function createShowPropertyList(&$alist)
{
$nalist = ticket::createListAlist($this->getParentO(), 'ticket');
foreach ($nalist as $a) {
$alist['property'][] = "goback=1&{$a}";
}
}
function generate($id)
{
ticket::cleanup();
mt_srand(time());
$ticket = md5(mt_rand());
$res = sql::query("\r\n\t\t\t\tINSERT INTO\r\n\t\t\t\t\t" . _TABLE_PREFIX_ . "tickets\r\n\t\t\t\tSET\r\n\t\t\t\t\t`ticket` = '" . addslashes($ticket) . "',\r\n\t\t\t\t\t`id` = '" . addslashes($id) . "',\r\n\t\t\t\t\t`generated` = NOW()\r\n\t\t\t");
return $ticket;
}
static function createListAlist($parent)
{
$nalist = ticket::createListAlist($parent, 'ticket');
foreach ($nalist as $a) {
$alist[] = "goback=1&{$a}";
}
return $alist;
}
function action_settings($args)
{
global $manager, $tree, $user, $lang;
/* Get all admins */
$admins = $manager->adminHandlers;
/* Sort admins based on position */
$compare_position = create_function('$a, $b', 'return ($a["position"] == $b["position"]) ? 0 : (($a["position"] < $b["position"]) ? -1 : 1);');
uasort($admins, $compare_position);
/* Decode arguments */
$current = '';
if (count($args)) {
$current = array_shift($args);
}
if ($current == '' && count($admins)) {
$current = key($admins);
}
reset($admins);
// Setup template
$page = new admin();
// Notify plugins of a PreSkinParse event;
$data = array('page' => &$page, 'template' => &$page->template, 'type' => 'admin', 'params' => array('action' => 'admin', 'args' => $args));
$manager->handleEvent('PreSkinParse', $data);
// Handle authorisation
$ticket = false;
if (isset($_REQUEST['ticket'])) {
if (ticket::authorize($_REQUEST['ticket']) == $current) {
$ticket = true;
}
}
if ($ticket || $user->root() || $user->admin() && $admins[$current]['public']) {
$t = new Template($this->getTemplate('tab.template'));
$t->set('tabs', $admins);
$t->set('current', $current);
$page->template->set('tabs', $t->fetch());
$manager->handleAdmin($current, $data);
$page->show();
} else {
header('Location: ' . url::root());
exit;
}
}
<?php
/*
* Author: Sari Haj Hussein
*/
session_start();
if (!isset($_SESSION['login']) || !$_SESSION['login'] == "yes" || $_SESSION['userlevel'] != 3) {
header("Location: index.php");
exit;
}
include 'classes/ticket.php';
include 'classes/staff.php';
$ticket = new ticket();
$ticket->db_open();
if (isset($_POST['deldepartment']) || isset($_POST['adddepartment']) || isset($_POST['delproduct']) || isset($_POST['addproduct'])) {
$staff = new staff();
$staff->db_open();
if (isset($_POST['deldepartment'])) {
$edit = $staff->edit_departments($_POST['deldepartment'], 'del');
} elseif (isset($_POST['adddepartment'])) {
$edit = $staff->edit_departments($_POST['adddepartment'], 'add');
} elseif (isset($_POST['delproduct'])) {
$edit = $staff->edit_products($_POST['delproduct'], 'del');
} elseif (isset($_POST['addproduct'])) {
$edit = $staff->edit_products($_POST['addproduct'], 'add');
}
if ($edit) {
$successmsg = "Operation successfull";
} else {
$errormsg = $staff->get_error();
}
*
* @copyright (c) the authors
* @author Florian Lippert <*****@*****.**> (2003-2009)
* @author Froxlor team <*****@*****.**> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
/**
* ARCHIVING CLOSED TICKETS
*/
fwrite($debugHandler, 'Ticket-archiving run started...' . "\n");
$result_tickets = $db->query("SELECT `id`, `lastchange`, `subject` FROM `" . TABLE_PANEL_TICKETS . "` \n WHERE `status` = '3' AND `answerto` = '0';");
$archiving_count = 0;
while ($row_ticket = $db->fetch_array($result_tickets)) {
$lastchange = $row_ticket['lastchange'];
$now = time();
$days = (int) (($now - $lastchange) / 86400);
if ($days >= $settings['ticket']['archiving_days']) {
fwrite($debugHandler, 'archiving ticket "' . $row_ticket['subject'] . '" (ID #' . $row_ticket['id'] . ')' . "\n");
$mainticket = ticket::getInstanceOf(null, $db, $settings, (int) $row_ticket['id']);
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '1', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$mainticket->Archive();
$archiving_count++;
}
}
fwrite($debugHandler, 'Archived ' . $archiving_count . ' tickets' . "\n");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . '` SET `value` = UNIX_TIMESTAMP() WHERE `settinggroup` = \'system\' AND `varname` = \'last_archive_run\' ');
$page = 'viewticket.inc.php';
}
//Default - view
if (!$errors && $_REQUEST['a'] == 'edit') {
//If it's an edit check permission.
if ($thisuser->canEditTickets() || $thisuser->isManager() && $ticket->getDeptId() == $thisuser->getDeptId()) {
$page = 'editticket.inc.php';
} else {
$errors['err'] = 'Access denied. You are not allowed to edit this ticket. Contact admin if you believe this is in error';
}
}
} elseif ($_REQUEST['a'] == 'open') {
//TODO: Check perm here..
