function dashboard_incoming_display($dashletid)
{
    global $sit, $CONFIG, $iconset;
    global $dbUpdates, $dbTempIncoming;
    // extract updates (query copied from review_incoming_email.php)
    $sql = "SELECT u.id AS id, u.bodytext AS bodytext, ti.emailfrom AS emailfrom, ti.subject AS subject, ";
    $sql .= "u.timestamp AS timestamp, ti.incidentid AS incidentid, ti.id AS tempid, ti.locked AS locked, ";
    $sql .= "ti.reason AS reason, ti.contactid AS contactid, ti.`from` AS fromaddr ";
    $sql .= "FROM `{$dbUpdates}` AS u, `{$dbTempIncoming}` AS ti ";
    $sql .= "WHERE u.incidentid = 0 AND ti.updateid = u.id ";
    $sql .= "ORDER BY timestamp ASC, id ASC";
    $result = mysql_query($sql);
    if (mysql_error()) {
        trigger_error(mysql_error(), E_USER_WARNING);
    }
    if (user_permission($sit[2], 42)) {
        //echo "<div class='window'>";
        if (mysql_num_rows($result) >= 1) {
            echo "<table align='center' width='100%'>";
            echo "<tr>";
            #        echo colheader('from', $GLOBALS['strFrom']);
            echo colheader('subject', $GLOBALS['strSubject']);
            echo colheader('message', $GLOBALS['strMessage']);
            echo "</tr>\n";
            $shade = 'shade1';
            while ($incoming = mysql_fetch_object($result)) {
                $date = mysql2date($incoming->date);
                echo "<tr class='{$shade}'>";
                #            echo "<td><a href='holding_queue.php' class='info'>".truncate_string($incoming->emailfrom, 15);
                #            echo "</a></td>";
                echo "<td><a href='holding_queue.php' class='info'>" . truncate_string($incoming->subject, 25);
                echo "</a></td>";
                echo "<td><a href='holding_queue.php' class='info'>" . truncate_string($incoming->reason, 25);
                echo "</a></td>";
                echo "</tr>\n";
                if ($shade == 'shade1') {
                    $shade = 'shade2';
                } else {
                    $shade = 'shade1';
                }
            }
            echo "</table>\n";
        } else {
            echo "<p align='center'>{$GLOBALS['strNoRecords']}</p>";
        }
    } else {
        echo "<p class='error'>{$GLOBALS['strPermissionDenied']}</p>";
    }
}
 echo "<tr><th>{$strOwner}</th><td>";
 echo contact_site_drop_down('owner', '');
 echo "</td></tr>";
 echo "<tr><th>{$strID} " . help_link('InventoryID') . "</th>";
 echo "<td><input name='identifier' value='{$row->identifier}' /></td></tr>";
 echo "<tr><th>{$strAddress}</th>";
 echo "<td><input name='address' value='{$row->address}' /></td></tr>";
 if (!is_numeric($id) or ($row->privacy == 'adminonly' and user_permission($sit[2], 22) or $row->privacy == 'private' and $row->createdby == $sit[2] or $row->privacy == 'none')) {
     echo "<tr><th>{$strUsername}</th>";
     echo "<td><input name='username' value='{$row->username}' /></td></tr>";
     echo "<tr><th>{$strPassword}</th>";
     echo "<td><input name='password' value='{$row->password}' /></td></tr>";
 }
 echo "<tr><th>{$strNotes}</th>";
 echo "<td><textarea name='notes'>{$row->notes}</textarea></td></tr>";
 if ($row->privacy == 'adminonly' and user_permission($sit[2], 22) or $row->privacy == 'private' and $row->createdby == $sit[2] or $row->privacy == 'none') {
     echo "<tr><th>{$strPrivacy} " . help_link('InventoryPrivacy') . "</th>";
     echo "<td><input type='radio' name='privacy' value='private' ";
     if ($row->privacy == 'private') {
         echo " checked='checked' ";
         $selected = TRUE;
     }
     echo "/>{$strPrivate}<br />";
