/**
* This function is beign used to change the users emailaddress info.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* The emailaddress will be validated first. If the checking was successful the email will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function userRegistration()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
$dbl = new DBLayer("lib");
$dbl->update("settings", array('Value' => $_POST['userRegistration']), "`Setting` = 'userRegistration'");
$result['target_id'] = $_GET['id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$pageElements = settings();
$pageElements = array_merge(settings(), $result);
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
// pass error and reload template accordingly
helpers::loadtemplate('settings', $pageElements);
throw new SystemExit();
} else {
//ERROR: user is not logged in
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the dashboard page.
* check if the person who wants to view this page is a mod/admin, if this is not the case, he will be redirected to an error page.
* next it will fetch a lot of information regarding to the status of the ticket system (eg return the total amount of tickets) and return this information so
* it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function dashboard()
{
//if logged in
if (WebUsers::isLoggedIn()) {
//is Mod
if (ticket_user::isMod(unserialize($_SESSION['ticket_user']))) {
//return useful information about the status of the ticket system.
$result['user_id'] = unserialize($_SESSION['ticket_user'])->getTUserId();
$result['nrToDo'] = Ticket_Queue_Handler::getNrOfTicketsToDo(unserialize($_SESSION['ticket_user'])->getTUserId());
$result['nrAssignedWaiting'] = Ticket_Queue_Handler::getNrOfTicketsAssignedWaiting(unserialize($_SESSION['ticket_user'])->getTUserId());
$result['nrTotalTickets'] = Ticket_Queue_Handler::getNrOfTickets();
$ticket = Ticket_Queue_Handler::getNewestTicket();
$result['newestTicketId'] = $ticket->getTId();
$result['newestTicketTitle'] = $ticket->getTitle();
$result['newestTicketAuthor'] = Ticket_User::get_username_from_id($ticket->getAuthor());
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is used in deactivating plugins.
* This can be done by providing id using $_GET global variable of the plugin which
* we want to activate. After getting id we update the respective plugin with status
* deactivate which here means '0'.
*
* @author Shubham Meena, mentored by Matthew Lagoe
*/
function deactivate_plugin()
{
// if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_GET['id'])) {
// id of plugin to deactivate
$id = filter_var($_GET['id'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$db = new DBLayer('lib');
$result = $db->update("plugins", array('Status' => '0'), "Id = {$id}");
if ($result) {
// if result is successfull it redirects and shows success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=5");
throw new SystemExit();
} else {
// if result is unsuccessfull it redirects and shows success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=6");
throw new SystemExit();
}
} else {
//if $_GET variable is not set it redirects and shows error
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=6");
throw new SystemExit();
}
}
}
/**
* This function is used in deleting plugins.
* It removes the plugin from the codebase as well as
* from the Database. When user request to delete a plugin
* id of that plugin is sent in $_GET global variable.
*
* @author Shubham Meena, mentored by Matthew Lagoe
*/
function delete_plugin()
{
// if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_GET['id'])) {
// id of plugin to delete after filtering
$id = filter_var($_GET['id'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$db = new DBLayer('lib');
$sth = $db->selectWithParameter("FileName", "plugins", array('id' => $id), "Id=:id");
$name = $sth->fetch();
if (is_dir("{$name['FileName']}")) {
// removing plugin directory from the code base
if (Plugincache::rrmdir("{$name['FileName']}")) {
$db->delete('plugins', array('id' => $id), "Id=:id");
//if result successfull redirect and show success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=2");
throw new SystemExit();
} else {
// if result unsuccessfull redirect and show error message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=0");
throw new SystemExit();
}
}
} else {
// if result unsuccessfull redirect and show error message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=0");
throw new SystemExit();
}
}
}
/**
* This function is beign used to reply on a ticket.
* It will first check if the user who executed this function is a mod/admin or the topic creator himself. If this is not the case the page will be redirected to an error page.
* in case the isset($_POST['hidden'] is set and the user is a mod, the message will be hidden for the topic starter. The reply will be created. If $_POST['ChangeStatus']) & $_POST['ChangePriority'] is set
* it will try to update the status and priority. Afterwards the page is being redirecte to the ticket again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function reply_on_ticket()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn() && isset($_POST['ticket_id'])) {
$ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($ticket_id);
//check if the user who executed this function is a mod/admin or the topic creator himself.
if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
try {
$author = unserialize($_SESSION['ticket_user'])->getTUserId();
if (isset($_POST['Content'])) {
$content = $_POST['Content'];
} else {
$content = "";
}
$hidden = 0;
if (isset($_POST['hidden']) && Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$hidden = 1;
}
//create the reply
Ticket::createReply($content, $author, $ticket_id, $hidden);
//try to update the status & priority in case these are set.
if (isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
Ticket::updateTicketStatusAndPriority($ticket_id, $newStatus, $newPriority, $author);
}
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_ticket&id=" . $ticket_id);
} else {
header("Location: " . $WEBPATH . "?page=show_ticket&id=" . $ticket_id);
}
throw new SystemExit();
} catch (PDOException $e) {
//ERROR: LIB DB is not online!
print_r($e);
//header("Location: index.php");
throw new SystemExit();
}
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to modify the email related to a support group.
* It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page.
* the new email will be validated and in case it's valid we'll add it to the db. Before adding it, we will encrypt the password by using the MyCrypt class. Afterwards the password gets
* updated and the page redirected again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function modify_email_of_sgroup()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
//check if user is an admin
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user'])) && isset($_POST['target_id'])) {
$sgroupid = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT);
$group = Support_Group::getGroup($sgroupid);
$groupemail = filter_var($_POST['GroupEmail'], FILTER_SANITIZE_STRING);
if (Users::validEmail($groupemail) || $groupemail == "") {
$password = filter_var($_POST['IMAP_Password'], FILTER_SANITIZE_STRING);
$group->setGroupEmail($groupemail);
$group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'], FILTER_SANITIZE_STRING));
$group->setIMAP_Username(filter_var($_POST['IMAP_Username'], FILTER_SANITIZE_STRING));
//encrypt password!
global $cfg;
$crypter = new MyCrypt($cfg['crypt']);
$enc_password = $crypter->encrypt($password);
$group->setIMAP_Password($enc_password);
$group->update();
$result['RESULT_OF_MODIFYING'] = "SUCCESS";
if ($password == "") {
$result['RESULT_OF_MODIFYING'] = "NO_PASSWORD";
}
} else {
$result['RESULT_OF_MODIFYING'] = "EMAIL_NOT_VALID";
}
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
//global $SITEBASE;
//require_once($SITEBASE . 'inc/show_sgroup.php');
//$result= array_merge($result, show_sgroup());
//helpers :: loadtemplate( 'show_sgroup', $result);
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_sgroup&id=" . $sgroupid);
} else {
header("Location: " . $WEBPATH . "?page=show_sgroup&id=" . $sgroupid);
}
throw new SystemExit();
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the settings page.
