Exemplo n.º 1
0
$order_list = array('code', 'subject', 'last_replier', 'replies', 'priority_id', 'last_update', 'department_id', 'status');
$orderby = in_array($params[2], $order_list) ? $params[2] : 'last_update';
$sortby = $params[3] == 'asc' ? 'asc' : 'desc';
if ($input->p['do'] == 'update') {
    if (verifyToken('tickets', $input->p['csrfhash']) !== true) {
        $error_msg = $LANG['CSRF_ERROR'];
    } elseif (!is_array($input->p['ticket_id'])) {
        $error_msg = $LANG['NO_SELECT_TICKET'];
    } else {
        foreach ($input->p['ticket_id'] as $k) {
            if (is_numeric($k)) {
                $ticketid = $db->real_escape_string($k);
                if ($input->p['remove'] == 1) {
                    $db->delete(TABLE_PREFIX . "tickets", "id='{$ticketid}'");
                    $db->delete(TABLE_PREFIX . "tickets_messages", "ticket_id='{$ticketid}'");
                    removeAttachment($ticketid, 'tickets');
                } else {
                    if (array_key_exists($input->p['department'], $departments)) {
                        $db->query("UPDATE " . TABLE_PREFIX . "tickets SET department_id='" . $db->real_escape_string($input->p['department']) . "' WHERE id='{$ticketid}'");
                    }
                    if (array_key_exists($input->p['status'], $statuscolor)) {
                        $db->query("UPDATE " . TABLE_PREFIX . "tickets SET status='" . $db->real_escape_string($input->p['status']) . "' WHERE id='{$ticketid}'");
                    }
                    if (array_key_exists($input->p['priority'], $priority)) {
                        $db->query("UPDATE " . TABLE_PREFIX . "tickets SET priority_id='" . $db->real_escape_string($input->p['priority']) . "' WHERE id='{$ticketid}'");
                    }
                }
            }
        }
        header('location: ' . getUrl($controller, $action, array('page', $page, $orderby, $sortby), $getvar));
        exit;
Exemplo n.º 2
0
    $page = !is_numeric($params[2]) ? 1 : $params[2];
} else {
    $page = 1;
}
if ($input->p['do'] == 'update') {
    if (verifyToken('knowledgebase', $input->p['csrfhash']) !== true) {
        $error_msg = $LANG['CSRF_ERROR'];
    } elseif (!is_array($input->p['kb_id'])) {
        $error_msg = $LANG['NO_SELECT_ARTICLE'];
    } else {
        foreach ($input->p['kb_id'] as $k) {
            if (is_numeric($k)) {
                $kb_id = $db->real_escape_string($k);
                if ($input->p['remove'] == 1) {
                    $db->delete(TABLE_PREFIX . "articles", "id='{$kb_id}'");
                    removeAttachment($kb_id, 'articles');
                } else {
                    if (array_key_exists($input->p['kb_category'], $kb_category)) {
                        $db->query("UPDATE " . TABLE_PREFIX . "articles SET category='" . $db->real_escape_string($input->p['kb_category']) . "' WHERE id='{$kb_id}'");
                    }
                }
            }
        }
        header('location: ' . getUrl($controller, $action, array('page', $page, $orderby, $sortby), $getvar));
        exit;
    }
}
$order_list = array('title', 'author', 'date', 'category', 'views');
$orderby = in_array($params[3], $order_list) ? $params[3] : 'id';
$sortby = $params[4] == 'asc' ? 'asc' : 'desc';
$max_results = $settings['page_size'];
Exemplo n.º 3
0
         if ($attachment['total'] == 0) {
             $filename = CONTROLLERS . 'home_controller.php';
             $action = '404notfound';
             include $filename;
             exit;
         } else {
             header("Content-disposition: attachment; filename=" . $attachment['name']);
             header("Content-type: " . $attachment['filetype']);
             readfile(UPLOAD_DIR . 'tickets/' . $attachment['enc']);
             exit;
         }
     }
 } elseif ($params[2] == 'remove_attachment') {
     $attachment = $db->fetchRow("SELECT id, COUNT(id) AS total FROM " . TABLE_PREFIX . "attachments WHERE id=" . $db->real_escape_string($params[3]) . " AND ticket_id=" . $params[1] . " AND msg_id=" . $params[4]);
     if ($attachment['total'] != 0) {
         removeAttachment($attachment['id'], 'ticket');
     }
     header('location:' . getUrl($controller, $action, array('view', $ticket['id'], 'AttachmentRemoved')));
     exit;
 } elseif ($params[2] == 'getKB') {
     if (is_numeric($params[3])) {
         $kb = $db->fetchOne("SELECT content FROM " . TABLE_PREFIX . "articles WHERE id=" . $db->real_escape_string($params[3]));
         $kb = html_entity_decode(strip_tags($kb));
         $kb = urldecode($kb);
         echo $kb;
     }
     exit;
 }
 $canned_q = $db->query("SELECT id, title, message FROM " . TABLE_PREFIX . "canned_response ORDER BY position ASC");
 while ($r = $db->fetch_array($canned_q)) {
     $r['message'] = html_entity_decode($r['message']);