     echo "<input type='radio' name='privacy' value='adminonly'";
     if ($row->privacy == 'adminonly') {
         echo " checked='checked' ";
         $selected = TRUE;
     }
     echo "/>";
     echo "{$strAdminOnly}<br />";
     echo "<input type='radio' name='privacy' value='none'";
示例#3
0
// holidays.php -
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// This Page Is Valid XHTML 1.0 Transitional!  13Sep06
$permission = 4;
// Edit your profile
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$approver = user_permission($sit[2], 50);
// Approve holidays
if (!empty($_REQUEST['user'])) {
    $user = cleanvar($_REQUEST['user']);
} else {
    $user = $sit[2];
}
if ($user == $sit[2]) {
    $title = sprintf($strUsersHolidays, $_SESSION['realname']);
} else {
    $title = sprintf($strUsersHolidays, user_realname($user));
}
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<h2>" . icon('holiday', 32) . " ";
echo "{$title}</h2>";
echo "<p align='center'>";
示例#4
0
}
if (empty($length)) {
    $length = 'day';
}
$title = $strCalendar;
$pagecss = array('calendar/planner.css.php');
include APPLICATION_INCPATH . 'htmlheader.inc.php';
if (empty($user) || $user == 'current') {
    $user = $sit[2];
} elseif ($user == 'all') {
    $user = '';
}
if (empty($type)) {
    $type = HOL_HOLIDAY;
}
if (user_permission($sit[2], 50)) {
    $approver = TRUE;
} else {
    $approver = FALSE;
}
// Force user to 0 (SiT) when setting public holidays
if ($type == HOL_PUBLIC) {
    $user = 0;
}
$gidurl = '';
if (!empty($groupid)) {
    $gidurl = "&amp;gid={$groupid}";
}
// Defaults
if (empty($_REQUEST['year'])) {
    $year = date('Y');
// reassign_incident.php - Form for re-assigning an incident to another user
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
$permission = 13;
// Reassign Incident
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$forcepermission = user_permission($sit[2], 40);
// External variables
$bodytext = cleanvar($_REQUEST['bodytext']);
$id = cleanvar($_REQUEST['id']);
$incidentid = $id;
$backupid = cleanvar($_REQUEST['backupid']);
$originalid = cleanvar($_REQUEST['originalid']);
$reason = cleanvar($_REQUEST['reason']);
$action = cleanvar($_REQUEST['action']);
$title = $strReassignIncident;
switch ($action) {
    case 'save':
        // External variables
        $tempnewowner = cleanvar($_REQUEST['tempnewowner']);
        $permnewowner = cleanvar($_REQUEST['permnewowner']);
        $removetempowner = cleanvar($_REQUEST['removetempowner']);
示例#6
0
 }
 $user->roleid = cleanvar($_POST['roleid']);
 $user->holiday_entitlement = cleanvar($_POST['holiday_entitlement']);
 if (!empty($_POST['startdate'])) {
     $user->startdate = date('Y-m-d', strtotime($_POST['startdate']));
 } else {
     $user->startdate = date('Y-m-d', 0);
 }
 $password = cleanvar($_POST['oldpassword']);
 $newpassword1 = cleanvar($_POST['newpassword1']);
 $newpassword2 = cleanvar($_POST['newpassword2']);
 if (empty($user->emoticons)) {
     $user->emoticons = 'false';
 }
 // Some extra checking here so that users can't edit other peoples profiles
 $edituserpermission = user_permission($sit[2], 23);
 // edit user
 if ($edituserid != $sit[2] and $edituserpermission == FALSE) {
     trigger_error('Error: No permission to edit this users profile', E_USER_ERROR);
     exit;
 }
 // If users status is set to 0 (disabled) force 'accepting' to no
 if ($user->status == 0) {
     $user->accepting = 'No';
 }
 // Update user profile
 $errors = 0;
 // check for change of password
 if ($password != '' && $newpassword1 != '' && $newpassword2 != '') {
     // verify password fields
     $passwordMD5 = md5($password);
示例#7
0
