function log($priority, $title, $message, $alert = true)
{
global $cfg;
switch ($priority) {
//We are providing only 3 levels of logs. Windows style.
case LOG_EMERG:
case LOG_ALERT:
case LOG_CRIT:
case LOG_ERR:
$level = 1;
if ($alert) {
Sys::alertAdmin($title, $message);
}
break;
case LOG_WARN:
case LOG_WARNING:
//Warning...
$level = 2;
break;
case LOG_NOTICE:
case LOG_INFO:
case LOG_DEBUG:
default:
$level = 3;
//debug
}
//Save log based on system log level settings.
if ($cfg && $cfg->getLogLevel() >= $level) {
$loglevel = array(1 => 'Error', 'Warning', 'Debug');
$sql = 'INSERT INTO ' . SYSLOG_TABLE . ' SET created=NOW(),updated=NOW() ' . ',title=' . db_input($title) . ',log_type=' . db_input($loglevel[$level]) . ',log=' . db_input($message) . ',ip_address=' . db_input($_SERVER['REMOTE_ADDR']);
//echo $sql;
mysql_query($sql);
//don't use db_query to avoid possible loop.
}
}
function search($params)
{
$input = db_input(strtolower($params['input']), false);
$len = strlen($input);
$limit = isset($params['limit']) ? (int) $params['limit'] : 25;
$items = array();
$ticketid = false;
if (is_numeric($input)) {
$WHERE = ' WHERE ticketID LIKE \'' . $input . '%\'';
$ticketid = true;
} else {
$WHERE = ' WHERE email LIKE \'' . $input . '%\'';
}
$sql = 'SELECT DISTINCT ticketID,email FROM ' . TICKET_TABLE . ' ' . $WHERE . ' ORDER BY created LIMIT ' . $limit;
$resp = db_query($sql);
if ($resp && db_num_rows($resp)) {
while (list($id, $email) = db_fetch_row($resp)) {
$info = $ticketid ? $email : $id;
$id = $ticketid ? $id : $email;
$items[] = '{"id": "' . $id . '", "value": "' . $id . '", "info": "' . $info . '"}';
}
}
$result = '{"results": [' . implode(", ", $items) . ']}';
return $result;
}
function search()
{
$limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 25;
$items = array();
$ticketid = false;
if (isset($_GET['id'])) {
$WHERE = ' WHERE ticketID LIKE \'' . db_input($_GET['id'], false) . '%\'';
$ticketid = true;
} elseif (isset($_GET['email'])) {
$WHERE = ' WHERE email LIKE \'' . db_input(strtolower($_GET['email']), false) . '%\'';
} else {
Http::response(400, "id or email argument is required");
}
$sql = 'SELECT DISTINCT ticketID,email,name FROM ' . TICKET_TABLE . ' ' . $WHERE . ' ORDER BY created LIMIT ' . $limit;
$res = db_query($sql);
if ($res && db_num_rows($res)) {
while (list($id, $email, $name) = db_fetch_row($res)) {
$info = $ticketid ? $email : $id;
$id = $ticketid ? $id : $email;
