function delete_signature($sig_id)
{
global $dbEmailSig;
$sql = "DELETE FROM `{$dbEmailSig}` WHERE id = {$sig_id}";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'Global Signature deleted', "A global signature was deleted", CFG_JOURNAL_ADMIN, 0);
html_redirect("edit_global_signature.php");
exit;
}
}
// NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0
$sql = "UPDATE `{$dbMaintenance}` SET reseller={$reseller}, expirydate='{$expirydate}', licence_quantity='{$licence_quantity}', ";
$sql .= "licence_type={$licence_type}, notes='{$notes}', admincontact={$admincontact}, term='{$terminated}', servicelevelid='{$servicelevelid}', ";
$sql .= "incident_quantity='{$incident_quantity}', ";
$sql .= "incidentpoolid='{$incidentpoolid}', productonly='{$productonly}', ";
$sql .= "supportedcontacts='{$amount}', allcontactssupported='{$allcontacts}'";
if (!empty($product) and user_permission($sit[2], 22)) {
$sql .= ", product='{$product}'";
}
$sql .= " WHERE id='{$maintid}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// show error message if addition failed
if (!$result) {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo user_alert("Update failed", E_USER_WARNING);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
journal(CFG_LOGGING_NORMAL, 'Contract Edited', "contract {$maintid} modified", CFG_JOURNAL_MAINTENANCE, $maintid);
html_redirect("contract_details.php?id={$maintid}");
}
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo $errors_string;
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
}
}
$destination_filepath = $CONFIG['ftp_path'] . $file_name;
// check the source file exists
if (!file_exists($filepath)) {
trigger_error("Source file cannot be found: {$filepath}", E_USER_WARNING);
}
// set passive mode if required
if (!ftp_pasv($conn_id, $CONFIG['ftp_pasv'])) {
trigger_error("Problem setting passive ftp mode", E_USER_WARNING);
}
// upload the file
$upload = ftp_put($conn_id, "{$destination_filepath}", "{$filepath}", FTP_BINARY);
// close the FTP stream
ftp_close($conn_id);
// check upload status
if (!$upload) {
trigger_error($strUploadFailed, E_USER_ERROR);
} else {
// store file details in database
// important: path must be blank for public files (all go in same dir)
$sql = "INSERT INTO `{$dbFiles}` (filename, size, userid, shortdescription, longdescription, path, filedate, expiry, fileversion) ";
$sql .= "VALUES ('{$file_name}', '{$filesize}', '" . $sit[2] . "', '{$shortdescription}', '{$longdescription}', '{$CONFIG['ftp_path']}', '{$now}', '{$expirydate}' ,'{$fileversion}')";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'FTP File Uploaded', sprintf($strFTPFileXUploaded, $filename), CFG_JOURNAL_OTHER, 0);
html_redirect('ftp_upload_file.php');
echo "<code>{$ftp_url}</code>";
}
}
}
$errors = 0;
// check for blank name
if ($name == '') {
$errors++;
$_SESSION['formerrors']['add_product']['name'] = sprintf($strFieldMustNotBeBlank, $strProduct);
}
if ($vendor == '' or $vendor == "0") {
$errors++;
$_SESSION['formerrors']['add_product']['vendor'] = sprintf($strFieldMustNotBeBlank, $strVendor);
}
// add product if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbProducts}` (name, vendorid, description) VALUES ('{$name}', '{$vendor}', '{$description}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
if (!$result) {
echo "<p class='error'>" . sprintf($strAddXfailed, $strProduct) . "\n";
} else {
$id = mysql_insert_id();
journal(CFG_LOGGING_NORMAL, 'Product Added', "Product {$id} was added", CFG_JOURNAL_PRODUCTS, $id);
html_redirect("products.php");
}
clear_form_errors('add_product');
clear_form_data('add_product');
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
html_redirect("product_add.php", FALSE);
}
}
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
if ($target != 'none') {
// Reset the slaemail sent column, so that email reminders can be sent if the new sla target goes out
$sql = "UPDATE `{$dbIncidents}` SET slaemail='0', slanotice='0' WHERE id='{$id}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
if (!$result) {
include APPLICATION_INCPATH . 'incident_html_top.inc.php';
echo "<p class='error'>{$strUpdateIncidentFailed}</p>\n";
include APPLICATION_INCPATH . 'incident_html_bottom.inc.php';
} else {
if ($draftid != -1 and !empty($draftid)) {
$sql = "DELETE FROM `{$dbDrafts}` WHERE id = {$draftid}";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
journal(CFG_LOGGING_MAX, 'Incident Updated', "Incident {$id} Updated", CFG_JOURNAL_SUPPORT, $id);
html_redirect("incident_details.php?id={$id}");
}
}
}
}
}
include APPLICATION_INCPATH . 'incident_html_bottom.inc.php';
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($result) >= 1) {
$errors++;
}
// Check there is no software linked to this product
$sql = "SELECT productid FROM `{$dbSoftwareProducts}` WHERE productid={$productid} LIMIT 1";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($result) >= 1) {
$errors++;
}
if ($errors == 0) {