* check if the person who wants to view this page is a mod/admin or the user to whom te settings belong himself, if this is not the case, he will be redirected to an error page.
* it will return a lot of information of that user, that's being used for loading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function settings()
{
if (WebUsers::isLoggedIn()) {
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if (isset($_GET['id'])) {
if ($_GET['id'] != $_SESSION['id'] && !Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
} else {
$webUser = new Webusers($_GET['id']);
$result = $webUser->getInfo();
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_GET['id'] != $_SESSION['id']) {
$result['changesOther'] = "TRUE";
}
$result['target_id'] = $_GET['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
} else {
$webUser = new Webusers($_SESSION['id']);
$result = $webUser->getInfo();
$result['target_id'] = $_SESSION['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
//Sanitize Data
$result['current_mail'] = filter_var($result['current_mail'], FILTER_SANITIZE_EMAIL);
$result['target_username'] = filter_var($result['target_username'], FILTER_SANITIZE_STRING);
$result['FirstName'] = filter_var($result['FirstName'], FILTER_SANITIZE_STRING);
$result['LastName'] = filter_var($result['LastName'], FILTER_SANITIZE_STRING);
$result['Country'] = filter_var($result['Country'], FILTER_SANITIZE_STRING);
$result['Gender'] = filter_var($result['Gender'], FILTER_SANITIZE_NUMBER_INT);
$result['ReceiveMail'] = filter_var($result['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
$result['country_array'] = getCountryArray();
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
$dbl = new DBLayer("lib");
$statement = $dbl->executeWithoutParams("SELECT * FROM settings");
$rows = $statement->fetchAll();
foreach ($rows as &$value) {
$result[$value['Setting']] = $value['Value'];
}
return $result;
} else {
//ERROR: not logged in!
header("Location: index.php");
header("Cache-Control: max-age=1");
throw new SystemExit();
}
}
/**
* This function is beign used to add a user to a support group.
* It will first check if the user who executed this function is an admin. If the user exists it will try to add it to the supportgroup, in case it's not a mod or admin it will not
* add it to the group. if the executing user is not an admin or not logged in, the page will be redirected to the error page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function add_user_to_sgroup()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
//check if the that executed the task is an admin.
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user'])) && isset($_POST['target_id'])) {
$name = filter_var($_POST['Name'], FILTER_SANITIZE_STRING);
$id = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT);
$user_id = WebUsers::getId($name);
if ($user_id != "") {
//if the target user is a mod/admin
if (Ticket_User::constr_ExternId($user_id)->getPermission() > 1) {
//add it to the support group
$result['RESULT_OF_ADDING'] = Support_Group::addUserToSupportGroup($user_id, $id);
} else {
//return error message.
$result['RESULT_OF_ADDING'] = "NOT_MOD_OR_ADMIN";
}
} else {
$result['RESULT_OF_ADDING'] = "USER_NOT_EXISTING";
}
//$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
//$result['no_visible_elements'] = 'FALSE';
//$result['username'] = $_SESSION['user'];
//global $SITEBASE;
//require_once($SITEBASE . 'inc/show_sgroup.php');
//$result= array_merge($result, show_sgroup());
//helpers :: loadtemplate( 'show_sgroup', $result);
if (Helpers::check_if_game_client()) {
header("Cache-Control: max-age=1");
header("Location: " . $INGAME_WEBPATH . "?page=show_sgroup&id=" . $id);
} else {
header("Cache-Control: max-age=1");
header("Location: " . $WEBPATH . "?page=show_sgroup&id=" . $id);
}
throw new SystemExit();
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the show_ticket_info page.
* check if the person browsing this page is a mod/admin or the ticket creator himself, if not he'll be redirected to an error page.
* not all tickets have this page related to it, only tickets created ingame will have additional information. The returned info will be used by the template to show the show_ticket_info page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_ticket_info()
{
//if logged in
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
if ($target_ticket->hasInfo() && ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])))) {
$result['ticket_title'] = $target_ticket->getTitle();
$result['ticket_author'] = $target_ticket->getAuthor();
$ticket_info = new Ticket_Info();
$ticket_info->load_With_Ticket($result['ticket_id']);
$result['shard_id'] = $ticket_info->getShardId();
$result['user_position'] = $ticket_info->getUser_Position();
$result['view_position'] = $ticket_info->getView_Position();
$result['client_version'] = $ticket_info->getClient_Version();
$result['patch_version'] = $ticket_info->getPatch_Version();
$result['server_tick'] = $ticket_info->getServer_Tick();
$result['connect_state'] = $ticket_info->getConnect_State();
$result['local_address'] = $ticket_info->getLocal_Address();
$result['memory'] = $ticket_info->getMemory();
$result['os'] = $ticket_info->getOS();
$result['processor'] = $ticket_info->getProcessor();
$result['cpu_id'] = $ticket_info->getCPUId();
$result['cpu_mask'] = $ticket_info->getCPU_Mask();
$result['ht'] = $ticket_info->getHT();
$result['nel3d'] = $ticket_info->getNel3D();
$result['user_id'] = $ticket_info->getUser_Id();
global $IMAGELOC_WEBPATH;
$result['IMAGELOC_WEBPATH'] = $IMAGELOC_WEBPATH;
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$result['isMod'] = "TRUE";
}
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to change the users receiveMail setting.
* It will first check if the user who executed this function is the person of whom the setting is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* it will check if the new value equals 1 or 0 and it will update the setting and redirect the page again.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_receivemail()
{
try {
//if logged in
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
//check if the user who executed this function is the person of whom the setting is or if it's a mod/admin.
if (($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) && isset($_POST['ReceiveMail'])) {
$user_id = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT);
$receiveMail = filter_var($_POST['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
if ($receiveMail == 0 || $receiveMail == 1) {
WebUsers::setReceiveMail($user_id, $receiveMail);
}
if (Helpers::check_if_game_client()) {
header("Cache-Control: max-age=1");
header("Location: " . $INGAME_WEBPATH . "?page=settings&id=" . $user_id);
} else {
header("Cache-Control: max-age=1");
header("Location: " . $WEBPATH . "?page=settings&id=" . $user_id);
}
throw new SystemExit();
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to add a new Support Group to the database.
