function mysql_session_write($SessionID, $val) { $SessionID = addslashes($SessionID); $val = addslashes($val); $sql = "SELECT COUNT(*) FROM tsessions_php\n\t\tWHERE id_session = '{$SessionID}'"; $SessionExists = process_sql($sql); $session_exists = $SessionExists[0]['COUNT(*)']; if ($session_exists == 0) { $now = time(); $retval_write = process_sql_insert('tsessions_php', array('id_session' => $SessionID, 'last_active' => $now, 'data' => $val)); } else { $now = time(); $retval_write = process_sql_update('tsessions_php', array('last_active' => $now, 'data' => $val), array('id_session' => $SessionID)); } return $retval_write; }
/** * Create Profile for User * * @param string User ID * @param int Profile ID (default 1 => AR) * @param int Group ID (default 1 => All) * @param string Assign User who assign the profile to user. * * @return mixed Number id if succesful, false if not */ function profile_create_user_profile($id_user, $id_profile = 1, $id_group = 0, $assignUser = false) { global $config; if (empty($id_profile) || $id_group < 0) { return false; } if (isset($config["id_usuario"])) { //Usually this is set unless we call it while logging in (user known by auth scheme but not by pandora) $assign = $config["id_usuario"]; } else { $assign = $id_user; } if ($assignUser !== false) { $assign = $assignUser; } $insert = array("id_usuario" => $id_user, "id_perfil" => $id_profile, "id_grupo" => $id_group, "assigned_by" => $assign); return process_sql_insert("tusuario_perfil", $insert); }
function fill_new_sla_table() { echo "Filling the table 'tincident_sla_graph_data'...\n"; $last_values = array(); $sql = "SELECT id_incident, utimestamp, value\n\t\t\tFROM tincident_sla_graph\n\t\t\tORDER BY utimestamp ASC"; $new = true; while ($data = get_db_all_row_by_steps_sql($new, $result_sla, $sql)) { $new = false; $id_incident = $data["id_incident"]; $value = $data["value"]; $utimestamp = $data["utimestamp"]; if (!isset($last_values[$id_incident]) || isset($last_values[$id_incident]) && $last_values[$id_incident] != $value) { $last_values[$id_incident] = $value; $values = array("id_incident" => $id_incident, "utimestamp" => $utimestamp, "value" => $value); process_sql_insert("tincident_sla_graph_data", $values); } } echo "Filling the table 'tincident_sla_graph_data'... DONE\n"; }
$value = array(); $value["label"] = get_parameter("label"); $value["type"] = get_parameter("type"); $value["combo_value"] = get_parameter("combo_value"); if ($value['type'] == 'combo') { if ($value['combo_value'] == '') { $error_combo = true; } } if ($value['label'] == '') { echo ui_print_error_message(__('Empty field name'), '', true, 'h3', true); } else { if ($error_combo) { echo ui_print_error_message(__('Empty combo value'), '', true, 'h3', true); } else { $result_field = process_sql_insert('tuser_field', $value); if ($result_field === false) { echo ui_print_error_message(__('Field could not be created'), '', true, 'h3', true); } else { echo ui_print_success_message(__('Field created successfully'), '', true, 'h3', true); $id_field = $result_field; } } } } if ($update_field) { //update field to incident type $id_field = get_parameter('id_field'); $value_update['label'] = get_parameter('label'); $value_update['type'] = get_parameter('type'); $value_update['combo_value'] = get_parameter('combo_value', '');
function graph_sla($incident) { $id_incident = $incident['id_incidencia']; $utimestamp = time(); //Get sla values for this incident $sla_affected = get_db_value("affected_sla_id", "tincidencia", "id_incidencia", $id_incident); $values['id_incident'] = $id_incident; $values['utimestamp'] = $utimestamp; //If incident is affected by SLA then the graph value is 0 if ($sla_affected) { $values['value'] = 0; } else { $values['value'] = 1; } $sql = sprintf("SELECT value\n\t\t\t\t\tFROM tincident_sla_graph_data\n\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\tORDER BY utimestamp DESC", $id_incident); $result = get_db_row_sql($sql); $last_value = !empty($result) ? $result['value'] : -1; if ($values['value'] != $last_value) { //Insert SLA value in table process_sql_insert('tincident_sla_graph_data', $values); } }
} else { echo "<h3 class='error'>" . __('There was a problem updating row') . "</h3>"; } } if ($insert_row) { $fields = get_db_all_rows_sql("DESC " . $external_table); $key = get_parameter('key'); if ($fields == false) { $fields = array(); } foreach ($fields as $field) { if ($field['Field'] != $key) { $values[$field['Field']] = get_parameter($field['Field']); } } $result_insert = process_sql_insert($external_table, $values); if ($result_insert) { echo "<h3 class='suc'>" . __('Inserted row') . "</h3>"; } else { echo "<h3 class='error'>" . __('There was a problem inserting row') . "</h3>"; } } echo "<h1>" . __('External table management') . "</h1>"; $table->width = '98%'; $table->class = 'search-table'; $table->id = "external-editor"; $table->data = array(); $ext_tables = inventories_get_external_tables($id_object_type); $table->data[0][0] = print_select($ext_tables, 'external_table', $external_table, '', __('None'), "", true, false, false, __('Select external table')); $button = '<div style=" text-align: right;">'; $button .= print_submit_button(__('Add row'), 'search', false, 'class="sub search"', true);
