PHP CORE_auth示例

示例#1

文件： account_admin.inc.php 项目： chiranjeevjain/agilebill

 function merge($VAR)
 {
     $db =& DB();
     global $C_auth, $C_list, $C_translate, $C_debug;
     if (empty($VAR['id']) || empty($VAR['merge_acct_id'])) {
         $C_debug->alert($C_translate->translate('merge_err', 'account_admin', ''));
         return false;
     }
     $acct_id = $VAR['id'];
     $merge_acct_id = $VAR['merge_acct_id'];
     # Get merged account_group
     $q = "SELECT * FROM " . AGILE_DB_PREFIX . "account_group WHERE  (\n\t\t\t\tservice_id = '' OR\n\t\t\t\tservice_id = 0 OR\n\t\t\t\tservice_id IS NULL\n\t\t\t\t) AND account_id = {$acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: account_group', $db->ErrorMsg());
     } else {
         while (!$rs->EOF) {
             $Cauth = new CORE_auth(true);
             if ($Cauth->auth_group_by_account_id($merge_acct_id, $rs->fields['group_id'])) {
                 # duplicate group, delete
                 $q = "DELETE FROM " . AGILE_DB_PREFIX . "account_group WHERE id = {$rs->fields['id']} AND site_id = " . DEFAULT_SITE;
                 $db->Execute($q);
             }
             $rs->MoveNext();
         }
     }
     # account_group
     $q = "UPDATE " . AGILE_DB_PREFIX . "account_group SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: account_group', $db->ErrorMsg());
     }
     # account_billing
     $q = "UPDATE " . AGILE_DB_PREFIX . "account_billing SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: account_billing', $db->ErrorMsg());
     }
     # cart
     $q = "UPDATE " . AGILE_DB_PREFIX . "cart SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: cart', $db->ErrorMsg());
     }
     # charge
     $q = "UPDATE " . AGILE_DB_PREFIX . "charge SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: charge', $db->ErrorMsg());
     }
     # discount
     $q = "UPDATE " . AGILE_DB_PREFIX . "discount SET avail_account_id = {$acct_id} WHERE avail_account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: charge', $db->ErrorMsg());
     }
     # invoice
     $q = "UPDATE " . AGILE_DB_PREFIX . "invoice SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: invoice', $db->ErrorMsg());
     }
     # log_error
     $q = "UPDATE " . AGILE_DB_PREFIX . "log_error SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: log_error', $db->ErrorMsg());
     }
     # login_lock
     $q = "DELETE FROM " . AGILE_DB_PREFIX . "login_lock WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: login_lock', $db->ErrorMsg());
     }
     # login_log
     $q = "UPDATE " . AGILE_DB_PREFIX . "login_log SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: login_log', $db->ErrorMsg());
     }
     # search
     $q = "UPDATE " . AGILE_DB_PREFIX . "search SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: search', $db->ErrorMsg());
     }
     # service
     $q = "UPDATE " . AGILE_DB_PREFIX . "service SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: service', $db->ErrorMsg());
     }
     # session
     $q = "DELETE FROM " . AGILE_DB_PREFIX . "session WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: session', $db->ErrorMsg());
     }
     # staff
     $q = "UPDATE " . AGILE_DB_PREFIX . "staff SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: staff', $db->ErrorMsg());
     }
     # affiliate
     if ($C_list->is_installed('affiliate')) {
         $q = "UPDATE " . AGILE_DB_PREFIX . "affiliate SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
         $rs = $db->Execute($q);
         if ($rs === false) {
             $C_debug->error('account_admin.inc.php', 'merge :: affiliate', $db->ErrorMsg());
         }
     }
     # ticket
     if ($C_list->is_installed('ticket')) {
         $q = "UPDATE " . AGILE_DB_PREFIX . "ticket SET account_id = {$acct_id} WHERE account_id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
         $rs = $db->Execute($q);
         if ($rs === false) {
             $C_debug->error('account_admin.inc.php', 'merge :: ticket', $db->ErrorMsg());
         }
     }
     # DB Mapping
     if ($C_list->is_installed('db_mapping')) {
         $dbsql = "SELECT username FROM " . AGILE_DB_PREFIX . "account WHERE\n\t\t\t\t\t\t\t\t  site_id = " . $db->qstr(DEFAULT_SITE) . " AND\n\t\t\t\t\t\t\t\t  id      = " . $db->qstr($merge_acct_id);
         $resultdb = $db->Execute($dbsql);
         $old_username = $resultdb->fields['username'];
         include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
         $db_map = new db_mapping();
         $db_map->account_delete($merge_acct_id, $old_username);
     }
     # Delete account
     $q = "DELETE FROM " . AGILE_DB_PREFIX . "account WHERE id = {$merge_acct_id} AND site_id = " . DEFAULT_SITE;
     $rs = $db->Execute($q);
     if ($rs === false) {
         $C_debug->error('account_admin.inc.php', 'merge :: account', $db->ErrorMsg());
     }
     $C_debug->alert($C_translate->translate('merge_ok', 'account_admin', ''));
     return;
 }