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// This Page Is Valid XHTML 1.0 Transitional! 13Sep06
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
$permission = 27;
// view your calendar
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$title = $strBookHoliday;
// External variables
$step = $_REQUEST['step'];
$date = cleanvar($_REQUEST['date']);
if (!empty($_REQUEST['user']) and user_permission($sit[2], 68)) {
    $user = cleanvar($_REQUEST['user']);
    // Manage holidays
} else {
    $user = $sit[2];
}
if (empty($step)) {
    include APPLICATION_INCPATH . 'htmlheader.inc.php';
    if ($user == $sit[2]) {
        echo "<h2>" . icon('holiday', 32) . " {$strBookHoliday}</h2>";
    } else {
        echo "<h2>" . icon('holiday', 32) . " {$strBookHoliday}: " . user_realname($user) . "</h2>";
    }
    echo "<form name='date' action='{$_SERVER['PHP_SELF']}' method='post'>\n";
    echo "<table class='vertical'>";
    echo "<tr><th>{$strHolidayType}:</th><td>" . holidaytype_drop_down('type', 1) . "</td></tr>";
示例#8
0
 echo "<th align='center'>" . priority_icon(2) . "</th>";
 echo "<th align='center'>" . priority_icon(1) . "</th>";
 echo "<th></th>";
 echo "</tr>";
 $shade = 'shade2';
 while ($userrow = mysql_fetch_array($result)) {
     if ($userrow['id'] == $suggested_user) {
         $shade = 'idle';
     }
     echo "<tr class='{$shade}'>";
     // display reassign link only if person is accepting or if the current user has 'reassign when not accepting' permission
     if ($userrow['accepting'] == 'Yes') {
         echo "<td align='right'><a href=\"{$_SERVER['PHP_SELF']}?action=reassign&amp;userid=" . $userrow['id'] . "&amp;incidentid={$incidentid}&amp;nextaction=" . urlencode($nextaction) . "&amp;win={$win}\" ";
         // if ($priority >= 3) echo " onclick=\"alertform.submit();\"";
         echo ">{$strAssignTo}</a></td>";
     } elseif (user_permission($sit[2], 40) or $userrow['id'] == $sit[2]) {
         echo "<td align='right'><a href=\"{$_SERVER['PHP_SELF']}?action=reassign&amp;userid=" . $userrow['id'] . "&amp;incidentid={$incidentid}&amp;nextaction=" . urlencode($nextaction) . "&amp;win={$win}\" ";
         // if ($priority >= 3) echo " onclick=\"alertform.submit();\"";
         echo ">{$strForceTo}</a></td>";
     } else {
         echo "<td class='expired'>&nbsp;</td>";
     }
     echo "<td>";
     // Have a look if this user has skills with this software
     $ssql = "SELECT softwareid FROM `{$dbUserSoftware}` ";
     $ssql .= "WHERE userid='{$userrow['id']}' AND softwareid='{$software}' ";
     $sresult = mysql_query($ssql);
     if (mysql_num_rows($sresult) >= 1) {
         echo "<strong>{$userrow['realname']}</strong>";
     } else {
         echo $userrow['realname'];
/**
 * Lists a set of incidents
 * @author Paul Heaney
 * @param string $sessionid - the sessionid
 * @param int $owner - List incidents of this owner (0 for all)
 * @param int $status - 0 for ALL, 1 for all Active, 2 for all open
 * @return Array - array of incidents[] Status
 */
function list_incidents($sessionid, $owner = 0, $status = 1)
{
    global $sit;
    $status = new SoapStatus();
    $incidents = array();
    if (!empty($sessionid) and validate_session($sessionid)) {
        if (user_permission($sit[2], 6)) {
            /*
             * SELECT i.*, uTOwner.realname AS townerName FROM `users` AS uo, `incidents` AS i  LEFT JOIN `users` AS uTOwner ON uTOwner.id = i.towner WHERE i.owner = uo.id
             */
            $sql = "SELECT i.*, uOwner.realname AS ownerName, uTOwner.realname AS townerName, p.name AS priorityName, ";
            $sql .= "s.name AS skill, ist.name AS statusNameInternal, ist.ext_name AS statusNameExternal ";
