$mv = move_uploaded_file($_FILES['attachment']['tmp_name'], $newfilename); if (!$mv) { $sql = "DELETE FROM `{$dbUpdates}` WHERE id='{$updateid}'"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } trigger_error('!Error: Problem moving attachment from temp directory to: ' . $newfilename, E_USER_WARNING); } // Check file size before attaching if ($_FILES['attachment']['size'] > $att_max_filesize) { trigger_error('User Error: Attachment too large or file upload error - size:', $_FILES['attachment']['size'], E_USER_WARNING); // throwing an error isn't the nicest thing to do for the user but there seems to be no guaranteed // way of checking file sizes at the client end before the attachment is uploaded. - INL } $filename = cleanvar($_FILES['attachment']['name']); if ($cust_vis == 'yes') { $category = 'public'; } else { $category = 'private'; } } //create link $sql = "INSERT INTO `{$dbLinks}`(linktype, origcolref, linkcolref, direction, userid) "; $sql .= "VALUES(5, '{$updateid}', '{$fileid}', 'left', '{$sit[2]}')"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } $sql = "UPDATE `{$dbIncidents}` SET status='{$newstatus}', priority='{$newpriority}', lastupdated='{$now}', timeofnextaction='{$timeofnextaction}' WHERE id='{$id}'"; mysql_query($sql);
return $html; } $title = $strEditFeedbackQuestion; $qid = cleanvar($_REQUEST['qid']); $fid = cleanvar($_REQUEST['fid']); $action = cleanvar($_REQUEST['action']); switch ($action) { case 'save': // External variables $question = cleanvar($_POST['question']); $questiontext = cleanvar($_POST['questiontext']); $sectiontext = cleanvar($_POST['sectiontext']); $taborder = cleanvar($_POST['taborder']); $type = cleanvar($_POST['type']); $required = cleanvar($_POST['required']); $options = cleanvar($_POST['options']); $sql = "UPDATE `{$dbFeedbackQuestions}` SET "; $sql .= "question='{$question}', "; $sql .= "questiontext='{$questiontext}', "; $sql .= "sectiontext='{$sectiontext}', "; $sql .= "taborder='{$taborder}', "; $sql .= "type='{$type}', "; $sql .= "required='{$required}', "; $sql .= "options='{$options}' "; $sql .= "WHERE id='{$qid}' LIMIT 1"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Error: " . mysql_error(), E_USER_ERROR); } header("Location: feedback_form_edit.php?formid={$fid}"); exit;
// create Session instance $ses->sesStart('install_echelon'); // start session (name 'echelon', 0 => session cookie, path is echelon path so no access allowed oustide echelon path is allowed) if ($_GET['t'] == 'install') { ## find the Echelon directory ## $install_dir = $_SERVER['SCRIPT_NAME']; $echelon_dir = preg_replace('#install/index.php#', '', $install_dir); ## Create an Echelon salt $ech_salt = genSalt(16); $ses_salt = randPass(6); ## Get the form information ## $email = cleanvar($_POST['email']); $db_host = cleanvar($_POST['db-host']); $db_user = cleanvar($_POST['db-user']); $db_pass = cleanvar($_POST['db-pass']); $db_name = cleanvar($_POST['db-name']); emptyInput($email, 'your email address'); emptyInput($db_host, 'your email address'); emptyInput($db_host, 'database hostname'); emptyInput($db_user, 'database username'); emptyInput($db_name, 'database name'); // check the new email address is a valid email address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { sendBack('That email is not valid'); } ## test connection is to the Db works ## define("DBL_HOSTNAME", $db_host); // hostname of where the server is located define("DBL_USERNAME", $db_user); // username that can connect to that DB define("DBL_PASSWORD", $db_pass);
