function subscribe($VAR) { $LIMIT_SECONDS = 120; global $C_debug, $C_translate; ### Include the validation class include_once PATH_CORE . 'validate.inc.php'; ### store the details in a temporary database, and email the user ### a link with the time() string from the creation date of the ### record ### Check that the required variables are set: if (!isset($VAR['newsletter_id']) || gettype($VAR['newsletter_id']) != 'array') { if (isset($VAR['newsletter_type'])) { #ERROR! $C_debug->alert($C_translate->translate('subscribe_newsletter_req', 'newsletter', '')); return; } else { return; } } $newsletter_id = @$VAR['newsletter_id']; if (isset($VAR['newsletter_html'])) { $html = 1; } else { $html = 0; } if (isset($VAR['newsletter_type'])) { if (empty($VAR['newsletter_first_name'])) { #### ERROR! if (isset($VAR['newsletter_type'])) { $C_debug->alert($C_translate->translate('subscribe_name_req', 'newsletter', '')); } return; } $validate = new CORE_validate(); if (empty($VAR['newsletter_email']) || !$validate->validate_email($VAR['newsletter_email'], '')) { ### ERROR! if (isset($VAR['newsletter_type'])) { $C_debug->alert($C_translate->translate('subscribe_email_req', 'newsletter', '')); } return; } $first_name = @$VAR['newsletter_first_name']; $last_name = @$VAR['newsletter_last_name']; $email = @$VAR['newsletter_email']; } else { if (!isset($VAR['account_first_name']) || $VAR['account_first_name'] == '') { return; } $validate = new CORE_validate(); if (!isset($VAR['account_email']) || $validate->validate_email($VAR['account_email'], '') == false) { return; } $first_name = @$VAR['account_first_name']; $last_name = @$VAR['account_last_name']; $email = @$VAR['account_email']; } ### Check that this email has not been requested already ### In the last 60 seconds $db =& DB(); $sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND field1 = ' . $db->qstr($email); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { $limit = $result->fields['date_orig'] + $LIMIT_SECONDS; if ($limit > time()) { ### ERROR! if (isset($VAR['newsletter_type'])) { $error1 = $C_translate->translate("subscribe_spam_limit", "newsletter", ""); $error = ereg_replace('%limit%', "{$LIMIT_SECONDS}", $error1); $C_debug->alert($error); } return; } else { ### Delete the old request $sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND field1 = ' . $db->qstr($email); $db->Execute($sql); } } ##################################################### ### Ok to continue: $now = time(); $expire = time() + 86400 * 3; $data = serialize(array('html' => $html, 'email' => $email, 'first_name' => $first_name, 'last_name' => $last_name, 'newsletter_id' => $newsletter_id, 'var' => base64_encode(serialize(@$VAR['static_relation'])))); ##################################################### ### Create the temporary DB Record: $db =& DB(); $id = $db->GenID(AGILE_DB_PREFIX . "" . 'temporary_data_id'); $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'temporary_data SET site_id = ' . $db->qstr(DEFAULT_SITE) . ', id = ' . $db->qstr($id) . ', date_orig = ' . $db->qstr($now) . ', date_expire = ' . $db->qstr($expire) . ', field1 = ' . $db->qstr($email) . ', data = ' . $db->qstr($data); $result = $db->Execute($sql); ##################################################### ### Send the subscription confirmation email : $E['html'] = 0; $E['priority'] = 0; $E['to_email'] = $email; $E['to_name'] = $first_name; global $C_translate; $E['body_text'] = $C_translate->translate('subscribe_body', 'newsletter', ''); $E['subject'] = $C_translate->translate('subscribe_subj', 'newsletter', ''); $E['body_text'] = eregi_replace('%name%', $first_name, $E['body_text']); $E['body_text'] = eregi_replace('%email%', $email, $E['body_text']); $E['body_text'] = eregi_replace('%confirm_url%', URL . '?_page=newsletter:subscribe_confirm&email=' . $email . '&validate=' . $now, $E['body_text']); $E['body_text'] = eregi_replace('%site_name%', SITE_NAME, $E['body_text']); ##################################################### ### Get the setup email settings: $db =& DB(); $q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL); $setup_email = $db->Execute($q); if ($setup_email->fields['type'] == 0) { $type = 0; } else { $type = 1; $E['server'] = $setup_email->fields['server']; $E['account'] = $setup_email->fields['username']; $E['password'] = $setup_email->fields['password']; } $E['from_name'] = $setup_email->fields['from_name']; $E['from_email'] = $setup_email->fields['from_email']; ###################################################### ### SEND THE MESSAGE! require_once PATH_CORE . 'email.inc.php'; $email = new CORE_email(); if ($type == 0) { ### SEND THE MESSAGE $email->PHP_Mail($E); } else { ### SEND TEXT VERSION $email->SMTP_Mail($E); } ##################################################### ### Success message! if (isset($VAR['newsletter_type'])) { $message = $C_translate->translate('subscribe_confirm', 'newsletter', ''); $C_debug->alert($message); } }
