protected function _tech_add()
{
global $user, $core;
gfatal();
if (!_auth_get('ticket_assign_tech') && !_auth_get('ticket_auto_assign')) {
_fatal();
}
$v = $this->__(array('ticket' => 0, 'tech'));
if (_auth_get('ticket_auto_assign') && !$user->v('is_founder') && $user->v('user_username') != $v['tech']) {
$this->_error('NO_ASSIGN_OTHER');
}
$sql = 'SELECT *
FROM _tickets t, _groups g
WHERE t.ticket_id = ?
AND t.ticket_group = g.group_id';
if (!($tdata = _fieldrow(sql_filter($sql, $v['ticket'])))) {
$this->_error('NOT_MEMBER_2');
}
$sql = 'SELECT user_id
FROM _members
WHERE user_username = ?';
$v['tech'] = _field(sql_filter($sql, $v['tech']), 'user_id', 0);
$sql = 'SELECT *
FROM _members
WHERE user_id = ?';
if (!($techdata = _fieldrow(sql_filter($sql, $v['tech'])))) {
$this->_error('NOT_MEMBER');
}
$sql = 'SELECT ticket_id
FROM _tickets
WHERE ticket_contact = ?
AND ticket_id = ?';
if ($row1 = _field(sql_filter($sql, $v['tech'], $v['ticket']), 'ticket_id', 0)) {
$this->_error('CANT_ASSIGN');
}
$sql = 'SELECT *
FROM _tickets_assign
WHERE user_id = ?
AND assign_ticket = ?';
if ($row2 = _fieldrow(sql_filter($sql, $v['tech'], $v['ticket']))) {
$this->_error('ALREADY_ASSIGN');
}
$sql = 'SELECT *
FROM _members
WHERE user_id = ?';
if (!($cdata = _fieldrow(sql_filter($sql, $tdata['ticket_contact'])))) {
$this->_error('NOT_MEMBER_3');
}
$sql_insert = array('assign_ticket' => $v['ticket'], 'user_id' => $v['tech'], 'assign_status' => $tdata['ticket_status'], 'assign_end' => 0);
$sql = 'INSERT INTO _tickets_assign' . _build_array('INSERT', $sql_insert);
_sql($sql);
// Send notification
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$ticket_subject = entity_decode($tdata['group_name'] . ' [#' . $tdata['ticket_code'] . ']: ' . $tdata['ticket_title']);
$ticket_message = entity_decode($tdata['ticket_text']);
$emailer->from($tdata['group_email'] . '@' . $core->v('domain'));
$emailer->email_address($techdata['user_email']);
$emailer->use_template('ticket_tech');
$emailer->set_subject($ticket_subject);
$emailer->assign_vars(array('USERNAME' => $techdata['user_username'], 'FULLNAME' => entity_decode(_fullname($cdata)), 'SUBJECT' => entity_decode($tdata['ticket_title']), 'MESSAGE' => $ticket_message, 'TICKET_URL' => _link($this->m(), array('x1' => 'view', 'code' => $tdata['ticket_code']))));
$emailer->send();
$emailer->reset();
return $this->e(_fullname($cdata));
}
public function home()
{
global $core, $user;
$tree = $this->valid_tree();
$v = $this->__(_array_keys(w('is_comment is_form'), 0));
// Form posting enabled and form submitted
if ($v['is_form'] && _button()) {
if (!is_ghost()) {
_fatal(405);
}
if (!$tree['tree_form']) {
_fatal();
}
$sql_fields = 'SELECT form_alias, form_required, form_legend, form_regex,
FROM _form_fields
WHERE form_tree = ?
