportString(strtolower($_GET['keys'])); $filters[] = "LOWER(`" . DB_PREFIX . "portal`.`name`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "portal`.`email`) LIKE '%" . $_GET['keys'] . "%' OR LOWER(`" . DB_PREFIX . "portal`.`notes`) LIKE '%" . $_GET['keys'] . "%'"; } if (isset($_GET['ip']) && $_GET['ip']) { $filters[] = "`ip` = '" . mswSafeImportString($_GET['ip']) . "'"; } if (isset($_GET['from'], $_GET['to']) && $_GET['from'] && $_GET['to']) { $from = $MSDT->mswDatePickerFormat($_GET['from']); $to = $MSDT->mswDatePickerFormat($_GET['to']); $filters[] = "DATE(FROM_UNIXTIME(`ts`)) BETWEEN '{$from}' AND '{$to}'"; } if (isset($_GET['timezone']) && $_GET['timezone']) { $filters[] = "`timezone` = '" . mswSafeImportString($_GET['timezone']) . "'"; } if (isset($_GET['status']) && in_array($_GET['status'], array('yes', 'no'))) { $filters[] = "`enabled` = '{$_GET['status']}'"; } if (isset($_GET['c1'], $_GET['c2']) && $_GET['c2'] > 0) { $_GET['c1'] = (int) $_GET['c1']; $_GET['c2'] = (int) $_GET['c2']; $filters[] = "(SELECT count(*) FROM `" . DB_PREFIX . "tickets` WHERE `" . DB_PREFIX . "portal`.`email` = `" . DB_PREFIX . "tickets`.`email` AND `spamFlag` = 'no') BETWEEN '{$_GET['c1']}' AND '{$_GET['c2']}'"; } // Build search string.. if (!empty($filters)) { for ($i = 0; $i < count($filters); $i++) { $searchParams .= ($i ? ' AND (' : 'WHERE (') . $filters[$i] . ')'; } }
<?php if (!defined('PARENT')) { exit; } include PATH . 'templates/system/tickets/global/order-by.php'; include PATH . 'templates/system/tickets/global/filter-by.php'; $dis = array(); $SQL = ''; if (isset($_GET['keys'])) { $_GET['keys'] = mswSafeImportString(strtolower($_GET['keys'])); $SQL = 'AND (LOWER(`' . DB_PREFIX . 'tickets`.`subject`) LIKE \'%' . $_GET['keys'] . '%\' OR LOWER(`' . DB_PREFIX . 'tickets`.`comments`) LIKE \'%' . $_GET['keys'] . '%\')'; } // Disputes.. if ($SETTINGS->disputes == 'yes' && isset($_GET['disputes'])) { // Disputes in other tickets.. $qD = mysql_query("SELECT `ticketID` FROM `" . DB_PREFIX . "disputes` \n WHERE `visitorID` = '{$ACC->id}'\n\t GROUP BY `ticketID`\n\t ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); while ($DP = mysql_fetch_object($qD)) { $dis[] = $DP->ticketID; } // Disputes from started tickets.. $qD2 = mysql_query("SELECT `id` FROM `" . DB_PREFIX . "tickets` \n WHERE `visitorID` = '{$ACC->id}'\n\t\t AND `isDisputed` = 'yes'\n\t\t AND `spamFlag` = 'no'\n\t ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); while ($DP2 = mysql_fetch_object($qD2)) { $dis[] = $DP2->id; } } $q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n `" . DB_PREFIX . "tickets`.`id` AS `ticketID`,\n\t `" . DB_PREFIX . "portal`.`name` AS `ticketName`,\n\t `" . DB_PREFIX . "tickets`.`ts` AS `ticketStamp`,\n\t `" . DB_PREFIX . "departments`.`name` AS `deptName`,\n\t `" . DB_PREFIX . "levels`.`name` AS `levelName`,\n\t (SELECT count(*) FROM `" . DB_PREFIX . "disputes` \n\t WHERE `" . DB_PREFIX . "disputes`.`ticketID` = `" . DB_PREFIX . "tickets`.`id`\n\t ) AS `disputeCount`\n\t FROM `" . DB_PREFIX . "tickets` \n LEFT JOIN `" . DB_PREFIX . "departments`\n\t ON `" . DB_PREFIX . "tickets`.`department` = `" . DB_PREFIX . "departments`.`id`\n\t LEFT JOIN `" . DB_PREFIX . "portal`\n\t ON `" . DB_PREFIX . "tickets`.`visitorID` = `" . DB_PREFIX . "portal`.`id`\n\t LEFT JOIN `" . DB_PREFIX . "levels`\n\t ON `" . DB_PREFIX . "tickets`.`priority` = `" . DB_PREFIX . "levels`.`id`\n\t OR `" . DB_PREFIX . "tickets`.`priority` = `" . DB_PREFIX . "levels`.`marker`\n " . (empty($dis) ? 'WHERE `' . DB_PREFIX . 'portal`.`email` = \'' . $ACC->email . '\'' : '') . "\n\t " . (!empty($dis) ? 'WHERE `' . DB_PREFIX . 'tickets`.`id` IN(' . implode(',', $dis) . ')' : '') . "\n\t {$SQL}\n\t AND `spamFlag` = 'no'\n " . $filterBy . mswSQLDepartmentFilter($ticketFilterAccess) . "\n " . $orderBy . "\n LIMIT {$limitvalue},{$limit}\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`")); $countedRows = isset($c->rows) ? $c->rows : '0'; $searchBoxUrl = 'acchistory&id=' . $_GET['id'] . (isset($_GET['disputes']) ? '&disputes=yes' : ''); ?>
public function updateSettings() { $_POST = mswMultiDimensionalArrayMap('mswSafeImportString', $_POST); // Defaults if not set.. $_POST['attachment'] = isset($_POST['attachment']) ? 'yes' : 'no'; $_POST['rename'] = isset($_POST['rename']) ? 'yes' : 'no'; $_POST['weekStart'] = isset($_POST['weekStart']) && in_array($_POST['weekStart'], array('sun', 'mon')) ? $_POST['weekStart'] : 'sun'; $_POST['enSpamSum'] = isset($_POST['enSpamSum']) && in_array($_POST['enSpamSum'], array('yes', 'no')) ? $_POST['enSpamSum'] : 'yes'; $_POST['enableBBCode'] = isset($_POST['enableBBCode']) ? 'yes' : 'no'; $_POST['disputes'] = isset($_POST['disputes']) ? 'yes' : 'no'; $_POST['multiplevotes'] = isset($_POST['multiplevotes']) ? 'yes' : 'no'; $_POST['enableVotes'] = isset($_POST['enableVotes']) ? 'yes' : 'no'; $_POST['enCapLogin'] = isset($_POST['enCapLogin']) ? 