$sql = "DELETE FROM `{$dbProducts}` WHERE id = {$productid} LIMIT 1";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'Product Removed', "Product {$productid} was removed", CFG_JOURNAL_PRODUCTS, $productid);
html_redirect("products.php");
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<p class='error'>{$strSorryProductCantBeDeteled}</p>";
echo "<p align='center'><a href='products.php#{$productid}'>{$strReturnToProductList}</a></p>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
} else {
trigger_error($strInvalidParameter, E_USER_ERROR);
}
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
session_name($CONFIG['session_name']);
session_start();
if ($_SESSION['portalauth']) {
journal(CFG_LOGGING_NORMAL, 'Logout', "Portal user " . contact_realname($_SESSION['contactid']) . " logged out", CFG_JOURNAL_LOGIN, $_SESSION['contactid']);
} else {
journal(CFG_LOGGING_NORMAL, 'Logout', "User {$_SESSION['userid']} logged out", CFG_JOURNAL_LOGIN, '');
}
// End the session, remove the cookie and destroy all data registered with the session
$_SESSION['auth'] = FALSE;
$_SESSION['portalauth'] = FALSE;
$_SESSION = array();
session_unset();
session_destroy();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
// redirect
if (!empty($CONFIG['logout_url'])) {
$url = $CONFIG['logout_url'];
} else {
$url = $CONFIG['application_webpath'] . "index.php";
if ($maintid == 0) {
$errors = 1;
$errors_string .= user_alert("{$strYouMustSelectAmaintenanceContract}", E_USER_ERROR);
}
// delete maintenance support contact if no errors
if ($errors == 0) {
$sql = "DELETE FROM `{$dbSupportContacts}` WHERE maintenanceid='{$maintid}' AND contactid='{$contactid}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
// show error message if deletion failed
if (!$result) {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
trigger_error("Deletion of maintenance support conact failed: {$sql}", E_USER_WARNING);
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
journal(CFG_LOGGING_NORMAL, 'Supported Contact Removed', "Contact {$contactid} removed from maintenance contract {$maintid}", CFG_JOURNAL_MAINTENANCED, $maintid);
if ($context == 'maintenance') {
html_redirect("contract_details.php?id={$maintid}");
} else {
html_redirect("contact_details.php?id={$contactid}");
}
}
} else {
// show error message if errors
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo $errors_string;
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
}
if (!file_exists($source_file)) {
trigger_error(sprintf($strSourceFailCannotBeFoundX, $source_file), E_USER_WARNING);
}
// set passive mode
if (!ftp_pasv($conn_id, TRUE)) {
trigger_error($strProblemSettingPassiveFTPMode, E_USER_WARNING);
}
// upload the file
$upload = ftp_put($conn_id, "{$destination_filepath}", "{$source_file}", FTP_BINARY);
// check upload status
if (!$upload) {
echo "{$strUploadFailed}<br />";
} else {
echo sprintf($strUpdatedXToYAsZ, $source_file, $CONFIG['ftp_hostname'], $destination_filepath) . "<br />";
echo "<code>{$ftp_url}</code>";
journal(CFG_LOGGING_NORMAL, 'FTP File Published', "File {$destination_file_file} was published to {$CONFIG['ftp_hostname']}", CFG_JOURNAL_OTHER, 0);
switch ($expiry_none) {
case 'none':
$expirydate = 0;
break;
case 'time':
if ($expiry_days < 1 && $expiry_hours < 1 && $expiry_minutes < 1) {
$expirydate = 0;
} else {
// uses calculate_time_of_next_action() because the function suits our purpose
$expirydate = calculate_time_of_next_action($expiry_days, $expiry_hours, $expiry_minutes);
}
break;
case 'date':
// $now + ($days * 86400) + ($hours * 3600) + ($minutes * 60);
$unixdate = mktime(9, 0, 0, $month, $day, $year);
$value = cleanvar($value);
// Remove the software listed that we don't support
$sql = "DELETE FROM `{$dbUserSoftware}` WHERE userid='{$user}' AND softwareid='{$value}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
// If we are providing backup for a skill we don't have - reset that back to nobody providing backup
$sql = "UPDATE `{$dbUserSoftware}` SET backupid='0' WHERE backupid='{$user}' AND softwareid='{$value}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
}
journal(CFG_LOGGING_MAX, 'Skillset Updated', "Users Skillset was Changed", CFG_JOURNAL_USER, 0);
// Have a look to see if any of the software we support is lacking a backup/substitute engineer
$sql = "SELECT userid FROM `{$dbUserSoftware}` WHERE userid='{$user}' AND backupid='0' LIMIT 1";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
$lacking = mysql_num_rows($result);
if ($lacking >= 1) {
html_redirect("edit_backup_users.php?user={$user}", TRUE, $strYouShouldNowDefineSubstituteEngineers);
} else {
if ($_REQUEST['user'] == $sit[2]) {
html_redirect("edit_user_skills.php?user={$user}");
} else {
html_redirect("manage_users.php");
}
/**
* Authenticate a user with a username/password pair
* @author Ivan Lucas
* @param string $username. A username
* @param string $password. A password (non-md5)
* @return an integer to indicate whether the user authenticated against the database
* @retval int 0 the credentials were wrong or the user was not found.
* @retval int 1 to indicate user is authenticated and allowed to continue.
*/
function authenticateSQL($username, $password)
{
global $dbUsers;
$password = md5($password);
if ($_SESSION['auth'] == TRUE) {
// Already logged in
return 1;
}
// extract user
$sql = "SELECT id FROM `{$dbUsers}` ";
$sql .= "WHERE username = '******' AND password = '******' AND status != 0 ";
// a status of 0 means the user account is disabled
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
// return appropriate value
if (mysql_num_rows($result) == 0) {
mysql_free_result($result);
return 0;
} else {
journal(CFG_LOGGING_MAX, 'User Authenticated', "{$username} authenticated from " . getenv('REMOTE_ADDR'), CFG_JOURNAL_LOGIN, 0);
return 1;
}
}
$isql .= "VALUES ('{$rolerow->id}', '" . $x[1] . "', 'true')";
$iresult = mysql_query($isql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_affected_rows() < 1) {
echo user_alert("{$strUpdateUserPermission} " . $x[1] . " {$strFailedOnPass2}", E_USER_WARNING);
}
}
}
}
}
html_redirect("manage_users.php");
exit;
}
journal(CFG_LOGGING_NORMAL, '{$strUserPermissionsEdited}', "{$strUserXPermissionsEdited}", CFG_JOURNAL_USERS, $user);
// Edit the users permissions
if (empty($role) and !empty($user)) {
// First pass, set all access to false
$sql = "UPDATE `{$dbUserPermissions}` SET granted='false' WHERE userid='{$user}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// Second pass, loop through checkbox array setting access to true where boxes are checked
if (is_array($permselection)) {
//reset ($permselection);
while ($x = each($permselection)) {
$sql = "UPDATE `{$dbUserPermissions}` SET granted='true' WHERE userid='{$user}' AND permissionid='" . $x[1] . "' ";
# echo "Updating permission ".$x[1]."<br />";
# flush();
/**
* Authenticate a user
* @author Lea Anthony
* @param string $username. Username
* @param string $password. Password
* @return an integer to indicate whether the user authenticated against any authentication backends
* @retval bool false the credentials were wrong or the user was not found.
* @retval bool true to indicate user is authenticated and allowed to continue.
*/
function authenticate($username, $password)
{
global $CONFIG;
$toReturn = false;
$sql = "SELECT id, password, status, user_source FROM `{$GLOBALS['dbUsers']}` WHERE username = '******'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($result) == 1) {
// Exist in SiT DB
$obj = mysql_fetch_object($result);
if ($obj->user_source == 'sit') {
if (md5($password) == $obj->password and $obj->status != 0) {
$toReturn = true;
} else {
$toReturn = false;
}
} elseif ($obj->user_source == 'ldap') {
// Auth against LDAP and sync
$toReturn = authenticateLDAP($username, $password, $obj->id);
if ($toReturn === -1) {
// Communication with LDAP server failed
if ($CONFIG['ldap_allow_cached_password']) {
// Use cached password
if (md5($password) == $obj->password and $obj->status != 0) {
$toReturn = true;
} else {
$toReturn = false;
}
} else {
$toReturn = false;
}
} elseif ($toReturn) {
$toReturn = true;
} else {
$toReturn = false;
}
}
} elseif (mysql_num_rows($result) > 1) {
// Multiple this should NEVER happen
trigger_error("Username not unique", E_USER_ERROR);
$toReturn = false;
} else {
// Don't exist, check LDAP etc
if ($CONFIG['use_ldap']) {
$toReturn = authenticateLDAP($username, $password);
if ($toReturn === -1) {
$toReturn = false;
}
}
}
if ($toReturn) {
journal(CFG_LOGGING_MAX, 'User Authenticated', "{$username} authenticated from " . getenv('REMOTE_ADDR'), CFG_JOURNAL_LOGIN, 0);
debug_log("Authenticate: User authenticated", TRUE);
} else {
debug_log("authenticate: User NOT authenticated", TRUE);
}
return $toReturn;
}
// delete_product_software.php
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
// Removes link between a product and software
$permission = 24;
// Add Product
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
$title = "{$strDisassociateSkillWithProduct}";
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
// External variables
$productid = cleanvar($_REQUEST['productid']);
$softwareid = cleanvar($_REQUEST['softwareid']);
if (!empty($productid) && !empty($softwareid)) {
$sql = "DELETE FROM `{$dbSoftwareProducts}` WHERE productid='{$productid}' AND softwareid='{$softwareid}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'Skill Unlinked', "Skill {$softwareid} was unlinked from Product {$productid}", CFG_JOURNAL_PRODUCTS, $productid);
html_redirect("products.php");
} else {
html_redirect("products.php", FALSE, "{$strRequiredDataMissing}");
}
// save to db
if (!empty($newcontact)) {
$sql = "UPDATE `{$dbSupportContacts}` SET contactid='{$newcontact}' WHERE contactid='{$id}' ";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$sql = "UPDATE `{$dbIncidents}` SET contact='{$newcontact}' WHERE contact='{$id}' ";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$sql = "UPDATE `{$dbMaintenance}` SET admincontact='{$newcontact}' WHERE admincontact='{$id}' ";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
// do the delete
$sql = "DELETE FROM `{$dbContacts}` WHERE id='{$id}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'Contact Deleted', "Contact {$id} was deleted", CFG_JOURNAL_CONTACTS, $id);
if (!empty($newcontact)) {
html_redirect("contact_details.php?id={$newcontact}");
} else {
html_redirect("contacts.php");
}
}
$lifetime_end = date('Y-m-d', strtotime($_REQUEST['lifetime_end']));
} else {
$lifetime_end = '';
}
// Add new
$errors = 0;
// check for blank name
if ($name == '') {
$errors = 1;
$errors_string .= user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR);
}
// add product if no errors
if ($errors == 0) {
replace_tags(TAG_SKILL, $id, $tags);
$sql = "UPDATE `{$dbSoftware}` SET ";
$sql .= "name='{$name}', vendorid='{$vendor}', lifetime_start='{$lifetime_start}', lifetime_end='{$lifetime_end}' ";
$sql .= "WHERE id = '{$id}'";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
} else {
$id = mysql_insert_id();
journal(CFG_LOGGING_DEBUG, 'Skill Edited', "Skill {$id} was edited", CFG_JOURNAL_DEBUG, $id);
html_redirect("products.php?display=skills");
}
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo $errors_string;
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
}
// External variables
$name = cleanvar($_REQUEST['name']);
$_SESSION['formdata'] = $_REQUEST;
// Add new
$errors = 0;
// check for blank name
if ($name == '') {
$errors++;
$_SESSION['formerrors']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strVendorName}'"), E_USER_ERROR);
}
// add product if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbVendors}` (name) VALUES ('{$name}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
if (!$result) {
echo "<p class='error'>{$strAdditionFail}</p>\n";
} else {
$id = mysql_insert_id();
journal(CFG_LOGGING_DEBUG, 'Vendor Added', "Vendor {$id} was added", CFG_JOURNAL_DEBUG, $id);
html_redirect("products.php");
}
clear_form_data('add_vendor');
clear_form_errors('add_vendor');
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
html_redirect($_SERVER['PHP_SELF'], FALSE);
}
}
replace_tags(3, $site, $tags);
if (isset($licenserx)) {
$licenserx = '1';
} else {
$licenserx = '0';
}
// update site
if ($active == 'true') {
$activeStr = 'true';
} else {
$activeStr = 'false';
}
$sql = "UPDATE `{$dbSites}` SET name='{$name}', department='{$department}', address1='{$address1}', address2='{$address2}', city='{$city}', ";
$sql .= "county='{$county}', postcode='{$postcode}', country='{$country}', telephone='{$telephone}', fax='{$fax}', email='{$email}', ";
$sql .= "websiteurl='{$websiteurl}', notes='{$notes}', typeid='{$typeid}', owner='{$owner}', freesupport='{$incident_quantity}', active='{$activeStr}' WHERE id='{$site}' LIMIT 1";
// licenserx='$licenserx'
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
} else {
plugin_do('edit_site_save');
journal(CFG_LOGGING_NORMAL, $strSiteEdited, sprintf($strSiteXEdited, $site), CFG_JOURNAL_SITES, $site);
html_redirect($_SERVER['PHP_SELF']);
exit;
}
} else {
echo $errors_string;
}
}
echo show_edit_site($site, 'external');
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
$storeinlog = 'No';
}
switch ($template) {
case 'email':
$sql = "UPDATE `{$dbEmailTemplates}` SET name='{$name}', description='{$description}', tofield='{$tofield}', fromfield='{$fromfield}', ";
$sql .= "replytofield='{$replytofield}', ccfield='{$ccfield}', bccfield='{$bccfield}', subjectfield='{$subjectfield}', ";
$sql .= "body='{$bodytext}', customervisibility='{$cust_vis}', storeinlog='{$storeinlog}' ";
$sql .= "WHERE id='{$id}' LIMIT 1";
break;
case 'notice':
$sql = "UPDATE `{$dbNoticeTemplates}` SET name='{$name}', description='{$description}', type='', ";
$sql .= "linktext='{$linktext}', link='{$link}', durability='{$durability}', ";