# TODO: Return 'name' from email address if 'email' argument
# specified?
$items[] = array('id' => $id, 'value' => $id, 'info' => $info, 'name' => $name);
}
}
return $this->encode(array('results' => $items));
}
function run($max_time) {
foreach (array(
'registration-staff', 'pwreset-staff', 'banner-staff',
'registration-client', 'pwreset-client', 'banner-client',
'registration-confirm', 'registration-thanks',
'access-link') as $type) {
$i18n = new Internationalization();
$tpl = $i18n->getTemplate("templates/page/{$type}.yaml");
if (!($page = $tpl->getData()))
// No such template on disk
continue;
if ($id = db_result(db_query('select id from '.PAGE_TABLE
.' where `type`='.db_input($type))))
// Already have a template for the content type
continue;
$sql = 'INSERT INTO '.PAGE_TABLE.' SET type='.db_input($type)
.', name='.db_input($page['name'])
.', body='.db_input($page['body'])
.', lang='.db_input($tpl->getLang())
.', notes='.db_input($page['notes'])
.', created=NOW(), updated=NOW(), isactive=1';
db_query($sql);
}
// Set the content_id for all the new items
db_query('UPDATE '.PAGE_TABLE
.' SET `content_id` = `id` WHERE `content_id` = 0');
}
function btn_save($id = '')
{
global $db, $messageStack;
if ($this->security_id < 3) {
$messageStack->add_session(ERROR_NO_PERMISSION, 'error');
return false;
}
$title = db_prepare_input($_POST['title']);
$code = strtoupper(db_prepare_input($_POST['code']));
$sql_data_array = array('title' => $title, 'code' => $code, 'symbol_left' => db_prepare_input($_POST['symbol_left']), 'symbol_right' => db_prepare_input($_POST['symbol_right']), 'decimal_point' => db_prepare_input($_POST['decimal_point']), 'thousands_point' => db_prepare_input($_POST['thousands_point']), 'decimal_places' => db_prepare_input($_POST['decimal_places']), 'decimal_precise' => db_prepare_input($_POST['decimal_precise']), 'value' => db_prepare_input($_POST['value']));
if ($id) {
db_perform($this->db_table, $sql_data_array, 'update', "currencies_id = " . (int) $id);
gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_UPDATE, $title);
} else {
db_perform($this->db_table, $sql_data_array);
gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_ADD, $title);
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
// first check to see if there are any general ledger entries
$result = $db->Execute("select id from " . TABLE_JOURNAL_MAIN . " limit 1");
if ($result->RecordCount() > 0) {
$messageStack->add_session(SETUP_ERROR_CANNOT_CHANGE_DEFAULT, 'error');
} else {
$db->Execute("update " . TABLE_CONFIGURATION . " set configuration_value = '" . db_input($code) . "'\r\n\t\t\twhere configuration_key = 'DEFAULT_CURRENCY'");
$db->Execute("alter table " . TABLE_JOURNAL_MAIN . " \r\n\t\t\tchange `currencies_code` `currencies_code` CHAR(3) NOT NULL DEFAULT '" . db_input($code) . "'");
}
}
return true;
}
function create($staffId, $ticketId, $created)
{
if (is_numeric($staffId) && is_numeric($ticketId)) {
$sql = 'INSERT INTO ' . SPENT_TIME_TABLE . ' SET ticket_id=' . db_input($ticketId) . ', staff_id=' . db_input($staffId) . ', created=' . db_input($created) . ', ended=NOW()' . ', seconds=TIME_TO_SEC(TIMEDIFF(ended,created))';
return db_query($sql) && db_affected_rows() == 1;
}
return false;
}
function getIdByFileHash($hash, $tid = 0)
{
$sql = 'SELECT attach_id FROM ' . TICKET_ATTACHMENT_TABLE . ' a ' . ' INNER JOIN ' . FILE_TABLE . ' f ON(f.id=a.file_id) ' . ' WHERE f.hash=' . db_input($hash);
if ($tid) {
$sql .= ' AND a.ticket_id=' . db_input($tid);
}
return db_result(db_query($sql));
}
function cannedResp($params)
{
$sql = 'SELECT answer FROM ' . KB_PREMADE_TABLE . ' WHERE isenabled=1 AND premade_id=' . db_input($params['id']);
if (($res = db_query($sql)) && db_num_rows($res)) {
list($response) = db_fetch_row($res);
}
return $response;
}
function load($id)
{
$sql = 'SELECT * FROM ' . SYSLOG_TABLE . ' WHERE log_id=' . db_input($id);
if (!($res = db_query($sql)) || !db_num_rows($res)) {
return false;
}
