public function throwStoreResourceFailedException($message = 'Failed to store your requested resource.', Validator $validator = null)
{
if ($validator instanceof Validator) {
throw new \Dingo\Api\Exception\StoreResourceFailedException($message, $validator->errors());
} else {
throw new \Dingo\Api\Exception\StoreResourceFailedException($message);
}
}
/**
* Validates a model
*
* @param array $data
* @param boolean $isUpdate
* @return boolean
*/
public function validate($data, $isUpdate = false)
{
if ($isUpdate) {
$rules = static::$updateRules;
} else {
$rules = static::$createRules;
}
if (is_null($rules)) {
throw new \Exception(new MessageBag(['Could not find ' . ($isUpdate ? 'update' : 'create') . ' rules for ' . get_class($this)]));
}
$this->validation = \Validator::make($data, $rules);
if (!$this->validation->passes()) {
throw new ValidationException(new MessageBag($this->validation->errors()->all()));
}
return true;
}
public function update($args)
{
if (!Token::match(Input::get('_token'))) {
return Redirect::back();
}
$v = new Validator();
$v->validate(Input::all(), ['title' => 'required|min:3', 'body' => 'required']);
if (!$v->passed()) {
return Redirect::back(['key' => 'errors', 'values' => $v->errors()]);
}
$id = $args['id'];
$post = $this->post->update($id, ['title' => Input::get('title'), 'body' => Input::get('body')]);
if ($post) {
Session::flash('success', 'Successfully updated a post.');
return Redirect::to('/');
}
}
public function callAction()
{
$data = array_intersect_key($_POST, array_flip(array('phone', 'fio', 'formid')));
// Validate data
$validator = new Validator($data);
$validator->rule('empty', 'formid')->message('Некорректный идентификатор формы');
$validator->rule('required', 'phone')->message('Поле не заполнено');
$validator->rule('phone', 'phone')->message('Некорректный номер телефона');
if ($validator->validate()) {
if (empty($data['fio'])) {
$data['fio'] = 'Личный номер';
}
unset($data['formid']);
// Send to subscribers
$mailers = MSCore::db()->getCol('SELECT mail FROM `' . PRFX . 'mailer` WHERE type = ' . self::TARGET_CALL . ' OR type = 0');
$data['date'] = date('Y-m-d H:i:s');
MSCore::db()->insert(PRFX . 'order_call', $data);
if (is_array($mailers) && !empty($mailers)) {
// Send email
$sendMail = new SendMail();
$sendMail->init();
$sendMail->setSubject('Обратный звонок на ' . DOMAIN);
$sendMail->setFrom('noreply@' . DOMAIN, 'Первая кровельная');
// Prepare body
$message = template('email/call', array('data' => $data));
$sendMail->setMessage($message);
foreach ($mailers as $_email) {
$sendMail->setTo($_email);
$sendMail->send();
}
unset($sendMail);
}
$content = template('ajax/success/call');
$this->addData(array('content' => $content));
} else {
$errors = $validator->errors();
foreach ($errors as $_name => $_error) {
if (is_array($_error)) {
$errors[$_name] = reset($_error);
}
}
$this->errorAction(1001, 'Некорректно заполненные поля', array('errors' => $errors));
}
}
public static function check($formData, $validatorRules)
{
self::$errors = array();
$formData = self::sanitizeInput($formData);
self::$currentFormData = $formData;
foreach ($formData as $formDataKey => $formDataValue) {
if (isset($validatorRules[$formDataKey])) {
$status = true;
$rules = explode('|', $validatorRules[$formDataKey]);
foreach ($rules as $rule) {
$ruleElement = explode(":", $rule);
$method = $ruleElement[0];
unset($ruleElement[0]);
$ruleElement = array_values($ruleElement);
$result = self::$method($formDataKey, $formDataValue, $ruleElement);
$status = $status && $result;
}
}
}
}
$update_data .= "`{$field}` = '{$insert_data[$field]}'";
}
if ($job_id) {
// Update
$where = " WHERE id = '{$job_id}' AND service_id = '{$service}'";
updateDB($update_data, $where, 'service_packages');
$return_data['type'] = 'update';
} else {
// Insert
$insert_data['service_id'] = $service;
$job_id = insertDB($insert_data, 'service_packages');
$return_data['type'] = 'insert';
}
$return_data['id'] = $job_id;
$return_data['name'] = $insert_data['job'];
$return_data['status'] = 1;
$return_data['message'] = 'Job updated successfully';
} else {
$messages = '';
foreach ($v->errors() as $k => $msgs) {
foreach ($msgs as $msg) {
$messages .= $msg . "<br>";
}
}
$return_data['message'] = $messages;
}
} else {
$return_data['message'] = 'An error occured';
}
echo json_encode($return_data);
exit;
function updatePref($var, &$errors)
{
if (!$var || $errors) {
return false;
}
$f = array();
$f['helpdesk_url'] = array('type' => 'string', 'required' => 1, 'error' => 'Helpdesk URL erforderlich');
//TODO: Add url validation
$f['helpdesk_title'] = array('type' => 'string', 'required' => 1, 'error' => 'URL del centro de ayuda Requerida');
$f['default_dept_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Titulo Requerido');
$f['default_email_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Departamento por defecto Requerido');
$f['default_template_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Email pr defecto Requerido');
$f['staff_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Debes selecionar una Plantilla');
$f['client_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Introduzca el tiempo de inactividad en minutos');
$f['time_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato de hora Requerido');
//TODO: Add date format validation
$f['date_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato de fecha Requerido');
$f['datetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato de fecha y hora Requerido');
$f['daydatetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato de fecha con dia y hora Requerido');
$f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Email valido Requerido');
$f['autolock_minutes'] = array('type' => 'int', 'required' => 1, 'error' => 'Introduzca tiempo de Bloqueo en minutos');
//TODO: check option fields for validity.
//do the validation.
$val = new Validator();
$val->setFields($f);
if (!$val->validate($var)) {
$errors = array_merge($errors, $val->errors());
}
if ($var['ticket_alert_active'] && (!isset($var['ticket_alert_admin']) && !isset($var['ticket_alert_dept_manager']) && !isset($var['ticket_alert_dept_members']))) {
$errors['ticket_alert_active'] = 'No ha selecionado un destinario';
}
if ($var['message_alert_active'] && (!isset($var['message_alert_laststaff']) && !isset($var['message_alert_assigned']) && !isset($var['message_alert_dept_manager']))) {
$errors['message_alert_active'] = 'No ha selecionado un destinario';
}
if ($var['note_alert_active'] && (!isset($var['note_alert_laststaff']) && !isset($var['note_alert_assigned']) && !isset($var['note_alert_dept_manager']))) {
$errors['note_alert_active'] = 'No ha selecionado un destinario';
}
if ($var['strip_quoted_reply'] && !$var['reply_separator']) {
$errors['reply_separator'] = 'Separador de respuesta Requerido (?)';
}
if ($var['enable_captcha']) {
if (!extension_loaded('gd')) {
$errors['enable_captcha'] = 'La extensión GD es Requerida';
} elseif (!function_exists('imagepng')) {
$errors['enable_captcha'] = 'PNG debe ser soportado para el Capcha';
}
}
if (!$errors['admin_email'] && Email::getIdByEmail($var['admin_email'])) {
//Make sure admin email is not also a system email.
$errors['admin_email'] = 'Esta cuenta de correo ya esta siendo utilizada como cuenta del Sistema';
}
if ($errors) {
return false;
}
//No go!
//We are good to go...blanket update!
$sql = 'UPDATE ' . CONFIG_TABLE . ' SET isonline=' . db_input($var['isonline']) . ',timezone_offset=' . db_input($var['timezone_offset']) . ',enable_daylight_saving=' . db_input(isset($var['enable_daylight_saving']) ? 1 : 0) . ',staff_ip_binding=' . db_input(isset($var['staff_ip_binding']) ? 1 : 0) . ',staff_max_logins=' . db_input($var['staff_max_logins']) . ',staff_login_timeout=' . db_input($var['staff_login_timeout']) . ',staff_session_timeout=' . db_input($var['staff_session_timeout']) . ',client_max_logins=' . db_input($var['client_max_logins']) . ',client_login_timeout=' . db_input($var['client_login_timeout']) . ',client_session_timeout=' . db_input($var['client_session_timeout']) . ',max_page_size=' . db_input($var['max_page_size']) . ',log_level=' . db_input($var['log_level']) . ',log_graceperiod=' . db_input($var['log_graceperiod']) . ',max_open_tickets=' . db_input($var['max_open_tickets']) . ',autolock_minutes=' . db_input($var['autolock_minutes']) . ',overdue_grace_period=' . db_input($var['overdue_grace_period']) . ',alert_email_id=' . db_input($var['alert_email_id']) . ',default_email_id=' . db_input($var['default_email_id']) . ',default_dept_id=' . db_input($var['default_dept_id']) . ',default_priority_id=' . db_input($var['default_priority_id']) . ',default_template_id=' . db_input($var['default_template_id']) . ',default_smtp_id=' . db_input($var['default_smtp_id']) . ',spoof_default_smtp=' . db_input($var['default_smtp'] && isset($var['spoof_default_smtp']) ? 1 : 0) . ',clickable_urls=' . db_input(isset($var['clickable_urls']) ? 1 : 0) . ',allow_priority_change=' . db_input(isset($var['allow_priority_change']) ? 1 : 0) . ',use_email_priority=' . db_input(isset($var['use_email_priority']) ? 1 : 0) . ',enable_captcha=' . db_input(isset($var['enable_captcha']) ? 1 : 0) . ',enable_auto_cron=' . db_input(isset($var['enable_auto_cron']) ? 1 : 0) . ',enable_mail_fetch=' . db_input(isset($var['enable_mail_fetch']) ? 1 : 0) . ',enable_email_piping=' . db_input(isset($var['enable_email_piping']) ? 1 : 0) . ',send_sql_errors=' . db_input(isset($var['send_sql_errors']) ? 1 : 0) . ',send_login_errors=' . db_input(isset($var['send_login_errors']) ? 1 : 0) . ',save_email_headers=' . db_input(isset($var['save_email_headers']) ? 1 : 0) . ',strip_quoted_reply=' . db_input(isset($var['strip_quoted_reply']) ? 1 : 0) . ',log_ticket_activity=' . db_input(isset($var['log_ticket_activity']) ? 1 : 0) . ',ticket_autoresponder=' . db_input($var['ticket_autoresponder']) . ',message_autoresponder=' . db_input($var['message_autoresponder']) . ',ticket_notice_active=' . db_input($var['ticket_notice_active']) . ',ticket_alert_active=' . db_input($var['ticket_alert_active']) . ',ticket_alert_admin=' . db_input(isset($var['ticket_alert_admin']) ? 1 : 0) . ',ticket_alert_dept_manager=' . db_input(isset($var['ticket_alert_dept_manager']) ? 1 : 0) . ',ticket_alert_dept_members=' . db_input(isset($var['ticket_alert_dept_members']) ? 1 : 0) . ',message_alert_active=' . db_input($var['message_alert_active']) . ',message_alert_laststaff=' . db_input(isset($var['message_alert_laststaff']) ? 1 : 0) . ',message_alert_assigned=' . db_input(isset($var['message_alert_assigned']) ? 1 : 0) . ',message_alert_dept_manager=' . db_input(isset($var['message_alert_dept_manager']) ? 1 : 0) . ',note_alert_active=' . db_input($var['note_alert_active']) . ',note_alert_laststaff=' . db_input(isset($var['note_alert_laststaff']) ? 1 : 0) . ',note_alert_assigned=' . db_input(isset($var['note_alert_assigned']) ? 1 : 0) . ',note_alert_dept_manager=' . db_input(isset($var['note_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_active=' . db_input($var['overdue_alert_active']) . ',overdue_alert_assigned=' . db_input(isset($var['overdue_alert_assigned']) ? 1 : 0) . ',overdue_alert_dept_manager=' . db_input(isset($var['overdue_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_dept_members=' . db_input(isset($var['overdue_alert_dept_members']) ? 1 : 0) . ',auto_assign_reopened_tickets=' . db_input(isset($var['auto_assign_reopened_tickets']) ? 1 : 0) . ',show_assigned_tickets=' . db_input(isset($var['show_assigned_tickets']) ? 1 : 0) . ',show_answered_tickets=' . db_input(isset($var['show_answered_tickets']) ? 1 : 0) . ',hide_staff_name=' . db_input(isset($var['hide_staff_name']) ? 1 : 0) . ',overlimit_notice_active=' . db_input($var['overlimit_notice_active']) . ',random_ticket_ids=' . db_input($var['random_ticket_ids']) . ',time_format=' . db_input($var['time_format']) . ',date_format=' . db_input($var['date_format']) . ',datetime_format=' . db_input($var['datetime_format']) . ',daydatetime_format=' . db_input($var['daydatetime_format']) . ',reply_separator=' . db_input(trim($var['reply_separator'])) . ',admin_email=' . db_input($var['admin_email']) . ',helpdesk_title=' . db_input($var['helpdesk_title']) . ',helpdesk_url=' . db_input($var['helpdesk_url']) . ' WHERE id=' . $this->getId();
//echo $sql;
if (db_query($sql)) {
if (db_affected_rows()) {
//Something actually changed!!!!
