public function delete()
{
if (!empty($_POST['del'])) {
// Nuke departments..
mysql_query("DELETE FROM `" . DB_PREFIX . "departments`\n WHERE `id` IN(" . implode(',', $_POST['del']) . ")\n\t") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = mysql_affected_rows();
// Nuke user department association..
mysql_query("DELETE FROM `" . DB_PREFIX . "userdepts`\n WHERE `deptID` IN(" . implode(',', $_POST['del']) . ")\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
if (mswRowCount('departments') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "departments`");
}
if (mswRowCount('userdepts') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "userdepts`");
}
// Rebuild order sequence..
$seq = 0;
$q = mysql_query("SELECT `id` FROM `" . DB_PREFIX . "departments` ORDER BY `orderBy`");
while ($RB = mysql_fetch_object($q)) {
$n = ++$seq;
mysql_query("UPDATE `" . DB_PREFIX . "departments` SET\n\t `orderBy` = '{$n}'\n WHERE `id` = '{$RB->id}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
}
return $rows;
}
return '0';
}
public function deleteCustomFields()
{
if (!empty($_POST['del'])) {
mysql_query("DELETE FROM `" . DB_PREFIX . "cusfields` \n WHERE `id` IN(" . implode(',', $_POST['del']) . ") \n\t") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = mysql_affected_rows();
mysql_query("DELETE FROM `" . DB_PREFIX . "ticketfields` \n WHERE `fieldID` IN(" . implode(',', $_POST['del']) . ") \n\t") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
if (mswRowCount('cusfields') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "cusfields`");
}
if (mswRowCount('ticketfields') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "ticketfields`");
}
// Rebuild sequence..
fields::rebuildSequence();
return $rows;
}
return '0';
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This File: ticket-ajax.php
Description: System File
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
if (!defined('PARENT')) {
$HEADERS->err403(true);
}
// Access..
if (!in_array($cmd, $userAccess) && $MSTEAM->id != '1') {
$HEADERS->err403(true);
}
// Delete attachments
if (isset($_GET['delAttach']) && isset($_GET['t']) && isset($_GET['r'])) {
$acount = 0;
$text = str_replace('{count}', '0', $msg_viewticket41);
$ids = array();
if (!empty($_POST['attachments'])) {
$ids = $MSTICKET->deleteAttachments();
$acount = mswRowCount('attachments WHERE `ticketID` = \'' . (int) $_GET['t'] . '\' AND `replyID` = \'' . (int) $_GET['r'] . '\'');
if ($acount > 0) {
$text = str_replace('{count}', $acount, '<a id="link' . $_GET['t'] . '_' . $_GET['r'] . '" href="#" onclick="jQuery(\'#attachments_' . $_GET['t'] . '_' . $_GET['r'] . '\').slideDown(\'slow\');return false">' . $msg_viewticket41 . '</a>');
}
}
echo $JSON->encode(array('count' => $acount, 'ids' => !empty($ids) ? implode(',', $ids) : 'none', 'text' => '<i class="icon-paper-clip"></i> ' . $text));
exit;
}
// We stop here..
exit;
if ($PORTAL->language && file_exists(LANG_BASE_PATH . $PORTAL->language . '/mail-templates/admin-dispute-user-current.txt')) {
$mailT = LANG_BASE_PATH . $PORTAL->language . '/mail-templates/admin-dispute-user-current.txt';
$pLang = $PORTAL->language;
} else {
$mailT = LANG_PATH . 'admin-dispute-user-current.txt';
}
$userID = $PORTAL->id;
} else {
$pass = $MSPORTAL->ms_generate();
$mailT = LANG_PATH . 'admin-dispute-user-new.txt';
$userID = $MSACC->add(array('name' => $name, 'email' => $email, 'userPass' => $pass, 'enabled' => 'yes', 'timezone' => '', 'ip' => '', 'notes' => ''));
$PORTAL = new stdclass();
$PORTAL->email = $email;
}
// If this user isn`t in dispute already, add them..
if ($PORTAL->email != $USER->email && mswRowCount('disputes WHERE `ticketID` = \'' . $tickID . '\' AND `visitorID` = \'' . $userID . '\'') == 0) {
$MSTICKET->addDisputeUser($tickID, $userID, $priv);
// Send notification if enabled..
if ($send == 'yes') {
$MSMAIL->addTag('{NAME}', $name);
$MSMAIL->addTag('{TITLE}', $TICKET->subject);
$MSMAIL->addTag('{EMAIL}', $email);
$MSMAIL->addTag('{PASSWORD}', $pass);
$MSMAIL->addTag('{ID}', $tickID);
$MSMAIL->addTag('{USER}', $USER->name);
$MSMAIL->sendMSMail(array('from_email' => $SETTINGS->email, 'from_name' => $SETTINGS->website, 'to_email' => $email, 'to_name' => $name, 'subject' => str_replace(array('{website}', '{ticket}'), array($SETTINGS->website, mswTicketNumber($tickID)), $emailSubjects['dispute']), 'replyto' => array('name' => $SETTINGS->website, 'email' => $SETTINGS->replyto ? $SETTINGS->replyto : $SETTINGS->email), 'template' => $mailT, 'language' => isset($pLang) ? $pLang : $SETTINGS->language, 'alive' => 'yes'));
}
$new[] = $name;
++$count;
}
}
public function updateTicket()
{
$tickID = (int) $_GET['id'];
$deptID = (int) $_POST['dept'];
$rows = 0;
mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n `lastrevision` = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n `department` = '{$deptID}',\n `subject` = '" . mswSafeImportString($_POST['subject']) . "',\n `comments` = '" . mswSafeImportString($_POST['comments']) . "',\n `priority` = '" . mswSafeImportString($_POST['priority']) . "'\n WHERE `id` = '{$tickID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = $rows + mysql_affected_rows();
// Custom field data..
if (!empty($_POST['customField'])) {
// Check to see if any checkboxes arrays are now blank..
