//$powerRequired = $RankResult['access_power']; $powerRequired = CheckAccess('edit_members'); if (isset($_SESSION["userName"]) && $_SESSION["userName"] != "") { $theName = $_SESSION["userName"]; if (isset($_SESSION["power"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted($theName); } else { AccessDenied(); } } else { AccessDenied(); //There should be a switch code for how this page failed } } else { AccessDenied(); } function AccessGranted($adminName) { $userList[0] = "Default"; $userIdArray[0] = 0; $userRank[0] = 0; $userCount = 0; $selectedUser = 0; $rankList[0] = ""; $rankIdArray[0] = 0; $rankCount = 0; global $conn; $sql = "Select\n\t\t\t\t\t\t\t\t\tuser_id, user_name, Users.rank_id\n\t\t\t\t\t\t\t\tFrom\n\t\t\t\t\t\t\t\t\tUsers\n\t\t\t\t\t\t\t\tLeft Join\n\t\t\t\t\t\t\t\t\tRanks on Ranks.rank_id = Users.rank_id\n\t\t\t\t\t\t\t\tWhere\n\t\t\t\t\t\t\t\t\trank_power > -1\n\t\t\t\t\t\t\t\torder by\n\t\t\t\t\t\t\t\t\tuser_name"; $result = mysql_query($sql, $conn) or die(mysql_error()); while ($row = mysql_fetch_assoc($result)) {
if ($error == "") { if ((int) $result['status'] == 2) { squery("UPDATE karnaf_tickets SET status=1,lastupd_time=%d WHERE id=%d AND status=2", time(), $id); send_memo($result['rep_u'], "User has added an attachment to ticket #" . $result['id'] . ". For more information visit: " . KARNAF_URL . "/edit.php?id=" . $result['id']); } echo "<div class=\"status\">Your attachment has been saved.</div><br>"; } else { echo "<div class=\"status_err\">Error: " . $error . "</div><br>"; } } if ($isoper) { if (IsGroupMember($result['rep_g']) || IsKarnafAdminSession()) { $isadmin = 1; } if ($result['is_private'] && !$isadmin) { AccessDenied("Ticket is marked as private."); } add_log("karnaf_view", $result['id']); if (isset($_GET['usermode'])) { $isoper = $isadmin = 0; } else { make_menus("Karnaf (HelpDesk)"); } } if ($isoper && defined("IRC_MODE")) { echo "<center>*** You are an IRC Operator and see things users don't ***</center><br>\r\n"; } ?> <table width="100%" class="view_ticket_table"> <tr> <td valign="top" width="50%">
# See the LICENSE file for more information. # ################################################################## require_once "karnaf_header.php"; CheckOperSession(); $id = $_GET['id']; if (empty($id) || !is_numeric($id)) { safe_die("Invalid Ticket ID!"); } show_title("Ticket #" . $id); make_menus("Karnaf (HelpDesk)"); $query = squery("SELECT t.id,t.randcode,t.status,t.description,t.unick,t.ufullname,t.uemail,t.uphone,t.uip,t.rep_u,\nt.rep_g,t.open_time,t.opened_by,t.is_real,t.is_private,t.email_upd,t.memo_upd,c1.name AS cat1_name,c2.name AS cat2_name,c3.name AS\ncat3_name,s.status_name,up.priority_name AS upriority,sp.priority_name AS priority,g.private_actions,t.merged_to,t.cc,up.priority_id \nAS upriority_id, sp.priority_id,t.ext1,t.ext2,t.ext3,t.title \nFROM (karnaf_tickets AS t INNER JOIN karnaf_cat3 AS c3 ON c3.id=t.cat3_id INNER JOIN karnaf_cat2 AS c2 ON c2.id=c3.parent\nINNER JOIN karnaf_cat1 AS c1 ON c1.id=c2.parent INNER JOIN karnaf_statuses AS s ON s.status_id=t.status INNER JOIN karnaf_priorities AS up ON\nup.priority_id=t.upriority INNER JOIN karnaf_priorities AS sp ON sp.priority_id=t.priority LEFT JOIN groups AS g ON g.name=t.rep_g) WHERE t.id=%d", $id); if (!($result = sql_fetch_array($query))) { safe_die("Invalid Ticket ID!"); } if (!IsGroupMember($result['rep_g']) && !IsKarnafAdminSession()) { AccessDenied("Ticket is assigned to another team."); } $autoload = 1; if (isset($_GET['reassign'])) { $autoload = 5; } $autostatus = ""; if (isset($_POST['is_private']) && $_POST['is_private'] == "on") { $is_private = 1; } else { $is_private = 0; } if (isset($_POST['is_waiting']) && $_POST['is_waiting'] == "on") { $is_waiting = 1; } else { $is_waiting = 0;
$result = mysql_query($sql, $conn) or die(mysql_error()); while ($row = mysql_fetch_assoc($result)) { foreach ($row as $name => $value) { if ($name == "access_power") { $powerRequired = $value; } } } if (isset($_SESSION["power"]) && isset($_SESSION["userName"])) { if ($_SESSION["power"] >= $powerRequired) { AccessGranted(); } elseif ($_SESSION["power"] < $powerRequired) { AccessDenied(1); } } else { AccessDenied(0); } function AccessGranted() { global $conn; $sql = "SELECT\n\t\t\t\t\t\tkey_id\n\t\t\t\t\tFROM\n\t\t\t\t\t\tEveAPIKeys\n\t\t\t\t\tWhere\n\t\t\t\t\t\tinUse = 1"; $result = mysql_query($sql, $conn) or die(mysql_error()); $fail = false; $keyIdYo = -1; while ($row = mysql_fetch_assoc($result)) { foreach ($row as $name => $value) { if ($name == "key_id") { $keyIdYo = $value; } } }
# Karnaf HelpDesk System - Copyright (C) 2001-2015 Kobi Shmueli. # # See the LICENSE file for more information. # ################################################################## require "../ktools.php"; check_auth(); ?> <html> <head> <title>Karnaf v<?php echo KARNAF_VERSION; ?> </title> </head> <?php if (!isset($a_user) || $a_user == "Guest") { AccessDenied(""); } else { if (IsKarnafOperSession()) { ?> <frameset border="0" cols="100,*"> <frame name="menu" src="menu.php" scrolling="no"> <frame name="main" src="mylist.php" scrolling="auto"> </frameset> <?php } else { ?> <frameset border="0" cols="*"> <frame name="main" src="new.php" scrolling="auto"> </frameset> <?php }
if ($oplist['op_id'] == $selectedOp) { echo " selected = 'selected'"; } echo ">" . $oplist['op_name']; echo "</option>"; } echo "</select>"; echo "<fieldset>"; echo "<legend>Hanger Data</legend>"; echo "<textarea rows='40' cols='100' name='opData'></textarea>"; echo "<br />"; echo "<input type='submit' value='Submit' />"; echo "</fieldset>"; echo "</form>"; } else { AccessDenied(1); } ?> </div> <!-- InstanceEndEditable --> <!-- Add Footer --> <?php include 'footer.html'; ?> </DIV> </td> </tr> </table> </body>
function CheckOperSession($requiredacc = 0) { global $a_groups, $a_operlev; $res = 0; if (in_array(KARNAF_ADMINS_GROUP, $a_groups) || in_array(KARNAF_OPERS_GROUP, $a_groups)) { $res = 1; } if ($res != 1) { AccessDenied("This page is limited to Server Operators."); } if ($a_operlev < $requiredacc) { AccessDenied("This page is limited to {$requiredacc}."); } return $res; }
################################################################## require_once "../ktools.php"; check_auth(); $id = $_GET['id']; if (empty($id) || !is_numeric($id)) { safe_die("Invalid Ticket ID!"); } if (isset($_GET['code']) && !empty($_GET['code'])) { $randcode = $_GET['code']; } else { $randcode = 0; } $query = squery("SELECT unick,randcode,open_time FROM karnaf_tickets WHERE id=%d", $id); if ($result = sql_fetch_array($query)) { if (!IsKarnafOperSession() && $randcode != $result['randcode'] && ($nick != $result['unick'] || $nick == "Guest" || $a_regtime > (int) $result['open_time'])) { AccessDenied("You must provide the ticket verification code to view this page."); } if (isset($_GET['download'])) { $download = $_GET['download']; } else { $download = 0; } $query2 = squery("SELECT file_name,file_type,file_size FROM karnaf_files WHERE id=%d AND tid=%d", $download, $id); if (!$query2) { safe_die("Error: can't find file!"); } $result2 = sql_fetch_array($query2); if (!$result2) { safe_die("Error: can't find file!"); } if ((int) $result2['file_size'] != 0) {