$this->info = db_fetch_array($res);
$this->id = $this->info['log_id'];
return $this->id;
}
function run($max_time)
{
$sql = 'SELECT `INDEX_NAME` FROM information_schema.statistics
WHERE table_schema = ' . db_input(DBNAME) . ' AND table_name = ' . db_input(TICKET_EMAIL_INFO_TABLE) . ' AND column_name = ' . db_input('thread_id');
if ($name = db_result(db_query($sql))) {
if ($name == 'PRIMARY') {
db_query('ALTER TABLE `' . TICKET_EMAIL_INFO_TABLE . '` DROP PRIMARY KEY');
}
}
}
public function write($message)
{
$tableName = $this->tableName;
$message = db_input($message);
$time = time();
$sql = "INSERT INTO `{$tableName}` (`message`, `time`) VALUES ('{$message}', {$time});";
$result = db_query($sql);
if (!$result) {
throw new Exception(db_last_error());
}
}
function renew()
{
global $cfg;
$sql = 'UPDATE ' . TICKET_LOCK_TABLE . ' SET expire=DATE_ADD(NOW(),INTERVAL ' . $cfg->getLockTime() . ' MINUTE) ' . ' WHERE lock_id=' . db_input($this->getId());
//echo $sql;
if (db_query($sql) && db_affected_rows()) {
$this->reload();
return true;
}
return false;
}
function load($id)
{
if (!$id && !($id = $this->getId())) {
return false;
}
$sql = 'SELECT * FROM ' . PRIORITY_TABLE . ' WHERE priority_id=' . db_input($id);
if (!($res = db_query($sql)) || !db_num_rows($res)) {
return false;
}
$this->ht = db_fetch_array($res);
$this->id = $this->ht['priority_id'];
return true;
}
function load($id = 0)
{
if (!$id && !($id = $this->getId())) {
return false;
}
$sql = 'SELECT * FROM ' . TIMEZONE_TABLE . ' WHERE id=' . db_input($id);
if (!($res = db_query($sql)) || !db_num_rows($res)) {
return false;
}
$this->ht = db_fetch_array($res);
$this->id = $this->ht['id'];
return $this->id;
}
function run()
{
$res = db_query('SELECT api_whitelist, api_key FROM ' . CONFIG_TABLE . ' WHERE id=1');
if (!$res || !db_num_rows($res)) {
return 0;
}
//Reporting success.
list($whitelist, $key) = db_fetch_row($res);
$ips = array_filter(array_map('trim', explode(',', $whitelist)));
foreach ($ips as $ip) {
$sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET created=NOW(), updated=NOW(), isactive=1 ' . ',ipaddr=' . db_input($ip) . ',apikey=' . db_input(strtoupper(md5($ip . md5($key))));
db_query($sql);
}
}
function run()
{
$sql = 'SELECT email_id, userpass, userid FROM ' . EMAIL_TABLE . " WHERE userpass <> ''";
if (($res = db_query($sql)) && db_num_rows($res)) {
while (list($id, $passwd, $username) = db_fetch_row($res)) {
if (!$passwd) {
continue;
}
$ciphertext = Crypto::encrypt(self::_decrypt($passwd, SECRET_SALT), SECRET_SALT, $username);
$sql = 'UPDATE ' . EMAIL_TABLE . ' SET userpass='******' WHERE email_id=' . db_input($id);
db_query($sql);
}
}
}
function cannedResp($params)
{
$sql = 'SELECT answer FROM ' . KB_PREMADE_TABLE . ' WHERE isenabled=1 AND premade_id=' . db_input($params['id']);
if (($res = db_query($sql)) && db_num_rows($res)) {
list($response) = db_fetch_row($res);
}
if ($response && $params['tid'] && strpos($response, '%') !== false) {
include_once INCLUDE_DIR . 'class.ticket.php';
$ticket = new Ticket($params['tid']);
if ($ticket && $ticket->getId()) {
$response = $ticket->replaceTemplateVars($response);
}
}
return $response;
}
function search()
{
if (!isset($_REQUEST['q'])) {
Http::response(400, 'Query argument is required');
}
$limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
$users = array();
$sql = 'SELECT DISTINCT email, name ' . ' FROM ' . TICKET_TABLE . ' WHERE email LIKE \'%' . db_input(strtolower($_REQUEST['q']), false) . '%\' ' . ' ORDER BY created ' . ' LIMIT ' . $limit;
if (($res = db_query($sql)) && db_num_rows($res)) {
while (list($email, $name) = db_fetch_row($res)) {
$users[] = array('email' => $email, 'name' => $name, 'info' => "{$email} - {$name}");
}
}
return $this->json_encode($users);
}
function run($max_time)
{
$this->setStatus("Migrating department access");
$res = db_query('SELECT group_id, dept_access FROM ' . GROUP_TABLE);
if (!$res || !db_num_rows($res)) {
return false;
}
//No groups??
