function createNote($ext_id) { global $thisstaff; if (!$thisstaff) { Http::response(403, "Login required"); } elseif (!isset($_POST['note']) || !$_POST['note']) { Http::response(422, "Send `note` parameter"); } elseif (!($note = QuickNote::create(array('staff_id' => $thisstaff->getId(), 'body' => Format::sanitize($_POST['note']), 'created' => new SqlFunction('NOW'), 'ext_id' => $ext_id)))) { Http::response(500, "Unable to create new note"); } elseif (!$note->save(true)) { Http::response(500, "Unable to create new note"); } $show_options = true; include STAFFINC_DIR . 'templates/note.tmpl.php'; }
function htmlchars($var, $sanitize = false) { static $phpversion = null; if (is_array($var)) { return array_map(array('Format', 'htmlchars'), $var); } if ($sanitize) { $var = Format::sanitize($var); } if (!isset($phpversion)) { $phpversion = phpversion(); } $flags = ENT_COMPAT; if ($phpversion >= '5.4.0') { $flags |= ENT_HTML401; } try { return htmlspecialchars((string) $var, $flags, 'UTF-8', false); } catch (Exception $e) { return $var; } }
static function fromVars($vars, $update = false) { // Try and lookup by email address $user = static::lookupByEmail($vars['email']); if (!$user) { $name = $vars['name']; if (!$name) { list($name) = explode('@', $vars['email'], 2); } $user = User::create(array('name' => Format::htmldecode(Format::sanitize($name, false)), 'created' => new SqlFunction('NOW'), 'updated' => new SqlFunction('NOW'), 'default_email' => UserEmail::ensure($vars['email']))); // Is there an organization registered for this domain list($mailbox, $domain) = explode('@', $vars['email'], 2); if (isset($vars['org_id'])) { $user->set('org_id', $vars['org_id']); } elseif ($org = Organization::forDomain($domain)) { $user->setOrganization($org, false); } try { $user->save(true); $user->emails->add($user->default_email); // Attach initial custom fields $user->addDynamicData($vars); } catch (OrmException $e) { return null; } } elseif ($update) { $errors = array(); $user->updateInfo($vars, $errors, true); } /* INICIO Anthony Parisi */ if (isset($_SESSION["crmEmail"])) { $mysqli = new mysqli("localhost", "root", "ip15x0", "vtigercrm600"); $sqlUser = $mysqli->query("SELECT MAX(id) FROM `vtigercrm600`.vtiger_modtracker_detail;"); $resUser = $sqlUser->fetch_array(); $mysqli->query("UPDATE `vtigercrm600`.`vtiger_contactdetails` SET `mobile` = '" . $_SESSION["crmPhone"] . "' WHERE UPPER(`vtiger_contactdetails`.`email`) = UPPER('" . $_SESSION["crmEmail"] . "');"); $mysqli->query("INSERT INTO `vtigercrm600`.vtiger_modtracker_detail(id,fieldname,prevalue,postvalue) VALUES('" . $resUser[0] . "','email',NULL,'" . $_SESSION["crmPhone"] . "');"); unset($_SESSION["crmEmail"]); unset($_SESSION["crmPhone"]); } /* FIN */ return $user; }
function save($refetch = false) { if (count($this->dirty)) { $this->set('updated', new SqlFunction('NOW')); } if (isset($this->dirty['notes'])) { $this->notes = Format::sanitize($this->notes); } return parent::save($refetch); }
function save($id, $vars, &$errors, $allowempty = false) { //Cleanup. $vars['name'] = Format::striptags(trim($vars['name'])); //validate if ($id && $id != $vars['id']) { $errors['err'] = __('Internal error. Try again'); } if (!$vars['type']) { $errors['type'] = __('Type is required'); } if (!$vars['name']) { $errors['name'] = __('Name is required'); } elseif (($pid = self::getIdByName($vars['name'])) && $pid != $id) { $errors['name'] = __('Name already exists'); } if (!$vars['body'] && !$allowempty) { $errors['body'] = __('Page body is required'); } if ($errors) { return false; } //save $sql = ' updated=NOW() ' . ', `type`=' . db_input($vars['type']) . ', name=' . db_input($vars['name']) . ', body=' . db_input(Format::sanitize($vars['body'])) . ', isactive=' . db_input($vars['isactive'] ? 1 : 0) . ', notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . PAGE_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this site page')); } else { $sql = 'INSERT INTO ' . PAGE_TABLE . ' SET ' . $sql . ', created=NOW()'; if (!db_query($sql) || !($id = db_insert_id())) { $errors['err'] = sprintf(__('Unable to create %s.'), __('this site page')) . ' ' . __('Internal error occurred'); return false; } $sql = 'UPDATE ' . PAGE_TABLE . ' SET `content_id`=`id`' . ' WHERE id=' . db_input($id); if (!db_query($sql)) { return false; } return $id; } return false; }
function save($id, $vars, &$errors) { if (!$vars['subject']) { $errors['subject'] = 'Message subject is required'; } if (!$vars['body']) { $errors['body'] = 'Message body is required'; } if (!$id) { if (!$vars['tpl_id']) { $errors['tpl_id'] = 'Template set is required'; } if (!$vars['code_name']) { $errors['code_name'] = 'Code name is required'; } } if ($errors) { return false; } $vars['body'] = Format::sanitize($vars['body'], false); if ($id) { $sql = 'UPDATE ' . EMAIL_TEMPLATE_TABLE . ' SET updated=NOW() ' . ', subject=' . db_input($vars['subject']) . ', body=' . db_input($vars['body']) . ' WHERE id=' . db_input($this->getId()); return db_query($sql); } else { $sql = 'INSERT INTO ' . EMAIL_TEMPLATE_TABLE . ' SET created=NOW(), updated=NOW(), tpl_id=' . db_input($vars['tpl_id']) . ', code_name=' . db_input($vars['code_name']) . ', subject=' . db_input($vars['subject']) . ', body=' . db_input($vars['body']); if (db_query($sql) && ($id = db_insert_id())) { return $id; } } return null; }