ORDER BY form_order';
if (!($form = _rowset(sql_filter($sql_fields, $tree['tree_id']), 'form_alias'))) {
$form = _rowset(sql_filter($sql_fields, 0), 'form_alias');
}
$form['secure'] = array('form_required' => 1, 'form_regex' => '^([a-zA-Z]+)$', 'form_alias' => 'secure', 'form_type' => 'text', 'form_legend' => _lang('XCF_LEGEND'));
foreach ($form as $row) {
$v = array_merge($v, $this->__(array($row['form_alias'])));
if (!f($v[$row['form_alias']])) {
if ($row['form_required']) {
$this->_error(sprintf(_lang('E_COMMENT_FIELD_EMPTY'), $row['form_legend']), false);
}
continue;
}
if (f($row['form_regex']) && !preg_match('#' . $row['form_regex'] . '#is', $v[$row['form_alias']])) {
$this->_error(sprintf(_lang('E_COMMENT_FIELD_BAD'), $row['form_legend']), false);
if ($row['form_alias'] == 'secure') {
$v[$row['form_alias']] = '';
}
}
}
require_once XFS . 'core/xcf.php';
$xcf = new captcha();
if ($xcf->check($v['secure']) === false) {
$v['secure'] = '';
$this->_error('#E_COMMENT_INVALID_CAPTCHA');
}
unset($xcf);
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$emailer->set_decode(true);
$emailer->format('plain');
$emailer->from($v['address']);
$emailer->set_subject(_rm_acute($v['subject']));
$emailer->use_template('contact_email');
if (f($core->v('default_email'))) {
$tree['tree_form_email'] .= (f($tree['tree_form_email']) ? ';' : '') . $core->v('default_email');
}
$form_addresses = array_map('trim', array_unique(explode(';', $tree['tree_form_email'])));
foreach ($form_addresses as $i => $address) {
$row_f = !$i ? 'email_address' : 'cc';
$emailer->{$row_f}($address);
}
unset($v['secure']);
$content = w();
foreach ($form as $row) {
if (!f($v[$row['form_alias']])) {
continue;
}
$content[] = $row['form_legend'] . ":\n" . $v[$row['form_alias']];
}
$emailer->assign_vars(array('CONTENT' => implode("\n\n", $content), 'FORM_ARTICLE' => $tree['tree_subject']));
$emailer->send();
$emailer->reset();
$response = array('lang' => _lang('FORM_SUCCESS'));
$this->e(json_encode($response));
}
// Comment posting enabled and form submitted.
if ($v['is_comment'] && _button()) {
if (!$tree['tree_allow_comments']) {
_fatal();
}
$cv = $this->__(w('comment_username comment_address comment_website comment_message comment_security'));
$comment_time = time();
if (!$user->v('is_member')) {
foreach ($cv as $cv_k => $cv_v) {
if (!f($cv_v)) {
$this->error('E_COMMENT_FILL_FIELDS');
break;
}
}
if (!$this->errors()) {
$sql = 'SELECT comment_time
FROM _comments
WHERE comment_ip = ?
AND comment_status = 0';
if ($row_flood = _fieldrow(sql_filter($sql, $user->ip))) {
if ($comment_time - $row_flood['comment_time'] < 30) {
$this->error('E_COMMENT_FLOOD_TIME');
}
}
}
// CAPTCHA verification
require_once XFS . 'core/xcf.php';
$xcf = new captcha();
if ($xcf->check($cv['comment_security']) === false) {
$cv['comment_security'] = '';
$this->error('E_COMMENT_INVALID_CAPTCHA');
}
unset($xcf);
}
if (!$this->errors()) {
$approve_comments = !$user->v('is_member') ? $tree['tree_approve_comments'] : 1;
$sql_insert = array('tree' => (int) $tree['tree_id'], 'uid' => (int) $user->v('user_id'), 'username' => $cv['comment_username'], 'email' => $cv['comment_address'], 'website' => $cv['comment_website'], 'ip' => $user->ip, 'status' => (int) $approve_comments, 'time' => (int) $comment_time, 'message' => $cv['comment_message']);
$sql = 'INSERT INTO _comments' . _build_array('INSERT', prefix('comment', $sql_insert));
_sql($sql);
if ($approve_comments) {
$sql = 'UPDATE _tree SET tree_comments = tree_comments + 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $tree['tree_id']));
}
// Send new comment email notification for approval.
