public function __construct()
{
parent::__construct();
$privSet = verifyToken();
if (!$privSet) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
$this->load->model('statemodel');
}
public function __construct()
{
parent::__construct();
if (!verifyToken()) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
date_default_timezone_set('America/Indianapolis');
$this->load->model('uploadfilesmodel');
}
public function __construct()
{
parent::__construct();
$privSet = verifyToken();
if (!$privSet) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
$this->load->model('otherchargemodel');
//$this->load->model('orderShipTracking/ordershiptrackingmodel');
}
public function __construct()
{
parent::__construct();
$privSet = verifyToken();
if (!$privSet) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
//$this->QRCodeImagePath = realpath(APPPATH . '../../../images/Orders');
$this->load->model('emailangmodel');
}
public function __construct()
{
parent::__construct();
$privSet = verifyToken();
if (!$privSet) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
$this->load->model('statuslogmodel');
$this->load->library('user_agent');
date_default_timezone_set('America/Indianapolis');
}
public function __construct()
{
parent::__construct();
$privSet = verifyToken();
if (!$privSet) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
if (!checkPermissionsByModule($privSet, 'vendor')) {
$this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400);
}
$this->load->model('vendormodel');
}
public function __construct()
{
parent::__construct();
$privSet = verifyToken();
if (!$privSet) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
if (!checkPermissionsByModule($privSet, 'inventory')) {
$this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400);
}
date_default_timezone_set('America/Indianapolis');
$this->load->model('inventoryitemstobuilditemslinkmodel');
}
public function __construct()
{
parent::__construct();
$privSet = verifyToken();
if (!$privSet) {
$this->response(array('error' => 'Invalid or missing token.'), 401);
}
if (!checkPermissionsByModule($privSet, 'inventory')) {
$this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400);
}
date_default_timezone_set('America/Indianapolis');
$this->load->model('inventoryitemmodel');
$this->load->helper('download');
$this->load->helper('file');
$this->orderRedoUploadPath = realpath(APPPATH . '../../../images/');
}
<?php
if ($params[1] == 'save') {
if (verifyToken('canned', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif ($input->p['title'] == '') {
$error_msg = $LANG['ENTER_THE_TITLE'];
} else {
$total = $db->fetchOne("SELECT COUNT(id) AS NUM FROM " . TABLE_PREFIX . "canned_response");
$data = array('title' => $input->p['title'], 'message' => $input->p['message'], 'position' => $total + 1);
$db->insert(TABLE_PREFIX . "canned_response", $data);
header('location: ' . getUrl($controller, $action, array('canned', 'saved')));
exit;
}
} elseif ($params[1] == 'editMsg') {
if (verifyToken('canned', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif ($input->p['title'] == '') {
$error_msg = $LANG['ENTER_THE_TITLE'];
} elseif (!is_numeric($input->p['msgid'])) {
$error_msg = $LANG['INVALID_ID'];
} else {
$data = array('title' => $input->p['title'], 'message' => $input->p['message']);
$db->update(TABLE_PREFIX . "canned_response", $data, "id=" . $db->real_escape_string($input->p['msgid']));
header('location: ' . getUrl($controller, $action, array('canned', 'updated')));
exit;
}
} elseif ($params[1] == 'GetCannedForm') {
if (is_numeric($params[2]) && $params[2] != 0) {
$canned = $db->fetchRow("SELECT *, COUNT(id) as total FROM " . TABLE_PREFIX . "canned_response WHERE id=" . $db->real_escape_string($params[2]));
if ($canned['total'] == 0) {
public function rest_delete($tableName, $id)
{
if (!empty($tableName)) {
$result = $this->restmodel->getPrimaryKeyFieldName($tableName);
}
$privSet = verifyToken();
if (!checkPermissionsByTable($privSet, $tableName)) {
$this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400);
}
// we want to get the key name from an array
if ($result) {
$primaryKeyName = $result['COLUMN_NAME'];
if (!empty($id)) {
//echo $tableName."<br/>".$primaryKeyName."<br/>".$id;
$this->restmodel->deleteTblData($tableName, $primaryKeyName, $id);
}
} else {
$this->response(array('mssg' => 'no primary key field name detected'), 404);
// 200 being the HTTP response code
}
//$this->restmodel->deleteTblData($tableName,$keyName,$id);
$this->response(array('returned from delete:' => $id));
}
<?php
if ($params[0] == 'save') {
if (verifyToken('preferences', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} else {
$timezone_user = '';
if (!empty($input->p['timezone'])) {
if (in_array($input->p['timezone'], $timezone)) {
$timezone_user = $input->p['timezone'];
}
}
$data = array('timezone' => $timezone_user);
$db->update(TABLE_PREFIX . "users", $data, "id={$user['id']}");
header('location: ' . getUrl('user_account', 'preferences', array('saved')));
exit;
}
}
$template_vars['timezone'] = $timezone;
$template_vars['user'] = $user;
$template_vars['error_msg'] = $error_msg;
$template = $twig->loadTemplate('user_preferences.html');
echo $template->render($template_vars);
$db->close();
exit;
<?php
require MODELES . 'membres/token.php';
if (verifyToken($_GET['token'])) {
if (connected()) {
alert('ok', 'Votre nouvelle adresse mail a été validée ! Vous pouvez désormais l\'utiliser.');
header('Location: ' . getLink(['membres', 'profil']));
exit;
} else {
alert('ok', 'Votre adresse mail a été validée ! Vous pouvez désormais vous connecter.');
header('Location: ' . getLink(['membres', 'connexion']));
exit;
}
} else {
alert('error', 'Une erreur s\'est produite. Si vous êtes un méchant hacker, sachez que ce que vous étiez en train d\'essayer de faire ne va pas fonctionner.');
header('Location: ' . getLink(['accueil']));
exit;
}
}
$news_title = $input->p['title'] == '' ? $news['title'] : $input->p['title'];
$news_content = $input->p['content'] == '' ? $news['content'] : $input->p['content'];
$template_vars['news'] = $news;
$template_vars['news_id'] = $news_id;
$template_vars['news_title'] = $news_title;
$template_vars['news_content'] = $news_content;
$template_vars['error_msg'] = $error_msg;
$template = $twig->loadTemplate('news_edit.html');
echo $template->render($template_vars);
$db->close();
exit;
}
}
if ($input->p['do'] == 'update') {
if (verifyToken('news', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif (!is_array($input->p['news_id'])) {
$error_msg = $LANG['NO_SELECT_TICKET'];
} else {
foreach ($input->p['news_id'] as $k) {
if (is_numeric($k)) {
$news_id = $db->real_escape_string($k);
if ($input->p['remove'] == 1) {
$db->delete(TABLE_PREFIX . "news", "id='{$news_id}'");
}
}
}
header('location: ' . getUrl($controller, $action, array('page', $page, $orderby, $sortby), $getvar));
exit;
}
$cookie_time = time() + 60 * 60 * 8;
$data = array('id' => $staff['id'], 'username' => $staff['username'], 'password' => $password, 'expires' => $cookie_time);
$data = serialize($data);
$data = encrypt($data);
setcookie('stfhash', $data, $cookie_time, '/');
$_SESSION['staff']['id'] = $staff['id'];
$_SESSION['staff']['username'] = $staff['username'];
$_SESSION['staff']['password'] = $password;
}
header('location:' . getUrl($controller, $action, array('staff', 'account_updated')));
exit;
}
}
}
} elseif ($params[1] == 'add_account') {
if (verifyToken('staff_account', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif ($input->p['fullname'] == '' || $input->p['username'] == '' || $input->p['email'] == '' || $input->p['password'] == '') {
$error_msg = $LANG['ONE_REQUIRED_FIELDS_EMPTY'];
} elseif (validateEmail($input->p['email']) !== TRUE) {
$error_msg = $LANG['ENTER_A_VALID_EMAIL'];
} elseif ($input->p['password'] != $input->p['password2']) {
$error_msg = $LANG['PASSWORDS_DONOT_MATCH'];
} elseif (strlen($input->p['password']) < 6) {
$error_msg = $LANG['ENTER_PASSWORD_6_CHAR_MIN'];
} else {
$chk = $db->fetchOne("SELECT COUNT(id) AS total FROM " . TABLE_PREFIX . "staff WHERE username='******'username']) . "'");
if ($chk != 0) {
$error_msg = $LANG['USERNAME_TAKEN'];
}
$chk = $db->fetchOne("SELECT COUNT(id) AS total FROM " . TABLE_PREFIX . "staff WHERE email='" . $db->real_escape_string($input->p['email']) . "'");
$gateway[$n] = $row;
$n = $n + 1;
}
if ($input->p['a'] == "submit") {
verifyajax();
$username = $input->pc['username'];
$password = $input->pc['password'];
$password2 = $input->pc['password2'];
$fullname = $input->pc['fullname'];
$email = $input->pc['email'];
$email2 = $input->pc['email2'];
$captcha = strtoupper($input->pc['captcha']);
$terms = $input->pc['terms'];
$referrer = $db->real_escape_string($_SESSION['ref']);
$gatewayid = $input->p['gatewayid'];
if (verifyToken("register", $input->p['token']) !== true) {
serveranswer(0, $lang['txt']['invalidtoken']);
}
if ($settings['captcha_register'] == "yes") {
if ($settings['captcha_type'] == "1") {
$resp = validate_captcha($captcha, "");
} else {
if ($settings['captcha_type'] == "2") {
$resp = validate_captcha($_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
} else {
if ($settings['captcha_type'] == "3") {
$resp = validate_captcha();
}
}
}
}
if ($params[1] == 'update_general') {
if (verifyToken('ticket_settings', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} else {
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['show_tickets'] == 'DESC' ? 'DESC' : 'ASC'), "field='show_tickets'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['ticket_reopen'] == '1' ? '1' : '0'), "field='ticket_reopen'");
$db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['tickets_page']) ? $input->p['tickets_page'] : 20), "field='tickets_page'");
$db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['tickets_replies']) ? $input->p['tickets_replies'] : 10), "field='tickets_replies'");
$db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['overdue_time']) ? $input->p['overdue_time'] : 72), "field='overdue_time'");
$db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['closeticket_time']) ? $input->p['closeticket_time'] : 72), "field='closeticket_time'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['ticket_attachment'] == '1' ? '1' : '0'), "field='ticket_attachment'");
header('location: ' . getUrl($controller, $action, array('tickets', 'general_updated#ctab1')));
exit;
}
} elseif ($params[1] == 'delete_filetype') {
if (verifyToken('ticket_settings', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif (!is_array($input->p['filetype_id'])) {
$error_msg = $LANG['INVALID_FORM'];
} else {
if ($input->p['remove'] == 1) {
foreach ($input->p['filetype_id'] as $id) {
$db->delete(TABLE_PREFIX . "file_types", "id='" . $db->real_escape_string($id) . "'");
}
header('location: ' . getUrl($controller, $action, array('tickets', 'filetype_removed#ctab2')));
exit;
}
}
} elseif ($params[1] == 'insert_filetype') {
if ($input->p['do'] != 'insert') {
$error_msg = $LANG['INVALID_FORM'];
exit;
}
} elseif ($params[1] == 'update_security') {
if (verifyToken('general_settings', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} else {
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['use_captcha'] == 1 ? 1 : 0), "field='use_captcha'");
$db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['login_attempt']) ? $input->p['login_attempt'] : 3), "field='login_attempt'");
$db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['login_attempt_minutes']) ? $input->p['login_attempt_minutes'] : 5), "field='login_attempt_minutes'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['loginshare'] == 1 ? 1 : 0), "field='loginshare'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['loginshare_url']), "field='loginshare_url'");