} else { $shade = 'shade2'; } } echo "</table>"; echo "<p align='center'>{$strUsersBoldSkills}.</p>"; } else { trigger_error('User input error: ' . $error_string, E_USER_ERROR); } } include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } elseif ($action == 'reassign') { // External variables $incidentid = cleanvar($_REQUEST['incidentid']); $uid = cleanvar($_REQUEST['userid']); $nextaction = cleanvar($_REQUST['nextaction']); include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<h2>{$strIncidentAdded} - {$strSummary}</h2>"; echo "<p align='center'>"; $incidentnum = "<a href=\"javascript:incident_details_window('{$incidentid}','incident{$incidentid}');\">{$strIncident} {$incidentid}</a>"; $queuename = "<strong style='color: red'>{$strActionNeeded}</strong>"; $name = user_realname($uid); printf($strHasBeenAutoMovedToX, $incidentnum, $name, $queuename); echo help_link('AutoAssignIncidents') . "</p><br /><br />"; $userphone = user_phone($userid); if ($userphone != '') { echo "<p align='center'>{$strTelephone}: {$userphone}</p>"; } $sql = "UPDATE `{$dbIncidents}` SET owner='{$uid}', lastupdated='{$now}' WHERE id='{$incidentid}'"; mysql_query($sql); if (mysql_error()) {
echo "<input type='submit' value='Save / Display' />"; } echo "</div>"; echo "</form>\n"; } elseif ($_REQUEST['mode'] == "save") { $badchars = array('.', '/', '\\'); $lang = cleanvar($_REQUEST['lang']); $lang = str_replace($badchars, '', $lang); $origcount = cleanvar($_REQUEST['origcount']); $i18nalphabet = cleanvar($_REQUEST['i18nalphabet'], TRUE, FALSE); $filename = "{$lang}.inc.php"; echo "<p>Send Translation, <code>{$filename}</code>", "<code>i18n</code>", "<a href='mailto:sitracker-devel-discuss@lists.sourceforge.net'>sitracker-devel-discuss@lists.sourceforge.net</a> </p>"; $i18nfile = ''; $i18nfile .= "<?php\n"; foreach ($_REQUEST['meta'] as $meta) { $meta = cleanvar($meta); $i18nfile .= "// {$meta}\n"; } $i18nfile .= "\n"; $i18nfile .= "\$languagestring = '{$languages[$lang]} ({$lang})';\n"; $i18nfile .= "\$i18ncharset = 'UTF-8';\n\n"; if (!empty($i18nalphabet)) { $i18nfile .= "// List of letters of the alphabet for this language\n"; $i18nfile .= "// in standard alphabetical order (upper case, where applicable)\n"; $i18nfile .= "\$i18nAlphabet = '{$i18nalphabet}';\n\n"; } $i18nfile .= "// list of strings (Alphabetical by key)\n"; $lastchar = ''; $translatedcount = 0; foreach (array_keys($_POST) as $key) { if (!empty($_POST[$key]) and substr($key, 0, 3) == "str") {
require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; $title = $strAddLink; // External variables $action = $_REQUEST['action']; $origtab = cleanvar($_REQUEST['origtab']); $origref = cleanvar($_REQUEST['origref']); $linkref = cleanvar($_REQUEST['linkref']); $linktypeid = cleanvar($_REQUEST['linktype']); $direction = cleanvar($_REQUEST['dir']); if ($direction == '') { $direction = 'lr'; } $redirect = cleanvar($_REQUEST['redirect']); switch ($action) { case 'addlink': // Insert the link if ($direction == 'lr') { $sql = "INSERT INTO `{$dbLinks}` "; } $sql .= "(linktype, origcolref, linkcolref, userid) "; $sql .= "VALUES ('{$linktypeid}', '{$origref}', '{$linkref}', '{$sit[2]}')"; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } html_redirect($redirect); break; case '':
## Type of ban and get and set vars ## $pb_ban = cleanvar($_POST['pb']); if ($pb_ban == 'on') { $is_pb_ban = true; } else { $is_pb_ban = false; $duration_form = cleanvar($_POST['duration']); $time = cleanvar($_POST['time']); emptyInput($time, 'time frame'); emptyInput($duration_form, 'penalty duration'); } $reason = cleanvar($_POST['reason']); $client_id = cleanvar($_POST['cid']); $pbid = cleanvar($_POST['c-pbid']); $c_name = cleanvar($_POST['c-name']); $c_ip = cleanvar($_POST['c-ip']); // check for empty reason emptyInput($reason, 'ban reason'); ## Check sent client_id is a number ## if (!isID($client_id)) { sendBack('Invalid data sent, ban not added'); } ## Sort out some ban information if ($is_pb_ban) { // if the ban is perma ban $type = 'Ban'; $time_expire = '-1'; $duration = 0; } else { $type = 'TempBan'; // NOTE: the duration in the DB is done in MINUTES and the time_expire is written in unix timestamp (in seconds)
require 'inc.php'; if ($mem->loggedIn()) { // if logged don't allow the user to register set_error('Logged in users cannot register'); sendHome(); // send to the index/home page } if (!isset($_REQUEST['key'])) { // if key does not exists $step = 1; // the user must input a matching key and email address } else { // if key is sent // clean vars of unwanted materials $key = cleanvar($_REQUEST['key']); $email = cleanvar($_REQUEST['email']); // check the new email address is a valid email address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { set_error('That email is not valid 9999999'); } // query db to see if key and email are valid $valid_key = $dbl->verifyRegKey($key, $email, $key_expire); if ($valid_key == true) { // if the key sent is a valid one $step = 2; } else { $step = 1; set_error('The key or email you submitted are not valid.'); } } // basic page setup
