Exemplo n.º 1
0
 function log($priority, $title, $message, $alert = true)
 {
     global $cfg;
     switch ($priority) {
         //We are providing only 3 levels of logs. Windows style.
         case LOG_EMERG:
         case LOG_ALERT:
         case LOG_CRIT:
         case LOG_ERR:
             $level = 1;
             if ($alert) {
                 Sys::alertAdmin($title, $message);
             }
             break;
         case LOG_WARN:
         case LOG_WARNING:
             //Warning...
             $level = 2;
             break;
         case LOG_NOTICE:
         case LOG_INFO:
         case LOG_DEBUG:
         default:
             $level = 3;
             //debug
     }
     //Save log based on system log level settings.
     if ($cfg && $cfg->getLogLevel() >= $level) {
         $loglevel = array(1 => 'Error', 'Warning', 'Debug');
         $sql = 'INSERT INTO ' . SYSLOG_TABLE . ' SET created=NOW(),updated=NOW() ' . ',title=' . db_input($title) . ',log_type=' . db_input($loglevel[$level]) . ',log=' . db_input($message) . ',ip_address=' . db_input($_SERVER['REMOTE_ADDR']);
         //echo $sql;
         mysql_query($sql);
         //don't use db_query to avoid possible loop.
     }
 }
Exemplo n.º 2
0
 function search($params)
 {
     $input = db_input(strtolower($params['input']), false);
     $len = strlen($input);
     $limit = isset($params['limit']) ? (int) $params['limit'] : 25;
     $items = array();
     $ticketid = false;
     if (is_numeric($input)) {
         $WHERE = ' WHERE ticketID LIKE \'' . $input . '%\'';
         $ticketid = true;
     } else {
         $WHERE = ' WHERE email LIKE \'' . $input . '%\'';
     }
     $sql = 'SELECT DISTINCT ticketID,email FROM ' . TICKET_TABLE . ' ' . $WHERE . ' ORDER BY created LIMIT ' . $limit;
     $resp = db_query($sql);
     if ($resp && db_num_rows($resp)) {
         while (list($id, $email) = db_fetch_row($resp)) {
             $info = $ticketid ? $email : $id;
             $id = $ticketid ? $id : $email;
             $items[] = '{"id": "' . $id . '", "value": "' . $id . '", "info": "' . $info . '"}';
         }
     }
     $result = '{"results": [' . implode(", ", $items) . ']}';
     return $result;
 }
Exemplo n.º 3
0
 function search()
 {
     $limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 25;
     $items = array();
     $ticketid = false;
     if (isset($_GET['id'])) {
         $WHERE = ' WHERE ticketID LIKE \'' . db_input($_GET['id'], false) . '%\'';
         $ticketid = true;
     } elseif (isset($_GET['email'])) {
         $WHERE = ' WHERE email LIKE \'' . db_input(strtolower($_GET['email']), false) . '%\'';
     } else {
         Http::response(400, "id or email argument is required");
     }
     $sql = 'SELECT DISTINCT ticketID,email,name FROM ' . TICKET_TABLE . ' ' . $WHERE . ' ORDER BY created LIMIT ' . $limit;
     $res = db_query($sql);
     if ($res && db_num_rows($res)) {
         while (list($id, $email, $name) = db_fetch_row($res)) {
             $info = $ticketid ? $email : $id;
             $id = $ticketid ? $id : $email;