'yes' : 'no'; $_POST['sysstatus'] = isset($_POST['sysstatus']) ? 'yes' : 'no'; $_POST['autoenable'] = $_POST['autoenable'] ? $this->datetime->mswDatePickerFormat($_POST['autoenable']) : '0000-00-00'; $_POST['kbase'] = isset($_POST['kbase']) ? 'yes' : 'no'; $_POST['scriptpath'] = systemSettings::filterInstallationPath($_POST['scriptpath']); $_POST['attachpath'] = systemSettings::filterInstallationPath($_POST['attachpath']); $_POST['attachhref'] = systemSettings::filterInstallationPath($_POST['attachhref']); $_POST['attachpathfaq'] = systemSettings::filterInstallationPath($_POST['attachpathfaq']); $_POST['attachhreffaq'] = systemSettings::filterInstallationPath($_POST['attachhreffaq']); $_POST['imap_param'] = $_POST['imap_param'] ? $_POST['imap_param'] : 'pipe'; $_POST['renamefaq'] = isset($_POST['renamefaq']) ? 'yes' : 'no'; $_POST['smtp_debug'] = isset($_POST['smtp_debug']) ? 'yes' : 'no'; $_POST['createPref'] = isset($_POST['createPref']) ? 'yes' : 'no'; $_POST['createAcc'] = isset($_POST['createAcc']) ? 'yes' : 'no'; $_POST['ticketHistory'] = isset($_POST['ticketHistory']) ? 'yes' : 'no'; $_POST['closenotify'] = isset($_POST['closenotify']) ? 'yes' : 'no'; $_POST['accProfNotify'] = isset($_POST['accProfNotify']) ? 'yes' : 'no'; $_POST['newAccNotify'] = isset($_POST['newAccNotify']) ? 'yes' : 'no'; $_POST['enableLog'] = isset($_POST['enableLog']) ? 'yes' : 'no'; $_POST['enableMail'] = isset($_POST['enableMail']) ? 'yes' : 'no'; $_POST['imap_debug'] = isset($_POST['imap_debug']) ? 'yes' : 'no'; $_POST['apiLog'] = isset($_POST['apiLog']) ? 'yes' : 'no'; $_POST['disputeAdminStop'] = isset($_POST['disputeAdminStop']) ? 'yes' : 'no'; // Enforce digits.. $_POST['maxsize'] = (int) $_POST['maxsize'] > 0 ? $_POST['maxsize'] : '0'; $_POST['popquestions'] = (int) $_POST['popquestions'] > 0 ? $_POST['popquestions'] : '10'; $_POST['quePerPage'] = (int) $_POST['quePerPage'] > 0 ? $_POST['quePerPage'] : '10'; $_POST['cookiedays'] = (int) $_POST['cookiedays'] > 0 ? $_POST['cookiedays'] : '60'; $_POST['attachboxes'] = (int) $_POST['attachboxes'] > 0 ? $_POST['attachboxes'] : '1'; $_POST['autoClose'] = (int) $_POST['autoClose'] > 0 ? $_POST['autoClose'] : '0'; $_POST['smtp_port'] = (int) $_POST['smtp_port'] > 0 ? $_POST['smtp_port'] : '25'; $_POST['loginLimit'] = (int) $_POST['loginLimit'] > 0 ? $_POST['loginLimit'] : '0'; $_POST['banTime'] = (int) $_POST['banTime'] > 0 ? $_POST['banTime'] : '25'; $_POST['minPassValue'] = (int) $_POST['minPassValue'] > 0 ? $_POST['minPassValue'] : '8'; $_POST['minTickDigits'] = (int) $_POST['minTickDigits'] > 0 ? $_POST['minTickDigits'] : '5'; $_POST['imap_timeout'] = (int) $_POST['imap_timeout'] > 0 ? $_POST['imap_timeout'] : '0'; $_POST['imap_memory'] = (int) $_POST['imap_memory'] > 0 ? $_POST['imap_memory'] : '0'; // Restrictions.. if (LICENCE_VER == 'locked') { $_POST['attachboxes'] = RESTR_ATTACH; $_POST['adminFooter'] = 'To add your own footer code, click "Settings & Tools > Other Options > Edit Footers"'; $_POST['publicFooter'] = 'To add your own footer code, click "Settings & Tools > Other Options > Edit Footers"'; } // Serialized data.. $langSets = !empty($_POST['templateSet']) ? serialize($_POST['templateSet']) : ''; if ($_POST['defKeepLogs']['user'] == '') { $_POST['defKeepLogs']['user'] = '******'; } if ($_POST['defKeepLogs']['acc'] == '') { $_POST['defKeepLogs']['acc'] = '0'; } $defLog = !empty($_POST['defKeepLogs']) ? serialize($_POST['defKeepLogs']) : ''; $handlers = !empty($_POST['apiHandlers']) ? implode(',', $_POST['apiHandlers']) : ''; mysql_query("UPDATE `" . DB_PREFIX . "settings` SET\n `website` = '{$_POST['website']}',\n `email` = '{$_POST['email']}',\n `replyto` = '{$_POST['replyto']}',\n `scriptpath` = '{$_POST['scriptpath']}',\n `attachpath` = '{$_POST['attachpath']}',\n `attachhref` = '{$_POST['attachhref']}',\n `attachpathfaq` = '{$_POST['attachpathfaq']}',\n `attachhreffaq` = '{$_POST['attachhreffaq']}',\n `language` = '{$_POST['language']}',\n `langSets` = '" . mswSafeImportString($langSets) . "',\n `dateformat` = '{$_POST['dateformat']}',\n `timeformat` = '{$_POST['timeformat']}',\n `timezone` = '{$_POST['timezone']}',\n `weekStart` = '{$_POST['weekStart']}',\n `jsDateFormat` = '{$_POST['jsDateFormat']}',\n `kbase` = '{$_POST['kbase']}',\n `enableVotes` = '{$_POST['enableVotes']}',\n `multiplevotes` = '{$_POST['multiplevotes']}',\n `popquestions` = '{$_POST['popquestions']}',\n `quePerPage` = '{$_POST['quePerPage']}',\n `cookiedays` = '{$_POST['cookiedays']}',\n `renamefaq` = '{$_POST['renamefaq']}',\n `attachment` = '{$_POST['attachment']}',\n `rename` = '{$_POST['rename']}',\n `attachboxes` = '{$_POST['attachboxes']}',\n `filetypes` = '{$_POST['filetypes']}',\n `maxsize` = '{$_POST['maxsize']}',\n `enableBBCode` = '{$_POST['enableBBCode']}',\n `afolder` = '{$_POST['afolder']}',\n `autoClose` = '{$_POST['autoClose']}',\n `smtp_host` = '{$_POST['smtp_host']}',\n `smtp_user` = '{$_POST['smtp_user']}',\n `smtp_pass` = '{$_POST['smtp_pass']}',\n `smtp_port` = '{$_POST['smtp_port']}',\n `smtp_security` = '{$_POST['smtp_security']}',\n `smtp_debug` = '{$_POST['smtp_debug']}',\n `adminFooter` = '{$_POST['adminFooter']}',\n `publicFooter` = '{$_POST['publicFooter']}',\n `apiKey` = '{$_POST['apiKey']}',\n `apiLog` = '{$_POST['apiLog']}',\n `apiHandlers` = '{$handlers}',\n `recaptchaPrivateKey` = '{$_POST['recaptchaPrivateKey']}',\n `recaptchaPublicKey` = '{$_POST['recaptchaPublicKey']}',\n `enCapLogin` = '{$_POST['enCapLogin']}',\n `sysstatus` = '{$_POST['sysstatus']}',\n `autoenable` = '{$_POST['autoenable']}',\n `disputes` = '{$_POST['disputes']}',\n `offlineReason` = '{$_POST['offlineReason']}',\n `createPref` = '{$_POST['createPref']}',\n `createAcc` = '{$_POST['createAcc']}',\n `loginLimit` = '{$_POST['loginLimit']}',\n `banTime` = '{$_POST['banTime']}',\n `ticketHistory` = '{$_POST['ticketHistory']}',\n `closenotify` = '{$_POST['closenotify']}',\n `accProfNotify` = '{$_POST['accProfNotify']}',\n `minPassValue` = '{$_POST['minPassValue']}',\n `newAccNotify` = '{$_POST['newAccNotify']}',\n `recaptchaLang` = '{$_POST['recaptchaLang']}',\n `recaptchaTheme` = '{$_POST['recaptchaTheme']}',\n `enableLog` = '{$_POST['enableLog']}',\n `defKeepLogs` = '" . mswSafeImportString($defLog) . "',\n `minTickDigits` = '{$_POST['minTickDigits']}',\n `enableMail` = '{$_POST['enableMail']}',\n `imap_debug` = '{$_POST['imap_debug']}',\n `imap_param` = '{$_POST['imap_param']}',\n `imap_memory` = '{$_POST['imap_memory']}',\n `imap_timeout` = '{$_POST['imap_timeout']}',\n `disputeAdminStop` = '{$_POST['disputeAdminStop']}'\n WHERE `id` = '1'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); }
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This File: ticket-open.php Description: System File ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/ if (!defined('PARENT')) { $HEADERS->err403(true); } // Access.. if (!in_array($cmd, $userAccess) && $MSTEAM->id != '1') { $HEADERS->err403(true); } // Ticket preview message.. if (isset($_GET['loadTicketMessage']) && (int) $_GET['loadTicketMessage'] > 0) { $T = mswGetTableData('tickets', 'id', mswSafeImportString($_GET['loadTicketMessage'])); echo $MSPARSER->mswTxtParsingEngine($T->comments); exit; } // Department check for filter.. if (isset($_GET['dept'])) { if (mswDeptPerms($MSTEAM->id, $_GET['dept'], $userDeptAccess) == 'fail') { $HEADERS->err403(true); } } // Call relevant classes.. include_once REL_PATH . 'control/classes/class.tickets.php'; $MSPTICKETS = new tickets(); $MSPTICKETS->settings = $SETTINGS; $MSPTICKETS->datetime = $MSDT; $title = $msg_adheader5;
public function insert($ticketID, $fieldID, $replyID, $data) { mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n `ticketID`,`fieldID`,`replyID`,`fieldData`\n ) VALUES (\n '{$ticketID}','{$fieldID}','{$replyID}','" . mswSafeImportString($data) . "'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); }
<?php if (!defined('PARENT') || !isset($toLoad)) { exit; } $orderBy = 'ORDER BY `' . DB_PREFIX . 'mailbox`.`ts` DESC'; $keys = isset($_GET['keys']) ? $_GET['keys'] : ''; $searchSQL = ''; // Are we searching? if ($keys) { $searchSQL = 'AND (`' . DB_PREFIX . 'mailbox`.`subject` LIKE \'%' . mswSafeImportString($keys) . '%\' OR `' . DB_PREFIX . 'mailbox`.`message` LIKE \'%' . mswSafeImportString($keys) . '%\')'; } $q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n `" . DB_PREFIX . "mailbox`.`staffID` AS `starter`,\n\t `" . DB_PREFIX . "mailbox`.`ts` AS `mailStamp`,\n\t `" . DB_PREFIX . "mailassoc`.`mailID` AS `messageID`\n\t FROM `" . DB_PREFIX . "mailassoc`\n\t LEFT JOIN `" . DB_PREFIX . "mailbox`\n\t ON `" . DB_PREFIX . "mailassoc`.`mailID` = `" . DB_PREFIX . "mailbox`.`id`\n\t LEFT JOIN `" . DB_PREFIX . "users`\n\t ON `" . DB_PREFIX . "users`.`id` = `" . DB_PREFIX . "mailbox`.`staffID`\n\t WHERE `folder` = '{$toLoad}' \n AND `" . DB_PREFIX . "mailassoc`.`staffID` = '{$MSTEAM->id}'\n\t " . ($searchSQL ? $searchSQL . mswDefineNewline() . 'GROUP BY `' . DB_PREFIX . 'mailassoc`.`mailID`' : '') . "\n\t " . $orderBy . "\n LIMIT {$limitvalue},{$limit}\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`")); $countedRows = isset($c->rows) ? $c->rows : '0'; ?> <div class="content"> <div class="header"> <button class="btn search-bar-button" type="button" onclick="mswToggle('b1','b2','keys','mailbox')"><i class="icon-search" id="search-icon-button"></i></button> <h1 class="page-title"><?php echo $msg_adheader61; ?> (<?php echo $boxName; ?> )</h1> <span class="clearfix"></span>
public function getTicketID($subject, $email) { $ticketid = 0; if (preg_match("[[#][0-9]{1,12}]", $subject, $regs)) { $ticketid = mswReverseTicketNumber(trim(preg_replace('/[^0-9]/', '', $regs[0]))); $PORTAL = mswGetTableData('portal', 'email', mswSafeImportString($email), '', '`id`'); if (isset($PORTAL->id) && mswRowCount('tickets WHERE `id` = \'' . (int) $ticketid . '\' AND `visitorID` = \'' . $PORTAL->id . '\' AND `spamFlag` = \'no\'') > 0) { return array('yes', $ticketid); } } return array('no', 0); }