if ($value['type'] == 'linked') { if ($value['linked_value'] == '') $error_linked = true; } if ($value['label'] == '') { echo ui_print_error_message (__('Empty field name'), '', true, 'h3', true); } else if ($value['type'] == '0') { echo ui_print_error_message (__('Empty type field'), '', true, 'h3', true); } else if ($error_combo) { echo ui_print_error_message (__('Empty combo value'), '', true, 'h3', true); } else if ($error_linked) { echo ui_print_error_message (__('Empty linked value'), '', true, 'h3', true); } else { $result_field = process_sql_insert('tcontract_field', $value); if ($result_field === false) { echo ui_print_error_message (__('Field could not be created'), '', true, 'h3', true); } else { echo ui_print_success_message (__('Field created successfully'), '', true, 'h3', true); $id_field = $result_field; } } } if ($update_field) { //update field to incident type $id_field = get_parameter ('id_field'); $value_update['label'] = get_parameter('label'); $value_update['type'] = get_parameter ('type');
function integria_sendmail($to, $subject = "[INTEGRIA]", $body, $attachments = false, $code = "", $from = "", $remove_header_footer = 0, $cc = "", $extra_headers = "") { global $config; if ($to == '') { return false; } $to = trim(safe_output($to)); $from = trim(safe_output($from)); $cc = trim(safe_output($cc)); $config["mail_from"] = trim($config["mail_from"]); $current_date = date("Y/m/d H:i:s"); // We need to convert to pure ASCII here to use carriage returns $body = safe_output($body); $subject = ascii_output($subject); if ($remove_header_footer == 0) { // Add global header and footer to mail $body = safe_output($config["HEADER_EMAIL"]) . "\r\n" . $body . "\r\n" . safe_output($config["FOOTER_EMAIL"]); } // Add custom code to the end of message subject (to put there ID's). if ($code != "") { $subject = "[{$code}] " . $subject; // $body = $body."\r\nNOTICE: Please don't alter the SUBJECT when answer to this mail, it contains a special code who makes reference to this issue."; } // This is a special scenario... we store all the information "ready" in the database, // without HTML encoding. THis is because it is not to be rendered on a browser, // it will be directly to a SMTP connection. $values = array('date' => $current_date, 'attempts' => 0, 'status' => 0, 'recipient' => $to, 'subject' => mysql_real_escape_string($subject), 'body' => mysql_real_escape_string($body), 'attachment_list' => $attachments, 'from' => $from, 'cc' => $cc, 'extra_headers' => $extra_headers); process_sql_insert('tpending_mail', $values); }
require ("general/noaccess.php"); exit; } $values = array('progress' => 100); $where = array('id' => $id); $result = process_sql_update('tlead', $values, $where); if ($result > 0) { $values = array( 'id_lead' => $id, 'id_user' => $config["id_user"], 'timestamp' => date ("Y-m-d H:i:s"), 'description' => "Lead closed" ); process_sql_insert('tlead_history', $values); echo ui_print_success_message (__('Successfully closed'), '', true, 'h3', true); $id = 0; if ($massive_leads_update && is_ajax()) { $total_result['closed'] = true; } } } // Delete if ($delete) { if (!$write_permission && !$manage_permission) { audit_db ($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete a lead");
} //$id = 0; $sql_global_ids = "SELECT DISTINCT (global_id)\n\t\t\t\tFROM tincident_type_field\n\t\t\t\tWHERE global_id != 0"; $global_ids = get_db_all_rows_sql($sql_global_ids); if ($global_ids) { foreach ($global_ids as $global_id) { $sql = "SELECT * FROM tincident_type_field WHERE id=" . $global_id['global_id']; $type_field = get_db_row_sql($sql); $value['id_incident_type'] = $id; $value['label'] = $type_field["label"]; $value['type'] = $type_field["type"]; $value['combo_value'] = $type_field["combo_value"]; $value['linked_value'] = $type_field["linked_value"]; $value['show_in_list'] = $type_field["show_in_list"]; $value['global_id'] = $type_field["global_id"]; $result = process_sql_insert('tincident_type_field', $value); if (!$result) { echo '<h3 class="error">' . __('There was a problem creating global field for type could not be created for type: ') . " " . $global_id["global_id"] . '</h3>'; } } } } // UPDATE if ($update_type) { $values['name'] = (string) get_parameter('name'); $values['description'] = (string) get_parameter('description'); //$values['id_wizard'] = (int) get_parameter ('wizard'); //$values['id_group'] = (int) get_parameter ('id_group'); if ($values['name'] != "") { $result = process_sql_update('tincident_type', $values, array('id' => $id)); if ($result === false) {
$description = (string) get_parameter('description'); $date = (string) get_parameter('date', date('Y-m-d')); $time = (string) get_parameter('time', date('H:i')); $duration = (int) get_parameter('duration'); $public = (int) get_parameter('public'); $alarm = (int) get_parameter('alarm'); $groups = get_parameter('groups', array()); // The 0 group is the 'none' option if (in_array(0, $groups)) { $groups = array(); } $values = array('public' => $public, 'alarm' => $alarm, 'timestamp' => $date . ' ' . $time, 'id_user' => $config['id_user'], 'title' => $title, 'duration' => $duration, 'description' => $description); $result = false; if (empty($id)) { $old_entry = array(); $result = process_sql_insert('tagenda', $values); } else { $old_entry = get_db_row('tagenda', 'id', $id); $result = process_sql_update('tagenda', $values, array('id' => $id)); } if ($result !== false) { if (empty($id)) { $groups = agenda_process_privacy_groups($result, $public, $groups); } else { $groups = agenda_process_privacy_groups($id, $public, $groups); } $full_path = $config['homedir'] . '/attachment/tmp/'; $ical_text = create_ical($date . ' ' . $time, $duration, $config['id_user'], $description, "Integria imported event: {$title}"); $full_filename = $full_path . $config['id_user'] . '-' . microtime(true) . '.ics'; $full_filename_h = fopen($full_filename, 'a'); fwrite($full_filename_h, $ical_text);