function save($id, $vars, &$errors) { $vars['username'] = Format::striptags($vars['username']); $vars['firstname'] = Format::striptags($vars['firstname']); $vars['lastname'] = Format::striptags($vars['lastname']); if ($id && $id != $vars['id']) { $errors['err'] = __('Internal Error'); } if (!$vars['firstname']) { $errors['firstname'] = __('First name required'); } if (!$vars['lastname']) { $errors['lastname'] = __('Last name required'); } $error = ''; if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) { $errors['username'] = $error ? $error : __('Username is required'); } elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) { $errors['username'] = __('Username already in use'); } if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) { $errors['email'] = __('Valid email is required'); } elseif (Email::getIdByEmail($vars['email'])) { $errors['email'] = __('Already in use system email'); } elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) { $errors['email'] = __('Email already in use by another agent'); } if ($vars['phone'] && !Validator::is_phone($vars['phone'])) { $errors['phone'] = __('Valid phone number is required'); } if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) { $errors['mobile'] = __('Valid phone number is required'); } if ($vars['passwd1'] || $vars['passwd2'] || !$id) { if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = __('Passwords do not match'); } elseif ($vars['backend'] != 'local' || $vars['welcome_email']) { // Password can be omitted } elseif (!$vars['passwd1'] && !$id) { $errors['passwd1'] = __('Temporary password is required'); $errors['temppasswd'] = __('Required'); } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = __('Password must be at least 6 characters'); } } if (!$vars['dept_id']) { $errors['dept_id'] = __('Department is required'); } if (!$vars['group_id']) { $errors['group_id'] = __('Group is required'); } if (!$vars['timezone_id']) { $errors['timezone_id'] = __('Time zone selection is required'); } // Ensure we will still have an administrator with access if ($vars['isadmin'] !== '1' || $vars['isactive'] !== '1') { $sql = 'select count(*), max(staff_id) from ' . STAFF_TABLE . ' WHERE isadmin=1 and isactive=1'; if (($res = db_query($sql)) && (list($count, $sid) = db_fetch_row($res))) { if ($count == 1 && $sid == $id) { $errors['isadmin'] = __('Cowardly refusing to remove or lock out the only active administrator'); } } } if ($errors) { return false; } $sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes'])); if ($vars['passwd1']) { $sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1'])); if (isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=1'; } } elseif (!isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=0'; } if ($id) { $sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this agent')) . ' ' . __('Internal error occurred'); } else { $sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()'; if (db_query($sql) && ($uid = db_insert_id())) { return $uid; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this agent')) . ' ' . __('Internal error occurred'); } return false; }
function save($id, $vars, &$errors) { // Required fields if (!$vars['namespace'] || !isset($vars['body']) || !isset($vars['staff_id'])) { return false; } $sql = ' SET `namespace`=' . db_input($vars['namespace']) . ' ,body=' . db_input(Format::sanitize($vars['body'], false)) . ' ,staff_id=' . db_input($vars['staff_id']); if (!$id) { $sql = 'INSERT INTO ' . DRAFT_TABLE . $sql . ' ,created=NOW()'; if (!db_query($sql) || !($draft = self::lookup(db_insert_id()))) { return false; } // Cloned attachments... if ($vars['attachments'] && is_array($vars['attachments'])) { $draft->attachments->upload($vars['attachments'], true); } return $draft; } else { $sql = 'UPDATE ' . DRAFT_TABLE . $sql . ' WHERE id=' . db_input($id); if (db_query($sql) && db_affected_rows() == 1) { return $this; } } }
function log($priority, $title, $message, $alert = false, $force = false) { //We are providing only 3 levels of logs. Windows style. switch ($priority) { case LOG_EMERG: case LOG_ALERT: case LOG_CRIT: case LOG_ERR: $level = 1; //Error break; case LOG_WARN: case LOG_WARNING: $level = 2; //Warning break; case LOG_NOTICE: case LOG_INFO: case LOG_DEBUG: default: $level = 3; //Debug } $loglevel = array(1 => 'Error', 'Warning', 'Debug'); $info = array('title' => &$title, 'level' => $loglevel[$level], 'level_id' => $level, 'body' => &$message); Signal::send('syslog', null, $info); //Logging everything during upgrade. if ($this->getConfig()->getLogLevel() < $level && !$force) { return false; } //Alert admin if enabled... if ($alert && $this->getConfig()->getLogLevel() >= $level) { $this->alertAdmin($title, $message); } //Save log based on system log level settings. $sql = 'INSERT INTO ' . SYSLOG_TABLE . ' SET created=NOW(), updated=NOW() ' . ',title=' . db_input(Format::sanitize($title, true)) . ',log_type=' . db_input($loglevel[$level]) . ',log=' . db_input(Format::sanitize($message, false)) . ',ip_address=' . db_input($_SERVER['REMOTE_ADDR']); db_query($sql, false); return true; }