             # TODO: Return 'name' from email address if 'email' argument
             #       specified?
             $items[] = array('id' => $id, 'value' => $id, 'info' => $info, 'name' => $name);
         }
     }
     return $this->encode(array('results' => $items));
 }
    function run($max_time) {
        foreach (array(
                'registration-staff', 'pwreset-staff', 'banner-staff',
                'registration-client', 'pwreset-client', 'banner-client',
                'registration-confirm', 'registration-thanks',
                'access-link') as $type) {
            $i18n = new Internationalization();
            $tpl = $i18n->getTemplate("templates/page/{$type}.yaml");
            if (!($page = $tpl->getData()))
                // No such template on disk
                continue;

            if ($id = db_result(db_query('select id from '.PAGE_TABLE
                    .' where `type`='.db_input($type))))
                // Already have a template for the content type
                continue;

            $sql = 'INSERT INTO '.PAGE_TABLE.' SET type='.db_input($type)
                .', name='.db_input($page['name'])
                .', body='.db_input($page['body'])
                .', lang='.db_input($tpl->getLang())
                .', notes='.db_input($page['notes'])
                .', created=NOW(), updated=NOW(), isactive=1';
            db_query($sql);
        }
        // Set the content_id for all the new items
        db_query('UPDATE '.PAGE_TABLE
            .' SET `content_id` = `id` WHERE `content_id` = 0');
    }
Exemplo n.º 5
0
 function btn_save($id = '')
 {
     global $db, $messageStack;
     if ($this->security_id < 3) {
         $messageStack->add_session(ERROR_NO_PERMISSION, 'error');
         return false;
     }
     $title = db_prepare_input($_POST['title']);
     $code = strtoupper(db_prepare_input($_POST['code']));
     $sql_data_array = array('title' => $title, 'code' => $code, 'symbol_left' => db_prepare_input($_POST['symbol_left']), 'symbol_right' => db_prepare_input($_POST['symbol_right']), 'decimal_point' => db_prepare_input($_POST['decimal_point']), 'thousands_point' => db_prepare_input($_POST['thousands_point']), 'decimal_places' => db_prepare_input($_POST['decimal_places']), 'decimal_precise' => db_prepare_input($_POST['decimal_precise']), 'value' => db_prepare_input($_POST['value']));
     if ($id) {
         db_perform($this->db_table, $sql_data_array, 'update', "currencies_id = " . (int) $id);
         gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_UPDATE, $title);
     } else {
         db_perform($this->db_table, $sql_data_array);
         gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_ADD, $title);
     }
     if (isset($_POST['default']) && $_POST['default'] == 'on') {
         // first check to see if there are any general ledger entries
         $result = $db->Execute("select id from " . TABLE_JOURNAL_MAIN . " limit 1");
         if ($result->RecordCount() > 0) {
             $messageStack->add_session(SETUP_ERROR_CANNOT_CHANGE_DEFAULT, 'error');
         } else {
             $db->Execute("update " . TABLE_CONFIGURATION . " set configuration_value = '" . db_input($code) . "'\r\n\t\t\twhere configuration_key = 'DEFAULT_CURRENCY'");
             $db->Execute("alter table " . TABLE_JOURNAL_MAIN . " \r\n\t\t\tchange `currencies_code` `currencies_code` CHAR(3) NOT NULL DEFAULT '" . db_input($code) . "'");
         }
     }
     return true;
 }
Exemplo n.º 6
0
