function purgeticket($msg, $id = null) { global $db, $auth; // check id validity if (empty($id) || !isTicketId($id)) { return array('httpBadRequest', 'bad parameters'); } // fetch the ticket id $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); if ($DATA === false || isTicketExpired($DATA)) { return array('httpNotFound', 'not found'); } // check for permissions if (!$auth["admin"] && $DATA["user_id"] != $auth["id"]) { return array('httpUnauthorized', 'not authorized'); } // actually purge the ticket ticketPurge($DATA, false); return array(false, false); }
$sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); $DATA['pass'] = empty($_POST["pass"]) ? NULL : $_POST["pass"]; // trigger update hooks onTicketUpdate($DATA); return $DATA; } // fetch the ticket id and check for permissions $DATA = false; $id =& $_REQUEST['id']; if (empty($id) || !isTicketId($id)) { $id = false; } else { $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); if ($DATA === false || isTicketExpired($DATA) || !$auth["admin"] && $DATA["user_id"] != $auth["id"]) { $DATA = false; } } // handle update if ($DATA) { if (validateParams($ticketEditParams, $_POST)) { // if update succeeds, return to listings if (handleUpdate($id)) { $DATA = false; } } } // resulting page $src = array_key_exists(@$_REQUEST['src'], $pages) ? $_REQUEST['src'] : 'tlist'; if ($DATA === false) {
?> </th> <th data-sort="int" class="sorting-desc"><?php echo T_("Date"); ?> </th> <th data-sort="int"><?php echo T_("Expiration"); ?> </th> </tr> </thead> <tbody> <?php foreach ($db->query($sql) as $DATA) { if (isTicketExpired($DATA)) { continue; } $totalSize += $DATA["size"]; $our = $DATA["user_id"] == $auth["id"]; $class = "file expanded " . $DATA['id']; if ($our) { $class .= " our"; } echo "<tr class=\"{$class}\">"; // selection echo "<td><input class=\"element checkbox\" type=\"checkbox\" name=\"sel[]\" value=\"" . $DATA['id'] . "\"/></td>"; // tick echo '<td data-sort-value="' . ($DATA["downloads"] ? 1 : 0) . '">'; if ($DATA["downloads"]) { echo '<img title="' . T_("Successfully downloaded") . "\" src=\"{$style}/static/tick.png\"/>";
<?php // process a ticket require_once "ticketfuncs.php"; // try to fetch the ticket $id = $_REQUEST["t"]; if (!isTicketId($id)) { $id = false; $DATA = false; } else { $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); } $ref = "{$masterPath}?t={$id}"; if ($DATA === false || isTicketExpired($DATA)) { includeTemplate("{$style}/include/noticket.php", array('id' => $id)); exit; } // check for password if (hasPassHash($DATA) && !isset($_SESSION['t'][$id])) { if (!empty($_POST['p']) && checkPassHash('ticket', $DATA, $_POST['p'])) { // authorize the ticket for this session $_SESSION['t'][$id] = array('pass' => $_POST["p"]); } else { include "ticketp.php"; exit; } } // fix IE total crap by moving to a new location containing the resulting file // name in the URL (this could be improved for browsers known to work by // starting to send the file immediately)