include_once REL_PATH . 'control/classes/class.fields.php'; include_once REL_PATH . 'control/classes/class.accounts.php'; $MSACC = new accounts(); $MSPORTAL = new accountSystem(); $MSPTICKETS = new tickets(); $MSCFMAN = new customFieldManager(); $MSACC->settings = $SETTINGS; $MSPTICKETS->settings = $SETTINGS; $MSPTICKETS->datetime = $MSDT; $MSPORTAL->settings = $SETTINGS; // Add ticket.. if (isset($_POST['process'])) { $OK = 'fail'; if ($_POST['subject'] && $_POST['comments'] && $_POST['name'] && mswIsValidEmail($_POST['email'])) { // Check if account exists for email address.. $PORTAL = mswGetTableData('portal', 'email', mswSafeImportString($_POST['email'])); // Check language.. if (isset($_PORTAL->id) && $PORTAL->language && file_exists(LANG_BASE_PATH . $PORTAL->language . '/mail-templates/admin-add-ticket.txt')) { $mailT = LANG_BASE_PATH . $PORTAL->language . '/mail-templates/admin-add-ticket.txt'; $pLang = $PORTAL->language; } else { $mailT = LANG_PATH . 'admin-add-ticket.txt'; } $pass = ''; // If portal account doesn`t exist, we need to create it.. if (!isset($PORTAL->id)) { $pass = $MSPORTAL->ms_generate(); $mailT = LANG_PATH . 'admin-add-ticket-new.txt'; $userID = $MSACC->add(array('name' => $_POST['name'], 'email' => $_POST['email'], 'userPass' => $pass, 'enabled' => 'yes', 'timezone' => '', 'ip' => '', 'notes' => '', 'language' => $SETTINGS->language)); } // Add ticket to database..
@mysql_query("update `" . DB_PREFIX . "settings` set `timezone` = '" . (isset($flip[$diff]) ? $flip[$diff] : 'Europe/London') . "'"); } else { @mysql_query("update `" . DB_PREFIX . "settings` set `timezone` = 'Europe/London'"); } } // v3.0 Changes.. mswUpgradeLog('< v3.0 updates completed...Starting settings updates for v3.0+'); // HTTP Paths.. $hdeskPath = 'http://www.example.com/helpdesk'; if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['PHP_SELF'])) { $hdeskPath = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], 'install') - 1); } $hdeskPathAtt = $hdeskPath . '/content/attachments'; $hdeskPathFaq = $hdeskPath . '/content/attachments-faq'; // Server Paths.. $attFaqPath = mswSafeImportString(substr(PATH, 0, strpos(PATH, 'install') - 1) . '/content/attachments-faq'); if (!isset($SETTINGS->disputes)) { @mysql_query("alter table `" . DB_PREFIX . "settings` add column `disputes` enum('yes','no') not null default 'no'"); if (mswRowCount('tickets WHERE `isDisputed` = \'yes\'') > 0) { @mysql_query("update `" . DB_PREFIX . "settings` set `disputes` = 'yes'"); } } if (isset($SETTINGS->smtp)) { @mysql_query("alter table `" . DB_PREFIX . "settings` drop column `smtp`"); } if (!isset($SETTINGS->smtp_security)) { @mysql_query("alter table `" . DB_PREFIX . "settings` add column `smtp_security` varchar(10) not null default '' after `smtp_port`"); } if (!isset($SETTINGS->smtp_debug)) { @mysql_query("alter table `" . DB_PREFIX . "settings` add column `smtp_debug` enum('yes','no') not null default 'no' after `smtp_security`"); }
<?php /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Script: Maian Support Written by: David Ian Bennett E-Mail: support@maianscriptworld.co.uk Software Website: http://www.maiansupport.com Script Portal: http://www.maianscriptworld.co.uk ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This File: user.php Description: Installer File ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/ if (!defined('PARENT')) { msw403(); } $data = array(); //========================= // INSTALL USER //========================= $q = mysql_query("INSERT INTO `" . DB_PREFIX . "users` (\n`id`, `ts`, `name`, `email`, `accpass`, `signature`, `notify`, `pageAccess`, `emailSigs`, `notePadEnable`, `delPriv`, `helplink`\n) VALUES (\n1, UNIX_TIMESTAMP(UTC_TIMESTAMP), '" . mswSafeImportString($_POST['user']) . "', '" . mswSafeImportString($_POST['email']) . "', \n'" . md5(SECRET_KEY . $_POST['pass']) . "', '', 'yes', '', 'no', 'yes', 'yes', 'yes'\n)"); if (!$q) { $data[] = DB_PREFIX . 'users'; mswlogDBError(DB_PREFIX . 'users', mysql_error(), mysql_errno(), __LINE__, __FILE__, 'Insert'); }
// HTTP Paths.. $hdeskPath = 'http://www.example.com/helpdesk'; if (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['PHP_SELF'])) { $hdeskPath = 'http' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], 'install') - 1); } $hdeskPathAtt = $hdeskPath . '/content/attachments'; $hdeskPathFaq = $hdeskPath . '/content/attachments-faq'; // Server Paths.. $attachPath = mswSafeImportString(substr(PATH, 0, strpos(PATH, 'install') - 1) . '/content/attachments'); $attFaqPath = mswSafeImportString(substr(PATH, 0, strpos(PATH, 'install') - 1) . '/content/attachments-faq'); // Other.. $defKeepLogs = mswSafeImportString('a:2:{s:4:"user";s:2:"50";s:3:"acc";s:2:"50";}'); $langSets = mswSafeImportString('a:1:{s:7:"english";s:12:"_default_set";}'); $apiKey = strtoupper(substr(md5(uniqid(rand(), 