function inventories_load_file($objects_file) { $file_handle = fopen($objects_file, "r"); global $config; while (!feof($file_handle)) { $create = true; $line = fgets($file_handle); if ($line == '' || !isset($line)) { continue; } preg_match_all('/(.*),/', $line, $matches); $values = explode(',', $line); $id_object_type = $values[0]; $owner = $values[1]; $name = $values[2]; $public = $values[3]; $description = $values[4]; $id_contract = $values[5]; $id_manufacturer = $values[6]; $id_parent = $values[7]; $id_companies = $values[8]; $id_users = $values[9]; $status = $values[10]; if ($id_companies != '') { $id_companies_arr = explode(';', $id_companies); } else { $id_companies_arr = array(); } if ($id_users != '') { $id_users_arr = explode(';', $id_users); } else { $id_users_arr = array(); } $value = array('id_object_type' => $id_object_type, 'owner' => $owner, 'name' => safe_input($name), 'public' => $public, 'description' => safe_input($description), 'id_contract' => $id_contract, 'id_manufacturer' => $id_manufacturer, 'id_parent' => $id_parent, 'status' => $status, 'last_update' => date("Y/m/d", get_system_time())); if ($name == '') { echo "<h3 class='error'>" . __('Inventory name empty') . "</h3>"; $create = false; } else { $inventory_id = get_db_value('id', 'tinventory', 'name', $name); if ($inventory_id != false) { echo "<h3 class='error'>" . __('Inventory ') . $name . __(' already exists') . "</h3>"; $create = false; } } if ($id_contract != 0 && $id_contract != '') { $exists = get_db_value('id', 'tcontract', 'id', $id_contract); if (!$exists) { echo "<h3 class='error'>" . __('Contract ') . $id_contract . __(' doesn\'t exist') . "</h3>"; $create = false; } } if ($id_manufacturer != 0 && $id_manufacturer != '') { $exists = get_db_value('id', 'tmanufacturer', 'id', $id_manufacturer); if (!$exists) { echo "<h3 class='error'>" . __('Manufacturer ') . $id_manufacturer . __(' doesn\'t exist') . "</h3>"; $create = false; } } if ($id_object_type != 0 && $id_object_type != '') { $exists_object_type = get_db_value('id', 'tobject_type', 'id', $id_object_type); if (!$exists_object_type) { echo "<h3 class='error'>" . __('Object type ') . $id_object_type . __(' doesn\'t exist') . "</h3>"; $create = false; } else { //~ $all_fields = inventories_get_all_type_field ($id_object_type); $sql = "SELECT * FROM tobject_type_field WHERE id_object_type=" . $id_object_type; $all_fields = get_db_all_rows_sql($sql); if ($all_fields == false) { $all_fields = array(); } $value_data = array(); $i = 11; $j = 0; foreach ($all_fields as $key => $field) { $data = $values[$i]; switch ($field['type']) { case 'combo': $combo_val = explode(",", $field['combo_value']); $k = array_search($data, $combo_val); if ($k === false) { echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' doesn\'t match. Valid values: ') . $field['combo_value'] . "</h3>"; $create = false; } break; case 'numeric': $res = is_numeric($data); if (!$res) { echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' must be numeric') . "</h3>"; $create = false; } break; case 'external': $table_ext = $field['external_table_name']; $exists_table = get_db_sql("SHOW TABLES LIKE '{$table_ext}'"); if (!$exists_table) { echo "<h3 class='error'>" . __('External table ') . $table_ext . __(' doesn\'t exist') . "</h3>"; $create = false; } $id = $field['external_reference_field']; $exists_id = get_db_sql("SELECT {$id} FROM {$table_ext}"); if (!$exists_id) { echo "<h3 class='error'>" . __('Id ') . $id . __(' doesn\'t exist') . "</h3>"; $create = false; } break; } if ($field['inherit']) { $ok = inventories_check_unique_field($data, $field['type']); if (!$ok) { echo "<h3 class='error'>" . __('Field ') . $field['label'] . __(' must be unique') . "</h3>"; $create = false; } } $value_data[$j]['id_object_type_field'] = $field['id']; $value_data[$j]['data'] = safe_input($data); $i++; $j++; } } } if ($create) { $result_id = process_sql_insert('tinventory', $value); if ($result_id) { foreach ($value_data as $k => $val_data) { $val_data['id_inventory'] = $result_id; process_sql_insert('tobject_field_data', $val_data); } if (!empty($id_companies_arr)) { foreach ($id_companies_arr as $id_company) { $values_company['id_inventory'] = $result_id; $values_company['id_reference'] = $id_company; $values_company['type'] = 'company'; process_sql_insert('tinventory_acl', $values_company); } } if (!empty($id_users_arr)) { foreach ($id_users_arr as $id_user) { $values_user['id_inventory'] = $result_id; $values_user['id_reference'] = $id_user; $values_user['type'] = 'user'; process_sql_insert('tinventory_acl', $values_user); } } } } } //end while fclose($file_handle); echo "<h3 class='info'>" . __('File loaded') . "</h3>"; return; }
function incidents_update_incident_stats_data($incident) { $start_time = strtotime($incident["inicio"]); // Check valid date if ($start_time < strtotime('1970-01-01 00:00:00')) { return; } $id_incident = $incident["id_incidencia"]; $last_incident_update = $incident["last_stat_check"]; $last_incident_update_time = strtotime($last_incident_update); $now = time(); $metrics = array(INCIDENT_METRIC_USER, INCIDENT_METRIC_STATUS, INCIDENT_METRIC_GROUP); foreach ($metrics as $metric) { $state = incidents_metric_to_state($metric); // Get the last updated item in the last incident update $sql = sprintf("SELECT timestamp, id_aditional\n\t\t\t\t\t\tFROM tincident_track\n\t\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\t\tAND state = %d\n\t\t\t\t\t\t\tAND timestamp < '%s'\n\t\t\t\t\t\tORDER BY timestamp DESC\n\t\t\t\t\t\tLIMIT 1", $id_incident, $state, $last_incident_update); $last_updated_value = process_sql($sql); if ($last_updated_value === false) { $last_updated_value = array(); } // Get the changes of the metric from the incident track table // Get only the changes produced before the last incident update // in ascending order $sql = sprintf("SELECT timestamp, id_aditional\n\t\t\t\t\t\tFROM tincident_track\n\t\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\t\tAND state = %d\n\t\t\t\t\t\t\tAND timestamp > '%s'\n\t\t\t\t\t\tORDER BY timestamp ASC", $id_incident, $state, $last_incident_update); $track_values = process_sql($sql); if ($track_values === false) { $track_values = array(); } // If there is no changes since the last incident update, // the actual value is updated if (count($track_values) < 1 && count($last_updated_value) > 0) { incidents_update_stats_item($id_incident, $last_updated_value[0]["id_aditional"], $metric, $last_incident_update_time, $now); } // Go over the changes to create the stat items and set the seconds // passed in every state for ($i = 0; $i < count($track_values); $i++) { $min_time = strtotime($track_values[$i]["timestamp"]); if ($track_values[$i + 1]) { // There was a change after this change $max_time = strtotime($track_values[$i + 1]["timestamp"]); } else { // The actual value $max_time = $now; } // Final update to the last metric item of the last incident update if (!$track_values[$i - 1] && count($last_updated_value) > 0) { incidents_update_stats_item($id_incident, $last_updated_value[0]["id_aditional"], $metric, $last_incident_update_time, $min_time); } incidents_update_stats_item($id_incident, $track_values[$i]["id_aditional"], $metric, $min_time, $max_time); } } // total_time $filter = array("metric" => INCIDENT_METRIC_STATUS, "status" => STATUS_CLOSED, "id_incident" => $id_incident); $closed_time = get_db_value_filter("seconds", "tincident_stats", $filter); if (!$closed_time) { $closed_time = 0; } $start_time = strtotime($incident["inicio"]); $holidays_seconds = incidents_get_holidays_seconds_by_timerange($start_time, $now); $total_time = $now - $start_time - $closed_time - $holidays_seconds; $sql = sprintf("SELECT id\n\t\t\t\t\tFROM tincident_stats\n\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\tAND metric = '%s'", $id_incident, INCIDENT_METRIC_TOTAL_TIME); $row = get_db_row_sql($sql); //Check if we have a previous stat metric to update or create it if ($row) { $val_upd = array("seconds" => $total_time); $val_where = array("id" => $row["id"]); process_sql_update("tincident_stats", $val_upd, $val_where); } else { $val_new = array("seconds" => $total_time, "metric" => INCIDENT_METRIC_TOTAL_TIME, "id_incident" => $id_incident); process_sql_insert("tincident_stats", $val_new); } // total_w_third $filter = array("metric" => INCIDENT_METRIC_STATUS, "status" => STATUS_PENDING_THIRD_PERSON, "id_incident" => $id_incident); $third_time = get_db_value_filter("seconds", "tincident_stats", $filter); if (!$third_time || $third_time < 0) { $third_time = 0; } $total_time -= $third_time; $sql = sprintf("SELECT id\n\t\t\t\t\tFROM tincident_stats\n\t\t\t\t\tWHERE id_incident = %d\n\t\t\t\t\t\tAND metric = '%s'", $id_incident, INCIDENT_METRIC_TOTAL_TIME_NO_THIRD); $row = get_db_row_sql($sql); //Check if we have a previous stat metric to update or create it if ($row) { $val_upd = array("seconds" => $total_time); $val_where = array("id" => $row["id"]); process_sql_update("tincident_stats", $val_upd, $val_where); } else { $val_new = array("seconds" => $total_time, "metric" => INCIDENT_METRIC_TOTAL_TIME_NO_THIRD, "id_incident" => $id_incident); process_sql_insert("tincident_stats", $val_new); } //Update last_incident_update field from tincidencia $update_values = array("last_stat_check" => date("Y-m-d H:i:s", $now)); process_sql_update("tincidencia", $update_values, array("id_incidencia" => $id_incident)); }
/** * Update affected users in an inventory. * * @param int inventory id to update. * @param array List of affected users ids. * @param update = false to create and update = true to update */ function inventory_update_users($id_inventory, $users, $update = false) { error_reporting(0); $where_clause = ''; if (empty($users)) { $users = array(0); } if ($update) { $sql = sprintf("DELETE FROM tinventory_acl WHERE id_inventory = %d AND type='user'", $id_inventory); $res = process_sql($sql); if ($res !== false && $res > 0) { $updated = true; } } $type = 'user'; foreach ($users as $key => $id_user) { if ($id_user != '') { $value = array(); $value['id_inventory'] = $id_inventory; $value['id_reference'] = $id_user; $value['type'] = $type; $tmp = process_sql_insert('tinventory_acl', $value); } } if ($update && $updated === true) { inventory_tracking($id_inventory, INVENTORY_USERS_UPDATED); } else { if (!empty($users) && $users != array(0)) { inventory_tracking($id_inventory, INVENTORY_USERS_CREATED); } } }
/** * Move file sharing items to file releases section (attachment/downloads) and * remove it from file sharing section (attachment/file_sharing) */ function move_file_sharing_items() { global $config; $file_sharing_path = $config["homedir"] . "attachment/file_sharing/"; $new_path = $config["homedir"] . "attachment/downloads/"; if (is_dir($file_sharing_path)) { if ($dh = opendir($file_sharing_path)) { while (($file = readdir($dh)) !== false) { if (is_dir($file_sharing_path . $file) && $file != "." && $file != "..") { $file_path = $file_sharing_path . $file . "/"; if ($dh2 = opendir($file_sharing_path . $file)) { while (($file2 = readdir($dh2)) !== false) { if ($file2 != "." && $file2 != "..") { copy($file_path . $file2, $new_path . $file2); $external_id = sha1(random_string(12) . date()); $values = array('name' => $file2, 'location' => "attachment/downloads/{$file2}", 'description' => "Migrated from file sharing", 'id_category' => 0, 'id_user' => $config["id_user"], 'date' => date("Y-m-d H:i:s"), 'public' => 1, 'external_id' => $external_id); process_sql_insert("tdownload", $values); unlink($file_path . $file2); } } } closedir($dh2); rmdir($file_path); } } } closedir($dh); rmdir($file_sharing_path); } process_sql("INSERT INTO tconfig (`token`,`value`) VALUES ('file_sharing_items_moved', 1)"); }