function save($id, $vars, &$errors) { global $cfg; $vars['title'] = Format::striptags(trim($vars['title'])); if ($id && $id != $vars['id']) { $errors['err'] = __('Internal error. Try again'); } if (!$vars['title']) { $errors['title'] = __('Title required'); } elseif (strlen($vars['title']) < 3) { $errors['title'] = __('Title is too short. 3 chars minimum'); } elseif (($cid = self::getIdByTitle($vars['title'])) && $cid != $id) { $errors['title'] = __('Title already exists'); } if (!$vars['response']) { $errors['response'] = __('Response text is required'); } if ($errors) { return false; } $sql = ' updated=NOW() ' . ',dept_id=' . db_input($vars['dept_id'] ?: 0) . ',isenabled=' . db_input($vars['isenabled']) . ',title=' . db_input($vars['title']) . ',response=' . db_input(Format::sanitize($vars['response'])) . ',notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . CANNED_TABLE . ' SET ' . $sql . ' WHERE canned_id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this canned response')); } else { $sql = 'INSERT INTO ' . CANNED_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this canned response')) . ' ' . __('Internal error occurred'); } return false; }
function getClean() { return trim($this->body, " <>br/\t\n\r") ? Format::sanitize($this->body) : ''; }
static function fromVars($vars) { // Try and lookup by email address $user = static::lookupByEmail($vars['email']); if (!$user) { $name = $vars['name']; if (!$name) { list($name) = explode('@', $vars['email'], 2); } $user = User::create(array('name' => Format::htmldecode(Format::sanitize($name, false)), 'created' => new SqlFunction('NOW'), 'updated' => new SqlFunction('NOW'), 'default_email' => UserEmail::ensure($vars['email']))); // Is there an organization registered for this domain list($mailbox, $domain) = explode('@', $vars['email'], 2); if (isset($vars['org_id'])) { $user->set('org_id', $vars['org_id']); } elseif ($org = Organization::forDomain($domain)) { $user->setOrganization($org, false); } try { $user->save(true); $user->emails->add($user->default_email); // Attach initial custom fields $user->addDynamicData($vars); } catch (OrmException $e) { return null; } } return $user; }
function create($vars) { global $cfg; //Must have... if (!$vars['ticketId'] || !$vars['type'] || !in_array($vars['type'], array('M', 'R', 'N'))) { return false; } $sql = ' INSERT INTO ' . TICKET_THREAD_TABLE . ' SET created=NOW() ' . ' ,thread_type=' . db_input($vars['type']) . ' ,ticket_id=' . db_input($vars['ticketId']) . ' ,title=' . db_input(Format::sanitize($vars['title'], true)) . ' ,body=' . db_input(Format::sanitize($vars['body'], true)) . ' ,staff_id=' . db_input($vars['staffId']) . ' ,poster=' . db_input($vars['poster']) . ' ,source=' . db_input($vars['source']); if (isset($vars['pid'])) { $sql .= ' ,pid=' . db_input($vars['pid']); } elseif (isset($vars['reply_to']) && $vars['reply_to'] instanceof ThreadEntry) { $sql .= ' ,pid=' . db_input($vars['reply_to']->getId()); } if ($vars['ip_address']) { $sql .= ' ,ip_address=' . db_input($vars['ip_address']); } //echo $sql; if (!db_query($sql) || !($entry = self::lookup(db_insert_id(), $vars['ticketId']))) { return false; } /************* ATTACHMENTS *****************/ //Upload/save attachments IF ANY if ($vars['files']) { //expects well formatted and VALIDATED files array. $entry->uploadFiles($vars['files']); } //Emailed or API attachments if ($vars['attachments']) { $entry->importAttachments($vars['attachments']); } //Canned attachments... if ($vars['cannedattachments'] && is_array($vars['cannedattachments'])) { $entry->saveAttachments($vars['cannedattachments']); } // Email message id (required for all thread posts) if (!isset($vars['mid'])) { $vars['mid'] = sprintf('<%s@%s>', Misc::randCode(24), substr(md5($cfg->getUrl()), -10)); } $entry->saveEmailInfo($vars); return $entry; }
function save($id, $vars, &$errors) { if (!$vars['grace_period']) { $errors['grace_period'] = __('Grace period required'); } elseif (!is_numeric($vars['grace_period'])) { $errors['grace_period'] = __('Numeric value required (in hours)'); } if (!$vars['name']) { $errors['name'] = __('Name is required'); } elseif (($sid = SLA::getIdByName($vars['name'])) && $sid != $id) { $errors['name'] = __('Name already exists'); } if ($errors) { return false; } $sql = ' updated=NOW() ' . ',isactive=' . db_input($vars['isactive']) . ',name=' . db_input($vars['name']) . ',grace_period=' . db_input($vars['grace_period']) . ',disable_overdue_alerts=' . db_input(isset($vars['disable_overdue_alerts']) ? 1 : 0) . ',enable_priority_escalation=' . db_input(isset($vars['enable_priority_escalation']) ? 1 : 0) . ',notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . SLA_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this SLA plan')) . ' ' . __('Internal error occurred'); } else { if (isset($vars['id'])) { $sql .= ', id=' . db_input($vars['id']); } $sql = 'INSERT INTO ' . SLA_TABLE . ' SET ' . $sql . ',created=NOW() '; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = sprintf(__('Unable to add %s.'), __('this SLA plan')) . ' ' . __('Internal error occurred'); } return false; }
$email=null; if(!$_POST['email_id'] || !($email=Email::lookup($_POST['email_id']))) $errors['email_id']=__('Select from email address'); if(!$_POST['email'] || !Validator::is_valid_email($_POST['email'])) $errors['email']=__('Valid recipient email address required'); if(!$_POST['subj']) $errors['subj']=__('Subject required'); if(!$_POST['message']) $errors['message']=__('Message required'); if(!$errors && $email){ if($email->send($_POST['email'],$_POST['subj'], Format::sanitize($_POST['message']), null, array('reply-tag'=>false))) { $msg=Format::htmlchars(sprintf(__('Test email sent successfully to <%s>'), $_POST['email'])); Draft::deleteForNamespace('email.diag'); } else $errors['err']=__('Error sending email - try again.'); }elseif($errors['err']){ $errors['err']=__('Error sending email - try again.'); } } $nav->setTabActive('emails'); $ost->addExtraHeader('<meta name="tip-namespace" content="emails.diagnostic" />', "$('#content').data('tipNamespace', '".$tip_namespace."');"); require(STAFFINC_DIR.'header.inc.php');