$this->reload();
//Reload the new info.
require_once INCLUDE_DIR . 'class.cron.php';
Sys::purgeLogs();
//Cleanup the logs --- too bad if it was a mistaken config.
Cron::TicketMonitor();
//Age & cleanup
}
return true;
}
return false;
}
$errors = [];
$spam = [];
$validator = new Validator($_POST);
$validator->check('nom', 'required');
$validator->check('prénom', 'required');
$validator->check('email', 'email');
$validator->check('email', 'required');
$validator->check('tel', 'tel');
$validator->check('description', 'required');
$validator->specialcheck('arbitraryfield', 'empty');
// for select
$validator->check('pack', 'select', array_keys($pack));
$validator->check('event_type', 'select', array_keys($event));
$validator->check('background-your-choice', 'select', array_keys($backgroundchoice));
$validator->check('know_me', 'select', array_keys($know_me));
$errors = $validator->errors();
$spam = $validator->spam();
if (!empty($spam)) {
$_SESSION['spam'] = $spam;
// redirection
header('Location:success.php');
} else {
if (!empty($errors)) {
$_SESSION['errors'] = $errors;
$_SESSION['inputs'] = $_POST;
// redirection
header('Location:contact.php');
} else {
$_SESSION['success'] = 1;
$email_contact = "\r\nContact: " . $_POST['email'] . "\r\n";
$tel = "\r\nTel: " . $_POST['tel'] . "\r\n";
function update($var, &$errors)
{
$fields = array();
$fields['id'] = array('type' => 'int', 'required' => 1, 'error' => _('Internal Error'));
$fields['name'] = array('type' => 'string', 'required' => 1, 'error' => _('Name required'));
//Notices sent to user
$fields['ticket_autoresp_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['ticket_autoresp_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['message_autoresp_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['message_autoresp_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['ticket_notice_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['ticket_notice_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['ticket_overlimit_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['ticket_overlimit_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['ticket_reply_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['ticket_reply_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
//Alerts sent to Staff
$fields['ticket_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['ticket_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['message_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['message_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['note_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['note_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['assigned_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['assigned_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$fields['ticket_overdue_subj'] = array('type' => 'string', 'required' => 1, 'error' => _('Subject required'));
$fields['ticket_overdue_body'] = array('type' => 'string', 'required' => 1, 'error' => _('Template message required'));
$validate = new Validator($fields);
if (!$validate->validate($var)) {
$errors = array_merge($errors, $validate->errors());
}
if (!$errors && $var['id'] && $var['id'] != $this->getId()) {
$errors['err'] = 'Internal error. Try again';
}
if (!$errors['name'] && ($tid = Template::getIdByName($var['name'])) && $tid != $this->getId()) {
$errors['name'] = 'Name already in use';
}
if (!$errors) {
$sql = 'UPDATE ' . EMAIL_TEMPLATE_TABLE . ' SET updated=NOW() ' . ',name=' . db_input(Format::striptags($var['name'])) . ',notes=' . db_input(Format::striptags($var['notes'])) . ',ticket_autoresp_subj=' . db_input(Format::striptags($var['ticket_autoresp_subj'])) . ',ticket_autoresp_body=' . db_input(Format::striptags($var['ticket_autoresp_body'])) . ',message_autoresp_subj=' . db_input(Format::striptags($var['message_autoresp_subj'])) . ',message_autoresp_body=' . db_input(Format::striptags($var['message_autoresp_body'])) . ',ticket_notice_subj=' . db_input(Format::striptags($var['ticket_notice_subj'])) . ',ticket_notice_body=' . db_input(Format::striptags($var['ticket_notice_body'])) . ',ticket_alert_subj=' . db_input(Format::striptags($var['ticket_alert_subj'])) . ',ticket_alert_body=' . db_input(Format::striptags($var['ticket_alert_body'])) . ',message_alert_subj=' . db_input(Format::striptags($var['message_alert_subj'])) . ',message_alert_body=' . db_input(Format::striptags($var['message_alert_body'])) . ',note_alert_subj=' . db_input(Format::striptags($var['note_alert_subj'])) . ',note_alert_body=' . db_input(Format::striptags($var['note_alert_body'])) . ',assigned_alert_subj=' . db_input(Format::striptags($var['assigned_alert_subj'])) . ',assigned_alert_body=' . db_input(Format::striptags($var['assigned_alert_body'])) . ',ticket_overdue_subj=' . db_input(Format::striptags($var['ticket_overdue_subj'])) . ',ticket_overdue_body=' . db_input(Format::striptags($var['ticket_overdue_body'])) . ',ticket_overlimit_subj=' . db_input(Format::striptags($var['ticket_overlimit_subj'])) . ',ticket_overlimit_body=' . db_input(Format::striptags($var['ticket_overlimit_body'])) . ',ticket_reply_subj=' . db_input(Format::striptags($var['ticket_reply_subj'])) . ',ticket_reply_body=' . db_input(Format::striptags($var['ticket_reply_body'])) . ' WHERE tpl_id=' . db_input($this->getId());
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update. Internal error occured');
}
}
return $errors ? false : true;
}
protected function formatValidationErrors(Validator $validator)
{
return $validator->errors()->getMessages();
}
/**
* {@inheritdoc}
*/
protected function formatErrors(Validator $validator)
{
return response()->json(['fail' => true, 'messages' => $validator->errors()->all()], 400);
}
function updatePref($var, &$errors)
{
if (!$var || $errors) {
return false;
}
$f = array();
$f['helpdesk_url'] = array('type' => 'string', 'required' => 1, 'error' => 'Helpdesk URl required');
//TODO: Add url validation
$f['helpdesk_title'] = array('type' => 'string', 'required' => 1, 'error' => 'Helpdesk title required');
$f['default_dept_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Default Dept. required');
$f['default_email_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Default email required');
$f['default_template_id'] = array('type' => 'int', 'required' => 1, 'error' => 'You must select template.');
$f['staff_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Enter idle time in minutes');
$f['client_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Enter idle time in minutes');
$f['time_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Time format required');
//TODO: Add date format validation
$f['date_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Date format required');
$f['datetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Datetime format required');
$f['daydatetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Day, Datetime format required');
$f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['autolock_minutes'] = array('type' => 'int', 'required' => 1, 'error' => 'Enter lock time in minutes');
//TODO: check option fields for validity.
//do the validation.
$val = new Validator();
$val->setFields($f);
if (!$val->validate($var)) {
$errors = array_merge($errors, $val->errors());
}
if ($var['ticket_alert_active'] && (!isset($var['ticket_alert_admin']) && !isset($var['ticket_alert_dept_manager']) && !isset($var['ticket_alert_dept_members']))) {
$errors['ticket_alert_active'] = 'No target recipient(s) selected';
}
if ($var['message_alert_active'] && (!isset($var['message_alert_laststaff']) && !isset($var['message_alert_assigned']) && !isset($var['message_alert_dept_manager']))) {
$errors['message_alert_active'] = 'No target recipient(s) selected';
}
if ($var['note_alert_active'] && (!isset($var['note_alert_laststaff']) && !isset($var['note_alert_assigned']) && !isset($var['note_alert_dept_manager']))) {
$errors['note_alert_active'] = 'No target recipient(s) selected';
}
if ($var['strip_quoted_reply'] && !$var['reply_separator']) {
$errors['reply_separator'] = 'Reply separator required (?)';
}
if ($var['enable_captcha']) {
if (!extension_loaded('gd')) {
$errors['enable_captcha'] = 'The GD extension required';
} elseif (!function_exists('imagepng')) {
$errors['enable_captcha'] = 'PNG support required for Image Captcha';
}
}
if (!$errors['admin_email'] && Email::getIdByEmail($var['admin_email'])) {
//Make sure admin email is not also a system email.
$errors['admin_email'] = 'Email already setup as system email';
}
if ($errors) {
return false;
}
//No go!
//We are good to go...blanket update!
