$var_langCode = $var_row["vLangCode"]; $var_langDesc = $var_row["vLangDesc"]; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; } mysql_free_result($var_result); } elseif ($_POST["postback"] == "A") { if ($user_flag == 1 or $staff_flag == 1 or $admin_flag == 1 or $parser_flag == 1) { $var_message = TEXT_ENABLE_WRITE_PERMISSION; $flag_msg = 'class="msg_error"'; } else { $var_langCode = trim($_POST["txtLangCode"]); $var_langDesc = trim($_POST["txtLangDesc"]); if (isValidlangcode($var_langCode) and isValidlangcode($var_langDesc)) { if (validateAddition($var_langCode, $var_langDesc) == true) { /* copy language file to folder*/ $totalfile = 0; $numberoffileinen_admin = getnumfiles("./languages/en/"); $totalfile = 0; $numberoffileinen_staff = getnumfiles("../staff/languages/en/"); $totalfile = 0; $numberoffileinen_user = getnumfiles("../languages/en/"); $totalfile = 0; $totalfile = 0; $numberoffileinen_parser = getnumfiles("../parser/languages/en/"); $dfen = number_format(getsize("./languages/en/"), 0, ',', ''); $stafffilemissing = 0; $adminfilemissing = 0; $userfilemissing = 0; $parserfilemissing = 0;
function validateUpdation() { global $var_time; if (validateAddition() == false) { return false; } else { return true; } }
} else { $var_id = ""; $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; } } elseif ($_POST["postback"] == "A") { $var_title = trim($_POST["txtTitle"]); $var_desc = trim($_POST["txtDesc"]); $dup_flag = 0; //check duplicate name template title to block page refrsh $sql = "select * from sptbl_templates WHERE vTemplateTitle ='" . mysql_real_escape_string($var_title) . "'"; $rs = executeSelect($sql, $conn); if (mysql_num_rows($rs) > 0) { $dup_flag = 1; } if (validateAddition() == true and $dup_flag == 0) { $sql = "Insert into sptbl_templates (nTemplateId,vTemplateTitle,dDate,tTemplateDesc,nStaffId,vStatus"; $sql .= ") Values('','" . mysql_real_escape_string($var_title) . "',now(),'" . mysql_real_escape_string($var_desc) . "','{$var_staffid}','1')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Templates','" . mysql_real_escape_string($var_insert_id) . "',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED; $flag_msg = 'class="msg_success"'; $var_title = ""; $var_desc = ""; } else { $var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"'; $file_uploaded = 0; } else { if (!is_uploaded_file($_FILES['txtExtensionFile']['tmp_name']) or trim(mysql_real_escape_string($_POST["txtExtension"])) == "") { $var_message = TXT_FILE_NOT_UPLOADED; $flag_msg = 'class="msg_error"'; $file_uploaded = 0; } else { $file_type = $_FILES['txtExtensionFile']['type']; //echo "filetype==$file_type"; $file_uploaded = 1; } } if ($file_uploaded == 1) { $fileext_type = mysql_real_escape_string($_POST["txtExtension"]) . "|" . $file_type; if (validateAddition(mysql_real_escape_string($fileext_type))) { $sql = "Insert into sptbl_lookup(nLookUpId,vLookUpName,vLookUpValue) values('','Attachments','" . $fileext_type . "')"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Lookup/Attachment','" . mysql_real_escape_string($_POST["txtExtension"]) . "',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED; $flag_msg = 'class="msg_success"'; } else { $var_message = MESSAGE_RECORD_DUPLICATE; $flag_msg = 'class="msg_error"'; } } }
$var_styleminus = $_GET["styleminus"]; $var_stylename = $_GET["stylename"]; $var_styleplus = $_GET["styleplus"]; } else { $var_styleminus = $_POST["styleminus"]; $var_stylename = $_POST["stylename"]; $var_styleplus = $_POST["styleplus"]; } $var_staffid = $_SESSION["sess_staffid"]; $var_message = ""; if ($_POST["postback"] == "A") { $var_title = $_POST["txtTitle"]; $var_description = $_POST["txtDescription"]; $var_status = $_POST["rdSts"]; $var_date = date("Y-m-d"); if (validateAddition() == true) { //Insert into the company table $sql = "Insert into sptbl_cannedmessages(nMsgId,vTitle,vDescription,vStatus,nStaffId,dDate)"; $sql .= " Values('','" . mysql_real_escape_string($var_title) . "','" . mysql_real_escape_string($var_description) . "','" . mysql_real_escape_string($var_status) . "','" . mysql_real_escape_string($var_staffid) . "',\r\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_date) . "')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . mysql_real_escape_string(TEXT_ADDITION) . "','Canned Message','{$var_insert_id}',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED; $flag_msg = "class='msg_success'"; //Send mail with the password to the user here } else { $var_message = MESSAGE_RECORD_ERROR;
