function onTicketCreated($answer) { try { global $ost; if (!($ticket = Ticket::lookup($answer->object_id))) { die('Unknown or invalid ticket ID.'); } //Slack payload $payload = array('attachments' => array(array('pretext' => "New Ticket <" . $ost->getConfig()->getUrl() . "scp/tickets.php?id=" . $ticket->getId() . "|#" . $ticket->getId() . "> in " . Format::htmlchars($ticket->getDept() instanceof Dept ? $ticket->getDept()->getName() : '') . " via " . $ticket->getSource() . " (" . Format::db_datetime($ticket->getCreateDate()) . ")", 'fallback' => "New Ticket <" . $ost->getConfig()->getUrl() . "scp/tickets.php?id=" . $ticket->getId() . "|#" . $ticket->getId() . "> in " . Format::htmlchars($ticket->getDept() instanceof Dept ? $ticket->getDept()->getName() : '') . " via " . $ticket->getSource() . " (" . Format::db_datetime($ticket->getCreateDate()) . ")", 'color' => "#D00000", 'fields' => array(array('title' => "From: " . mb_convert_case(Format::htmlchars($ticket->getName()), MB_CASE_TITLE) . " (" . $ticket->getEmail() . ")", 'value' => '', 'short' => false))))); //Curl to webhook $data_string = utf8_encode(json_encode($payload)); $url = $this->getConfig()->get('slack-webhook-url'); if (!function_exists('curl_init')) { error_log('osticket slackplugin error: cURL is not installed!'); } $ch = curl_init($url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); if ($result === false) { error_log($url . ' - ' . curl_error($ch)); } else { $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($statusCode != '200') { error_log($url . ' Http code: ' . $statusCode); } } curl_close($ch); } catch (Exception $e) { error_log('Error posting to Slack. ' . $e->getMessage()); } }
function validate(&$data, $format) { global $ost; //Call parent to Validate the structure if (!parent::validate($data, $format)) { $this->exerr(400, 'Unexpected or invalid data received'); } //Nuke attachments IF API files are not allowed. if (!$ost->getConfig()->allowAPIAttachments()) { $data['attachments'] = array(); } //Validate attachments: Do error checking... soft fail - set the error and pass on the request. if ($data['attachments'] && is_array($data['attachments'])) { foreach ($data['attachments'] as &$attachment) { if (!$ost->isFileTypeAllowed($attachment)) { $attachment['error'] = 'Invalid file type (ext) for ' . Format::htmlchars($attachment['name']); } elseif ($attachment['encoding'] && !strcasecmp($attachment['encoding'], 'base64')) { if (!($attachment['data'] = base64_decode($attachment['data'], true))) { $attachment['error'] = sprintf('%s: Poorly encoded base64 data', Format::htmlchars($attachment['name'])); } } } unset($attachment); } return true; }
function validate(&$data, $format, $strict = true) { global $ost; //Call parent to Validate the structure if (!parent::validate($data, $format, $strict) && $strict) { $this->exerr(400, __('Unexpected or invalid data received')); } // Use the settings on the thread entry on the ticket details // form to validate the attachments in the email $tform = TicketForm::objects()->one()->getForm(); $messageField = $tform->getField('message'); $fileField = $messageField->getWidget()->getAttachments(); // Nuke attachments IF API files are not allowed. if (!$messageField->isAttachmentsEnabled()) { $data['attachments'] = array(); } //Validate attachments: Do error checking... soft fail - set the error and pass on the request. if ($data['attachments'] && is_array($data['attachments'])) { foreach ($data['attachments'] as &$file) { if ($file['encoding'] && !strcasecmp($file['encoding'], 'base64')) { if (!($file['data'] = base64_decode($file['data'], true))) { $file['error'] = sprintf(__('%s: Poorly encoded base64 data'), Format::htmlchars($file['name'])); } } // Validate and save immediately try { $file['id'] = $fileField->uploadAttachment($file); } catch (FileUploadError $ex) { $file['error'] = $file['name'] . ': ' . $ex->getMessage(); } } unset($file); } return true; }