$page = 'newticket.inc.php';
} elseif ($_REQUEST['a'] == 'actualclose') {
$ticket = new ticket($_SESSION['ticketId']);
if (!$ticket || !$thisuser->canEditTickets()) {
//$ticket=new ticket($_SESSION['ticketId']);
//if(!$ticket )
$errors['err'] = 'Perm. Denied. You are not allowed to edit tickets';
} elseif ($ticket->updateinfo($_POST, $errors) && $ticket->close()) {
$msg = 'Ticket updated and closed successfully';
$page = $ticket = null;
} elseif (!$errors['err']) {
$errors['err'] = 'Error(s) occured! Try again.';
}
}
//At this stage we know the access status. we can process the post.
if ($_GET['action'] == "assign") {
$assign_message = "Ticket claimed by user " . $_GET['assign_message'];
if (!$thisuser->isadmin() && !$thisuser->isManager() && $thisuser->getId() != $ticket->getStaffId() && !$thisuser->isStaff()) {
<li><a href="index.php">Scan</a></li>
<li class="active">Search</li>
</ol>
<div class="page-header">
<h1>Ticket search</h1>
</div>
<?php
if (!is_admin()) {
echo "<div class='alert alert-danger'>You must be an administrator to view this page!</div>";
die;
}
if (isset($_GET['searchby'])) {
$ticket = new ticket();
switch ($_GET['searchby']) {
default:
return;
break;
case 'barcode':
$tickets = $ticket->searchTickets('barcode', $_POST['barcode']);
break;
case 'name':
$tickets = $ticket->searchTickets('name', $_POST['name']);
break;
case 'email':
$tickets = $ticket->searchTickets('email', $_POST['email']);
break;
}
?>
function event_ExecuteEditor(&$data)
{
global $lang, $manager;
if (isset($manager->types[$data['type']]['content']['movie']) && $data['sheet'] == 'movie') {
if (isset($_REQUEST['json']) && $_REQUEST['json'] == 'list') {
$res = sql::query("\r\n\t\t\t\t\t\tSELECT\r\n\t\t\t\t\t\t\t*\r\n\t\t\t\t\t\tFROM\r\n\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_movie\r\n\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND\r\n\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "'\r\n\t\t\t\t\t");
$tpl = new Template($this->getTemplate('json.template'));
if ($movie = sql::fetch_array($res)) {
$tpl->set("movie", $movie);
}
echo $tpl->fetch();
exit;
}
if (isset($_REQUEST['json']) && $_REQUEST['json'] == 'delete') {
$res = sql::query("\r\n\t\t\t\t\t\tSELECT \r\n\t\t\t\t\t\t\t* \r\n\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_movie\r\n\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND\r\n\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "'\r\n\t\t\t\t\t");
if ($row = sql::fetch_array($res)) {
$directory = _BASE_MEDIA_ . 'movies/';
if (file_exists($directory . $row['filename'])) {
unlink($directory . $row['filename']);
}
$res = sql::query("\r\n\t\t\t\t\t\t\tDELETE FROM \r\n\t\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_movie\r\n\t\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND\r\n\t\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "'\r\n\t\t\t\t\t\t");
}
// Mark this action as a modification
revisions::updateModificationDate($data['params']['id'], $data['params']['revision']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
/* Upload */
if (isset($_FILES['Filedata'])) {
if ($_FILES['Filedata']['error'] == UPLOAD_ERR_OK && is_uploaded_file($_FILES['Filedata']['tmp_name'])) {
$directory = _BASE_MEDIA_ . 'movies/';
$original = $_FILES['Filedata']['name'];
$contenttype = files::getCleanContentType($_FILES['Filedata']['type'], $_FILES['Filedata']['name']);
$filename = files::getUniqueName($contenttype, $directory);
if (files::allowedContentType($contenttype, 'movie')) {
// Insert into database...
move_uploaded_file($_FILES['Filedata']['tmp_name'], $directory . $filename);
$res = sql::query("\r\n\t\t\t\t\t\t\t\t\tINSERT INTO\r\n\t\t\t\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_movie \r\n\t\t\t\t\t\t\t\t\tSET \r\n\t\t\t\t\t\t\t\t\t\tID='" . $data['params']['id'] . "', \r\n\t\t\t\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "',\r\n\t\t\t\t\t\t\t\t\t\tfilename='" . addslashes($filename) . "', \r\n\t\t\t\t\t\t\t\t\t\tname='" . addslashes($original) . "',\r\n\t\t\t\t\t\t\t\t\t\ttype='" . addslashes($contenttype) . "', \r\n\t\t\t\t\t\t\t\t\t\tsize='" . addslashes($_FILES['Filedata']['size']) . "',\r\n\t\t\t\t\t\t\t\t\t\twidth=320,\r\n\t\t\t\t\t\t\t\t\t\theight=240,\r\n\t\t\t\t\t\t\t\t\t\tautostart=0\r\n\t\t\t\t\t\t\t\t");
// Mark this action as a modification
revisions::updateModificationDate($data['params']['id'], $data['params']['revision']);
// Workaround for a Flash bug on OS X.. We need to send back content... any content will do
echo " ";
flush();
exit;
} else {
header("HTTP/1.1 415 Unsupported Media Type");
header("Status: 415 Unsupported Media Type");
exit;
}
} else {
switch ($_FILES['Filedata']['error']) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
header("HTTP/1.1 413 Request Entity Too Large");
header("Status: 413 Request Entity Too Large");
exit;
case UPLOAD_ERR_NO_FILE:
case UPLOAD_ERR_PARTIAL:
default:
header("HTTP/1.1 400 Bad Request");
header("Status: 400 Bad Request");
exit;
}
}
} else {
// Update size and autostart
$autostart = isset($_REQUEST['autostart']) ? intval($_REQUEST['autostart']) : 0;