/** * Create a new user * * @return bool false */ function create_user($id_user, $password, $user_info) { $values = $user_info; $values["id_usuario"] = $id_user; $values["password"] = md5($password); //$values["last_connect"] = 0; $values["fecha_registro"] = get_system_time(); return @process_sql_insert("tusuario", $values) !== false; }
$upload_status = getFileUploadStatus("upfile"); $upload_result = translateFileUploadStatus($upload_status); if ($upload_result === true) { $filename = $_FILES["upfile"]['name']; $extension = pathinfo($filename, PATHINFO_EXTENSION); $invalid_extensions = "/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|\n\t\t\tpif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|\n\t\t\thtpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)\$/i"; if (!preg_match($invalid_extensions, $extension)) { $filename = str_replace(" ", "_", $filename); // Replace conflictive characters $filename = filter_var($filename, FILTER_SANITIZE_URL); // Replace conflictive characters $file_tmp = $_FILES["upfile"]['tmp_name']; $filesize = $_FILES["upfile"]["size"]; // In bytes $values = array("id_company" => $id_company, "id_usuario" => $config['id_user'], "filename" => $filename, "description" => "", "size" => $filesize, "timestamp" => date("Y-m-d")); $id_attachment = process_sql_insert("tattachment", $values); if ($id_attachment) { $location = $config["homedir"] . "/attachment/" . $id_attachment . "_" . $filename; if (copy($file_tmp, $location)) { // Delete temporal file unlink($file_tmp); $result["status"] = true; $result["id_attachment"] = $id_attachment; } else { unlink($file_tmp); process_sql_delete('tattachment', array('id_attachment' => $id_attachment)); $result["message"] = __('The file could not be copied'); } } } else { $result["message"] = __('Invalid extension');
if ($len < $nfields) { $data = array_pad($data, $nfields, ''); } elseif ($len > $nfields) { $data = array_slice($data, NULL, $nfields); } $values = array_combine($fields, $data); if (empty($values['name'])) { continue; } print $values["name"]; print " - "; print $values["account"]; print " - "; print $values["start_date"]; print " - "; print $values["expiry_date"]; print "\n"; $id_account = get_db_value('id', 'tcompany', 'name', safe_input($values["account"])); $temp = array(); // Check if already exists $id_contract = get_db_value('id', 'tcontract', 'name', safe_input($values["name"])); if ($id_contract == "" and $id_account != "") { $temp["name"] = safe_input(trim($values["name"])); $temp["description"] = safe_input(trim($values["description"])); $temp["date_begin"] = safe_input(trim($values["start_date"])); $temp["date_end"] = safe_input(trim($values["expiry_date"])); $temp["id_company"] = $id_account; process_sql_insert('tcontract', $temp); } } fclose($file);
function load_file($users_file, $group, $profile, $nivel, $pass_policy, $avatar) { $file_handle = fopen($users_file, "r"); global $config; enterprise_include('include/functions_license.php', true); $is_manager_profile = enterprise_hook('license_check_manager_profile', array($profile)); if ($is_manager_profile == ENTERPRISE_NOT_HOOK) { $users_check = true; } else { if ($is_manager_profile) { $users_check = enterprise_hook('license_check_manager_users_num'); } else { $users_check = enterprise_hook('license_check_regular_users_num'); } } while (!feof($file_handle) && $users_check === true) { $line = fgets($file_handle); preg_match_all('/(.*),/', $line, $matches); $values = explode(',', $line); $id_usuario = $values[0]; $pass = $values[1]; $pass = md5($pass); $nombre_real = $values[2]; $mail = $values[3]; $tlf = $values[4]; $desc = $values[5]; $avatar = $values[6]; $disabled = $values[7]; $id_company = $values[8]; $num_employee = $values[9]; $enable_login = $values[10]; $force_change_pass = 0; if ($pass_policy) { $force_change_pass = 1; } $value = array('id_usuario' => $id_usuario, 'nombre_real' => $nombre_real, 'password' => $pass, 'comentarios' => $desc, 'direccion' => $mail, 'telefono' => $tlf, 'nivel' => $nivel, 'avatar' => $avatar, 'disabled' => $disabled, 'id_company' => $id_company, 'num_employee' => $num_employee, 'enable_login' => $enable_login, 'force_change_pass' => $force_change_pass); if ($id_usuario != '' && $nombre_real != '') { if ($id_usuario == get_db_value('id_usuario', 'tusuario', 'id_usuario', $id_usuario)) { echo ui_print_error_message(__('User ') . $id_usuario . __(' already exists'), '', true, 'h3', true); } else { $resul = process_sql_insert('tusuario', $value); if ($resul == false) { $value2 = array('id_usuario' => $id_usuario, 'id_perfil' => $profile, 'id_grupo' => $group, 'assigned_by' => $config["id_user"]); if ($id_usuario != '') { process_sql_insert('tusuario_perfil', $value2); } } } } } if ($users_check === false) { echo ui_print_error_message(__('The number of users has reached the license limit'), '', true, 'h3', true); } fclose($file_handle); echo ui_print_success_message(__('File loaded'), '', true, 'h3', true); return; }
