function static_var($VAR) { global $smarty; require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); $arr = $static_var->generate_form('staff', 'add', 'update'); if (gettype($arr) == 'array') { ### Set everything as a smarty array, and return: $smarty->assign('show_static_var', true); $smarty->assign('static_var', $arr); return true; } else { ### Or if no results: $smarty->assign('show_static_var', false); return false; } }
function subscribe_confirm($VAR) { global $C_debug, $C_translate; ### validate that the user provided their email /* We need the following vars to confirm: 'email' 'validate' */ if (!isset($VAR['email']) || !isset($VAR['validate'])) { ### ERROR: bad link.... $url = '<br><a href="' . URL . '?_page=newsletter:subscribe">' . $C_translate->translate('submit', 'CORE', '') . '</a>'; $message = eregi_replace('%here%', $url, $C_translate->translate('subscribe_confirm_fail', 'newsletter', '')); echo $message; return; } else { ### Confirm the email/timestamp match $email = @$VAR['email']; $time = @$VAR['validate']; $db =& DB(); $sql = 'SELECT data FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND date_orig = ' . $db->qstr($time) . ' AND field1 = ' . $db->qstr($email); $result = $db->Execute($sql); if ($result->RecordCount() == 0) { ### ERROR: no match for submitted link, invalid or expired. $url = '<br><a href="' . URL . '?_page=newsletter:subscribe">' . $C_translate->translate('submit', 'CORE', '') . '</a>'; $message = eregi_replace('%here%', $url, $C_translate->translate('subscribe_confirm_fail', 'newsletter', '')); echo $message; return; } $arr = unserialize($result->fields['data']); @($varstored['static_relation'] = unserialize(base64_decode($arr['var']))); ############################################################### ### Delete the temporary record $sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND field1 = ' . $db->qstr($email); $db->Execute($sql); ############################################################### ### Create the newsletter subscription(s): $db =& DB(); for ($i = 0; $i < count($arr['newsletter_id']); $i++) { ######################################################### ### Drop any existing subscriptions to avoid duplicates! $sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'newsletter_subscriber WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND newsletter_id=' . $db->qstr($arr["newsletter_id"][$i]) . ' AND email = ' . $db->qstr($email); $db->Execute($sql); ### Insert $id = $db->GenID(AGILE_DB_PREFIX . "" . 'newsletter_subscriber_id'); $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'newsletter_subscriber SET site_id = ' . $db->qstr(DEFAULT_SITE) . ', id = ' . $db->qstr($id) . ', date_orig = ' . $db->qstr(time()) . ', newsletter_id= ' . $db->qstr($arr["newsletter_id"][$i]) . ', email = ' . $db->qstr($arr["email"]) . ', html = ' . $db->qstr($arr["html"]) . ', first_name = ' . $db->qstr($arr["first_name"]) . ', last_name = ' . $db->qstr($arr["last_name"]); $result = $db->Execute($sql); ### Set the static vars: require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); $static_var->add($varstored, 'newsletter_subscriber', $id); } ### Return the success message: echo $C_translate->translate('subscribe_confirm_success', 'newsletter', ''); } }
function user_add($VAR) { $this->construct(); global $C_debug, $C_translate, $C_vars, $smarty; ### Strip Slashes global $VAR; $C_vars->strip_slashes_all(); #################################################################### ### Check that the required fields are set: ### ticket_department_id, ticket_subject, ticket_body #################################################################### $fields = array('priority', 'department_id', 'subject', 'body'); for ($i = 0; $i < count($fields); $i++) { $field = $fields[$i]; $field_name = $this->table . '_' . $field; if (!isset($VAR["{$field_name}"]) || trim($VAR["{$field_name}"]) == "") { $this->val_error[] = array('field' => $this->table . '_' . $field, 'field_trans' => $C_translate->translate('field_' . $field, $this->module, ""), 'error' => $C_translate->translate('validate_any', "", "")); } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form($this->module, $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; } ### Validate e-mail if (!SESS_LOGGED) { include_once PATH_CORE . 