            $sql .= "FROM `{$GLOBALS['dbIncidentStatus']}` AS ist,  `{$GLOBALS['dbUsers']}` AS uOwner, `{$GLOBALS['dbPriority']}` AS p, ";
            $sql .= "`{$GLOBALS['dbIncidents']}` AS i LEFT JOIN `{$GLOBALS['dbUsers']}` AS uTOwner  ON uTOwner.id = i.towner ";
            $sql .= "LEFT JOIN `{$GLOBALS['dbSoftware']}` AS s ON s.id = i.softwareid ";
            $sql .= " WHERE i.owner = uOwner.id AND i.priority = p.id AND i.status = ist.id ";
            if ($owner > 0) {
                $sql .= "AND (i.owner = {$owner} OR i.towner = {$owner}) ";
            }
            switch ($status) {
                case 1:
                    $sql .= "AND i.status = " . STATUS_ACTIVE . " ";
                    break;
                case 2:
                    $sql .= "AND (i.status != " . STATUS_CLOSED . " AND i.status !=  " . STATUS_UNASSIGNED . ") ";
                    break;
            }
            debug_log("SQL: {$sql}");
            $result = mysql_query($sql);
            if (mysql_error()) {
                trigger_error(mysql_error(), E_USER_WARNING);
            }
            if (mysql_num_rows($result) > 0) {
                while ($obj = mysql_fetch_object($result)) {
                    $incident = new Incident();
                    $incident->incidentid = $obj->id;
                    $incident->title = $obj->title;
                    $incident->owner = $obj->ownerName;
                    $incident->ownerid = $obj->owner;
                    $incident->towner = $obj->townerName;
                    $incident->townerid = $obj->towner;
                    $incident->priority = $obj->priorityName;
                    $incident->priorityid = $obj->priority;
                    $incident->currentstatusid = $obj->status;
                    $incident->currentstatusinternal = $GLOBALS[$obj->statusNameInternal];
                    $incident->currentstatusexternal = $GLOBALS[$obj->statusNameExternal];
                    $incident->skill = $obj->skill;
                    $incident->skillid = $obj->softwareid;
                    $incident->maintenanceid = $obj->maintenanceid;
                    $incident->servicelevel = $obj->servicelevel;
                    $incidents[] = $incident;
                }
            }
        } else {
            $status->set_error('no_access');
        }
    } else {
        $status->set_error('session_not_valid');
    }
    return array('incidents' => $incidents, 'status' => $status->getSOAPArray());
}
            echo str_replace('\\r\\n', "<br />", nl2br($updatebody));
        } else {
            /*
             * @modifier: Rick Bonkestoter
             * @desc: some webmail systems use the wrong encodeing (\r\n) instead of (\n\r)
             */
            echo str_replace('\\r\\n', "<br />", nl2br($updatebody));
        }
        if (!empty($update->nextaction) or $update->duration != 0) {
            echo "<div class='detailhead'>";
            if ($update->duration != 0) {
                $inminutes = ceil($update->duration);
                // Always round up
                echo "{$strDuration}: {$inminutes} {$strMinutes}";
                // Permision to adjust durations is 81
                if ($CONFIG['allow_duration_adjustment'] and user_permission($sit[2], 81) and !$billable_incident_approved) {
                    echo " <a href='billing_edit_activity_duration.php?mode=showform&amp;incidentid={$incidentid}&amp;updateid={$update->id}'>{$strEdit}</a>";
                }
                echo "<br />";
            }
            if (!empty($update->nextaction)) {