// If there are, create empty array to prevent ommission in loop..
if (!empty($_POST['hiddenBoxes'])) {
foreach ($_POST['hiddenBoxes'] as $hb) {
if (!isset($_POST['customField'][$hb])) {
$_POST['customField'][$hb] = array();
}
}
}
foreach ($_POST['customField'] as $k => $v) {
$data = '';
// If value is array, its checkboxes..
if (is_array($v)) {
if (!empty($v)) {
$data = implode('#####', $v);
}
} else {
$data = $v;
}
$k = (int) $k;
// If data exists, update or add entry..
// If blank or 'nothing-selected', delete if exists..
if ($data != '' && $data != 'nothing-selected') {
if (mswRowCount('ticketfields WHERE `ticketID` = \'' . $tickID . '\' AND `fieldID` = \'' . $k . '\' AND `replyID` = \'0\'') > 0) {
mysql_query("UPDATE `" . DB_PREFIX . "ticketfields` SET\n `fieldData` = '" . mswSafeImportString($data) . "'\n WHERE `ticketID` = '{$tickID}'\n AND `fieldID` = '{$k}'\n AND `replyID` = '0'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = $rows + mysql_affected_rows();
} else {
mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n `fieldData`,`ticketID`,`fieldID`,`replyID`\n ) VALUES (\n '" . mswSafeImportString($data) . "','{$tickID}','{$k}','0'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = $rows + mysql_affected_rows();
}
} else {
mysql_query("DELETE FROM `" . DB_PREFIX . "ticketfields`\n WHERE `ticketID` = '{$tickID}'\n AND `fieldID` = '{$k}'\n AND `replyID` = '0'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = $rows + mysql_affected_rows();
if (mswRowCount('ticketfields') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "ticketfields`");
}
}
}
}
// If department was changed, update attachments..
if ($deptID != $_POST['odeptid']) {
mysql_query("UPDATE `" . DB_PREFIX . "attachments` SET\n `department` = '{$deptID}'\n WHERE `ticketID` = '{$tickID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Check assignment..If department has assign disabled, we need to clear assigned values from ticket..
if (mswRowCount('departments WHERE `id` = \'' . $deptID . '\' AND `manual_assign` = \'no\'') > 0) {
mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n `assignedto` = ''\n WHERE `id` = '{$tickID}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
}
}
return $rows;
}
}
if (isset($_GET['keys']) && $_GET['keys']) {
$_GET['keys'] = mswSafeImportString(strtolower($_GET['keys']));
$SQL = 'WHERE LOWER(`fieldInstructions`) LIKE \'%' . $_GET['keys'] . '%\' OR LOWER(`fieldOptions`) LIKE \'%' . $_GET['keys'] . '%\'';
}
$q = mysql_query("SELECT SQL_CALC_FOUND_ROWS * FROM `" . DB_PREFIX . "cusfields`\n {$SQL}\n\t\t\t {$orderBy}\n\t\t\t\tLIMIT {$limitvalue},{$limit}\n\t\t\t\t") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`"));
$countedRows = isset($c->rows) ? $c->rows : '0';
?>
<div class="content">
<div class="header">
<?php
// Order By..
if (mswRowCount('cusfields') > 0) {
$links = array(array('link' => '?p=' . $_GET['p'] . '&orderby=title_asc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_customfields37), array('link' => '?p=' . $_GET['p'] . '&orderby=title_desc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_customfields38), array('link' => '?p=' . $_GET['p'] . '&orderby=order_asc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_levels23), array('link' => '?p=' . $_GET['p'] . '&orderby=order_desc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_levels24));
echo $MSBOOTSTRAP->button($msg_script45, $links);
// Order By..
$links = array(array('link' => '?p=' . $_GET['p'] . mswQueryParams(array('p', 'dept')), 'name' => $msg_customfields39));
$q_dept = mysql_query("SELECT * FROM `" . DB_PREFIX . "departments` " . mswSQLDepartmentFilter($mswDeptFilterAccess, 'WHERE') . " ORDER BY `name`") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
while ($DEPT = mysql_fetch_object($q_dept)) {
$links[] = array('link' => '?p=' . $_GET['p'] . '&dept=' . $DEPT->id . mswQueryParams(array('p', 'dept')), 'name' => $msg_response26 . ' ' . mswCleanData($DEPT->name));
}
$links[] = array('link' => '?p=' . $_GET['p'] . '&dept=disabled' . mswQueryParams(array('p', 'dept')), 'name' => $msg_response27);
$links[] = array('link' => '?p=' . $_GET['p'] . '&dept=required' . mswQueryParams(array('p', 'dept')), 'name' => $msg_customfields43);
$links[] = array('link' => '?p=' . $_GET['p'] . '&dept=ticket' . mswQueryParams(array('p', 'dept')), 'name' => $msg_customfields44);
$links[] = array('link' => '?p=' . $_GET['p'] . '&dept=reply' . mswQueryParams(array('p', 'dept')), 'name' => $msg_customfields45);
$links[] = array('link' => '?p=' . $_GET['p'] . '&dept=admin' . mswQueryParams(array('p', 'dept')), 'name' => $msg_customfields46);
echo $MSBOOTSTRAP->button($msg_search20, $links);
// Page filter..
</div>
</div>
</div>
<?php
}
?>
<div class="row-fluid">
<div class="block" style="padding:0;margin:0;margin-top:10px">
<p class="block-heading uppercase"><i class="icon-gears"></i> <?php
echo $msg_home2;
?>
</p>
<div class="block-body" style="line-height:25px">
<?php
$arrSysOverview = array(mswRowCount('users'), mswRowCount('departments'), mswRowCount('imap'), mswRowCount('cusfields'), mswRowCount('responses'), mswRowCount('faq'), mswRowCount('categories'), mswRowCount('faqattach'), count($ticketLevelSel), mswRowCount('portal WHERE `enabled` = \'yes\' AND `verified` = \'yes\''));
?>
<i class="icon-caret-right"></i> <?php
echo str_replace(array('{visitors}'), array($arrSysOverview[9]), $msg_home50);
?>
<br>
<i class="icon-caret-right"></i> <?php
echo str_replace(array('{users}'), array($arrSysOverview[0]), $msg_home8);
?>
<br>
<i class="icon-caret-right"></i> <?php
echo str_replace(array('{levels}', '{dept}'), array($arrSysOverview[8], $arrSysOverview[1]), $msg_home51);
?>
<br>
<i class="icon-caret-right"></i> <?php
echo str_replace(array('{imap}'), array($arrSysOverview[2]), $msg_home48);
echo USER_DEL_PRIV == 'yes' ? '61' : '66';
?>
%"><?php
echo $msg_response;
?>
</th>
<th style="width:15%"><?php
echo $msg_script43;
?>
</th>
</tr>
</thead>
<tbody>
<?php
if (mysql_num_rows($q) > 0) {
$totalR = mswRowCount('responses');
while ($SR = mysql_fetch_object($q)) {
?>
<tr>
<?php
if (USER_DEL_PRIV == 'yes') {
?>
<td><input type="checkbox" onclick="ms_checkCount('well','delButton','mc_countVal')" name="del[]" value="<?php
echo $SR->id;
?>
" id="sr_<?php
echo $SR->id;
?>
"></td>
<?php
}
}
}
// Create ticket..
if ($userID > 0) {
$ID = $MSTICKET->add(array('dept' => $deptID, 'assigned' => $DP->manual_assign == 'yes' ? 'waiting' : '', 'visitor' => $userID, 'subject' => $subject, 'quoteBody' => '', 'comments' => $comments, 'priority' => $priority, 'replyStatus' => 'start', 'ticketStatus' => 'open', 'ip' => '', 'notes' => '', 'disputed' => 'no', 'source' => 'api'));
// Proceed if ticket added ok..
if ($ID > 0) {
++$added;
$MSAPI->log('[' . strtoupper($MSAPI->handler) . '] New ticket added. ID: ' . $ID);
// Add custom fields..
if (!empty($ticketData['tickets'][$i]['fields'])) {
$countOfFields = count($ticketData['tickets'][$i]['fields']);
$MSAPI->log('[' . strtoupper($MSAPI->handler) . '] ' . $countOfFields . ' custom field(s) found in incoming data. Preparing to add field(s)..');
foreach ($ticketData['tickets'][$i]['fields'] as $fKey => $fVal) {
$fieldID = substr($fKey, 1);
if ((int) $fieldID > 0 && mswRowCount('cusfields WHERE `id` = \'' . (int) $fieldID . '\'') > 0) {
$MSAPI->insertField($ID, $fieldID, $fVal);
$MSAPI->log('[' . strtoupper($MSAPI->handler) . '] Field (' . $fKey . ') accepted.');
} else {
$MSAPI->log('[' . strtoupper($MSAPI->handler) . '] Field (' . $fKey . ') ignored, field ID ' . $fieldID . ' invalid or not found.');
}
}
} else {
$MSAPI->log('[' . strtoupper($MSAPI->handler) . '] No custom field data found.');
}
// Add attachments..