// // SiT (Support Incident Tracker) - Support call tracking system // Copyright (C) 2000-2009 Salford Software Ltd. and Contributors // // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // // Author: Paul Heaney <paulheaney[at]users.sourceforge.net> $permission = 0; // not required require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; $legacy = cleanvar($_REQUEST['legacy']); $groupid = cleanvar($_REQUEST['gid']); // By default show users in home group if ($groupid == 'all') { $filtergroup = 'all'; } elseif ($groupid == '') { $filtergroup = $_SESSION['groupid']; } else { $filtergroup = $groupid; } $title = $strSkillsMatrix; include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<h2>" . icon('skill', 32) . " "; echo "{$title}</h2>"; echo "<p align='center'>{$strDisplay}: "; if (empty($legacy)) { echo "<a href='{$_SERVER['PHP_SELF']}?legacy=yes&gid={$groupid}'>{$strAll}</a>";
echo date_picker('addsoftware.lifetime_end'); echo "</td></tr>\n"; echo "<tr><th>{$strTags}:</th>"; echo "<td><textarea rows='2' cols='30' name='tags'></textarea></td></tr>\n"; echo "</table>"; echo "<p align='center'><input name='submit' type='submit' value='{$strAddSkill}' /></p>"; echo "<p class='warning'>{$strAvoidDupes}</p>"; echo "</form>\n"; echo "<p align='center'><a href='products.php'>{$strReturnWithoutSaving}</a></p>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; $_SESSION['formdata']['add_software'] = NULL; } else { // External variables $name = cleanvar($_REQUEST['name']); $tags = cleanvar($_REQUEST['tags']); $vendor = cleanvar($_REQUEST['vendor']); if (!empty($_REQUEST['lifetime_start'])) { $lifetime_start = date('Y-m-d', strtotime($_REQUEST['lifetime_start'])); } else { $lifetime_start = ''; } if (!empty($_REQUEST['lifetime_end'])) { $lifetime_end = date('Y-m-d', strtotime($_REQUEST['lifetime_end'])); } else { $lifetime_end = ''; } $_SESSION['formdata']['add_software'] = $_REQUEST; // Add new $errors = 0; // check for blank name if ($name == '') {
$longdescription = cleanvar($_REQUEST['longdescription']); $fileversion = cleanvar($_REQUEST['fileversion']); $expirytype = cleanvar($_REQUEST['expiry_none']); if ($expirytype == 'time') { $days = cleanvar($_REQUEST['expiry_days']); $hours = cleanvar($_REQUEST['expiry_hours']); $minutes = cleanva($_REQUEST['expiry_minutes']); if ($days < 1 && $hours < 1 && $minutes < 1) { $expirydate = 0; } else { $expirydate = calculate_time_of_next_action($days, $hours, $minutes); } } elseif ($expirytype == 'date') { $day = cleanvar($_REQUEST['day']); $month = cleanvar($_REQUEST['month']); $year = cleanvar($_REQUEST['year']); $date = explode("-", $date); $expirydate = mktime(0, 0, 0, $month, $day, $year); } else { $expirydate = 0; } // receive the uploaded file to a temp directory on the local server if ($_FILES['file']['error'] != '' and $_FILES['file']['error'] != UPLOAD_ERR_OK) { echo get_file_upload_error_message($_FILES['file']['error'], $_FILES['file']['name']); } else { $filepath = $CONFIG['attachment_fspath'] . $file_name; $mv = move_uploaded_file($_FILES['file']['tmp_name'], $filepath); if (!mv) { trigger_error("Problem moving uploaded file from temp directory: {$filepath}", E_USER_WARNING); } if (!file_exists($filepath)) {