$sql = 'UPDATE ' . CONFIG_TABLE . ' SET isonline=' . db_input($var['isonline']) . ',timezone_offset=' . db_input($var['timezone_offset']) . ',enable_daylight_saving=' . db_input(isset($var['enable_daylight_saving']) ? 1 : 0) . ',staff_ip_binding=' . db_input(isset($var['staff_ip_binding']) ? 1 : 0) . ',staff_max_logins=' . db_input($var['staff_max_logins']) . ',staff_login_timeout=' . db_input($var['staff_login_timeout']) . ',staff_session_timeout=' . db_input($var['staff_session_timeout']) . ',client_max_logins=' . db_input($var['client_max_logins']) . ',client_login_timeout=' . db_input($var['client_login_timeout']) . ',client_session_timeout=' . db_input($var['client_session_timeout']) . ',max_page_size=' . db_input($var['max_page_size']) . ',log_level=' . db_input($var['log_level']) . ',log_graceperiod=' . db_input($var['log_graceperiod']) . ',max_open_tickets=' . db_input($var['max_open_tickets']) . ',autolock_minutes=' . db_input($var['autolock_minutes']) . ',overdue_grace_period=' . db_input($var['overdue_grace_period']) . ',alert_email_id=' . db_input($var['alert_email_id']) . ',default_email_id=' . db_input($var['default_email_id']) . ',default_dept_id=' . db_input($var['default_dept_id']) . ',default_priority_id=' . db_input($var['default_priority_id']) . ',default_template_id=' . db_input($var['default_template_id']) . ',default_smtp_id=' . db_input($var['default_smtp_id']) . ',spoof_default_smtp=' . db_input($var['default_smtp'] && isset($var['spoof_default_smtp']) ? 1 : 0) . ',clickable_urls=' . db_input(isset($var['clickable_urls']) ? 1 : 0) . ',allow_priority_change=' . db_input(isset($var['allow_priority_change']) ? 1 : 0) . ',use_email_priority=' . db_input(isset($var['use_email_priority']) ? 1 : 0) . ',enable_captcha=' . db_input(isset($var['enable_captcha']) ? 1 : 0) . ',enable_auto_cron=' . db_input(isset($var['enable_auto_cron']) ? 1 : 0) . ',enable_mail_fetch=' . db_input(isset($var['enable_mail_fetch']) ? 1 : 0) . ',enable_email_piping=' . db_input(isset($var['enable_email_piping']) ? 1 : 0) . ',send_sql_errors=' . db_input(isset($var['send_sql_errors']) ? 1 : 0) . ',send_login_errors=' . db_input(isset($var['send_login_errors']) ? 1 : 0) . ',save_email_headers=' . db_input(isset($var['save_email_headers']) ? 1 : 0) . ',strip_quoted_reply=' . db_input(isset($var['strip_quoted_reply']) ? 1 : 0) . ',log_ticket_activity=' . db_input(isset($var['log_ticket_activity']) ? 1 : 0) . ',ticket_autoresponder=' . db_input($var['ticket_autoresponder']) . ',message_autoresponder=' . db_input($var['message_autoresponder']) . ',ticket_notice_active=' . db_input($var['ticket_notice_active']) . ',ticket_alert_active=' . db_input($var['ticket_alert_active']) . ',ticket_alert_admin=' . db_input(isset($var['ticket_alert_admin']) ? 1 : 0) . ',ticket_alert_dept_manager=' . db_input(isset($var['ticket_alert_dept_manager']) ? 1 : 0) . ',ticket_alert_dept_members=' . db_input(isset($var['ticket_alert_dept_members']) ? 1 : 0) . ',message_alert_active=' . db_input($var['message_alert_active']) . ',message_alert_laststaff=' . db_input(isset($var['message_alert_laststaff']) ? 1 : 0) . ',message_alert_assigned=' . db_input(isset($var['message_alert_assigned']) ? 1 : 0) . ',message_alert_dept_manager=' . db_input(isset($var['message_alert_dept_manager']) ? 1 : 0) . ',note_alert_active=' . db_input($var['note_alert_active']) . ',note_alert_laststaff=' . db_input(isset($var['note_alert_laststaff']) ? 1 : 0) . ',note_alert_assigned=' . db_input(isset($var['note_alert_assigned']) ? 1 : 0) . ',note_alert_dept_manager=' . db_input(isset($var['note_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_active=' . db_input($var['overdue_alert_active']) . ',overdue_alert_assigned=' . db_input(isset($var['overdue_alert_assigned']) ? 1 : 0) . ',overdue_alert_dept_manager=' . db_input(isset($var['overdue_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_dept_members=' . db_input(isset($var['overdue_alert_dept_members']) ? 1 : 0) . ',auto_assign_reopened_tickets=' . db_input(isset($var['auto_assign_reopened_tickets']) ? 1 : 0) . ',show_assigned_tickets=' . db_input(isset($var['show_assigned_tickets']) ? 1 : 0) . ',show_answered_tickets=' . db_input(isset($var['show_answered_tickets']) ? 1 : 0) . ',hide_staff_name=' . db_input(isset($var['hide_staff_name']) ? 1 : 0) . ',overlimit_notice_active=' . db_input($var['overlimit_notice_active']) . ',random_ticket_ids=' . db_input($var['random_ticket_ids']) . ',time_format=' . db_input($var['time_format']) . ',date_format=' . db_input($var['date_format']) . ',datetime_format=' . db_input($var['datetime_format']) . ',daydatetime_format=' . db_input($var['daydatetime_format']) . ',reply_separator=' . db_input(trim($var['reply_separator'])) . ',admin_email=' . db_input($var['admin_email']) . ',helpdesk_title=' . db_input($var['helpdesk_title']) . ',helpdesk_url=' . db_input($var['helpdesk_url']) . ' WHERE id=' . $this->getId();
//echo $sql;
if (db_query($sql)) {
if (db_affected_rows()) {
//Something actually changed!!!!
$this->reload();
//Reload the new info.
require_once INCLUDE_DIR . 'class.cron.php';
Sys::purgeLogs();
//Cleanup the logs --- too bad if it was a mistaken config.
Cron::TicketMonitor();
//Age & cleanup
}
return true;
}
return false;
}
function process($fields, $vars, &$errors)
{
$val = new Validator();
$val->setFields($fields);
if (!$val->validate($vars)) {
$errors = array_merge($errors, $val->errors());
}
return !$errors;
}
function create($var, &$errors, $origin, $autorespond = true, $alertstaff = true)
{
global $cfg, $thisclient, $_FILES;
$id = 0;
$fields = array();
$fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required');
$fields['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$fields['subject'] = array('type' => 'string', 'required' => 1, 'error' => 'Subject required');
$fields['message'] = array('type' => 'text', 'required' => 1, 'error' => 'Message required');
if (strcasecmp($origin, 'web') == 0) {
//Help topic only applicable on web tickets.
$fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Select help topic');
} elseif (strcasecmp($origin, 'staff') == 0) {
//tickets created by staff...e.g on callins.
$fields['deptId'] = array('type' => 'int', 'required' => 1, 'error' => 'Dept. required');
$fields['source'] = array('type' => 'string', 'required' => 1, 'error' => 'Indicate source');
} else {
//Incoming emails (PIPE or POP.
$fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => 'Email unknown');
}
$fields['pri'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Priority');
$fields['phone'] = array('type' => 'phone', 'required' => 0, 'error' => 'Phone # required');
$validate = new Validator($fields);
if (!$validate->validate($var)) {
$errors = array_merge($errors, $validate->errors());
}
//Make sure the email is not banned
if (!$errors && BanList::isbanned($var['email'])) {
$errors['err'] = 'Ticket denied Error #403';
}
if (!$errors && $thisclient && strcasecmp($thisclient->getEmail(), $var['email'])) {
$errors['email'] = 'Email mismatch.';
}
//check attachment..if any is set ...only set on webbased tickets..
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments()) {
if (!$cfg->canUploadFileType($_FILES['attachment']['name'])) {
$errors['attachment'] = 'Invalid file type [ ' . $_FILES['attachment']['name'] . ' ]';
} elseif ($_FILES['attachment']['size'] > $cfg->getMaxFileSize()) {
$errors['attachment'] = 'File is too big. Max ' . $cfg->getMaxFileSize() . ' bytes allowed';
}
}
//check ticket limits..if limit set is >0
//TODO: Base ticket limits on SLA...
if ($var['email'] && !$errors && $cfg->getMaxOpenTickets() > 0) {
$openTickets = Ticket::getOpenTicketsByEmail($var['email']);
if ($openTickets >= $cfg->getMaxOpenTickets()) {
$errors['err'] = "You've reached the maximum open tickets allowed.";
//Send the notice only once (when the limit is reached) incase of autoresponders at client end.
if ($cfg->getMaxOpenTickets() == $openTickets && $cfg->sendOverlimitNotice()) {
$sql = 'SELECT ticket_overlimit_subj,ticket_overlimit_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($cfg->getDefaultTemplateId());
$resp = db_query($sql);
if (db_num_rows($resp) && (list($subj, $body) = db_fetch_row($resp))) {
$body = str_replace("%name", $var['name'], $body);
$body = str_replace("%email", $var['email'], $body);
$body = str_replace("%url", $cfg->getBaseUrl(), $body);
Misc::sendmail($var['email'], $subj, $body, $cfg->getNoReplyEmail());
}
}
//Alert admin...this might be spammy (no option to disable)...but it is helpful..I think.
$msg = 'Support ticket request denied for ' . $var['email'] . "\n" . 'Open ticket:' . $openTickets . "\n" . 'Max Allowed:' . $cfg->getMaxOpenTickets() . "\n";
Misc::alertAdmin('Overlimit Notice', $msg);
}
}
//Any error above is fatal.
if ($errors) {
return 0;
}
// OK...just do it.
$deptId = $var['deptId'];
//pre-selected Dept if any.
$priorityId = $var['pri'];
$source = ucfirst($var['source']);
// Intenal mapping magic...see if we need to overwrite anything
if (isset($var['topicId']) && !$var['deptId']) {
//Ticket created via web by user
if ($var['topicId'] && ($topic = new Topic($var['topicId'])) && $topic->getId()) {
$deptId = $topic->getDeptId();
$priorityId = $priorityId ? $priorityId : $topic->getPriorityId();
$autorespond = $topic->autoRespond();
}
$topic = null;
$source = 'Web';
} elseif ($var['emailId'] && !$var['deptId']) {
//Emailed Tickets
$email = new Email($var['emailId']);
if ($email && $email->getId()) {
$deptId = $email->getDeptId();
$autorespond = $email->autoRespond();
$priorityId = $priorityId ? $priorityId : $email->getPriorityId();
}
$email = null;
$source = 'Email';
} elseif ($var['deptId']) {
//Opened by staff.
$deptId = $var['deptId'];
$source = ucfirst($var['source']);
}
//Last minute checks
$priorityId = $priorityId ? $priorityId : $cfg->getDefaultPriorityId();
$deptId = $deptId ? $deptId : $cfg->getDefaultDeptId();
$ipaddress = $var['ip'] ? $var['ip'] : $_SERVER['REMOTE_ADDR'];
//We are ready son...hold on to the rails.