* What it will do is check if the user who executed the function is an Admin, if so then it will filter all POST'ed data and use it to create a new Support_Group entry.
* if not logged in or not an admin, an appropriate redirection to an error page will take place.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function add_sgroup()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (WebUsers::isLoggedIn()) {
//check if admin
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$name = filter_var($_POST['Name'], FILTER_SANITIZE_STRING);
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
$tag = "[" . $inner_tag . "]";
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
$groupemail = filter_var($_POST['GroupEmail'], FILTER_SANITIZE_STRING);
$imap_mailserver = filter_var($_POST['IMAP_MailServer'], FILTER_SANITIZE_STRING);
$imap_username = filter_var($_POST['IMAP_Username'], FILTER_SANITIZE_STRING);
$imap_password = filter_var($_POST['IMAP_Password'], FILTER_SANITIZE_STRING);
//create a new support group
$result['RESULT_OF_ADDING'] = Support_Group::createSupportGroup($name, $tag, $groupemail, $imap_mailserver, $imap_username, $imap_password);
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
global $SITEBASE;
require $SITEBASE . '/inc/sgroup_list.php';
$result = array_merge($result, sgroup_list());
return $result;
header("Cache-Control: max-age=1");
/*if (Helpers::check_if_game_client()) {
header("Location: ".$INGAME_WEBPATH."?page=sgroup_list");
}else{
header("Location: ".$WEBPATH."?page=sgroup_list");
}
exit;
*/
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to change the permission of a ticket_user.
* It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page.
* in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1), the change will be executed and the page will
* redirect to the users profile page.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_permission()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn()) {
//check if user who executed this function is an admin
if (ticket_user::isAdmin(unserialize($_SESSION['ticket_user']))) {
//in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1)
if (isset($_GET['user_id']) && isset($_GET['value']) && $_GET['user_id'] != 1 && $_GET['value'] < 4) {
$user_id = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);
$value = filter_var($_GET['value'], FILTER_SANITIZE_NUMBER_INT);
//execute change.
Ticket_User::change_permission(Ticket_User::constr_ExternId($user_id)->getTUserId(), $value);
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_user&id=" . $user_id);
} else {
header("Location: " . $WEBPATH . "?page=show_user&id=" . $user_id);
}
throw new SystemExit();
} else {
//ERROR: GET PARAMS not given or trying to change admin
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_user&id=" . $user_id);
} else {
header("Location: " . $WEBPATH . "?page=show_user&id=" . $user_id);
}
throw new SystemExit();
}
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
function settings()
{
if (WebUsers::isLoggedIn()) {
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if (isset($_GET['id'])) {
if ($_GET['id'] != $_SESSION['id'] && !Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
exit;
} else {
$webUser = new Webusers($_GET['id']);
//$result = $webUser->getInfo();
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_GET['id'] != $_SESSION['id']) {
$result['changesOther'] = "TRUE";
}
$result['target_id'] = $_GET['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
} else {
$webUser = new Webusers($_SESSION['id']);
//$result = $webUser->getInfo();
$result['target_id'] = $_SESSION['id'];
$result['current_mail'] = $webUser->getEmail();
$result['target_username'] = $webUser->getUsername();
}
//Sanitize Data
$result['current_mail'] = filter_var($result['current_mail'], FILTER_SANITIZE_EMAIL);
$result['target_username'] = filter_var($result['target_username'], FILTER_SANITIZE_STRING);
//$result['FirstName'] = filter_var($result['FirstName'], FILTER_SANITIZE_STRING);
//$result['LastName'] = filter_var($result['LastName'], FILTER_SANITIZE_STRING);
//$result['Country'] = filter_var($result['Country'], FILTER_SANITIZE_STRING);
//$result['Gender'] = filter_var($result['Gender'], FILTER_SANITIZE_NUMBER_INT);
//$result['ReceiveMail'] = filter_var($result['ReceiveMail'], FILTER_SANITIZE_NUMBER_INT);
//$result['country_array'] = getCountryArray();
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: not logged in!
header("Location: index.php");
exit;
}
}
/**
* This function is beign used to load info that's needed for the show_user page.
* Users can only browse their own user page, while mods/admins can browse all user pages. The current settings of the user being browsed will be loaded, as also their created tickets
* and this info will be returned so it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_user()
{
//if logged in
if (WebUsers::isLoggedIn()) {
//Users can only browse their own user page, while mods/admins can browse all user pages
if (!isset($_GET['id']) || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) || $_GET['id'] == $_SESSION['id']) {
if (isset($_GET['id'])) {
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
} else {
$result['target_id'] = $_SESSION['id'];
}
$webUser = new WebUsers($result['target_id']);
$result['target_name'] = $webUser->getUsername();
$result['mail'] = $webUser->getEmail();
$info = $webUser->getInfo();
$result['firstName'] = $info['FirstName'];
$result['lastName'] = $info['LastName'];
$result['country'] = $info['Country'];
$result['gender'] = $info['Gender'];
$ticket_user = Ticket_User::constr_ExternId($result['target_id']);
$result['userPermission'] = $ticket_user->getPermission();
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$result['isAdmin'] = "TRUE";
}
$ticketlist = Ticket::getTicketsOf($ticket_user->getTUserId());
$result['ticketlist'] = Gui_Elements::make_table($ticketlist, array("getTId", "getTimestamp", "getTitle", "getStatus", "getStatusText", "getStatusText", "getCategoryName"), array("tId", "timestamp", "title", "status", "statustext", "statusText", "category"));
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the show_reply page.
* check if the person is allowed to see the reply, if not he'll be redirected to an error page.
* data regarding to the reply will be returned by this function that will be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_reply()
{
//if logged in
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
$result['reply_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$reply = new Ticket_Reply();
$reply->load_With_TReplyId($result['reply_id']);
$ticket = new Ticket();
$ticket->load_With_TId($reply->getTicket());
//check if the user is allowed to see the reply
if ($ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() && !$reply->getHidden() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$content = new Ticket_Content();
$content->load_With_TContentId($reply->getContent());
$author = new Ticket_User();
$author->load_With_TUserId($reply->getAuthor());
$result['hidden'] = $reply->getHidden();
$result['ticket_id'] = $reply->getTicket();
$result['reply_timestamp'] = $reply->getTimestamp();
$result['author_permission'] = $author->getPermission();
$result['reply_content'] = $content->getContent();
$result['author'] = $author->getExternId();
$webUser = new WebUsers($author->getExternId());
$result['authorName'] = $webUser->getUsername();
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$result['isMod'] = "TRUE";
}
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the sgroup_list page.