$sql .= "text='{$bodytext}' ";
$sql .= "WHERE id='{$id}' LIMIT 1";
break;
default:
trigger_error('Error: Invalid template type', E_USER_WARNING);
html_redirect($_SERVER['PHP_SELF'], FALSE);
}
// echo $sql;
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
if ($result) {
journal(CFG_LOGGING_NORMAL, 'Email Template Updated', "Email Template {$type} was modified", CFG_JOURNAL_ADMIN, $type);
html_redirect($_SERVER['PHP_SELF']);
} else {
html_redirect($_SERVER['PHP_SELF'], FALSE);
}
}
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
} else {
// FIXME html headers need sorting here, we don't want the header before we do this
html_redirect("sites.php?search_string=A");
}
}
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
// Records need moving before we delete
// Move contacts
$sql = "UPDATE `{$dbContacts}` SET siteid='{$destinationid}' WHERE siteid='{$id}'";
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// Move contracts
$sql = "UPDATE `{$dbMaintenance}` SET site='{$destinationid}' WHERE site='{$id}'";
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$sql = "DELETE FROM `{$dbSites}` WHERE id='{$id}' LIMIT 1";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'Site Deleted', "Site {$id} was deleted", CFG_JOURNAL_SITES, $id);
html_redirect("sites.php?search_string=A");
}
}
if ($oldincidentid == 0) {
$oldincidentid = 'Inbox';
}
$prettydate = ldate('r', $timestamp);
// prepend 'moved' header to bodytext
$body = sprintf($SYSLANG['strMovedFromXtoXbyX'], "<b>{$oldincidentid}</b>", "<b>{$incidentid}</b>", "<b>" . user_realname($sit[2]) . "</b>") . "\n";
$body .= sprintf($SYSLANG['strOriginalMessageReceivedAt'], "<b>{$prettydate}</b>") . "\n";
$body .= $SYSLANG['strStatus'] . " -> <b>{$SYSLANG['strActive']}</b>\n";
$bodytext = $body . $bodytext;
$bodytext = mysql_real_escape_string($bodytext);
// move the update.
$sql = "UPDATE `{$dbUpdates}` SET incidentid='{$incidentid}', userid='{$sit[2]}', bodytext='{$bodytext}', timestamp='{$now}' WHERE id='{$updateid}'";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
//remove from tempincoming to prevent build up
$sql = "DELETE FROM `{$dbTempIncoming}` WHERE updateid='{$updateid}'";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'Incident Update Moved', "Incident update {$update} moved to incident {$incidentid}", CFG_JOURNAL_INCIDENTS, $incidentid);
html_redirect("incident_details.php?id={$incidentid}");
}
} else {
// no open incident with this number. Return to form.
header("Location: {$_SERVER['PHP_SELF']}?id={$id}&updateid={$updateid}&error=1&win=incomingview");
exit;
}
}
/**
* Modifie le contenu d'un objet
*
* Fonction generique pour l'API de modification de contenu, qui se
* charge entre autres choses d'appeler les pipelines pre_edition
* et post_edition
*
* Attention, pour éviter des hacks on interdit des champs
* (statut, id_secteur, id_rubrique, id_parent),
* mais la securite doit étre assurée en amont
*
* @api
* @param string $objet
* Type d'objet
* @param int $id_objet
* Identifiant de l'objet
* @param array $options
* Toutes les options
* @param array|null $c
* Couples champ/valeur à modifier
* @param string $serveur
* Nom du connecteur à la base de données
* @return bool|string
* - false : Aucune modification, aucun champ n'est à modifier
* - chaîne vide : Vide si tout s'est bien passé
* - chaîne : Texte d'un message d'erreur
*/
function objet_modifier_champs($objet, $id_objet, $options, $c = null, $serveur = '')
{
if (!($id_objet = intval($id_objet))) {
spip_log('Erreur $id_objet non defini', 'warn');
return _T('erreur_technique_enregistrement_impossible');
}
include_spip('inc/filtres');
$table_objet = table_objet($objet, $serveur);
$spip_table_objet = table_objet_sql($objet, $serveur);
$id_table_objet = id_table_objet($objet, $serveur);
$trouver_table = charger_fonction('trouver_table', 'base');
$desc = $trouver_table($spip_table_objet, $serveur);
// Appels incomplets (sans $c)
if (!is_array($c)) {
spip_log('erreur appel objet_modifier_champs(' . $objet . '), manque $c');
return _T('erreur_technique_enregistrement_impossible');
}
// Securite : certaines variables ne sont jamais acceptees ici
// car elles ne relevent pas de autoriser(xxx, modifier) ;
// il faut passer par instituer_XX()
// TODO: faut-il passer ces variables interdites
// dans un fichier de description separe ?
unset($c['statut']);
unset($c['id_parent']);
unset($c['id_rubrique']);
unset($c['id_secteur']);
// Gerer les champs non vides
if (isset($options['nonvide']) and is_array($options['nonvide'])) {
foreach ($options['nonvide'] as $champ => $sinon) {
if (isset($c[$champ]) and $c[$champ] === '') {
$c[$champ] = $sinon;
}
}
}
// N'accepter que les champs qui existent
// TODO: ici aussi on peut valider les contenus
// en fonction du type
$champs = array();
foreach ($desc['field'] as $champ => $ignore) {
if (isset($c[$champ])) {
$champs[$champ] = $c[$champ];
}
}
// Nettoyer les valeurs
$champs = array_map('corriger_caracteres', $champs);
// Envoyer aux plugins
$champs = pipeline('pre_edition', array('args' => array('table' => $spip_table_objet, 'table_objet' => $table_objet, 'spip_table_objet' => $spip_table_objet, 'type' => $objet, 'id_objet' => $id_objet, 'champs' => isset($options['champs']) ? $options['champs'] : array(), 'serveur' => $serveur, 'action' => 'modifier'), 'data' => $champs));
if (!$champs) {
return false;
}
// marquer le fait que l'objet est travaille par toto a telle date
if ($GLOBALS['meta']['articles_modif'] != 'non') {
include_spip('inc/drapeau_edition');
signale_edition($id_objet, $GLOBALS['visiteur_session'], $objet);
}
// Verifier si les mises a jour sont pertinentes, datees, en conflit etc
include_spip('inc/editer');
$conflits = controler_md5($champs, $_POST, $objet, $id_objet, $serveur);
// cas hypothetique : normalement inc/editer verifie en amont le conflit edition
// et gere l'interface
// ici on ne renvoie donc qu'un messsage d'erreur, au cas ou on y arrive quand meme
if ($conflits) {
return _T('titre_conflit_edition');
}
if ($champs) {
// cas particulier de la langue : passer par instituer_langue_objet
if (isset($champs['lang'])) {
if ($changer_lang = $champs['lang']) {
$id_rubrique = 0;
if ($desc['field']['id_rubrique']) {
$parent = $objet == 'rubrique' ? 'id_parent' : 'id_rubrique';
$id_rubrique = sql_getfetsel($parent, $spip_table_objet, "{$id_table_objet}=" . intval($id_objet));
}
$instituer_langue_objet = charger_fonction('instituer_langue_objet', 'action');
$champs['lang'] = $instituer_langue_objet($objet, $id_objet, $id_rubrique, $changer_lang);
}
// on laisse 'lang' dans $champs,
// ca permet de passer dans le pipeline post_edition et de journaliser
// et ca ne gene pas qu'on refasse un sql_updateq dessus apres l'avoir
// deja pris en compte
}
// la modif peut avoir lieu
// faut-il ajouter date_modif ?
if (isset($options['date_modif']) and $options['date_modif'] and !isset($champs[$options['date_modif']])) {
$champs[$options['date_modif']] = date('Y-m-d H:i:s');
}
// allez on commit la modif
sql_updateq($spip_table_objet, $champs, "{$id_table_objet}=" . intval($id_objet), $serveur);
// on verifie si elle est bien passee
$moof = sql_fetsel(array_keys($champs), $spip_table_objet, "{$id_table_objet}=" . intval($id_objet), array(), array(), '', array(), $serveur);
// si difference entre les champs, reperer les champs mal enregistres
if ($moof != $champs) {
$liste = array();
foreach ($moof as $k => $v) {
if ($v !== $champs[$k] and (!is_numeric($v) or intval($v) != intval($champs[$k]))) {
$liste[] = $k;
$conflits[$k]['post'] = $champs[$k];
$conflits[$k]['save'] = $v;
// cas specifique MySQL+emoji : si l'un est la
// conversion utf8_noplanes de l'autre alors c'est OK
if (defined('_MYSQL_NOPLANES') && _MYSQL_NOPLANES) {
include_spip('inc/charsets');
if ($v == utf8_noplanes($champs[$k])) {
array_pop($liste);
}
}
}
}
// si un champ n'a pas ete correctement enregistre, loger et retourner une erreur
// c'est un cas exceptionnel
if (count($liste)) {
spip_log("Erreur enregistrement en base {$objet}/{$id_objet} champs :" . var_export($conflits, true), 'modifier.' . _LOG_CRITIQUE);
return _T('erreur_technique_enregistrement_champs', array('champs' => "<i>'" . implode("'</i>,<i>'", $liste) . "'</i>"));
}
}
// Invalider les caches
if (isset($options['invalideur']) and $options['invalideur']) {
include_spip('inc/invalideur');
if (is_array($options['invalideur'])) {
array_map('suivre_invalideur', $options['invalideur']);
} else {
suivre_invalideur($options['invalideur']);
}
}
// Notifications, gestion des revisions...