 function create($staffId, $ticketId, $created)
 {
     if (is_numeric($staffId) && is_numeric($ticketId)) {
         $sql = 'INSERT INTO ' . SPENT_TIME_TABLE . ' SET ticket_id=' . db_input($ticketId) . ', staff_id=' . db_input($staffId) . ', created=' . db_input($created) . ', ended=NOW()' . ', seconds=TIME_TO_SEC(TIMEDIFF(ended,created))';
         return db_query($sql) && db_affected_rows() == 1;
     }
     return false;
 }
Exemplo n.º 7
0
 function getIdByFileHash($hash, $tid = 0)
 {
     $sql = 'SELECT attach_id FROM ' . TICKET_ATTACHMENT_TABLE . ' a ' . ' INNER JOIN ' . FILE_TABLE . ' f ON(f.id=a.file_id) ' . ' WHERE f.hash=' . db_input($hash);
     if ($tid) {
         $sql .= ' AND a.ticket_id=' . db_input($tid);
     }
     return db_result(db_query($sql));
 }
Exemplo n.º 8
0
 function cannedResp($params)
 {
     $sql = 'SELECT answer FROM ' . KB_PREMADE_TABLE . ' WHERE isenabled=1 AND premade_id=' . db_input($params['id']);
     if (($res = db_query($sql)) && db_num_rows($res)) {
         list($response) = db_fetch_row($res);
     }
     return $response;
 }
Exemplo n.º 9
0
 function load($id)
 {
     $sql = 'SELECT * FROM ' . SYSLOG_TABLE . ' WHERE log_id=' . db_input($id);
     if (!($res = db_query($sql)) || !db_num_rows($res)) {
         return false;
     }
     $this->info = db_fetch_array($res);
     $this->id = $this->info['log_id'];
     return $this->id;
 }
 function run($max_time)
 {
     $sql = 'SELECT `INDEX_NAME` FROM information_schema.statistics
       WHERE table_schema = ' . db_input(DBNAME) . ' AND table_name = ' . db_input(TICKET_EMAIL_INFO_TABLE) . ' AND column_name = ' . db_input('thread_id');
     if ($name = db_result(db_query($sql))) {
         if ($name == 'PRIMARY') {
             db_query('ALTER TABLE `' . TICKET_EMAIL_INFO_TABLE . '` DROP PRIMARY KEY');
         }
     }
 }
Exemplo n.º 11
0
 public function write($message)
 {
     $tableName = $this->tableName;
     $message = db_input($message);
     $time = time();
     $sql = "INSERT INTO `{$tableName}` (`message`, `time`) VALUES ('{$message}', {$time});";
     $result = db_query($sql);
     if (!$result) {
         throw new Exception(db_last_error());
     }
 }
Exemplo n.º 12
0
 function renew()
 {
     global $cfg;
     $sql = 'UPDATE ' . TICKET_LOCK_TABLE . ' SET expire=DATE_ADD(NOW(),INTERVAL ' . $cfg->getLockTime() . ' MINUTE) ' . ' WHERE lock_id=' . db_input($this->getId());
     //echo $sql;
     if (db_query($sql) && db_affected_rows()) {
         $this->reload();
         return true;
     }
     return false;
 }
Exemplo n.º 13
0
 function load($id)
 {
     if (!$id && !($id = $this->getId())) {
         return false;
     }
     $sql = 'SELECT *  FROM ' . PRIORITY_TABLE . ' WHERE priority_id=' . db_input($id);
     if (!($res = db_query($sql)) || !db_num_rows($res)) {
         return false;
     }
     $this->ht = db_fetch_array($res);
     $this->id = $this->ht['priority_id'];
     return true;
 }
Exemplo n.º 14
0
 function load($id = 0)
 {
     if (!$id && !($id = $this->getId())) {
         return false;
     }
     $sql = 'SELECT * FROM ' . TIMEZONE_TABLE . ' WHERE id=' . db_input($id);
     if (!($res = db_query($sql)) || !db_num_rows($res)) {
         return false;
     }
     $this->ht = db_fetch_array($res);
     $this->id = $this->ht['id'];
     return $this->id;
 }
 function run()
 {
     $res = db_query('SELECT api_whitelist, api_key FROM ' . CONFIG_TABLE . ' WHERE id=1');
     if (!$res || !db_num_rows($res)) {
         return 0;
     }
     //Reporting success.