function api_add_address_to_newsletter($return_type, $user, $params) { global $config; if (!give_acl($user, 0, "CN")) { audit_db($user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access newsletter management"); exit; } $values['id_newsletter'] = $params[0]; $values['name'] = $params[1]; $values['email'] = $params[2]; $values['status'] = 0; $values['datetime'] = print_mysql_timestamp(); $values['validated'] = 0; $check_id_newsletter = get_db_value("id", "tnewsletter", "id", $values['id_newsletter']); $result = 0; if (!empty($check_id_newsletter)) { $result = process_sql_insert('tnewsletter_address', $values); } switch ($return_type) { case "xml": echo xml_node($result); break; case "csv": echo $result; break; } return; }
/** * Assign a tag to a lead. * This process will delete the lead tags and assign the new. * * @param mixed Id (int) or ids (array) of the lead. * @param mixed Name (string) or names (array) of the tag. * @param bool Wether html encode the names or not. * * @return mixed The number of assigned tags of false (bool) on error. */ function create_lead_tag_with_names($lead_id, $tag_name, $encode_names = false) { if (empty($lead_id)) { throw new InvalidArgumentException(__('The lead id cannot be empty')); } if (empty($tag_name)) { throw new InvalidArgumentException(__('The tag name cannot be empty')); } if (!is_array($lead_id)) { $lead_id = array($lead_id); } if (!is_array($tag_name)) { $tag_name = array($tag_name); } if ($encode_names) { $tag_name = safe_input($tag_name); } $expected_assingments = count($lead_id) * count($tag_name); $successfull_assingments = 0; // Delete the old tags $delete_res = process_sql_delete(LEADS_TABLE, array(LEADS_TABLE_LEAD_ID_COL => $lead_id)); if ($delete_res !== false) { foreach ($lead_id as $l_id) { if (is_numeric($l_id) && $l_id > 0) { foreach ($tag_name as $t_name) { if (!empty($t_name)) { $tag_id = get_db_value(TAGS_TABLE_ID_COL, TAGS_TABLE, TAGS_TABLE_NAME_COL, $t_name); if (is_numeric($tag_id) && $tag_id > 0) { $values = array(LEADS_TABLE_LEAD_ID_COL => $l_id, LEADS_TABLE_TAG_ID_COL => $tag_id); $result = process_sql_insert(LEADS_TABLE, $values); if ($result !== false) { $successfull_assingments++; } } } } } } } if ($delete_res === false || $expected_assingments > 0 && $successfull_assingments === 0) { $successfull_assingments = false; } return $successfull_assingments; }
function um_db_create_auth($client_key, $subscription_limit, $description = '', $developer = false) { global $db; if (!is_numeric($subscription_limit)) { echo '<strong>Error</strong>: Subscription must be numeric<br />'; return false; } $values = array('client_key' => $client_key, 'subscription_limit' => $subscription_limit, 'description' => $description, 'developer' => $developer); $result = process_sql_insert(DB_PREFIX . 'tupdate_auth', $values); if ($result === false) { echo '<strong>Error creating authorization</strong> <br />'; return false; } return true; }
$timestamp = print_mysql_timestamp(); $values = array( "timestamp" => $timestamp, "duration" => 0, "id_user" => $config['id_user'], "description" => $nota, "public" => 1 ); $id_workunit = process_sql_insert("tworkunit", $values); $values = array( "id_incident" => $id, "id_workunit" => $id_workunit ); process_sql_insert("tworkunit_incident", $values); // Updating the ticket process_sql_update("tincidencia", array("actualizacion" => $timestamp), array("id_incidencia" => $id)); } else { unlink ($file_tmp); process_sql_delete ('tattachment', array('id_attachment' => $id_attachment)); $result["message"] = __('The file could not be copied'); } } } else { $result["message"] = __('Invalid extension'); } } else {
/** * Create a zip package with the /tmp files in the user folder on tattachment/file_sharing * and delete the original files. * Fill the files with FileSharingFile objects is required. This objects should have filled * the params 'fullpath' and 'basename'. * * @return array The index 'status' shows the result of the operation, the index 'message' * returns a message and the index 'bad_files' returns an array with the not created files. */ public function save() { global $config; $result = array('status' => false, 'message' => '', 'badFiles' => array()); if (isset($this->files) && !empty($this->files) && is_array($this->files)) { if (isset($this->id)) { // Do nothing. At this moment the package edition is not supported $result['message'] = __('At this moment the package edition is not supported'); } else { // Package creation if (class_exists("ZipArchive")) { // The admin can manage the file uploads as any user $user_is_admin = (bool) dame_admin($config['id_user']); if ($user_is_admin) { $id_user = get_parameter("id_user", $config['id_user']); // If the user doesn't exist get the current user $user_data = get_user($id_user); if (empty($user_data)) { $id_user = $config['id_user']; } $this->uploader = $id_user; } else { $this->uploader = $config['id_user']; } if (!isset($this->filename) || empty($this->filename)) { $this->filename = 'IntegriaIMS-SharedFile'; } if (!isset($this->description)) { $this->description = ''; } if (!isset($this->created)) { $this->created = time(); } $this->filename .= ".zip"; // Insert the package info into the tattachment table $values = array(); $values['id_usuario'] = safe_input($this->uploader); $values['filename'] = safe_input($this->filename); $values['timestamp'] = date("Y-m-d", $this->created); $values['public_key'] = hash("sha256", $id . $this->uploader . $this->filename . $this->created); $values['file_sharing'] = 1; $id = process_sql_insert(FileSharingFile::$dbTable, $values); if (!empty($id)) { $this->id = $id; if (!file_exists(self::$fileSharingDir) && !is_dir(self::$fileSharingDir)) { mkdir(self::$fileSharingDir); } $userDir = self::$fileSharingDir . "/" . $this->uploader; if (!file_exists($userDir) && !is_dir($userDir)) { mkdir($userDir); } $this->fullpath = $userDir . "/" . $this->id . "_" . $this->filename; // Zip creation $zip = new ZipArchive(); $res = $zip->open($this->fullpath, ZipArchive::CREATE); if ($res === true) { foreach ($this->files as $file) { if (is_array($file)) { $file = new FileSharingFile($file); } $fullpath = $file->getFullpath(); $basename = $file->getBasename(); if ($file->isReadable() && !empty($fullpath) && !empty($basename)) { // Add the file to the package if (!