'validate.inc.php'; $C_validate = new CORE_validate(); if (empty($VAR['ticket_email'])) { $this->validated = false; $smarty->assign('ticket_email', true); $all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_any', "", "")); } elseif (!$C_validate->validate_email(@$VAR['ticket_email'], false)) { $this->validated = false; $smarty->assign('ticket_email', true); $all_error[] = array('field' => 'ticket_email', 'field_trans' => $C_translate->translate('field_email', "ticket", ""), 'error' => $C_translate->translate('validate_email', "", "")); } $this->email = $VAR['ticket_email']; } else { # Get the e-mail addy from the user's account $db =& DB(); $sql = 'SELECT email FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr(SESS_ACCOUNT); $result = $db->Execute($sql); $VAR['ticket_email'] = $result->fields['email']; $this->email = $result->fields['email']; } ################################################################### ### Check that the user is authorized for this department $db =& DB(); $sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'ticket_department WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($VAR['ticket_department_id']) . ' AND status = ' . $db->qstr('1'); $result = $db->Execute($sql); if ($result->RecordCount() == 0) { ################################################################### ### ERROR: The selected department is inactive or invalid $C_debug->alert($C_translate->translate('department_invalid', 'ticket', '')); return false; } global $C_auth; $i = 0; $dept_auth = false; while (!$result->EOF) { $arr = unserialize($result->fields['group_id']); if (!SESS_LOGGED) { ### Check if the specified department is authorized for the 'All Users' group (0): for ($i = 0; $i < count($arr); $i++) { if ($arr[$i] == '0') { $dept_auth = true; } } if (!$dept_auth) { $C_debug->alert($C_translate->translate('login_required', '', '')); return false; } } else { for ($i = 0; $i < count($arr); $i++) { if ($C_auth->auth_group_by_id($arr[$i])) { $dept_auth = true; } } } $result->MoveNext(); } if (!$dept_auth) { ################################################################### ### ERROR: The current user does not have access to the selected department! $C_debug->alert($C_translate->translate('department_not_auth', 'ticket', '')); return false; } else { #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } global $C_vars; $C_vars->strip_slashes_all(); return; } ################################################################### ### Assemble the SQL & Insert the ticket $db =& DB(); $id = $db->GenID(AGILE_DB_PREFIX . 'ticket_id'); $sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'ticket SET site_id = ' . $db->qstr(DEFAULT_SITE) . ', id = ' . $db->qstr($id) . ', date_orig = ' . $db->qstr(time()) . ', date_last = ' . $db->qstr(time()) . ', date_expire = ' . $db->qstr(time() + 86400 * 7) . ', account_id = ' . $db->qstr(SESS_ACCOUNT) . ', department_id=' . $db->qstr($VAR['ticket_department_id']) . ', status = ' . $db->qstr(0) . ', last_reply = 0, priority = ' . $db->qstr($VAR['ticket_priority']) . ', subject = ' . $db->qstr($VAR['ticket_subject']) . ', email = ' . $db->qstr($VAR['ticket_email']) . ', body = ' . $db->qstr(htmlspecialchars($VAR['ticket_body'])); $result = $db->Execute($sql); # error reporting: if ($result === false) { global $C_debug; $C_debug->error('ticket.inc.php', 'user_add', $db->ErrorMsg()); return false; } ################################################################### ### Insert the static vars... $static_var->add($VAR, $this->module, $id); ################################################################### ### Mail the user the new_ticket email template require_once PATH_MODULES . 'email_template/email_template.inc.php'; $VAR['email'] = trim($this->email); $VAR['key'] = $this->key($this->email); $my = new email_template(); $my->send('ticket_user_add', $this->email, $id, '', ''); unset($VAR['key']); unset($VAR['email']); ################################################################### ### Get any staff members who should be mailed $db =& DB(); $sql = 'SELECT id,account_id,department_avail FROM ' . AGILE_DB_PREFIX . 'staff WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND notify_new = ' . $db->qstr("1"); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { while (!$result->EOF) { @($avail = unserialize($result->fields['department_avail'])); for ($i = 0; $i < count($avail); $i++) { if ($avail[$i] == $VAR['ticket_department_id']) { ################################################################### ### Mail staff members the new_ticket email template $my = new email_template(); $my->send('ticket_user_add_staff', $result->fields['account_id'], $id, $avail[$i], 'sql3'); $i = count($avail); } } $result->MoveNext(); } } } global $C_debug, $C_translate; $C_debug->alert($C_translate->translate('user_add_success', 'ticket', '')); }