header('location: ' . getUrl($controller, $action, array('general', 'security_updated#ctab6')));
exit;
}
} elseif ($params[1] == 'update_social') {
if (verifyToken('general_settings', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} else {
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['facebookoauth'] == 1 ? 1 : 0), "field='facebookoauth'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['facebookappid']), "field='facebookappid'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['facebookappsecret']), "field='facebookappsecret'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['googleoauth'] == 1 ? 1 : 0), "field='googleoauth'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['googleclientid']), "field='googleclientid'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['googleclientsecret']), "field='googleclientsecret'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['socialbuttonnews']), "field='socialbuttonnews'");
$db->update(TABLE_PREFIX . "settings", array('value' => $input->p['socialbuttonkb']), "field='socialbuttonkb'");
header('location: ' . getUrl($controller, $action, array('general', 'security_social#ctab7')));
exit;
}
}
$homepage = $db->fetchRow("SELECT * FROM " . TABLE_PREFIX . "pages WHERE id='home'");
set_time_limit(500);
ob_end_flush();
if (!isset($GLOBALS['tmpdir'])) {
$GLOBALS['tmpdir'] = ini_get('upload_tmp_dir');
}
if (!is_dir($GLOBALS['tmpdir']) || !is_writable($GLOBALS['tmpdir'])) {
$GLOBALS['tmpdir'] = ini_get('upload_tmp_dir');
}
#if (ini_get("open_basedir")) {
if (!is_dir($GLOBALS['tmpdir']) || !is_writable($GLOBALS['tmpdir'])) {
Warn($GLOBALS['I18N']->get('The temporary directory for uploading is not writable, so import will fail') . ' (' . $GLOBALS['tmpdir'] . ')');
}
$import_lists = getSelectedLists('importlists');
$_POST['importlists'] = $import_lists;
if (isset($_REQUEST['import'])) {
if (!verifyToken()) {
print Error(s('Invalid security token, please reload the page and try again'));
return;
}
$test_import = isset($_POST['import_test']) && $_POST['import_test'] == 'yes';
if (empty($_FILES['import_file'])) {
Fatal_Error($GLOBALS['I18N']->get('No file was specified. Maybe the file is too big?'));
return;
}
if (!$_FILES['import_file']) {
Fatal_Error($GLOBALS['I18N']->get('File is either too large or does not exist.'));
return;
}
if (filesize($_FILES['import_file']['tmp_name']) > IMPORT_FILESIZE * 1000000) {
Fatal_Error($GLOBALS['I18N']->get('File too big, please split it up into smaller ones'));
return;
$department_id = $input->p['department'];
} else {
$department_id = null;
}
if ($action == 'displayForm' || $action == 'confirmation') {
$display_error = 1;
if ($action == 'displayForm') {
if (is_numeric($department_id)) {
$department = $db->fetchRow("SELECT COUNT(*) AS total, name FROM " . TABLE_PREFIX . "departments WHERE id={$department_id} AND type=0");
if ($department['total'] != 0) {
$show_step2 = true;
}
}
} elseif ($action == 'confirmation') {
$display_error = 1;
if (verifyToken('submit_ticket', $input->p['csrfhash']) !== true) {
$display_error = 2;
} else {
if (is_numeric($department_id)) {
$department = $db->fetchRow("SELECT COUNT(*) AS total, name FROM " . TABLE_PREFIX . "departments WHERE id={$department_id} AND type=0");
if ($department['total'] != 0) {
$required_fields = array('fullname', 'email', 'priority', 'subject', 'message');
if ($settings['use_captcha']) {
$required_fields[] = 'captcha';
if (strtoupper($input->p['captcha']) != $_SESSION['captcha']) {
$show_step2 = true;
$emptyvars[] = 'captcha';
$error_msg = $LANG['INVALID_CAPTCHA_CODE'];
unset($_SESSION['captcha']);
}
}
<?php
/**
* @package HelpDeskZ
* @website: http://www.helpdeskz.com
* @community: http://community.helpdeskz.com
* @author Evolution Script S.A.C.