* check if the person who wants to view this page is a mod/admin, if this is not the case, he will be redirected to an error page.
* It will return all suppport groups information. Also if the $_GET['delete'] var is set and the user is an admin, he will delete a specific entry.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function sgroup_list()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn()) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
//if delete GET var is set and user is admin, then delete the groups entry.
if (isset($_GET['delete']) && Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
$result['delete'] = Support_Group::deleteSupportGroup($delete_id);
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=sgroup_list");
} else {
header("Location: " . $WEBPATH . "?page=sgroup_list");
}
throw new SystemExit();
}
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$result['isAdmin'] = "TRUE";
}
$result['grouplist'] = Gui_Elements::make_table(Support_Group::getGroups(), array("getSGroupId", "getName", "getTag", "getGroupEmail"), array("sGroupId", "name", "tag", "groupemail"));
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the createticket page.
* the $_GET['user_id'] identifies for which user you try to create a ticket. A normal user can only create a ticket for himself, a mod/admin however can also create tickets for other users.
* It will also load all categories and return these, they will be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function createticket()
{
//if logged in
if (WebUsers::isLoggedIn()) {
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
if (isset($_GET['user_id'])) {
//check if you are a mod/admin or you try to create a ticket for your own, if this is not the case redirect to error page
if ($_GET['user_id'] != $_SESSION['id'] && !ticket_user::isMod(unserialize($_SESSION['ticket_user']))) {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
} else {
//if user_id is given, then set it as the target_id
$result['target_id'] = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT);
}
} else {
//set session_id as target_id
$result['target_id'] = $_SESSION['id'];
}
if (Helpers::check_if_game_client()) {
//get all additional info, which is needed for adding the extra info page
$result[] = $_GET;
$result['ingame'] = true;
}
//create array of category id & names
$catArray = Ticket_Category::getAllCategories();
$result['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId");
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
$result['TITLE_ERROR'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is used in installing updates for plugins.
* It takes id of the plugin whose update is available using
* $_GET global variable and then extract the update details
* from db and then install it in the plugin.
*
* @author Shubham Meena, mentored by Matthew Lagoe
*/
function update_plugin()
{
// if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_GET['id'])) {
// id of plugin to update
$id = filter_var($_GET['id'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$db = new DBLayer('lib');
$sth = $db->executeWithoutParams("SELECT * FROM plugins INNER JOIN updates ON plugins.Id=updates.PluginId Where plugins.Id={$id}");
$row = $sth->fetch();
// replacing update in the database
Plugincache::rrmdir($row['FileName']);
Plugincache::zipExtraction($row['UpdatePath'], rtrim($row['FileName'], strtolower($row['Name'])));
$db->update("plugins", array('Info' => $row['UpdateInfo']), "Id={$row['Id']}");
// deleting the previous update
$db->delete("updates", array('id' => $row['s.no']), "s.no=:id");
// if update is installed succesffully redirect to show success message
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=8");
throw new SystemExit();
}
}
}
/**
* This function is beign used to change the users password.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* If the executing user tries to change someone elses password, he doesn't has to fill in the previous password. The password will be validated first. If the checking was successful the password will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_password()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
$adminChangesOther = false;
//if target_id is the same as session id or is admin
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the password is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if the password is of someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
//isAdmin is true when it's the admin, but the target_id != own id
$adminChangesOther = true;
$_POST["CurrentPass"] = "******";
}
$webUser = new WebUsers($_POST['target_id']);
$params = array('user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
$result = $webUser->check_change_password($params);
if ($result == "success") {
//edit stuff into db
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$succresult = settings();
$status = WebUsers::setPassword($target_username, $_POST["NewPass"]);
if ($status == 'ok') {
$succresult['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$succresult['SUCCESS_PASS'] = "******";
}
}
$succresult['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$succresult['no_visible_elements'] = 'FALSE';
$succresult['username'] = $_SESSION['user'];
$succresult['target_id'] = $_POST['target_id'];
helpers::loadtemplate('settings', $succresult);
throw new SystemExit();
} else {
$result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
$result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
$result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$settings = settings();
$result = array_merge($result, $settings);
helpers::loadtemplate('settings', $result);
throw new SystemExit();
}
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is used in installing plugins or adding updates
* for previously installed plugins.
*
*/
function install_plugin()
{
$result = array();
// if logged in
if (WebUsers::isLoggedIn()) {
// path of temporary folder for storing files
$temp_path = "../../ams_lib/temp";
// create a temp directory if not exist
// temp folder where we first store all uploaded plugins before install
if (!file_exists("{$temp_path}")) {
mkdir($temp_path);
}
// checking the server if file is uploaded or not
if (isset($_FILES["file"]) && $_FILES["file"]["size"] > 0) {
$fileName = $_FILES["file"]["name"];
//the files name takes from the HTML form
$fileTmpLoc = $_FILES["file"]["tmp_name"];
//file in the PHP tmp folder
$dir = trim($_FILES["file"]["name"], ".zip");
$target_path = "../../ams_lib/plugins/{$dir}";
//path in which the zip extraction is to be done
$destination = "../../ams_lib/plugins/";
// scanning plugin folder if plugin with same name is already exists or not
$x = checkForUpdate($dir, $destination, $fileTmpLoc, $temp_path);
if ($x == '1') {
echo "update found";
throw new SystemExit();
} else {
if ($x == '2') {
echo "Plugin already exists with same name .";
throw new SystemExit();
} else {
if ($x == '3') {
echo "Update info is not present in the update";
throw new SystemExit();
}
}
}
// checking for the command to install plugin is given or not
if (!isset($_POST['install_plugin'])) {
if ($_FILES["file"]["type"] == 'application/zip') {
if (move_uploaded_file($fileTmpLoc, $temp_path . "/" . $fileName)) {
echo "{$fileName} upload is complete.</br>" . "<button type='submit' class='btn btn-primary' style='margin-left:5px; margin-top:10px;' name='install_plugin'>Install Plugin</button></br>";
throw new SystemExit();
} else {
echo "Error in uploading file.";
throw new SystemExit();
}
} else {
echo "Please select a file with .zip extension to upload.";
throw new SystemExit();
}
} else {
// calling function to unzip archives
if (zipExtraction($temp_path . "/" . $fileName, $destination)) {
if (file_exists($target_path . "/.info")) {
$result = readPluginFile(".info", $target_path);
// sending all info to the database
$install_result = array();
$install_result['FileName'] = $target_path;
$install_result['Name'] = $result['PluginName'];
$install_result['Type'] = $result['Type'];
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$install_result['Permission'] = 'admin';
} else {
$install_result['Permission'] = 'user';
}
$install_result['Info'] = json_encode($result);
// connection with the database
$dbr = new DBLayer("lib");
$dbr->insert("plugins", $install_result);
// if everything is successfull redirecting to the plugin template
header("Cache-Control: max-age=1");
header("Location: index.php?page=plugins&result=1");
throw new SystemExit();
} else {
// file .info not exists
rmdir($target_path);
header("Cache-Control: max-age=1");
header("Location: index.php?page=install_plugin&result=2");
throw new SystemExit();
}
} else {
// extraction failed
header("Cache-Control: max-age=1");
header("Location: index.php?page=install_plugin&result=0");
throw new SystemExit();
}
}
} else {
echo "Please Browse for a file before clicking the upload button";
throw new SystemExit();
}
}
}
/**
* This function is beign used to load info that's needed for the show_ticket_log page.
