/** * This function is beign used to load info that's needed for the userlist page. * this function will return all users by using he pagination class, so that it can be used in the template. Only Mods and Admins can browse this page though. * @author Daan Janssens, mentored by Matthew Lagoe */ function userlist() { if (Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) { $pagination = new Pagination(WebUsers::getAllUsersQuery(), "web", 10, "WebUsers"); $pageResult['userlist'] = Gui_Elements::make_table($pagination->getElements(), array("getUId", "getUsername", "getEmail"), array("id", "username", "email")); $pageResult['links'] = $pagination->getLinks(5); $pageResult['lastPage'] = $pagination->getLast(); $pageResult['currentPage'] = $pagination->getCurrent(); $i = 0; foreach ($pageResult['userlist'] as $user) { $pageResult['userlist'][$i]['permission'] = Ticket_User::constr_ExternId($pageResult['userlist'][$i]['id'])->getPermission(); $i++; } if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) { $pageResult['isAdmin'] = "TRUE"; } global $INGAME_WEBPATH; $pageResult['ingame_webpath'] = $INGAME_WEBPATH; global $BASE_WEBPATH; $pageResult['base_webpath'] = $BASE_WEBPATH; return $pageResult; } else { //ERROR: No access! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } }
/** * This function is beign used to load info that's needed for the login page. * it will try to auto-login, this can only be used while ingame, the web browser sends additional cookie information that's also stored in the open_ring db. * We will compare the values and if they match, the user will be automatically logged in! * @author Daan Janssens, mentored by Matthew Lagoe */ function login() { global $INGAME_WEBPATH; global $WEBPATH; if (helpers::check_if_game_client()) { //check if you are logged in ingame, this should auto login $result = Helpers::check_login_ingame(); if ($result) { //handle successful login $_SESSION['user'] = $result['name']; $_SESSION['id'] = WebUsers::getId($result['name']); $_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id'])); //go back to the index page. header("Cache-Control: max-age=1"); if (Helpers::check_if_game_client()) { header('Location: ' . $INGAME_WEBPATH); } else { header('Location: ' . $WEBPATH); } throw new SystemExit(); } } $pageElements['ingame_webpath'] = $INGAME_WEBPATH; $GETString = ""; foreach ($_GET as $key => $value) { $GETString = $GETString . $key . '=' . $value . "&"; } if ($GETString != "") { $GETString = '?' . $GETString; } $pageElements['getstring'] = $GETString; return $pageElements; }
/** * This function is beign used to add a user to a support group. * It will first check if the user who executed this function is an admin. If the user exists it will try to add it to the supportgroup, in case it's not a mod or admin it will not * add it to the group. if the executing user is not an admin or not logged in, the page will be redirected to the error page. * @author Daan Janssens, mentored by Matthew Lagoe */ function add_user_to_sgroup() { global $INGAME_WEBPATH; global $WEBPATH; if (WebUsers::isLoggedIn()) { //check if the that executed the task is an admin. if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user'])) && isset($_POST['target_id'])) { $name = filter_var($_POST['Name'], FILTER_SANITIZE_STRING); $id = filter_var($_POST['target_id'], FILTER_SANITIZE_NUMBER_INT); $user_id = WebUsers::getId($name); if ($user_id != "") { //if the target user is a mod/admin if (Ticket_User::constr_ExternId($user_id)->getPermission() > 1) { //add it to the support group $result['RESULT_OF_ADDING'] = Support_Group::addUserToSupportGroup($user_id, $id); } else { //return error message. $result['RESULT_OF_ADDING'] = "NOT_MOD_OR_ADMIN"; } } else { $result['RESULT_OF_ADDING'] = "USER_NOT_EXISTING"; } //$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission(); //$result['no_visible_elements'] = 'FALSE'; //$result['username'] = $_SESSION['user']; //global $SITEBASE; //require_once($SITEBASE . 'inc/show_sgroup.php'); //$result= array_merge($result, show_sgroup()); //helpers :: loadtemplate( 'show_sgroup', $result); if (Helpers::check_if_game_client()) { header("Cache-Control: max-age=1"); header("Location: " . $INGAME_WEBPATH . "?page=show_sgroup&id=" . $id); } else { header("Cache-Control: max-age=1"); header("Location: " . $WEBPATH . "?page=show_sgroup&id=" . $id); } throw new SystemExit(); } else { //ERROR: No access! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } } else { //ERROR: not logged in! header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }
/** * This function is beign used to login a user. * It will first check if the sent POST data returns a match with the DB, if it does, some session variables will be appointed to the user and he will be redirected to the index page again. * If it didn't match, the template will be reloaded and a matching error message will be shown. * @author Daan Janssens, mentored by Matthew Lagoe */ function login() { global $INGAME_WEBPATH; global $WEBPATH; try { $login_value = filter_var($_POST['LoginValue'], FILTER_SANITIZE_STRING); $password = filter_var($_POST['Password'], FILTER_SANITIZE_STRING); //check if the filtered sent POST data returns a match with the DB $result = WebUsers::checkLoginMatch($login_value, $password); if ($result != "fail") { //handle successful login $_SESSION['user'] = $result['Login']; $_SESSION['id'] = $result['UId']; $_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id'])); $user = new WebUsers($_SESSION['id']); $_SESSION['Language'] = $user->getLanguage(); $GETString = ""; foreach ($_GET as $key => $value) { $GETString = $GETString . $key . '=' . $value . "&"; } if ($GETString != "") { $GETString = '?' . $GETString; } //go back to the index page. header("Cache-Control: max-age=1"); if (Helpers::check_if_game_client()) { header('Location: ' . $INGAME_WEBPATH . $GETString); } else { header('Location: ' . $WEBPATH . $GETString); } throw new SystemExit(); } else { //handle login failure $result = array(); $result['login_error'] = 'TRUE'; $result['no_visible_elements'] = 'TRUE'; helpers::loadtemplate('login', $result); throw new SystemExit(); } } catch (PDOException $e) { //go to error page or something, because can't access website db print_r($e); throw new SystemExit(); } }
/** * This function is beign used to change the permission of a ticket_user. * It will first check if the user who executed this function is an admin. If this is not the case the page will be redirected to an error page. * in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1), the change will be executed and the page will * redirect to the users profile page. * @author Daan Janssens, mentored by Matthew Lagoe */ function change_permission() { global $INGAME_WEBPATH; global $WEBPATH; //if logged in if (WebUsers::isLoggedIn()) { //check if user who executed this function is an admin if (ticket_user::isAdmin(unserialize($_SESSION['ticket_user']))) { //in case the $_GET['value'] is smaller than 4 and the user whoes permission is being changed is different from the admin(id 1) if (isset($_GET['user_id']) && isset($_GET['value']) && $_GET['user_id'] != 1 && $_GET['value'] < 4) { $user_id = filter_var($_GET['user_id'], FILTER_SANITIZE_NUMBER_INT); $value = filter_var($_GET['value'], FILTER_SANITIZE_NUMBER_INT); //execute change. Ticket_User::change_permission(Ticket_User::constr_ExternId($user_id)->getTUserId(), $value); header("Cache-Control: max-age=1"); if (Helpers::check_if_game_client()) { header("Location: " . $INGAME_WEBPATH . "?page=show_user&id=" . $user_id); } else { header("Location: " . $WEBPATH . "?page=show_user&id=" . $user_id); } throw new SystemExit(); } else { //ERROR: GET PARAMS not given or trying to change admin header("Cache-Control: max-age=1"); if (Helpers::check_if_game_client()) { header("Location: " . $INGAME_WEBPATH . "?page=show_user&id=" . $user_id); } else { header("Location: " . $WEBPATH . "?page=show_user&id=" . $user_id); } throw new SystemExit(); } } else { //ERROR: No access! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } } else { //ERROR: not logged in! header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }
/** * This function is beign used to load info that's needed for the show_user page. * Users can only browse their own user page, while mods/admins can browse all user pages. The current settings of the user being browsed will be loaded, as also their created tickets * and this info will be returned so it can be used by the template. * @author Daan Janssens, mentored by Matthew Lagoe */ function show_user() { //if logged in if (WebUsers::isLoggedIn()) { //Users can only browse their own user page, while mods/admins can browse all user pages if (!isset($_GET['id']) || Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) || $_GET['id'] == $_SESSION['id']) { if (isset($_GET['id'])) { $result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT); } else { $result['target_id'] = $_SESSION['id']; } $webUser = new WebUsers($result['target_id']); $result['target_name'] = $webUser->getUsername(); $result['mail'] = $webUser->getEmail(); $info = $webUser->getInfo(); $result['firstName'] = $info['FirstName']; $result['lastName'] = $info['LastName']; $result['country'] = $info['Country']; $result['gender'] = $info['Gender']; $ticket_user = Ticket_User::constr_ExternId($result['target_id']); $result['userPermission'] = $ticket_user->getPermission(); if (Ticket_User::isAdmin(unserialize($_SESSION['ticket_user']))) { $result['isAdmin'] = "TRUE"; } $ticketlist = Ticket::getTicketsOf($ticket_user->getTUserId()); $result['ticketlist'] = Gui_Elements::make_table($ticketlist, array("getTId", "getTimestamp", "getTitle", "getStatus", "getStatusText", "getStatusText", "getCategoryName"), array("tId", "timestamp", "title", "status", "statustext", "statusText", "category")); global $INGAME_WEBPATH; $result['ingame_webpath'] = $INGAME_WEBPATH; return $result; } else { //ERROR: No access! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } } else { //ERROR: not logged in! header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }
/** * return the ticket_user id from an email address. * @param $email the emailaddress of a user. * @return the ticket_user id related to that email address, in case none, return "FALSE". */ public static function get_id_from_email($email) { $webUserId = WebUsers::getIdFromEmail($email); if ($webUserId != "FALSE") { $user = Ticket_User::constr_ExternId($webUserId); return $user->getTUserId(); } else { return "FALSE"; } }
/** * This function is beign used to create a new ticket. * It will first check if the user who executed this function is the person of whom the setting is or if it's a mod/admin. If this is not the case the page will be redirected to an error page. * next it will filter the POST data and it will try to create the new ticket. Afterwards a redirecion to the ticket will occur. * @author Daan Janssens, mentored by Matthew Lagoe */ function create_ticket() { //if logged in global $INGAME_WEBPATH; global $WEBPATH; $return = array(); $error = false; if (WebUsers::isLoggedIn() && isset($_SESSION['ticket_user'])) { if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Title'])) < 2) { $return = array_merge($_POST, $return); $return['no_visible_elements'] = 'FALSE'; $catArray = Ticket_Category::getAllCategories(); $return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission(); $return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId"); $return['TITLE_ERROR_MESSAGE'] = "Title must not be blank!"; $return['TITLE_ERROR'] = true; $error = true; } if (strlen(preg_replace('/\\s\\s+/', ' ', $_POST['Content'])) < 2) { $return = array_merge($_POST, $return); $return['no_visible_elements'] = 'FALSE'; $catArray = Ticket_Category::getAllCategories(); $return['permission'] = unserialize($_SESSION['ticket_user'])->getPermission(); $return['category'] = Gui_Elements::make_table_with_key_is_id($catArray, array("getName"), "getTCategoryId"); $return['CONTENT_ERROR_MESSAGE'] = "Content must not be blank!"; $return['CONTENT_ERROR'] = true; $error = true; } if ($error) { helpers::loadTemplate('createticket', $return); throw new SystemExit(); } if (isset($_POST['target_id'])) { //if target_id is the same as session id or is admin if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) { $category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT); $title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING); $content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING); try { if ($_POST['target_id'] == $_SESSION['id']) { //if the ticket is being made for the executing user himself $author = unserialize($_SESSION['ticket_user'])->getTUserId(); } else { //if a mod tries to make a ticket for someone else $author = Ticket_User::constr_ExternId($_POST['target_id'])->getTUserId(); } //create the ticket & return the id of the newly created ticket. $ticket_id = Ticket::create_Ticket($title, $content, $category, $author, unserialize($_SESSION['ticket_user'])->getTUserId(), 0, $_POST); //redirect to the new ticket. if (Helpers::check_if_game_client()) { header("Cache-Control: max-age=1"); header("Location: " . $INGAME_WEBPATH . "?page=show_ticket&id=" . $ticket_id); } else { header("Cache-Control: max-age=1"); header("Location: " . $WEBPATH . "?page=show_ticket&id=" . $ticket_id); throw new SystemExit(); } } catch (PDOException $e) { //ERROR: LIB DB is not online! print_r($e); throw new SystemExit(); header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } } else { //ERROR: permission denied! $_SESSION['error_code'] = "403"; header("Cache-Control: max-age=1"); header("Location: index.php?page=error"); throw new SystemExit(); } } else { //ERROR: The form was not filled in correclty header("Cache-Control: max-age=1"); header("Location: index.php?page=createticket"); throw new SystemExit(); } } else { //ERROR: user is not logged in header("Cache-Control: max-age=1"); header("Location: index.php"); throw new SystemExit(); } }