* @since 1.0.0
*/
if ($action == 'login') {
if (verifyToken('login', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif (empty($input->p['username']) || empty($input->p['password'])) {
$error_msg = $LANG['USERNAME_PASSWORD_INCORRECT'];
} else {
$attempt = $db->fetchRow("SELECT COUNT(ip) AS total, attempts, date FROM " . TABLE_PREFIX . "login_attempt WHERE ip='" . $_SERVER['REMOTE_ADDR'] . "'");
if ($attempt['total'] > 0) {
if ($settings['login_attempt'] > 0 && $attempt['attempts'] >= $settings['login_attempt']) {
if ($attempt['date'] + 60 * $settings['login_attempt_minutes'] > time()) {
$error_msg = str_replace('%minutes%', $settings['login_attempt_minutes'], $LANG['LOGIN_LOCKED_FOR_X_MINUTES']) . '<br>' . str_replace(array('%attempt1%', '%attempt2%'), array($settings['login_attempt'], $settings['login_attempt']), $LANG['ATTEMPT_X_OF_Y']);
} else {
$db->delete(TABLE_PREFIX . "login_attempt", "ip='" . $_SERVER['REMOTE_ADDR'] . "'");
$attempt['total'] = 0;
}
} elseif ($attempt['date'] + 300 < time()) {
$db->delete(TABLE_PREFIX . "login_attempt", "ip='" . $_SERVER['REMOTE_ADDR'] . "'");
$attempt['total'] = 0;
}
}
if (!$error_msg) {
$staff = $db->fetchRow("SELECT COUNT(id) AS total, id, username, password, login, fullname, status FROM " . TABLE_PREFIX . "staff WHERE username='******'username']) . "' AND password='******'password']) . "'");
<?php
/**
* @package HelpDeskZ
* @website: http://www.helpdeskz.com
* @community: http://community.helpdeskz.com
* @author Evolution Script S.A.C.
* @since 1.0.0
*/
if ($params[1] == 'publish') {
if (verifyToken('article', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} else {
if ($input->p['title'] == '') {
$error_msg = $LANG['ARTICLE_HAS_NOT_TITLE'];
} elseif ($input->p['content'] == '') {
$error_msg = $LANG['ENTER_ARTICLE_CONTENT'];
} elseif (!is_numeric($input->p['category'])) {
$error_msg = $LANG['SELECT_CATEGORY'];
} else {
$uploaddir = UPLOAD_DIR . 'articles/';
if ($_FILES['file1']['error'] == 0) {
$ext = pathinfo($_FILES['file1']['name'], PATHINFO_EXTENSION);
$filename = md5($_FILES['file1']['name'] . time()) . "." . $ext;
$fileuploaded[] = array('name' => $_FILES['file1']['name'], 'enc' => $filename, 'size' => formatBytes($_FILES['file1']['size']), 'filetype' => $_FILES['file1']['type']);
$uploadedfile = $uploaddir . $filename;
if (!move_uploaded_file($_FILES['file1']['tmp_name'], $uploadedfile)) {
$error_msg = $LANG['ERROR_UPLOADING_FILE'];
}
}
if ($_FILES['file2']['error'] == 0) {
// import phpCAS lib
include_once 'classes/phpCAS/CAS.php';
include_once "classes/phpCAS/cas_config.php";
if (isset($_GET['user'])) {
$token = $_GET['token'];
$user = $_GET['user'];
$action = getGet('action');
$siddy = getGet('sid');
$get = '?';
if ($action != FALSE) {
$get .= "action=" . $action . "&";
}
if ($siddy != FALSE) {
$get .= "sid=" . $siddy . "&";
}
if ($user == verifyToken($token) && verifyToken($token) != null) {
$auth = TRUE;
//setUserRightsCas($user);
$_SESSION['CASauthenticated'] = $auth;
header("Location: admin.php{$get}");
} else {
$auth = FALSE;
$_SESSION['CASauthenticated'] = $auth;
header("Location: http://{$casAuthServer}{$casAuthUri}&category=auth.login");
}
} elseif (!isset($_SESSION['CASauthenticated'])) {
header("Location: http://{$casAuthServer}{$casAuthUri}&category=auth.login");
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'logout') {
//session_unset();
session_destroy();
<?php
/**
* @package HelpDeskZ
* @website: http://www.helpdeskz.com
* @community: http://community.helpdeskz.com
* @author Evolution Script S.A.C.
