/** * This function is beign used to load info that's needed for the createticket page. * the $_GET['user_id'] identifies for which user you try to create a ticket. A normal user can only create a ticket for himself, a mod/admin however can also create tickets for other users. * It will also load all categories and return these, they will be used by the template. * @author Daan Janssens, mentored by Matthew Lagoe */ function createticket() { //if logged in if (WebUsers::isLoggedIn()) { //in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id. if (isset($_GET['user_id'])) { //check if you are a mod/admin or you try to create a ticket for your own, if this is not the case redirect to error page if ($_GET['user_id'] != $_SESSION['id'] && !ticket_user::isMod(unserialize($_SESSION['ticket_user']))) { //ERROR: No access! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } else { //if user_id is given, then set it as the target_id $result['target_id'] = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT); } } else { //set session_id as target_id $result['target_id'] = $_SESSION['id']; } if (Helpers::check_if_game_client()) { //get all additional info, which is needed for adding the extra info page $result[] = $_GET; $result['ingame'] = true; } //create array of category id & names $catArray = Ticket_Category::getAllCategories(); $result['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId"); global $INGAME_WEBPATH; $result['ingame_webpath'] = $INGAME_WEBPATH; $result['TITLE_ERROR'] = $INGAME_WEBPATH; return $result; } else { //ERROR: not logged in! header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }
/** * This function is beign used to load info that's needed for the show_ticket page. * check if the person browsing this page is a mod/admin or the ticket creator himself, if not he'll be redirected to an error page. * if the $_GET['action'] var is set and the user executing is a mod/admin, it will try to execute the action. The actions here are: forwarding of a ticket, * assigning a ticket and unassigning a ticket. This function returns a lot of information that will be used by the template to show the ticket. Mods/admins will be able to * also see hidden replies to a ticket. * @author Daan Janssens, mentored by Matthew Lagoe */ function show_ticket() { //if logged in if (WebUsers::isLoggedIn() && isset($_GET['id'])) { $result['user_id'] = unserialize($_SESSION['ticket_user'])->getTUserId(); $result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT); $target_ticket = new Ticket(); $target_ticket->load_With_TId($result['ticket_id']); if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) { if (isset($_POST['action'])) { switch ($_POST['action']) { case "forward": $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT); $group_id = filter_var($_POST['group'], FILTER_SANITIZE_NUMBER_INT); $result['ACTION_RESULT'] = Ticket::forwardTicket($result['user_id'], $ticket_id, $group_id); break; case "assignTicket": $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT); $result['ACTION_RESULT'] = Ticket::assignTicket($result['user_id'], $ticket_id); break; case "unAssignTicket": $ticket_id = filter_var($_POST['ticket_id'], FILTER_SANITIZE_NUMBER_INT); $result['ACTION_RESULT'] = Ticket::unAssignTicket($result['user_id'], $ticket_id); break; } } } if ($target_ticket->getAuthor() == unserialize($_SESSION['ticket_user'])->getTUserId() || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) { $show_as_admin = false; if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) { $show_as_admin = true; } $entire_ticket = Ticket::getEntireTicket($result['ticket_id'], $show_as_admin); Ticket_Log::createLogEntry($result['ticket_id'], unserialize($_SESSION['ticket_user'])->getTUserId(), 3); $result['ticket_tId'] = $entire_ticket['ticket_obj']->getTId(); $result['ticket_forwardedGroupName'] = $entire_ticket['ticket_obj']->getForwardedGroupName(); $result['ticket_forwardedGroupId'] = $entire_ticket['ticket_obj']->getForwardedGroupId(); $result['ticket_title'] = $entire_ticket['ticket_obj']->getTitle(); $result['ticket_timestamp'] = $entire_ticket['ticket_obj']->getTimestamp(); $result['ticket_status'] = $entire_ticket['ticket_obj']->getStatus(); $result['ticket_author'] = $entire_ticket['ticket_obj']->getAuthor(); $result['ticket_prioritytext'] = $entire_ticket['ticket_obj']->getPriorityText(); $result['ticket_priorities'] = Ticket::getPriorityArray(); $result['ticket_priority'] = $entire_ticket['ticket_obj']->getPriority(); $result['ticket_statustext'] = $entire_ticket['ticket_obj']->getStatusText(); $result['ticket_lastupdate'] = Gui_Elements::time_elapsed_string(Ticket::getLatestReply($result['ticket_id'])->getTimestamp()); $result['ticket_category'] = $entire_ticket['ticket_obj']->getCategoryName(); $webUser = new