while (list($groupId, $access) = db_fetch_row($res)) {
$depts = array_filter(array_map('trim', explode(',', $access)));
foreach ($depts as $deptId) {
$sql = 'INSERT INTO ' . GROUP_DEPT_TABLE . ' SET dept_id=' . db_input($deptId) . ', group_id=' . db_input($groupId);
db_query($sql);
}
}
}
function search($type = null)
{
if (!isset($_REQUEST['q'])) {
Http::response(400, 'Query argument is required');
}
$limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
$orgs = array();
$escaped = db_input(strtolower($_REQUEST['q']), false);
$sql = 'SELECT DISTINCT org.id, org.name ' . ' FROM ' . ORGANIZATION_TABLE . ' org ' . ' LEFT JOIN ' . FORM_ENTRY_TABLE . ' entry ON (entry.object_type=\'O\' AND entry.object_id = org.id)
LEFT JOIN ' . FORM_ANSWER_TABLE . ' value ON (value.entry_id=entry.id) ' . ' WHERE org.name LIKE \'%' . $escaped . '%\' OR value.value LIKE \'%' . $escaped . '%\'' . ' ORDER BY org.created ' . ' LIMIT ' . $limit;
if (($res = db_query($sql)) && db_num_rows($res)) {
while (list($id, $name) = db_fetch_row($res)) {
$orgs[] = array('name' => Format::htmlchars($name), 'info' => $name, 'id' => $id, '/bin/true' => $_REQUEST['q']);
}
}
return $this->json_encode(array_values($orgs));
}
function db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link')
{
global $db;
reset($data);
if ($action == 'insert') {
$query = 'insert into ' . $table . ' (';
while (list($columns, ) = each($data)) {
$query .= $columns . ', ';
}
$query = substr($query, 0, -2) . ') values (';
reset($data);
while (list(, $value) = each($data)) {
switch ((string) $value) {
case 'now()':
$query .= 'now(), ';
break;
case 'null':
$query .= 'null, ';
break;
default:
$query .= '\'' . db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ')';
} elseif ($action == 'update') {
$query = 'update ' . $table . ' set ';
while (list($columns, $value) = each($data)) {
switch ((string) $value) {
case 'now()':
$query .= $columns . ' = now(), ';
break;
case 'null':
$query .= $columns .= ' = null, ';
break;
default:
$query .= $columns . ' = \'' . db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ' where ' . $parameters;
}
//echo 'includes/functions/database.php sql = ' . $query . '<br />';
return $db->Execute($query);
}
function db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link')
{
reset($data);
if ($action == 'insert') {
$query = 'insert into ' . $table . ' (';
while (list($columns, ) = each($data)) {
$query .= $columns . ', ';
}
$query = substr($query, 0, -2) . ') values (';
reset($data);
while (list(, $value) = each($data)) {
switch ((string) $value) {
case 'now()':
$query .= 'now(), ';
break;
case 'null':
$query .= 'null, ';
break;
default:
$query .= '\'' . db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ')';
} elseif ($action == 'update') {
$query = 'update ' . $table . ' set ';
while (list($columns, $value) = each($data)) {
switch ((string) $value) {
case 'now()':
$query .= $columns . ' = now(), ';
break;
case 'null':
$query .= $columns .= ' = null, ';
break;
default:
$query .= $columns . ' = \'' . db_input($value) . '\', ';
break;
}
}
$query = substr($query, 0, -2) . ' where ' . $parameters;
}
return db_query($query, $link);
}
function run($runtime)
{
$errors = array();
$i18n = new Internationalization('en_US');
$tpls = $i18n->getTemplate('email_template_group.yaml')->getData();
foreach ($tpls as $t) {
// If the email template group specifies an id attribute, remove
// it for upgrade because we cannot assume that the id slot is
// available
unset($t['id']);
EmailTemplateGroup::create($t, $errors);
}
$files = $i18n->getTemplate('file.yaml')->getData();
foreach ($files as $f) {
$id = AttachmentFile::create($f, $errors);