break; default: $file_name = $uploadstatus; break; } $sql = "SELECT nCSSId FROM sptbl_css WHERE vCSSName ='" . mysql_real_escape_string($var_desc) . "'"; $rs = executeSelect($sql, $conn); if (mysql_num_rows($rs) > 0) { if ($file_name != "") { unlink("../styles/" . $file_name); } $dup_flag = 1; } if ($dup_flag == 1) { $var_message = "<font color=red>Specified theme already exists, please use another name.</font>"; } elseif (validateAddition() == true and $errorcode == "") { //Insert into the downloads table $file_name = "styles/" . $file_name; $sql = "Insert into sptbl_css(nCSSId,vCSSName,vCSSURL,dDate"; $sql .= ") Values('','" . mysql_real_escape_string($var_desc) . "','" . mysql_real_escape_string($file_name) . "',now())"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','CSS','" . mysql_real_escape_string($var_insert_id) . "',now())"; executeQuery($sql, $conn); } $var_desc = ""; $var_message = MESSAGE_RECORD_ADDED; } else { $var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . $errorcode . "</font>";
case "IF": $errorcode = MESSAGE_UPLOAD_ERROR_6; break; default: $file_name = $uploadstatus; break; } $sql = "SELECT nDLId FROM sptbl_downloads WHERE vDescription ='" . mysql_real_escape_string($var_desc) . "'"; $rs = executeSelect($sql, $conn); if (mysql_num_rows($rs) > 0) { if ($file_name != "") { unlink("../downloads/" . $file_name); } $dup_flag = 1; } if (validateAddition() == true and $errorcode == "" and $dup_flag == 0) { //Insert into the downloads table $file_name = "downloads/" . $file_name; $sql = "Insert into sptbl_downloads(nDLId,vDescription,vURL,dPostdate,vType"; $sql .= ") Values('','" . mysql_real_escape_string($var_desc) . "','" . mysql_real_escape_string($file_name) . "',now(),'1')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Downloads','" . mysql_real_escape_string($var_insert_id) . "',now())"; executeQuery($sql, $conn); } $var_desc = ""; $var_message = MESSAGE_RECORD_ADDED; } else { $var_message = "<font color=red>" . MESSAGE_RECORD_ERROR . $errorcode . "</font>";
$var_staffLogin = $_POST["txtStaffLogin"]; $var_password = $_POST["txtPassword"]; $var_email = $_POST["txtEmail"]; $var_yim = $_POST["txtYim"]; $var_smsMail = $_POST["txtSmsMail"]; $var_mobile = $_POST["txtMobile"]; $var_cssId = $_POST["cmbCssId"]; $var_refreshRate = $_POST["cmbRefresh"]; settype($var_refreshRate, integer); $var_notifyAssign = $_POST["rdNotifyAssign"] == "1" ? $_POST["rdNotifyAssign"] : "0"; $var_notifyPvtMsg = $_POST["rdNotifyPvtMsg"] == "1" ? $_POST["rdNotifyPvtMsg"] : "0"; $var_notifyKB = $_POST["rdNotifyKB"] == "1" ? $_POST["rdNotifyKB"] : "0"; $var_watcher = $_POST["rdWatcher"] == "1" ? $_POST["rdWatcher"] : "0"; $var_notifyArrival = $_POST["rdNotifyArrival"] == "1" ? $_POST["rdNotifyArrival"] : "0"; $var_signature = $_POST["txtSignature"]; $addition_flag = validateAddition(); if ($addition_flag == 1) { if (!isUniqueEmail($var_email)) { $var_message = MESSAGE_NONUNIQUE_EMAIL; $flag_msg = 'class="msg_error"'; } else { //Insert into the company table $sql = "Insert into sptbl_staffs(nStaffId,vStaffname,vLogin,vPassword,vOnline,vMail,vYIM,vSMSMail,vMobileNo,nCSSId,nRefreshRate,nNotifyAssign,"; $sql .= "nNotifyPvtMsg,nNotifyKB,nNotifyArrival,vType,nWatcher,tSignature) Values('','" . mysql_real_escape_string($var_staffName) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_staffLogin) . "','" . md5($var_password) . "','0','" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_yim) . "','" . mysql_real_escape_string($var_smsMail) . "','" . mysql_real_escape_string($var_mobile) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_cssId) . "','" . mysql_real_escape_string($var_refreshRate) . "','" . $var_notifyAssign . "',\n\t\t\t\t\t\t'" . $var_notifyPvtMsg . "','" . $var_notifyKB . "','" . $var_notifyArrival . "','S',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_watcher) . "','" . mysql_real_escape_string($var_signature) . "')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); $sql = "Insert into sptbl_stafffields(nStaffId,nFieldId) Values('{$var_insert_id}','1'),('{$var_insert_id}','2'),('{$var_insert_id}','3'),('{$var_insert_id}','4')"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Staff','{$var_insert_id}',now())";
