<?php
require_once './inc/func_main.php';
if (is_numeric($_REQUEST['rid'])) {
$sql_a = "SELECT * FROM " . DB_PREFIX . "c2s WHERE " . DB_PREFIX . "c2s.idsolver=" . $usrinfo['id'] . " AND " . DB_PREFIX . "c2s.idcase=" . $_REQUEST['rid'];
$res_a = MySQL_Query($sql_a);
$rec_a = MySQL_Fetch_Array($res_a);
$res = MySQL_Query("SELECT * FROM " . DB_PREFIX . "cases WHERE id=" . $_REQUEST['rid']);
if ($rec = MySQL_Fetch_Assoc($res)) {
if (($rec['secret'] == 1 || $rec['deleted'] == 1) && (!$usrinfo['right_power'] && $usrinfo['id'] != $rec_a['idsolver'])) {
unauthorizedAccess(3, $rec['secret'], $rec['deleted'], $_REQUEST['rid']);
}
auditTrail(3, 1, $_REQUEST['rid']);
pageStart(StripSlashes($rec['title']));
mainMenu(4);
if (!isset($_REQUEST['hidenotes'])) {
$hn = 0;
} else {
$hn = $_REQUEST['hidenotes'];
}
if (!isset($_REQUEST['hidesymbols'])) {
$hs = 0;
} else {
$hs = $_REQUEST['hidesymbols'];
}
if ($hn == 0 && $hs == 0) {
$spaction = '<a href="readcase.php?rid=' . $_REQUEST['rid'] . '&hidenotes=1&hidesymbols=0">skrýt poznámky</a>; <a href="readcase.php?rid=' . $_REQUEST['rid'] . '&hidenotes=0&hidesymbols=1">skrýt symboly</a>';
$backurl = 'readcase.php?rid=' . $_REQUEST['rid'] . '&hidenotes=0&hidesymbols=0';
} else {
if ($hn == 0 && $hs == 1) {
$spaction = '<a href="readcase.php?rid=' . $_REQUEST['rid'] . '&hidenotes=1&hidesymbols=1">skrýt poznámky</a>; <a href="readcase.php?rid=' . $_REQUEST['rid'] . '&hidenotes=0&hidesymbols=0">zobrazit symboly</a>';
echo _SERVICE;
?>
</A></th>
<th width="70" align=right><A HREF="platby.php?order=ser_amount&adesc=<?php
echo $adesc;
?>
"><?php
echo _AMOUNT;
?>
</A></th>
</tr>
</thead>
<?php
//vypiseme tabulky se zpravami
$i = 0;
while ($entry = MySQL_Fetch_Array($message)) {
if ($i % 2 == 0) {
$tb_class = '';
} else {
$tb_class = " class=tb_dark";
}
?>
<tbody <?php
echo $tb_class;
?>
>
<tr <?php
echo $bgcolor;
?>
>
function services_list_printing($sess, $what)
{
// page header
head_printing();
?>
<table width="650" border="0" cellspacing="0" cellpadding="3" align="center">
<TR class="td_tmave">
<td colspan="5" class="dark">
<h2><?php
//zobrazujeme aktuální nebo staré zprávy
if ($what == "all") {
echo _ALL_SERVICES;
$sort = "ser_recipient like '%'";
} else {
echo "->> " . _PAYMENTS . ":";
$sort = "to_date < NOW()";
}
?>
</h25>
</td>
</TR>
<TR class="middle">
<TD width="100"><?php
echo _DATE;
?>
</TD>
<TD width="110"><?php
echo _SERVICE_RECIPIENT;
?>
</TD>
<TD width="110"><?php
echo _SERVICE_PROVIDER;
?>
</TD>
<TD><?php
echo _SERVICE;
?>
</TD>
<TD width="70" align=right><?php
echo _AMOUNT;
?>
</TD>
</TR>
<?php
$message = MySQL_Query("SELECT * FROM uniletim_services WHERE {$sort} AND ul_group = '{$sess['4']}' ORDER BY ser_time DESC") or die($query_error);
//vybíráme zprávy - seøazeno podle id
//vypiseme tabulky se zpravami
$i = 0;
while ($entry = MySQL_Fetch_Array($message)) {
if ($i % 2 == 0) {
$bgcolor = '';
} else {
$bgcolor = " class=row";
}
?>
<TR <?php
echo $bgcolor;
?>
>
<td><?php
$ke = Explode("-", $entry[3]);
echo " " . $ke[2] . ". " . $ke[1] . ". " . $ke[0] . "";
?>
</td>
<td><?php
member_name($entry[1]);
?>
</td>
<td><?php
member_name($entry[2]);
?>
</td>
<td><?php
echo "{$entry['4']}";
?>
</td>
<td align=right><?php
echo "{$entry['5']}";
?>
</td>
</TR>
<?php
$i++;
}
// page footer
foot_printing($sess);
}
if (!@mysql_connect('localhost', $dbusr, $password)) {
echo 'fail ';
exit;
}
MySQL_Select_DB($dbusr);
// echo $dbusr;
// echo $password;
// echo $file;
// echo $lines;
$page_prefix = '';
define('DB_PREFIX', 'nw_');
MySQL_Query("SET NAMES 'utf8'");
// prihlaseni
if (isset($_REQUEST['logmein'])) {
$logres = MySQL_Query("SELECT id FROM " . DB_PREFIX . "users WHERE login='******'loginname']) . "' AND pwd='" . mysql_real_escape_string($_REQUEST['loginpwd']) . "'");
if ($logrec = MySQL_Fetch_Array($logres)) {
MySQL_Query("DELETE FROM " . DB_PREFIX . "loggedin WHERE iduser="******"INSERT INTO " . DB_PREFIX . "loggedin VALUES('" . $logrec['id'] . "','" . Time() . "','" . $sid . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','" . $_SERVER['REMOTE_ADDR'] . "')");
//MySQL_Query ("INSERT INTO ".DB_PREFIX."loggedin VALUES('".$logrec['id']."','".Time()."','".$sid."','','')");
MySQL_Query("UPDATE " . DB_PREFIX . "users SET lastlogon=" . Time() . ", ip='' WHERE id=" . $logrec['id']);
$_SESSION['sid'] = $sid;
}
}
// info o uzivateli
if (isset($_SESSION['sid'])) {
$sql = "SELECT\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.id AS 'id',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.login AS 'login',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.pwd AS 'pwd',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.idperson AS 'idperson',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.lastlogon AS 'lastlogon',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.right_power AS 'right_power',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.right_text AS 'right_text',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.right_org AS 'right_org',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.right_aud AS 'right_aud',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.timeout AS 'timeout',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.ip AS 'ip',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "users.plan AS 'plan',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "loggedin.sid AS 'sid',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "loggedin.time AS 'lastaction',\r\n\t\t\t\t\t\t\t\t\t\t\t\t" . DB_PREFIX . "loggedin.ip AS 'currip'\r\n\t\t\t\t\t\t\t\t\t\t\t\tFROM " . DB_PREFIX . "users, " . DB_PREFIX . "loggedin WHERE agent='" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "' AND " . DB_PREFIX . "loggedin.sid ='" . mysql_real_escape_string($_SESSION['sid']) . "' AND deleted=0 AND " . DB_PREFIX . "loggedin.iduser="******"users.id";
$ures = MySQL_Query($sql);
if ($usrinfo = MySQL_Fetch_Assoc($ures)) {
$loggedin = true;
// natazeni tabulky neprectenych zaznamu do promenne
function moderator()
{
//global vars
global $logged, $permissions;
//set up permissions id's and type id's
$id = intval(htmlspecialchars(trim(strip_tags($_GET['id']))));
$type = htmlspecialchars(trim(strip_tags($_GET['type'])));
$tid = intval(htmlspecialchars($_GET['tid']));
$posts = htmlspecialchars($_GET['post']);
//check what type and modes where in
switch ($type) {
case "edit":
switch ($posts) {
case "topic":
echo "TOPIC";
//gets topic data from database
$tdata_ = mysql_query("SELECT * FROM `topics` WHERE `id` = '" . $id . "' ");
$tdata = mysql_fetch_array($tdata_);
//if they don't have permission
if (($permissions['e_topic'] != 't' and $logged['username'] != $tdata['username']) || $permissions['admin'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error editing topic.", "You don't have permissions to edit this topic!");
}
if (!isset($_POST['newtopic'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "newtopic.tpl";
$Temp->tp();
$Temp->tr(array('TOPIC_NAME' => 'Edit Topic', 'TITLE' => $tdata['title'], 'DESC' => $tdata['description'], 'POST' => '', '<<HIDE>>' => '<!--', '<<HIDE_2>>' => '-->'));
echo $Temp->html;
} else {
if (empty($_POST['title'])) {
pageerror("Topic Error", "There was an error editing topic", "Please check your post because you left the topic post or topic title blank!");
} else {
$ttitle = htmlspecialchars($_POST['title']);
$description = htmlspecialchars($_POST['tdesc']);
$ndata = @mysql_query("UPDATE `topics` SET `description` = '" . $description . "', `title` = '" . $ttitle . "' WHERE `id` = '" . $id . "' ");
if (!$ndata) {
pageerror("Topic Error", "There was an error editing topic", "There was an error updating sql: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Updated!", "Thank you now your topic was sucessfully updated.", "index.php?act=topicshow&id=" . $id);
}
}
break;
case "reply":
//Selects reply data from db
$pdata_ = mysql_query("SELECT * FROM `replies` WHERE `id` = '" . $id . "' ");
$pdata = mysql_fetch_array($pdata_);
if ($permissions['e_post'] != 't' and $logged['username'] != $pdata['username'] or $permissions['admin'] != 't') {
logs("Invalid User", "1");
pageerror("Reply Error", "There was an error editing reply.", "You don't have permissions to edit this post!");
}
if (!isset($_POST['newreply'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "newreply.tpl";
$Temp->tp();
$Temp->tr(array('POST' => $pdata['post'], 'NAME' => "Edit Reply"));
echo $Temp->html;
} else {
$rpost = htmlspecialchars($_POST['post']);
if (empty($_POST['post'])) {
pageerror("Reply Error", "There was an error editing reply.", "You left the post field blank please go back and check again!");
} else {
$pdata = @mysql_query("UPDATE `replies` SET `post` = '" . $rpost . "' WHERE `id` = '" . $id . "' ");
if (!$pdata) {
pageerror("Reply Error", "There was an error editing reply.", "There was an sql error: " . mysql_error());
}
finished("Reply Updated!", "Current Post was Updated!", "Thank you now your reply was sucessfully updated.", "index.php?act=topicshow&id=" . $tid);
}
}
break;
}
break;
case "delete":
//Checks if user has permissiosn
if ($permissions['d_post'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!");
}
switch ($posts) {
case "reply":
if (!isset($_POST['submit'])) {
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "mode_delete.tpl";
$Temp->tp();
echo $Temp->html;
} else {
if (isset($_POST['del'])) {
if (mysql_query("DELETE FROM `replies` WHERE `id` = '" . $id . "'")) {
finished("Post deleted Successfully", "", "Your post was deleted successfully, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid);
} else {
pageerror("Deletion Error", "", "There was a problem deleting post, please contact the NevuxAB Support Tech.");
}
} else {
finished("Post Message", "", "No action was taken, please wait while your being redirected.", "index.php?act=topicshow&id=" . $tid);
}
}
break;
}
break;
case "opentopic":
if ($permissions['o_topic'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error opening topic.", "You don't have permissions to open this topic!");
}
$otopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' ");
$otopic = mysql_fetch_array($otopic);
if ($otopic['closed'] == 1) {
pageerror("Topic Error", "", "Topic is already Opened!");
} else {
$topic_update = mysql_query("UPDATE `topics` SET `closed` = '1' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully opened.", "index.php?act=topicshow&id=" . $tid);
}
break;
case "closetopic":
if ($permissions['c_topic'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error closing topic.", "You don't have permissions to close this topic!");
}
$ctopic = mysql_query("SELECT `closed` FROM `topics` WHERE `id` = '" . $tid . "' ");
$ctopic = mysql_fetch_array($ctopic);
if ($ctopic['closed'] == 0) {
pageerror("Topic Error", "", "Topic is already closed!");
} else {
$topic_update = mysql_query("UPDATE `topics` SET `closed` = '0' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Closed!", "Thank you now your topic was sucessfully Closed.", "index.php?act=topicshow&id=" . $tid);
}
break;
case "sticktopic":
if ($permissions['topic_pin'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error Pinning topic.", "You don't have permissions to Pin this topic!");
}
$stopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' ");
$stopic = mysql_fetch_array($stopic);
if ($stopic['sticky'] == 0) {
pageerror("Topic Error", "", "Topic is already Pinned!");
} else {
$topic_update = mysql_query("UPDATE `topics` SET `sticky` = '0' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was sucessfully Pinned.", "index.php?act=topicshow&id=" . $tid);
}
break;
case "unsticktopic":
if ($permissions['topic_pin'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error Un-Pinning topic.", "You don't have permissions to Un-Pin this topic!");
}
$ustopic = mysql_query("SELECT `sticky` FROM `topics` WHERE `id` = '" . $tid . "' ");
$ustopic = mysql_fetch_array($ustopic);
if ($ustopic['sticky'] == 1) {
pageerror("Topic Error", "", "Topic is already Un-Pinned!");
} else {
$topic_update = mysql_query("UPDATE topics SET sticky = '1' WHERE `id` = '" . $tid . "' ");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Un-Pinned!", "Thank you now your topic was sucessfully Un-Pinned.", "index.php?act=topicshow&id={$tid}");
}
break;
case "move":
if ($permissions['m_topic'] != 't') {
logs("Invalid User", "1");
pageerror("Topic Error", "There was an error moving topic.", "You don't have permissions to move this topic!");
}
$nparent = htmlspecialchars($_POST['to']);
if (isset($_POST['update'])) {
$topic_update = mysql_query("UPDATE `topics` SET `fid` = '" . $nparent . "' WHERE `id` = '" . $id . "'");
if (!$topic_update) {
pageerror("Topic Error", "", "There was an error updating topic: " . mysql_error());
}
finished("Topic Updated!", "Current Topic was Pinned!", "Thank you now your topic was moved sucessfully.", "index.php?act=topicshow&id=" . $id);
} else {
$gettopics = mysql_query("SELECT * FROM `forums` ORDER BY `id` ASC");
$values = "";
while ($showtopics = MySQL_Fetch_Array($gettopics)) {
$values .= "<option value='" . $showtopics['id'] . "'>" . $showtopics['title'] . "</option>";
}
$Temp = new Template();
$Temp->dir = $logged['dskin'];
$Temp->file = "mode_move.tpl";
$Temp->tp();
$Temp->tr(array('OPTIONS' => $values));
echo $Temp->html;
}
break;
}
}