$extId = Ticket::genExtRandID();
$sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ',ticketID=' . db_input($extId) . ',dept_id=' . db_input($deptId) . ',priority_id=' . db_input($priorityId) . ',email=' . db_input($var['email']) . ',name=' . db_input(Format::striptags($var['name'])) . ',subject=' . db_input(Format::striptags($var['subject'])) . ',phone=' . db_input($var['phone']) . ',ip_address=' . db_input($ipaddress) . ',source=' . db_input($source);
//echo $sql;
$ticket = null;
//return $ticket;
if (db_query($sql) && ($id = db_insert_id())) {
if (!$cfg->useRandomIds()) {
//Sequential ticketIDs support really..really suck arse.
$extId = $id;
//To make things really easy we are going to use autoincrement ticket_id.
db_query('UPDATE ' . TICKET_TABLE . ' SET ticketID=' . db_input($extId) . ' WHERE ticket_id=' . $id);
//TODO: RETHING what happens if this fails?? [At the moment on failure random ID is used...making stuff usable]
}
//Load newly created ticket.
$ticket = new Ticket($id);
//post the message.
$msgid = $ticket->postMessage($var['message'], $var['header'], $source, true);
//TODO: recover from postMessage error??
//Upload attachments...web based.
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments() && $msgid) {
if (!$cfg->allowAttachmentsOnlogin() || $cfg->allowAttachmentsOnlogin() && ($thisclient && $thisclient->isValid())) {
$ticket->uploadAttachment($_FILES['attachment'], $msgid, 'M');
//TODO: recover from upload issues?
}
}
$dept = $ticket->getDept();
//SEND OUT NEW TICKET AUTORESP && ALERTS.
//New Ticket AutoResponse..
if ($autorespond && $cfg->autoRespONNewTicket() && $dept->autoRespONNewTicket()) {
$sql = 'SELECT ticket_autoresp_subj,ticket_autoresp_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($cfg->getDefaultTemplateId());
$resp = db_query($sql);
if ($resp && (list($subj, $body) = db_fetch_row($resp))) {
$subj = str_replace("%ticket", $ticket->getExtId(), $subj);
$body = str_replace("%ticket", $ticket->getExtId(), $body);
$body = str_replace("%name", $ticket->getName(), $body);
$body = str_replace("%email", $ticket->getEmail(), $body);
$body = str_replace("%url", $cfg->getBaseUrl(), $body);
$body = str_replace("%signature", $dept ? $dept->getSignature() : '', $body);
$email = $from = $fromName = null;
if (!$dept->noreplyAutoResp() && ($email = $dept->getEmail())) {
$from = $email->getEmail();
$fromName = $email->getName();
//Reply separator tag.
if ($cfg->stripQuotedReply() && ($tag = $cfg->getReplySeparator())) {
$body = "\n{$tag}\n\n" . $body;
}
} else {
$from = $cfg->getNoReplyEmail();
}
Misc::sendmail($ticket->getEmail(), $subj, $body, $from, $fromName);
}
}
//If enabled...send alert to staff (New Ticket Alert)
if ($alertstaff && $cfg->alertONNewTicket() && is_object($ticket)) {
$sql = 'SELECT ticket_alert_subj,ticket_alert_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($cfg->getDefaultTemplateId());
$resp = db_query($sql);
if ($resp && (list($subj, $body) = db_fetch_row($resp))) {
$body = str_replace("%ticket", $ticket->getExtId(), $body);
$body = str_replace("%name", $ticket->getName(), $body);
$body = str_replace("%email", $ticket->getEmail(), $body);
$body = str_replace("%subject", $ticket->getSubject(), $body);
$body = str_replace("%dept", $dept ? $dept->getName() : '', $body);
$body = str_replace("%message", $var['message'], $body);
$body = str_replace("%url", $cfg->getBaseUrl(), $body);
$sentlist = array();
//Admin Alert.
if ($cfg->alertAdminONNewTicket()) {
$alert = str_replace("%staff", 'Admin', $body);
Misc::sendmail($cfg->getAdminEmail(), $subj, $alert, $cfg->getAlertEmail());
$sentlist[] = $cfg->getAdminEmail();
}
//get the list
$recipients = array();
//Dept. Manager
if ($cfg->alertDeptManagerONNewTicket()) {
$recipients[] = $dept->getManager();
}
//Staff members
if ($cfg->alertDeptMembersONNewTicket()) {
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE onvacation=0 AND dept_id=' . db_input($dept->getId());
if (($users = db_query($sql)) && db_num_rows($users)) {
while (list($id) = db_fetch_row($users)) {
$recipients[] = new Staff($id);
}
}
}
//Ok...we are ready to go...baby!
foreach ($recipients as $k => $staff) {
if (!$staff || !is_object($staff) || !$staff->isAvailable()) {
continue;
}
if (in_array($staff->getEmail(), $sentlist)) {
continue;
}
//avoid duplicate emails.
$alert = str_replace("%staff", $staff->getFirstName(), $body);
Misc::sendmail($staff->getEmail(), $subj, $alert, $cfg->getAlertEmail());
$sentlist[] = $staff->getEmail();
}
}
}
}
return $ticket;
}
function updatePref($var, &$errors)
{
if (!$var || $errors) {
return false;
}
$f = array();
$f['helpdesk_url'] = array('type' => 'string', 'required' => 1, 'error' => 'Helpdesk URl required');
//TODO: Add url validation
$f['helpdesk_title'] = array('type' => 'string', 'required' => 1, 'error' => 'Helpdesk title required');
$f['default_dept'] = array('type' => 'int', 'required' => 1, 'error' => 'Default Dept. required');
$f['default_email'] = array('type' => 'int', 'required' => 1, 'error' => 'Default email required');
$f['default_template'] = array('type' => 'int', 'required' => 1, 'error' => 'You must select template.');
$f['staff_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Enter idle time in minutes');
$f['client_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Enter idle time in minutes');
$f['time_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Time format required');
//TODO: Add date format validation
$f['date_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Date format required');
$f['datetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Datetime format required');
$f['daydatetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Day, Datetime format required');
$f['noreply_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['alert_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['autolock_minutes'] = array('type' => 'int', 'required' => 1, 'error' => 'Enter lock time in minutes');
//TODO: check option fields for validity.
//do the validation.
$val = new Validator();
$val->setFields($f);
if (!$val->validate($var)) {
$errors = array_merge($errors, $val->errors());
}
if ($_POST['ticket_alert_active'] && (!isset($_POST['ticket_alert_admin']) && !isset($_POST['ticket_alert_dept_manager']) && !isset($_POST['ticket_alert_dept_members']))) {
$errors['ticket_alert_active'] = 'No target recipient(s) selected';
}
if ($_POST['message_alert_active'] && (!isset($_POST['message_alert_laststaff']) && !isset($_POST['message_alert_assigned']) && !isset($_POST['message_alert_dept_manager']))) {
$errors['message_alert_active'] = 'No target recipient(s) selected';
}
if ($_POST['strip_quoted_reply'] && !$_POST['reply_separator']) {
$errors['reply_separator'] = 'Reply separator required (?)';
}
if ($errors) {
return false;
}
//No go!
//We are good to go...blanket update!
$sql = 'UPDATE ' . CONFIG_TABLE . ' SET isonline=' . db_input($var['isonline']) . ',timezone_offset=' . db_input($var['timezone_offset']) . ',enable_daylight_saving=' . db_input(isset($var['enable_daylight_saving']) ? 1 : 0) . ',staff_session_timeout=' . db_input($var['staff_session_timeout']) . ',client_session_timeout=' . db_input($var['client_session_timeout']) . ',max_page_size=' . db_input($var['max_page_size']) . ',max_open_tickets=' . db_input($var['max_open_tickets']) . ',autolock_minutes=' . db_input($var['autolock_minutes']) . ',overdue_grace_period=' . db_input($var['overdue_grace_period']) . ',default_email=' . db_input($var['default_email']) . ',default_dept=' . db_input($var['default_dept']) . ',default_priority=' . db_input($var['default_priority']) . ',default_template=' . db_input($var['default_template']) . ',clickable_urls=' . db_input(isset($var['clickable_urls']) ? 1 : 0) . ',allow_priority_change=' . db_input(isset($var['allow_priority_change']) ? 1 : 0) . ',use_email_priority=' . db_input(isset($var['use_email_priority']) ? 1 : 0) . ',enable_auto_cron=' . db_input(isset($var['enable_auto_cron']) ? 1 : 0) . ',enable_pop3_fetch=' . db_input(isset($var['enable_pop3_fetch']) ? 1 : 0) . ',enable_email_piping=' . db_input(isset($var['enable_email_piping']) ? 1 : 0) . ',send_sql_errors=' . db_input(isset($var['send_sql_errors']) ? 1 : 0) . ',send_mailparse_errors=' . db_input(isset($var['send_mailparse_errors']) ? 1 : 0) . ',send_login_errors=' . db_input(isset($var['send_login_errors']) ? 1 : 0) . ',save_email_headers=' . db_input(isset($var['save_email_headers']) ? 1 : 0) . ',strip_quoted_reply=' . db_input(isset($var['strip_quoted_reply']) ? 1 : 0) . ',email_attachments=' . db_input(isset($var['email_attachments']) ? 1 : 0) . ',ticket_autoresponder=' . db_input($var['ticket_autoresponder']) . ',message_autoresponder=' . db_input($var['message_autoresponder']) . ',ticket_alert_active=' . db_input($var['ticket_alert_active']) . ',ticket_alert_admin=' . db_input(isset($var['ticket_alert_admin']) ? 1 : 0) . ',ticket_alert_dept_manager=' . db_input(isset($var['ticket_alert_dept_manager']) ? 1 : 0) . ',ticket_alert_dept_members=' . db_input(isset($var['ticket_alert_dept_members']) ? 1 : 0) . ',message_alert_active=' . db_input($var['message_alert_active']) . ',message_alert_laststaff=' . db_input(isset($var['message_alert_laststaff']) ? 1 : 0) . ',message_alert_assigned=' . db_input(isset($var['message_alert_assigned']) ? 1 : 0) . ',message_alert_dept_manager=' . db_input(isset($var['message_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_active=' . db_input($var['overdue_alert_active']) . ',overdue_alert_assigned=' . db_input(isset($var['overdue_alert_assigned']) ? 1 : 0) . ',overdue_alert_dept_manager=' . db_input(isset($var['overdue_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_dept_members=' . db_input(isset($var['overdue_alert_dept_members']) ? 1 : 0) . ',auto_assign_reopened_tickets=' . db_input(isset($var['auto_assign_reopened_tickets']) ? 1 : 0) . ',show_assigned_tickets=' . db_input(isset($var['show_assigned_tickets']) ? 1 : 0) . ',overlimit_notice_active=' . db_input(isset($var['overlimit_notice_active']) ? 1 : 0) . ',random_ticket_ids=' . db_input($var['random_ticket_ids']) . ',time_format=' . db_input($var['time_format']) . ',date_format=' . db_input($var['date_format']) . ',datetime_format=' . db_input($var['datetime_format']) . ',daydatetime_format=' . db_input($var['daydatetime_format']) . ',reply_separator=' . db_input($var['reply_separator']) . ',noreply_email=' . db_input($var['noreply_email']) . ',alert_email=' . db_input($var['alert_email']) . ',admin_email=' . db_input($var['admin_email']) . ',helpdesk_title=' . db_input($var['helpdesk_title']) . ',helpdesk_url=' . db_input($var['helpdesk_url']) . ' WHERE id=' . $this->getId();
//echo $sql;
return db_query($sql) ? TRUE : FALSE;
}
/**
* Adds a nested validator.