                echo "{$strNextAction}: {$update->nextaction}";
            }
            echo "</div>";
        }
        echo "</div>";
    }
    $count++;
}
if ($_SESSION['num_update_view'] > 0) {
    echo log_nav_bar();
示例#11
0
/**
 * Outputs a contact's contract associate, if the viewing user is allowed
 * @author Kieran Hogg
 * @param int $userid ID of the contact
 * @return string output html
 * @todo TODO should this be renamed, it has nothing to do with users
 */
function user_contracts_table($userid, $mode = 'internal')
{
    global $now, $CONFIG, $sit;
    if (!empty($sit[2]) and user_permission($sit[2], 30) or $_SESSION['usertype'] == 'admin') {
        $html .= "<h4>" . icon('contract', 16) . " {$GLOBALS['strContracts']}:</h4>";
        // Contracts we're explicit supported contact for
        $sql = "SELECT sc.maintenanceid AS maintenanceid, m.product, p.name AS productname, ";
        $sql .= "m.expirydate, m.term ";
        $sql .= "FROM `{$GLOBALS['dbContacts']}` AS c, ";
        $sql .= "`{$GLOBALS['dbSupportContacts']}` AS sc, ";
        $sql .= "`{$GLOBALS['dbMaintenance']}` AS m, ";
        $sql .= "`{$GLOBALS['dbProducts']}` AS p ";
        $sql .= "WHERE c.id = '{$userid}' ";
        $sql .= "AND (sc.maintenanceid=m.id AND sc.contactid='{$userid}') ";
        $sql .= "AND m.product=p.id  ";
        // Contracts we're an 'all supported' on
        $sql .= "UNION ";
        $sql .= "SELECT m.id AS maintenanceid, m.product, p.name AS productname, ";
        $sql .= "m.expirydate, m.term ";
        $sql .= "FROM `{$GLOBALS['dbContacts']}` AS c, ";
        $sql .= "`{$GLOBALS['dbMaintenance']}` AS m, ";
        $sql .= "`{$GLOBALS['dbProducts']}` AS p ";
        $sql .= "WHERE c.id = '{$userid}' AND c.siteid = m.site ";
        $sql .= "AND m.allcontactssupported = 'yes' ";
        $sql .= "AND m.product=p.id  ";
        $result = mysql_query($sql);
        if (mysql_error()) {
            trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
        }
        if (mysql_num_rows($result) > 0) {
            $html .= "<table align='center' class='vertical'>";
            $html .= "<tr>";
            $html .= "<th>{$GLOBALS['strID']}</th><th>{$GLOBALS['strProduct']}</th><th>{$GLOBALS['strExpiryDate']}</th>";
            $html .= "</tr>\n";
            $supportcount = 1;
            $shade = 'shade2';
            while ($supportedrow = mysql_fetch_array($result)) {
                if ($supportedrow['term'] == 'yes') {
                    $shade = 'expired';
                }
                if ($supportedrow['expirydate'] < $now and $supportedrow['expirydate'] != -1) {
                    $shade = 'expired';
                }
                $html .= "<tr><td class='{$shade}'>";
                $html .= '' . icon('contract', 16) . " ";
                if ($mode == 'internal') {
                    $html .= "<a href='contract_details.php?id=";
                } else {
                    $html .= "<a href='contracts.php?id=";
                }
                $html .= "{$supportedrow['maintenanceid']}'>";
                $html .= "{$GLOBALS['strContract']}: ";
                $html .= "{$supportedrow['maintenanceid']}</a></td>";
                $html .= "<td class='{$shade}'>{$supportedrow['productname']}</td>";
                $html .= "<td class='{$shade}'>";
                if ($supportedrow['expirydate'] == -1) {
                    $html .= $GLOBALS['strUnlimited'];
                } else {
                    $html .= ldate($CONFIG['dateformat_date'], $supportedrow['expirydate']);
                }
                if ($supportedrow['term'] == 'yes') {