示例#2

文件： ticket.inc.php 项目： hbustun/agilebill

    function piping_add_ticket($arr, $department_id)
    {
        # Check values
        if (empty($arr['uniqueId']) || empty($arr['body'])) {
            return false;
        }
        # Check if duplicate:
        $db =& DB();
        $sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'ticket WHERE
                        site_id     		= ' . $db->qstr(DEFAULT_SITE) . ' AND
                        piping_unique_id	= ' . $db->qstr($arr['uniqueId']);
        $result = $db->Execute($sql);
        if ($result->RecordCount() > 0) {
            return false;
        }
        # Determine user's account id:
        $sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'account WHERE
                        site_id     		= ' . $db->qstr(DEFAULT_SITE) . ' AND
                        email				= ' . $db->qstr($arr['from']);
        $result = $db->Execute($sql);
        if ($result->RecordCount() == 0) {
            $account_id = 0;
        } else {
            $account_id = $result->fields['id'];
        }
        ### Do any authentication required:
        $C_auth = new CORE_auth(false);
        $status = 3;
        $this->auth = false;
        ### Get available groups for this department:
        $sql = 'SELECT group_id FROM ' . AGILE_DB_PREFIX . 'ticket_department WHERE
                        site_id     		= ' . $db->qstr(DEFAULT_SITE) . ' AND
                        id					= ' . $db->qstr($department_id);
        $result = $db->Execute($sql);
        @($groups = unserialize($result->fields['group_id']));
        if ($account_id == 0) {
            ### Unknown account, is this this department authorized for the All Users group id (0)
            $this->auth = true;
            for ($i = 0; $i < count($groups); $i++) {
                if ($groups[$i] == '0') {
                    $status = 0;
                    $i = count($groups);
                }
            }
        } else {
            ### Known account, loop through available groups and check if account is authorized
            for ($i = 0; $i < count($groups); $i++) {
                if ($C_auth->auth_group_by_account_id($account_id, $groups[$i])) {
                    $status = 0;
                    $i = count($groups);
                    $this->auth = true;
                }
            }
        }
        if ($this->auth) {
            # Create the new ticket record:
            $ticket_id = $db->GenID(AGILE_DB_PREFIX . 'ticket_id');
            $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'ticket
	            			SET
	            			id     			= ' . $db->qstr($ticket_id) . ',
	                        site_id    		= ' . $db->qstr(DEFAULT_SITE) . ',
	                        date_orig  		= ' . $db->qstr(time()) . ',
	                        date_last  		= ' . $db->qstr(time()) . ',
							account_id 		= ' . $db->qstr($account_id) . ',                            		
	                        department_id	= ' . $db->qstr($department_id) . ',
	                        status    		= ' . $db->qstr($status) . ',
	                        priority   		= ' . $db->qstr('0') . ',    	
	                        subject   		= ' . $db->qstr($arr['subject']) . ',
	                        body	   		= ' . $db->qstr(@$arr['body']) . ',
	                        last_reply   	= ' . $db->qstr('0') . ',
	                        piping_unique_id= ' . $db->qstr($arr['uniqueId']) . ',	    		 
	                        email			= ' . $db->qstr($arr['from']);
            $result = $db->Execute($sql);
            // insert any attachments
            if (!empty($arr['attach']) && is_array($arr['attach'])) {
                foreach ($arr['attach'] as $attach) {
                    require_once 'includes/pear/Compat/Function/file_get_contents.php';
                    @($data = file_get_contents($attach['tmp']));
                    if (!empty($data)) {
                        // get file size
                        $size = filesize($attach['tmp']);
                        $filesizename = array(" Bytes", " KB", " MB", " GB", " TB", " PB", " EB", " ZB", " YB");
                        $size = round($size / pow(1024, $i = floor(log($size, 1024))), 2) . $filesizename[$i];
                        // insert record
                        $fields = array('ticket_id' => $ticket_id, 'ticket_message_id' => 0, 'name' => $attach['file'], 'size' => $size, 'type' => $attach['type'], 'content' => $data);
                        $db->Execute($sql = sqlInsert($db, "ticket_attachment", $fields));
                    }
                    @($u = unlink($attach['tmp']));
                }
            }
        }
        ### Do any emails...
        require_once PATH_MODULES . 'email_template/email_template.inc.php';
        $my = new email_template();
        if ($account_id) {
            $ticket_account_id = $account_id;
        } else {
            $ticket_account_id = trim($arr['from']);
        }
        ### Send the user ticket confirmation message:
        global $VAR;
        $VAR['ticket_subject'] = $arr['subject'];
        $VAR['email'] = trim($arr['from']);
        $VAR['key'] = $this->key($arr['from']);
        if ($status == 0 && $this->auth) {
            ### Mail the user the new_ticket email template
            $my->send('ticket_piping_add_user', $ticket_account_id, $ticket_id, '', '');
        } elseif ($status == 3 && $this->auth) {
            ### Mail the user the new_ticket email template (pending)
            $my->send('ticket_piping_add_user_pending', $ticket_account_id, $ticket_id, '', '');
        } elseif (!$this->auth) {
            ### Mail the user the new_ticket email template (unauthorized)
            $my->send('ticket_piping_add_user_unauth', $ticket_account_id, '', '', '');
        }
        if ($status == 0) {
            ### Get any staff members who should be mailed
            $dba =& DB();
            $sql = 'SELECT id,account_id,department_avail FROM ' . AGILE_DB_PREFIX . 'staff
	                       WHERE
	                       site_id     = ' . $dba->qstr(DEFAULT_SITE) . ' AND
	                       notify_new  = ' . $dba->qstr("1");
            $result = $dba->Execute($sql);
            if ($result->RecordCount() > 0) {
                while (!$result->EOF) {
                    @($avail = unserialize($result->fields['department_avail']));
                    for ($i = 0; $i < count($avail); $i++) {
                        if ($avail[$i] == $department_id) {
                            ###################################################################
                            ### Mail staff members the new_ticket email template
                            global $VAR;
                            $VAR['ticket_priority'] = 'Normal (e-mail)';
                            $VAR['ticket_subject'] = $arr['subject'];
                            $VAR['ticket_body'] = $arr['body'];
                            $my = new email_template();
                            $my->send('ticket_staff_add', $result->fields['account_id'], $ticket_id, $avail[$i], '');
                            $i = count($avail);
                        }
                    }
                    $result->MoveNext();
                }
            }
        }
    }