* @since 1.0.0
*/
$salutation = array('', 'Mr.', 'Ms.', 'Mrs.', 'Dr.');
if ($params[0] == 'save') {
if (verifyToken('profile', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif (empty($input->p['fullname']) || empty($input->p['email'])) {
$error_msg = $LANG['ONE_REQUIRED_FIELD_EMPTY'];
} elseif (validateEmail($input->p['email']) !== TRUE) {
$error_msg = $LANG['INVALID_EMAIL_ADDRESS'];
} else {
$chk = 0;
if ($input->p['email'] != $user['email']) {
$chk = $db->fetchOne("SELECT COUNT(id) AS NUM FROM " . TABLE_PREFIX . "users WHERE email='" . $db->real_escape_string($input->p['email']) . "'");
}
if ($chk != 0) {
$error_msg = $LANG['EMAIL_ASSOCIATED_OTHER_ACCOUNT'];
} else {
$salutation_user = array_key_exists($input->p['salutation'], $salutation) ? $input->p['salutation'] : 0;
$email_user = $input->p['email'];
if ($email_user != $user['email']) {
$_SESSION['user']['email'] = $email_user;
}
$data = array('salutation' => $salutation_user, 'email' => $email_user, 'fullname' => $input->p['fullname']);
<?php
if ($params[1] == 'getTemplateForm') {
$email = $db->fetchRow("SELECT *, COUNT(id) AS total FROM " . TABLE_PREFIX . "emails WHERE id='" . $db->real_escape_string($params[2]) . "'");
if ($email['total'] == 0) {
die($LANG['ERROR_RETRIEVING_DATA']);
}
$form_action = getUrl($controller, $action, array('email_template', 'update_template'));
$template_vars['form_action'] = $form_action;
$template_vars['email'] = $email;
$template = $twig->loadTemplate('admin_email_template_form.html');
echo $template->render($template_vars);
$db->close();
exit;
} elseif ($params[1] == 'update_template') {
if (verifyToken('emails', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif ($input->p['subject'] == '' || $input->p['message'] == '') {
$error_msg = $LANG['ENTER_DEPARTMENT_NAME'];
} else {
$data = array('subject' => $input->p['subject'], 'message' => $input->p['message']);
$db->update(TABLE_PREFIX . "emails", $data, "id='" . $db->real_escape_string($input->p['template_id']) . "'");
header('location:' . getUrl($controller, $action, array('email_template', 'template_updated')));
exit;
}
}
$q = $db->query("SELECT * FROM " . TABLE_PREFIX . "emails ORDER BY orderlist ASC");
while ($r = $db->fetch_array($q)) {
$emails[] = $r;
}
$template_vars['emails'] = $emails;
<?php
/**
* @package HelpDeskZ
* @website: http://www.helpdeskz.com
* @community: http://community.helpdeskz.com
* @author Evolution Script S.A.C.