1)), 3, 10) . '-' . substr(md5(uniqid(rand(), 1)), 3, 8)); mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "settings`"); $q = mysql_query("INSERT INTO `" . DB_PREFIX . "settings` (\n`id`, `website`, `email`, `replyto`, `scriptpath`, `attachpath`, `attachhref`, `attachpathfaq`, `attachhreffaq`, \n`language`, `langSets`, `dateformat`, `timeformat`, `timezone`, `weekStart`, `jsDateFormat`, `kbase`, `enableVotes`, \n`multiplevotes`, `popquestions`, `quePerPage`, `cookiedays`, `renamefaq`, `attachment`, `rename`, `attachboxes`, \n`filetypes`, `maxsize`, `enableBBCode`, `afolder`, `autoClose`, `autoCloseMail`, `smtp_host`, `smtp_user`, `smtp_pass`, \n`smtp_port`, `smtp_security`, `smtp_debug`, `prodKey`, `publicFooter`, `adminFooter`, `encoderVersion`, `softwareVersion`, \n`apiKey`, `apiLog`, `apiHandlers`, `recaptchaPublicKey`, `recaptchaPrivateKey`, `enCapLogin`, `sysstatus`, `autoenable`, \n`disputes`, `offlineReason`, `createPref`, `createAcc`, `loginLimit`, `banTime`, `ticketHistory`, `backupEmails`, \n`closenotify`, `minPassValue`, `accProfNotify`, `newAccNotify`, `recaptchaTheme`, `recaptchaLang`, `enableLog`, \n`defKeepLogs`, `minTickDigits`, `enableMail`, `imap_debug`, `imap_param`, `imap_memory`, `imap_timeout`, \n`disputeAdminStop`\n) VALUES (\n1, '" . mswSafeImportString($_POST['website']) . "', '" . mswSafeImportString($_POST['email']) . "', '',\n'{$hdeskPath}', '{$attachPath}', '{$hdeskPathAtt}', '{$attFaqPath}', '{$hdeskPathFaq}', \n'english', '{$langSets}', 'd M Y', 'H:iA', '" . mswSafeImportString($_POST['timezone']) . "', 'sun', 'DD-MM-YYYY', 'yes', \n'yes', 'yes', 10, 10, 360, 'no', 'yes', 'yes', 5, '.jpg|.zip|.gif|.rar|.png|.pdf', 1048576, 'yes', \n'admin', 0, 'yes', '', '', '', 587, '', 'no', '{$prodKey}', '', '', '" . (function_exists('ioncube_loader_version') ? ioncube_loader_version() : 'XX') . "', \n'" . SCRIPT_VERSION . "', '{$apiKey}', 'yes', 'json,xml', '', '', 'yes', 'yes', '0000-00-00', 'no', '', 'no', 'yes', 5, 5, 'yes', '', 'no', 8, \n'yes', 'yes', 'white', 'en', 'yes', '{$defKeepLogs}', 5, 'yes', 'yes', 'pipe', '0', '0', 'no'\n)"); if (!$q) { $data[] = DB_PREFIX . 'settings'; mswlogDBError(DB_PREFIX . 'settings', mysql_error(), mysql_errno(), __LINE__, __FILE__, 'Insert'); } //========================= // INSTALL DEPARTMENTS //========================= $depts = array('General Tickets', 'Sales and Billing', 'Technical Support'); mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "departments`"); for ($i = 0; $i < count($depts); $i++) { $deptID = $i + 1; $q = mysql_query("INSERT INTO `" . DB_PREFIX . "departments` (\n `id`, `name`, `showDept`, `dept_subject`, `dept_comments`, `orderBy`, `manual_assign`\n ) VALUES (\n " . $deptID . ", '" . $depts[$i] . "', 'yes', '', '', '" . $deptID . "', 'no'\n )"); if (!$q) { $data[] = DB_PREFIX . 'departments'; mswlogDBError(DB_PREFIX . 'departments', mysql_error(), mysql_errno(), __LINE__, __FILE__, 'Insert ' . $deptID);
<?php if (!defined('PARENT')) { exit; } $from = isset($_GET['from']) && $MSDT->mswDatePickerFormat($_GET['from']) != '0000-00-00' ? $_GET['from'] : ''; $to = isset($_GET['to']) && $MSDT->mswDatePickerFormat($_GET['to']) != '0000-00-00' ? $_GET['to'] : ''; $type = isset($_GET['type']) && in_array($_GET['type'], array('user', 'acc')) ? $_GET['type'] : ''; $keys = ''; $where = array(); if (isset($_GET['q'])) { $chop = explode(' ', $_GET['q']); $words = ''; for ($i = 0; $i < count($chop); $i++) { $words .= ($i ? 'OR ' : 'WHERE (') . "`" . DB_PREFIX . "portal`.`name` LIKE '%" . mswSafeImportString($chop[$i]) . "%' OR `" . DB_PREFIX . "users`.`name` LIKE '%" . mswSafeImportString($chop[$i]) . "%' "; } if ($words) { $where[] = $words . ')'; } } if ($type) { $where[] = (!empty($where) ? 'AND ' : 'WHERE ') . '`type` = \'' . $type . '\''; } if ($from && $to) { $where[] = (!empty($where) ? 'AND ' : 'WHERE ') . 'DATE(FROM_UNIXTIME(`' . DB_PREFIX . 'log`.`ts`)) BETWEEN \'' . $MSDT->mswDatePickerFormat($from) . '\' AND \'' . $MSDT->mswDatePickerFormat($to) . '\''; } $q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n `" . DB_PREFIX . "log`.`ts` AS `lts`,\n\t\t\t `" . DB_PREFIX . "log`.`id` AS `logID`,\n\t\t\t `" . DB_PREFIX . "log`.`userID` AS `personID`,\n\t\t\t `" . DB_PREFIX . "log`.`ip` AS `entryLogIP`,\n\t\t\t `" . DB_PREFIX . "portal`.`name` AS `portalName`,\n\t\t\t `" . DB_PREFIX . "users`.`name` AS `userName`\n\t\t\t FROM `" . DB_PREFIX . "log`\n LEFT JOIN `" . DB_PREFIX . "users`\n ON `" . DB_PREFIX . "log`.`userID` = `" . DB_PREFIX . "users`.`id` \n\t\t\t LEFT JOIN `" . DB_PREFIX . "portal`\n ON `" . DB_PREFIX . "log`.`userID` = `" . DB_PREFIX . "portal`.`id` \n\t\t\t " . (!empty($where) ? implode(mswDefineNewline(), $where) : '') . "\n ORDER BY `" . DB_PREFIX . "log`.`id` DESC\n LIMIT {$limitvalue},{$limit}\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`")); $countedRows = isset($c->rows) ? $c->rows : '0'; $actualRows = mswRowCount('log'); // Export url..