function save($id, $vars, &$errors) { if ($id && $vars['id'] != $id) { $errors['err'] = __('Missing or invalid team'); } if (!$vars['name']) { $errors['name'] = __('Team name is required'); } elseif (strlen($vars['name']) < 3) { $errors['name'] = __('Team name must be at least 3 chars.'); } elseif (($tid = Team::getIdByName($vars['name'])) && $tid != $id) { $errors['name'] = __('Team name already exists'); } if ($errors) { return false; } $sql = 'SET updated=NOW(),isenabled=' . db_input($vars['isenabled']) . ',name=' . db_input($vars['name']) . ',noalerts=' . db_input(isset($vars['noalerts']) ? $vars['noalerts'] : 0) . ',notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . TEAM_TABLE . ' ' . $sql . ',lead_id=' . db_input($vars['lead_id']) . ' WHERE team_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this team')) . ' ' . __('Internal error occurred'); } else { $sql = 'INSERT INTO ' . TEAM_TABLE . ' ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this team')) . ' ' . __('Internal error occurred'); } return false; }
function save($id, $vars, &$errors) { $vars['username'] = Format::striptags($vars['username']); $vars['firstname'] = Format::striptags($vars['firstname']); $vars['lastname'] = Format::striptags($vars['lastname']); if ($id && $id != $vars['id']) { $errors['err'] = 'Internal Error'; } if (!$vars['firstname']) { $errors['firstname'] = 'First name required'; } if (!$vars['lastname']) { $errors['lastname'] = 'Last name required'; } $error = ''; if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) { $errors['username'] = $error ? $error : 'Username required'; } elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) { $errors['username'] = '******'; } if (!$vars['email'] || !Validator::is_email($vars['email'])) { $errors['email'] = 'Valid email required'; } elseif (Email::getIdByEmail($vars['email'])) { $errors['email'] = 'Already in-use system email'; } elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) { $errors['email'] = 'Email already in use by another staff member'; } if ($vars['phone'] && !Validator::is_phone($vars['phone'])) { $errors['phone'] = 'Valid number required'; } if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) { $errors['mobile'] = 'Valid number required'; } if ($vars['passwd1'] || $vars['passwd2'] || !$id) { if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) { $errors['passwd2'] = 'Password(s) do not match'; } elseif ($vars['backend'] != 'local' || $vars['welcome_email']) { // Password can be omitted } elseif (!$vars['passwd1'] && !$id) { $errors['passwd1'] = 'Temp. password required'; $errors['temppasswd'] = 'Required'; } elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) { $errors['passwd1'] = 'Must be at least 6 characters'; } } if (!$vars['dept_id']) { $errors['dept_id'] = 'Department required'; } if (!$vars['group_id']) { $errors['group_id'] = 'Group required'; } if (!$vars['timezone_id']) { $errors['timezone_id'] = 'Time zone required'; } if ($errors) { return false; } $sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes'])); if ($vars['passwd1']) { $sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1'])); if (isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=1'; } } elseif (!isset($vars['change_passwd'])) { $sql .= ' ,change_passwd=0'; } if ($id) { $sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = 'Unable to update the user. Internal error occurred'; } else { $sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()'; if (db_query($sql) && ($uid = db_insert_id())) { return $uid; } $errors['err'] = 'Unable to create user. Internal error'; } return false; }
function save($id, $vars, &$errors) { global $cfg; //very basic checks $vars['name'] = Format::striptags(trim($vars['name'])); $vars['email'] = trim($vars['email']); if ($id && $id != $vars['id']) { $errors['err'] = __('Internal error. Get technical help.'); } if (!$vars['email'] || !Validator::is_email($vars['email'])) { $errors['email'] = __('Valid email required'); } elseif (($eid = Email::getIdByEmail($vars['email'])) && $eid != $id) { $errors['email'] = __('Email already exists'); } elseif ($cfg && !strcasecmp($cfg->getAdminEmail(), $vars['email'])) { $errors['email'] = __('Email already used as admin email!'); } elseif (Staff::getIdByEmail($vars['email'])) { //make sure the email doesn't belong to any of the staff $errors['email'] = __('Email in use by an agent'); } if (!$vars['name']) { $errors['name'] = __('Email name required'); } if ($vars['mail_active'] || $vars['smtp_active'] && $vars['smtp_auth']) { if (!$vars['userid']) { $errors['userid'] = __('Username missing'); } if (!$id && !$vars['passwd']) { $errors['passwd'] = __('Password required'); } elseif ($vars['passwd'] && $vars['userid'] && !Crypto::encrypt($vars['passwd'], SECRET_SALT, $vars['userid'])) { $errors['passwd'] = __('Unable to encrypt password - get technical support'); } } list($vars['mail_protocol'], $encryption) = explode('/', $vars['mail_proto']); $vars['mail_encryption'] = $encryption ?: 'NONE'; if ($vars['mail_active']) { //Check pop/imapinfo only when enabled. if (!function_exists('imap_open')) { $errors['mail_active'] = __("IMAP doesn't exist. PHP must be compiled with IMAP enabled."); } if (!$vars['mail_host']) { $errors['mail_host'] = __('Host name required'); } if (!$vars['mail_port']) { $errors['mail_port'] = __('Port required'); } if (!$vars['mail_protocol']) { $errors['mail_protocol'] = __('Select protocol'); } if (!