$width = isset($_REQUEST['size']) ? intval($_REQUEST['size']) : 320;
switch ($width) {
case 320:
$height = 240;
case 640:
$height = 480;
default:
$height = round($width / 4 * 3);
}
$res = sql::query("\r\n\t\t\t\t\t\t\tUPDATE\r\n\t\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_movie\r\n\t\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t\twidth='" . addslashes($width) . "',\r\n\t\t\t\t\t\t\t\theight='" . addslashes($height) . "',\r\n\t\t\t\t\t\t\t\tautostart='" . addslashes($autostart) . "'\r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND\r\n\t\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "'\r\n\t\t\t\t\t\t");
}
// Mark this action as a modification
revisions::updateModificationDate($data['params']['id'], $data['params']['revision']);
header("Location: " . url::item($data['params']['id'], 'edit') . "/movie?revision=" . $data['params']['revision']);
exit;
}
$res = sql::query("\r\n\t\t\t\t\tSELECT\r\n\t\t\t\t\t\t*\r\n\t\t\t\t\tFROM\r\n\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_movie\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND\r\n\t\t\t\t\t\trevision='" . $data['params']['revision'] . "'\r\n\t\t\t\t");
$tpl = new Template($this->getTemplate('editor.template'));
if ($movie = sql::fetch_array($res)) {
$tpl->set("movie", $movie);
}
$tpl->set("id", $data['params']['id']);
$tpl->set("revision", $data['params']['revision']);
$tpl->set("filemask", files::getFilemask('movie'));
$tpl->set("ticket", ticket::generate($data['params']['id']));
$data['template']->append('content', $tpl->fetch());
// Make sure the following assets are included
$data['page']->assets->registerJavascript('/core/assets/javascript/plugin.js');
$data['page']->assets->registerJavascript('/core/assets/javascript/flash.js');
$data['page']->assets->registerJavascript('/core/assets/javascript/upload.js');
$data['page']->assets->registerJavascript('/core/assets/javascript/progress.js');
$data['page']->assets->registerJavascript($this->localAsset('editor.js'));
$data['page']->assets->registerJavascript($this->localAsset('player.js'));
}
}
*
* @copyright (c) the authors
* @author Florian Lippert <*****@*****.**> (2003-2009)
* @author Froxlor team <*****@*****.**> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
*/
/**
* ARCHIVING CLOSED TICKETS
*/
fwrite($debugHandler, 'Ticket-archiving run started...' . "\n");
$result_tickets_stmt = Database::query("\n\tSELECT `id`, `lastchange`, `subject` FROM `" . TABLE_PANEL_TICKETS . "`\n\tWHERE `status` = '3' AND `answerto` = '0';");
$archiving_count = 0;
while ($row_ticket = $result_tickets_stmt->fetch(PDO::FETCH_ASSOC)) {
$lastchange = $row_ticket['lastchange'];
$now = time();
$days = (int) (($now - $lastchange) / 86400);
if ($days >= Settings::Get('ticket.archiving_days')) {
fwrite($debugHandler, 'archiving ticket "' . $row_ticket['subject'] . '" (ID #' . $row_ticket['id'] . ')' . "\n");
$mainticket = ticket::getInstanceOf(null, (int) $row_ticket['id']);
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '1', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$mainticket->Archive();
$archiving_count++;
}
}
fwrite($debugHandler, 'Archived ' . $archiving_count . ' tickets' . "\n");
Database::query("\n\tUPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = UNIX_TIMESTAMP()\n\tWHERE `settinggroup` = 'system' AND `varname` = 'last_archive_run'");
public static function GETticketListbyorder($order_ids)
{
$ticketList = ticket::model()->findAllByAttributes(array("order_id" => $order_ids));
return $ticketList;
}
$file = $this->query("SELECT * from files WHERE id='{$id}'")[0];
$ticket = $this->query("SELECT * from tickets WHERE id='{$file['ticket_id']}'")[0];
if (!$this->isMyTicket($ticket)) {
$this->failJson("Access Denied", "This is not your file!");
}
$this->mailCompany($ticket['company_id'], "[#{$ticket['id']}] Attachment Sent: {$file['file_title']}", "Please find the following attachment: {$file['file_title']}", $ticket['queue_id'], $file['file_loc']);
$json = [];
$json['gtitle'] = "File E-mailed";
$json['gbody'] = "File emailed to email address on file.";
$json['action'] = 'reassignsource';
$json['elementval'] = "<i class='icon-share'></i>";
$this->jsone('success', $json);
}
}
// class
$mod = new ticket();
if (isset($_GET['view'])) {
$mod->showTicket($_GET);
} else {
if (isset($_POST['createReply'])) {
$mod->saveReply($_POST);
} else {
if (isset($_POST['createAttachment'])) {
$mod->saveAttachment($_POST);
} else {
if (isset($_GET['close'])) {
$mod->closeTicket($_GET);
} else {
if (isset($_POST['updateStanding'])) {
$mod->updateStanding($_POST);
} else {
<?php
require_once 'header.php';
?>
<?php
if (!is_admin()) {
echo "<div class='alert alert-danger'>You must be an administrator to view this page!</div>";
die;
}
?>
<?php
if (isset($_GET['import'])) {
$ticket = new ticket();
echo $ticket->importTickets($_POST['data']);
}
?>
<div class="page-header">
<h1>Import tickets</h1>
</div>
<p>Paste your ticket data here, separated by a comma. One barcode+name pair per line.