if (!$approve_comments) {
unset($cv['comment_security']);
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$emailer->from($cv['comment_address']);
$emailer->use_template('comment_approval');
if (f($tree['tree_form_email'])) {
$tree['tree_form_email'] = $core->v('default_comments_email');
}
foreach (explode(';', $tree['tree_form_email']) as $i => $row) {
$row_f = !$i ? 'email_address' : 'cc';
$emailer->{$row_f}($row);
}
$input = w();
foreach ($cv as $row_k => $row_v) {
if (!f($row_v)) {
continue;
}
if ($row_k == 'comment_message') {
$row_v = str_replace("\r\n", '<br />', $row_v);
}
$input[] = '< ' . $row_v;
}
$emailer->assign_vars(array('U_APPROVAL' => _link(_rewrite($tree), array('x1' => 'comments')), 'INPUT_FIELDS' => implode('<br /><br />', $input), 'FROM_USERNAME' => $cv['comment_username']));
$emailer->send();
$emailer->reset();
}
redirect(_link(_rewrite($tree)));
}
if ($this->errors()) {
if (is_ghost()) {
$this->e('!');
}
_style('comments_error', array('MESSAGE' => $this->get_errors()));
}
}
//
if (f($tree['tree_redirect'])) {
if (preg_match('#^[a-z0-9\\-\\_]+$#is', $tree['tree_redirect'])) {
$tree['tree_redirect'] = _link($tree['tree_redirect']);
}
redirect($tree['tree_redirect']);
}
//
if ($tree['tree_parent']) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
$parent = _fieldrow(sql_filter($sql, $tree['tree_parent']));
if ($tree['tree_level'] > 2) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
$subparent = _fieldrow(sql_filter($sql, $parent['tree_parent']));
}
}
if ($tree['tree_node']) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
$node = _fieldrow(sql_filter($sql, $tree['tree_node']));
}
//
if (@method_exists($this, 'cf_' . _rewrite($tree))) {
$this->{'cf_' . _rewrite($tree)}($tree);
}
//
$sql = 'SELECT *
FROM _tree
WHERE tree_parent = ?
AND tree_child_hide = 0
ORDER BY ??';
$childs = _rowset(sql_filter($sql, $tree['tree_id'], $this->child_order($tree)));
foreach ($childs as $i => $row) {
if (!$i) {
$sql = 'SELECT image_id, image_tree, image_extension
FROM _images
WHERE image_tree IN (??)
ORDER BY RAND()';
$images_child = _rowset(sql_filter($sql, _implode(',', array_keys($childs))), 'tree_id');
_style('tree_child1', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0))));
}
_style('tree_child.row', array('ITEM' => $row['tree_id'], 'URL' => _link(_rewrite($row)), 'SUBJECT' => $row['tree_subject'], 'CONTENT' => $row['tree_content'], 'EDITED' => _format_date($row['tree_edited']), 'IMAGE' => isset($images_child[$row['tree_id']]) ? $images_child[$row['tree_id']]['image_id'] . '.' . $images_child[$row['tree_id']]['image_extension'] : 'default.gif'));
}
// Comments
if ($tree['tree_allow_comments'] && $tree['tree_comments']) {
$sql = 'SELECT c.comment_id, c.comment_username, c.comment_website, c.comment_time, c.comment_message, m.user_username
FROM _comments c, _members m
WHERE c.comment_tree = ?
AND c.comment_status = 1
AND c.comment_uid = m.user_id
ORDER BY c.comment_time DESC';
$comments = _rowset(sql_filter($sql, $tree['tree_id']));
foreach ($comments as $i => $row) {
if (!$i) {
_style('comments');
}
_style('comments.row', array('ID' => $row['comment_id'], 'SUSERNAME' => $row['user_username'], 'USERNAME' => $row['comment_username'], 'WEBSITE' => $row['comment_website'], 'TIME' => _format_date($row['comment_time']), 'MESSAGE' => str_replace("\n", '<br />', $row['comment_message'])));
}
}
//
if ($this->css_parent($tree)) {
$sql = 'SELECT *
FROM _tree
WHERE tree_parent = ?
AND tree_child_hide = 0
ORDER BY ??';
$childs_parent = _rowset(sql_filter($sql, $this->css_var($tree), $this->child_order($tree)));
foreach ($childs_parent as $i => $row) {
if (!$i) {
$sql = 'SELECT image_id, image_tree, image_extension
FROM _images
WHERE image_tree IN (??)