WebUsers(Assigned::getUserAssignedToTicket($result['ticket_tId'])); $result['ticket_assignedToText'] = $webUser->getUsername(); $result['ticket_assignedTo'] = Assigned::getUserAssignedToTicket($result['ticket_tId']); $result['ticket_replies'] = Gui_Elements::make_table($entire_ticket['reply_array'], array("getTReplyId", "getContent()->getContent", "getTimestamp", "getAuthor()->getExternId", "getAuthor()->getPermission", "getHidden"), array("tReplyId", "replyContent", "timestamp", "authorExtern", "permission", "hidden")); $i = 0; global $FILE_WEB_PATH; $result['FILE_WEB_PATH'] = $FILE_WEB_PATH; global $BASE_WEBPATH; $result['BASE_WEBPATH'] = $BASE_WEBPATH; foreach ($result['ticket_replies'] as $reply) { $webReplyUser = new WebUsers($reply['authorExtern']); $result['ticket_replies'][$i]['author'] = $webReplyUser->getUsername(); $i++; } if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) { $result['isMod'] = "TRUE"; $result['statusList'] = Ticket::getStatusArray(); $result['sGroups'] = Gui_Elements::make_table_with_key_is_id(Support_Group::getAllSupportGroups(), array("getName"), "getSGroupId"); } $result['hasInfo'] = $target_ticket->hasInfo(); global $INGAME_WEBPATH; $result['ingame_webpath'] = $INGAME_WEBPATH; //get attachments $result['ticket_attachments'] = Ticket::getAttachments($result['ticket_id']); return $result; } else { //ERROR: No access! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } } else { //ERROR: not logged in! header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }
/** * This function is beign used to create a new ticket. * It will first check if the user who executed this function is the person of whom the setting is or if it's a mod/admin. If this is not the case the page will be redirected to an error page. * next it will filter the POST data and it will try to create the new ticket. Afterwards a redirecion to the ticket will occur. * @author Daan Janssens, mentored by Matthew Lagoe */ function create_ticket() { //if logged in global $INGAME_WEBPATH; global $WEBPATH; $return = array(); $error = false; if (WebUsers::isLoggedIn() && isset($_SESSION['ticket_user'])) { if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Title'])) < 2) { $return = array_merge($_POST, $return); $return['no_visible_elements'] = 'FALSE'; $catArray = Ticket_Category::getAllCategories(); $return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission(); $return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId"); $return['TITLE_ERROR_MESSAGE'] = "Title must not be blank!"; $return['TITLE_ERROR'] = true; $error = true; } if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Content'])) < 2) { $return = array_merge($_POST, $return); $return['no_visible_elements'] = 'FALSE'; $catArray = Ticket_Category::getAllCategories(); $return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission(); $return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId"); $return['CONTENT_ERROR_MESSAGE'] = "Content must not be blank!"; $return['CONTENT_ERROR'] = true; $error = true; } if ($error) { helpers::loadTemplate('createticket', $return); throw new SystemExit(); } if (isset($_POST['target_id'])) { //if target_id is the same as session id or is admin if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) { $category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT); $title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING); $content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING); try { if ($_POST['target_id'] == $_SESSION['id']) { //if the ticket is being made for the executing user himself $author = unserialize($_SESSION['ticket_user'])->getTUserId(); } else { //if a mod tries to make a ticket for someone else $author = Ticket_User::constr_ExternId($_POST['target_id'])->getTUserId(); } //create the ticket & return the id of the newly created ticket. $ticket_id = Ticket::create_Ticket($title, $content, $category, $author, unserialize($_SESSION['ticket_user'])->getTUserId(), 0, $_POST); //redirect to the new ticket. if (Helpers::check_if_game_client()) { header("Cache-Control: max-age=1"); header("Location: " . $INGAME_WEBPATH . "?page=show_ticket&id=" . $ticket_id); } else { header("Cache-Control: max-age=1"); header("Location: " . $WEBPATH . "?page=show_ticket&id=" . $ticket_id); throw new SystemExit(); } } catch (PDOException $e) { //ERROR: LIB DB is not online! print_r($e); throw new SystemExit(); header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } } else { //ERROR: permission denied! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } } else { //ERROR: The form was not filled in correclty header("Cache-Control: max-age=1"); header("Location: index.php?page=createticket"); throw new SystemExit(); } } else { //ERROR: user is not logged in header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }