function log($priority, $title, $message, $alert = true) { global $cfg; switch ($priority) { //We are providing only 3 levels of logs. Windows style. case LOG_EMERG: case LOG_ALERT: case LOG_CRIT: case LOG_ERR: $level = 1; if ($alert) { Sys::alertAdmin($title, $message); } break; case LOG_WARN: case LOG_WARNING: //Warning... $level = 2; break; case LOG_NOTICE: case LOG_INFO: case LOG_DEBUG: default: $level = 3; //debug } //Save log based on system log level settings. if ($cfg && $cfg->getLogLevel() >= $level) { $loglevel = array(1 => 'Error', 'Warning', 'Debug'); $sql = 'INSERT INTO ' . SYSLOG_TABLE . ' SET created=NOW(),updated=NOW() ' . ',title=' . db_input($title) . ',log_type=' . db_input($loglevel[$level]) . ',log=' . db_input($message) . ',ip_address=' . db_input($_SERVER['REMOTE_ADDR']); //echo $sql; mysql_query($sql); //don't use db_query to avoid possible loop. } }
function search($params) { $input = db_input(strtolower($params['input']), false); $len = strlen($input); $limit = isset($params['limit']) ? (int) $params['limit'] : 25; $items = array(); $ticketid = false; if (is_numeric($input)) { $WHERE = ' WHERE ticketID LIKE \'' . $input . '%\''; $ticketid = true; } else { $WHERE = ' WHERE email LIKE \'' . $input . '%\''; } $sql = 'SELECT DISTINCT ticketID,email FROM ' . TICKET_TABLE . ' ' . $WHERE . ' ORDER BY created LIMIT ' . $limit; $resp = db_query($sql); if ($resp && db_num_rows($resp)) { while (list($id, $email) = db_fetch_row($resp)) { $info = $ticketid ? $email : $id; $id = $ticketid ? $id : $email; $items[] = '{"id": "' . $id . '", "value": "' . $id . '", "info": "' . $info . '"}'; } } $result = '{"results": [' . implode(", ", $items) . ']}'; return $result; }
function search() { $limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 25; $items = array(); $ticketid = false; if (isset($_GET['id'])) { $WHERE = ' WHERE ticketID LIKE \'' . db_input($_GET['id'], false) . '%\''; $ticketid = true; } elseif (isset($_GET['email'])) { $WHERE = ' WHERE email LIKE \'' . db_input(strtolower($_GET['email']), false) . '%\''; } else { Http::response(400, "id or email argument is required"); } $sql = 'SELECT DISTINCT ticketID,email,name FROM ' . TICKET_TABLE . ' ' . $WHERE . ' ORDER BY created LIMIT ' . $limit; $res = db_query($sql); if ($res && db_num_rows($res)) { while (list($id, $email, $name) = db_fetch_row($res)) { $info = $ticketid ? $email : $id; $id = $ticketid ? $id : $email; # TODO: Return 'name' from email address if 'email' argument # specified? $items[] = array('id' => $id, 'value' => $id, 'info' => $info, 'name' => $name); } } return $this->encode(array('results' => $items)); }
function run($max_time) { foreach (array( 'registration-staff', 'pwreset-staff', 'banner-staff', 'registration-client', 'pwreset-client', 'banner-client', 'registration-confirm', 'registration-thanks', 'access-link') as $type) { $i18n = new Internationalization(); $tpl = $i18n->getTemplate("templates/page/{$type}.yaml"); if (!($page = $tpl->getData())) // No such template on disk continue; if ($id = db_result(db_query('select id from '.PAGE_TABLE .' where `type`='.db_input($type)))) // Already have a template for the content type continue; $sql = 'INSERT INTO '.PAGE_TABLE.' SET type='.db_input($type) .', name='.db_input($page['name']) .', body='.db_input($page['body']) .', lang='.db_input($tpl->getLang()) .', notes='.db_input($page['notes']) .', created=NOW(), updated=NOW(), isactive=1'; db_query($sql); } // Set the content_id for all the new items db_query('UPDATE '.PAGE_TABLE .' SET `content_id` = `id` WHERE `content_id` = 0'); }
function btn_save($id = '') { global $db, $messageStack; if ($this->security_id < 3) { $messageStack->add_session(ERROR_NO_PERMISSION, 'error'); return false; } $title = db_prepare_input($_POST['title']); $code = strtoupper(db_prepare_input($_POST['code'])); $sql_data_array = array('title' => $title, 'code' => $code, 'symbol_left' => db_prepare_input($_POST['symbol_left']), 'symbol_right' => db_prepare_input($_POST['symbol_right']), 'decimal_point' => db_prepare_input($_POST['decimal_point']), 'thousands_point' => db_prepare_input($_POST['thousands_point']), 'decimal_places' => db_prepare_input($_POST['decimal_places']), 'decimal_precise' => db_prepare_input($_POST['decimal_precise']), 'value' => db_prepare_input($_POST['value'])); if ($id) { db_perform($this->db_table, $sql_data_array, 'update', "currencies_id = " . (int) $id); gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_UPDATE, $title); } else { db_perform($this->db_table, $sql_data_array); gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_ADD, $title); } if (isset($_POST['default']) && $_POST['default'] == 'on') { // first check to see if there are any general ledger entries $result = $db->Execute("select id from " . TABLE_JOURNAL_MAIN . " limit 1"); if ($result->RecordCount() > 0) { $messageStack->add_session(SETUP_ERROR_CANNOT_CHANGE_DEFAULT, 'error'); } else { $db->Execute("update " . TABLE_CONFIGURATION . " set configuration_value = '" . db_input($code) . "'\r\n\t\t\twhere configuration_key = 'DEFAULT_CURRENCY'"); $db->Execute("alter table " . TABLE_JOURNAL_MAIN . " \r\n\t\t\tchange `currencies_code` `currencies_code` CHAR(3) NOT NULL DEFAULT '" . db_input($code) . "'"); } } return true; }
function create($staffId, $ticketId, $created) { if (is_numeric($staffId) && is_numeric($ticketId)) { $sql = 'INSERT INTO ' . SPENT_TIME_TABLE . ' SET ticket_id=' . db_input($ticketId) . ', staff_id=' . db_input($staffId) . ', created=' . db_input($created) . ', ended=NOW()' . ', seconds=TIME_TO_SEC(TIMEDIFF(ended,created))'; return db_query($sql) && db_affected_rows() == 1; } return false; }
function getIdByFileHash($hash, $tid = 0) { $sql = 'SELECT attach_id FROM ' . TICKET_ATTACHMENT_TABLE . ' a ' . ' INNER JOIN ' . FILE_TABLE . ' f ON(f.id=a.file_id) ' . ' WHERE f.hash=' . db_input($hash); if ($tid) { $sql .= ' AND a.ticket_id=' . db_input($tid); } return db_result(db_query($sql)); }
function cannedResp($params) { $sql = 'SELECT answer FROM ' . KB_PREMADE_TABLE . ' WHERE isenabled=1 AND premade_id=' . db_input($params['id']); if (($res = db_query($sql)) && db_num_rows($res)) { list($response) = db_fetch_row($res); } return $response; }
function load($id) { $sql = 'SELECT * FROM ' . SYSLOG_TABLE . ' WHERE log_id=' . db_input($id); if (!($res = db_query($sql)) || !db_num_rows($res)) { return false; } $this->info = db_fetch_array($res); $this->id = $this->info['log_id']; return $this->id; }
function run($max_time) { $sql = 'SELECT `INDEX_NAME` FROM information_schema.statistics WHERE table_schema = ' . db_input(DBNAME) . ' AND table_name = ' . db_input(TICKET_EMAIL_INFO_TABLE) . ' AND column_name = ' . db_input('thread_id'); if ($name = db_result(db_query($sql))) { if ($name == 'PRIMARY') { db_query('ALTER TABLE `' . TICKET_EMAIL_INFO_TABLE . '` DROP PRIMARY KEY'); } } }
public function write($message) { $tableName = $this->tableName; $message = db_input($message); $time = time(); $sql = "INSERT INTO `{$tableName}` (`message`, `time`) VALUES ('{$message}', {$time});"; $result = db_query($sql); if (!$result) { throw new Exception(db_last_error()); } }
function renew() { global $cfg; $sql = 'UPDATE ' . TICKET_LOCK_TABLE . ' SET expire=DATE_ADD(NOW(),INTERVAL ' . $cfg->getLockTime() . ' MINUTE) ' . ' WHERE lock_id=' . db_input($this->getId()); //echo $sql; if (db_query($sql) && db_affected_rows()) { $this->reload(); return true; } return false; }
function load($id) { if (!$id && !($id = $this->getId())) { return false; } $sql = 'SELECT * FROM ' . PRIORITY_TABLE . ' WHERE priority_id=' . db_input($id); if (!($res = db_query($sql)) || !db_num_rows($res)) { return false; } $this->ht = db_fetch_array($res); $this->id = $this->ht['priority_id']; return true; }
function load($id = 0) { if (!$id && !($id = $this->getId())) { return false; } $sql = 'SELECT * FROM ' . TIMEZONE_TABLE . ' WHERE id=' . db_input($id); if (!($res = db_query($sql)) || !db_num_rows($res)) { return false; } $this->ht = db_fetch_array($res); $this->id = $this->ht['id']; return $this->id; }
function run() { $res = db_query('SELECT api_whitelist, api_key FROM ' . CONFIG_TABLE . ' WHERE id=1'); if (!$res || !db_num_rows($res)) { return 0; } //Reporting success. list($whitelist, $key) = db_fetch_row($res); $ips = array_filter(array_map('trim', explode(',', $whitelist))); foreach ($ips as $ip) { $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET created=NOW(), updated=NOW(), isactive=1 ' . ',ipaddr=' . db_input($ip) . ',apikey=' . db_input(strtoupper(md5($ip . md5($key)))); db_query($sql); } }
function run() { $sql = 'SELECT email_id, userpass, userid FROM ' . EMAIL_TABLE . " WHERE userpass <> ''"; if (($res = db_query($sql)) && db_num_rows($res)) { while (list($id, $passwd, $username) = db_fetch_row($res)) { if (!$passwd) { continue; } $ciphertext = Crypto::encrypt(self::_decrypt($passwd, SECRET_SALT), SECRET_SALT, $username); $sql = 'UPDATE ' . EMAIL_TABLE . ' SET userpass='******' WHERE email_id=' . db_input($id); db_query($sql); } } }
function cannedResp($params) { $sql = 'SELECT answer FROM ' . KB_PREMADE_TABLE . ' WHERE isenabled=1 AND premade_id=' . db_input($params['id']); if (($res = db_query($sql)) && db_num_rows($res)) { list($response) = db_fetch_row($res); } if ($response && $params['tid'] && strpos($response, '%') !== false) { include_once INCLUDE_DIR . 'class.ticket.php'; $ticket = new Ticket($params['tid']); if ($ticket && $ticket->getId()) { $response = $ticket->replaceTemplateVars($response); } } return $response; }
function search() { if (!isset($_REQUEST['q'])) { Http::response(400, 'Query argument is required'); } $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25; $users = array(); $sql = 'SELECT DISTINCT email, name ' . ' FROM ' . TICKET_TABLE . ' WHERE email LIKE \'%' . db_input(strtolower($_REQUEST['q']), false) . '%\' ' . ' ORDER BY created ' . ' LIMIT ' . $limit; if (($res = db_query($sql)) && db_num_rows($res)) { while (list($email, $name) = db_fetch_row($res)) { $users[] = array('email' => $email, 'name' => $name, 'info' => "{$email} - {$name}"); } } return $this->json_encode($users); }
function run($max_time) { $this->setStatus("Migrating department access"); $res = db_query('SELECT group_id, dept_access FROM ' . GROUP_TABLE); if (!$res || !db_num_rows($res)) { return false; } //No groups?? while (list($groupId, $access) = db_fetch_row($res)) { $depts = array_filter(array_map('trim', explode(',', $access))); foreach ($depts as $deptId) { $sql = 'INSERT INTO ' . GROUP_DEPT_TABLE . ' SET dept_id=' . db_input($deptId) . ', group_id=' . db_input($groupId); db_query($sql); } } }
function search($type = null) { if (!isset($_REQUEST['q'])) { Http::response(400, 'Query argument is required'); } $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25; $orgs = array(); $escaped = db_input(strtolower($_REQUEST['q']), false); $sql = 'SELECT DISTINCT org.id, org.name ' . ' FROM ' . ORGANIZATION_TABLE . ' org ' . ' LEFT JOIN ' . FORM_ENTRY_TABLE . ' entry ON (entry.object_type=\'O\' AND entry.object_id = org.id) LEFT JOIN ' . FORM_ANSWER_TABLE . ' value ON (value.entry_id=entry.id) ' . ' WHERE org.name LIKE \'%' . $escaped . '%\' OR value.value LIKE \'%' . $escaped . '%\'' . ' ORDER BY org.created ' . ' LIMIT ' . $limit; if (($res = db_query($sql)) && db_num_rows($res)) { while (list($id, $name) = db_fetch_row($res)) { $orgs[] = array('name' => Format::htmlchars($name), 'info' => $name, 'id' => $id, '/bin/true' => $_REQUEST['q']); } } return $this->json_encode(array_values($orgs)); }
function db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link') { global $db; reset($data); if ($action == 'insert') { $query = 'insert into ' . $table . ' ('; while (list($columns, ) = each($data)) { $query .= $columns . ', '; } $query = substr($query, 0, -2) . ') values ('; reset($data); while (list(, $value) = each($data)) { switch ((string) $value) { case 'now()': $query .= 'now(), '; break; case 'null': $query .= 'null, '; break; default: $query .= '\'' . db_input($value) . '\', '; break; } } $query = substr($query, 0, -2) . ')'; } elseif ($action == 'update') { $query = 'update ' . $table . ' set '; while (list($columns, $value) = each($data)) { switch ((string) $value) { case 'now()': $query .= $columns . ' = now(), '; break; case 'null': $query .= $columns .= ' = null, '; break; default: $query .= $columns . ' = \'' . db_input($value) . '\', '; break; } } $query = substr($query, 0, -2) . ' where ' . $parameters; } //echo 'includes/functions/database.php sql = ' . $query . '<br />'; return $db->Execute($query); }
function db_perform($table, $data, $action = 'insert', $parameters = '', $link = 'db_link') { reset($data); if ($action == 'insert') { $query = 'insert into ' . $table . ' ('; while (list($columns, ) = each($data)) { $query .= $columns . ', '; } $query = substr($query, 0, -2) . ') values ('; reset($data); while (list(, $value) = each($data)) { switch ((string) $value) { case 'now()': $query .= 'now(), '; break; case 'null': $query .= 'null, '; break; default: $query .= '\'' . db_input($value) . '\', '; break; } } $query = substr($query, 0, -2) . ')'; } elseif ($action == 'update') { $query = 'update ' . $table . ' set '; while (list($columns, $value) = each($data)) { switch ((string) $value) { case 'now()': $query .= $columns . ' = now(), '; break; case 'null': $query .= $columns .= ' = null, '; break; default: $query .= $columns . ' = \'' . db_input($value) . '\', '; break; } } $query = substr($query, 0, -2) . ' where ' . $parameters; } return db_query($query, $link); }
function run($runtime) { $errors = array(); $i18n = new Internationalization('en_US'); $tpls = $i18n->getTemplate('email_template_group.yaml')->getData(); foreach ($tpls as $t) { // If the email template group specifies an id attribute, remove // it for upgrade because we cannot assume that the id slot is // available unset($t['id']); EmailTemplateGroup::create($t, $errors); } $files = $i18n->getTemplate('file.yaml')->getData(); foreach ($files as $f) { $id = AttachmentFile::create($f, $errors); // Ensure the new files are never deleted (attached to Disk) $sql = 'INSERT INTO ' . ATTACHMENT_TABLE . ' SET object_id=0, `type`=\'D\', inline=1' . ', file_id=' . db_input($id); db_query($sql); } }
function load() { if (!$this->id) { return false; } $sql = 'SELECT * FROM ' . TOPIC_TABLE . ' WHERE topic_id=' . db_input($this->id); if (($res = db_query($sql)) && db_num_rows($res)) { $info = db_fetch_array($res); $this->id = $info['topic_id']; $this->topic = $info['topic']; $this->dept_id = $info['dept_id']; $this->priority_id = $info['priority_id']; $this->active = $info['enabled']; $this->autoresp = $info['noautoresp'] ? false : true; $this->info = $info; return true; } $this->id = 0; return false; }
function search($type = null) { if (!isset($_REQUEST['q'])) { Http::response(400, __('Query argument is required')); } $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25; $users = array(); $emails = array(); if (!$type || !strcasecmp($type, 'remote')) { foreach (AuthenticationBackend::searchUsers($_REQUEST['q']) as $u) { $name = new PersonsName(array('first' => $u['first'], 'last' => $u['last'])); $users[] = array('email' => $u['email'], 'name' => $name, 'info' => "{$u['email']} - {$name} (remote)", 'id' => "auth:" . $u['id'], "/bin/true" => $_REQUEST['q']); $emails[] = $u['email']; } } if (!$type || !strcasecmp($type, 'local')) { $remote_emails = ($emails = array_filter($emails)) ? ' OR email.address IN (' . implode(',', db_input($emails)) . ') ' : ''; $q = str_replace(' ', '%', $_REQUEST['q']); $escaped = db_input($q, false); $sql = 'SELECT DISTINCT user.id, email.address, name ' . ' FROM ' . USER_TABLE . ' user ' . ' JOIN ' . USER_EMAIL_TABLE . ' email ON user.id = email.user_id ' . ' LEFT JOIN ' . FORM_ENTRY_TABLE . ' entry ON (entry.object_type=\'U\' AND entry.object_id = user.id) LEFT JOIN ' . FORM_ANSWER_TABLE . ' value ON (value.entry_id=entry.id) ' . ' WHERE email.address LIKE \'%' . $escaped . '%\' OR user.name LIKE \'%' . $escaped . '%\' OR value.value LIKE \'%' . $escaped . '%\'' . $remote_emails . ' LIMIT ' . $limit; if (($res = db_query($sql)) && db_num_rows($res)) { while (list($id, $email, $name) = db_fetch_row($res)) { foreach ($users as $i => $u) { if ($u['email'] == $email) { unset($users[$i]); break; } } $name = Format::htmlchars(new PersonsName($name)); $users[] = array('email' => $email, 'name' => $name, 'info' => "{$email} - {$name}", "id" => $id, "/bin/true" => $_REQUEST['q']); } } usort($users, function ($a, $b) { return strcmp($a['name'], $b['name']); }); } return $this->json_encode(array_values($users)); }
function searchByEmail() { global $thisstaff; $limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit'] : 25; $tickets = array(); $sql = 'SELECT email, count(ticket_id) as tickets ' . ' FROM ' . TICKET_TABLE . ' WHERE email LIKE \'%' . db_input(strtolower($_REQUEST['q']), false) . '%\' '; $sql .= ' AND ( staff_id=' . db_input($thisstaff->getId()); if (($teams = $thisstaff->getTeams()) && count(array_filter($teams))) { $sql .= ' OR team_id IN(' . implode(',', array_filter($teams)) . ')'; } if (!$thisstaff->showAssignedOnly() && ($depts = $thisstaff->getDepts())) { $sql .= ' OR dept_id IN (' . implode(',', $depts) . ')'; } $sql .= ' ) ' . ' GROUP BY email ' . ' ORDER BY created LIMIT ' . $limit; if (($res = db_query($sql)) && db_num_rows($res)) { while (list($email, $count) = db_fetch_row($res)) { $tickets[] = array('email' => $email, 'value' => $email, 'info' => "{$email} ({$count})"); } } return $this->json_encode($tickets); }
function load($id, $email = '') { $sql = 'SELECT ticket_id,ticketID,name,email FROM ' . TICKET_TABLE . ' WHERE ticketID=' . db_input($id); if ($email) { //don't validate...using whatever is entered. $sql .= ' AND email=' . db_input($email); } $res = db_query($sql); if (!$res || !db_num_rows($res)) { return NULL; } $row = db_fetch_array($res); $this->udata = $row; $this->id = $row['ticketID']; //placeholder $this->ticket_id = $row['ticket_id']; $this->ticketID = $row['ticketID']; $this->fullname = ucfirst($row['name']); $this->username = $row['email']; $this->email = $row['email']; return $this->id; }
function btn_save($id = '') { global $db, $messageStack; if ($this->security_id < 3) { $messageStack->add(ERROR_NO_PERMISSION, 'error'); return false; } $title = db_prepare_input($_POST['title']); $code = strtoupper(db_prepare_input($_POST['code'])); if ($_POST['decimal_precise'] == '') { $_POST['decimal_precise'] = $_POST['decimal_places']; } $sql_data_array = array('title' => $title, 'code' => $code, 'symbol_left' => db_prepare_input($_POST['symbol_left']), 'symbol_right' => db_prepare_input($_POST['symbol_right']), 'decimal_point' => db_prepare_input($_POST['decimal_point']), 'thousands_point' => db_prepare_input($_POST['thousands_point']), 'decimal_places' => db_prepare_input($_POST['decimal_places']), 'decimal_precise' => db_prepare_input($_POST['decimal_precise']), 'value' => db_prepare_input($_POST['value'])); if ($id) { db_perform($this->db_table, $sql_data_array, 'update', "currencies_id = " . (int) $id); gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_UPDATE, $title); } else { db_perform($this->db_table, $sql_data_array); gen_add_audit_log(SETUP_LOG_CURRENCY . TEXT_ADD, $title); } if (isset($_POST['default']) && $_POST['default'] == 'on') { // first check to see if there are any general ledger entries $result = $db->Execute("SELECT id FROM " . TABLE_JOURNAL_MAIN . " LIMIT 1"); if ($result->RecordCount() > 0) { $messageStack->add(SETUP_ERROR_CANNOT_CHANGE_DEFAULT, 'error'); } else { write_configure('DEFAULT_CURRENCY', db_input($code)); db_perform($this->db_table, array('value' => 1), 'update', "code='{$code}'"); // change default exc rate to 1 $db->Execute("alter table " . TABLE_JOURNAL_MAIN . " \n\t\t\tchange currencies_code currencies_code CHAR(3) NOT NULL DEFAULT '" . db_input($code) . "'"); $this->def_currency = db_input($code); $this->btn_update(); } } return true; }
function save($id, $vars, &$errors) { if ($id && !$vars['group_id']) { $errors['err'] = 'Missing or invalid group ID'; } if (!$vars['group_name']) { $errors['group_name'] = 'Group name required'; } elseif (strlen($vars['group_name']) < 5) { $errors['group_name'] = 'Group name must be at least 5 chars.'; } else { $sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']); if ($id) { $sql .= ' AND group_id!=' . db_input($id); } if (db_num_rows(db_query($sql))) { $errors['group_name'] = 'Group name already exists'; } } if (!$errors) { $sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']); //echo $sql; if ($id) { $res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id)); if (!$res || !db_affected_rows()) { $errors['err'] = 'Internal error occured'; } } else { $res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()'); if ($res && ($gID = db_insert_id())) { return $gID; } $errors['err'] = 'Unable to create the group. Internal error'; } } return $errors ? false : true; }
function save($id, $vars, &$errors) { if ($id && !$vars['group_id']) { $errors['err'] = 'Falta la ID de Grupo o es invalida.'; } if (!$vars['group_name']) { $errors['group_name'] = 'Nombre de grupo requerido'; } elseif (strlen($vars['group_name']) < 5) { $errors['group_name'] = 'El nombre del grupo debe tener al menos 5 caracteres.'; } else { $sql = 'SELECT group_id FROM ' . GROUP_TABLE . ' WHERE group_name=' . db_input($vars['group_name']); if ($id) { $sql .= ' AND group_id!=' . db_input($id); } if (db_num_rows(db_query($sql))) { $errors['group_name'] = 'Este nombre de grupo ya existe.'; } } if (!$errors) { $sql = ' SET updated=NOW(), group_name=' . db_input(Format::striptags($vars['group_name'])) . ', group_enabled=' . db_input($vars['group_enabled']) . ', dept_access=' . db_input($vars['depts'] ? implode(',', $vars['depts']) : '') . ', can_create_tickets=' . db_input($vars['can_create_tickets']) . ', can_delete_tickets=' . db_input($vars['can_delete_tickets']) . ', can_edit_tickets=' . db_input($vars['can_edit_tickets']) . ', can_transfer_tickets=' . db_input($vars['can_transfer_tickets']) . ', can_close_tickets=' . db_input($vars['can_close_tickets']) . ', can_ban_emails=' . db_input($vars['can_ban_emails']) . ', can_manage_kb=' . db_input($vars['can_manage_kb']); //echo $sql; if ($id) { $res = db_query('UPDATE ' . GROUP_TABLE . ' ' . $sql . ' WHERE group_id=' . db_input($id)); if (!$res || !db_affected_rows()) { $errors['err'] = 'Error interno'; } } else { $res = db_query('INSERT INTO ' . GROUP_TABLE . ' ' . $sql . ',created=NOW()'); if ($res && ($gID = db_insert_id())) { return $gID; } $errors['err'] = 'No se a podido crear el grupo, Error interno'; } } return $errors ? false : true; }