<pre>firstname,barcode</pre>
</p>
<form class="form" action="import.php?import" method="POST">
<textarea class="form-control" rows="15" name="data"></textarea>
<button type="submit" class="btn btn-default">Submit</button>
</form>
protected function selectTikectsList()
{
return ticket::selectRaw('tickets.*, ' . '(SELECT COUNT(*) FROM ticket_comments WHERE ticket_comments.ticket_id = tickets.id) as num_comments,' . '(SELECT COUNT(*) FROM ticket_votes WHERE ticket_votes.ticket_id = tickets.id) as num_votes')->with('author');
}
<?php
/*
* Author: Sari Haj Hussein
*/
session_start();
if (!isset($_SESSION['login']) || $_SESSION['login'] != "yes" || $_SESSION['login'] == "") {
header("Location: login.php");
exit;
}
include 'classes/ticket.php';
$ticket = new ticket();
$ticket->db_open();
$departments = $ticket->get_departments();
$products = $ticket->get_products();
if (isset($_POST['department'])) {
$product = $_POST['product'];
$department = $_POST['department'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$addticket = $ticket->add_ticket($_SESSION['uid'], $message, $subject, $product, $department);
if (!$addticket) {
$errormsg = htmlspecialchars($user->get_error(), ENT_QUOTES);
} else {
header('Location: http://' . $_SERVER['SERVER_NAME'] . '/newticket/view.php?tid=' . $addticket);
}
}
?>
<!DOCTYPE html>
<html>
<?php
require_once '../model/ticketModel.php';
$ticket = new ticket();
$ticketModel = new ticketModel();
$name = $email = $id_user = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST['name'];
$email = $_POST['email'];
$id_user = $_POST['user_id'];
}
$ticket->setid_user($id_user);
$ticket->setname($name);
$ticket->setemail($email);
$text = '<b>' . $_POST['sujet'] . '</b><br> ' . $_POST['text'];
$ticket->settext($text);
$ticketModel->ajouterTicket($ticket);
$url = $_SERVER['HTTP_REFERER'];
header('location:' . $url);
?>
<br>
Barcode column: <?php
echo TICKET_COL;
?>
<br>
Scanned boolean column: <?php
echo SCAN_COL;
?>
<br>
Strict barcode checking is: <?php
echo !STRICT_CHECKING ? 'Disabled' : 'Enabled';
?>
<br>
<?php
$ticket = new ticket();
$barcode = 'ZZZ111111111';
echo testCheck("Successful import", $ticket->importTickets("Testing,{$barcode}"), 3);
echo testCheck('Valid scan', $ticket->scanTicket($barcode, 'nick'), 3);
echo testCheck('Duplicate scan', $ticket->scanTicket($barcode, 'nick'), 1);
echo testCheck('Empty barcode', $ticket->scanTicket('', 'nick'), 0);
echo testCheck('Invalid barcode', $ticket->scanTicket('asdfghjkl', 'nick'), 0);
echo testCheck('Empty user', $ticket->scanTicket($barcode, ''), 2);
echo testCheck('Empty user, empty barcode', $ticket->scanTicket('', ''), 2);
$db = new database();
$db->query("DELETE FROM tbl_ticket WHERE tbl_ticket.barcode = '{$barcode}'");
$db->execute();
?>
</pre>
/*
* END REDUNDANT CODE (CRONSCRIPT "HEADER")
*/
/*
* ARCHIVING CLOSED TICKETS
*/
fwrite($debugHandler, 'Ticket-archiving run started...' . "\n");
$result_tickets = $db->query('SELECT `id`, `lastchange`, `subject` FROM `' . TABLE_PANEL_TICKETS . "` \n WHERE `status` = '3' AND `answerto` = '0';");
$archiving_count = 0;
while ($row_ticket = $db->fetch_array($result_tickets)) {
$lastchange = $row_ticket['lastchange'];
$now = time();
$days = (int) (($now - $lastchange) / 86400);
if ($days >= $settings['ticket']['archiving_days']) {
fwrite($debugHandler, 'archiving ticket "' . $row_ticket['subject'] . '" (ID #' . $row_ticket['id'] . ')' . "\n");
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int) $row_ticket['id']);
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '1', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$mainticket->Archive();
++$archiving_count;
}
}
fwrite($debugHandler, 'Archived ' . $archiving_count . ' tickets' . "\n");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . '` SET `value` = UNIX_TIMESTAMP() WHERE `settinggroup` = \'system\' AND `varname` = \'last_archive_run\' ');
/**
* STARTING CRONSCRIPT FOOTER.
*/
include $pathtophpfiles . '/lib/cron_shutdown.php';
/*
$email->message = $message;
preg_match("/.*\\[ticket:([^:]*):([^:]*)\\].*/i", $subject, $matches);
print_r($matches);
if (!$matches) {
$param['subject'] = $subject;
$param['descr_f'] = $message;
$param['sent_to'] = 'client-admin';
$param['category'] = 'complaint';
$param['priority'] = 'medium';
$csq = new Sqlite(null, 'client');
$c = $csq->getRowsWhere("contactemail = '{$smallfrom}'", array('nname'));
if ($c) {
$clientname = $c[0]['nname'];
$client = new Client(null, null, $clientname);
$client->get();
$param = ticket::add($client, 'ticket', $param);
$tick = new Ticket(null, null, $param['nname']);
$tick->create($param);
$tick->postAdd();
$tick->was();
} else {
$m = "There is no user with your from address in the system.";
$m .= "-------------------\n.........{$content}";
mail($smallfrom, "HelpDesk Failed", $m);
}
exit;
}
$ticketid = $matches[2];
$pclass = "client";
$pname = $matches[1];
if (cse($pname, ".vm")) {
function event_ExecuteEditor(&$data)
{
global $lang, $manager;
if (isset($manager->types[$data['type']]['content']['files']) && ($data['sheet'] == 'attachments' || $data['sheet'] == 'files')) {
if (isset($_REQUEST['json']) && $_REQUEST['json'] == 'list') {
$tpl = new Template($this->getTemplate('json.template'));
if ($data['sheet'] == 'files') {
$tpl->set("files", $this->_files_list($data['params']['id'], $data['params']['revision']));
} else {
$tpl->set("files", $this->_attachments_list($data['params']['id'], $data['params']['revision']));
}
echo $tpl->fetch();
exit;
}
if (isset($_REQUEST['json']) && $_REQUEST['json'] == 'delete') {
$res = sql::query("\r\n\t\t\t\t\t\tSELECT \r\n\t\t\t\t\t\t\t* \r\n\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_files \r\n\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND \r\n\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "' AND \r\n\t\t\t\t\t\t\tfilename='" . addslashes($_POST['delete']) . "'\r\n\t\t\t\t\t");