$zip->addFile($fullpath, $basename)) { $result['badFiles'][] = $file; } } else { $result['badFiles'][] = $file; } } $zip->close(); $filesCount = count($this->files); $badFilesCount = count($result['badFiles']); if ($badFilesCount == 0) { $result['status'] = true; } else { if ($badFilesCount < $filesCount) { $result['status'] = true; $result['message'] = __('Not all the files where added to the package'); } else { $result['message'] = __('An error occurred while building the package'); } } // Remove the original files foreach ($this->files as $file) { if (is_array($file)) { $file = new FileSharingFile($file); } $file->deleteFromDisk(); } // Reload the data and recheck the package if ($result['status']) { $this->loadWithID($this->id); if (!$this->exists || !$this->readable) { $result['status'] = false; $result['message'] = __('An error occurred while building the package'); $result['badFiles'] = array(); $this->delete(); } else { // The file was created successsfully $this->trackingCreation(); } } } } else { $result['message'] = __('An error occurred while creating the package'); foreach ($this->files as $file) { if (is_array($file)) { $file = new FileSharingFile($file); } $file->deleteFromDisk(); } } } else { if (get_admin_user($config['id_user'])) { $result['message'] = __("Impossible to handle the package. You have to install the PHP's Zip extension"); } else { $result['message'] = __('An error occurred while building the package'); } } } } else { $result['message'] = __('This package has no files'); } return $result; }
} //insert data to incident type fields if ($id_incident_type != 0) { $sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}"; $labels = get_db_all_rows_sql($sql_label); if ($labels === false) { $labels = array(); } foreach ($labels as $label) { $id_incident_field = get_db_value_filter('id', 'tincident_type_field', array('id_incident_type' => $id_incident_type, 'label' => $label['label']), 'AND'); $values_insert['id_incident'] = $id; $values_insert['data'] = get_parameter(base64_encode($label['label'])); //~ $values_insert['data'] = str_replace('
', "",get_parameter (base64_encode($label['label']))); $values_insert['id_incident_field'] = $id_incident_field; $id_incident_field = get_db_value('id', 'tincident_type_field', 'id_incident_type', $id_incident_type); process_sql_insert('tincident_field_data', $values_insert); } } // ATTACH A FILE IF IS PROVIDED $upfiles = json_decode(safe_output($upfiles), true); if (!empty($upfiles)) { include_once 'include/functions_workunits.php'; foreach ($upfiles as $file) { if (is_array($file)) { if ($file['description']) { $file_description = $file['description']; } else { $file_description = __('No description available'); } $file_result = attach_incident_file($id, $file["location"], $file_description, false, $file["name"]); }
$temp = array(); // Check if already exists /* * CREATE TABLE `tcompany_contact` ( `id` mediumint(8) unsigned NOT NULL auto_increment, `id_company` mediumint(8) unsigned NOT NULL, `fullname` varchar(150) NOT NULL default '', `email` varchar(100) NULL default NULL, `phone` varchar(55) NULL default NULL, `mobile` varchar(55) NULL default NULL, `position` varchar(150) NULL default NULL, `description` text NULL DEFAULT NULL, `disabled` tinyint(1) NULL default 0, PRIMARY KEY (`id`), FOREIGN KEY (`id_company`) REFERENCES tcompany(`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; * */ $id_contact = get_db_value('id', 'tcompany_contact', 'fullname', safe_input($values["fullname"])); if ($id_contact == "" and $id_company != "") { $temp["fullname"] = safe_input(trim($values['fullname'])); $temp["email"] = safe_input(trim($values["email_address"])); $temp["phone"] = safe_input(trim($values["phone_home"])); $temp["mobile"] = safe_input(trim($values["phone_mobile"])); $temp["description"] = safe_input(trim($values["description"])); $temp["position"] = safe_input(trim($values["title"])); $temp["id_company"] = $id_company; process_sql_insert('tcompany_contact', $temp); } } fclose($file);
function um_component_add_blacklist($component, $name) { $values = array('component' => $component->name, 'name' => $name); $result = process_sql_insert(DB_PREFIX . 'tupdate_component_blacklist', $values); if ($result === false) { echo '<strong>Error creating blacklist component</strong> <br />'; return false; } return true; }