*
* Nesting validators allows you to define validators for array
* types. For example, nested validators are ideal when you want to validate many
* similar sub-documents or complex array types.
*
* This method assumes that the sub-document has a 1:N relationship with the parent.
*
* The providers of the parent validator will be synced into the nested validator, when
* errors are checked. This ensures that any validation rule providers connected
* in the parent will have the same values in the nested validator when rules are evaluated.
*
* @param Validator $validator The nested validator.
* @return $this
*/
public function each(Validator $validator)
{
$this->add(function ($value) use($validator) {
if (!is_array($value)) {
return false;
}
$errors = [];
foreach ($value as $i => $row) {
$check = $validator->errors($row);
if (!empty($check)) {
$errors[$i] = $check;
}
}
return empty($errors) ? true : $errors;
});
}
function update($var, &$errors)
{
$fields = array();
$fields['id'] = array('type' => 'int', 'required' => 1, 'error' => 'Error Interno');
$fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Nombre requerido');
//Notices sent to user
$fields['ticket_autoresp_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['ticket_autoresp_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido');
$fields['message_autoresp_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['message_autoresp_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido');
$fields['ticket_notice_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['ticket_notice_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
$fields['ticket_overlimit_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['ticket_overlimit_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
$fields['ticket_reply_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['ticket_reply_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
//Alerts sent to Staff
$fields['ticket_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['ticket_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
$fields['message_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['message_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
$fields['note_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['note_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
$fields['assigned_alert_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['assigned_alert_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
$fields['ticket_overdue_subj'] = array('type' => 'string', 'required' => 1, 'error' => 'Asunto requerido');
$fields['ticket_overdue_body'] = array('type' => 'string', 'required' => 1, 'error' => 'Mensaje de plantilla requerido erforderlich');
$validate = new Validator($fields);
if (!$validate->validate($var)) {
$errors = array_merge($errors, $validate->errors());
}
if (!$errors && $var['id'] && $var['id'] != $this->getId()) {
$errors['err'] = 'Error interno. Inténtelo de nuevo';
}
if (!$errors['name'] && ($tid = Template::getIdByName($var['name'])) && $tid != $this->getId()) {
$errors['name'] = 'Este nombre ya esta en uso';
}
if (!$errors) {
$sql = 'UPDATE ' . EMAIL_TEMPLATE_TABLE . ' SET updated=NOW() ' . ',name=' . db_input(Format::striptags($var['name'])) . ',notes=' . db_input(Format::striptags($var['notes'])) . ',ticket_autoresp_subj=' . db_input(Format::striptags($var['ticket_autoresp_subj'])) . ',ticket_autoresp_body=' . db_input(Format::striptags($var['ticket_autoresp_body'])) . ',message_autoresp_subj=' . db_input(Format::striptags($var['message_autoresp_subj'])) . ',message_autoresp_body=' . db_input(Format::striptags($var['message_autoresp_body'])) . ',ticket_notice_subj=' . db_input(Format::striptags($var['ticket_notice_subj'])) . ',ticket_notice_body=' . db_input(Format::striptags($var['ticket_notice_body'])) . ',ticket_alert_subj=' . db_input(Format::striptags($var['ticket_alert_subj'])) . ',ticket_alert_body=' . db_input(Format::striptags($var['ticket_alert_body'])) . ',message_alert_subj=' . db_input(Format::striptags($var['message_alert_subj'])) . ',message_alert_body=' . db_input(Format::striptags($var['message_alert_body'])) . ',note_alert_subj=' . db_input(Format::striptags($var['note_alert_subj'])) . ',note_alert_body=' . db_input(Format::striptags($var['note_alert_body'])) . ',assigned_alert_subj=' . db_input(Format::striptags($var['assigned_alert_subj'])) . ',assigned_alert_body=' . db_input(Format::striptags($var['assigned_alert_body'])) . ',ticket_overdue_subj=' . db_input(Format::striptags($var['ticket_overdue_subj'])) . ',ticket_overdue_body=' . db_input(Format::striptags($var['ticket_overdue_body'])) . ',ticket_overlimit_subj=' . db_input(Format::striptags($var['ticket_overlimit_subj'])) . ',ticket_overlimit_body=' . db_input(Format::striptags($var['ticket_overlimit_body'])) . ',ticket_reply_subj=' . db_input(Format::striptags($var['ticket_reply_subj'])) . ',ticket_reply_body=' . db_input(Format::striptags($var['ticket_reply_body'])) . ' WHERE tpl_id=' . db_input($this->getId());
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = 'No se puede actualizar. Error interno';
}
}
return $errors ? false : true;
}
public function orderAction()
{
if (isset($_POST)) {
$data = [];
try {
if (!isset($_POST['name'])) {
throw new Exception('name');
}
$data['name'] = htmlspecialchars($_POST['name']);
if (!isset($_POST['phone'])) {
throw new Exception('phone');
}
$data['phone'] = htmlspecialchars($_POST['phone']);
if (!isset($_POST['comment'])) {
throw new Exception('comment');
}
$data['comment'] = htmlspecialchars($_POST['comment']);
if (!isset($_POST['path'])) {
throw new Exception('path');
}
$data['path'] = htmlspecialchars($_POST['path']);
if (!isset($_POST['address'])) {
throw new Exception('honeyPot');
}
$honeyPot = htmlspecialchars($_POST['address']);
$data['honeyPot'] = $honeyPot;
// Проверка на бота
if ($honeyPot != '') {
$this->errorAction(1001, 'Custom system error', ['honeyPot' => 'honeyPot']);
}
// Валидация
$v = new Validator(['name' => $data['name'], 'phone' => $data['phone'], 'comment' => $data['comment']]);
$v->rule('required', 'comment')->message('comment!');
$v->rule('required', 'name')->message('name!');
$v->rule('regex', 'name', '/^([a-zа-я\\s\\-]+)$/iu')->message('name!!');
$v->rule('required', 'phone')->message('phone!');
$v->rule('phone', 'phone')->message('phone!!');
if ($v->validate()) {
if (!empty($data['path'])) {
$query = new MSTable('{www}');
$query->setFields(['title_page']);
$query->setFilter('path_id = ' . $data['path']);
$data['path'] = $query->getItem();
$data['path'] = $data['path']['title_page'];
}
// Проверяем есть ли файл в наличии
$type = 'modal';
if (isset($_SESSION['uploaded'][$type]['directory'])) {
$path = $_SESSION['uploaded'][$type]['directory'];
unset($_SESSION['uploaded'][$type]['directory']);
}
$title = "Заявка с сайта " . DOMAIN;
$msg = template('email/order', $data);
if (isset($path)) {
$files = str_replace('\\', '/', $path);
$from = "noreply@" . DOMAIN;
// Помещаем в базу
MSCore::db()->insert(PRFX . 'mails', ['subject' => $title, 'files' => $files, 'text' => $msg, 'from' => $from]);
$msg = template('email/order', $data + ['files' => $files]);
} else {
$mail = new SendMail();
$mail->init();
$mail->setEncoding("utf8");
$mail->setEncType("base64");
$mail->setSubject($title);
$mail->setMessage($msg);
$mail->setFrom("noreply@" . DOMAIN, "apstroy");
$emails = MSCore::db()->getCol('SELECT `mail` FROM `' . PRFX . 'mailer`');
foreach ($emails as $email) {
$mail->setTo($email);
$mail->send();
}
}
$sql = "\n INSERT INTO mp_list(`title`,`text`)\n VALUES('" . $title . "','" . $msg . "');\n ";
MSCore::db()->execute($sql);
$this->addData(['succes' => 'Ok']);
$this->successAction();
} else {
$errors = $v->errors();
foreach ($errors as $_name => $_error) {
if (is_array($_error)) {
$errors[$_name] = reset($_error);
}
}
$this->errorAction(1001, 'Custom system error', ['data' => $data, 'error' => $errors]);
}
} catch (Exception $exception) {
$error = $exception->getMessage();
$this->errorAction(1001, 'Custom system error', ['error' => $error, 'postArgument' => 'noPostArgument']);
}
}
}
function create($var, &$errors, $origin, $autorespond = true, $alertstaff = true)
{
global $cfg, $thisclient, $_FILES;
/* Coders never code so fully and joyfully as when they do it for free - Peter Rotich */
$id = 0;
$fields = array();
$fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required');
$fields['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$fields['subject'] = array('type' => 'string', 'required' => 1, 'error' => 'Subject required');
$fields['message'] = array('type' => 'text', 'required' => 1, 'error' => 'Message required');
if (strcasecmp($origin, 'web') == 0) {
//Help topic only applicable on web tickets.
$fields['topicId'] = array('type' => 'int', 'required' => 1, 'error' => 'Select help topic');
} elseif (strcasecmp($origin, 'staff') == 0) {
//tickets created by staff...e.g on callins.
$fields['deptId'] = array('type' => 'int', 'required' => 1, 'error' => 'Dept. required');
$fields['source'] = array('type' => 'string', 'required' => 1, 'error' => 'Indicate source');
$fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => 'Invalid date - must be MM/DD/YY');
} else {
//Incoming emails
$fields['emailId'] = array('type' => 'int', 'required' => 1, 'error' => 'Email unknown');
}
$fields['pri'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Priority');
$fields['phone'] = array('type' => 'phone', 'required' => 0, 'error' => 'Valid phone # required');
$validate = new Validator($fields);
if (!$validate->validate($var)) {
$errors = array_merge($errors, $validate->errors());
}
//Make sure the email is not banned
if (!$errors && BanList::isbanned($var['email'])) {
$errors['err'] = 'Ticket denied. Error #403';
//We don't want to tell the user the real reason...Psssst.
Sys::log(LOG_WARNING, 'Ticket denied', 'Banned email - ' . $var['email']);
//We need to let admin know which email got banned.
}
if (!$errors && $thisclient && strcasecmp($thisclient->getEmail(), $var['email'])) {
$errors['email'] = 'Email mismatch.';
}
//Make sure phone extension is valid
if ($var['phone_ext']) {
if (!is_numeric($var['phone_ext']) && !$errors['phone']) {
$errors['phone'] = 'Invalid phone ext.';
} elseif (!$var['phone']) {
//make sure they just didn't enter ext without phone #
$errors['phone'] = 'Phone number required';
}
}
//Make sure the due date is valid
if ($var['duedate']) {
if (!$var['time'] || strpos($var['time'], ':') === false) {
$errors['time'] = 'Select time';
} elseif (strtotime($var['duedate'] . ' ' . $var['time']) === false) {
$errors['duedate'] = 'Invalid duedate';
} elseif (strtotime($var['duedate'] . ' ' . $var['time']) <= time()) {
$errors['duedate'] = 'Due date must be in the future';
}
}
//check attachment..if any is set ...only set on webbased tickets..