     list($whitelist, $key) = db_fetch_row($res);
     $ips = array_filter(array_map('trim', explode(',', $whitelist)));
     foreach ($ips as $ip) {
         $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET created=NOW(), updated=NOW(), isactive=1 ' . ',ipaddr=' . db_input($ip) . ',apikey=' . db_input(strtoupper(md5($ip . md5($key))));
         db_query($sql);
     }
 }
 function run()
 {
     $sql = 'SELECT email_id, userpass, userid FROM ' . EMAIL_TABLE . " WHERE userpass <> ''";
     if (($res = db_query($sql)) && db_num_rows($res)) {
         while (list($id, $passwd, $username) = db_fetch_row($res)) {
             if (!$passwd) {
                 continue;
             }
             $ciphertext = Crypto::encrypt(self::_decrypt($passwd, SECRET_SALT), SECRET_SALT, $username);
             $sql = 'UPDATE ' . EMAIL_TABLE . ' SET userpass='******' WHERE email_id=' . db_input($id);
             db_query($sql);
         }
     }
 }
Exemplo n.º 17
0
 function cannedResp($params)
 {
     $sql = 'SELECT answer FROM ' . KB_PREMADE_TABLE . ' WHERE isenabled=1 AND premade_id=' . db_input($params['id']);
     if (($res = db_query($sql)) && db_num_rows($res)) {
         list($response) = db_fetch_row($res);
     }
     if ($response && $params['tid'] && strpos($response, '%') !== false) {
         include_once INCLUDE_DIR . 'class.ticket.php';
         $ticket = new Ticket($params['tid']);
         if ($ticket && $ticket->getId()) {
             $response = $ticket->replaceTemplateVars($response);
         }
     }
     return $response;
 }
Exemplo n.º 18
0
 function search()
 {
     if (!isset($_REQUEST['q'])) {
         Http::response(400, 'Query argument is required');
     }
     $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
     $users = array();
     $sql = 'SELECT DISTINCT email, name ' . ' FROM ' . TICKET_TABLE . ' WHERE email LIKE \'%' . db_input(strtolower($_REQUEST['q']), false) . '%\' ' . ' ORDER BY created ' . ' LIMIT ' . $limit;
     if (($res = db_query($sql)) && db_num_rows($res)) {
         while (list($email, $name) = db_fetch_row($res)) {
             $users[] = array('email' => $email, 'name' => $name, 'info' => "{$email} - {$name}");
         }
     }
     return $this->json_encode($users);
 }
 function run($max_time)
 {
     $this->setStatus("Migrating department access");
     $res = db_query('SELECT group_id, dept_access FROM ' . GROUP_TABLE);
     if (!$res || !db_num_rows($res)) {
         return false;
     }
     //No groups??
     while (list($groupId, $access) = db_fetch_row($res)) {
         $depts = array_filter(array_map('trim', explode(',', $access)));
         foreach ($depts as $deptId) {
             $sql = 'INSERT INTO ' . GROUP_DEPT_TABLE . ' SET dept_id=' . db_input($deptId) . ', group_id=' . db_input($groupId);
             db_query($sql);
         }
     }
 }
Exemplo n.º 20
0
 function search($type = null)
 {
     if (!isset($_REQUEST['q'])) {
         Http::response(400, 'Query argument is required');
     }
     $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
     $orgs = array();
     $escaped = db_input(strtolower($_REQUEST['q']), false);
     $sql = 'SELECT DISTINCT org.id, org.name ' . ' FROM ' . ORGANIZATION_TABLE . ' org ' . ' LEFT JOIN ' . FORM_ENTRY_TABLE . ' entry ON (entry.object_type=\'O\' AND entry.object_id = org.id)
            LEFT JOIN ' . FORM_ANSWER_TABLE . ' value ON (value.entry_id=entry.id) ' . ' WHERE org.name LIKE \'%' . $escaped . '%\' OR value.value LIKE \'%' . $escaped . '%\'' . ' ORDER BY org.created ' . ' LIMIT ' . $limit;
     if (($res = db_query($sql)) && db_num_rows($res)) {
         while (list($id, $name) = db_fetch_row($res)) {
             $orgs[] = array('name' => Format::htmlchars($name), 'info' => $name, 'id' => $id, '/bin/true' => $_REQUEST['q']);
         }
     }
     return $this->json_encode(array_values($orgs));
 }
Exemplo n.º 21
0
function db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link')
{
    global $db;
    reset($data);
    if ($action == 'insert') {
        $query = 'insert into ' . $table . ' (';
        while (list($columns, ) = each($data)) {
            $query .= $columns . ', ';
        }
        $query = substr($query, 0, -2) . ') values (';
        reset($data);
        while (list(, $value) = each($data)) {
            switch ((string) $value) {
                case 'now()':
                    $query .= 'now(), ';
                    break;
                case 'null':
                    $query .= 'null, ';
                    break;
                default:
                    $query .= '\'' . db_input($value) . '\', ';
                    break;
            }
        }
        $query = substr($query, 0, -2) . ')';
    } elseif ($action == 'update') {
        $query = 'update ' . $table . ' set ';
        while (list($columns, $value) = each($data)) {
            switch ((string) $value) {
                case 'now()':
                    $query .= $columns . ' = now(), ';
                    break;
                case 'null':
                    $query .= $columns .= ' = null, ';
                    break;
                default:
                    $query .= $columns . ' = \'' . db_input($value) . '\', ';
                    break;
            }
        }
        $query = substr($query, 0, -2) . ' where ' . $parameters;
    }
    //echo 'includes/functions/database.php sql = ' . $query . '<br />';
    return $db->Execute($query);
}
Exemplo n.º 22
0
function db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link')
{
    reset($data);
    if ($action == 'insert') {
        $query = 'insert into ' . $table . ' (';
        while (list($columns, ) = each($data)) {
            $query .= $columns . ', ';
        }
        $query = substr($query, 0, -2) . ') values (';
        reset($data);
        while (list(, $value) = each($data)) {
            switch ((string) $value) {
                case 'now()':
                    $query .= 'now(), ';
                    break;
                case 'null':
                    $query .= 'null, ';
                    break;
                default:
                    $query .= '\'' . db_input($value) . '\', ';
                    break;
            }
        }
        $query = substr($query, 0, -2) . ')';
    } elseif ($action == 'update') {
        $query = 'update ' . $table . ' set ';
        while (list($columns, $value) = each($data)) {
            switch ((string) $value) {
                case 'now()':
                    $query .= $columns . ' = now(), ';
                    break;
                case 'null':
                    $query .= $columns .= ' = null, ';
                    break;
                default:
                    $query .= $columns . ' = \'' . db_input($value) . '\', ';
                    break;
            }
        }
        $query = substr($query, 0, -2) . ' where ' . $parameters;
    }
    return db_query($query, $link);
}
 function run($runtime)
 {
     $errors = array();
     $i18n = new Internationalization('en_US');
     $tpls = $i18n->getTemplate('email_template_group.yaml')->getData();
     foreach ($tpls as $t) {
         // If the email template group specifies an id attribute, remove
         // it for upgrade because we cannot assume that the id slot is
         // available
         unset($t['id']);
         EmailTemplateGroup::create($t, $errors);
     }
     $files = $i18n->getTemplate('file.yaml')->getData();
     foreach ($files as $f) {
         $id = AttachmentFile::create($f, $errors);
         // Ensure the new files are never deleted (attached to Disk)
         $sql = 'INSERT INTO ' . ATTACHMENT_TABLE . ' SET object_id=0, `type`=\'D\', inline=1' . ', file_id=' . db_input($id);
         db_query($sql);
     }
 }
Exemplo n.º 24
0
 function load()
 {
     if (!$this->id) {
         return false;
     }
     $sql = 'SELECT * FROM ' . TOPIC_TABLE . ' WHERE topic_id=' . db_input($this->id);
     if (($res = db_query($sql)) && db_num_rows($res)) {
         $info = db_fetch_array($res);