$vars['mail_fetchfreq'] || !is_numeric($vars['mail_fetchfreq'])) { $errors['mail_fetchfreq'] = __('Fetch interval required'); } if (!$vars['mail_fetchmax'] || !is_numeric($vars['mail_fetchmax'])) { $errors['mail_fetchmax'] = __('Maximum emails required'); } if (!isset($vars['postfetch'])) { $errors['postfetch'] = __('Indicate what to do with fetched emails'); } elseif (!strcasecmp($vars['postfetch'], 'archive') && !$vars['mail_archivefolder']) { $errors['postfetch'] = __('Valid folder required'); } } if ($vars['smtp_active']) { if (!$vars['smtp_host']) { $errors['smtp_host'] = __('Host name required'); } if (!$vars['smtp_port']) { $errors['smtp_port'] = __('Port required'); } } //abort on errors if ($errors) { return false; } if (!$errors && ($vars['mail_host'] && $vars['userid'])) { $sql = 'SELECT email_id FROM ' . EMAIL_TABLE . ' WHERE mail_host=' . db_input($vars['mail_host']) . ' AND userid=' . db_input($vars['userid']); if ($id) { $sql .= ' AND email_id!=' . db_input($id); } if (db_num_rows(db_query($sql))) { $errors['userid'] = $errors['host'] = __('Host/userid combination already in use.'); } } $passwd = $vars['passwd'] ? $vars['passwd'] : $vars['cpasswd']; if (!$errors && $vars['mail_active']) { //note: password is unencrypted at this point...MailFetcher expect plain text. $fetcher = new MailFetcher(array('host' => $vars['mail_host'], 'port' => $vars['mail_port'], 'username' => $vars['userid'], 'password' => $passwd, 'protocol' => $vars['mail_protocol'], 'encryption' => $vars['mail_encryption'])); if (!$fetcher->connect()) { //$errors['err']='Invalid login. Check '.Format::htmlchars($vars['mail_protocol']).' settings'; $errors['err'] = sprintf(__('Invalid login. Check %s settings'), Format::htmlchars($vars['mail_protocol'])); $errors['mail'] = '<br>' . $fetcher->getLastError(); } elseif ($vars['mail_archivefolder'] && !$fetcher->checkMailbox($vars['mail_archivefolder'], true)) { //$errors['postfetch']='Invalid or unknown mail folder! >> '.$fetcher->getLastError().''; $errors['postfetch'] = sprintf(__('Invalid or unknown mail folder! >> %s'), $fetcher->getLastError()); if (!$errors['mail']) { $errors['mail'] = __('Invalid or unknown archive folder!'); } } } if (!$errors && $vars['smtp_active']) { //Check SMTP login only. require_once 'Mail.php'; // PEAR Mail package $smtp = mail::factory('smtp', array('host' => $vars['smtp_host'], 'port' => $vars['smtp_port'], 'auth' => (bool) $vars['smtp_auth'], 'username' => $vars['userid'], 'password' => $passwd, 'timeout' => 20, 'debug' => false)); $mail = $smtp->connect(); if (PEAR::isError($mail)) { $errors['err'] = __('Unable to log in. Check SMTP settings.'); $errors['smtp'] = '<br>' . $mail->getMessage(); } else { $smtp->disconnect(); //Thank you, sir! } } if ($errors) { return false; } $sql = 'updated=NOW(),mail_errors=0, mail_lastfetch=NULL' . ',email=' . db_input($vars['email']) . ',name=' . db_input(Format::striptags($vars['name'])) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',topic_id=' . db_input($vars['topic_id']) . ',noautoresp=' . db_input(isset($vars['noautoresp']) ? 1 : 0) . ',userid=' . db_input($vars['userid']) . ',mail_active=' . db_input($vars['mail_active']) . ',mail_host=' . db_input($vars['mail_host']) . ',mail_protocol=' . db_input($vars['mail_protocol'] ? $vars['mail_protocol'] : 'POP') . ',mail_encryption=' . db_input($vars['mail_encryption']) . ',mail_port=' . db_input($vars['mail_port'] ? $vars['mail_port'] : 0) . ',mail_fetchfreq=' . db_input($vars['mail_fetchfreq'] ? $vars['mail_fetchfreq'] : 0) . ',mail_fetchmax=' . db_input($vars['mail_fetchmax'] ? $vars['mail_fetchmax'] : 0) . ',smtp_active=' . db_input($vars['smtp_active']) . ',smtp_host=' . db_input($vars['smtp_host']) . ',smtp_port=' . db_input($vars['smtp_port'] ? $vars['smtp_port'] : 0) . ',smtp_auth=' . db_input($vars['smtp_auth']) . ',smtp_spoofing=' . db_input(isset($vars['smtp_spoofing']) ? 1 : 0) . ',notes=' . db_input(Format::sanitize($vars['notes'])); //Post fetch email handling... if ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'delete')) { $sql .= ',mail_delete=1,mail_archivefolder=NULL'; } elseif ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'archive') && $vars['mail_archivefolder']) { $sql .= ',mail_delete=0,mail_archivefolder=' . db_input($vars['mail_archivefolder']); } else { $sql .= ',mail_delete=0,mail_archivefolder=NULL'; } if ($vars['passwd']) { //New password - encrypt. $sql .= ',userpass='******'passwd'], SECRET_SALT, $vars['userid'])); } if ($id) { //update $sql = 'UPDATE ' . EMAIL_TABLE . ' SET ' . $sql . ' WHERE email_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this email')) . ' ' . __('Internal error occurred'); } else { $sql = 'INSERT INTO ' . EMAIL_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = sprintf(__('Unable to add %s.'), __('this email')) . ' ' . __('Internal error occurred'); } return false; }
function save($id, $vars, &$errors) { if (!$id && (!$vars['ipaddr'] || !Validator::is_ip($vars['ipaddr']))) { $errors['ipaddr'] = 'Valid IP required'; } if ($errors) { return false; } $sql = ' updated=NOW() ' . ',isactive=' . db_input($vars['isactive']) . ',can_create_tickets=' . db_input($vars['can_create_tickets']) . ',can_exec_cron=' . db_input($vars['can_exec_cron']) . ',notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . API_KEY_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = 'Unable to update API key. Internal error occurred'; } else { $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET ' . $sql . ',created=NOW() ' . ',ipaddr=' . db_input($vars['ipaddr']) . ',apikey=' . db_input(strtoupper(md5(time() . $vars['ipaddr'] . md5(Misc::randCode(16))))); if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = 'Unable to add API key. Try again!'; } return false; }