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments()) {
if (!$cfg->canUploadFileType($_FILES['attachment']['name'])) {
$errors['attachment'] = 'Invalid file type [ ' . Format::htmlchars($_FILES['attachment']['name']) . ' ]';
} elseif ($_FILES['attachment']['size'] > $cfg->getMaxFileSize()) {
$errors['attachment'] = 'File is too big. Max ' . $cfg->getMaxFileSize() . ' bytes allowed';
}
}
//check ticket limits..if limit set is >0
//TODO: Base ticket limits on SLA...
if ($var['email'] && !$errors && $cfg->getMaxOpenTickets() > 0 && strcasecmp($origin, 'staff')) {
$openTickets = Ticket::getOpenTicketsByEmail($var['email']);
if ($openTickets >= $cfg->getMaxOpenTickets()) {
$errors['err'] = "You've reached the maximum open tickets allowed.";
//Send the notice only once (when the limit is reached) incase of autoresponders at client end.
if ($cfg->getMaxOpenTickets() == $openTickets && $cfg->sendOverlimitNotice()) {
if ($var['deptId']) {
$dept = new Dept($var['deptId']);
}
if (!$dept || !($tplId = $dept->getTemplateId())) {
$tplId = $cfg->getDefaultTemplateId();
}
$sql = 'SELECT ticket_overlimit_subj,ticket_overlimit_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($tplId);
$resp = db_query($sql);
if (db_num_rows($resp) && (list($subj, $body) = db_fetch_row($resp))) {
$body = str_replace("%name", $var['name'], $body);
$body = str_replace("%email", $var['email'], $body);
$body = str_replace("%url", $cfg->getBaseUrl(), $body);
$body = str_replace('%signature', $dept && $dept->isPublic() ? $dept->getSignature() : '', $body);
if (!$dept || !($email = $dept->getAutoRespEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($email) {
$email->send($var['email'], $subj, $body);
}
}
//Alert admin...this might be spammy (no option to disable)...but it is helpful..I think.
$msg = 'Support ticket request denied for ' . $var['email'] . "\n" . 'Open ticket:' . $openTickets . "\n" . 'Max Allowed:' . $cfg->getMaxOpenTickets() . "\n\nNotice only sent once";
Sys::alertAdmin('Overlimit Notice', $msg);
}
}
}
//Any error above is fatal.
if ($errors) {
return 0;
}
// OK...just do it.
$deptId = $var['deptId'];
//pre-selected Dept if any.
$priorityId = $var['pri'];
$source = ucfirst($var['source']);
$topic = NULL;
// Intenal mapping magic...see if we need to overwrite anything
if (isset($var['topicId'])) {
//Ticket created via web by user/or staff
if ($var['topicId'] && ($topic = new Topic($var['topicId'])) && $topic->getId()) {
$deptId = $deptId ? $deptId : $topic->getDeptId();
$priorityId = $priorityId ? $priorityId : $topic->getPriorityId();
$topicDesc = $topic->getName();
if ($autorespond) {
$autorespond = $topic->autoRespond();
}
}
$source = $var['source'] ? $var['source'] : 'Web';
} elseif ($var['emailId'] && !$var['deptId']) {
//Emailed Tickets
$email = new Email($var['emailId']);
if ($email && $email->getId()) {
$deptId = $email->getDeptId();
$priorityId = $priorityId ? $priorityId : $email->getPriorityId();
if ($autorespond) {
$autorespond = $email->autoRespond();
}
}
$email = null;
$source = 'Email';
} elseif ($var['deptId']) {
//Opened by staff.
$deptId = $var['deptId'];
$source = ucfirst($var['source']);
}
//Don't auto respond to mailer daemons.
if (strpos(strtolower($var['email']), 'mailer-daemon@') !== false || strpos(strtolower($var['email']), 'postmaster@') !== false) {
$autorespond = false;
}
//Last minute checks
$priorityId = $priorityId ? $priorityId : $cfg->getDefaultPriorityId();
$deptId = $deptId ? $deptId : $cfg->getDefaultDeptId();
$topicId = $var['topicId'] ? $var['topicId'] : 0;
$ipaddress = $var['ip'] ? $var['ip'] : $_SERVER['REMOTE_ADDR'];
//We are ready son...hold on to the rails.
$extId = Ticket::genExtRandID();
$sql = 'INSERT INTO ' . TICKET_TABLE . ' SET created=NOW() ' . ',ticketID=' . db_input($extId) . ',dept_id=' . db_input($deptId) . ',topic_id=' . db_input($topicId) . ',priority_id=' . db_input($priorityId) . ',email=' . db_input($var['email']) . ',name=' . db_input(Format::striptags($var['name'])) . ',subject=' . db_input(Format::striptags($var['subject'])) . ',helptopic=' . db_input(Format::striptags($topicDesc)) . ',phone="' . db_input($var['phone'], false) . '"' . ',phone_ext=' . db_input($var['phone_ext'] ? $var['phone_ext'] : '') . ',ip_address=' . db_input($ipaddress) . ',source=' . db_input($source);
//Make sure the origin is staff - avoid firebug hack!
if ($var['duedate'] && !strcasecmp($origin, 'staff')) {
$sql .= ',duedate=' . db_input(date('Y-m-d G:i', Misc::dbtime($var['duedate'] . ' ' . $var['time'])));
}
//echo $sql;
$ticket = null;
//return $ticket;
if (db_query($sql) && ($id = db_insert_id())) {
if (!$cfg->useRandomIds()) {
//Sequential ticketIDs support really..really suck arse.
$extId = $id;
//To make things really easy we are going to use autoincrement ticket_id.
db_query('UPDATE ' . TICKET_TABLE . ' SET ticketID=' . db_input($extId) . ' WHERE ticket_id=' . $id);
//TODO: RETHING what happens if this fails?? [At the moment on failure random ID is used...making stuff usable]
}
//Load newly created ticket.
$ticket = new Ticket($id);
//post the message.
$msgid = $ticket->postMessage($var['message'], $source, $var['mid'], $var['header'], true);
//TODO: recover from postMessage error??
//Upload attachments...web based.
if ($_FILES['attachment']['name'] && $cfg->allowOnlineAttachments() && $msgid) {
if (!$cfg->allowAttachmentsOnlogin() || $cfg->allowAttachmentsOnlogin() && ($thisclient && $thisclient->isValid())) {
$ticket->uploadAttachment($_FILES['attachment'], $msgid, 'M');
//TODO: recover from upload issues?
}
}
$dept = $ticket->getDept();
if (!$dept || !($tplId = $dept->getTemplateId())) {
$tplId = $cfg->getDefaultTemplateId();
}
//Overwrite auto responder if the FROM email is one of the internal emails...loop control.
if ($autorespond && Email::getIdByEmail($ticket->getEmail())) {
$autorespond = false;
}
//SEND OUT NEW TICKET AUTORESP && ALERTS.
//New Ticket AutoResponse..
if ($autorespond && $cfg->autoRespONNewTicket() && $dept->autoRespONNewTicket()) {
$sql = 'SELECT ticket_autoresp_subj,ticket_autoresp_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($tplId);
if (($resp = db_query($sql)) && db_num_rows($resp) && (list($subj, $body) = db_fetch_row($resp))) {
$body = $ticket->replaceTemplateVars($body);
$subj = $ticket->replaceTemplateVars($subj);
$body = str_replace('%message', $var['issue'] ? $var['issue'] : $var['message'], $body);
$body = str_replace('%signature', $dept && $dept->isPublic() ? $dept->getSignature() : '', $body);
if (!$dept || !($email = $dept->getAutoRespEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($email) {
//Reply separator tag.
if ($cfg->stripQuotedReply() && ($tag = $cfg->getReplySeparator())) {
$body = "\n{$tag}\n\n" . $body;
}
$email->send($ticket->getEmail(), $subj, $body);
}
} else {
Sys::log(LOG_WARNING, 'Template Fetch Error', "Unable to fetch autoresponse template #{$tplId}");
}
}
//If enabled...send alert to staff (New Ticket Alert)
if ($alertstaff && $cfg->alertONNewTicket() && is_object($ticket)) {
$sql = 'SELECT ticket_alert_subj,ticket_alert_body FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId()) . ' AND tpl_id=' . db_input($tplId);
if (($resp = db_query($sql)) && db_num_rows($resp) && (list($subj, $body) = db_fetch_row($resp))) {
$body = $ticket->replaceTemplateVars($body);
$subj = $ticket->replaceTemplateVars($subj);
$body = str_replace('%message', $var['issue'] ? $var['issue'] : $var['message'], $body);
if (!($email = $cfg->getAlertEmail())) {
$email = $cfg->getDefaultEmail();
}
if ($email && $email->getId()) {
$sentlist = array();
//Admin Alert.
if ($cfg->alertAdminONNewTicket()) {
$alert = str_replace("%staff", 'Admin', $body);
$email->send($cfg->getAdminEmail(), $subj, $alert);
$sentlist[] = $cfg->getAdminEmail();
}
//get the list
$recipients = array();
//Dept. Manager
if ($cfg->alertDeptManagerONNewTicket()) {
$recipients[] = $dept->getManager();
}
//Staff members
if ($cfg->alertDeptMembersONNewTicket()) {
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE onvacation=0 AND dept_id=' . db_input($dept->getId());
if (($users = db_query($sql)) && db_num_rows($users)) {
while (list($id) = db_fetch_row($users)) {
$recipients[] = new Staff($id);
}
}
}
foreach ($recipients as $k => $staff) {
if (!$staff || !is_object($staff) || !$staff->isAvailable()) {
continue;
}
if (in_array($staff->getEmail(), $sentlist)) {
continue;
}
//avoid duplicate emails.
$alert = str_replace("%staff", $staff->getFirstName(), $body);
$email->send($staff->getEmail(), $subj, $alert);
$sentlist[] = $staff->getEmail();
}
}
} else {
Sys::log(LOG_WARNING, 'Template Fetch Error', "Unable to fetch 'new ticket' alert template #{$tplId}");
}
}
}
return $ticket;
}
$this->addRuleMessage('unique', 'That {field} is already taken.');
}
/**
* Check if a value already exists in a database table.