// en standard, appelle |nouvelle_revision ci-dessous
pipeline('post_edition', array('args' => array('table' => $spip_table_objet, 'table_objet' => $table_objet, 'spip_table_objet' => $spip_table_objet, 'type' => $objet, 'id_objet' => $id_objet, 'champs' => isset($options['champs']) ? $options['champs'] : array(), 'serveur' => $serveur, 'action' => 'modifier'), 'data' => $champs));
}
// journaliser l'affaire
// message a affiner :-)
include_spip('inc/filtres_mini');
$qui = isset($GLOBALS['visiteur_session']['nom']) and $GLOBALS['visiteur_session']['nom'] ? $GLOBALS['visiteur_session']['nom'] : $GLOBALS['ip'];
journal(_L($qui . ' a édité l’' . $objet . ' ' . $id_objet . ' (' . join('+', array_diff(array_keys($champs), array('date_modif'))) . ')'), array('faire' => 'modifier', 'quoi' => $objet, 'id' => $id_objet));
return '';
}
$sql .= "WHERE origcolref = '{$updateid}' ";
$sql .= "AND linktype = 5 ";
$sql .= "AND l.linkcolref = f.id ";
if ($result = @mysql_query($sql)) {
while ($row = mysql_fetch_object($result)) {
$file = $path . $row->linkcolref . "-" . $row->filename;
if (file_exists($file)) {
$del = unlink($file);
if (!$del) {
trigger_error("Deleting attachment failed", E_USER_ERROR);
$deleted = FALSE;
}
}
}
}
if ($deleted_files) {
// We delete using ID and timestamp to make sure we dont' delete the wrong update by accident
$sql = "DELETE FROM `{$dbUpdates}` WHERE id='{$updateid}' AND timestamp='{$timestamp}'";
// We might in theory have more than one ...
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$sql = "DELETE FROM `{$dbTempIncoming}` WHERE id='{$tempid}'";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
journal(CFG_LOGGING_NORMAL, 'Incident Log Entry Deleted', "Incident Log Entry {$updateid} was deleted from Incident {$incidentid}", CFG_JOURNAL_INCIDENTS, $incidentid);
html_redirect("holding_queue.php");
$sql = "SELECT id FROM `{$dbUpdates}` WHERE userid={$userid} LIMIT 1";
$result = mysql_query($sql);
if (mysql_num_rows($result) >= 1) {
$errors++;
}
// FIXME need to check more tables for data possibly linked to userid
// We break data integrity if we delete the user and there are things
// related to him/her
if ($errors == 0) {
$sql = array();
$sql[] = "DELETE FROM `{$dbUsers}` WHERE id = {$userid} LIMIT 1";
$sql[] = "DELETE FROM `{$dbHolidays}` WHERE userid = {$userid}";
$sql[] = "DELETE FROM `{$dbUserGroups}` WHERE userid = {$userid}";
$sql[] = "DELETE FROM `{$dbUserPermissions}` WHERE userid = {$userid}";
foreach ($sql as $query) {
$result = mysql_query($query);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
journal(CFG_LOGGING_NORMAL, 'User Removed', "User {$userid} was removed", CFG_JOURNAL_USERS, $userid);
html_redirect("users.php");
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<p class='error'>{$strCannotDeleteUser}</p>";
echo "<p align='center'><a href='users.php#{$userid}'>{$strBackToList}</a></p>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
} else {
trigger_error("Cound not delete user: Parameter(s) missing", E_USER_WARNING);
}
$query[] = "INSERT INTO `{$dbKBContent}` (docid, ownerid, headerstyle, header, contenttype, content, distribution) VALUES ('{$docid}', '" . mysql_real_escape_string($sit[2]) . "', 'h1', 'Summary', '1', 'Enter details here...', 'restricted') ";
}
foreach ($query as $sql) {
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
// Add Software Record
if ($softwareid > 0) {
$sql = "INSERT INTO `{$dbKBSoftware}` (docid,softwareid) VALUES ('{$docid}', '{$softwareid}')";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
journal(CFG_LOGGING_NORMAL, 'KB Article Added', "KB Article {$docid} was added", CFG_JOURNAL_KB, $docid);
}
//html_redirect("incident_details.php?id={$id}", TRUE, "Knowledge Base Article {$CONFIG['kb_id_prefix']}{$docid} created");
plugin_do('incident_closing');
echo "<html>";
echo "<head></head>";
echo "<body onload=\"close_page_redirect('incident_details.php?id={$id}');\">";
echo "</body>";
echo "</html>";
} else {
plugin_do('incident_closing');
echo "<html>";
echo "<head></head>";
echo "<body onload=\"close_page_redirect('incident_details.php?id={$id}');\">";
echo "</body>";
echo "</html>";
// Add product information
$errors = 0;
include APPLICATION_INCPATH . 'htmlheader.inc.php';
// check for blank product
if ($product == 0) {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProduct}'"), E_USER_ERROR);
}
// check for blank information
if ($information == '') {
$errors = 1;
echo user_alert(sprintf($strFieldMustNotBeBlank, "'{$strQuestion}'"), E_USER_ERROR);