         $this->id = $info['topic_id'];
         $this->topic = $info['topic'];
         $this->dept_id = $info['dept_id'];
         $this->priority_id = $info['priority_id'];
         $this->active = $info['enabled'];
         $this->autoresp = $info['noautoresp'] ? false : true;
         $this->info = $info;
         return true;
     }
     $this->id = 0;
     return false;
 }
Exemplo n.º 25
0
 function search($type = null)
 {
     if (!isset($_REQUEST['q'])) {
         Http::response(400, __('Query argument is required'));
     }
     $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
     $users = array();
     $emails = array();
     if (!$type || !strcasecmp($type, 'remote')) {
         foreach (AuthenticationBackend::searchUsers($_REQUEST['q']) as $u) {
             $name = new PersonsName(array('first' => $u['first'], 'last' => $u['last']));
             $users[] = array('email' => $u['email'], 'name' => $name, 'info' => "{$u['email']} - {$name} (remote)", 'id' => "auth:" . $u['id'], "/bin/true" => $_REQUEST['q']);
             $emails[] = $u['email'];
         }
     }
     if (!$type || !strcasecmp($type, 'local')) {
         $remote_emails = ($emails = array_filter($emails)) ? ' OR email.address IN (' . implode(',', db_input($emails)) . ') ' : '';
         $q = str_replace(' ', '%', $_REQUEST['q']);
         $escaped = db_input($q, false);
         $sql = 'SELECT DISTINCT user.id, email.address, name ' . ' FROM ' . USER_TABLE . ' user ' . ' JOIN ' . USER_EMAIL_TABLE . ' email ON user.id = email.user_id ' . ' LEFT JOIN ' . FORM_ENTRY_TABLE . ' entry ON (entry.object_type=\'U\' AND entry.object_id = user.id)
                LEFT JOIN ' . FORM_ANSWER_TABLE . ' value ON (value.entry_id=entry.id) ' . ' WHERE email.address LIKE \'%' . $escaped . '%\'
                OR user.name LIKE \'%' . $escaped . '%\'
                OR value.value LIKE \'%' . $escaped . '%\'' . $remote_emails . ' LIMIT ' . $limit;
         if (($res = db_query($sql)) && db_num_rows($res)) {
             while (list($id, $email, $name) = db_fetch_row($res)) {
                 foreach ($users as $i => $u) {
                     if ($u['email'] == $email) {
                         unset($users[$i]);
                         break;
                     }
                 }
                 $name = Format::htmlchars(new PersonsName($name));
                 $users[] = array('email' => $email, 'name' => $name, 'info' => "{$email} - {$name}", "id" => $id, "/bin/true" => $_REQUEST['q']);
             }
         }
         usort($users, function ($a, $b) {
             return strcmp($a['name'], $b['name']);
         });
     }
     return $this->json_encode(array_values($users));
 }
Exemplo n.º 26
0
 function searchByEmail()
 {
     global $thisstaff;
     $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25;
     $tickets = array();
     $sql = 'SELECT email, count(ticket_id) as tickets ' . ' FROM ' . TICKET_TABLE . ' WHERE email LIKE \'%' . db_input(strtolower($_REQUEST['q']), false) . '%\' ';
     $sql .= ' AND ( staff_id=' . db_input($thisstaff->getId());
     if (($teams = $thisstaff->getTeams()) && count(array_filter($teams))) {
         $sql .= ' OR team_id IN(' . implode(',', array_filter($teams)) . ')';
     }
     if (!$thisstaff->showAssignedOnly() && ($depts = $thisstaff->getDepts())) {
         $sql .= ' OR dept_id IN (' . implode(',', $depts) . ')';
     }
     $sql .= ' ) ' . ' GROUP BY email ' . ' ORDER BY created  LIMIT ' . $limit;
     if (($res = db_query($sql)) && db_num_rows($res)) {
         while (list($email, $count) = db_fetch_row($res)) {
             $tickets[] = array('email' => $email, 'value' => $email, 'info' => "{$email} ({$count})");
         }
     }
     return $this->json_encode($tickets);
 }
Exemplo n.º 27
0
 function load($id, $email = '')
 {
     $sql = 'SELECT ticket_id,ticketID,name,email FROM ' . TICKET_TABLE . ' WHERE ticketID=' . db_input($id);
     if ($email) {
         //don't validate...using whatever is entered.