function save($id, $vars, &$errors) { if (!$vars['execorder']) { $errors['execorder'] = __('Order required'); } elseif (!is_numeric($vars['execorder'])) { $errors['execorder'] = __('Must be numeric value'); } if (!$vars['name']) { $errors['name'] = __('Name required'); } elseif (($sid = self::getIdByName($vars['name'])) && $sid != $id) { $errors['name'] = __('Name already in use'); } if (!$errors && !self::validate_rules($vars, $errors) && !$errors['rules']) { $errors['rules'] = __('Unable to validate rules as entered'); } $targets = self::getTargets(); if (!$vars['target']) { $errors['target'] = __('Target required'); } else { if (!is_numeric($vars['target']) && !$targets[$vars['target']]) { $errors['target'] = __('Unknown or invalid target'); } } if ($errors) { return false; } $emailId = 0; if (is_numeric($vars['target'])) { $emailId = $vars['target']; $vars['target'] = 'Email'; } $sql = ' updated=NOW() ' . ',isactive=' . db_input($vars['isactive']) . ',target=' . db_input($vars['target']) . ',name=' . db_input($vars['name']) . ',execorder=' . db_input($vars['execorder']) . ',email_id=' . db_input($emailId) . ',dept_id=' . db_input($vars['dept_id']) . ',status_id=' . db_input($vars['status_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',sla_id=' . db_input($vars['sla_id']) . ',topic_id=' . db_input($vars['topic_id']) . ',match_all_rules=' . db_input($vars['match_all_rules']) . ',stop_onmatch=' . db_input(isset($vars['stop_onmatch']) ? 1 : 0) . ',reject_ticket=' . db_input(isset($vars['reject_ticket']) ? 1 : 0) . ',use_replyto_email=' . db_input(isset($vars['use_replyto_email']) ? 1 : 0) . ',disable_autoresponder=' . db_input(isset($vars['disable_autoresponder']) ? 1 : 0) . ',canned_response_id=' . db_input($vars['canned_response_id']) . ',notes=' . db_input(Format::sanitize($vars['notes'])); //Auto assign ID is overloaded... if ($vars['assign'] && $vars['assign'][0] == 's') { $sql .= ',team_id=0,staff_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign'])); } elseif ($vars['assign'] && $vars['assign'][0] == 't') { $sql .= ',staff_id=0,team_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign'])); } else { $sql .= ',staff_id=0,team_id=0 '; } //no auto-assignment! if ($id) { $sql = 'UPDATE ' . FILTER_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id); if (!db_query($sql)) { $errors['err'] = sprintf(__('Unable to update %s.'), __('this ticket filter')) . ' ' . __('Internal error occurred'); } } else { $sql = 'INSERT INTO ' . FILTER_TABLE . ' SET ' . $sql . ',created=NOW() '; if (!db_query($sql) || !($id = db_insert_id())) { $errors['err'] = sprintf(__('Unable to add %s.'), __('this ticket filter')) . ' ' . __('Internal error occurred'); } } if ($errors || !$id) { return false; } //Success with update/create...save the rules. We can't recover from any errors at this point. # Don't care about errors stashed in $xerrors $xerrors = array(); self::save_rules($id, $vars, $xerrors); return true; }
function save($id, $vars, &$errors) { global $cfg; $vars['topic'] = Format::striptags(trim($vars['topic'])); if ($id && $id != $vars['id']) { $errors['err'] = __('Internal error occurred'); } if (!$vars['topic']) { $errors['topic'] = __('Help topic name is required'); } elseif (strlen($vars['topic']) < 5) { $errors['topic'] = __('Topic is too short. Five characters minimum'); } elseif (($tid = self::getIdByName($vars['topic'], $vars['topic_pid'])) && $tid != $id) { $errors['topic'] = __('Topic already exists'); } if (!is_numeric($vars['dept_id'])) { $errors['dept_id'] = __('Department selection is required'); } if ($vars['custom-numbers'] && !preg_match('`(?!<\\\\)#`', $vars['number_format'])) { $errors['number_format'] = 'Ticket number format requires at least one hash character (#)'; } if ($errors) { return false; } foreach (array('sla_id', 'form_id', 'page_id', 'topic_pid') as $f) { if (!isset($vars[$f])) { $vars[$f] = 0; } } $sql = ' updated=NOW() ' . ',topic=' . db_input($vars['topic']) . ',topic_pid=' . db_input($vars['topic_pid']) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',status_id=' . db_input($vars['status_id']) . ',sla_id=' . db_input($vars['sla_id']) . ',form_id=' . db_input($vars['form_id']) . ',page_id=' . db_input($vars['page_id']) . ',isactive=' . db_input($vars['isactive']) . ',ispublic=' . db_input($vars['ispublic']) . ',sequence_id=' . db_input($vars['custom-numbers'] ? $vars['sequence_id'] : 0) . ',number_format=' . db_input($vars['custom-numbers'] ? $vars['number_format'] : '') . ',flags=' . db_input($vars['custom-numbers'] ? self::FLAG_CUSTOM_NUMBERS : 0) . ',noautoresp=' . db_input(isset($vars['noautoresp']) && $vars['noautoresp'] ? 1 : 0) . ',notes=' . db_input(Format::sanitize($vars['notes'])); //Auto assign ID is overloaded... if ($vars['assign'] && $vars['assign'][0] == 's') { $sql .= ',team_id=0, staff_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign'])); } elseif ($vars['assign'] && $vars['assign'][0] == 't') { $sql .= ',staff_id=0, team_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign'])); } else { $sql .= ',staff_id=0, team_id=0 '; } //no auto-assignment! $rv = false; if ($id) { $sql = 'UPDATE ' . TOPIC_TABLE . ' SET ' . $sql . ' WHERE topic_id=' . db_input($id); if (!