* This page shows the logs related to a ticket: who created the ticket, who replied on it, who viewed it, assigned or forwarded it.
* Only mods/admins are able to browse the log though. The found information is returned so it can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_ticket_log()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
//only allow admins to browse the log!
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
$result['ticket_title'] = $target_ticket->getTitle();
//return all logs related to a ticket.
$ticket_logs = Ticket_Log::getLogsOfTicket($result['ticket_id']);
$log_action_array = Ticket_Log::getActionTextArray();
//fetch information about each returned ticket in a format that is usable for the template
$result['ticket_logs'] = Gui_Elements::make_table($ticket_logs, array("getTLogId", "getTimestamp", "getAuthor()->getExternId", "getAction", "getArgument()"), array("tLogId", "timestamp", "authorExtern", "action", "argument"));
$i = 0;
//for each ticket add action specific informaton to the to-be-shown text: uses the query_backpart
foreach ($result['ticket_logs'] as $log) {
$webUser = new WebUsers($log['authorExtern']);
$author = $webUser->getUsername();
$result['ticket_logs'][$i]['author'] = $author;
$query_backpart = "";
if ($log['action'] == 2) {
$webUser2 = new WebUsers($log['argument']);
$query_backpart = $webUser2->getUsername();
} else {
if ($log['action'] == 4) {
if (Helpers::check_if_game_client()) {
$query_backpart = "<a href='" . $INGAME_WEBPATH . "?page=show_reply&id=" . $log['argument'] . "'>ID#" . $log['argument'] . "</a>";
} else {
$query_backpart = "<a href='" . $WEBPATH . "?page=show_reply&id=" . $log['argument'] . "'>ID#" . $log['argument'] . "</a>";
}
} else {
if ($log['action'] == 5) {
$statusArray = Ticket::getStatusArray();
$query_backpart = $statusArray[$log['argument']];
} else {
if ($log['action'] == 6) {
$priorityArray = Ticket::getPriorityArray();
$query_backpart = $priorityArray[$log['argument']];
} else {
if ($log['action'] == 8) {
if (Helpers::check_if_game_client()) {
$query_backpart = "<a href='" . $INGAME_WEBPATH . "?page=show_sgroupy&id=" . $log['argument'] . "'>" . Support_Group::getGroup($log['argument'])->getName() . "</a>";
} else {
$query_backpart = "<a href='" . $WEBPATH . "?page=show_sgroupy&id=" . $log['argument'] . "'>" . Support_Group::getGroup($log['argument'])->getName() . "</a>";
}
}
}
}
}
}
$result['ticket_logs'][$i]['query'] = $author . " " . $log_action_array[$log['action']] . " " . $query_backpart;
$result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
$i++;
}
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$result['isMod'] = "TRUE";
}
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the show_sgroup page.
* check if the person browsing this page is a mod/admin, if not he'll be redirected to an error page.
* if the $_GET['delete'] var is set and the user executing is an admin, an entry will be deleted out of the support group.
* A list of users that are member of the group will be returned, which can be used by the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_sgroup()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in
if (WebUsers::isLoggedIn()) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if (isset($_GET['id'])) {
//['target_id'] holds the id of the group!
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
//if the $_GET['delete'] var is set and the user executing is an admin, an entry will be deleted out of the support group.
if (isset($_GET['delete']) && Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
$result['delete'] = Support_Group::deleteUserOfSupportGroup($delete_id, $result['target_id']);
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header("Location: " . $INGAME_WEBPATH . "?page=show_sgroup&id=" . $result['target_id']);
} else {
header("Location: " . $WEBPATH . "?page=show_sgroup&id=" . $result['target_id']);
}
throw new SystemExit();
}
if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) {
$result['isAdmin'] = "TRUE";
}
$group = Support_Group::getGroup($result['target_id']);
$result['groupsname'] = $group->getName();
$result['groupemail'] = $group->getGroupEmail();
$result['imap_mailserver'] = $group->getIMAP_MailServer();
$result['imap_username'] = $group->getIMAP_Username();
$result['userlist'] = Gui_Elements::make_table(Support_Group::getAllUsersOfSupportGroup($result['target_id']), array("getTUserId", "getPermission", "getExternId"), array("tUserId", "permission", "externId"));
$i = 0;
foreach ($result['userlist'] as $user) {
$webuser = new Webusers($user['externId']);
$result['userlist'][$i]['name'] = $webuser->getUsername();
$i++;
}
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
$result['teamlist'] = Gui_Elements::make_table(Ticket_User::getModsAndAdmins(), array("getTUserId", "getExternId"), array("tUserId", "externId"));
$i = 0;
foreach ($result['teamlist'] as $member) {
$web_teammember = new Webusers($member['externId']);
if (!In_Support_Group::userExistsInSGroup($member['externId'], $result['target_id'])) {
$result['users'][$i]['name'] = $web_teammember->getUsername();
}
$i++;
}
return $result;
} else {
//ERROR: No page specified!
$_SESSION['error_code'] = "404";
header("Cache-Control: max-age=1");
header("Location: ams?page=error");
throw new SystemExit();
}
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to load info that's needed for the show_ticket page.
* check if the person browsing this page is a mod/admin or the ticket creator himself, if not he'll be redirected to an error page.