ORDER BY RAND()';
$images_child_parent = _rowset(sql_filter($sql, _implode(',', array_keys($childs_parent))), 'tree_id');
_style('tree_child', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0))));
}
_style('tree_child_parent.row', array('ITEM' => $row['tree_id'], 'URL' => _link(_rewrite($row)), 'TITLE' => $row['tree_subject'], 'IMAGE' => isset($images_child_parent[$row['tree_id']]) ? $images_child_parent[$row['tree_id']]['image_id'] . '.' . $images_child_parent[$row['tree_id']]['image_extension'] : 'default.gif'));
}
}
if ($tree['tree_downloads']) {
$sql = 'SELECT *
FROM _downloads
WHERE download_tree = ?
ORDER BY download_order';
$downloads = _rowset(sql_filter($sql, $tree['tree_id']));
foreach ($downloads as $i => $row) {
if (!$i) {
_style('downloads', array('ORDER_URL' => _link($tree['tree_id'], array('orderd', 0, 0, 0, 0))));
}
_style('downloads.row', array('ITEM' => $row['download_id'], 'DOWNLOAD' => _link('get', $row['download_alias'] . '.' . $row['download_extension']), 'TITLE' => $row['download_title']));
}
}
//
if ($tree['tree_form']) {
$sql = 'SELECT *
FROM _form_fields
WHERE form_tree = ?
ORDER BY form_order';
$form = _rowset(sql_filter($sql, $tree['tree_id']), 'form_alias');
if (!count($form)) {
$sql = 'SELECT *
FROM _form_fields
WHERE form_tree = 0
ORDER BY form_order';
$form = _rowset($sql, 'form_alias');
}
$form['secure'] = array('form_required' => 1, 'form_regex' => '^([a-zA-Z]+)$', 'form_alias' => 'secure', 'form_type' => 'text', 'form_legend' => 'Imagen de seguridad');
_style('form', array('URL' => _link(_rewrite($tree))));
foreach ($form as $row) {
_style('form.row', array('ALIAS' => $row['form_alias'], 'REQUIRED' => $row['form_required'], 'LEGEND' => _lang($row['form_legend']), 'TYPE' => $row['form_type'], 'PAGE' => $tree['tree_alias']));
foreach ($row as $row_k => $row_v) {
if (preg_match('#^form_(alias|type)$#is', $row_k)) {
if ($row_k == 'form_alias') {
$row_k = 'name';
}
_style('form.row.attrib', array('ATTRIB' => str_replace('form_', '', $row_k), 'VALUE' => $row_v));
}
}
}
}
$s_css_page = '';
if (@file_exists('./style/css/_tree_' . _rewrite($tree) . '.css')) {
$s_css_page = _rewrite($tree) . '/';
} elseif ($this->css_parent($tree)) {
if (!f($tree['tree_css_var'])) {
$tree['tree_css_var'] = 'parent';
}
$ary_css_var = false;
switch ($tree['tree_css_var']) {
case 'parent':
case 'subparent':
case 'node':
$ary_css_var = ${$tree['tree_css_var']};
break;
default:
if (is_numb($tree['tree_css_var'])) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
if ($css_var_row = _fieldrow(sql_filter($sql, $tree['tree_css_var']))) {
$ary_css_var = $css_var_row;
}
}
break;
}
if ($ary_css_var !== false) {
$s_css_page = _rewrite($ary_css_var) . '/';
}
}
v_style(array('S_IMAGES' => $core->v('address') . 'container/images/a_' . ($this->css_parent($tree) ? $this->css_var($tree) : $tree['tree_id']) . '/', 'V_TREE' => $tree['tree_id'], 'V_CSS' => $s_css_page, 'V_SUBJECT' => $tree['tree_subject'], 'V_CONTENT' => _message($tree['tree_content']), 'V_COMMENTS' => $tree['tree_comments'], 'V_ALLOW_COMMENTS' => $tree['tree_allow_comments'], 'V_ALLOW_FORM' => $tree['tree_form'], 'U_COMMENTS' => _link(_rewrite($tree)), 'U_XCF' => _link(_rewrite($tree) . '-xs.jpg', false, false)));
$tree['tree_subject'] = strip_tags($tree['tree_subject']);
//