*
* @param mixed $value
* @param array $input
* @param array $args
*
* @return bool
*/
public function validate_unique($value, $input, $args)
{
$table = $args[0];
$column = $args[1];
$value = trim($value);
$exists = $this->db->prepare("\n SELECT count(*) as count\n FROM {$table}\n WHERE {$column} = :value\n ");
$exists->execute(['value' => $value]);
return !(bool) $exists->fetchObject()->count;
}
}
//-- Any other file
// Some database dependency
$db = new PDO('mysql:dbname=project;host=localhost', 'root', 'root');
$v = new Validator($db);
$v->validate(['username' => ['alex', 'required|alpha|min(3)|max(20)|unique(users, username)'], 'email' => ['*****@*****.**', 'required|email|unique(users, email)']]);
if ($v->passes()) {
// Passed
} else {
var_dump($v->errors()->all());
}
$msg = _('Ticket Assigned to') . ' ' . ($staff ? $staff->getName() : _('staff'));
//Remove all the locks and go back to index page.
TicketLock::removeStaffLocks($thisuser->getId(), $ticket->getId());
$page = 'tickets.inc.php';
$ticket = null;
} elseif (!$errors['err']) {
$errors['err'] = _('Unable to assign the ticket');
}
break;
case 'postnote':
$fields = array();
$fields['title'] = array('type' => 'string', 'required' => 1, 'error' => _('Title required'));
$fields['note'] = array('type' => 'string', 'required' => 1, 'error' => _('Note message required'));
$params = new Validator($fields);
if (!$params->validate($_POST)) {
$errors = array_merge($errors, $params->errors());
}
if (!$errors && $ticket->postNote($_POST['title'], $_POST['note'])) {
$msg = _('Internal note posted');
if (isset($_POST['ticket_status']) && $_POST['ticket_status']) {
if ($ticket->setStatus($_POST['ticket_status']) && $ticket->reload()) {
$msg .= ' ' . _('and status set to') . ' ' . ($ticket->isClosed() ? _('closed') : _('open'));
if ($ticket->isClosed()) {
$page = $ticket = null;
}
//Going back to main listing.
}
}
} elseif (!$errors['err']) {
$errors['err'] = _('Error(s) occured. Unable to post the note.');
}
function update($var, &$errors)
{
global $cfg, $thisstaff;
$fields = array();
$fields['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required');
$fields['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Email is required');
$fields['note'] = array('type' => 'text', 'required' => 1, 'error' => 'Reason for the update required');
$fields['subject'] = array('type' => 'string', 'required' => 1, 'error' => 'Subject required');
$fields['topicId'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Selection');
$fields['pri'] = array('type' => 'int', 'required' => 0, 'error' => 'Invalid Priority');
$fields['phone'] = array('type' => 'phone', 'required' => 0, 'error' => 'Valid phone # required');
$fields['duedate'] = array('type' => 'date', 'required' => 0, 'error' => 'Invalid date - must be MM/DD/YY');
$params = new Validator($fields);
if (!$params->validate($var)) {
$errors = array_merge($errors, $params->errors());
}
if ($var['duedate']) {
if ($this->isClosed()) {
$errors['duedate'] = 'Duedate can NOT be set on a closed ticket';
} elseif (!$var['time'] || strpos($var['time'], ':') === false) {
$errors['time'] = 'Select time';
} elseif (strtotime($var['duedate'] . ' ' . $var['time']) === false) {
$errors['duedate'] = 'Invalid duedate';
} elseif (strtotime($var['duedate'] . ' ' . $var['time']) <= time()) {
$errors['duedate'] = 'Due date must be in the future';
}
}
//Make sure phone extension is valid
if ($var['phone_ext']) {
if (!is_numeric($var['phone_ext']) && !$errors['phone']) {
$errors['phone'] = 'Invalid phone ext.';
} elseif (!$var['phone']) {
//make sure they just didn't enter ext without phone #
$errors['phone'] = 'Phone number required';
}
}
$cleartopic = false;
$topicDesc = '';
if ($var['topicId'] && ($topic = new Topic($var['topicId'])) && $topic->getId()) {
$topicDesc = $topic->getName();
} elseif (!$var['topicId'] && $this->getTopicId()) {
$topicDesc = '';
$cleartopic = true;
}
if (!$errors) {
$sql = 'UPDATE ' . TICKET_TABLE . ' SET updated=NOW() ' . ',email=' . db_input($var['email']) . ',name=' . db_input(Format::striptags($var['name'])) . ',subject=' . db_input(Format::striptags($var['subject'])) . ',phone="' . db_input($var['phone'], false) . '"' . ',phone_ext=' . db_input($var['phone_ext'] ? $var['phone_ext'] : NULL) . ',priority_id=' . db_input($var['pri']) . ',topic_id=' . db_input($var['topicId']) . ',duedate=' . ($var['duedate'] ? db_input(date('Y-m-d G:i', Misc::dbtime($var['duedate'] . ' ' . $var['time']))) : 'NULL');
if ($var['duedate']) {
//We are setting new duedate...
$sql .= ',isoverdue=0';
}
if ($topicDesc || $cleartopic) {
//we're overwriting previous topic.
$sql .= ',helptopic=' . db_input($topicDesc);
}
$sql .= ' WHERE ticket_id=' . db_input($this->getId());
//echo $sql;
if (db_query($sql)) {
$this->postNote('Ticket Updated', $var['note']);
$this->reload();
return true;
}
}
return false;
}
function updatePref($var, &$errors)
{
if (!$var || $errors) {
return false;
}
$f = array();
$f['helpdesk_url'] = array('type' => 'string', 'required' => 1, 'error' => 'Assistência técnica URlnecessário');
//TODO: Add url validation
$f['helpdesk_title'] = array('type' => 'string', 'required' => 1, 'error' => 'Título da Assistência Técnica exigido');
$f['default_dept_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Departamento Padrão necessário');
$f['default_email_id'] = array('type' => 'int', 'required' => 1, 'error' => 'E-mail padrão exigido');
$f['default_template_id'] = array('type' => 'int', 'required' => 1, 'error' => 'Você deve selecionar modelo.');
$f['staff_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Digite tempo inativo em minutos');
$f['client_session_timeout'] = array('type' => 'int', 'required' => 1, 'error' => 'Digite tempo inativo em minutos');
$f['time_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato de tempo necessário');
//TODO: Add date format validation
$f['date_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato da data requerida');
$f['datetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato de data e hora necessária');
$f['daydatetime_format'] = array('type' => 'string', 'required' => 1, 'error' => 'Formato dia, data e hora necessária');
$f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'E-mail válido necessário');
$f['autolock_minutes'] = array('type' => 'int', 'required' => 1, 'error' => 'Digite o tempo de bloqueio em minutos');
//TODO: check option fields for validity.
//do the validation.
$val = new Validator();
$val->setFields($f);
if (!$val->validate($var)) {
$errors = array_merge($errors, $val->errors());
}
if ($var['ticket_alert_active'] && (!isset($var['ticket_alert_admin']) && !isset($var['ticket_alert_dept_manager']) && !isset($var['ticket_alert_dept_members']))) {
$errors['ticket_alert_active'] = 'Sem destinatário(s) selecionado';
}
if ($var['message_alert_active'] && (!isset($var['message_alert_laststaff']) && !isset($var['message_alert_assigned']) && !isset($var['message_alert_dept_manager']))) {
$errors['message_alert_active'] = 'Sem destinatário(s) selecionado';
}
if ($var['note_alert_active'] && (!isset($var['note_alert_laststaff']) && !isset($var['note_alert_assigned']) && !isset($var['note_alert_dept_manager']))) {
$errors['note_alert_active'] = 'Sem destinatário(s) selecionado';
}
if ($var['strip_quoted_reply'] && !$var['reply_separator']) {
$errors['reply_separator'] = 'Separador de resposta necessário (?)';
}
if ($var['enable_captcha']) {
if (!extension_loaded('gd')) {
$errors['enable_captcha'] = 'Extensão GD necessária';
} elseif (!function_exists('imagepng')) {
$errors['enable_captcha'] = 'Suporte PNG necessário para a imagem captcha';
}
}
if (!$errors['admin_email'] && Email::getIdByEmail($var['admin_email'])) {
//Make sure admin email is not also a system email.
$errors['admin_email'] = 'E-mail já está configurado como e-mail do sistema';
}
if ($errors) {
return false;
}
//No go!
//We are good to go...blanket update!