function um_db_create_update($type, $component_name, $id_package, $update, $db_data = NULL) { global $db; global $config; if ($id_package == 0) { return false; } $component = um_db_get_component($component_name); if (!$component) { return; } $values = array('type' => $type, 'component' => $component_name, 'id_update_package' => $id_package); switch ($type) { case 'code': $filepath = realpath($component->path . '/' . $update->filename); $values['svn_version'] = um_file_get_svn_revision($filepath); case 'binary': $last_update = um_update_get_last_from_filename($component_name, $update->filename); $filepath = realpath($component->path . '/' . $update->filename); $values['checksum'] = md5_file($filepath); if ($last_update && $last_update->checksum == $values['checksum']) { return false; } /* Add relative path if has one */ if ($component->relative_path != '') { $values['filename'] = $component->relative_path . $update->filename; } else { $values['filename'] = $update->filename; } $values['data'] = um_file_uuencode($filepath); if ($last_update && $last_update->checksum != '') { $values['previous_checksum'] = $last_update->checksum; } break; case 'db_data': if ($db_data === NULL) { return false; } $component_db = um_db_get_component_db($update->id_component_db); $field = $component_db->field_name; $values['db_field_value'] = $db_data->{$field}; $values['id_component_db'] = $update->id_component_db; switch ($config["dbtype"]) { case "mysql": $values['data'] = um_data_encode('INSERT INTO `' . $component_db->table_name . '` (`' . implode('`,`', array_keys(get_object_vars($db_data))) . '`) VALUES (\'' . implode('\',\'', get_object_vars($db_data)) . '\')'); break; case "postgresql": $values['data'] = um_data_encode('INSERT INTO "' . $component_db->table_name . '" ("' . implode('", "', array_keys(get_object_vars($db_data))) . '") VALUES (\'' . implode('\',\'', get_object_vars($db_data)) . '\')'); break; case "oracle": $values['data'] = um_data_encode('INSERT INTO ' . $component_db->table_name . ' (' . implode(', ', array_keys(get_object_vars($db_data))) . ') VALUES (\'' . implode('\',\'', get_object_vars($db_data)) . '\')'); break; } break; case 'db_schema': $values['data'] = um_data_encode($update->data); break; default: return false; } $result = process_sql_insert(DB_PREFIX . 'tupdate', $values); if ($result === false) { echo '<strong>Error creating update</strong> <br />'; return false; } return true; }
if ((!dame_admin ($config['id_user'])) && ($user_in_group == false)) { // Doesn't have access to this page audit_db ($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access inventory reports"); include ("general/noaccess.php"); return; } $result_msg = ''; if ($create) { $values['name'] = (string) get_parameter ('name'); $values['sql'] = (string) get_parameter ('sql'); $values['id_group'] = get_parameter('id_group', 0); $result = false; if (! empty ($values['name'])) $result = process_sql_insert ('tinventory_reports', $values); if ($result) { $result_msg = ui_print_success_message (__("Successfully created"), '', true, 'h3', true); $id = $result; } else { $result_msg = ui_print_error_message (__('Could not be created'), '', true, 'h3', true); $id = false; } } if ($update) { $values['name'] = (string) get_parameter ('name'); $values['sql'] = (string) get_parameter ('sql'); $values['id_group'] = get_parameter('id_group');
public function insertIncident($title, $description, $group_id, $id_creator = "", $status = 1, $priority = 2, $resolution = 0, $id_task = 0, $sla_disabled = 0, $id_incident_type = 0, $email_copy = "", $email_notify = -1, $id_parent = 0, $epilog = "") { $system = System::getInstance(); if ($id_creator == "") { $id_creator = $system->getConfig('id_user'); } if ($email_notify == -1) { $email_notify = get_db_value("forced_email", "tgrupo", "id_grupo", $group_id); } if ($id_parent == 0) { $idParentValue = 'NULL'; } else { $idParentValue = sprintf('%d', $id_parent); } $user_responsible = get_group_default_user($group_id); $id_user_responsible = $user_responsible['id_usuario']; if ($id_user_responsible === false) { $id_user_responsible = $system->getConfig('id_user'); } $id_inventory = get_group_default_inventory($group_id, true); // DONT use MySQL NOW() or UNIXTIME_NOW() because // Integria can override localtime zone by a user-specified timezone. $timestamp = print_mysql_timestamp(); $sql = "INSERT INTO tincidencia\n\t\t\t\t(inicio, actualizacion, titulo, descripcion, id_usuario,\n\t\t\t\testado, prioridad, id_grupo, id_creator, notify_email, id_task,\n\t\t\t\tresolution, id_incident_type, sla_disabled, email_copy, epilog)\n\t\t\t\tVALUES ('{$timestamp}', '{$timestamp}', '{$title}', '{$description}',\n\t\t\t\t'{$id_user_responsible}', {$status}, {$priority}, {$group_id}, '{$id_creator}',\n\t\t\t\t{$email_notify}, {$id_task}, {$resolution}, {$id_incident_type}, {$sla_disabled},\n\t\t\t\t'{$email_copy}', '{$epilog}')"; $id_incident = process_sql($sql, 'insert_id'); if ($id_incident !== false) { if (include_once $system->getConfig('homedir') . "/include/functions_incidents.php") { /* Update inventory objects in incident */ update_incident_inventories($id_incident, array($id_inventory)); } audit_db($config["id_user"], $config["REMOTE_ADDR"], "Ticket created", "User " . $config['id_user'] . " created ticket #" . $id_incident); incident_tracking($id_incident, INCIDENT_CREATED); // Email notify to all people involved in this incident if ($email_notify) { mail_incident($id_incident, $usuario, "", 0, 1); } // Insert data of incident type fields if ($id_incident_type > 0) { $sql_label = "SELECT `label` FROM `tincident_type_field` WHERE id_incident_type = {$id_incident_type}"; $labels = get_db_all_rows_sql($sql_label); if ($labels === false) { $labels = array(); } foreach ($labels as $label) { $id_incident_field = get_db_value_filter('id', 'tincident_type_field', array('id_incident_type' => $id_incident_type, 'label' => $label['label']), 'AND'); $values_insert['id_incident'] = $id_incident; $values_insert['data'] = $system->getRequest(base64_encode($label['label'])); $values_insert['id_incident_field'] = $id_incident_field; $id_incident_field = get_db_value('id', 'tincident_type_field', 'id_incident_type', $id_incident_type); process_sql_insert('tincident_field_data', $values_insert); } } return $id_incident; } }