($rv = db_query($sql))) { $errors['err'] = sprintf(__('Unable to update %s.'), __('this help topic')) . ' ' . __('Internal error occurred'); } } else { if (isset($vars['topic_id'])) { $sql .= ', topic_id=' . db_input($vars['topic_id']); } // If in manual sort mode, place the new item directly below the // parent item if ($vars['topic_pid'] && $cfg && $cfg->getTopicSortMode() != 'a') { $sql .= ', `sort`=' . db_input(db_result(db_query('SELECT COALESCE(`sort`,0)+1 FROM ' . TOPIC_TABLE . ' WHERE `topic_id`=' . db_input($vars['topic_pid'])))); } $sql = 'INSERT INTO ' . TOPIC_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { $rv = $id; } else { $errors['err'] = sprintf(__('Unable to create %s.'), __('this help topic')) . ' ' . __('Internal error occurred'); } } if (!$cfg || $cfg->getTopicSortMode() == 'a') { static::updateSortOrder(); } return $rv; }
function save($id, $vars, &$errors, $validation = false) { //Cleanup. $vars['name'] = Format::striptags(trim($vars['name'])); //validate if ($id && $id != $vars['id']) { $errors['err'] = 'Internal error. Try again'; } if (!$vars['name']) { $errors['name'] = 'Category name is required'; } elseif (strlen($vars['name']) < 3) { $errors['name'] = 'Name is too short. 3 chars minimum'; } elseif (($cid = self::findIdByName($vars['name'])) && $cid != $id) { $errors['name'] = 'Category already exists'; } if (!$vars['description']) { $errors['description'] = 'Category description is required'; } if ($errors) { return false; } /* validation only */ if ($validation) { return true; } //save $sql = ' updated=NOW() ' . ',ispublic=' . db_input(isset($vars['ispublic']) ? $vars['ispublic'] : 0) . ',name=' . db_input($vars['name']) . ',description=' . db_input(Format::sanitize($vars['description'])) . ',notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . FAQ_CATEGORY_TABLE . ' SET ' . $sql . ' WHERE category_id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = 'Unable to update FAQ category.'; } else { $sql = 'INSERT INTO ' . FAQ_CATEGORY_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = 'Unable to create FAQ category. Internal error'; } return false; }
function save($id, $vars, &$errors, $validation = false) { //Cleanup. $vars['question'] = Format::striptags(trim($vars['question'])); //validate if ($id && $id != $vars['id']) { $errors['err'] = __('Internal error. Try again'); } if (!$vars['question']) { $errors['question'] = __('Question required'); } elseif (($qid = self::findIdByQuestion($vars['question'])) && $qid != $id) { $errors['question'] = __('Question already exists'); } if (!$vars['category_id'] || !($category = Category::lookup($vars['category_id']))) { $errors['category_id'] = __('Category is required'); } if (!$vars['answer']) { $errors['answer'] = __('FAQ answer is required'); } if ($errors || $validation) { return !$errors; } //save $sql = ' updated=NOW() ' . ', question=' . db_input($vars['question']) . ', answer=' . db_input(Format::sanitize($vars['answer'], false)) . ', category_id=' . db_input($vars['category_id']) . ', ispublished=' . db_input(isset($vars['ispublished']) ? $vars['ispublished'] : 0) . ', notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . FAQ_TABLE . ' SET ' . $sql . ' WHERE faq_id=' . db_input($id); if (db_query($sql)) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this FAQ article')); } else { $sql = 'INSERT INTO ' . FAQ_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { Signal::send('model.created', FAQ::lookup($id)); return $id; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this FAQ article')) . ' ' . __('Internal error occurred'); } return false; }
function parse($value) { $config = $this->getConfiguration(); if ($config['html']) { return Format::sanitize($value); } else { return $value; } }
function save($id, $vars, &$errors) { global $cfg; if ($id && $id != $vars['id']) { $errors['err'] = __('Missing or invalid Dept ID (internal error).'); } if (!$vars['name']) { $errors['name'] = __('Name required'); } elseif (strlen($vars['name']) < 4) { $errors['name'] = __('Name is too short.'); } elseif (($did = Dept::getIdByName($vars['name'])) && $did != $id) { $errors['name'] = __('Department already exists'); } if (!$vars['ispublic'] && $cfg && $vars['id'] == $cfg->getDefaultDeptId()) { $errors['ispublic'] = __('System default department cannot be private'); } if ($errors) { return false; } $sql = 'SET updated=NOW() ' . ' ,ispublic=' . db_input(isset($vars['ispublic']) ? $vars['ispublic'] : 0) . ' ,email_id=' . db_input(isset($vars['email_id']) ? $vars['email_id'] : 0) . ' ,tpl_id=' . db_input(isset($vars['tpl_id']) ? $vars['tpl_id'] : 0) . ' ,sla_id=' . db_input(isset($vars['sla_id']) ? $vars['sla_id'] : 0) . ' ,autoresp_email_id=' . db_input(isset($vars['autoresp_email_id']) ? $vars['autoresp_email_id'] : 0) . ' ,manager_id=' . db_input($vars['manager_id'] ? $vars['manager_id'] : 0) . ' ,dept_name=' . db_input(Format::striptags($vars['name'])) . ' ,dept_signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,group_membership=' . db_input($vars['group_membership']) . ' ,ticket_auto_response=' . db_input(isset($vars['ticket_auto_response']) ? $vars['ticket_auto_response'] : 1) . ' ,message_auto_response=' . db_input(isset($vars['message_auto_response']) ? $vars['message_auto_response'] : 1); if ($id) { $sql = 'UPDATE ' . DEPT_TABLE . ' ' . $sql . ' WHERE dept_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this department')) . ' ' . __('Internal error occurred'); } else { if (isset($vars['id'])) { $sql .= ', dept_id=' . db_input($vars['id']); } $sql = 'INSERT INTO ' . DEPT_TABLE . ' ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this department')) . ' ' . __('Internal error occurred'); } return false; }