$var_companyid = trim($_POST["cmbCompany"]); $var_parentid = trim($_POST["cmbParentDepartment"]); $var_deptname = trim($_POST["txtDepartmentName"]); $var_email = trim($_POST["txtEmail"]); $var_deptcode = trim($_POST["txtDeptCode"]); $var_responsetime = trim($_POST["txtResponseTime"]); $dup_flag = 0; //check duplicate name department name //$sql="SELECT nDeptId FROM sptbl_depts WHERE nCompId=$var_companyid and nDeptParent=$var_parentid and vDeptDesc='".mysql_real_escape_string($var_deptname) . "'"; $sql = "SELECT nDeptId FROM sptbl_depts WHERE (nCompId={$var_companyid} and nDeptParent={$var_parentid} and vDeptDesc='" . mysql_real_escape_string($var_deptname) . "') or "; $sql .= " (nCompId={$var_companyid} and vDeptCode='" . mysql_real_escape_string($var_deptcode) . "') "; $rs = executeSelect($sql, $conn); if (mysql_num_rows($rs) > 0) { $dup_flag = 1; } if (validateAddition($var_parentid) == true and $dup_flag == 0) { if (!isUniqueEmail($var_email)) { $var_message = MESSAGE_NONUNIQUE_EMAIL; $flag_msg = 'class="msg_error"'; } else { //Insert into the company table $sql = "Insert into sptbl_depts(nDeptId,nCompId,vDeptDesc,nDeptParent,vDeptMail,vDeptCode,nResponseTime"; $sql .= ") Values('','" . mysql_real_escape_string($var_companyid) . "','" . mysql_real_escape_string($var_deptname) . "','" . mysql_real_escape_string($var_parentid) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_deptcode) . "','" . mysql_real_escape_string($var_responsetime) . "')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Department','" . mysql_real_escape_string($var_insert_id) . "',now())"; executeQuery($sql, $conn); } //insert into staff assign
} mysql_free_result($var_result); } elseif ($_POST["postback"] == "A") { $var_companyName = trim($_POST["txtCompanyName"]); $var_address1 = trim($_POST["txtAddress1"]); $var_address2 = trim($_POST["txtAddress2"]); $var_city = trim($_POST["txtCity"]); $var_state = trim($_POST["txtState"]); $var_phone = trim($_POST["txtPhone"]); $var_fax = trim($_POST["txtFax"]); $var_email = trim($_POST["txtEmail"]); $var_zip = trim($_POST["txtZip"]); $var_contact = trim($_POST["txtContact"]); $var_country = trim($_POST["cmbCountry"]); $var_message = ""; if (validateAddition($var_email, $var_message) == true) { //Insert into the company table $sql = "Insert into sptbl_companies(nCompId,vCompName,vCompAddress1,vCompAddress2,vCompCity,vCompState,nCompZip,vCompCountry,vCompPhone,"; $sql .= "vCompFax,vCompMail,vCompContact) Values('','" . mysql_real_escape_string($var_companyName) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_address1) . "','" . mysql_real_escape_string($var_address2) . "','" . mysql_real_escape_string($var_city) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_state) . "','" . mysql_real_escape_string($var_zip) . "','" . mysql_real_escape_string($var_country) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_phone) . "','" . mysql_real_escape_string($var_fax) . "','" . mysql_real_escape_string($var_email) . "',\r\n\t\t\t\t\t'" . mysql_real_escape_string($var_contact) . "')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Company','{$var_insert_id}',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED; $flag_msg = 'class="msg_success"'; $var_companyName = ""; $var_address1 = ""; $var_address2 = "";
$var_date = $var_row["ddate"]; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = "class='msg_error'"; } mysql_free_result($var_result); } elseif ($_POST["postback"] == "A") { $var_userName = $_POST["txtUserName"]; $var_userLogin = $_POST["txtUserLogin"]; $var_password = $_POST["txtPassword"]; $var_online = ""; $var_email = $_POST["txtEmail"]; $var_banned = $_POST["rdBanned"] == "1" ? $_POST["rdBanned"] : "0"; $var_compId = $_POST["cmbCompanyId"]; $var_date = date("m-d-Y h:i:s"); $validate_msg = validateAddition(); if ($validate_msg != "failure" && strlen($validate_msg) < 8) { if (isUniqueEmailUser($var_email, 0, $var_compId)) { //Insert into the company table $sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,ddate,vOnline,"; $sql .= "vBanned,vDelStatus) Values('','" . mysql_real_escape_string($var_compId) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_userName) . "','" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_userLogin) . "',\n\t\t\t\t\t\t'" . md5($var_password) . "',now(),'0','0','0')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . mysql_real_escape_string(TEXT_ADDITION) . "','Users','{$var_insert_id}',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED; $flag_msg = "class='msg_success'"; //Send mail with the password to the user here