* if the $_GET['action'] var is set and the user executing is a mod/admin, it will try to execute the action. The actions here are: forwarding of a ticket,
* assigning a ticket and unassigning a ticket. This function returns a lot of information that will be used by the template to show the ticket. Mods/admins will be able to
* also see hidden replies to a ticket.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_ticket()
{
//if logged in
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
$result['user_id'] = unserialize($_SESSION['ticket_user'])->getTUserId();
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if (isset($_POST['action'])) {
switch ($_POST['action']) {
case "forward":
$ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
$group_id = filter_var($_POST['group'], FILTER_SANITIZE_NUMBER_INT);
$result['ACTION_RESULT'] = Ticket::forwardTicket($result['user_id'], $ticket_id, $group_id);
break;
case "assignTicket":
$ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
$result['ACTION_RESULT'] = Ticket::assignTicket($result['user_id'], $ticket_id);
break;
case "unAssignTicket":
$ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
$result['ACTION_RESULT'] = Ticket::unAssignTicket($result['user_id'], $ticket_id);
break;
}
}
}
if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$show_as_admin = false;
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$show_as_admin = true;
}
$entire_ticket = Ticket::getEntireTicket($result['ticket_id'], $show_as_admin);
Ticket_Log::createLogEntry($result['ticket_id'], unserialize($_SESSION['ticket_user'])->getTUserId(), 3);
$result['ticket_tId'] = $entire_ticket['ticket_obj']->getTId();
$result['ticket_forwardedGroupName'] = $entire_ticket['ticket_obj']->getForwardedGroupName();
$result['ticket_forwardedGroupId'] = $entire_ticket['ticket_obj']->getForwardedGroupId();
$result['ticket_title'] = $entire_ticket['ticket_obj']->getTitle();
$result['ticket_timestamp'] = $entire_ticket['ticket_obj']->getTimestamp();
$result['ticket_status'] = $entire_ticket['ticket_obj']->getStatus();
$result['ticket_author'] = $entire_ticket['ticket_obj']->getAuthor();
$result['ticket_prioritytext'] = $entire_ticket['ticket_obj']->getPriorityText();
$result['ticket_priorities'] = Ticket::getPriorityArray();
$result['ticket_priority'] = $entire_ticket['ticket_obj']->getPriority();
$result['ticket_statustext'] = $entire_ticket['ticket_obj']->getStatusText();
$result['ticket_lastupdate'] = Gui_Elements::time_elapsed_string(Ticket::getLatestReply($result['ticket_id'])->getTimestamp());
$result['ticket_category'] = $entire_ticket['ticket_obj']->getCategoryName();
$webUser = new WebUsers(Assigned::getUserAssignedToTicket($result['ticket_tId']));
$result['ticket_assignedToText'] = $webUser->getUsername();
$result['ticket_assignedTo'] = Assigned::getUserAssignedToTicket($result['ticket_tId']);
$result['ticket_replies'] = Gui_Elements::make_table($entire_ticket['reply_array'], array("getTReplyId", "getContent()->getContent", "getTimestamp", "getAuthor()->getExternId", "getAuthor()->getPermission", "getHidden"), array("tReplyId", "replyContent", "timestamp", "authorExtern", "permission", "hidden"));
$i = 0;
global $FILE_WEB_PATH;
$result['FILE_WEB_PATH'] = $FILE_WEB_PATH;
global $BASE_WEBPATH;
$result['BASE_WEBPATH'] = $BASE_WEBPATH;
foreach ($result['ticket_replies'] as $reply) {
$webReplyUser = new WebUsers($reply['authorExtern']);
$result['ticket_replies'][$i]['author'] = $webReplyUser->getUsername();
$i++;
}
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$result['isMod'] = "TRUE";
$result['statusList'] = Ticket::getStatusArray();
$result['sGroups'] = Gui_Elements::make_table_with_key_is_id(Support_Group::getAllSupportGroups(), array("getName"), "getSGroupId");
}
$result['hasInfo'] = $target_ticket->hasInfo();
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
//get attachments
$result['ticket_attachments'] = Ticket::getAttachments($result['ticket_id']);
return $result;
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
<?php
require '../../config.php';
require_once $AMS_LIB . '/libinclude.php';
$id = $_POST['PHPSESSID'];
session_id($id);
session_start();
// Set permission
if (isset($_SESSION['ticket_user'])) {
$return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
} else {
// default permission
$return['permission'] = 0;
}
if (WebUsers::isLoggedIn() && isset($_GET['id'])) {
$ticket_id = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($ticket_id);
if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$fileParts = pathinfo($_FILES['Filedata']['name']);
Ticket::add_Attachment($_GET['id'], $_FILES['Filedata']['name'], $_SESSION['id'], $tempFile);
echo "Uploaded :" . $_FILES['Filedata']['name'];
} else {
echo "Upload Failed!";
}
echo "Upload Failed!";
}
echo "Upload Failed!";
}
/**
* This function is beign used to load info that's needed for the show_queue page.
* check if the person who wants to view this page is a mod/admin, if this is not the case, he will be redirected to an error page.
* if an action is set (this is done by $_GET['action']) it will try to execute it first, actions are: assign a ticket, unassign a ticket an create a queue.
* There are a few predefined queues which is the 'all tickets' queue, 'archive' queue, 'todo' queue, .. these are passed by $_GET['get'].
* if $_GET['get'] = create; then it's a custom made queue, this will call the createQueue function which builds the query that we will later use to get the tickets.
* The tickets fetched will be returned and used in the template. Now why use POST and GET params here and have a createQueue function twice? Well the first time someone creates
* a queue the POST variables will be used, however after going to the next page it will use the GET params.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function show_queue()
{
global $INGAME_WEBPATH;
global $WEBPATH;
//if logged in & queue id is given
if (WebUsers::isLoggedIn() && isset($_GET['get'])) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
//the queue you want to see.