public function ticketList($email, $lv, $count = false, $queryAdd = '') { global $msg_portal8, $msg_public_history7, $msg_portal7, $msg_portal21, $msg_showticket23, $msg_showticket24, $msg_script30, $msg_public_dashboard6, $msg_public_dashboard7; $data = ''; $sch = ''; $qft = array(); $oft = 'ORDER BY `' . DB_PREFIX . 'tickets`.`id` DESC'; // Check for search mode.. if (isset($_GET['qt'])) { // Load the skip words array.. include PATH . 'control/skipwords.php'; $chop = array_map('trim', explode(' ', urldecode($_GET['qt']))); if (!empty($chop)) { foreach ($chop as $word) { if (!in_array($word, $searchSkipWords) && strlen($word) > 1) { $word = strtolower($word); $sch .= (!$sch ? '' : 'OR ') . "LOWER(`subject`) LIKE '%" . mswSafeImportString(mswCleanData($word)) . "%' OR LOWER(`comments`) LIKE '%" . mswSafeImportString(mswCleanData($word)) . "%'"; } } if ($sch) { $qft[] = 'AND (' . $sch . ')'; } } } // Order filters.. if (isset($_GET['order'])) { switch ($_GET['order']) { // Subject (ascending).. case 'subject_asc': $oft = 'ORDER BY `subject`'; break; // Subject (descending).. // Subject (descending).. case 'subject_desc': $oft = 'ORDER BY `subject` desc'; break; // TicketID (ascending).. // TicketID (ascending).. case 'id_asc': $oft = 'ORDER BY `ticketID`'; break; // TicketID (descending).. // TicketID (descending).. case 'id_desc': $oft = 'ORDER BY `ticketID` desc'; break; // Priority (ascending).. // Priority (ascending).. case 'pr_asc': $oft = 'ORDER BY `levelName`'; break; // Priority (descending).. // Priority (descending).. case 'pr_desc': $oft = 'ORDER BY `levelName` desc'; break; // Department (ascending).. // Department (ascending).. case 'dept_asc': $oft = 'ORDER BY `deptName`'; break; // Department (descending).. // Department (descending).. case 'dept_desc': $oft = 'ORDER BY `deptName` desc'; break; // Date Updated (ascending).. // Date Updated (ascending).. case 'rev_asc': $oft = 'ORDER BY `lastrevision`'; break; // Date Updated (descending).. // Date Updated (descending).. case 'rev_desc': $oft = 'ORDER BY `lastrevision` desc'; break; // Date Added (ascending).. // Date Added (ascending).. case 'date_asc': $oft = 'ORDER BY `' . DB_PREFIX . 'tickets`.`ts`'; break; // Date Added (descending).. // Date Added (descending).. case 'date_desc': $oft = 'ORDER BY `' . DB_PREFIX . 'tickets`.`ts` desc'; break; } } // Service level and department filters.. if (isset($_GET['filter'])) { $qft[] = 'AND `priority` = \'' . mswSafeImportString($_GET['filter']) . '\''; } if (isset($_GET['dept'])) { $qft[] = 'AND `department` = \'' . mswSafeImportString($_GET['dept']) . '\''; } $lWrap = file_get_contents(PATH . 'content/' . MS_TEMPLATE_SET . '/html/tickets/tickets-last-reply-date.htm'); $q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n `" . DB_PREFIX . "tickets`.`id` AS `ticketID`,\n\t\t `" . DB_PREFIX . "tickets`.`ts` AS `ticketStamp`,\n\t `" . DB_PREFIX . "portal`.`name` AS `ticketName`,\n\t `" . DB_PREFIX . "departments`.`name` AS `deptName`,\n\t `" . DB_PREFIX . "levels`.`name` AS `levelName`\n\t\t FROM `" . DB_PREFIX . "tickets`\n\t\t LEFT JOIN `" . DB_PREFIX . "departments`\n\t ON `" . DB_PREFIX . "tickets`.`department` = `" . DB_PREFIX . "departments`.`id`\n\t\t LEFT JOIN `" . DB_PREFIX . "portal`\n\t ON `" . DB_PREFIX . "tickets`.`visitorID` = `" . DB_PREFIX . "portal`.`id`\n\t LEFT JOIN `" . DB_PREFIX . "levels`\n\t ON `" . DB_PREFIX . "tickets`.`priority` = `" . DB_PREFIX . "levels`.`id`\n\t OR `" . DB_PREFIX . "tickets`.`priority` = `" . DB_PREFIX . "levels`.`marker`\n WHERE `" . DB_PREFIX . "portal`.`email` = '{$email}'\n\t\t AND `isDisputed` = 'no'\n\t\t AND `spamFlag` = 'no'\n\t\t " . $queryAdd . "\n\t\t " . (!empty($qft) ? implode(mswDefineNewline(), $qft) : '') . "\n {$oft}\n\t\t LIMIT " . $lv[0] . "," . $lv[1] . "\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); if ($count) { $c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`")); return isset($c->rows) ? $c->rows : '0'; } while ($T = mysql_fetch_object($q)) { $last = tickets::getLastReply($T->ticketID); // Ticket starter.. $starter = mswSpecialChars($T->ticketName); $lastRep = ''; $replyBy = '- - - -'; if ($last[0] != '0') { $lastRep = str_replace(array('{date}', '{time}'), array($this->datetime->mswDateTimeDisplay($last[1], $this->settings->dateformat), $this->datetime->mswDateTimeDisplay($last[1], $this->settings->timeformat)), $lWrap); $replyBy = $last[0]; } $data .= str_replace(array('{ticket_id}', '{subject}', '{priority}', '{dept}', '{started_by}', '{url}', '{text_alt}', '{start_date}', '{start_time}', '{last_reply}', '{status}', '{icon}', '{users_in_dispute}', '{view}', '{last_reply_dashboard}'), array(mswTicketNumber($T->ticketID), mswSpecialChars($T->subject), tickets::levels($T->priority), $this->system->department($T->department, $msg_script30), $starter, '?t=' . $T->ticketID, mswCleanData($msg_portal8), $this->datetime->mswDateTimeDisplay($T->ticketStamp, $this->settings->dateformat), $this->datetime->mswDateTimeDisplay($T->ticketStamp, $this->settings->timeformat), $replyBy . $lastRep, $T->ticketStatus == 'open' ? $msg_showticket23 : $msg_showticket24, $T->ticketStatus == 'open' ? 'eye-open' : 'eye-close', '', $msg_public_dashboard6, tickets::dashboardStatus($T, 'no')), file_get_contents(PATH . 'content/' . MS_TEMPLATE_SET . '/html/tickets/' . ($queryAdd ? 'tickets-dashboard' : 'ticket-list-entry') . '.htm')); } return $data ? trim($data) : str_replace('{text}', $sch ? $msg_portal21 : ($queryAdd ? $msg_public_dashboard7 : $msg_portal7), file_get_contents(PATH . 'content/' . MS_TEMPLATE_SET . '/html/tickets/tickets-no-data.htm')); }