if ($row = sql::fetch_array($res)) {
$directory = _BASE_MEDIA_ . 'files/';
if (file_exists($directory . $row['filename'])) {
unlink($directory . $row['filename']);
}
$res = sql::query("\r\n\t\t\t\t\t\t\tDELETE FROM \r\n\t\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_files \r\n\t\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND \r\n\t\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "' AND \r\n\t\t\t\t\t\t\t\tfilename='" . addslashes($row['filename']) . "'\r\n\t\t\t\t\t\t");
}
// Mark this action as a modification
revisions::updateModificationDate($data['params']['id'], $data['params']['revision']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_REQUEST['files']) && is_array($_REQUEST['files'])) {
// Update title and position
while (list($id, $file) = each($_REQUEST['files'])) {
$res = sql::query("\r\n\t\t\t\t\t\t\t\tUPDATE\r\n\t\t\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_files \r\n\t\t\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t\t\ttitle='" . addslashes($file['title']) . "',\r\n\t\t\t\t\t\t\t\t\tposition='" . addslashes($file['position']) . "'\r\n\t\t\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\t\t\tID='" . $data['params']['id'] . "' AND \r\n\t\t\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "' AND \r\n\t\t\t\t\t\t\t\t\tfilename='" . addslashes($id) . "'\r\n\t\t\t\t\t\t\t");
}
// Mark this action as a modification
revisions::updateModificationDate($data['params']['id'], $data['params']['revision']);
}
if (isset($_FILES['Filedata'])) {
$flashUsed = preg_match('/Flash/i', $_SERVER['HTTP_USER_AGENT']);
if ($_FILES['Filedata']['error'] == UPLOAD_ERR_OK && is_uploaded_file($_FILES['Filedata']['tmp_name'])) {
$directory = _BASE_MEDIA_ . 'files/';
$original = $_FILES['Filedata']['name'];
$contenttype = files::getCleanContentType($_FILES['Filedata']['type'], $_FILES['Filedata']['name']);
$filename = files::getUniqueName($contenttype, $directory);
if (files::allowedContentType($contenttype)) {
// Insert into database...
@move_uploaded_file($_FILES['Filedata']['tmp_name'], $directory . $filename);
$attachment = $data['sheet'] == 'files' ? 0 : 1;
$res = sql::query("\r\n\t\t\t\t\t\t\t\t\tSELECT \r\n\t\t\t\t\t\t\t\t\t\t*\r\n\t\t\t\t\t\t\t\t\tFROM\r\n\t\t\t\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_files \r\n\t\t\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\t\t\tID = " . $data['params']['id'] . " AND\r\n\t\t\t\t\t\t\t\t\t\trevision = " . $data['params']['revision'] . " AND\r\n\t\t\t\t\t\t\t\t\t\tattachment = " . $attachment . "\r\n\t\t\t\t\t\t\t\t\tORDER BY\r\n\t\t\t\t\t\t\t\t\t\tposition DESC\r\n\t\t\t\t\t\t\t\t\tLIMIT 1\r\n\t\t\t\t\t\t\t\t");
if ($row = sql::fetch_array($res)) {
$position = $row['position'] + 1;
} else {
$position = 0;
}
$res = sql::query("\r\n\t\t\t\t\t\t\t\t\tINSERT INTO \r\n\t\t\t\t\t\t\t\t\t\t" . _TABLE_PREFIX_ . "contents_files \r\n\t\t\t\t\t\t\t\t\tSET \r\n\t\t\t\t\t\t\t\t\t\tID='" . $data['params']['id'] . "', \r\n\t\t\t\t\t\t\t\t\t\trevision='" . $data['params']['revision'] . "', \r\n\t\t\t\t\t\t\t\t\t\tfilename='" . addslashes($filename) . "', \r\n\t\t\t\t\t\t\t\t\t\tname='" . addslashes($original) . "',\r\n\t\t\t\t\t\t\t\t\t\ttype='" . addslashes($contenttype) . "', \r\n\t\t\t\t\t\t\t\t\t\ttitle='" . addslashes($original) . "',\r\n\t\t\t\t\t\t\t\t\t\tsize='" . addslashes($_FILES['Filedata']['size']) . "',\r\n\t\t\t\t\t\t\t\t\t\tposition='" . $position . "',\r\n\t\t\t\t\t\t\t\t\t\tattachment='" . $attachment . "',\r\n\t\t\t\t\t\t\t\t\t\tmodified=NOW()\r\n\t\t\t\t\t\t\t\t");
// Mark this action as a modification
revisions::updateModificationDate($data['params']['id'], $data['params']['revision']);
if (!$flashUsed) {
header("Location: " . url::item($data['params']['id'], 'edit') . "/" . $data['sheet'] . "?revision=" . $data['params']['revision']);
} else {
// Workaround for a Flash bug on OS X.. We need to send back content... any content will do
echo " ";
flush();
}
} else {
if ($flashUsed) {
header("HTTP/1.1 415 Unsupported Media Type");
header("Status: 415 Unsupported Media Type");
} else {
header("Location: " . url::item($data['params']['id'], 'edit') . "/" . $data['sheet'] . "?revision=" . $data['params']['revision']);
}
}
exit;
} else {
switch ($_FILES['Filedata']['error']) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
if ($flashUsed) {
header("HTTP/1.1 413 Request Entity Too Large");
header("Status: 413 Request Entity Too Large");
} else {
header("Location: " . url::item($data['params']['id'], 'edit') . "/" . $data['sheet'] . "?revision=" . $data['params']['revision']);
}
break;
case UPLOAD_ERR_NO_FILE:
case UPLOAD_ERR_PARTIAL:
if ($flashUsed) {
header("HTTP/1.1 400 Bad Request");
header("Status: 400 Bad Request");
} else {
header("Location: " . url::item($data['params']['id'], 'edit') . "/" . $data['sheet'] . "?revision=" . $data['params']['revision']);
}
break;
case UPLOAD_ERR_NO_TMP_DIR:
case UPLOAD_ERR_CANT_WRITE:
case UPLOAD_ERR_EXTENSION:
default:
if ($flashUsed) {
header("HTTP/1.1 500 Internal Error");
header("Status: 500 Internal Error");
} else {
header("Location: " . url::item($data['params']['id'], 'edit') . "/" . $data['sheet'] . "?revision=" . $data['params']['revision']);
}
break;
}
exit;
}
}
header("Location: " . url::item($data['params']['id'], 'edit') . "/" . $data['sheet'] . "?revision=" . $data['params']['revision']);
exit;
}
$tpl = new Template($this->getTemplate('editor.template'));
if ($data['sheet'] == 'files') {
$tpl->set("files", $this->_files_list($data['params']['id'], $data['params']['revision']));
} else {
$tpl->set("files", $this->_attachments_list($data['params']['id'], $data['params']['revision']));