                    $html .= " {$GLOBALS['strTerminated']}";
                }
                $html .= "</td>";
                $html .= "</tr>\n";
                $supportcount++;
                $shade = 'shade2';
            }
            $html .= "</table>\n";
        } else {
            $html .= "<p align='center'>{$GLOBALS['strNone']}</p>\n";
        }
        if ($mode == 'internal') {
            $html .= "<p align='center'>";
            $html .= "<a href='contract_add_contact.php?contactid={$userid}&amp;context=contact'>";
            $html .= "{$GLOBALS['strAssociateContactWithContract']}</a></p>\n";
        }
    }
    return $html;
}
示例#12
0
    }
    $page = urlencode($page);
    header("Location: {$CONFIG['application_webpath']}index.php?id=2&page={$page}");
    exit;
} else {
    // Attempt to prevent session fixation attacks
    session_regenerate();
    setcookie(session_name(), session_id(), ini_get("session.cookie_lifetime"), "/");
    // Conversions for when register_globals=off
    // We've migrated away from using cookies and now use sessions
    $sit[0] = $_SESSION['username'];
    $sit[2] = $_SESSION['userid'];
    // Load session language if it is set and different to the default language
    if (!empty($_SESSION['lang']) and $_SESSION['lang'] != $CONFIG['default_i18n']) {
        include APPLICATION_I18NPATH . "{$_SESSION['lang']}.inc.php";
    } elseif (empty($_SESSION['lang'])) {
        $_SESSION['lang'] = $CONFIG['default_i18n'];
    }
    include APPLICATION_LIBPATH . 'strings.inc.php';
}
if (!is_array($permission)) {
    $permission = array($permission);
}
// Valid user, check permissions
if (user_permission($userid, $permission) == FALSE) {
    //No access permission
    $refused = implode(',', $permission);
    header("Location: {$CONFIG['application_webpath']}noaccess.php?id={$refused}");
    exit;
}
require_once APPLICATION_LIBPATH . 'triggers.inc.php';
示例#13
0
     $reseller = "NULL";
 } else {
     $reseller = "'{$reseller}'";
 }
 if (empty($licence_type) or $licence_type == 0) {
     $licence_type = "NULL";
 } else {
     $licence_type = "'{$licence_type}'";
 }
 // NOTE above is so we can insert null so browse_contacts etc can see the contract rather than inserting 0
 $sql = "UPDATE `{$dbMaintenance}` SET reseller={$reseller}, expirydate='{$expirydate}', licence_quantity='{$licence_quantity}', ";
 $sql .= "licence_type={$licence_type}, notes='{$notes}', admincontact={$admincontact}, term='{$terminated}', servicelevelid='{$servicelevelid}', ";
 $sql .= "incident_quantity='{$incident_quantity}', ";
 $sql .= "incidentpoolid='{$incidentpoolid}', productonly='{$productonly}', ";
 $sql .= "supportedcontacts='{$amount}', allcontactssupported='{$allcontacts}'";
 if (!empty($product) and user_permission($sit[2], 22)) {
     $sql .= ", product='{$product}'";
 }
 $sql .= " WHERE id='{$maintid}'";
 $result = mysql_query($sql);
 if (mysql_error()) {
     trigger_error(mysql_error(), E_USER_ERROR);
 }
 // show error message if addition failed
 if (!$result) {
     include APPLICATION_INCPATH . 'htmlheader.inc.php';
     echo user_alert("Update failed", E_USER_WARNING);
     include APPLICATION_INCPATH . 'htmlfooter.inc.php';
 } else {
     journal(CFG_LOGGING_NORMAL, 'Contract Edited', "contract {$maintid} modified", CFG_JOURNAL_MAINTENANCE, $maintid);
     html_redirect("contract_details.php?id={$maintid}");
示例#14
0
    mysql_query($lastseensql);
    if (mysql_error()) {
        trigger_error(mysql_error(), E_USER_WARNING);
    }
}
if ($sit[0] != '') {
    // Check this is current
    $sql = "SELECT version FROM `{$dbSystem}` WHERE id = 0";
    $versionresult = mysql_query($sql);
    if (mysql_error()) {
        trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
    }
    list($dbversion) = mysql_fetch_row($versionresult);
    if ($dbversion < $application_version) {
        echo "<p class='error'><strong>IMPORTANT</strong> The SiT database schema needs to be updated";
        if (user_permission($sit[2], 22)) {
            echo " from v{$dbversion} to v{$application_version}</p>";
            echo "<p class='tip'>Visit <a href='setup.php'>Setup</a> to update the schema";
        }
        echo "</p>";
    }
    // Check users email address
    if (empty($_SESSION['email'])) {
        echo user_alert("{$strInvalidEmailAddress} - <a href='user_profile_edit.php'>{$strEditEmail}</a>", E_USER_ERROR);
    }
    //display (trigger) notices
    $noticesql = "SELECT * FROM `{$GLOBALS['dbNotices']}` ";
    // Don't show more than 20 notices, saftey cap
    $noticesql .= "WHERE userid={$sit[2]} ORDER BY timestamp DESC LIMIT 20";
    $noticeresult = mysql_query($noticesql);
    if (mysql_error()) {
示例#15
0
    $title = $strSystemActions;
} else {
    $title = $strNotifications;
}
switch ($_REQUEST['mode']) {
    case 'delete':
        $id = cleanvar($_GET['id']);
        if (!is_numeric($id)) {
            html_redirect($_SERVER['PHP_SELF'], FALSE);
        }
        $triggerowner = db_read_column('userid', $dbTriggers, $id);
        if ($triggerowner == 0 and !user_permission($sit[2], 72)) {
            html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE, $strPermissionDenied);
        } elseif ($triggerowner != 0 and $triggerowner != $sit[2] and !user_permission($sit[2], 72)) {
            html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE, $strPermissionDenied);
        } elseif ($triggerowner == $sit[2] and !user_permission($sit[2], 71)) {
            html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE, $strPermissionDenied);
        } else {
            $sql = "DELETE FROM `{$dbTriggers}` WHERE id = {$id} LIMIT 1";
            mysql_query($sql);
            if (mysql_error()) {
                trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
            }
            if (mysql_affected_rows() >= 1) {
                html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}");
            } else {
                html_redirect($_SERVER['PHP_SELF'] . "?user={$selecteduser}", FALSE);
            }
        }
        break;
    case 'add':
     break;
 case 'edit':
     if (user_permission($sit[2], 79) == FALSE) {
         header("Location: {$CONFIG['application_webpath']}noaccess.php?id=79");
         exit;
     } else {
         $status = update_contract_balance($contractid, $reason, $amount, $sourceservice);
         if ($status) {
             html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", TRUE, $strSuccessfullyUpdated);
         } else {
             html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", FALSE, $strUpdateFailed);
         }
     }
     break;
 case 'transfer':
     if (user_permission($sit[2], 79) == FALSE) {
         header("Location: {$CONFIG['application_webpath']}noaccess.php?id=79");
         exit;
     } else {
         $status = update_contract_balance($contractid, $reason, $amount * -1, $sourceservice);
         if ($status) {
             $status = update_contract_balance($contractid, $reason, $amount, $destinationservice);
             if ($status) {
                 html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", TRUE);
             } else {
                 html_redirect("{$CONFIG['application_webpath']}contract_details.php?id={$contractid}", FALSE);