// Ensure the new files are never deleted (attached to Disk)
$sql = 'INSERT INTO ' . ATTACHMENT_TABLE . ' SET object_id=0, `type`=\'D\', inline=1' . ', file_id=' . db_input($id);
db_query($sql);
}
}
function load()
{
if (!$this->id) {
return false;
}
$sql = 'SELECT * FROM ' . TOPIC_TABLE . ' WHERE topic_id=' . db_input($this->id);
if (($res = db_query($sql)) && db_num_rows($res)) {
$info = db_fetch_array($res);
$this->id = $info['topic_id'];
$this->topic = $info['topic'];
$this->dept_id = $info['dept_id'];
$this->priority_id = $info['priority_id'];
$this->active = $info['enabled'];
$this->autoresp = $info['noautoresp'] ? false : true;
$this->info = $info;
return true;
}
$this->id = 0;
return false;
}
function search($type = null)
{
if (!isset($_REQUEST['q'])) {
Http::response(400, __('Query argument is required'));
}
$limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
$users = array();
$emails = array();
if (!$type || !strcasecmp($type, 'remote')) {
foreach (AuthenticationBackend::searchUsers($_REQUEST['q']) as $u) {
$name = new PersonsName(array('first' => $u['first'], 'last' => $u['last']));
$users[] = array('email' => $u['email'], 'name' => $name, 'info' => "{$u['email']} - {$name} (remote)", 'id' => "auth:" . $u['id'], "/bin/true" => $_REQUEST['q']);
$emails[] = $u['email'];
}
}
if (!$type || !strcasecmp($type, 'local')) {
$remote_emails = ($emails = array_filter($emails)) ? ' OR email.address IN (' . implode(',', db_input($emails)) . ') ' : '';
$q = str_replace(' ', '%', $_REQUEST['q']);
$escaped = db_input($q, false);
$sql = 'SELECT DISTINCT user.id, email.address, name ' . ' FROM ' . USER_TABLE . ' user ' . ' JOIN ' . USER_EMAIL_TABLE . ' email ON user.id = email.user_id ' . ' LEFT JOIN ' . FORM_ENTRY_TABLE . ' entry ON (entry.object_type=\'U\' AND entry.object_id = user.id)
LEFT JOIN ' . FORM_ANSWER_TABLE . ' value ON (value.entry_id=entry.id) ' . ' WHERE email.address LIKE \'%' . $escaped . '%\'
OR user.name LIKE \'%' . $escaped . '%\'
OR value.value LIKE \'%' . $escaped . '%\'' . $remote_emails . ' LIMIT ' . $limit;
if (($res = db_query($sql)) && db_num_rows($res)) {
while (list($id, $email, $name) = db_fetch_row($res)) {
foreach ($users as $i => $u) {
if ($u['email'] == $email) {
unset($users[$i]);
break;
}
}
$name = Format::htmlchars(new PersonsName($name));
$users[] = array('email' => $email, 'name' => $name, 'info' => "{$email} - {$name}", "id" => $id, "/bin/true" => $_REQUEST['q']);
}
}
usort($users, function ($a, $b) {
return strcmp($a['name'], $b['name']);
});
}
return $this->json_encode(array_values($users));
}
function searchByEmail()
{
global $thisstaff;
$limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
$tickets = array();
$sql = 'SELECT email, count(ticket_id) as tickets ' . ' FROM ' . TICKET_TABLE . ' WHERE email LIKE \'%' . db_input(strtolower($_REQUEST['q']), false) . '%\' ';
$sql .= ' AND ( staff_id=' . db_input($thisstaff->getId());
if (($teams = $thisstaff->getTeams()) && count(array_filter($teams))) {
$sql .= ' OR team_id IN(' . implode(',', array_filter($teams)) . ')';
}
if (!$thisstaff->showAssignedOnly() && ($depts = $thisstaff->getDepts())) {
$sql .= ' OR dept_id IN (' . implode(',', $depts) . ')';
}
$sql .= ' ) ' . ' GROUP BY email ' . ' ORDER BY created LIMIT ' . $limit;
if (($res = db_query($sql)) && db_num_rows($res)) {
while (list($email, $count) = db_fetch_row($res)) {
$tickets[] = array('email' => $email, 'value' => $email, 'info' => "{$email} ({$count})");
}
}
return $this->json_encode($tickets);
}
function load($id, $email = '')
{
$sql = 'SELECT ticket_id,ticketID,name,email FROM ' . TICKET_TABLE . ' WHERE ticketID=' . db_input($id);
if ($email) {
//don't validate...using whatever is entered.
