public function __construct() { parent::__construct(); $privSet = verifyToken(); if (!$privSet) { $this->response(array('error' => 'Invalid or missing token.'), 401); } $this->load->model('statemodel'); }
public function __construct() { parent::__construct(); if (!verifyToken()) { $this->response(array('error' => 'Invalid or missing token.'), 401); } date_default_timezone_set('America/Indianapolis'); $this->load->model('uploadfilesmodel'); }
public function __construct() { parent::__construct(); $privSet = verifyToken(); if (!$privSet) { $this->response(array('error' => 'Invalid or missing token.'), 401); } $this->load->model('otherchargemodel'); //$this->load->model('orderShipTracking/ordershiptrackingmodel'); }
public function __construct() { parent::__construct(); $privSet = verifyToken(); if (!$privSet) { $this->response(array('error' => 'Invalid or missing token.'), 401); } //$this->QRCodeImagePath = realpath(APPPATH . '../../../images/Orders'); $this->load->model('emailangmodel'); }
public function __construct() { parent::__construct(); $privSet = verifyToken(); if (!$privSet) { $this->response(array('error' => 'Invalid or missing token.'), 401); } $this->load->model('statuslogmodel'); $this->load->library('user_agent'); date_default_timezone_set('America/Indianapolis'); }
public function __construct() { parent::__construct(); $privSet = verifyToken(); if (!$privSet) { $this->response(array('error' => 'Invalid or missing token.'), 401); } if (!checkPermissionsByModule($privSet, 'vendor')) { $this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400); } $this->load->model('vendormodel'); }
public function __construct() { parent::__construct(); $privSet = verifyToken(); if (!$privSet) { $this->response(array('error' => 'Invalid or missing token.'), 401); } if (!checkPermissionsByModule($privSet, 'inventory')) { $this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400); } date_default_timezone_set('America/Indianapolis'); $this->load->model('inventoryitemstobuilditemslinkmodel'); }
public function __construct() { parent::__construct(); $privSet = verifyToken(); if (!$privSet) { $this->response(array('error' => 'Invalid or missing token.'), 401); } if (!checkPermissionsByModule($privSet, 'inventory')) { $this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400); } date_default_timezone_set('America/Indianapolis'); $this->load->model('inventoryitemmodel'); $this->load->helper('download'); $this->load->helper('file'); $this->orderRedoUploadPath = realpath(APPPATH . '../../../images/'); }
<?php if ($params[1] == 'save') { if (verifyToken('canned', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif ($input->p['title'] == '') { $error_msg = $LANG['ENTER_THE_TITLE']; } else { $total = $db->fetchOne("SELECT COUNT(id) AS NUM FROM " . TABLE_PREFIX . "canned_response"); $data = array('title' => $input->p['title'], 'message' => $input->p['message'], 'position' => $total + 1); $db->insert(TABLE_PREFIX . "canned_response", $data); header('location: ' . getUrl($controller, $action, array('canned', 'saved'))); exit; } } elseif ($params[1] == 'editMsg') { if (verifyToken('canned', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif ($input->p['title'] == '') { $error_msg = $LANG['ENTER_THE_TITLE']; } elseif (!is_numeric($input->p['msgid'])) { $error_msg = $LANG['INVALID_ID']; } else { $data = array('title' => $input->p['title'], 'message' => $input->p['message']); $db->update(TABLE_PREFIX . "canned_response", $data, "id=" . $db->real_escape_string($input->p['msgid'])); header('location: ' . getUrl($controller, $action, array('canned', 'updated'))); exit; } } elseif ($params[1] == 'GetCannedForm') { if (is_numeric($params[2]) && $params[2] != 0) { $canned = $db->fetchRow("SELECT *, COUNT(id) as total FROM " . TABLE_PREFIX . "canned_response WHERE id=" . $db->real_escape_string($params[2])); if ($canned['total'] == 0) {