if (!empty($ticketData['tickets'][$i]['attachments'])) {
$countOfAttachments = count($ticketData['tickets'][$i]['attachments']);
$MSAPI->log('[' . strtoupper($MSAPI->handler) . '] ' . $countOfAttachments . ' attachment(s) found in incoming data. Preparing to add attachment(s)..');
for ($a = 0; $a < $countOfAttachments; $a++) {
$ext = $ticketData['tickets'][$i]['attachments'][$a]['ext'];
public function reply($rdata = array())
{
mysql_query("INSERT INTO `" . DB_PREFIX . "replies` (\n `ts`,\n `ticketID`,\n `comments`,\n `mailBodyFilter`,\n `replyType`,\n `replyUser`,\n `ipAddresses`,\n `disputeUser`\n ) VALUES (\n UNIX_TIMESTAMP(UTC_TIMESTAMP),\n '{$rdata['ticket']}',\n '" . mswSafeImportString($rdata['comments']) . "',\n '" . mswSafeImportString($rdata['quoteBody']) . "',\n '{$rdata['repType']}',\n '{$rdata['visitor']}',\n '{$rdata['ip']}',\n '{$rdata['disID']}'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$id = mysql_insert_id();
// Update ticket revision date
if ($id > 0) {
mysql_query("UPDATE `" . DB_PREFIX . "tickets` SET\n `lastrevision` = UNIX_TIMESTAMP(UTC_TIMESTAMP),\n\t`ticketStatus` = 'open',\n `replyStatus` = 'admin'\n WHERE `id` = '{$rdata['ticket']}'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
}
// Custom fields..
if (!empty($_POST['customField'])) {
// Check to see if any checkboxes arrays are now blank..
// If there are, create empty array to prevent ommission in loop..
if (!empty($_POST['hiddenBoxes'])) {
foreach ($_POST['hiddenBoxes'] as $hb) {
if (!isset($_POST['customField'][$hb])) {
$_POST['customField'][$hb] = array();
}
}
}
foreach ($_POST['customField'] as $k => $v) {
$data = '';
// If value is array, its checkboxes..
if (is_array($v)) {
if (!empty($v)) {
$data = implode('#####', $v);
}
} else {
$data = $v;
}
$k = (int) $k;
// If data exists, update or add entry..
// If blank or 'nothing-selected', delete if exists..
if ($data != '' && $data != 'nothing-selected' && mswRowCount('ticketfields WHERE `ticketID` = \'' . $rdata['ticket'] . '\' AND `fieldID` = \'' . $k . '\' AND `replyID` = \'' . $id . '\'') == 0) {
mysql_query("INSERT INTO `" . DB_PREFIX . "ticketfields` (\n `fieldData`,`ticketID`,`fieldID`,`replyID`\n ) VALUES (\n '" . mswSafeImportString($data) . "','{$rdata['ticket']}','{$k}','{$id}'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
}
}
}
return $id;
}
public function deleteResponses()
{
if (!empty($_POST['del'])) {
mysql_query("DELETE FROM `" . DB_PREFIX . "responses` \n WHERE `id` IN(" . implode(',', $_POST['del']) . ") \n\t") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = mysql_affected_rows();
if (mswRowCount('responses') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "responses`");
}
// Rebuild sequence..
standardResponses::rebuildSequence();
return $rows;
}
return '0';
}
public function getTicketID($subject, $email)
{
$ticketid = 0;
if (preg_match("[[#][0-9]{1,12}]", $subject, $regs)) {
$ticketid = mswReverseTicketNumber(trim(preg_replace('/[^0-9]/', '', $regs[0])));
$PORTAL = mswGetTableData('portal', 'email', mswSafeImportString($email), '', '`id`');
if (isset($PORTAL->id) && mswRowCount('tickets WHERE `id` = \'' . (int) $ticketid . '\' AND `visitorID` = \'' . $PORTAL->id . '\' AND `spamFlag` = \'no\'') > 0) {
return array('yes', $ticketid);
}
}
return array('no', 0);
}
<?php
if (!defined('PARENT')) {
exit;
}
$countOfCusFields = mswRowCount('cusfields WHERE `enField` = \'yes\'');
$repType = $REPLY->replyType == 'admin' ? 'admin' : 'reply';
?>
<div class="content">
<div class="header">
<h1 class="page-title"><?php
echo $msg_viewticket36;
?>
</h1>
<span class="clearfix"></span>
</div>
<ul class="breadcrumb">
<li><?php
echo $msg_adheader41;
?>
<span class="divider">/</span></li>
<li><a href="?p=view-ticket&id=<?php
echo $REPLY->ticketID;
?>
"><?php
echo $msg_portal8;
</ul>
<?php
// Added..
if (isset($OK1)) {
echo mswActionCompleted(str_replace('{count}', $total, $msg_import14));
}
?>
<form method="post" action="?p=<?php
echo $_GET['p'];
?>
" enctype="multipart/form-data" onsubmit="return ms_fieldCheck('file','tabArea')">
<div class="container-fluid" style="margin-top:20px">
<?php
if (mswRowCount('categories') > 0) {
?>
<div class="row-fluid">
<ul class="nav nav-tabs" id="tabArea">
<li class="active"><a href="#one" data-toggle="tab"><i class="icon-file-text-alt"></i> <?php
echo $msg_response22;
?>
</a></li>
<li><a href="#two" data-toggle="tab"><i class="icon-reorder"></i> <?php
echo $msg_import10;
?>
</a></li>
</ul>
<div id="myTabContent" class="tab-content">
<div class="tab-pane active in" id="one">
if (!isset($_GET['c']) || !defined('MS_PERMISSIONS')) {
$HEADERS->err403();
}
// Security check..
mswCheckDigit($_GET['c']);
// Load category..
$CAT = mswGetTableData('categories', 'id', (int) $_GET['c'], 'AND `enCat` = \'yes\'');
// 404 if not found..
if (!isset($CAT->name)) {
$HEADERS->err404();
}
// Variables..