break; case 'storedashboard': $id = $_REQUEST['id']; $val = $_REQUEST['val']; if ($id == $_SESSION['userid']) { //check you're changing your own $sql = "UPDATE `{$dbUsers}` SET dashboard = '{$val}' WHERE id = '{$id}'"; $contactresult = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } } break; case 'checkldap': $ldap_host = cleanvar($_REQUEST['ldap_host']); $ldap_port = cleanvar($_REQUEST['ldap_port']); $ldap_protocol = cleanvar($_REQUEST['ldap_protocol']); $ldap_security = cleanvar($_REQUEST['ldap_security']); $ldap_user = cleanvar($_REQUEST['ldap_bind_user']); $ldap_password = cleanvar($_REQUEST['ldap_bind_pass']); $r = ldapOpen($ldap_host, $ldap_port, $ldap_protocol, $ldap_security, $ldap_user, $ldap_password); if ($r == -1) { echo "0"; } else { echo "1"; } // Success break; default: break; }
echo $_SESSION['formdata']['add_product']['description']; } echo "</textarea>"; echo "</td></tr>"; echo "</table>\n"; echo "<p><input name='submit' type='submit' value='{$strAddProduct}' /></p>"; echo "<p class='warning'>{$strAvoidDupes}</p>"; echo "</form>\n"; echo "<p align='center'><a href='products.php'>{$strReturnWithoutSaving}</a></p>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; clear_form_data('add_product'); } else { // External variables $name = cleanvar($_REQUEST['name']); $vendor = cleanvar($_REQUEST['vendor']); $description = cleanvar($_REQUEST['description']); $_SESSION['formdata']['add_product'] = $_REQUEST; // Add New $errors = 0; // check for blank name if ($name == '') { $errors++; $_SESSION['formerrors']['add_product']['name'] = sprintf($strFieldMustNotBeBlank, $strProduct); } if ($vendor == '' or $vendor == "0") { $errors++; $_SESSION['formerrors']['add_product']['vendor'] = sprintf($strFieldMustNotBeBlank, $strVendor); } // add product if no errors if ($errors == 0) { $sql = "INSERT INTO `{$dbProducts}` (name, vendorid, description) VALUES ('{$name}', '{$vendor}', '{$description}')";
$id = cleanvar($_POST['id']); $distribution = cleanvar($_POST['distribution']); $solution = cleanvar($_POST['solution']); $kbarticle = cleanvar($_POST['kbarticle']); $kbtitle = cleanvar($_POST['kbtitle']); $symptoms = cleanvar($_POST['symptoms']); $cause = cleanvar($_POST['cause']); $question = cleanvar($_POST['question']); $answer = cleanvar($_POST['answer']); $workaround = cleanvar($_POST['workaround']); $status = cleanvar($_POST['status']); $additional = cleanvar($_POST['additional']); $references = cleanvar($_POST['references']); $wait = cleanvar($_POST['wait']); $send_email = cleanvar($_POST['send_email']); $send_engineer_email = cleanvar($_POST['send_engineer_email']); // Close the incident $errors = 0; echo "<script src='{$CONFIG['application_webpath']}scripts/webtrack.js' type='text/javascript'></script>\n"; // check for blank closing status field if ($closingstatus == 0) { $errors = 1; $error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strClosingStatus}'"), E_USER_ERROR); } if ($_REQUEST['summary'] == '' && $_REQUEST['solution'] == '') { $errors = 1; $error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSummary}' / '{$strSolution}'"), E_USER_ERROR); } plugin_do('pre_incident_closing'); if ($errors == 0) { $addition_errors = 0;
echo "<table class='vertical' align='center'>"; echo "<tr><th>{$strRole}</th><td>{$obj->id}</td></tr>"; echo "<tr><th>{$strName}</th><td><input type='text' name='rolename' id='rolename' value='{$obj->rolename}' /></td></tr>"; echo "<tr><th>{$strDescription}</th><td><textarea name='description' id='description' rows='5' cols='30'>{$obj->description}</textarea></td></tr>"; echo "</table>"; echo "<input type='hidden' name='roleid' id='roleid' value='{$roleid}' />"; echo "<p><input name='submit' type='submit' value='{$strEditRole}' /></p>"; echo "</form>"; } else { echo "<p class='warning'>{$strNoRecords}</p>"; } include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } else { $rolename = cleanvar($_REQUEST['rolename']); $description = cleanvar($_REQUEST['description']); $copyfrom = cleanvar($_REQUEST['copyfrom']); $_SESSION['formdata']['role_edit'] = $_REQUEST; if (empty($rolename)) { $errors++; $_SESSION['formerrors']['role_edit']['rolename'] = sprintf($strFieldMustNotBeBlank, $strName); } $sql = "SELECT * FROM `{$dbRoles}` WHERE rolename = '{$rolename}' AND id != {$roleid}"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (mysql_num_rows($result) > 0) { $errors++; $_SESSION['formerrors']['role_edit']['duplicaterole'] = "{$strADuplicateAlreadyExists}</p>\n"; } if ($errors == 0) {
if ($errors == 0) { $sql = "UPDATE `{$dbVendors}` SET name = '{$vendorname}' WHERE id = '{$vendorid}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } html_redirect("main.php"); } else { include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo $errors_string; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; } break; case 'edit': $vendorid = cleanvar($_REQUEST['vendorid']); $vendorname = cleanvar($_REQUEST['vendorname']); include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<h2>{$strEditVendor} {$vendorname}</h2>"; echo "<form action='{$_SERVER['PHP_SELF']}' name'editvendor'>"; echo "<table align='center'>"; echo "<tr><th>{$strVendorName}:</th><td><input maxlength='50' name='name' size='30' value='{$vendorname}'/></td></tr>"; echo "</table>"; echo "<input type='hidden' name='action' value='save' />"; echo "<input type='hidden' name='vendorid' value='{$vendorid}' />"; echo "<p align='center'><input name='submit' type='submit' value='{$strEditVendor}' /></p>"; echo "</form>"; include APPLICATION_INCPATH . 'htmlfooter.inc.php'; break; default: include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<h2>{$strEditVendor}</h2>";
<tfoot> <tr> <th colspan="6"></th> </tr> </tfoot> <tbody> <?php $counter = 1; $keys_data = $dbl->getKeys($key_expire); $num_rows = $keys_data['num_rows']; if ($num_rows > 0) { foreach ($keys_data['data'] as $reg_keys) { // get data from query and loop $reg_key = $reg_keys['reg_key']; // the reg key $comment = cleanvar($reg_keys['comment']); // comment about key $time_add = date($tformat, $reg_keys['time_add']); $email = emailLink($reg_keys['email'], ''); $admin_link = echUserLink($reg_keys['admin_id'], $reg_keys['display']); $alter = alter(); $token_keydel = genFormToken('keydel' . $reg_key); if ($mem->id == $admin_id) { // if the current user is the person who create the key allow the user to edit the key's comment $edit_comment = '<img src="" alt="[Edit]" title="Edit this comment" class="edit-key-comment" />'; } else { $edit_comment = ''; } // setup heredoc (table data) $data = <<<EOD \t\t\t<tr class="{$alter}">
require APPLICATION_LIBPATH . 'functions.inc.php'; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; // Don't return more than this number of results $maxresults = 1000; // External variables $search_title = cleanvar($_REQUEST['search_title']); $search_id = cleanvar($_REQUEST['search_id']); $search_externalid = cleanvar($_REQUEST['search_externalid']); $search_contact = cleanvar($_REQUEST['search_contact']); $search_servicelevel = cleanvar($_REQUEST['search_servicelevel']); $search_details = cleanvar($_REQUEST['search_details']); $search_range = cleanvar($_REQUEST['search_range']); $search_date = cleanvar($_REQUEST['search_date']); $search_user = cleanvar($_REQUEST['search_user']); $action = cleanvar($_REQUEST['action']); include APPLICATION_INCPATH . 'htmlheader.inc.php'; // show search incidents form if (empty($action)) { echo "<h2>" . icon('search', 32) . " "; echo "{$strSearch} ({$strAdvanced})</h2>"; echo "<form action=\"{$_SERVER['PHP_SELF']}\" method='get'>"; echo "<table class='vertical'>"; echo "<tr><th colspan='2'>{$strIncidents}</th><tr>\n"; echo "<tr><th>{$strTitle}:</th><td><input maxlength='100' name='search_title' size='30' type='text' /></td></tr>\n"; echo "<tr><th>{$strIncident} ID:</th><td><input maxlength='100' name='search_id' size='30' type='text' /></td></tr>\n"; echo "<tr><th>{$strExternalID}:</th><td><input maxlength='100' name='search_externalid' size='30' type='text' /></td></tr>\n"; echo "<tr><th>{$strServiceLevel}:</th><td>" . serviceleveltag_drop_down('search_servicelevel', 0, TRUE) . "</td></tr>\n"; echo "<tr><th>{$strContact}:</th><td><input maxlength='100' name='search_contact' size='30' type='text' /></td></tr>\n"; echo "<tr><th>{$strPriority}:</th><td>" . priority_drop_down('search_priority', 0) . "</td></tr>\n"; echo "<tr><th>{$strProduct}:</th><td>" . product_drop_down('search_product', 0) . "</td></tr>\n";
// // SiT (Support Incident Tracker) - Support call tracking system // Copyright (C) 2000-2009 Salford Software Ltd. and Contributors // // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // // Author: Tom Gerrard <tom.gerrard[at]salfordsoftware.co.uk> $permission = 27; // View your calendar require '..' . DIRECTORY_SEPARATOR . 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; require APPLICATION_LIBPATH . 'auth.inc.php'; header('Content-Type: text/plain'); foreach (array('week', 'id') as $var) { $var = cleanvar($_REQUEST['$var']); eval("\${$var}={$var};"); } $startdate = $week / 1000; $enddate = $startdate + 86400 * 7; // TODO: check for overlapping tasks and any other invalidness $sql = "UPDATE `{$dbTasks}` SET completion = 1 "; $sql .= "WHERE startdate >= '" . date("Y-m-d H:i:s", $startdate) . "' "; $sql .= "AND enddate < '" . date("Y-m-d H:i:s", $enddate) . "' "; $sql .= "AND completion = 0"; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } echo "OK"; // This is parsed later so don't internationalise
/** * Returns the contents of an SLA target update, mostly for problem definition and action plan to pre-fill the close form * @author Kieran Hogg * @param $incidentid int The incident to get the update of * @param $target string The SLA target, initialresponse, probdef etc * @return string The updates of the message, stripped of line breaks */ function sla_target_content($incidentid, $target) { $rtn = ''; global $dbUpdates; $incidentid = cleanvar($incidentid); $target = cleanvar($target); $sql = "SELECT bodytext FROM `{$dbUpdates}` "; $sql .= "WHERE incidentid = '{$incidentid}' "; $sql .= "AND sla = '{$target}' "; $sql .= "ORDER BY timestamp DESC"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } list($bodytext) = mysql_fetch_array($result); $bodytext = str_replace("<hr>", "", $bodytext); $rtn .= $bodytext; return $rtn; }
$engineerPeriod = cleanvar($_POST['engineerPeriod']); $customerPeriod = cleanvar($_POST['customerPeriod']); $timed = cleanvar($_POST['timed']); $allow_reopen = cleanvar($_POST['allow_reopen']); if ($allow_reopen != 'yes') { $allow_reopen = 'no'; } $limit = cleanvar($_POST['limit']); if ($limit == '') { $limit = 0; } if (empty($timed)) { $timed = 'no'; $allow_reopen = 'yes'; } $_SESSION['formdata']['add_servicelevel'] = cleanvar($_POST, TRUE, FALSE, FALSE, array("@"), array("'" => '"')); // Check input $errors = 0; if (empty($tag)) { $errors++; $_SESSION['formerrors']['add_servicelevel']['tag'] = sprintf($strFieldMustNotBeBlank, $strTag); } if (empty($engineerPeriod) and $timed == 'yes') { $errors++; $_SESSION['formerrors']['add_servicelevel']['engineerPeriod'] = sprintf($strFieldMustNotBeBlank, $strBillingEngineerPeriod); } if (empty($customerPeriod) and $timed == 'yes') { $errors++; $_SESSION['formerrors']['add_servicelevel']['customerPeriod'] = sprintf($strFieldMustNotBeBlank, $strBillingCustomerPeriod); } if ($errors >= 1) {
// // SiT (Support Incident Tracker) - Support call tracking system // Copyright (C) 2000-2007 Salford Software Ltd. and Contributors // // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // // Authors: Paul Heaney <paulheaney[at]users.sourceforge.net> $permission = 73; // Approve billable incidents require 'core.php'; require_once APPLICATION_LIBPATH . 'functions.inc.php'; include_once APPLICATION_LIBPATH . 'billing.inc.php'; // This page requires authentication require_once APPLICATION_LIBPATH . 'auth.inc.php'; $transactiond = cleanvar($_REQUEST['transactionid']); $title = $strBilling; include APPLICATION_INCPATH . 'htmlheader.inc.php'; $sql = "SELECT * FROM `{$GLOBALS['dbTransactions']}` WHERE transactionid = {$transactiond}"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("Error getting transaction " . mysql_error()); } if (mysql_num_rows($result) > 0) { $obj = mysql_fetch_object($result); if ($obj->transactionstatus == BILLING_AWAITINGAPPROVAL) { // function update_contract_balance($contractid, $description, $amount, $serviceid='', $transactionid='', $totalunits=0, $totalbillableunits=0, $totalrefunds=0) $r = update_contract_balance('', '', $obj->amount, $obj->serviceid, $obj->transactionid); if ($r) { html_redirect("billable_incidents.php", TRUE, "{$strTransactionApproved}"); } else {
$foc = 'no'; } if ($billtype == 'billperunit') { $incidentrate = 0; } elseif ($billtype == 'billperincident') { $unitrate = 0; } $allcontacts = 'no'; if ($contacts == 'amount') { $numcontacts = cleanvar($_REQUEST['numcontacts']); } elseif ($contacts == 'all') { $allcontacts = 'yes'; } $incident_pools = explode(',', "0,{$CONFIG['incident_pools']}"); $incident_quantity = $incident_pools[$_POST['incident_poolid']]; $_SESSION['formdata']['add_contract'] = cleanvar($_POST, TRUE, FALSE, FALSE, array("@"), array("'" => '"')); // Add maintenance to database $errors = 0; // check for blank site if ($site == 0) { $errors++; $_SESSION['formerrors']['add_contract']['site'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSite}'"), E_USER_ERROR); } // check for blank product if ($product == 0) { $errors++; $_SESSION['formerrors']['add_contract']['product'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProduct}'"), E_USER_ERROR); } // check for blank admin contact if ($admincontact == 0) { $errors++;
// // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // // Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net> $permission = 12; // View Contacts require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; $title = $strBrowseContacts; // External variables $search_string = cleanvar($_REQUEST['search_string']); $submit_value = cleanvar($_REQUEST['submit']); $displayinactive = cleanvar($_REQUEST['displayinactive']); if (empty($displayinactive)) { $displayinactive = "false"; } if ($submit_value == 'go') { // build SQL $sql = "SELECT * FROM `{$dbContacts}` "; $search_string_len = strlen(utf8_decode($search_string)); if ($search_string != '*') { $sql .= "WHERE "; if ($search_string_len <= 6) { $sql .= "id=('{$search_string}') OR "; } if ($search_string_len <= 2) { $sql .= "SUBSTRING(surname,1,{$search_string_len})=('{$search_string}') "; } else {
// unlock_update.php - Unlocks incident updates // // SiT (Support Incident Tracker) - Support call tracking system // Copyright (C) 2000-2009 Salford Software Ltd. and Contributors // // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // // This page is called from incident_html_top.inc.php $permission = 42; require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; // External variables $incomingid = cleanvar($_REQUEST['id']); if (empty($incomingid)) { trigger_error("Update ID was not set:{$updateid}", E_USER_WARNING); } $sql = "UPDATE `{$dbTempIncoming}` SET locked = NULL, lockeduntil = NULL "; $sql .= "WHERE id='{$incomingid}' AND locked = '{$sit[2]}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } else { // FIXME Have temporarily disabled the inbox feature by removing it from the menu for v3.50 release // header('Location: inbox.php'); header('Location: holding_queue.php');
// // SiT (Support Incident Tracker) - Support call tracking system // Copyright (C) 2000-2009 Salford Software Ltd. and Contributors // // This software may be used and distributed according to the terms // of the GNU General Public License, incorporated herein by reference. // $permission = 26; // Help require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; $title = "Help"; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; // External variables $id = cleanvar($_REQUEST['id']); $title = $strHelp; include APPLICATION_INCPATH . 'htmlheader.inc.php'; journal(CFG_LOGGING_MAX, 'Help Viewed', "Help document {$id} was viewed", CFG_JOURNAL_OTHER, $id); echo "<h2>" . icon('help', 32, $strHelp) . " "; if ($id > 0) { echo permission_name($id) . ' '; } echo "{$strHelp}</h2>"; echo "<div id='help'>"; $helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "help.html"; if (!file_exists($helpfile)) { $helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "en-GB/help.html"; } if (file_exists($helpfile)) { $helptext = file_get_contents($helpfile);