public function rest_delete($tableName, $id) { if (!empty($tableName)) { $result = $this->restmodel->getPrimaryKeyFieldName($tableName); } $privSet = verifyToken(); if (!checkPermissionsByTable($privSet, $tableName)) { $this->response(array('error' => 'You\'re privilege set doesn\'t allow access to this content'), 400); } // we want to get the key name from an array if ($result) { $primaryKeyName = $result['COLUMN_NAME']; if (!empty($id)) { //echo $tableName."<br/>".$primaryKeyName."<br/>".$id; $this->restmodel->deleteTblData($tableName, $primaryKeyName, $id); } } else { $this->response(array('mssg' => 'no primary key field name detected'), 404); // 200 being the HTTP response code } //$this->restmodel->deleteTblData($tableName,$keyName,$id); $this->response(array('returned from delete:' => $id)); }
<?php if ($params[0] == 'save') { if (verifyToken('preferences', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } else { $timezone_user = ''; if (!empty($input->p['timezone'])) { if (in_array($input->p['timezone'], $timezone)) { $timezone_user = $input->p['timezone']; } } $data = array('timezone' => $timezone_user); $db->update(TABLE_PREFIX . "users", $data, "id={$user['id']}"); header('location: ' . getUrl('user_account', 'preferences', array('saved'))); exit; } } $template_vars['timezone'] = $timezone; $template_vars['user'] = $user; $template_vars['error_msg'] = $error_msg; $template = $twig->loadTemplate('user_preferences.html'); echo $template->render($template_vars); $db->close(); exit;
<?php require MODELES . 'membres/token.php'; if (verifyToken($_GET['token'])) { if (connected()) { alert('ok', 'Votre nouvelle adresse mail a été validée ! Vous pouvez désormais l\'utiliser.'); header('Location: ' . getLink(['membres', 'profil'])); exit; } else { alert('ok', 'Votre adresse mail a été validée ! Vous pouvez désormais vous connecter.'); header('Location: ' . getLink(['membres', 'connexion'])); exit; } } else { alert('error', 'Une erreur s\'est produite. Si vous êtes un méchant hacker, sachez que ce que vous étiez en train d\'essayer de faire ne va pas fonctionner.'); header('Location: ' . getLink(['accueil'])); exit; }
} $news_title = $input->p['title'] == '' ? $news['title'] : $input->p['title']; $news_content = $input->p['content'] == '' ? $news['content'] : $input->p['content']; $template_vars['news'] = $news; $template_vars['news_id'] = $news_id; $template_vars['news_title'] = $news_title; $template_vars['news_content'] = $news_content; $template_vars['error_msg'] = $error_msg; $template = $twig->loadTemplate('news_edit.html'); echo $template->render($template_vars); $db->close(); exit; } } if ($input->p['do'] == 'update') { if (verifyToken('news', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (!is_array($input->p['news_id'])) { $error_msg = $LANG['NO_SELECT_TICKET']; } else { foreach ($input->p['news_id'] as $k) { if (is_numeric($k)) { $news_id = $db->real_escape_string($k); if ($input->p['remove'] == 1) { $db->delete(TABLE_PREFIX . "news", "id='{$news_id}'"); } } } header('location: ' . getUrl($controller, $action, array('page', $page, $orderby, $sortby), $getvar)); exit; }
$cookie_time = time() + 60 * 60 * 8; $data = array('id' => $staff['id'], 'username' => $staff['username'], 'password' => $password, 'expires' => $cookie_time); $data = serialize($data); $data = encrypt($data); setcookie('stfhash', $data, $cookie_time, '/'); $_SESSION['staff']['id'] = $staff['id']; $_SESSION['staff']['username'] = $staff['username']; $_SESSION['staff']['password'] = $password; } header('location:' . getUrl($controller, $action, array('staff', 'account_updated'))); exit; } } } } elseif ($params[1] == 'add_account') { if (verifyToken('staff_account', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif ($input->p['fullname'] == '' || $input->p['username'] == '' || $input->p['email'] == '' || $input->p['password'] == '') { $error_msg = $LANG['ONE_REQUIRED_FIELDS_EMPTY']; } elseif (validateEmail($input->p['email']) !== TRUE) { $error_msg = $LANG['ENTER_A_VALID_EMAIL']; } elseif ($input->p['password'] != $input->p['password2']) { $error_msg = $LANG['PASSWORDS_DONOT_MATCH']; } elseif (strlen($input->p['password']) < 6) { $error_msg = $LANG['ENTER_PASSWORD_6_CHAR_MIN']; } else { $chk = $db->fetchOne("SELECT COUNT(id) AS total FROM " . TABLE_PREFIX . "staff WHERE username='******'username']) . "'"); if ($chk != 0) { $error_msg = $LANG['USERNAME_TAKEN']; } $chk = $db->fetchOne("SELECT COUNT(id) AS total FROM " . TABLE_PREFIX . "staff WHERE email='" . $db->real_escape_string($input->p['email']) . "'");
$gateway[$n] = $row; $n = $n + 1; } if ($input->p['a'] == "submit") { verifyajax(); $username = $input->pc['username']; $password = $input->pc['password']; $password2 = $input->pc['password2']; $fullname = $input->pc['fullname']; $email = $input->pc['email']; $email2 = $input->pc['email2']; $captcha = strtoupper($input->pc['captcha']); $terms = $input->pc['terms']; $referrer = $db->real_escape_string($_SESSION['ref']); $gatewayid = $input->p['gatewayid']; if (verifyToken("register", $input->p['token']) !== true) { serveranswer(0, $lang['txt']['invalidtoken']); } if ($settings['captcha_register'] == "yes") { if ($settings['captcha_type'] == "1") { $resp = validate_captcha($captcha, ""); } else { if ($settings['captcha_type'] == "2") { $resp = validate_captcha($_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); } else { if ($settings['captcha_type'] == "3") { $resp = validate_captcha(); } } } }
if ($params[1] == 'update_general') { if (verifyToken('ticket_settings', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } else { $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['show_tickets'] == 'DESC' ? 'DESC' : 'ASC'), "field='show_tickets'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['ticket_reopen'] == '1' ? '1' : '0'), "field='ticket_reopen'"); $db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['tickets_page']) ? $input->p['tickets_page'] : 20), "field='tickets_page'"); $db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['tickets_replies']) ? $input->p['tickets_replies'] : 10), "field='tickets_replies'"); $db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['overdue_time']) ? $input->p['overdue_time'] : 72), "field='overdue_time'"); $db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['closeticket_time']) ? $input->p['closeticket_time'] : 72), "field='closeticket_time'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['ticket_attachment'] == '1' ? '1' : '0'), "field='ticket_attachment'"); header('location: ' . getUrl($controller, $action, array('tickets', 'general_updated#ctab1'))); exit; } } elseif ($params[1] == 'delete_filetype') { if (verifyToken('ticket_settings', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (!is_array($input->p['filetype_id'])) { $error_msg = $LANG['INVALID_FORM']; } else { if ($input->p['remove'] == 1) { foreach ($input->p['filetype_id'] as $id) { $db->delete(TABLE_PREFIX . "file_types", "id='" . $db->real_escape_string($id) . "'"); } header('location: ' . getUrl($controller, $action, array('tickets', 'filetype_removed#ctab2'))); exit; } } } elseif ($params[1] == 'insert_filetype') { if ($input->p['do'] != 'insert') { $error_msg = $LANG['INVALID_FORM'];
exit; } } elseif ($params[1] == 'update_security') { if (verifyToken('general_settings', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } else { $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['use_captcha'] == 1 ? 1 : 0), "field='use_captcha'"); $db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['login_attempt']) ? $input->p['login_attempt'] : 3), "field='login_attempt'"); $db->update(TABLE_PREFIX . "settings", array('value' => is_numeric($input->p['login_attempt_minutes']) ? $input->p['login_attempt_minutes'] : 5), "field='login_attempt_minutes'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['loginshare'] == 1 ? 1 : 0), "field='loginshare'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['loginshare_url']), "field='loginshare_url'"); header('location: ' . getUrl($controller, $action, array('general', 'security_updated#ctab6'))); exit; } } elseif ($params[1] == 'update_social') { if (verifyToken('general_settings', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } else { $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['facebookoauth'] == 1 ? 1 : 0), "field='facebookoauth'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['facebookappid']), "field='facebookappid'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['facebookappsecret']), "field='facebookappsecret'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['googleoauth'] == 1 ? 1 : 0), "field='googleoauth'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['googleclientid']), "field='googleclientid'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['googleclientsecret']), "field='googleclientsecret'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['socialbuttonnews']), "field='socialbuttonnews'"); $db->update(TABLE_PREFIX . "settings", array('value' => $input->p['socialbuttonkb']), "field='socialbuttonkb'"); header('location: ' . getUrl($controller, $action, array('general', 'security_social#ctab7'))); exit; } } $homepage = $db->fetchRow("SELECT * FROM " . TABLE_PREFIX . "pages WHERE id='home'");
set_time_limit(500); ob_end_flush(); if (!isset($GLOBALS['tmpdir'])) { $GLOBALS['tmpdir'] = ini_get('upload_tmp_dir'); } if (!is_dir($GLOBALS['tmpdir']) || !is_writable($GLOBALS['tmpdir'])) { $GLOBALS['tmpdir'] = ini_get('upload_tmp_dir'); } #if (ini_get("open_basedir")) { if (!is_dir($GLOBALS['tmpdir']) || !is_writable($GLOBALS['tmpdir'])) { Warn($GLOBALS['I18N']->get('The temporary directory for uploading is not writable, so import will fail') . ' (' . $GLOBALS['tmpdir'] . ')'); } $import_lists = getSelectedLists('importlists'); $_POST['importlists'] = $import_lists; if (isset($_REQUEST['import'])) { if (!verifyToken()) { print Error(s('Invalid security token, please reload the page and try again')); return; } $test_import = isset($_POST['import_test']) && $_POST['import_test'] == 'yes'; if (empty($_FILES['import_file'])) { Fatal_Error($GLOBALS['I18N']->get('No file was specified. Maybe the file is too big?')); return; } if (!$_FILES['import_file']) { Fatal_Error($GLOBALS['I18N']->get('File is either too large or does not exist.')); return; } if (filesize($_FILES['import_file']['tmp_name']) > IMPORT_FILESIZE * 1000000) { Fatal_Error($GLOBALS['I18N']->get('File too big, please split it up into smaller ones')); return;
$department_id = $input->p['department']; } else { $department_id = null; } if ($action == 'displayForm' || $action == 'confirmation') { $display_error = 1; if ($action == 'displayForm') { if (is_numeric($department_id)) { $department = $db->fetchRow("SELECT COUNT(*) AS total, name FROM " . TABLE_PREFIX . "departments WHERE id={$department_id} AND type=0"); if ($department['total'] != 0) { $show_step2 = true; } } } elseif ($action == 'confirmation') { $display_error = 1; if (verifyToken('submit_ticket', $input->p['csrfhash']) !== true) { $display_error = 2; } else { if (is_numeric($department_id)) { $department = $db->fetchRow("SELECT COUNT(*) AS total, name FROM " . TABLE_PREFIX . "departments WHERE id={$department_id} AND type=0"); if ($department['total'] != 0) { $required_fields = array('fullname', 'email', 'priority', 'subject', 'message'); if ($settings['use_captcha']) { $required_fields[] = 'captcha'; if (strtoupper($input->p['captcha']) != $_SESSION['captcha']) { $show_step2 = true; $emptyvars[] = 'captcha'; $error_msg = $LANG['INVALID_CAPTCHA_CODE']; unset($_SESSION['captcha']); } }
<?php /** * @package HelpDeskZ * @website: http://www.helpdeskz.com * @community: http://community.helpdeskz.com * @author Evolution Script S.A.C. * @since 1.0.0 */ if ($action == 'login') { if (verifyToken('login', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (empty($input->p['username']) || empty($input->p['password'])) { $error_msg = $LANG['USERNAME_PASSWORD_INCORRECT']; } else { $attempt = $db->fetchRow("SELECT COUNT(ip) AS total, attempts, date FROM " . TABLE_PREFIX . "login_attempt WHERE ip='" . $_SERVER['REMOTE_ADDR'] . "'"); if ($attempt['total'] > 0) { if ($settings['login_attempt'] > 0 && $attempt['attempts'] >= $settings['login_attempt']) { if ($attempt['date'] + 60 * $settings['login_attempt_minutes'] > time()) { $error_msg = str_replace('%minutes%', $settings['login_attempt_minutes'], $LANG['LOGIN_LOCKED_FOR_X_MINUTES']) . '<br>' . str_replace(array('%attempt1%', '%attempt2%'), array($settings['login_attempt'], $settings['login_attempt']), $LANG['ATTEMPT_X_OF_Y']); } else { $db->delete(TABLE_PREFIX . "login_attempt", "ip='" . $_SERVER['REMOTE_ADDR'] . "'"); $attempt['total'] = 0; } } elseif ($attempt['date'] + 300 < time()) { $db->delete(TABLE_PREFIX . "login_attempt", "ip='" . $_SERVER['REMOTE_ADDR'] . "'"); $attempt['total'] = 0; } } if (!$error_msg) { $staff = $db->fetchRow("SELECT COUNT(id) AS total, id, username, password, login, fullname, status FROM " . TABLE_PREFIX . "staff WHERE username='******'username']) . "' AND password='******'password']) . "'");
<?php /** * @package HelpDeskZ * @website: http://www.helpdeskz.com * @community: http://community.helpdeskz.com * @author Evolution Script S.A.C. * @since 1.0.0 */ if ($params[1] == 'publish') { if (verifyToken('article', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } else { if ($input->p['title'] == '') { $error_msg = $LANG['ARTICLE_HAS_NOT_TITLE']; } elseif ($input->p['content'] == '') { $error_msg = $LANG['ENTER_ARTICLE_CONTENT']; } elseif (!is_numeric($input->p['category'])) { $error_msg = $LANG['SELECT_CATEGORY']; } else { $uploaddir = UPLOAD_DIR . 'articles/'; if ($_FILES['file1']['error'] == 0) { $ext = pathinfo($_FILES['file1']['name'], PATHINFO_EXTENSION); $filename = md5($_FILES['file1']['name'] . time()) . "." . $ext; $fileuploaded[] = array('name' => $_FILES['file1']['name'], 'enc' => $filename, 'size' => formatBytes($_FILES['file1']['size']), 'filetype' => $_FILES['file1']['type']); $uploadedfile = $uploaddir . $filename; if (!move_uploaded_file($_FILES['file1']['tmp_name'], $uploadedfile)) { $error_msg = $LANG['ERROR_UPLOADING_FILE']; } } if ($_FILES['file2']['error'] == 0) {
// import phpCAS lib include_once 'classes/phpCAS/CAS.php'; include_once "classes/phpCAS/cas_config.php"; if (isset($_GET['user'])) { $token = $_GET['token']; $user = $_GET['user']; $action = getGet('action'); $siddy = getGet('sid'); $get = '?'; if ($action != FALSE) { $get .= "action=" . $action . "&"; } if ($siddy != FALSE) { $get .= "sid=" . $siddy . "&"; } if ($user == verifyToken($token) && verifyToken($token) != null) { $auth = TRUE; //setUserRightsCas($user); $_SESSION['CASauthenticated'] = $auth; header("Location: admin.php{$get}"); } else { $auth = FALSE; $_SESSION['CASauthenticated'] = $auth; header("Location: http://{$casAuthServer}{$casAuthUri}&category=auth.login"); } } elseif (!isset($_SESSION['CASauthenticated'])) { header("Location: http://{$casAuthServer}{$casAuthUri}&category=auth.login"); } if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'logout') { //session_unset(); session_destroy();
<?php /** * @package HelpDeskZ * @website: http://www.helpdeskz.com * @community: http://community.helpdeskz.com * @author Evolution Script S.A.C. * @since 1.0.0 */ $salutation = array('', 'Mr.', 'Ms.', 'Mrs.', 'Dr.'); if ($params[0] == 'save') { if (verifyToken('profile', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (empty($input->p['fullname']) || empty($input->p['email'])) { $error_msg = $LANG['ONE_REQUIRED_FIELD_EMPTY']; } elseif (validateEmail($input->p['email']) !== TRUE) { $error_msg = $LANG['INVALID_EMAIL_ADDRESS']; } else { $chk = 0; if ($input->p['email'] != $user['email']) { $chk = $db->fetchOne("SELECT COUNT(id) AS NUM FROM " . TABLE_PREFIX . "users WHERE email='" . $db->real_escape_string($input->p['email']) . "'"); } if ($chk != 0) { $error_msg = $LANG['EMAIL_ASSOCIATED_OTHER_ACCOUNT']; } else { $salutation_user = array_key_exists($input->p['salutation'], $salutation) ? $input->p['salutation'] : 0; $email_user = $input->p['email']; if ($email_user != $user['email']) { $_SESSION['user']['email'] = $email_user; } $data = array('salutation' => $salutation_user, 'email' => $email_user, 'fullname' => $input->p['fullname']);
<?php if ($params[1] == 'getTemplateForm') { $email = $db->fetchRow("SELECT *, COUNT(id) AS total FROM " . TABLE_PREFIX . "emails WHERE id='" . $db->real_escape_string($params[2]) . "'"); if ($email['total'] == 0) { die($LANG['ERROR_RETRIEVING_DATA']); } $form_action = getUrl($controller, $action, array('email_template', 'update_template')); $template_vars['form_action'] = $form_action; $template_vars['email'] = $email; $template = $twig->loadTemplate('admin_email_template_form.html'); echo $template->render($template_vars); $db->close(); exit; } elseif ($params[1] == 'update_template') { if (verifyToken('emails', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif ($input->p['subject'] == '' || $input->p['message'] == '') { $error_msg = $LANG['ENTER_DEPARTMENT_NAME']; } else { $data = array('subject' => $input->p['subject'], 'message' => $input->p['message']); $db->update(TABLE_PREFIX . "emails", $data, "id='" . $db->real_escape_string($input->p['template_id']) . "'"); header('location:' . getUrl($controller, $action, array('email_template', 'template_updated'))); exit; } } $q = $db->query("SELECT * FROM " . TABLE_PREFIX . "emails ORDER BY orderlist ASC"); while ($r = $db->fetch_array($q)) { $emails[] = $r; } $template_vars['emails'] = $emails;