$limitvalue = $page * $SETTINGS->quePerPage - $SETTINGS->quePerPage;
$pageNumbers = '';
$title = $CAT->name . ' - ' . $msg_adheader17;
$dataCount = mswRowCount('faqassign LEFT JOIN `' . DB_PREFIX . 'faq` ON `' . DB_PREFIX . 'faq`.`id` = `' . DB_PREFIX . 'faqassign`.`question`
WHERE `itemID` = \'' . (int) $_GET['c'] . '\' AND `desc` = \'category\' AND `' . DB_PREFIX . 'faq`.`enFaq` = \'yes\'');
// Check if sub category..
if ($CAT->subcat > 0) {
$SUB = mswGetTableData('categories', 'id', $CAT->subcat);
if (isset($SUB->name)) {
define('IS_SUB', $CAT->subcat);
$title = mswCleanData($CAT->name) . ' (' . mswCleanData($SUB->name) . ') - ' . $msg_adheader17;
}
}
// Pagination..
if ($dataCount > $SETTINGS->quePerPage) {
define('PER_PAGE', $SETTINGS->quePerPage);
$PTION = new pagination($dataCount, '?c=' . (int) $_GET['c'] . mswQueryParams(array('c', 'p', 'next')) . '&next=');
$pageNumbers = $PTION->display();
}
// Header..
} else {
$SQL = 'WHERE `id` IN(0)';
}
}
}
$q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n (SELECT count(*) FROM `" . DB_PREFIX . "faqassign` \n\t\t\t WHERE (`" . DB_PREFIX . "faqassign`.`itemID` = `" . DB_PREFIX . "faqattach`.`id`)\n\t\t\t\t AND `" . DB_PREFIX . "faqassign`.`desc` = 'attachment'\n\t\t\t ) AS `queCount`\n\t\t\t\tFROM `" . DB_PREFIX . "faqattach`\n {$SQL}\n {$orderBy} \n\t\t\t\tLIMIT {$limitvalue},{$limit}\n\t\t\t\t") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`"));
$countedRows = isset($c->rows) ? $c->rows : '0';
?>
<div class="content">
<div class="header">
<?php
// Order By..
if (mswRowCount('faqattach') > 0) {
$links = array(array('link' => '?p=' . $_GET['p'] . '&orderby=name_asc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_attachments17), array('link' => '?p=' . $_GET['p'] . '&orderby=name_desc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_attachments18), array('link' => '?p=' . $_GET['p'] . '&orderby=order_asc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_levels23), array('link' => '?p=' . $_GET['p'] . '&orderby=order_desc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_levels24), array('link' => '?p=' . $_GET['p'] . '&orderby=questions_desc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_kbase58), array('link' => '?p=' . $_GET['p'] . '&orderby=questions_asc' . mswQueryParams(array('p', 'orderby', 'next')), 'name' => $msg_kbase57));
echo $MSBOOTSTRAP->button($msg_script45, $links);
// Filters..
$links = array(array('link' => '?p=' . $_GET['p'] . mswQueryParams(array('p', 'opt', 'next')), 'name' => $msg_attachments20), array('link' => '?p=' . $_GET['p'] . '&opt=disabled' . mswQueryParams(array('p', 'opt', 'next')), 'name' => $msg_response27), array('link' => '?p=' . $_GET['p'] . '&opt=remote' . mswQueryParams(array('p', 'opt', 'next')), 'name' => $msg_attachments21));
echo $MSBOOTSTRAP->button($msg_search20, $links);
// Page filter..
include PATH . 'templates/system/bootstrap/page-filter.php';
?>
<button class="btn search-bar-button" type="button" onclick="mswToggle('b1','b2','keys')"><i class="icon-search" id="search-icon-button"></i></button>
<?php
}
?>
<h1 class="page-title"><?php
echo str_replace('&amp;', '&', mswSpecialChars($msg_adheader49));
?>
$links = array(array('link' => '?p=' . $_GET['p'] . mswQueryParams(array('p', 'cat', 'next')), 'name' => $msg_pkbase7), array('link' => '?p=' . $_GET['p'] . '&cat=disabled' . mswQueryParams(array('p', 'cat', 'next')), 'name' => $msg_response27));
echo $MSBOOTSTRAP->button($msg_search20, $links);
// Page filter..
if (!defined('DISABLED_CATS')) {
include PATH . 'templates/system/bootstrap/page-filter.php';
}
?>
<button class="btn search-bar-button" type="button" onclick="mswToggle('b1','b2','keys')"><i class="icon-search" id="search-icon-button"></i></button>
<?php
}
?>
<h1 class="page-title"><?php
echo $msg_adheader45;
?>
(<?php
echo @number_format(mswRowCount('categories'));
?>
)</h1>
<span class="clearfix"></span>
</div>
<ul class="breadcrumb">
<li><?php
echo $msg_adheader17;
?>
<span class="divider">/</span></li>
<li class="active"><?php
echo $msg_adheader45;
?>
public function batchImportQuestions($lines, $del, $enc)
{
$count = 0;
// Clear current questions..
if (isset($_POST['clear'])) {
$que = array();
$chop = empty($_POST['cat']) ? $_POST['catall'] : $_POST['cat'];
if (!empty($chop)) {
$q = mysql_query("SELECT `question` FROM `" . DB_PREFIX . "faqassign`\n\t WHERE `itemID` IN(" . implode(',', $chop) . ")\n\t\t\t AND `desc` = 'category'\n\t\t\t GROUP BY `question`\n\t\t\t ORDER BY `itemID`\n\t\t\t ");
while ($QUE = mysql_fetch_object($q)) {
$que[] = $QUE->question;
}
if (!empty($que)) {
mysql_query("DELETE FROM `" . DB_PREFIX . "faq` WHERE `id` IN(" . implode(',', $que) . ")") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
if (mswRowCount('faq') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "faq`");
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "faqassign`");
}
}
}
}
// Upload CSV file..
if (is_uploaded_file($_FILES['file']['tmp_name'])) {
// If uploaded file exists, read CSV data...
$handle = fopen($_FILES['file']['tmp_name'], 'r');
if ($handle) {
while (($CSV = fgetcsv($handle, $lines, $del, $enc)) !== false) {
// Clean array..
$CSV = array_map('trim', $CSV);
mysql_query("INSERT INTO `" . DB_PREFIX . "faq` (\n `ts`,\n `question`,\n `answer`\n ) VALUES (\n UNIX_TIMESTAMP(UTC_TIMESTAMP),\n '" . mswSafeImportString($CSV[0]) . "',\n '" . mswSafeImportString($CSV[1]) . "'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$ID = mysql_insert_id();
// Assign categories..
$assign = empty($_POST['cat']) ? $_POST['catall'] : $_POST['cat'];
if (!empty($assign) && $ID > 0) {
foreach ($assign as $aID) {
mysql_query("INSERT INTO `" . DB_PREFIX . "faqassign` (\n `question`,`itemID`,`desc`\n ) VALUES (\n '{$ID}','{$aID}','category'\n )") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
}
}
++$count;
}
fclose($handle);
}
}
// Clear temp file..
if (file_exists($_FILES['file']['tmp_name'])) {
@unlink($_FILES['file']['tmp_name']);
}
// Rebuild sequence..
faqCentre::rebuildQueSequence();
return $count;
}
<?php
if (!defined('PARENT')) {
exit;
}
$countOfCusFields = mswRowCount('cusfields WHERE `enField` = \'yes\'');
$countOfOtherUsers = mswRowCount('users WHERE `id` > 0');
$dept = array();
?>
<div class="content">
<script type="text/javascript">
//<![CDATA[
function ms_uncheckAssigned(area) {
switch (area) {
case 'box':
if (jQuery('.well input[name="waiting"]:checkbox').val()) {
jQuery('.well input[name="waiting"]:checkbox').prop('checked',false);
}
break;
case 'wait':
alert('===ff==');
jQuery('#assignIDSet input[type="checkbox"]:checkbox').not('.creater').prop('checked',false);
jQuery('input[name="assignMail"]:checkbox').prop('checked',false);
break;
}
}
function addTicketCusFields(dept) {
jQuery(document).ready(function() {
jQuery.ajax({
url: 'index.php',
data: 'ajax=add-cus-field&dept='+dept,
public function assocChecker()
{
mysql_query("DELETE FROM `" . DB_PREFIX . "mailbox`\n WHERE (SELECT count(*) FROM `" . DB_PREFIX . "mailassoc`\n WHERE `" . DB_PREFIX . "mailassoc`.`mailID` = `" . DB_PREFIX . "mailbox`.`id`\n ) = 0\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
if (mswRowCount('mailbox') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "mailbox`");
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "mailassoc`");
}
}
public function delete()
{
if (!empty($_POST['del'])) {
$uID = implode(',', $_POST['del']);
// Users info..
mysql_query("DELETE FROM `" . DB_PREFIX . "users` \n WHERE `id` IN({$uID}) \n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = mysql_affected_rows();
// Departments assigned..
mysql_query("DELETE FROM `" . DB_PREFIX . "userdepts`\n WHERE `userID` IN({$uID})\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Access assigned..
mysql_query("DELETE FROM `" . DB_PREFIX . "usersaccess`\n WHERE `userID` IN({$uID})\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Log entries..
mysql_query("DELETE FROM `" . DB_PREFIX . "log`\n WHERE `userID` IN({$uID})\n\tAND `type` = 'user'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Truncate tables to start at 1..
foreach (array('users', 'userdepts', 'usersaccess', 'log') as $tables) {
if (mswRowCount($tables) == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . $tables . "`");
}
}
return $rows;
}
}
<th style="width:13%"><?php
echo $SETTINGS->disputes == 'yes' ? $msg_accounts38 : $msg_accounts3;
?>
</th>
<th style="width:15%"><?php
echo $msg_script43;
?>
</th>
</tr>
</thead>
<tbody>
<?php
if (mysql_num_rows($q) > 0) {
while ($ACC = mysql_fetch_object($q)) {
if (isset($ACC->dispCount)) {
$dCStart = mswRowCount('tickets WHERE `visitorID` = \'' . $ACC->id . '\' AND `isDisputed` = \'yes\' AND `spamFlag` = \'no\'');
$ACC->dispCount = $ACC->dispCount + $dCStart;
}
?>
<tr>
<?php
if (USER_DEL_PRIV == 'yes') {
?>
<td><input type="checkbox" onclick="ms_checkCount('well','delButton','mc_countVal')" name="del[]" value="<?php
echo $ACC->id;
?>
" id="acc_<?php
echo $ACC->id;
?>
"></td>
<?php
$words .= ($i ? 'OR ' : 'WHERE (') . "`" . DB_PREFIX . "portal`.`name` LIKE '%" . mswSafeImportString($chop[$i]) . "%' OR `" . DB_PREFIX . "users`.`name` LIKE '%" . mswSafeImportString($chop[$i]) . "%' ";
}
if ($words) {
$where[] = $words . ')';
}
}
if ($type) {
$where[] = (!empty($where) ? 'AND ' : 'WHERE ') . '`type` = \'' . $type . '\'';
}
if ($from && $to) {
$where[] = (!empty($where) ? 'AND ' : 'WHERE ') . 'DATE(FROM_UNIXTIME(`' . DB_PREFIX . 'log`.`ts`)) BETWEEN \'' . $MSDT->mswDatePickerFormat($from) . '\' AND \'' . $MSDT->mswDatePickerFormat($to) . '\'';
}
$q = mysql_query("SELECT SQL_CALC_FOUND_ROWS *,\n `" . DB_PREFIX . "log`.`ts` AS `lts`,\n\t\t\t `" . DB_PREFIX . "log`.`id` AS `logID`,\n\t\t\t `" . DB_PREFIX . "log`.`userID` AS `personID`,\n\t\t\t `" . DB_PREFIX . "log`.`ip` AS `entryLogIP`,\n\t\t\t `" . DB_PREFIX . "portal`.`name` AS `portalName`,\n\t\t\t `" . DB_PREFIX . "users`.`name` AS `userName`\n\t\t\t FROM `" . DB_PREFIX . "log`\n LEFT JOIN `" . DB_PREFIX . "users`\n ON `" . DB_PREFIX . "log`.`userID` = `" . DB_PREFIX . "users`.`id` \n\t\t\t LEFT JOIN `" . DB_PREFIX . "portal`\n ON `" . DB_PREFIX . "log`.`userID` = `" . DB_PREFIX . "portal`.`id` \n\t\t\t " . (!empty($where) ? implode(mswDefineNewline(), $where) : '') . "\n ORDER BY `" . DB_PREFIX . "log`.`id` DESC\n LIMIT {$limitvalue},{$limit}\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$c = mysql_fetch_object(mysql_query("SELECT FOUND_ROWS() AS `rows`"));
$countedRows = isset($c->rows) ? $c->rows : '0';
$actualRows = mswRowCount('log');
// Export url..
$url = 'index.php?p=log&export=yes' . mswQueryParams(array('p', 'export'));
?>
<div class="content">
<script type="text/javascript">
//<![CDATA[
<?php
include PATH . 'templates/date-pickers.php';
?>
function searchToggle() {
jQuery('#b1').toggle();
if (jQuery('#b1').css('display')!='none') {
jQuery('input[name="q"]').focus();
jQuery('#search-icon-button').attr('class','icon-remove');
jQuery('#b2').hide();
?>
</th>
<th style="width:15%"><?php
echo $msg_script43;
?>
</th>
</tr>
</thead>
<tbody>
<?php
if ($countedRows > 0) {
while ($DEPT = mysql_fetch_object($q)) {
?>
<tr>
<?php
if (USER_DEL_PRIV == 'yes' && mswRowCount('tickets WHERE `department` = \'' . $DEPT->id . '\'') == 0) {
?>
<td><input type="checkbox" onclick="ms_checkCount('well','delButton','mc_countVal')" name="del[]" value="<?php
echo $DEPT->id;
?>
" id="dept_<?php
echo $DEPT->id;
?>
"></td>
<?php
} else {
?>
<td> </td>
<?php
}
?>
echo str_replace('#####', '<br>', mswSpecialChars($TS->fieldData));
?>
</p>
<?php
break;
}
}
}
?>
</div>
<?php
}
// Count attachments for reply..
$attText = '';
if ($SETTINGS->attachment == 'yes') {
$arCount = mswRowCount('attachments WHERE `ticketID` = \'' . $_GET['id'] . '\' AND `replyID` = \'' . $REPLIES->id . '\'');
if ($arCount == 0) {
$attText = str_replace('{count}', $arCount, $msg_viewticket41);
} else {
$attText = str_replace('{count}', $arCount, '<a href="#" onclick="jQuery(\'#attachments_' . $_GET['id'] . '_' . $REPLIES->id . '\').slideDown(\'slow\');return false">' . $msg_viewticket41 . '</a>');
}
}
?>
<div class="ticketInfoBox">
<p><?php
echo $SETTINGS->attachment == 'yes' ? '<span class="pull-left" id="link' . $_GET['id'] . '_' . $REPLIES->id . '"><i class="icon-paper-clip"></i> ' . $attText . '</span>' : '';
echo $msg_viewticket6;
?>
: <span style="margin-right:30px"><?php
echo $REPLIES->ipAddresses ? $REPLIES->ipAddresses : 'N/A';
?>
$json = array('status' => 'err', 'field' => 'email', 'tab' => 'two', 'msg' => $msg_portal31);
} else {
// Is email2 field blank = error..
if ($_POST['email2'] == '') {
$json = array('status' => 'err', 'field' => 'email2', 'tab' => 'two', 'msg' => $msg_portal30);
} else {
// Is new email valid = error..
if (!mswIsValidEmail($_POST['email'])) {
$json = array('status' => 'err', 'field' => 'email', 'tab' => 'two', 'msg' => $msg_portal30);
} else {
// Do mail fields match = error..
if ($_POST['email'] != $_POST['email2']) {
$json = array('status' => 'err', 'field' => 'email', 'tab' => 'two', 'msg' => $msg_public_profile);
} else {
// Does new email exist somewhere else = error..
if (mswRowCount('portal WHERE `email` = \'' . mswSafeImportString($_POST['email']) . '\' AND `id` != \'' . $LI_ACC->id . '\'') > 0) {
$json = array('status' => 'err', 'field' => 'email', 'tab' => 'two', 'msg' => $msg_public_profile5);
}
$newEmailConfirmed = $_POST['email'];
}
}
}
}
}
// What about password..
if (isset($_POST['curpass']) && $_POST['curpass']) {
if (md5(SECRET_KEY . $_POST['curpass']) != $LI_ACC->userPass) {
$json = array('status' => 'err', 'field' => 'curpass', 'tab' => 'three', 'msg' => $msg_public_profile10);
} else {
if ($_POST['newpass'] == '' || $_POST['newpass2'] == '') {
$json = array('status' => 'err', 'field' => 'newpass', 'tab' => 'three', 'msg' => $msg_public_profile11);
public function delete($t_class)
{
if (!empty($_POST['del'])) {
$uIDs = implode(',', $_POST['del']);
// Get all tickets related to the users that are going to be deleted..
$tickets = array();
$q = mysql_query("SELECT `id` FROM `" . DB_PREFIX . "tickets`\n WHERE `visitorID` IN({$uIDs})\n\t\t ORDER BY `id`\n\t\t ");
while ($T = mysql_fetch_object($q)) {
$tickets[] = $T->id;
}
// If there are tickets, delete all information..
// We can use the delete operation from the ticket class..
if (!empty($tickets)) {
$_POST['ticket'] = $tickets;
$t_class->deleteTickets();
}
// Users info..
mysql_query("DELETE FROM `" . DB_PREFIX . "portal` \n WHERE `id` IN({$uIDs}) \n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Delete disputes..
mysql_query("DELETE FROM `" . DB_PREFIX . "disputes` WHERE `visitorID` IN({$uIDs})") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Log entries..
mysql_query("DELETE FROM `" . DB_PREFIX . "log`\n WHERE `userID` IN({$uIDs})\n\tAND `type` = 'acc'\n ") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
// Truncate tables to start at 1..
foreach (array('tickets', 'attachments', 'replies', 'cusfields', 'ticketfields', 'disputes', 'tickethistory', 'portal') as $tables) {
if (mswRowCount($tables) == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . $tables . "`");
}
}
return count($uIDs);
}
return '0';
}
// Delete attachments
//=======================
//=======================
// Delete attachments
//=======================
case 'del-attach':
$json = array('count' => 0, 'ids' => 'err', 'text' => '');
if (isset($_GET['t']) && isset($_GET['r'])) {
$acount = 0;
$text = str_replace('{count}', '0', $msg_viewticket41);
$ids = array();
$rID = (int) $_GET['r'];
$tID = (int) $_GET['t'];
if (!empty($_POST['attachments'])) {
$ids = $MSTICKET->deleteAttachments();
$acount = mswRowCount('attachments WHERE `ticketID` = \'' . $tID . '\' AND `replyID` = \'' . $rID . '\'');
if ($acount > 0) {
$text = str_replace('{count}', $acount, '<a id="link' . $tID . '_' . $rID . '" href="#" onclick="jQuery(\'#attachments_' . $tID . '_' . $rID . '\').slideDown(\'slow\');return false">' . $msg_viewticket41 . '</a>');
}
}
$json = array('count' => $acount, 'ids' => !empty($ids) ? implode(',', $ids) : 'none', 'text' => '<i class="icon-paper-clip"></i> ' . $text);
}
break;
//======================
// Mail Test
//======================
//======================
// Mail Test
//======================
case 'mailtest':
include REL_PATH . 'control/mail-data.php';
public function deleteImapAccounts()
{
if (!empty($_POST['del'])) {
mysql_query("DELETE FROM `" . DB_PREFIX . "imap` \n WHERE `id` IN(" . implode(',', $_POST['del']) . ") \n\t") or die(mswMysqlErrMsg(mysql_errno(), mysql_error(), __LINE__, __FILE__));
$rows = mysql_affected_rows();
if (mswRowCount('imap') == 0) {
@mysql_query("TRUNCATE TABLE `" . DB_PREFIX . "imap`");
}
return $rows;
}
return '0';
}
function mswIsUserLoggedIn()
{
return isset($_SESSION[md5(SECRET_KEY) . '_msw_support']) && mswIsValidEmail($_SESSION[md5(SECRET_KEY) . '_msw_support']) && mswRowCount('portal WHERE `email` = \'' . $_SESSION[md5(SECRET_KEY) . '_msw_support'] . '\' AND `verified` = \'yes\'') > 0 ? $_SESSION[md5(SECRET_KEY) . '_msw_support'] : 'guest';
}