$result['queue_view'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
$user_id = unserialize($_SESSION['ticket_user'])->getTUserId();
$queueArray = array();
$queue_handler = new Ticket_Queue_handler();
//Pagination Base Links
if (Helpers::check_if_game_client()) {
$result['pagination_base_link'] = $INGAME_WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
} else {
$result['pagination_base_link'] = $WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
}
//form url to keep the getters constant
if (Helpers::check_if_game_client()) {
$result['getURL'] = $INGAME_WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
} else {
$result['getURL'] = $WEBPATH . "?page=show_queue&get=" . $result['queue_view'];
}
if (isset($_GET['pagenum'])) {
$result['getURL'] = $result['getURL'] . "&pagenum=" . $_GET['pagenum'];
}
if (isset($_GET['get']) && $_GET['get'] == "create" && isset($_GET['userid']) && isset($_GET['groupid']) && isset($_GET['what']) && isset($_GET['how']) && isset($_GET['who'])) {
$userid = filter_var($_GET['userid'], FILTER_SANITIZE_NUMBER_INT);
$groupid = filter_var($_GET['groupid'], FILTER_SANITIZE_NUMBER_INT);
$what = filter_var($_GET['what'], FILTER_SANITIZE_STRING);
$how = filter_var($_GET['how'], FILTER_SANITIZE_STRING);
$who = filter_var($_GET['who'], FILTER_SANITIZE_STRING);
//create the custom queue
$queue_handler->CreateQueue($userid, $groupid, $what, $how, $who);
if (Helpers::check_if_game_client()) {
$result['pagination_base_link'] = $INGAME_WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
} else {
$result['pagination_base_link'] = $WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
}
$result['prev_created_userid'] = $userid;
$result['prev_created_groupid'] = $groupid;
$result['prev_created_what'] = $what;
$result['prev_created_how'] = $how;
$result['prev_created_who'] = $who;
$result['getURL'] = $result['getURL'] . "&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
}
//if an action is set
if (isset($_POST['action'])) {
switch ($_POST['action']) {
case "assignTicket":
$ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
$result['ACTION_RESULT'] = Ticket::assignTicket($user_id, $ticket_id);
break;
case "unAssignTicket":
$ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT);
$result['ACTION_RESULT'] = Ticket::unAssignTicket($user_id, $ticket_id);
break;
case "create_queue":
$userid = filter_var($_POST['userid'], FILTER_SANITIZE_NUMBER_INT);
if (isset($_POST['groupid'])) {
$groupid = filter_var($_POST['groupid'], FILTER_SANITIZE_NUMBER_INT);
} else {
$groupid = 0;
}
$what = filter_var($_POST['what'], FILTER_SANITIZE_STRING);
$how = filter_var($_POST['how'], FILTER_SANITIZE_STRING);
$who = filter_var($_POST['who'], FILTER_SANITIZE_STRING);
//create the custom queue
$queue_handler->CreateQueue($userid, $groupid, $what, $how, $who);
if (Helpers::check_if_game_client()) {
$result['pagination_base_link'] = $INGAME_WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
} else {
$result['pagination_base_link'] = $WEBPATH . "?page=show_queue&get=create&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
}
$result['prev_created_userid'] = $userid;
$result['prev_created_groupid'] = $groupid;
$result['prev_created_what'] = $what;
$result['prev_created_how'] = $how;
$result['prev_created_who'] = $who;
$result['getURL'] = $result['getURL'] . "&userid=" . $userid . "&groupid=" . $groupid . "&what=" . $what . "&how=" . $how . "&who=" . $who;
break;
}
}
$queueArray = $queue_handler->getTickets($result['queue_view'], $user_id);
//pagination
$result['links'] = $queue_handler->getPagination()->getLinks(5);
$result['lastPage'] = $queue_handler->getPagination()->getLast();
$result['currentPage'] = $queue_handler->getPagination()->getCurrent();
//if queue_view is a valid parameter value
if ($queueArray != "ERROR") {
$result['tickets'] = Gui_Elements::make_table($queueArray, array("getTId", "getTitle", "getTimestamp", "getAuthor()->getExternId", "getTicket_Category()->getName", "getStatus", "getStatusText", "getAssigned", "getForwardedGroupName", "getForwardedGroupId"), array("tId", "title", "timestamp", "authorExtern", "category", "status", "statusText", "assigned", "forwardedGroupName", "forwardedGroupId"));
$i = 0;
foreach ($result['tickets'] as $ticket) {
$web_author = new WebUsers($ticket['authorExtern']);
$result['tickets'][$i]['author'] = $web_author->getUsername();
$web_assigned = new WebUsers($ticket['assigned']);
$result['tickets'][$i]['assignedText'] = $web_assigned->getUsername();
$result['tickets'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($ticket['timestamp']);
$i++;
}
$result['user_id'] = unserialize($_SESSION['ticket_user'])->getTUserId();
//Queue creator field info
$result['grouplist'] = Gui_Elements::make_table(Support_Group::getGroups(), array("getSGroupId", "getName"), array("sGroupId", "name"));
$result['teamlist'] = Gui_Elements::make_table(Ticket_User::getModsAndAdmins(), array("getTUserId", "getExternId"), array("tUserId", "externId"));
$i = 0;
foreach ($result['teamlist'] as $member) {
$web_teammember = new Webusers($member['externId']);
$result['teamlist'][$i]['name'] = $web_teammember->getUsername();
$i++;
}
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
return $result;
} else {
//ERROR: Doesn't exist!
$_SESSION['error_code'] = "404";
header("Cache-Control: max-age=1");
header("Location: ams?page=error");
throw new SystemExit();
}
} else {
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: not logged in!
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* This function is beign used to create a new ticket.
* It will first check if the user who executed this function is the person of whom the setting is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* next it will filter the POST data and it will try to create the new ticket. Afterwards a redirecion to the ticket will occur.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function create_ticket()
{
//if logged in
global $INGAME_WEBPATH;
global $WEBPATH;
$return = array();
$error = false;
if (WebUsers::isLoggedIn() && isset($_SESSION['ticket_user'])) {
if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Title'])) < 2) {
$return = array_merge($_POST, $return);
$return['no_visible_elements'] = 'FALSE';
$catArray = Ticket_Category::getAllCategories();
$return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId");
$return['TITLE_ERROR_MESSAGE'] = "Title must not be blank!";
$return['TITLE_ERROR'] = true;
$error = true;
}
if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Content'])) < 2) {
$return = array_merge($_POST, $return);
$return['no_visible_elements'] = 'FALSE';
$catArray = Ticket_Category::getAllCategories();
$return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId");
$return['CONTENT_ERROR_MESSAGE'] = "Content must not be blank!";
$return['CONTENT_ERROR'] = true;
$error = true;
}
if ($error) {
helpers::loadTemplate('createticket', $return);
throw new SystemExit();
}
if (isset($_POST['target_id'])) {
//if target_id is the same as session id or is admin
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
try {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the ticket is being made for the executing user himself
$author = unserialize($_SESSION['ticket_user'])->getTUserId();
} else {
//if a mod tries to make a ticket for someone else
$author = Ticket_User::constr_ExternId($_POST['target_id'])->getTUserId();
}
//create the ticket & return the id of the newly created ticket.