<?php /** * @package HelpDeskZ * @website: http://www.helpdeskz.com * @community: http://community.helpdeskz.com * @author Evolution Script S.A.C. * @since 1.0.0 */ if ($params[0] == 'save') { if (verifyToken('password', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (empty($input->p['current_password']) || empty($input->p['new_password']) || empty($input->p['new_password2'])) { $error_msg = $LANG['ONE_REQUIRED_FIELD_EMPTY']; } else { if (sha1($input->p['current_password']) != $user['password']) { $error_msg = $LANG['EXISTING_PASSWORD_INCORRECT']; } elseif ($input->p['new_password'] != $input->p['new_password2']) { $error_msg = $LANG['NEW_PASSWORDS_DO_NOT_MATCH']; } else { $new_password = sha1($input->p['new_password']); $data = array('password' => $new_password); $db->update(TABLE_PREFIX . "users", $data, "id={$user['id']}"); $_SESSION['user']['password'] = $new_password; header('location: ' . getUrl('user_account', 'password', array('saved'))); exit; } } } $template_vars['user'] = $user; $template_vars['error_msg'] = $error_msg;
$template = $twig->loadTemplate('knowledgebase_editarticle.html'); echo $template->render($template_vars); $db->close(); exit; } } if (is_numeric($input->g['cat'])) { $whereq = "WHERE category=" . $db->real_escape_string($input->g['cat']); } if ($params[1] == 'page') { $page = !is_numeric($params[2]) ? 1 : $params[2]; } else { $page = 1; } if ($input->p['do'] == 'update') { if (verifyToken('knowledgebase', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif (!is_array($input->p['kb_id'])) { $error_msg = $LANG['NO_SELECT_ARTICLE']; } else { foreach ($input->p['kb_id'] as $k) { if (is_numeric($k)) { $kb_id = $db->real_escape_string($k); if ($input->p['remove'] == 1) { $db->delete(TABLE_PREFIX . "articles", "id='{$kb_id}'"); removeAttachment($kb_id, 'articles'); } else { if (array_key_exists($input->p['kb_category'], $kb_category)) { $db->query("UPDATE " . TABLE_PREFIX . "articles SET category='" . $db->real_escape_string($input->p['kb_category']) . "' WHERE id='{$kb_id}'"); } }
} elseif ($params[1] == 'update_department') { if (verifyToken('departments', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif ($input->p['name'] == '') { $error_msg = $LANG['ENTER_DEPARTMENT_NAME']; } else { if ($input->p['autoassign'] == 1) { $db->query("UPDATE " . TABLE_PREFIX . "departments SET autoassign=0"); } $data = array('name' => $input->p['name'], 'dep_order' => !is_numeric($input->p['dep_order']) ? 1 : $input->p['dep_order'], 'type' => $input->p['type'] == 1 ? 1 : 0, 'autoassign' => $input->p['autoassign'] == 1 ? 1 : 0); $db->update(TABLE_PREFIX . "departments", $data, "id=" . $db->real_escape_string($input->p['department_id'])); header('location:' . getUrl($controller, $action, array('departments', 'department_updated'))); exit; } } elseif ($params[1] == 'add_department') { if (verifyToken('departments', $input->p['csrfhash']) !== true) { $error_msg = $LANG['CSRF_ERROR']; } elseif ($input->p['name'] == '') { $error_msg = $LANG['ENTER_DEPARTMENT_NAME']; } else { if ($input->p['autoassign'] == 1) { $db->query("UPDATE " . TABLE_PREFIX . "departments SET autoassign=0"); } $data = array('name' => $input->p['name'], 'dep_order' => !is_numeric($input->p['dep_order']) ? 1 : $input->p['dep_order'], 'type' => $input->p['type'] == 1 ? 1 : 0, 'autoassign' => $input->p['autoassign'] == 1 ? 1 : 0); $db->insert(TABLE_PREFIX . "departments", $data); header('location:' . getUrl($controller, $action, array('departments', 'department_added'))); exit; } } elseif ($params[1] == 'delete_department') { if (is_numeric($params[2]) && $params[2] > 1) { $db->delete(TABLE_PREFIX . "departments", "id=" . $db->real_escape_string($params[2]));