function contact($VAR) { global $C_translate, $C_debug, $C_vars; ## Validate the required vars (account_id, message, subject) if (@$VAR['mail_email'] != "" && @$VAR['mail_name'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "") { include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); if (!$validate->validate_email($VAR['mail_email'], '')) { $C_debug->alert($C_translate->translate('validate_email', '', '')); $C_vars->strip_slashes_all(); return; } @($s = $VAR['mail_staff_id']); @($d = $VAR['mail_department_id']); if ($s > 0) { ## Nothing to do } else { if ($d > 0) { ## Verify the specified department && get the associated account: $db =& DB(); $sql = 'SELECT default_staff_id FROM ' . AGILE_DB_PREFIX . 'staff_department WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($d); $dept = $db->Execute($sql); if ($dept->RecordCount() == 0) { $C_debug->alert($C_translate->translate('error_dept_non_exist', 'staff', '')); $C_vars->strip_slashes_all(); return; } $s = $dept->fields['default_staff_id']; } else { ## staff/dept not specified $C_debug->alert($C_translate->translate('error_staff_dept', 'staff', '')); $C_vars->strip_slashes_all(); return; } } ## Verify the specified staff account && get the associated account: $db =& DB(); $sql = 'SELECT account_id FROM ' . AGILE_DB_PREFIX . 'staff WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($s); $staff = $db->Execute($sql); if ($staff->RecordCount() == 0) { $C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', '')); $C_vars->strip_slashes_all(); return; } $account_id = $staff->fields['account_id']; $sql = 'SELECT email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($account_id); $account = $db->Execute($sql); if ($account->RecordCount() == 0) { $C_debug->alert($C_translate->translate('error_staff_non_exist', 'staff', '')); $C_vars->strip_slashes_all(); return; } ### Validate any static vars, if defined $this->validated = true; if (!empty($VAR['static_relation'])) { require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form('staff', $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; # Get the fields and values and append to the message text... while (list($id, $value) = each($VAR['static_relation'])) { if (!empty($value) && !empty($id)) { # Get the name: $db =& DB(); $sql = "SELECT static_var_id FROM " . AGILE_DB_PREFIX . "static_relation WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE); $rs = $db->Execute($sql); $var_id = $rs->fields['static_var_id']; $sql = "SELECT name FROM " . AGILE_DB_PREFIX . "static_var WHERE\n\t\t\t\t\t\t\t\t id \t\t= " . $db->qstr($var_id) . " AND\n\t\t\t\t\t\t\t\t site_id \t= " . $db->qstr(DEFAULT_SITE); $rs = $db->Execute($sql); $name = $rs->fields['name']; $ul = preg_replace("/\\./", "-", $name); $VAR['mail_message'] .= "\r\n\r\n"; $VAR['mail_message'] .= "{$ul}"; $VAR['mail_message'] .= "\r\n"; $VAR['mail_message'] .= "{$name}"; $VAR['mail_message'] .= "\r\n"; $VAR['mail_message'] .= "{$ul}"; $VAR['mail_message'] .= "\r\n"; $VAR['mail_message'] .= "{$value}"; } } } } if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } global $C_vars; $C_vars->strip_slashes_all(); return; } ################################################################ ## OK to send the email: $E['from_html'] = true; $E['from_name'] = $VAR['mail_name']; $E['from_email'] = $VAR['mail_email']; $db =& DB(); $q = "SELECT * FROM " . AGILE_DB_PREFIX . "setup_email WHERE\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\tid = " . $db->qstr(DEFAULT_SETUP_EMAIL); $setup_email = $db->Execute($q); $E['priority'] = $VAR['mail_priority']; $E['html'] = '0'; $E['subject'] = $VAR['mail_subject']; $E['body_text'] = $VAR['mail_message']; $E['to_email'] = $account->fields['email']; $E['to_name'] = $account->fields['first_name']; if ($setup_email->fields['type'] == 0) { $type = 0; } else { $type = 1; $E['server'] = $setup_email->fields['server']; $E['account'] = $setup_email->fields['username']; $E['password'] = $setup_email->fields['password']; } if ($setup_email->fields['cc_list'] != '') { $E['cc_list'] = explode(',', $setup_email->fields['cc_list']); } if ($setup_email->fields['bcc_list'] != '') { $E['bcc_list'] = explode(',', $setup_email->fields['bcc_list']); } ### Call the mail() or smtp() function to send require_once PATH_CORE . 'email.inc.php'; $email = new CORE_email(); if ($type == 0) { $email->PHP_Mail($E); } else { $email->SMTP_Mail($E); } } else { ## Error message: $C_debug->alert($C_translate->translate('error_req_fields', 'staff', '')); $C_vars->strip_slashes_all(); return; } ## Success message: $C_debug->alert($C_translate->translate('mail_sent', 'staff', '')); # Stripslashes $C_vars->strip_slashes_all(); }
