/**
* Creates the user's session and log him in
*
* @param unknown_type $StPwd
* @return unknown
*/
public function getLogged($StLogin, $StPwd)
{
UserHandler::SQLInjectionHandle($StLogin);
UserHandler::SQLInjectionHandle($StPwd);
$this->StLogin = $StLogin;
$StSQL = "\nSELECT\n IDUser, StPassword, StName, StEmail, StHash\nFROM\n " . DBPREFIX . "User\nWHERE\n StEmail = '{$this->StLogin}'";
$this->execSQL($StSQL);
$this->commit();
if ($this->getNumRows() != 1) {
throw new ErrorHandler(EXC_USER_NOTREG);
}
$ArResult = $this->getResult('string');
if ($ArResult[0]['StPassword'] == $this->myHash($ArResult[0]['StHash'], $StPwd)) {
$StSQL = "\nSELECT\n C.IDClient, S.IDSupporter\nFROM\n " . DBPREFIX . "User U\nLEFT JOIN\n " . DBPREFIX . "Supporter S ON (U.IDUser = S.IDUser)\nLEFT JOIN\n " . DBPREFIX . "Client C ON (U.IDUser = C.IDUser)\nWHERE\n U.IDUser = {$ArResult[0]['IDUser']}";
$this->execSQL($StSQL);
$ArResult = array_merge($ArResult, $this->getResult('string'));
setSessionProp('StName', $ArResult[0]['StName']);
setSessionProp('IDUser', $ArResult[0]['IDUser']);
setSessionProp('StEmail', $ArResult[0]['StEmail']);
setSessionProp('StHash', md5($ArResult[0]['IDUser'] . $ArResult[0]['StName']));
if (!isset($ArResult[1]['IDClient']) && isset($ArResult[1]['IDSupporter'])) {
setSessionProp('isSupporter', 'true');
setSessionProp('IDSupporter', $ArResult[1]['IDSupporter']);
} else {
setSessionProp('isSupporter', 'false');
setSessionProp('IDClient', $ArResult[1]['IDClient']);
}
return true;
} else {
throw new ErrorHandler(EXC_USER_WRONGPASS);
}
}
<?php
require_once 'main.php';
/***************************************
* Create Submit *
****************************************/
$ObjTicket = new TicketHandler();
if (!empty($_POST) && $_POST['StAction'] == 'create') {
foreach ($_POST as &$StArg) {
UserHandler::SQLInjectionHandle($StArg);
}
$IDCategory = $_POST['StCategory'];
$IDPriority = $_POST['StPriority'];
$StTitle = $_POST['StTitle'];
$TxMessage = f1desk_escape_html($_POST['TxMessage']);
$IDDepartment = $_POST['IDRecipient'] != 'null' ? $_POST['IDRecipient'] : '';
$IDDepartmentReader = isset($_POST['IDReader']) && $_POST['IDReader'] != 'null' ? $_POST['IDReader'] : '';
$ArUsers = isset($_POST['ArRecipients']) ? explode(',', $_POST['ArRecipients']) : array();
$ArReaders = isset($_POST['ArReaders']) ? explode(',', $_POST['ArReaders']) : array();
$ArAttached = isset($_POST['ArAttached']) ? explode(',', $_POST['ArAttached']) : array();
if (F1DeskUtils::IsSupporter()) {
if (!empty($_FILES['Attachment']['name'])) {
$IDTicket = $ObjTicket->createSupporterTicket(getSessionProp('IDSupporter'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $IDDepartmentReader, $ArUsers, $ArReaders, true, $_FILES);
} else {
$IDTicket = $ObjTicket->createSupporterTicket(getSessionProp('IDSupporter'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $IDDepartmentReader, $ArUsers, $ArReaders, true);
}
} else {
if (!empty($_FILES['Attachment']['name'])) {
$IDTicket = $ObjTicket->createUserTicket(getSessionProp('IDClient'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $_FILES);
} else {
$IDTicket = $ObjTicket->createUserTicket(getSessionProp('IDClient'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment);
<?php
require_once 'main.php';
Validate::Session();
if (isset($_GET['IDAttach'])) {
$IDAttachment = $_GET['IDAttach'];
}
$TicketHandler = new TicketHandler();
UserHandler::SQLInjectionHandle($IDAttachment);
$ID = getSessionProp('IDUser');
$ArResult = $TicketHandler->canDownload($IDAttachment, $ID);
if (F1DeskUtils::isSupporter()) {
$ArResult['BoPermission'] = 'true';
}
if (isset($ArResult['BoPermission']) && $ArResult['BoPermission'] == 'true') {
if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
$StFileName = preg_replace('/\\./', '%2e', $ArResult['StFile'], substr_count($ArResult['StFile'], '.') - 1);
} else {
$StFileName = $ArResult['StFile'];
}
$StFileName = strtr($StFileName, ' ', '_');
if (isset($ArResult['StLink']) && !is_dir($ArResult['StLink'])) {
$ItFileSize = filesize($ArResult['StLink']);
$tmpFile = F1DeskUtils::toTMP($ArResult['StLink'], 'path');
} else {
$ItFileSize = mb_strlen($ArResult['ByFile'], 'latin1');
$tmpFile = F1DeskUtils::toTMP($ArResult['ByFile'], 'file');
}
#
# Verificar este header pois o mesmo não exibe corretamente o tamanho do arquivo, quando disponiblizado para download
#
<?php
#
# Load Language and configs
#
require_once 'main.php';
handleLanguage(__FILE__);
$ObjTicket = new TicketHandler();
$ObjUser = new UserHandler();
$isSupporter = F1DeskUtils::isSupporter();
/************************** ### Actions ### ***************************/
if (isset($_POST['StAction'])) {
foreach ($_POST as $Post) {
UserHandler::SQLInjectionHandle($Post);
}
$StAction = $_POST['StAction'];
switch ($StAction) {
case 'ignore':
if (!$isSupporter) {
throw new ErrorHandler(INVALID_OPTION);
}
if (!is_numeric($_POST['IDSupporter']) || !is_numeric($_POST['IDTicket'])) {
ErrorHandler::setNotice('ticket', EXC_GLOBAL_EXPPARAM, 'error');
} else {
if (F1DeskUtils::isIgnored($_POST['IDSupporter'], $_POST['IDTicket'])) {
ErrorHandler::setNotice('ticket', ALREADY_IGNORED, 'error');
} else {
if (!$ObjTicket->ignoreTicket($_POST['IDSupporter'], $_POST['IDTicket'])) {
ErrorHandler::setNotice('ticket', ERROR_IGNORING, 'error');
} else {
$BoIgnored = true;