function save($id, $vars, &$errors) { if ($id && $vars['id'] != $id) { $errors['err'] = __('Missing or invalid group ID'); } if (!$vars['name']) { $errors['name'] = __('Group name required'); } elseif (strlen($vars['name']) < 3) { $errors['name'] = __('Group name must be at least 3 chars.'); } elseif (($gid = Group::getIdByName($vars['name'])) && $gid != $id) { $errors['name'] = __('Group name already exists'); } if ($errors) { return false; } $sql = ' SET updated=NOW() ' . ', group_name=' . db_input(Format::striptags($vars['name'])) . ', group_enabled=' . db_input($vars['isactive']) . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_assign_tickets=' . db_input($vars['can_assign_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_premade=' . db_input($vars['can_manage_premade']) . ', can_manage_faq=' . db_input($vars['can_manage_faq']) . ', can_post_ticket_reply=' . db_input($vars['can_post_ticket_reply']) . ', can_view_staff_stats=' . db_input($vars['can_view_staff_stats']) . ', notes=' . db_input(Format::sanitize($vars['notes'])); if ($id) { $sql = 'UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id); if ($res = db_query($sql)) { return true; } $errors['err'] = sprintf(__('Unable to update %s.'), __('this group')) . ' ' . __('Internal error occurred'); } else { $sql = 'INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()'; if (($res = db_query($sql)) && ($id = db_insert_id())) { return $id; } $errors['err'] = sprintf(__('Unable to create %s.'), __('this group')) . ' ' . __('Internal error occurred'); } return false; }
$errors = array(); $email = null; if (!$_POST['email_id'] || !($email = Email::lookup($_POST['email_id']))) { $errors['email_id'] = __('Select from email address'); } if (!$_POST['email'] || !Validator::is_email($_POST['email'])) { $errors['email'] = __('To email address required'); } if (!$_POST['subj']) { $errors['subj'] = __('Subject required'); } if (!$_POST['message']) { $errors['message'] = __('Message required'); } if (!$errors && $email) { if ($email->send($_POST['email'], $_POST['subj'], Format::sanitize($_POST['message']), null, array('reply-tag' => false))) { $msg = Format::htmlchars(sprintf(__('Test email sent successfully to <%s>'), $_POST['email'])); Draft::deleteForNamespace('email.diag'); } else { $errors['err'] = __('Error sending email - try again.'); } } elseif ($errors['err']) { $errors['err'] = __('Error sending email - try again.'); } } $info = Format::htmlchars($errors && $_POST ? $_POST : $info); $nav->setTabActive('emails'); $ost->addExtraHeader('<meta name="tip-namespace" content="emails.diagnostic" />', "\$('#content').data('tipNamespace', '" . $tip_namespace . "');"); require STAFFINC_DIR . 'header.inc.php'; ?> <form action="emailtest.php" method="post" id="save">
function save($id, $vars, &$errors) { global $cfg; $vars['topic'] = Format::striptags(trim($vars['topic'])); if ($id && $id != $vars['id']) { $errors['err'] = 'Internal error. Try again'; } if (!$vars['topic']) { $errors['topic'] = 'Help topic required'; } elseif (strlen($vars['topic']) < 5) { $errors['topic'] = 'Topic is too short. 5 chars minimum'; } elseif (($tid = self::getIdByName($vars['topic'], $vars['topic_pid'])) && $tid != $id) { $errors['topic'] = 'Topic already exists'; } if (!is_numeric($vars['dept_id'])) { $errors['dept_id'] = 'You must select a department'; } if ($errors) { return false; } foreach (array('sla_id', 'form_id', 'page_id', 'topic_pid') as $f) { if (!isset($vars[$f])) { $vars[$f] = 0; } } $sql = ' updated=NOW() ' . ',topic=' . db_input($vars['topic']) . ',topic_pid=' . db_input($vars['topic_pid']) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',sla_id=' . db_input($vars['sla_id']) . ',form_id=' . db_input($vars['form_id']) . ',page_id=' . db_input($vars['page_id']) . ',isactive=' . db_input($vars['isactive']) . ',ispublic=' . db_input($vars['ispublic']) . ',noautoresp=' . db_input(isset($vars['noautoresp']) && $vars['noautoresp'] ? 1 : 0) . ',notes=' . db_input(Format::sanitize($vars['notes'])); //Auto assign ID is overloaded... if ($vars['assign'] && $vars['assign'][0] == 's') { $sql .= ',team_id=0, staff_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign'])); } elseif ($vars['assign'] && $vars['assign'][0] == 't') { $sql .= ',staff_id=0, team_id=' . db_input(preg_replace("/[^0-9]/", "", $vars['assign'])); } else { $sql .= ',staff_id=0, team_id=0 '; } //no auto-assignment! $rv = false; if ($id) { $sql = 'UPDATE ' . TOPIC_TABLE . ' SET ' . $sql . ' WHERE topic_id=' . db_input($id); if (!($rv = db_query($sql))) { $errors['err'] = 'Unable to update topic. Internal error occurred'; } } else { if (isset($vars['topic_id'])) { $sql .= ', topic_id=' . db_input($vars['topic_id']); } // If in manual sort mode, place the new item directly below the // parent item if ($vars['topic_pid'] && $cfg && $cfg->getTopicSortMode() != 'a') { $sql .= ', `sort`=' . db_input(db_result(db_query('SELECT COALESCE(`sort`,0)+1 FROM ' . TOPIC_TABLE . ' WHERE `topic_id`=' . db_input($vars['topic_pid'])))); } $sql = 'INSERT INTO ' . TOPIC_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { $rv = $id; } else { $errors['err'] = 'Unable to create the topic. Internal error'; } } if (!$cfg || $cfg->getTopicSortMode() == 'a') { static::updateSortOrder(); } return $rv; }