}
// add product information if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbProductInfo}` (productid, information, moreinformation) ";
$sql .= "VALUES ('{$product}', '{$information}', '{$moreinformation}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$result) {
echo "<p class='error'>" . sprintf($strAddXfailed, $strProductInformation) . "\n";
} else {
journal(CFG_LOGGING_NORMAL, 'Product Info Added', "Info was added to Product {$product}", CFG_JOURNAL_PRODUCTS, $product);
html_redirect("products.php?productid={$product}");
exit;
}
}
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
$_SESSION['formerrors']['add_software']['name'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strName}'"), E_USER_ERROR);
}
// Check this is not a duplicate
$sql = "SELECT id FROM `{$dbSoftware}` WHERE LCASE(name)=LCASE('{$name}') LIMIT 1";
$result = mysql_query($sql);
if (mysql_num_rows($result) >= 1) {
$errors++;
$_SESSION['formerrors']['add_software']['duplicate'] .= $strARecordAlreadyExistsWithTheSameName;
}
// add product if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbSoftware}` (name, vendorid, lifetime_start, lifetime_end) VALUES ('{$name}','{$vendor}','{$lifetime_start}','{$lifetime_end}')";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
if (!$result) {
echo "<p class='error'>{$strAdditionFail}</p>";
} else {
$id = mysql_insert_id();
replace_tags(TAG_SKILL, $id, $tags);
journal(CFG_LOGGING_DEBUG, 'Skill Added', "Skill {$id} was added", CFG_JOURNAL_DEBUG, $id);
html_redirect("products.php");
//clear form data
$_SESSION['formdata']['add_software'] = NULL;
}
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
html_redirect($_SERVER['PHP_SELF'], FALSE);
}
}
echo " {$strPermissionDenied}</h2>";
// FIXME 3.35 triggers
if ($username != '') {
$errdate = date('M j H:i');
$errmsg = "{$errdate} " . permission_name($id) . "({$id}) " . sprintf($strPermissionDeniedForX, $username);
$errmsg .= "\n";
if (!empty($CONFIG['access_logfile'])) {
$errlog = error_log($errmsg, 3, "{$CONFIG['access_logfile']}");
if (!$errlog) {
echo "Fatal error logging this problem<br />";
}
}
unset($errdate);
unset($errmsg);
unset($errlog);
}
if (strpos($id, ',') !== FALSE) {
$refused = explode(',', $id);
} else {
$refused = array($id);
}
echo "<p align='center' class='error'>{$strSorryNoPermissionToAreas}:</p>";
echo "<ul>";
foreach ($refused as $id) {
echo "<li>{$id}: " . permission_name($id) . "</li>\n";
journal(CFG_LOGGING_MIN, 'Access Failure', "Access to " . permission_name($id) . " ({$id}) was denied", CFG_JOURNAL_OTHER, $id);
}
echo "</ul>";
echo "<p align='center'>{$strIfYouShouldHaveAccess}</p>";
echo "<p align='center'><a href=\"javascript:history.back();\">{$strPrevious}</a></p>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
$permission = 26;
// Help
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
$title = "Help";
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
// External variables
$id = cleanvar($_REQUEST['id']);
$title = $strHelp;
include APPLICATION_INCPATH . 'htmlheader.inc.php';
journal(CFG_LOGGING_MAX, 'Help Viewed', "Help document {$id} was viewed", CFG_JOURNAL_OTHER, $id);
echo "<h2>" . icon('help', 32, $strHelp) . " ";
if ($id > 0) {
echo permission_name($id) . ' ';
}
echo "{$strHelp}</h2>";
echo "<div id='help'>";
$helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "help.html";
if (!file_exists($helpfile)) {
$helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "en-GB/help.html";
}
if (file_exists($helpfile)) {
$helptext = file_get_contents($helpfile);
} else {
trigger_error("Error: Missing helpfile 'help.html'", E_USER_ERROR);
}
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$sql_update = "UPDATE `{$dbIncidents}` SET lastupdated = '{$now}' WHERE id = {$id}";
mysql_query($sql_update);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
if ($draftid != -1) {
$sql = "DELETE FROM `{$dbDrafts}` WHERE id = {$draftid}";
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
journal(CFG_LOGGING_FULL, $SYSLANG['strEmailSent'], "{$SYSLANG['strSubject']}: {$subjectfield}, {$SYSLANG['strIncident']}: {$id}", CFG_JOURNAL_INCIDENTS, $id);
// FIXME i18n, maybe have a function that prints a dialog and then closes the window?
echo "<html>";
echo "<head>";
?>
<script type="text/javascript">
function confirm_close_window()
{
if (window.confirm('The email was sent successfully, click OK to close this window'))
{
window.opener.location='incident_details.php?id=<?php
echo $id;
?>
';
window.close();
}