$ticket_id = Ticket::create_Ticket($title, $content, $category, $author, unserialize($_SESSION['ticket_user'])->getTUserId(), 0, $_POST);
//redirect to the new ticket.
if (Helpers::check_if_game_client()) {
header("Cache-Control: max-age=1");
header("Location: " . $INGAME_WEBPATH . "?page=show_ticket&id=" . $ticket_id);
} else {
header("Cache-Control: max-age=1");
header("Location: " . $WEBPATH . "?page=show_ticket&id=" . $ticket_id);
throw new SystemExit();
}
} catch (PDOException $e) {
//ERROR: LIB DB is not online!
print_r($e);
throw new SystemExit();
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=createticket");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
}
/**
* Handles the language specific aspect.
* The language can be changed by setting the $_GET['Language'] & $_GET['setLang'] together. This will also change the language entry of the user in the db.
* Cookies are also being used in case the user isn't logged in.
*
* @return returns the parsed content of the language .ini file related to the users language setting.
*/
public static function handle_language()
{
global $DEFAULT_LANGUAGE;
global $AMS_TRANS;
// if user wants to change the language
if (isset($_GET['Language']) && isset($_GET['setLang'])) {
// The ingame client sometimes sends full words, derive those!
switch ($_GET['Language']) {
case "English":
$lang = "en";
break;
case "French":
$lang = "fr";
break;
default:
$lang = $_GET['Language'];
}
// if the file exists en the setLang = true
if (file_exists($AMS_TRANS . '/' . $lang . '.ini') && $_GET['setLang'] == "true") {
// set a cookie & session var and incase logged in write it to the db!
setcookie('Language', $lang, time() + 60 * 60 * 24 * 30);
$_SESSION['Language'] = $lang;
if (WebUsers::isLoggedIn()) {
WebUsers::setLanguage($_SESSION['id'], $lang);
}
} else {
$_SESSION['Language'] = $DEFAULT_LANGUAGE;
}
} else {
// if the session var is not set yet
if (!isset($_SESSION['Language'])) {
// check if a cookie already exists for it
if (isset($_COOKIE['Language'])) {
$_SESSION['Language'] = $_COOKIE['Language'];
// else use the default language
} else {
$_SESSION['Language'] = $DEFAULT_LANGUAGE;
}
}
}
if ($_SESSION['Language'] == "") {
$_SESSION['Language'] = $DEFAULT_LANGUAGE;
}
return parse_ini_file($AMS_TRANS . '/' . $_SESSION['Language'] . '.ini', true);
}
/**
* This function is beign used to change the users emailaddress info.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* The emailaddress will be validated first. If the checking was successful the email will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_mail()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
//check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin.
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the email is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if its from someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
}
$webUser = new WebUsers($_POST['target_id']);
//check if emailaddress is valid.
$reply = $webUser->checkEmail($_POST['NewEmail']);
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$result = settings();
if ($reply != "success") {
$result['EMAIL_ERROR'] = 'TRUE';
} else {
$result['EMAIL_ERROR'] = 'FALSE';
}
$result['prevNewEmail'] = filter_var($_POST["NewEmail"], FILTER_SANITIZE_EMAIL);
if ($reply == "success") {
//if validation was successful, update the emailaddress
$status = WebUsers::setEmail($target_username, filter_var($_POST["NewEmail"], FILTER_SANITIZE_EMAIL));
if ($status == 'ok') {
$result['SUCCESS_MAIL'] = "OK";
} else {
if ($status == 'shardoffline') {
$result['SUCCESS_MAIL'] = "SHARDOFF";
}
}
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if (isset($_GET['id'])) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_POST['target_id'] != $_SESSION['id']) {
$result['isMod'] = "TRUE";
}
}
helpers::loadtemplate('settings', $result);
throw new SystemExit();
} else {
$result['EMAIL'] = $reply;
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if (isset($_GET['id'])) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_POST['target_id'] != $_SESSION['id']) {
$result['isMod'] = "TRUE";
}
}
$result['CEMAIL_ERROR'] = true;
helpers::loadtemplate('settings', $result);
throw new SystemExit();
}
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correctly
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to change the users personal info.
* It will first check if the user who executed this function is the person of whom the information is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* afterwards the current info will be loaded, which will be used to determine what to update. After updating the information, the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_info()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
// check if the user who executed this function is the person of whom the information is or if it's a mod/admin.
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the info is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if the info is from someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
}
$webUser = new WebUsers($_POST['target_id']);
//use current info to check for changes
$current_info = $webUser->getInfo();
$current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING);
$current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING);
$current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING);
$current_info['Gender'] = filter_var($current_info['Gender'], FILTER_SANITIZE_NUMBER_INT);
$updated = false;
$values = array();
$values['user'] = $target_username;
//make the query that will update the data.
$query = "UPDATE ams_user SET ";
if ($_POST['FirstName'] != "" && $_POST['FirstName'] != $current_info['FirstName']) {
$query = $query . "FirstName = :fName ";
$updated = true;
$values['fName'] = filter_var($_POST['FirstName'], FILTER_SANITIZE_STRING);
}
if ($_POST['LastName'] != "" && $_POST['LastName'] != $current_info['LastName']) {
if ($updated) {
$query = $query . ", LastName = :lName ";
} else {
$query = $query . "LastName = :lName ";
}
$updated = true;
$values['lName'] = filter_var($_POST['LastName'], FILTER_SANITIZE_STRING);
}
if ($_POST['Country'] != "AA" && $_POST['Country'] != $current_info['Country']) {
if ($updated) {
$query = $query . ", Country = :country ";
} else {
$query = $query . "Country = :country ";
}
$updated = true;
$values['country'] = filter_var($_POST['Country'], FILTER_SANITIZE_STRING);
}
if ($_POST['Gender'] != $current_info['Gender']) {
if ($updated) {
$query = $query . ", Gender = :gender ";
} else {
$query = $query . "Gender = :gender ";
}
$updated = true;
$values['gender'] = filter_var($_POST['Gender'], FILTER_SANITIZE_NUMBER_INT);
}
//finish the query!
$query = $query . "WHERE Login = :user";
//if some field is update then:
if ($updated) {
//execute the query in the web DB.
$dbw = new DBLayer("web");
$dbw->execute($query, $values);
}
//reload the settings inc function before recalling the settings template.
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$result = settings();
if ($updated) {
$result['info_updated'] = "OK";
}
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['username'] = $_SESSION['user'];
$result['no_visible_elements'] = 'FALSE';
$result['target_id'] = $_POST['target_id'];
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
helpers::loadtemplate('settings', $result);
throw new SystemExit();
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
