//https://sourceforge.net/tracker/?func=detail&aid=3114571&group_id=190396&atid=933192 if (empty($H[0]['ip']) || $H[0]['ip'] == '0.0.0.0') { $QUEUE->setHIP($H[0]['id'], getIP()); //save ip } if ($H[0]['status'] != 7) { //7:unsubscribed $QUEUE->setHStatus($h_id, 3); //view } } //isset H[0] } //checkid h_id //adressid? wenn ja status aendern und view zaehlen if (checkid($a_id)) { $ADDRESS = new tm_ADR(); $ADR = $ADDRESS->getAdr($a_id); if (isset($ADR[0])) { //https://sourceforge.net/tracker/?func=detail&aid=3114571&group_id=190396&atid=933192 //only set view status if not waiting status or unsubscribed // !5 && !11 if ($ADR[0]['status'] != 5 && $ADR[0]['status'] != 11) { $ADDRESS->setStatus($a_id, 4); //view } //adr view counter ++ $ADDRESS->addView($a_id); //view //save memo $created = date("Y-m-d H:i:s"); $memo = "viewed (" . $NL[0]['subject'] . ")";
function removelink() { global $settings; $id = checkid(); $found = 0; $i = 0; $lines = file($settings['logfile']); foreach ($lines as $thisline) { if (strpos($thisline, $id . '%%') === 0) { unset($lines[$i]); $found = 1; break; } $i++; } if ($found != 1) { error('This ID doesn\'t exist!'); } $content = implode('', $lines); $fp = @fopen($settings['logfile'], 'w') or error('Can\'t write to log file! Please Change the file permissions (CHMOD to 666 on UNIX machines!)'); flock($fp, LOCK_EX); fputs($fp, $content); flock($fp, LOCK_UN); fclose($fp); if ($found != 1) { error('This ID doesn\'t exist!'); } mainpage('Link with ID ' . $id . ' was successfully removed!'); }
//unsubscribe if ($check && $set == "unsubscribe") { //unbedingt ^^^ pruefen auf gueltige email! //sonst findet getAdr alle adressen!!! da search - email null ist / leer ist //adr anhand email suchen! $search['email'] = $email; $search['email_exact_match'] = true; $ADR = $ADDRESS->getAdr(0, 0, 1, 0, $search); //print_r($ADR); if (count($ADR) > 0) { //noch nicht abgemeldet? if ($ADR[0]['status'] != 11) { /* if ($ADR[0]['code']==$code) { */ if (checkid($h_id)) { $QUEUE = new tm_Q(); $QUEUE->setHStatus($h_id, 7); //unsubscribe! } $created = date("Y-m-d H:i:s"); //im memo speichern wir den namen des newsletter etc. $memo = "unsubscribed"; $NEWSLETTER = new tm_NL(); $NL = $NEWSLETTER->getNL($nl_id); if (count($NL) > 0) { $memo .= " (" . $NL[0]['subject'] . ")"; } //set status adresse, set editor... $author = "unsubscribe"; //always unsubscribe ...
/** * Handle a consumer's request to see if the user is logged in, but be willing * to wait for them to perform a login if they're not */ function checkid_setup_mode() { if (!isset($_REQUEST['openid_mode']) || $_REQUEST['openid_mode'] != 'checkid_setup') { error_500(); } checkid(true); }
<input type='hidden' name='note_id' value='<?php echo checkid($_GET['note_id']); ?> '> </form> <h5><i class="fa fa-arrow-left"></i> <a href="fhd_call_edit.php?call_id=<?php echo $call_id; ?> ">back to ticket details</a></h5> <?php } //ADD note //check type variable $action = $db->escape($_GET['action']); if ($action == "add") { $call_id = checkid($_GET['call_id']); $nacl = md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};")); ?> <h4>Add Note</h4> <table class="<?php echo $table_style_2; ?> " style='width: 75%;'> <form action="fhd_add_note.php" method="post" class="form-horizontal"> <input type='hidden' name='nacl' value='<?php echo $nacl; ?> '> <input type='hidden' name='note_relation' value='<?php echo $call_id; ?>
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $call_id = checkid($_GET['call_id']); $db->query("UPDATE site_calls SET call_status = 3 WHERE call_id = {$call_id} limit 1;"); $db->query("UPDATE site_notes SET note_type = 0 WHERE note_relation = {$call_id};"); header("Location: fhd_calls.php"); } } } } //</DELETE> //<UPDATE> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $call_id = checkid($_POST['call_id']); //call details $call_first_name = $db->escape($_POST['call_first_name']); $call_email = $db->escape($_POST['call_email']); $call_phone = $db->escape($_POST['call_phone']); $call_department = $db->escape($_POST['call_department']); $call_request = $db->escape($_POST['call_request']); $call_device = $db->escape($_POST['call_device']); $call_details = $db->escape($_POST['call_details']); $call_solution = $db->escape($_POST['call_solution']); $call_staff = $db->escape($_POST['call_staff']); //call status $call_status = $db->escape($_POST['call_status']); $call_status_now = $db->escape($_POST['call_status_now']); if (isset($_POST['call_date2'])) { $call_date2 = strtotime($_POST['call_date2']);