* @since 1.0.0
*/
if ($params[0] == 'save') {
if (verifyToken('password', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif (empty($input->p['current_password']) || empty($input->p['new_password']) || empty($input->p['new_password2'])) {
$error_msg = $LANG['ONE_REQUIRED_FIELD_EMPTY'];
} else {
if (sha1($input->p['current_password']) != $user['password']) {
$error_msg = $LANG['EXISTING_PASSWORD_INCORRECT'];
} elseif ($input->p['new_password'] != $input->p['new_password2']) {
$error_msg = $LANG['NEW_PASSWORDS_DO_NOT_MATCH'];
} else {
$new_password = sha1($input->p['new_password']);
$data = array('password' => $new_password);
$db->update(TABLE_PREFIX . "users", $data, "id={$user['id']}");
$_SESSION['user']['password'] = $new_password;
header('location: ' . getUrl('user_account', 'password', array('saved')));
exit;
}
}
}
$template_vars['user'] = $user;
$template_vars['error_msg'] = $error_msg;
$template = $twig->loadTemplate('knowledgebase_editarticle.html');
echo $template->render($template_vars);
$db->close();
exit;
}
}
if (is_numeric($input->g['cat'])) {
$whereq = "WHERE category=" . $db->real_escape_string($input->g['cat']);
}
if ($params[1] == 'page') {
$page = !is_numeric($params[2]) ? 1 : $params[2];
} else {
$page = 1;
}
if ($input->p['do'] == 'update') {
if (verifyToken('knowledgebase', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif (!is_array($input->p['kb_id'])) {
$error_msg = $LANG['NO_SELECT_ARTICLE'];
} else {
foreach ($input->p['kb_id'] as $k) {
if (is_numeric($k)) {
$kb_id = $db->real_escape_string($k);
if ($input->p['remove'] == 1) {
$db->delete(TABLE_PREFIX . "articles", "id='{$kb_id}'");
removeAttachment($kb_id, 'articles');
} else {
if (array_key_exists($input->p['kb_category'], $kb_category)) {
$db->query("UPDATE " . TABLE_PREFIX . "articles SET category='" . $db->real_escape_string($input->p['kb_category']) . "' WHERE id='{$kb_id}'");
}
}
} elseif ($params[1] == 'update_department') {
if (verifyToken('departments', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif ($input->p['name'] == '') {
$error_msg = $LANG['ENTER_DEPARTMENT_NAME'];
} else {
if ($input->p['autoassign'] == 1) {
$db->query("UPDATE " . TABLE_PREFIX . "departments SET autoassign=0");
}
$data = array('name' => $input->p['name'], 'dep_order' => !is_numeric($input->p['dep_order']) ? 1 : $input->p['dep_order'], 'type' => $input->p['type'] == 1 ? 1 : 0, 'autoassign' => $input->p['autoassign'] == 1 ? 1 : 0);
$db->update(TABLE_PREFIX . "departments", $data, "id=" . $db->real_escape_string($input->p['department_id']));
header('location:' . getUrl($controller, $action, array('departments', 'department_updated')));
exit;
}
} elseif ($params[1] == 'add_department') {
if (verifyToken('departments', $input->p['csrfhash']) !== true) {
$error_msg = $LANG['CSRF_ERROR'];
} elseif ($input->p['name'] == '') {
$error_msg = $LANG['ENTER_DEPARTMENT_NAME'];
} else {
if ($input->p['autoassign'] == 1) {
$db->query("UPDATE " . TABLE_PREFIX . "departments SET autoassign=0");
}
$data = array('name' => $input->p['name'], 'dep_order' => !is_numeric($input->p['dep_order']) ? 1 : $input->p['dep_order'], 'type' => $input->p['type'] == 1 ? 1 : 0, 'autoassign' => $input->p['autoassign'] == 1 ? 1 : 0);
$db->insert(TABLE_PREFIX . "departments", $data);
header('location:' . getUrl($controller, $action, array('departments', 'department_added')));
exit;
}
} elseif ($params[1] == 'delete_department') {
if (is_numeric($params[2]) && $params[2] > 1) {
$db->delete(TABLE_PREFIX . "departments", "id=" . $db->real_escape_string($params[2]));