// This Page Is Valid XHTML 1.0 Transitional! 4Nov05 $permission = 22; // administrate require 'core.php'; require APPLICATION_LIBPATH . 'functions.inc.php'; $title = $strBrowseJournal; // This page requires authentication require APPLICATION_LIBPATH . 'auth.inc.php'; // External variables $offset = cleanvar($_REQUEST['offset']); $page = cleanvar($_REQUEST['page']); $perpage = cleanvar($_REQUEST['perpage']); $search_string = cleanvar($_REQUEST['search_string']); $type = cleanvar($_REQUEST['type']); $sort = cleanvar($_REQUEST['sort']); $order = cleanvar($_REQUEST['order']); if (empty($perpage)) { $perpage = 30; } if (empty($page)) { $page = 1; } if (empty($search_string)) { $search_string = 'a'; } include APPLICATION_INCPATH . 'htmlheader.inc.php'; echo "<h2>{$title}</h2>"; // Count number of journal records $sql = "SELECT COUNT(id) FROM `{$dbJournal}`"; $result = mysql_query($sql); list($totaljournals) = mysql_fetch_row($result);
$foc = 'no'; } if ($editbilling == "true") { $amount = cleanvar($_POST['amount']); if ($amount == '') { $amount = 0; } $unitrate = cleanvar($_POST['unitrate']); if ($unitrate == '') { $unitrate = 0; } $incidentrate = cleanvar($_POST['incidentrate']); if ($incidentrate == '') { $incidentrate = 0; } $billtype = cleanvar($_REQUEST['billtype']); if ($billtype == 'billperunit') { $incidentrate = 0; } elseif ($billtype == 'billperincident') { $unitrate = 0; } $updateBillingSQL = ", creditamount = '{$amount}', balance = '{$amount}', unitrate = '{$unitrate}', incidentrate = '{$incidentrate}' "; } if ($amount != $originalcredit) { $adjust = $amount - $originalcredit; update_contract_balance($contractid, "Credit adjusted to", $adjust, $serviceid); } $sql = "UPDATE `{$dbService}` SET startdate = '{$startdate}', enddate = '{$enddate}' {$updateBillingSQL}"; $sql .= ", notes = '{$notes}', foc = '{$foc}' WHERE serviceid = {$serviceid}"; mysql_query($sql); if (mysql_error()) {
<?php $auth_name = 'login'; require '../inc.php'; // set vars $display = cleanvar($_POST['name']); $email = cleanvar($_POST['email']); $cur_pw = cleanvar($_POST['password']); $change_pw = $_POST['change-pw']; // password is being hashed no need to validate if ($change_pw == 'on') { // check to see if the password is to be changed $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; if (!testPW($pass1)) { sendBack('Your new password contains illegal characters: = \' " or space'); } if ($pass1 != $pass2) { // if the passwords don't match send them back sendBack('The supplied passwords to do match'); } emptyInput($pass1, 'your new password'); $is_change_pw = true; // this is a change password request aswell } else { // this request requires no password change $is_change_pw = false; } // check for empty inputs emptyInput($display, 'display name'); emptyInput($email, 'email');
$auth_name = 'login'; $b3_conn = true; // this page needs to connect to the B3 database $pagination = false; // this page requires the pagination part of the footer $query_normal = false; require 'inc.php'; if (!isset($_GET['pl']) || $_GET['pl'] == '') { sendError('plug'); // send to error page with no plugin specified error exit; } $plugin = addslashes(cleanvar($_GET['pl'])); $varible = NULL; if (isset($_GET['v'])) { $varible = cleanvar($_GET['v']); } $page = $plugin; // name of the page is the plugin name $Cplug = $plugins_class["{$plugin}"]; $page_title = $Cplug->getTitle(); // get the page title from the title of the plugin $_SERVER['SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] . '?pl=' . $_GET['pl']; ## Require Header ## require 'inc/header.php'; if ($mem->reqLevel($Cplug->getPagePerm())) { // name of the plugin is also the name of the premission associated with it echo $Cplug->returnPage($varible); } // return the relevant page information for this plugin require 'inc/footer.php';