}
$tpl->set("id", $data['params']['id']);
$tpl->set("revision", $data['params']['revision']);
$tpl->set("filemask", files::getFilemask());
$tpl->set("ticket", ticket::generate($data['params']['id']));
$tpl->set("sheet", $data['sheet']);
$data['template']->append('content', $tpl->fetch());
// Make sure the following assets are included
$data['page']->assets->registerJavascript('/core/assets/javascript/plugin.js');
$data['page']->assets->registerJavascript('/core/assets/javascript/flash.js');
$data['page']->assets->registerJavascript('/core/assets/javascript/upload.js');
$data['page']->assets->registerJavascript('/core/assets/javascript/progress.js');
$data['page']->assets->registerCSS($this->localAsset('editor.css'));
$data['page']->assets->registerJavascript($this->localAsset('editor.js'));
}
}
<?php
/*
* Author: Sari Haj Hussein
*/
session_start();
if (!isset($_SESSION['login']) || $_SESSION['login'] != "yes" || $_SESSION['login'] == "") {
header("Location: login.php");
exit;
}
require_once 'classes/ticket.php';
require_once 'classes/user.php';
require_once 'classes/reply.php';
require_once 'classes/staff.php';
require_once 'functions.php';
$ticket = new ticket();
$ticket->db_open();
$user = new user();
$user->db_open();
if (isset($_GET['tid']) && filter_var($_GET['tid'], FILTER_VALIDATE_INT)) {
$tid = $_GET['tid'];
} else {
$tid = '0';
}
if ($_SESSION['userlevel'] != 1 && $_SESSION['userlevel'] != "") {
$admin = true;
} else {
$admin = false;
}
if (isset($_POST['action']) && $_POST['action'] == 'Delete' && $admin) {
$staff = new staff();
while ($row2 = $db->fetch_array($andere)) {
$subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int) $row2['id']);
$lastchange = date("d.m.Y H:i\\h", $subticket->Get('lastchange'));
if ($subticket->Get('by') == '1') {
$by = $lng['ticket']['staff'];
} else {
$by = $lng['ticket']['customer'];
}
$subject = htmlentities($subticket->Get('subject'));
$message = htmlentities($subticket->Get('message'));
eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
}
$priorities = makeoption($lng['ticket']['high'], '1', htmlentities($mainticket->Get('priority')), true, true);
$priorities .= makeoption($lng['ticket']['normal'], '2', htmlentities($mainticket->Get('priority')), true, true);
$priorities .= makeoption($lng['ticket']['low'], '3', htmlentities($mainticket->Get('priority')), true, true);
$subject = htmlentities($mainticket->Get('subject'));
$ticket_replies_count = $db->num_rows($andere) + 1;
// don't forget the main-ticket!
eval("echo \"" . getTemplate("tickets/tickets_view") . "\";");
} elseif ($action == 'delete' && $id != 0) {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int) $id);
$log->logAction(ADM_ACTION, LOG_INFO, "deleted archived ticket '" . $mainticket->Get('subject') . "'");
$mainticket->Delete();
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int) $id);
ask_yesno('ticket_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
}
}
}
?>
<div class="page-header">
<h1>Scanned ticket log</h1>
</div>
<?php
$limit = 30;
if (isset($_GET['page'])) {
$page = $_GET['page'];
$offset = $page * $limit;
} else {
$page = 0;
$offset = 0;
}
$ticket = new ticket();
$logs = $ticket->getLogs($offset, $limit);
$rows = $logs->total;
$pages = ceil($rows / $limit);
$i = 0;
$nextpage = $page + 1;
$prevpage = $page - 1;
$logs = $logs->logs;
if ($pages > 1) {
?>
<ul class='pagination'>
<?php
if ($prevpage >= 0) {
?>
<li><a href="?page=<?php
inserttask('1');
// Using nameserver, insert a task which rebuilds the server config
inserttask('4');
if (isset($_POST['delete_userfiles']) && (int) $_POST['delete_userfiles'] == 1) {
inserttask('6', $result['loginname']);
}
// Using filesystem - quota, insert a task which cleans the filesystem - quota
inserttask('10');
/*
* move old tickets to archive
*/
$tickets = ticket::customerHasTickets($id);
if ($tickets !== false && isset($tickets[0])) {
foreach ($tickets as $ticket) {
$now = time();
$mainticket = ticket::getInstanceOf($userinfo, (int) $ticket);
$mainticket->Set('lastchange', $now, true, true);
$mainticket->Set('lastreplier', '1', true, true);
$mainticket->Set('status', '3', true, true);
$mainticket->Update();
$mainticket->Archive();
$log->logAction(ADM_ACTION, LOG_NOTICE, "archived ticket '" . $mainticket->Get('subject') . "'");
}
}
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
ask_yesno_withcheckbox('admin_customer_reallydelete', 'admin_customer_alsoremovefiles', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']);
}
}
} elseif ($action == 'add') {
if ($userinfo['customers_used'] < $userinfo['customers'] || $userinfo['customers'] == '-1') {
public function set_bonus($id, $page = 1)
{
/* 权限检查 订单列表 */
role::check('order_list');
if (empty($id)) {
remind::set(Kohana::lang('o_global.bad_request'), 'order/ticketnum/');
}
$ticketobj = ticket::get_instance();
$result = $ticketobj->get($id);
if (empty($result)) {
remind::set(Kohana::lang('o_global.bad_request'), 'order/ticketnum/');
}
//提交操作
if (!empty($_POST)) {
tool::filter_strip_tags($_POST);
$bonus = $_POST['money'];
$num = $_POST['num'];
$password = $_POST['password'];
$flag = $ticketobj->update_bonus($id, $bonus, $num, $password, $this->manager_id);
$addchar = '成功';
if (!$flag) {
$addchar = '失败';
}
//添加日志
$logs_data = array();
$logs_data['manager_id'] = $this->manager_id;
$logs_data['user_log_type'] = 28;
$logs_data['ip'] = tool::get_long_ip();
$logs_data['memo'] = "为id:{$result['id']}的彩票录入奖金:{$bonus}{$addchar}";
ulog::instance()->add($logs_data);
if ($flag) {
remind::set("成功为id:{$result['id']}的彩票录入奖金:{$bonus}", '/order/ticketnum/index/hasticket/?page=' . $page, 'success');
} else {
remind::set("为id:{$result['id']}的彩票录入奖金:{$bonus}失败", '/order/ticketnum/?page=' . $page, 'error');
}
}