public function updateTicket() { $tickID = (int) $_GET['id']; $deptID = (int) $_POST['dept']; $rows = 0; mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n `lastrevision` = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n `department` = '{$deptID}',\n `subject` = '" . mswSafeImportString($_POST['subject']) . "',\n `comments` = '" . mswSafeImportString($_POST['comments']) . "',\n `priority` = '" . mswSafeImportString($_POST['priority']) . "'\n WHERE `id` = '{$tickID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $rows = $rows + mysql_affected_rows(); // Custom field data.. if (!empty($_POST['customField'])) { // Check to see if any checkboxes arrays are now blank.. // If there are, create empty array to prevent ommission in loop.. if (!empty($_POST['hiddenBoxes'])) { foreach ($_POST['hiddenBoxes'] as $hb) { if (!isset($_POST['customField'][$hb])) { $_POST['customField'][$hb] = array(); } } } foreach ($_POST['customField'] as $k => $v) { $data = ''; // If value is array, its checkboxes.. if (is_array($v)) { if (!empty($v)) { $data = implode('#####', $v); } } else { $data = $v; } $k = (int) $k; // If data exists, update or add entry.. // If blank or 'nothing-selected', delete if exists.. if ($data != '' && $data != 'nothing-selected') { if (mswRowCount('ticketfields WHERE `ticketID` = \'' . $tickID . '\' AND `fieldID` = \'' . $k . '\' AND `replyID` = \'0\'') > 0) { mysql_query("UPDATE `" . DB_PREFIX . "ticketfields` SET\n `fieldData` = '" . mswSafeImportString($data) . "'\n WHERE `ticketID` = '{$tickID}'\n AND `fieldID` = '{$k}'\n AND `replyID` = '0'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $rows = $rows + mysql_affected_rows(); } else { mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n `fieldData`,`ticketID`,`fieldID`,`replyID`\n ) VALUES (\n '" . mswSafeImportString($data) . "','{$tickID}','{$k}','0'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $rows = $rows + mysql_affected_rows(); } } else { mysql_query("DELETE FROM `" . DB_PREFIX . "ticketfields`\n WHERE `ticketID` = '{$tickID}'\n AND `fieldID` = '{$k}'\n AND `replyID` = '0'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $rows = $rows + mysql_affected_rows(); if (mswRowCount('ticketfields') == 0) { @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "ticketfields`"); } } } } // If department was changed, update attachments.. if ($deptID != $_POST['odeptid']) { mysql_query("UPDATE `" . DB_PREFIX . "attachments` SET\n `department` = '{$deptID}'\n WHERE `ticketID` = '{$tickID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); // Check assignment..If department has assign disabled, we need to clear assigned values from ticket.. if (mswRowCount('departments WHERE `id` = \'' . $deptID . '\' AND `manual_assign` = \'no\'') > 0) { mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n `assignedto` = ''\n WHERE `id` = '{$tickID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); } } return $rows; }
for ($i = 0; $i < $countOfTickets; $i++) { $name = trim($ticketData['tickets'][$i]['name']); $email = trim($ticketData['tickets'][$i]['email']); $deptID = trim($ticketData['tickets'][$i]['dept']); $subject = trim($ticketData['tickets'][$i]['subject']); $comments = trim($ticketData['tickets'][$i]['comments']); $priority = trim($ticketData['tickets'][$i]['priority']); $language = trim($ticketData['tickets'][$i]['language']); $attString = array(); $pLang = $language; // Add ticket.. if ($name && $email && $deptID > 0 && $subject && $comments && $priority) { $DP = mswGetTableData('departments', 'id', $deptID, '', '`manual_assign`'); if (isset($DP->manual_assign)) { // Does account exist? $LI_ACC = mswGetTableData('portal', 'email', mswSafeImportString($email)); if (isset($LI_ACC->id)) { $name = $LI_ACC->name; $email = $LI_ACC->email; $pass = ''; $userID = $LI_ACC->id; if (file_exists(PATH . 'content/language/' . $LI_ACC->language . '/mail-templates/new-ticket-visitor.txt')) { $mailR = PATH . 'content/language/' . $LI_ACC->language . '/mail-templates/new-ticket-visitor.txt'; $pLang = $LI_ACC->language; } else { $mailR = PATH . 'content/language/' . $SETTINGS->language . '/mail-templates/new-ticket-visitor.txt'; } $MSAPI->log('[' . strtoupper($MSAPI->handler) . '] Account does exist for ' . $email); } else { $MSAPI->log('[' . strtoupper($MSAPI->handler) . '] New account to be created for email ' . $email); $pass = $MSACC->ms_generate();