} mysql_free_result($var_result); } elseif ($_POST["postback"] == "A") { // Inserting New Rule $ruleName = trim($_POST["txtRuleName"]); $comapny = trim($_POST["txtCompany"]); $dept = trim($_POST["txtDept"]); $staff = trim($_POST["txtStaff"]); $settings = trim($_POST["settings"]); $txtResponseSetting = trim($_POST["txtResponseSetting"]); $var_message = ""; $Time_settings = $settings == 'T' ? "Y" : "N"; $Count_settings = $settings == 'C' ? "Y" : "N"; $txtTime = $Time_settings == 'Y' ? $txtResponseSetting : ""; $txtCount = $Count_settings == 'Y' ? $txtResponseSetting : ""; if (validateAddition($ruleName, $var_message) == true) { //Insert into the company table $sql = "Insert into sptbl_escalationrules(nERId,vRuleName,nCompId,nDeptId,eRespTimeSetting,eRespCountSetting,nResponseTime,nResponseCount,nStaffId,"; $sql .= "nStatus) Values('','" . mysql_real_escape_string($ruleName) . "',\n\t\t\t\t\t'" . mysql_real_escape_string($comapny) . "','" . mysql_real_escape_string($dept) . "','" . mysql_real_escape_string($Time_settings) . "',\n\t\t\t\t\t'" . mysql_real_escape_string($Count_settings) . "','" . mysql_real_escape_string($txtTime) . "','" . mysql_real_escape_string($txtCount) . "',\n\t\t\t\t\t'" . mysql_real_escape_string($staff) . "','0')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); $var_message = MESSAGE_RECORD_ADDED; $flag_msg = 'class="msg_success"'; $ruleName = ""; $comapny = ""; $dept = ""; $staff = ""; $settings = ""; $txtResponseSetting = ""; $var_id = ""; } else {
$var_message = MESSAGE_USER_NOTEXIST; $flag_msg = 'class="msg_error"'; } mysql_free_result($var_result); } elseif ($_POST["postback"] == "A") { $var_userName = $_POST["txtUserName"]; $var_userLogin = $_POST["txtUserLogin"]; $var_password = $_POST["txtPassword"]; $var_online = ""; $var_email = $_POST["txtEmail"]; $var_banned = $_POST["rdBanned"] == "1" ? $_POST["rdBanned"] : "0"; $var_compId = $_POST["cmbCompanyId"]; $var_date = date("m-d-Y h:i:s"); $var_active = $_POST["rdActive"] == "1" ? $_POST["rdActive"] : "0"; $addition_flag = validateAddition(); if (validateAddition() == 1) { if (!isUniqueEmailUser($var_email, 0, $var_compId)) { $var_message = MESSAGE_NONUNIQUE_EMAIL; $flag_msg = 'class="msg_error"'; } else { //Insert into the company table $sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,ddate,vOnline,"; $sql .= "vBanned,vDelStatus) Values('','" . mysql_real_escape_string($var_compId) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_userName) . "','" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_userLogin) . "',\n\t\t\t\t\t\t'" . md5($var_password) . "',now(),'0','{$var_banned}','{$var_active}')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Users','{$var_insert_id}',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED;
executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { for ($i = 0; $i < count($_POST["chk"]); $i++) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_DELETION . "','Lookup/ExtraStatus','" . mysql_real_escape_string($_POST["chk"][$i]) . "',now())"; executeQuery($sql, $conn); } } $var_message = MESSAGE_RECORD_DELETED; $flag_msg = "class='msg_success'"; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = "class='msg_error'"; } } elseif ($_POST["postback"] == "A") { if (validateAddition(mysql_real_escape_string($_POST["txtExtraStatus"]))) { $sql = "Insert into sptbl_lookup(nLookUpId,vLookUpName,vLookUpValue) values('','ExtraStatus','" . mysql_real_escape_string($_POST["txtExtraStatus"]) . "')"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Lookup/ExtraStatus','" . mysql_real_escape_string($_POST["txtExtraStatus"]) . "',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED; $flag_msg = "class='msg_success'"; } else { $var_message = MESSAGE_STATUS_ABORTED; $flag_msg = "class='msg_error'"; } } function validateDeletion($var_list, $fl)