if ($tree['tree_alias'] != 'home') {
if ($node['tree_id'] != $parent['tree_id']) {
$this->navigation($node['tree_subject'], _rewrite($node));
}
if ($tree['tree_level'] > 2) {
if ($parent['tree_id'] && $node['tree_id'] && $tree['tree_level'] > 3) {
$this->navigation('...');
}
$this->navigation($subparent['tree_subject'], _rewrite($subparent));
}
if ($parent['tree_id']) {
$this->navigation($parent['tree_subject'], _rewrite($parent));
}
$this->navigation($tree['tree_subject'], _rewrite($tree));
}
if ($user->v('is_member')) {
$tree['tree_cp'] = 1;
$i = 0;
$auth_tree = array('create', 'modify', 'remove');
foreach ($auth_tree as $row) {
if (_auth_get('cp_' . $row)) {
if (!$i) {
_style('auth');
}
_style('auth.row', array('U_AUTH' => _link('cp', array($row, _rewrite($tree))), 'V_NAME' => _lang('CP_AUTH_' . $row)));
$i++;
}
}
}
//
$this->_template('tree');
if (f($tree['tree_template']) && @file_exists('./style/custom/' . $tree['tree_template'] . '.htm')) {
$this->_template('custom/' . $tree['tree_template']);
}
// TODO: 304 header response
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tree['tree_edited']) . ' GMT');
return;
}
$menu = array_map('trim', @file('./base/tree'));
$i = 0;
foreach ($menu as $row) {
if (substr($row, 0, 1) == '#') {
continue;
}
preg_match('#^\\*{0,} (.*?) <(.*?)>$#i', $row, $row_key);
$row_level = strripos($row, '*') + 1;
$row_mod = array(dvar(array_key(explode('/', $row_key[2]), 1), 'home'));
if ($row_level > 1) {
$v_row_mod = array_key(explode(':', array_key(explode('.', array_key(explode('/', $row_key[2]), 2)), 0)), 1);
if (f($v_row_mod)) {
$row_mod[] = $v_row_mod;
}
}
if (!_auth_get(implode('_', $row_mod))) {
continue;
}
if (!$i) {
_style('tree');
}
_style('tree.row' . ($row_level > 1 ? '.sub' . ($row_level - 1) : ''), array('V_NAME' => trim(str_replace('*', '', $row_key[1])), 'V_LINK' => _link() . substr($row_key[2], 1)));
$i++;
}
}
//
// Output template
$page_smodule = 'CONTROL_' . $mod;
if (is_lang($page_smodule)) {
$module->page_title($page_smodule);
}
public final function auth_access($uid = false)
{
global $user;
if ($uid === false) {
$uid = $user->v('user_id');
}
if ($user->auth_founder($uid)) {
return true;
}
return _auth_get($this->m());
}
public function auth($a)
{
return _auth_get($a);
}
protected function _authorize_value()
{
gfatal();
global $user, $core;
$v = $this->__(array('uid' => 0, 'f' => 0));
$sql = 'SELECT user_id
FROM _members
WHERE user_id = ?';
if (!_fieldrow(sql_filter($sql, $v['uid']))) {
$this->_error('#TICKET_NOT_MEMBER');
}
$sql = 'SELECT field_id
FROM _members_auth_fields
WHERE field_id = ?';
if (!_fieldrow(sql_filter($sql, $v['f']))) {
$this->_error('#FIELD_NO_EXISTS');
}
if (!$user->v('is_founder') && !_auth_get('contacts_auth_update') && $user->v('user_id') != $v['uid']) {
$this->_error('#NOT_AUTH');
}
$sql = 'SELECT *
FROM _members_auth
WHERE auth_uid = ?
AND auth_field = ?';
if (!_fieldrow(sql_filter($sql, $v['uid'], $v['f']))) {
$sql_insert = array('uid' => $v['uid'], 'field' => $v['f'], 'value' => 1);
$sql = 'INSERT INTO _members_auth' . _build_array('INSERT', prefix('auth', $sql_insert));
} else {
$sql = 'DELETE FROM _members_auth
WHERE auth_uid = ?
AND auth_field = ?';
$sql = sql_filter($sql, $v['uid'], $v['f']);
}
_sql($sql);
$core->cache_unload();
return $this->e('~OK');
}