$headers .= "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; $subject = "Ticket " . FHD_TITLE . " [# {$insert_id}]"; $message = "\n\t\t<html>\n\t\t<head>\n\t\t <title>Ticket</title>\n\t\t</head>\n\t\t<body>\n\t\t <p>Ticket Request Received.</p>\n\t\t <p>Ticket Number: {$insert_id}</p>\n\t\t <p>Name: {$call_first_name}</p>\n\t\t <p>Ticket Details: {$call_details}</p>\n\t\t\t"; mail($call_email, $subject, $message, $headers); $mailsent = "&mailsent=yes"; //notify admin mail(TO_EMAIL, "New Ticket [# {$insert_id}]", $message, $headers); //</SEND EMAIL> header("Location: fhd_any_call_add.php?added=yes&mailsent&insert_id={$insert_id}"); } //</ADD> //RESULT > if (isset($_GET['added'])) { if (isset($_GET['insert_id'])) { $insert_id = checkid($_GET['insert_id']); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 350px;\">\n\t <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n\t Ticket Created • Email Sent • Ticket ID: {$insert_id}</div>"; echo $actionstatus; } } ?> <p><a href="index.php" class="btn btn-default"><i class='fa fa-arrow-left'></i> <?php echo FHD_TITLE; ?> </a></p> <h4><i class='fa fa-tag'></i> Open Ticket</h4> <form action="fhd_any_call_add.php" method="post" class="form-horizontal" data-parsley-validate> <table class="<?php echo $table_style_2; ?>
function check($dbObj) { date_default_timezone_set('PRC'); $logfile = fopen("./check.log", "a"); fwrite($logfile, date('Y-m-d H:i:s') . "\t" . $_SERVER["REMOTE_ADDR"] . "\t" . $_POST["schoolnum"] . "\t" . $_POST["password"] . "\t"); include_once "filter.php"; if (checkid($schoolnum, $password) == -1) { fwrite($logfile, "FAIL\n"); fclose($logfile); return -1; } $sql = "SELECT * FROM app_join_info WHERE sno = '" . $schoolnum . "'"; $result = $dbObj->query($sql); if ($result->num_rows > 0) { $com = $result->fetch_assoc(); fwrite($logfile, "SUCCESS\t" . $row["profileid"] . "\n"); fclose($logfile); return json_encode($com); } else { fwrite($logfile, "NO_RECORD\n"); fclose($logfile); return -2; } }
//<DELETE> if (isset($_GET['nacl'])) { if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_GET['type_id']); $action = $db->escape($_GET['action']); $type = checkid($_GET['type']); if ($action == 'delete') { $db->query("DELETE FROM site_types where type_id = {$type_id};"); header("Location: fhd_settings_action.php?type={$type}"); } } } //</DELETE> //check type variable $type = checkid($_GET['type']); ?> <p><a href="fhd_settings.php">Settings</a></p> <h4><?php show_type_name($type); ?> </h4> <h5><i class="fa fa-plus"></i> <a href="fhd_add_type.php?type=<?php echo $type; ?> ">Add New</a></h5> <?php $num = $db->get_var("select count(type_name) from site_types where type = {$type};"); if ($num == 0) { echo "<p>Invalid Type (error 2)</p>";
<?php include "includes/session.php"; include "includes/checksession.php"; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>My Account</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; $user_id = checkid($user_id); include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $actionstatus = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //check that user exists before continuing. //$isuser = $db->get_var("SELECT count(*) from site_users WHERE (user_id = $user_id);"); //if ($isuser == 0) { // echo "<p>Error</p>"; // echo exit; //} //check if user is locked out from changes $user_protect_edit = $db->get_var("select user_protect_edit from site_users where user_id = {$user_id};"); if ($user_protect_edit == 1) { echo "<br /><div class=\"alert alert-success\" style=\"max-width: 220px;\"><i class='fa fa-lock'></i> Account Changes Locked</div>"; include "includes/footer.php";
} } else { $action = htmlspecialchars($_REQUEST['action']); } /* Do the action that is set in $action variable */ if ($action == "login") { checkpassword(); $_SESSION['logged'] = "Y"; mainpage("welcome"); } elseif ($action == "remove") { checklogin(); $id = checkid(); removelink($id); } elseif ($action == "reset") { checklogin(); $id = checkid(); resetlink($id); } elseif ($action == "add") { checklogin(); $url = checkurl($_POST['url']); add($url); } elseif ($action == "restore") { checklogin(); restore(); } elseif ($action == "logout") { logout(); } else { login(); } exit; function restore()
if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_POST['type_id']); $type_name = $db->escape($_POST['type_name']); // $type_email = $db->escape($_POST['type_email']); // $type_location = $db->escape($_POST['type_location']); // $type_phone = $db->escape($_POST['type_phone']); // $db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;"); $db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};"); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n Updated.\n </div>"; } } // </UPDATE> //check type variable $type_id = checkid($_GET['id']); $num = $db->get_var("select count(type_id) from site_types where type_id = {$type_id};"); if ($num == 0) { echo "<p>Type does not exist (error 2)</p>"; include "includes/footer.php"; exit; } $nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};")); ?> <h4>Edit Type</h4> <?php echo $actionstatus; ?> <?php