function update($VAR) { global $C_list, $C_debug; if (!$this->checkLimits()) { return false; } // check account limits // validate the tax_id global $VAR; require_once PATH_MODULES . 'tax/tax.inc.php'; $taxObj = new tax(); $tax_arr = @$VAR['account_admin_tax_id']; if (is_array($tax_arr)) { foreach ($tax_arr as $country_id => $tax_id) { if ($country_id == $VAR['account_admin_country_id']) { $exempt = @$VAR["account_tax_id_exempt"][$country_id]; if (!($txRs = $taxObj->TaxIdsValidate($country_id, $tax_id, $exempt))) { $this->validated = false; global $C_translate; $this->val_error[] = array('field' => 'account_admin_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", "")); } if ($exempt) { $VAR['account_admin_tax_id'] = false; } else { $VAR['account_admin_tax_id'] = $tax_id; } } } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (!isset($this->val_error)) { $this->val_error = false; } $all_error = $static_var->validate_form('account', $this->val_error); if ($all_error != false && gettype($all_error) == 'array') { $this->validated = false; } else { $this->validated = true; } #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if (!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if (!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } return; } ### Get the old username ( for db mapping ) $db =& DB(); $sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($VAR['account_admin_id']); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { $old_username = $result->fields['username']; } ### Update the password: $update_password = false; if (!empty($VAR['_password'])) { $VAR['account_admin_password'] = $VAR['_password']; /* check if new password is ok */ if ($C_list->is_installed('account_password_history')) { include_once PATH_MODULES . 'account_password_history/account_password_history.inc.php'; $accountHistory = new account_password_history(); if (!$accountHistory->getIsPasswordOk($VAR['account_admin_id'], $VAR['account_admin_password'], false)) { $C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes."); unset($VAR['account_admin_password']); } else { $update_password = true; } } } ### Update the record $type = "update"; $this->method["{$type}"] = explode(",", $this->method["{$type}"]); $db = new CORE_database(); $ok = $db->update($VAR, $this, $type); if ($ok) { /* password logging class */ if ($update_password && is_object($accountHistory)) { $accountHistory->setNewPassword($VAR['account_admin_id'], $VAR["account_admin_password"], false); } ### Update the static vars: $static_var->update($VAR, 'account', $VAR['account_admin_id']); ### Do any db_mapping if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); if (!empty($VAR['account_admin_password'])) { $db_map->plaintext_password = $VAR['account_admin_password']; } else { $db_map->plaintext_password = false; } $db_map->account_edit($VAR['account_admin_id'], $old_username); } // remove login lock if ($VAR['account_admin_status']) { $db =& DB(); $delrs = $db->Execute($sql = sqlDelete($db, "login_lock", "account_id={$VAR['account_admin_id']}")); $delrs = $db->Execute($sql = sqlDelete($db, "login_log", "account_id={$VAR['account_admin_id']} AND status=0")); } return true; } }
function static_var($VAR) { global $smarty; require_once PATH_CORE . 'static_var.inc.php'; $static_var = new CORE_static_var(); if (preg_match('/search/i', $VAR['_page'])) { $arr = $static_var->generate_form($this->module, 'add', 'search'); } else { $arr = $static_var->generate_form($this->module, 'add', 'update'); } if (gettype($arr) == 'array') { ### Set everything as a smarty array, and return: $smarty->assign('show_static_var', true); $smarty->assign('static_var', $arr); return true; } else { ### Or if no results: $smarty->assign('show_static_var', false); return false; } }