public function check($data = '', $field = 'email') { $SQL = ''; if (isset($_POST['currID']) && (int) $_POST['currID'] > 0) { $_POST['currID'] = (int) $_POST['currID']; $SQL = "AND `id` != '{$_POST['currID']}'"; } $q = mysql_query("SELECT `id` FROM `" . DB_PREFIX . "portal`\n WHERE `" . $field . "` = '" . mswSafeImportString($data ? $data : $_POST['checkEntered']) . "'\n\t {$SQL}\n LIMIT 1\n "); $P = mysql_fetch_object($q); return isset($P->id) ? 'exists' : 'accept'; }
This File: create-account.php Description: System File ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/ if (!defined('PARENT') || !defined('MS_PERMISSIONS')) { $HEADERS->err403(); } // Account verification.. if (isset($_GET['va'])) { $code = $_GET['va']; $message = ''; if ($code == '' || !ctype_alnum($code) || $SETTINGS->createAcc == 'no') { $HEADERS->err403(); } // Get account.. $A = mswGetTableData('portal', 'system1', mswSafeImportString($code)); if (!isset($A->id)) { $message = $msg_public_create8; } else { if ($A->verified == 'yes') { $message = $msg_public_create9; } else { // Load mail params include PATH . 'control/mail-data.php'; // Activate.. $pass = $MSACC->ms_generate(); $rows = $MSACC->activate(array('id' => $A->id, 'pass' => $pass)); if ($rows > 0) { $MSMAIL->addTag('{NAME}', $A->name); $MSMAIL->addTag('{EMAIL}', $A->email); $MSMAIL->addTag('{PASS}', $pass);
public function batchImportQuestions($lines, $del, $enc) { $count = 0; // Clear current questions.. if (isset($_POST['clear'])) { $que = array(); $chop = empty($_POST['cat']) ? $_POST['catall'] : $_POST['cat']; if (!empty($chop)) { $q = mysql_query("SELECT `question` FROM `" . DB_PREFIX . "faqassign`\n\t WHERE `itemID` IN(" . implode(',', $chop) . ")\n\t\t\t AND `desc` = 'category'\n\t\t\t GROUP BY `question`\n\t\t\t ORDER BY `itemID`\n\t\t\t "); while ($QUE = mysql_fetch_object($q)) { $que[] = $QUE->question; } if (!empty($que)) { mysql_query("DELETE FROM `" . DB_PREFIX . "faq` WHERE `id` IN(" . implode(',', $que) . ")") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); if (mswRowCount('faq') == 0) { @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "faq`"); @mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "faqassign`"); } } } } // Upload CSV file.. if (is_uploaded_file($_FILES['file']['tmp_name'])) { // If uploaded file exists, read CSV data... $handle = fopen($_FILES['file']['tmp_name'], 'r'); if ($handle) { while (($CSV = fgetcsv($handle, $lines, $del, $enc)) !== false) { // Clean array.. $CSV = array_map('trim', $CSV); mysql_query("INSERT INTO `" . DB_PREFIX . "faq` (\n `ts`,\n `question`,\n `answer`\n ) VALUES (\n UNIX_TIMESTAMP(UTC_TIMESTAMP),\n '" . mswSafeImportString($CSV[0]) . "',\n '" . mswSafeImportString($CSV[1]) . "'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); $ID = mysql_insert_id(); // Assign categories.. $assign = empty($_POST['cat']) ? $_POST['catall'] : $_POST['cat']; if (!empty($assign) && $ID > 0) { foreach ($assign as $aID) { mysql_query("INSERT INTO `" . DB_PREFIX . "faqassign` (\n `question`,`itemID`,`desc`\n ) VALUES (\n '{$ID}','{$aID}','category'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__)); } } ++$count; } fclose($handle); } } // Clear temp file.. if (file_exists($_FILES['file']['tmp_name'])) { @unlink($_FILES['file']['tmp_name']); } // Rebuild sequence.. faqCentre::rebuildQueSequence(); return $count; }
public function ms_update($data = array()) { // Update portal.. $ID = (int) $data['id']; mysql_query("UPDATE `" . DB_PREFIX . "portal` SET\n `name` = '" . mswSafeImportString($data['name']) . "',\n `email` = '" . mswSafeImportString($data['email']) . "',\n `userPass` = '{$data['pass']}',\n `timezone` = '" . mswSafeImportString($data['timezone']) . "',\n `language` = '" . mswSafeImportString($data['language']) . "'\n WHERE `id` = '{$ID}'\n "); // Update login so we don`t log visitor out.. $_SESSION[md5(SECRET_KEY) . '_msw_support'] = $data['email']; return mysql_affected_rows(); }
public function insertField($ticket, $field, $data) { mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n `ticketID`,\n `fieldID`,\n `replyID`,\n `fieldData`\n ) VALUES (\n '{$ticket}',\n '{$field}',\n '0',\n '" . mswSafeImportString($data) . "'\n )"); }
unset($_SESSION['autoPurgeRan']); } if (isset($_COOKIE[md5(SECRET_KEY) . '_msc_mail'])) { @setcookie(md5(SECRET_KEY) . '_msc_mail', ''); @setcookie(md5(SECRET_KEY) . '_msc_key', ''); unset($_COOKIE[md5(SECRET_KEY) . '_msc_mail'], $_COOKIE[md5(SECRET_KEY) . '_msc_key']); } header("Location: index.php?p=login"); exit; } if (isset($_POST['process'])) { if ($_POST['user'] && $_POST['pass']) { if (!mswIsValidEmail($_POST['user'])) { $U_ERROR = $msg_login6; } else { $USER = mswGetTableData('users', 'email', mswSafeImportString($_POST['user']), 'AND `accpass` = \'' . md5(SECRET_KEY . $_POST['pass']) . '\''); if (isset($USER->email)) { // Update page access.. if ($USER->id > 0) { $upa = userAccessPages($USER->id); $USER->pageAccess = $upa; } // Add entry log.. if ($USER->enableLog == 'yes') { $MSUSERS->log($USER); } // Set session.. $_SESSION[md5(SECRET_KEY) . '_ms_mail'] = $USER->email; $_SESSION[md5(SECRET_KEY) . '_ms_key'] = $USER->accpass; // Set cookie.. if (isset($_POST['cookie']) && COOKIE_NAME) {