if ($result['status'] != 1 && !($result['status'] == 2 && $result['bonus'] == -9999)) {
remind::set(Kohana::lang('o_global.bad_request'), 'order/ticketnum/');
}
//获取更多信息
$result['plan'] = plan::get_instance()->get_plan_by_tid($result['plan_id'], $result['ticket_type']);
$result['user'] = user::get_instance()->get($result['plan']['user_id']);
$result['manager'] = '';
if (!empty($result['manager_id'])) {
$manager = Mymanager::instance($result['manager_id'])->get();
$result['manager'] = $manager['username'];
}
$this->template->content = new View("order/order_set_bonus", $result);
}
function delete($VAR)
{
$db =& DB();
global $C_auth, $C_list;
# set the id
$id = $this->table . '_id';
# generate the list of ID's
$id_list = '';
$account_id_list = '';
$discount_id_list = '';
$ii = 0;
if (isset($VAR["delete_id"])) {
$id = explode(',', $VAR["delete_id"]);
} elseif (isset($VAR["id"])) {
$id = explode(',', $VAR["id"]);
}
for ($i = 0; $i < count($id); $i++) {
if ($id[$i] != '') {
### is current account auth to delete this account?
### Get any authorized groups:
$db =& DB();
$sql = 'SELECT group_id FROM ' . AGILE_DB_PREFIX . 'account_group WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
account_id = ' . $db->qstr($id[$i]) . '
ORDER BY group_id';
$groups = $db->Execute($sql);
while (!$groups->EOF) {
$group[] = $groups->fields['group_id'];
$groups->MoveNext();
}
### Verify the user has access to view this account:
$delete_this = true;
if (!empty($group) && is_array($group)) {
for ($ix = 0; $ix < count($group); $ix++) {
if (!$C_auth->auth_group_by_id($group[$ix])) {
$delete_this = false;
$ix = count($group);
}
}
}
unset($group);
### Verify this is not the admin account or the current user's account:
if (SESS_ACCOUNT == $id[$i] || $id[$i] == '1') {
$delete_this = false;
}
### Generate the SQL
if ($delete_this) {
if ($i == 0) {
$id_list .= " id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$account_id_list .= " account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$discount_id_list .= " account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$ii++;
} else {
$id_list .= " OR id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$account_id_list .= " OR account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$discount_id_list .= " OR account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " ";
$ii++;
}
####################################################################
### Do any db_mapping
####################################################################
$dbsql = "SELECT username FROM " . AGILE_DB_PREFIX . "account WHERE\n\t\t\t\t\t\t\t site_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\t\t\t id = " . $db->qstr($id[$i]);
$resultdb = $db->Execute($dbsql);
$old_username = $resultdb->fields['username'];
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
$db_map->account_delete($id[$i], $old_username);
}
}
}
}
$db =& DB();
if ($ii > 0) {
# generate the full query (account)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "account\n\t\t\t\t WHERE {$id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
# generate the full query (sessions)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "session\n\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (account_billing)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "account_billing\n\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (account_group)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (cart)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "cart\n\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (search)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "search\n\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (staff)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "staff\n\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (ticket)
if ($C_list->is_installed('ticket')) {
$q = "SELECT id FROM " . AGILE_DB_PREFIX . "ticket\n\t\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$ticket = $db->Execute($q);
if ($ticket != false && $ticket->RecordCount() > 0) {
while (!$ticket->EOF) {
include_once PATH_MODULES . 'ticket/ticket.inc.php';
$tk = new ticket();
$arr['id'] = $ticket->fields['id'];
$tk->delete($arr, $tk);
$ticket->MoveNext();
}
}
}
# generate the full query (affiliate)
if ($C_list->is_installed('affiliate')) {
$q = "DELETE FROM " . AGILE_DB_PREFIX . "affiliate\n\t\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
}
# generate the full query (discount)
$q = "DELETE FROM " . AGILE_DB_PREFIX . "discount\n\t\t\t\t WHERE {$discount_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# generate the full query (invoice)
$q = "SELECT id FROM " . AGILE_DB_PREFIX . "invoice\n\t\t\t\t WHERE {$account_id_list} AND site_id = " . $db->qstr(DEFAULT_SITE);
$invoice = $db->Execute($q);
if ($invoice != false && $invoice->RecordCount() > 0) {
while (!$invoice->EOF) {
include_once PATH_MODULES . 'invoice/invoice.inc.php';
$inv = new invoice();
$arr['id'] = $invoice->fields['id'];
$inv->delete($arr, $inv);
$invoice->MoveNext();
}
}
# error reporting
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php', 'delete', $db->ErrorMsg());
} else {
# Alert delete message
global $C_debug, $C_translate;
$C_translate->value["CORE"]["module_name"] = $C_translate->translate('name', 'account_admin', "");
$message = $C_translate->translate('alert_delete_ids', "CORE", "");
$C_debug->alert($message);
}
}
}
function action_view($args)
{
global $manager, $tree, $config, $user, $lang;
// If no arguments are provided redirect
if (!count($args)) {
$id = $tree->getHome();
if (!is_null($id)) {
header('Location: ' . url::item($id));
exit;
}
// There are no pages
$id = 0;
$type = '';
$ext = '';
$item = null;
if ($user->admin()) {
// Allow admins to add pages...