             }
             exit;
         }
         html_redirect('main.php', FALSE, $strFailed);
         exit;
示例#17
0
 echo "<th>{$strOwner}</th><th>{$strActions}</th></tr>";
 $shade = 'shade1';
 while ($row = mysql_fetch_object($result)) {
     echo "<tr class='{$shade}'><td>" . icon('inventory', 16);
     echo " {$row->name}, {$CONFIG['inventory_types'][$row->type]}";
     if ($row->active != 1) {
         echo " (inactive)";
     }
     echo "</td><td align='center'>";
     if ($row->privacy == 'private') {
         echo icon('private', 16);
     } elseif ($row->privacy == 'adminonly') {
         echo icon('review', 16, $strAdmin);
     }
     echo "</td><td>" . user_realname($row->createdby) . "</td><td>";
     if ($row->privacy == 'private' and $sit[2] != $row->createdby or $row->privacy == 'adminonly' and !user_permission($sit[2], 22)) {
         echo "{$strView}</a> &nbsp; ";
         echo "{$strEdit}</td></tr>";
     } else {
         echo "<a href='inventory_view.php?id={$row->id}'>{$strView}</a> &nbsp; ";
         echo "<a href='inventory_edit.php?id={$row->id}'>{$strEdit}</td></tr>";
     }
     if ($shade == 'shade1') {
         $shade = 'shade2';
     } else {
         $shade = 'shade1';
     }
 }
 echo "</table>";
 echo "<p align='center'>" . icon('add', 16);
 echo " <a href='inventory_add.php?site={$siteid}'>";
示例#18
0
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Tom Gerrard <tom.gerrard[at]salfordsoftware.co.uk>
$permission = 27;
// View your calendar
require '../core.php';
$headerdisplayed = 1;
require APPLICATION_LIBPATH . 'functions.inc.php';
require APPLICATION_LIBPATH . 'auth.inc.php';
header('Content-Type: text/javascript');
foreach (array('user') as $var) {
    eval("\${$var}=cleanvar(\$_REQUEST['{$var}']);");
}
if ($user == '' || $user != $_SESSION['userid'] && !user_permission($_SESSION['userid'], 50)) {
    $user = $_SESSION['userid'];
}
echo "var user = '******';\n\n";
?>

/************************************************************************************************************
Some of this Javascript is Based on
DHTML Week Planner
Copyright (C) 2007  DTHMLGoodies.com, Alf Magne Kalleland

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
示例#19
0
        echo "</td>";
        echo "<td>" . nl2br(substr($contactrow['notes'], 0, 500)) . "</td>";
        echo "</tr>";
        if ($shade == 'shade1') {
            $shade = 'shade2';
        } else {
            $shade = 'shade1';
        }
    }
    echo "</table>\n";
} else {
    echo "<p align='center'>{$strNoContactsForSite}</p>";
}
echo "<p align='center'><a href='contact_add.php?siteid={$id}'>{$strAddContact}</a></p>";
// Valid user, check perms
if (user_permission($sit[2], 19)) {
    echo "<h3>{$strContracts}<a id='contracts'></a></h3>";
    // Display contracts
    $sql = "SELECT m.id AS maintid, m.term AS term, p.name AS product, r.name AS reseller, ";
    $sql .= "licence_quantity, lt.name AS licence_type, expirydate, admincontact, ";
    $sql .= "c.forenames AS admincontactsforenames, c.surname AS admincontactssurname, m.notes AS maintnotes ";
    $sql .= "FROM `{$dbContacts}` AS c, `{$dbProducts}` AS p, `{$dbMaintenance}` AS m ";
    $sql .= "LEFT JOIN `{$dbLicenceTypes}` AS lt ON m.licence_type = lt.id ";
    $sql .= "LEFT JOIN `{$dbResellers}` AS r ON r.id = m.reseller ";
    $sql .= "WHERE m.product = p.id ";
    $sql .= "AND admincontact = c.id AND m.site = '{$id}' ";
    $sql .= "ORDER BY expirydate DESC";
    // connect to database and execute query
    $result = mysql_query($sql);
    if (mysql_error()) {
        trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);