$sql .= ' AND email=' . db_input($email);
}
$res = db_query($sql);
if (!$res || !db_num_rows($res)) {
return NULL;
}
$row = db_fetch_array($res);
$this->udata = $row;
$this->id = $row['ticketID'];
//placeholder
$this->ticket_id = $row['ticket_id'];
$this->ticketID = $row['ticketID'];
$this->fullname = ucfirst($row['name']);
$this->username = $row['email'];
$this->email = $row['email'];
return $this->id;
}
function btn_save($id = '')
{
global $db, $messageStack;
if ($this->security_id < 3) {
$messageStack->add(ERROR_NO_PERMISSION, 'error');
return false;
}
$title = db_prepare_input($_POST['title']);
$code = strtoupper(db_prepare_input($_POST['code']));
if ($_POST['decimal_precise'] == '') {
$_POST['decimal_precise'] = $_POST['decimal_places'];
}
$sql_data_array = array('title' => $title, 'code' => $code, 'symbol_left' => db_prepare_input($_POST['symbol_left']), 'symbol_right' => db_prepare_input($_POST['symbol_right']), 'decimal_point' => db_prepare_input($_POST['decimal_point']), 'thousands_point' => db_prepare_input($_POST['thousands_point']), 'decimal_places' => db_prepare_input($_POST['decimal_places']), 'decimal_precise' => db_prepare_input($_POST['decimal_precise']), 'value' => db_prepare_input($_POST['value']));
if ($id) {
db_perform($this->db_table, $sql_data_array, 'update', "currencies_id = " . (int) $id);
gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_UPDATE, $title);
} else {
db_perform($this->db_table, $sql_data_array);
gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_ADD, $title);
}
if (isset($_POST['default']) && $_POST['default'] == 'on') {
// first check to see if there are any general ledger entries
$result = $db->Execute("SELECT id FROM " . TABLE_JOURNAL_MAIN . " LIMIT 1");
if ($result->RecordCount() > 0) {
$messageStack->add(SETUP_ERROR_CANNOT_CHANGE_DEFAULT, 'error');
} else {
write_configure('DEFAULT_CURRENCY', db_input($code));
db_perform($this->db_table, array('value' => 1), 'update', "code='{$code}'");
// change default exc rate to 1
$db->Execute("alter table " . TABLE_JOURNAL_MAIN . " \n\t\t\tchange currencies_code currencies_code CHAR(3) NOT NULL DEFAULT '" . db_input($code) . "'");
$this->def_currency = db_input($code);
$this->btn_update();
}
}
return true;
}
function save($id, $vars, &$errors)
{
if ($id && !$vars['group_id']) {
$errors['err'] = 'Missing or invalid group ID';
}
if (!$vars['group_name']) {
$errors['group_name'] = 'Group name required';
} elseif (strlen($vars['group_name']) < 5) {
$errors['group_name'] = 'Group name must be at least 5 chars.';
} else {
$sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']);
if ($id) {
$sql .= ' AND group_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['group_name'] = 'Group name already exists';
}
}
if (!$errors) {
$sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']);
//echo $sql;
if ($id) {
$res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id));
if (!$res || !db_affected_rows()) {
$errors['err'] = 'Internal error occured';
}
} else {
$res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()');
if ($res && ($gID = db_insert_id())) {
return $gID;
}
$errors['err'] = 'Unable to create the group. Internal error';
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
if ($id && !$vars['group_id']) {
$errors['err'] = 'Falta la ID de Grupo o es invalida.';
}
if (!$vars['group_name']) {
$errors['group_name'] = 'Nombre de grupo requerido';
} elseif (strlen($vars['group_name']) < 5) {
$errors['group_name'] = 'El nombre del grupo debe tener al menos 5 caracteres.';
} else {
$sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']);
if ($id) {
$sql .= ' AND group_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['group_name'] = 'Este nombre de grupo ya existe.';
}
}
if (!$errors) {
$sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']);
//echo $sql;
if ($id) {
$res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id));
if (!$res || !db_affected_rows()) {
$errors['err'] = 'Error interno';
}
} else {
$res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()');
if ($res && ($gID = db_insert_id())) {
return $gID;
}
$errors['err'] = 'No se a podido crear el grupo, Error interno';
}
}
return $errors ? false : true;
}