$action = 'edit';
$page = new admin();
// Notify plugins of a PreSkinParse event;
$data = array('page' => &$page, 'template' => &$page->template, 'type' => $type, 'params' => array('action' => $action, 'id' => $id, 'ext' => $ext, 'args' => $args));
$manager->handleEvent('PreSkinParse', $data);
$page->show();
exit;
} else {
if ($lang->id != _DEFAULT_LANGUAGE_) {
// Redirect to the default language
header('Location: ' . url::language(_DEFAULT_LANGUAGE_));
} else {
// Show error message that website is offline
$config = new config();
$lang = new language(_DEFAULT_LANGUAGE_, _DEFAULT_SITE_, true);
$page = new theme();
$page->showError(_OFFLINE_MESSAGE_, 4);
}
}
} else {
// Decode argumenst
$id = array_shift($args);
// Check if the id contains an file extension
if (preg_match('/(.*)\\.([a-z0-9]+)$/i', $id, $matches)) {
$id = $matches[1];
$ext = $matches[2];
} else {
$ext = '';
}
// Load the page
$item =& $tree->getItemById($id);
$id = $item['id'];
$type = $item['type'];
$action = 'view';
// Setup Theme
$page = new theme($id, $type);
}
// Notify plugins of a PreSkinParse event;
$data = array('page' => &$page, 'template' => &$page->template, 'type' => $type, 'params' => array('action' => $action, 'id' => $id, 'ext' => $ext, 'args' => $args));
$manager->handleEvent('PreSkinParse', $data);
// Handle authorisation
$ticket = false;
if (isset($_REQUEST['ticket'])) {
if (ticket::authorize($_REQUEST['ticket']) == $data['params']['id']) {
$ticket = true;
}
}
if ($ticket || $tree->_hasRights('view', $item['rights'])) {
$page->title->set($item['name']);
if ($item['title'] != '') {
$page->title->set($item['title']);
}
$manager->handleType($type, $data);
$page->template->set('action', $action);
$page->template->set('id', $id);
$page->template->set('slug', isset($item['slug']) ? $item['slug'] : '');
$page->template->set('type', $type);
if (isset($item)) {
if (!isset($manager->types[$item['type']]['generated']) || !$manager->types[$item['type']]['generated']) {
if ($config->get('showLastModified')) {
$page->template->set('modified', revisions::getModificationDate($id, $item['revision']));
}
}
}
} else {
if ($config->get('redirectToLogin') && $user->anonymous()) {
array_unshift($args, $id);
$manager->handleAction('login', $args);
//header ('Location: ' . url::item($id, 'login'));
exit;
} else {
$page->template->set('error', $lang->s('notenoughrights'));
}
}
$page->show();
}
<?php
/*
* Author: Sari Haj Hussein
*/
//Check login session.
session_start();
if (!isset($_SESSION['login']) || $_SESSION['login'] != "yes" || $_SESSION['login'] == "") {
header("Location: login.php");
exit;
}
require_once 'classes/ticket.php';
require_once 'functions.php';
$ticket = new ticket();
$ticket->db_open();
if (isset($_GET['page']) && filter_var($_GET['page'], FILTER_VALIDATE_INT)) {
$page = $_GET['page'];
} else {
$page = 0;
}
if ($_SESSION['userlevel'] != 1) {
$admin = true;
} else {
$admin = false;
}
if (isset($_GET['search'])) {
$gettickets = $ticket->search_tickets($_GET['search'], $page, $admin, $_SESSION['uid']);
} elseif (isset($_GET['from']) && isset($_GET['to'])) {
$pattern = '^(\\d{4})\\D?(0[1-9]|1[0-2])\\D?([12]\\d|0[1-9]|3[01])$^';
if (preg_match($pattern, $_GET['from']) && preg_match($pattern, $_GET['to'])) {
$day = 86400;
<?php
require_once 'inc/bootstrap.php';
$scanner = new scanner();
$ticket = new ticket();
$returnCodes = array(0 => 'Invalid Ticket ID', 1 => 'Duplicate Scan', 2 => 'Missing username', 3 => 'Success (cleared to enter)');
$col = TICKET_COL;
$user = filter_input(INPUT_GET, 'user', FILTER_SANITIZE_SPECIAL_CHARS);
$barcode = $ticket->sanitizeBarcode(filter_input(INPUT_POST, 'ticket', FILTER_SANITIZE_SPECIAL_CHARS));
if (!$user) {
$return = json_encode(array('message' => "No username specified", 'code' => 2));
$scanner->logEvent("NU", "Tried to scan without a username");
return;
}
if ($barcode) {
$return = $ticket->scanTicket($barcode, $user);
} else {
$return = json_encode(array('message' => "Barcode cannot be empty", 'code' => 2));
}
if (isset($_GET['barcode']) && is_admin()) {
$return = $ticket->scanTicket($_GET['barcode'], $_GET['user']);
}
if (isset($_GET['format'])) {
require_once 'header.php';
?>
<div class="jumbotron">
<h1>Ready to scan</h1>
<input id="username" name="username" placeholder="Who are you" />
<input id="ticket" name="ticket" placeholder="Barcode" />
</div>
<div class="panel panel-default hide" id="ticketInfo">