$sql = 'UPDATE ' . CONFIG_TABLE . ' SET isonline=' . db_input($var['isonline']) . ',timezone_offset=' . db_input($var['timezone_offset']) . ',enable_daylight_saving=' . db_input(isset($var['enable_daylight_saving']) ? 1 : 0) . ',staff_ip_binding=' . db_input(isset($var['staff_ip_binding']) ? 1 : 0) . ',staff_max_logins=' . db_input($var['staff_max_logins']) . ',staff_login_timeout=' . db_input($var['staff_login_timeout']) . ',staff_session_timeout=' . db_input($var['staff_session_timeout']) . ',client_max_logins=' . db_input($var['client_max_logins']) . ',client_login_timeout=' . db_input($var['client_login_timeout']) . ',client_session_timeout=' . db_input($var['client_session_timeout']) . ',max_page_size=' . db_input($var['max_page_size']) . ',log_level=' . db_input($var['log_level']) . ',log_graceperiod=' . db_input($var['log_graceperiod']) . ',max_open_tickets=' . db_input($var['max_open_tickets']) . ',autolock_minutes=' . db_input($var['autolock_minutes']) . ',overdue_grace_period=' . db_input($var['overdue_grace_period']) . ',alert_email_id=' . db_input($var['alert_email_id']) . ',default_email_id=' . db_input($var['default_email_id']) . ',default_dept_id=' . db_input($var['default_dept_id']) . ',default_priority_id=' . db_input($var['default_priority_id']) . ',default_template_id=' . db_input($var['default_template_id']) . ',default_smtp_id=' . db_input($var['default_smtp_id']) . ',spoof_default_smtp=' . db_input($var['default_smtp'] && isset($var['spoof_default_smtp']) ? 1 : 0) . ',clickable_urls=' . db_input(isset($var['clickable_urls']) ? 1 : 0) . ',allow_priority_change=' . db_input(isset($var['allow_priority_change']) ? 1 : 0) . ',use_email_priority=' . db_input(isset($var['use_email_priority']) ? 1 : 0) . ',enable_captcha=' . db_input(isset($var['enable_captcha']) ? 1 : 0) . ',enable_auto_cron=' . db_input(isset($var['enable_auto_cron']) ? 1 : 0) . ',enable_mail_fetch=' . db_input(isset($var['enable_mail_fetch']) ? 1 : 0) . ',enable_email_piping=' . db_input(isset($var['enable_email_piping']) ? 1 : 0) . ',send_sql_errors=' . db_input(isset($var['send_sql_errors']) ? 1 : 0) . ',send_login_errors=' . db_input(isset($var['send_login_errors']) ? 1 : 0) . ',save_email_headers=' . db_input(isset($var['save_email_headers']) ? 1 : 0) . ',strip_quoted_reply=' . db_input(isset($var['strip_quoted_reply']) ? 1 : 0) . ',log_ticket_activity=' . db_input(isset($var['log_ticket_activity']) ? 1 : 0) . ',ticket_autoresponder=' . db_input($var['ticket_autoresponder']) . ',message_autoresponder=' . db_input($var['message_autoresponder']) . ',ticket_notice_active=' . db_input($var['ticket_notice_active']) . ',ticket_alert_active=' . db_input($var['ticket_alert_active']) . ',ticket_alert_admin=' . db_input(isset($var['ticket_alert_admin']) ? 1 : 0) . ',ticket_alert_dept_manager=' . db_input(isset($var['ticket_alert_dept_manager']) ? 1 : 0) . ',ticket_alert_dept_members=' . db_input(isset($var['ticket_alert_dept_members']) ? 1 : 0) . ',message_alert_active=' . db_input($var['message_alert_active']) . ',message_alert_laststaff=' . db_input(isset($var['message_alert_laststaff']) ? 1 : 0) . ',message_alert_assigned=' . db_input(isset($var['message_alert_assigned']) ? 1 : 0) . ',message_alert_dept_manager=' . db_input(isset($var['message_alert_dept_manager']) ? 1 : 0) . ',note_alert_active=' . db_input($var['note_alert_active']) . ',note_alert_laststaff=' . db_input(isset($var['note_alert_laststaff']) ? 1 : 0) . ',note_alert_assigned=' . db_input(isset($var['note_alert_assigned']) ? 1 : 0) . ',note_alert_dept_manager=' . db_input(isset($var['note_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_active=' . db_input($var['overdue_alert_active']) . ',overdue_alert_assigned=' . db_input(isset($var['overdue_alert_assigned']) ? 1 : 0) . ',overdue_alert_dept_manager=' . db_input(isset($var['overdue_alert_dept_manager']) ? 1 : 0) . ',overdue_alert_dept_members=' . db_input(isset($var['overdue_alert_dept_members']) ? 1 : 0) . ',auto_assign_reopened_tickets=' . db_input(isset($var['auto_assign_reopened_tickets']) ? 1 : 0) . ',show_assigned_tickets=' . db_input(isset($var['show_assigned_tickets']) ? 1 : 0) . ',show_answered_tickets=' . db_input(isset($var['show_answered_tickets']) ? 1 : 0) . ',hide_staff_name=' . db_input(isset($var['hide_staff_name']) ? 1 : 0) . ',overlimit_notice_active=' . db_input($var['overlimit_notice_active']) . ',random_ticket_ids=' . db_input($var['random_ticket_ids']) . ',time_format=' . db_input($var['time_format']) . ',date_format=' . db_input($var['date_format']) . ',datetime_format=' . db_input($var['datetime_format']) . ',daydatetime_format=' . db_input($var['daydatetime_format']) . ',reply_separator=' . db_input(trim($var['reply_separator'])) . ',admin_email=' . db_input($var['admin_email']) . ',helpdesk_title=' . db_input($var['helpdesk_title']) . ',helpdesk_url=' . db_input($var['helpdesk_url']) . ' WHERE id=' . $this->getId();
//echo $sql;
if (db_query($sql)) {
if (db_affected_rows()) {
//Something actually changed!!!!
$this->reload();
//Reload the new info.
require_once INCLUDE_DIR . 'class.cron.php';
Sys::purgeLogs();
//Cleanup the logs --- too bad if it was a mistaken config.
Cron::TicketMonitor();
//Age & cleanup
}
return true;
}
return false;
}
<?php
require_once 'app/init.php';
if (!empty($_POST)) {
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$validator = new Validator($database, $errorHandler);
$validation = $validator->check($_POST, ['email' => ['required' => true, 'maxlength' => 255, 'unique' => 'tblTeamMembers', 'email' => true], 'username' => ['required' => true, 'minlength' => 3, 'unique' => 'tblTeamMembers'], 'password' => ['required' => true, 'minlength' => 5]]);
if ($validation->fails()) {
echo '<pre>', print_r($validator->errors()->all(), true), '</pre>';
} else {
$created = $auth->create(['Email_Address' => $email, 'Login_Name' => $username, 'Web_Password' => $password]);
if ($created) {
header('Location:index.php');
}
//echo $hash->make($password);
//echo $hash->make($_POST['password']);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Sign In</title>
</head>
<body>
<form action="signup.php" method="post">
Add user
*/
Route::get('admin/users/add', function () {
$vars['messages'] = Notify::read();
$vars['token'] = Csrf::token();
$vars['statuses'] = array('inactive' => __('global.inactive'), 'active' => __('global.active'));
$vars['roles'] = array('administrator' => __('global.administrator'), 'editor' => __('global.editor'), 'user' => __('global.user'));
return View::create('users/add', $vars)->partial('header', 'partials/header')->partial('footer', 'partials/footer');
});
Route::post('admin/users/add', function () {
$input = Input::get(array('username', 'email', 'real_name', 'password', 'bio', 'status', 'role'));
$validator = new Validator($input);
$validator->check('username')->is_max(3, __('users.username_missing', 2));
$validator->check('email')->is_email(__('users.email_missing'));
$validator->check('password')->is_max(6, __('users.password_too_short', 6));
if ($errors = $validator->errors()) {
Input::flash();
Notify::error($errors);
return Response::redirect('admin/users/add');
}
$input['password'] = Hash::make($input['password']);
User::create($input);
Notify::success(__('users.created'));
return Response::redirect('admin/users');
});
/*
Delete user
*/
Route::get('admin/users/delete/(:num)', function ($id) {
$self = Auth::user();
if ($self->id == $id) {
$f = array();
$f['title'] = array('type' => 'string', 'required' => 1, 'error' => 'Title required');
$f['url'] = array('type' => 'url', 'required' => 1, 'error' => 'URL required.');
$f['sysemail'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['username'] = array('type' => 'username', 'required' => 1, 'error' => 'Username required');
$f['password'] = array('type' => 'password', 'required' => 1, 'error' => 'Password required');
$f['password2'] = array('type' => 'password', 'required' => 1, 'error' => 'Confirm password');
$f['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['dbhost'] = array('type' => 'string', 'required' => 1, 'error' => 'Hostname required');
$f['dbname'] = array('type' => 'string', 'required' => 1, 'error' => 'Database name required');
$f['dbuser'] = array('type' => 'string', 'required' => 1, 'error' => 'Username required');
$f['dbpass'] = array('type' => 'string', 'required' => 1, 'error' => 'password required');
$f['prefix'] = array('type' => 'string', 'required' => 1, 'error' => 'Table prefix required');
$validate = new Validator($f);
if (!$validate->validate($_POST)) {
$errors = array_merge($errors, $validate->errors());
}
if ($_POST['sysemail'] && $_POST['email'] && !strcasecmp($_POST['sysemail'], $_POST['email'])) {
$errors['email'] = 'Conflicts with system email above';
}
if (!$errors && strcasecmp($_POST['password'], $_POST['password2'])) {
$errors['password2'] = 'passwords to not match!';
}
//Check table prefix underscore required at the end!
if ($_POST['prefix'] && substr($_POST['prefix'], -1) != '_') {
$errors['prefix'] = 'Bad prefix. Must have underscore (_) at the end. e.g \'ost_\'';
}
//Connect to the DB
if (!$errors && !db_connect($_POST['dbhost'], $_POST['dbuser'], $_POST['dbpass'])) {
$errors['mysql'] = 'Unable to connect to MySQL server. Possibly invalid login info. <br>';
}
/**
* Get error message of a field
*
* @param $fieldKey
* @return mixed
*/
public static function error($fieldKey, $template = NULL)
{
if (!session_id()) {
session_start();
}
if (isset($_SESSION[SESSION_DATA_KEY])) {
if (count($_SESSION[SESSION_DATA_KEY]) > 0) {
self::$errors = $_SESSION[SESSION_DATA_KEY];
unset($_SESSION[SESSION_DATA_KEY]);
}
}
if (isset(self::$errors[$fieldKey])) {
$message = self::$errors[$fieldKey];
if (!is_null($template)) {
$message = str_ireplace(":message", $message, $template);
}
return $message;
}
return '';
}
public function callAction()
{
if (isset($_POST)) {
$data = [];
try {
if (!isset($_POST['name'])) {
throw new Exception('name');
}
$data['name'] = htmlspecialchars($_POST['name']);
if (!isset($_POST['phone'])) {
throw new Exception('phone');
}
$data['phone'] = htmlspecialchars($_POST['phone']);
if (!isset($_POST['email'])) {
throw new Exception('email');
}
$data['email'] = htmlspecialchars($_POST['email']);
if (!isset($_POST['comment'])) {
throw new Exception('comment');
}
$data['comment'] = htmlspecialchars($_POST['comment']);
if (!isset($_POST['address'])) {
throw new Exception('honeyPot');
}
$honeyPot = htmlspecialchars($_POST['address']);
$data['honeyPot'] = $honeyPot;
// Проверка на бота
if ($honeyPot != '') {
$this->errorAction(1001, 'Custom system error', ['honeyPot' => 'honeyPot']);
}
// Валидация
$v = new Validator(['name' => $data['name'], 'phone' => $data['phone'], 'email' => $data['email'], 'comment' => $data['comment']]);
$v->rule('required', 'comment')->message('comment!');
$v->rule('required', 'name')->message('name!');
$v->rule('regex', 'name', '/^([a-zа-я\\s\\-]+)$/iu')->message('name!!');
$v->rule('required', 'phone')->message('phone!');
$v->rule('phone', 'phone')->message('phone!!');
$v->rule('required', 'email')->message('email!');
$v->rule('email', 'email')->message('email!!');
if ($v->validate()) {
$msg = template('email/call', $data);
$title = "Вопрос с сайта " . DOMAIN;
$mail = new SendMail();
$mail->init();
$mail->setEncoding("utf8");
$mail->setEncType("base64");
$mail->setSubject($title);
$mail->setMessage($msg);
$mail->setFrom("noreply@" . DOMAIN, "eko");
$emails = MSCore::db()->getCol('SELECT `mail` FROM `' . PRFX . 'mailer`');
foreach ($emails as $email) {
$mail->setTo($email);
$mail->send();
}
$sql = "\n INSERT INTO mp_list(`title`,`text`)\n VALUES('" . $title . "','" . $msg . "');\n ";
MSCore::db()->execute($sql);
$this->addData(['succes' => 'Ok']);
$this->successAction();
} else {
$errors = $v->errors();
foreach ($errors as $_name => $_error) {
if (is_array($_error)) {
$errors[$_name] = reset($_error);
}
}
$this->errorAction(1001, 'Custom system error', ['data' => $data, 'error' => $errors]);
}
} catch (Exception $exception) {
$error = $exception->getMessage();
$this->errorAction(1001, 'Custom system error', ['error' => $error, 'postArgument' => 'noPostArgument']);
}
}
}