         $sql .= ' AND email=' . db_input($email);
     }
     $res = db_query($sql);
     if (!$res || !db_num_rows($res)) {
         return NULL;
     }
     $row = db_fetch_array($res);
     $this->udata = $row;
     $this->id = $row['ticketID'];
     //placeholder
     $this->ticket_id = $row['ticket_id'];
     $this->ticketID = $row['ticketID'];
     $this->fullname = ucfirst($row['name']);
     $this->username = $row['email'];
     $this->email = $row['email'];
     return $this->id;
 }
Exemplo n.º 28
0
 function btn_save($id = '')
 {
     global $db, $messageStack;
     if ($this->security_id < 3) {
         $messageStack->add(ERROR_NO_PERMISSION, 'error');
         return false;
     }
     $title = db_prepare_input($_POST['title']);
     $code = strtoupper(db_prepare_input($_POST['code']));
     if ($_POST['decimal_precise'] == '') {
         $_POST['decimal_precise'] = $_POST['decimal_places'];
     }
     $sql_data_array = array('title' => $title, 'code' => $code, 'symbol_left' => db_prepare_input($_POST['symbol_left']), 'symbol_right' => db_prepare_input($_POST['symbol_right']), 'decimal_point' => db_prepare_input($_POST['decimal_point']), 'thousands_point' => db_prepare_input($_POST['thousands_point']), 'decimal_places' => db_prepare_input($_POST['decimal_places']), 'decimal_precise' => db_prepare_input($_POST['decimal_precise']), 'value' => db_prepare_input($_POST['value']));
     if ($id) {
         db_perform($this->db_table, $sql_data_array, 'update', "currencies_id = " . (int) $id);
         gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_UPDATE, $title);
     } else {
         db_perform($this->db_table, $sql_data_array);
         gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_ADD, $title);
     }
     if (isset($_POST['default']) && $_POST['default'] == 'on') {
         // first check to see if there are any general ledger entries
         $result = $db->Execute("SELECT id FROM " . TABLE_JOURNAL_MAIN . " LIMIT 1");
         if ($result->RecordCount() > 0) {
             $messageStack->add(SETUP_ERROR_CANNOT_CHANGE_DEFAULT, 'error');
         } else {
             write_configure('DEFAULT_CURRENCY', db_input($code));
             db_perform($this->db_table, array('value' => 1), 'update', "code='{$code}'");
             // change default exc rate to 1
             $db->Execute("alter table " . TABLE_JOURNAL_MAIN . " \n\t\t\tchange currencies_code currencies_code CHAR(3) NOT NULL DEFAULT '" . db_input($code) . "'");
             $this->def_currency = db_input($code);
             $this->btn_update();
         }
     }
     return true;
 }
Exemplo n.º 29
0
 function save($id, $vars, &$errors)
 {
     if ($id && !$vars['group_id']) {
         $errors['err'] = 'Missing or invalid group ID';
     }
     if (!$vars['group_name']) {
         $errors['group_name'] = 'Group name required';
     } elseif (strlen($vars['group_name']) < 5) {
         $errors['group_name'] = 'Group name must be at least 5 chars.';
     } else {
         $sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']);
         if ($id) {
             $sql .= ' AND group_id!=' . db_input($id);
         }
         if (db_num_rows(db_query($sql))) {
             $errors['group_name'] = 'Group name already exists';
         }
     }
     if (!$errors) {
         $sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']);
         //echo $sql;
         if ($id) {
             $res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id));
             if (!$res || !db_affected_rows()) {
                 $errors['err'] = 'Internal error occured';
             }
         } else {
             $res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()');
             if ($res && ($gID = db_insert_id())) {
                 return $gID;
             }
             $errors['err'] = 'Unable to create the group. Internal error';
         }
     }
     return $errors ? false : true;
 }
Exemplo n.º 30
0
 function save($id, $vars, &$errors)
 {
     if ($id && !$vars['group_id']) {
         $errors['err'] = 'Falta la ID de Grupo o es invalida.';
     }
     if (!$vars['group_name']) {
         $errors['group_name'] = 'Nombre de grupo requerido';
     } elseif (strlen($vars['group_name']) < 5) {
         $errors['group_name'] = 'El nombre del grupo debe tener al menos 5 caracteres.';
     } else {
         $sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']);
         if ($id) {
             $sql .= ' AND group_id!=' . db_input($id);
         }
         if (db_num_rows(db_query($sql))) {
             $errors['group_name'] = 'Este nombre de grupo ya existe.';
         }
     }
     if (!$errors) {
         $sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']);
         //echo $sql;
         if ($id) {
             $res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id));
             if (!$res || !db_affected_rows()) {
                 $errors['err'] = 'Error interno';
             }
         } else {
             $res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()');
             if ($res && ($gID = db_insert_id())) {
                 return $gID;
             }
             $errors['err'] = 'No se a podido crear el grupo, Error interno';
         }
     }
     return $errors ? false : true;
 }