function user_add($VAR) { $this->construct(); global $C_debug, $C_translate, $C_vars, $smarty; ### Strip Slashes global $VAR; $C_vars->strip_slashes_all(); #################################################################### ### Check that the required fields are set: ### ticket_department_id, ticket_subject, ticket_body #################################################################### $fields = array('priority', 'department_id', 'subject', 'body'); for ($i = 0; $i < count($fields); $i++) { $field = $fields[$i]; $field_name = $this->table . '_' . $field; if (!isset($VAR["{$field_name}"]) || trim($VAR["{$field_name}"]) == "") { $this->val_error[] = array('field' => $this->table . '_' . $field, 'field_trans' => $C_translate->translate('field_' . $field, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form($this->module, $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; } ### Validate e-mail if (!SESS_LOGGED) { include_once PATH_CORE . 'validate.inc.php'; $C_validate = new CORE_validate(); if (empty($VAR['ticket_email'])) { $this->validated = false; $smarty->assign('ticket_email', true); $all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_any', "", "")); } elseif (!$C_validate->validate_email(@$VAR['ticket_email'], false)) { $this->validated = false; $smarty->assign('ticket_email', true); $all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_email', "", "")); } $this->email = $VAR['ticket_email']; } else { # Get the e-mail addy from the user's account $db =& DB(); $sql = 'SELECT email FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr(SESS_ACCOUNT); $result = $db->Execute($sql); $VAR['ticket_email'] = $result->fields['email']; $this->email = $result->fields['email']; } ################################################################### ### Check that the user is authorized for this department $db =& DB(); $sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'ticket_department WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($VAR['ticket_department_id']) . ' AND status = ' . $db->qstr('1'); $result = $db->Execute($sql); if ($result->RecordCount() == 0) { ################################################################### ### ERROR: The selected department is inactive or invalid $C_debug->alert($C_translate->translate('department_invalid', 'ticket', '')); return false; } global $C_auth; $i = 0; $dept_auth = false; while (!$result->EOF) { $arr = unserialize($result->fields['group_id']); if (!SESS_LOGGED) { ### Check if the specified department is authorized for the 'All Users' group (0): for ($i = 0; $i < count($arr); $i++) { if ($arr[$i] == '0') { $dept_auth = true; } } if (!$dept_auth) { $C_debug->alert($C_translate->translate('login_required', '', '')); return false; } } else { for ($i = 0; $i < count($arr); $i++) { if ($C_auth->auth_group_by_id($arr[$i])) { $dept_auth = true; } } } $result->MoveNext(); } if (!$dept_auth) { ################################################################### ### ERROR: The current user does not have access to the selected department! $C_debug->alert($C_translate->translate('department_not_auth', 'ticket', '')); return false; } else { #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } global $C_vars; $C_vars->strip_slashes_all(); return; } ################################################################### ### Assemble the SQL & Insert the ticket $db =& DB(); $id = $db->GenID(AGILE_DB_PREFIX . 'ticket_id'); $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'ticket SET site_id = ' . $db->qstr(DEFAULT_SITE) . ', id = ' . $db->qstr($id) . ', date_orig = ' . $db->qstr(time()) . ', date_last = ' . $db->qstr(time()) . ', date_expire = ' . $db->qstr(time() + 86400 * 7) . ', account_id = ' . $db->qstr(SESS_ACCOUNT) . ', department_id=' . $db->qstr($VAR['ticket_department_id']) . ', status = ' . $db->qstr(0) . ', last_reply = 0, priority = ' . $db->qstr($VAR['ticket_priority']) . ', subject = ' . $db->qstr($VAR['ticket_subject']) . ', email = ' . $db->qstr($VAR['ticket_email']) . ', body = ' . $db->qstr(htmlspecialchars($VAR['ticket_body'])); $result = $db->Execute($sql); # error reporting: if ($result === false) { global $C_debug; $C_debug->error('ticket.inc.php', 'user_add', $db->ErrorMsg()); return false; } ################################################################### ### Insert the static vars... $static_var->add($VAR, $this->module, $id); ################################################################### ### Mail the user the new_ticket email template require_once PATH_MODULES . 'email_template/email_template.inc.php'; $VAR['email'] = trim($this->email); $VAR['key'] = $this->key($this->email); $my = new email_template(); $my->send('ticket_user_add', $this->email, $id, '', ''); unset($VAR['key']); unset($VAR['email']); ################################################################### ### Get any staff members who should be mailed $db =& DB(); $sql = 'SELECT id,account_id,department_avail FROM ' . AGILE_DB_PREFIX . 'staff WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND notify_new = ' . $db->qstr("1"); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { while (!$result->EOF) { @($avail = unserialize($result->fields['department_avail'])); for ($i = 0; $i < count($avail); $i++) { if ($avail[$i] == $VAR['ticket_department_id']) { ################################################################### ### Mail staff members the new_ticket email template $my = new email_template(); $my->send('ticket_user_add_staff', $result->fields['account_id'], $id, $avail[$i], 'sql3'); $i = count($avail); } } $result->MoveNext(); } } } global $C_debug, $C_translate; $C_debug->alert($C_translate->translate('user_add_success', 'ticket', '')); }