function display($value) { $config = $this->getConfiguration(); if ($config['html']) { return Format::safe_html($value); } else { return Format::htmlchars($value); } }
function display($text) { global $cfg; $text = Format::htmlchars($text); //take care of html special chars if ($cfg && $cfg->clickableURLS() && $text) { $text = Format::clickableurls($text); } return nl2br($text); }
function display($text) { global $cfg; $text = Format::htmlchars($text); //take care of html special chars if ($cfg && $cfg->clickableURLS() && $text) { $text = Format::clickableurls($text); } //Wrap long words... $text = preg_replace_callback('/\\w{75,}/', create_function('$matches', 'return wordwrap($matches[0],70,"\\n",true);'), $text); return nl2br($text); }
/** * Ajax: GET /sequence/<id> * * Fetches the current value of a sequence * * Get-Arguments: * format - (string) format string used to format the current value of * the sequence. * * Returns: * (string) Current sequence number, optionally formatted * * Throws: * 403 - Not logged in * 404 - Unknown sequence id * 422 - Invalid sequence id */ function current($id) { global $thisstaff; if (!$thisstaff) { Http::response(403, 'Login required'); } elseif ($id == 0) { $sequence = new RandomSequence(); } elseif (!$id || !is_numeric($id)) { Http::response(422, 'Id is required'); } elseif (!($sequence = Sequence::lookup($id))) { Http::response(404, 'No such object'); } return $sequence->current(Format::htmlchars($_GET['format'])); }
function render() { $config = $this->field->getConfiguration(); if (isset($config['size'])) { $size = "size=\"{$config['size']}\""; } if (isset($config['length'])) { $maxlength = "maxlength=\"{$config['length']}\""; } if (isset($config['classes'])) { $classes = 'class="' . $config['classes'] . '"'; } if (isset($config['autocomplete'])) { $autocomplete = 'autocomplete="' . ($config['autocomplete'] ? 'on' : 'off') . '"'; } ?> <span style="display:inline-block"> <input type="<?php echo static::$input_type; ?> " id="<?php echo $this->name; ?> " <?php echo $size . " " . $maxlength; ?> <?php echo $classes . ' ' . $autocomplete . ' placeholder="' . $config['placeholder'] . '"'; ?> name="<?php echo $this->name; ?> " value="<?php echo Format::htmlchars($this->value); ?> "/> </span> <?php }
$info = Format::htmlchars($errors && $_POST ? $_POST : $info); ?> <h2>Email Address</h2> <form action="emails.php?<?php echo $qstr; ?> " method="post" id="save"> <?php csrf_token(); ?> <input type="hidden" name="do" value="<?php echo $action; ?> "> <input type="hidden" name="a" value="<?php echo Format::htmlchars($_REQUEST['a']); ?> "> <input type="hidden" name="id" value="<?php echo $info['id']; ?> "> <table class="form_table" width="940" border="0" cellspacing="0" cellpadding="2"> <thead> <tr> <th colspan="2"> <h4><?php echo $title; ?> </h4> <em><strong>Email Information</strong>: Login details are optional BUT required when IMAP/POP or SMTP are enabled.</em>
<td width=7px> <input type="checkbox" class="ckb" name="ids[]" value="<?php echo $row['id']; ?>" <?php echo $sel?'checked="checked"':''; ?> > </td> <td> <a class="userPreview" href="users.php?id=<?php echo $row['id']; ?>"><?php echo Format::htmlchars($name); ?></a> <?php if ($row['tickets']) echo sprintf('<i class="icon-fixed-width icon-file-text-alt"></i> <small>(%d)</small>', $row['tickets']); ?> </td> <td><?php echo Format::htmlchars($row['email']); ?></td> <td><?php echo $status; ?></td> <td><?php echo Format::db_date($row['created']); ?></td> </tr> <?php } //end of while. endif; ?> </tbody> <tfoot> <tr> <td colspan="5"> <?php if ($res && $num) { ?> <?php echo __('Select'); ?>: <a id="selectAll" href="#ckb"><?php echo __('All'); ?></a>
<?php if (!defined('OSTADMININC') || !$thisuser->isadmin()) { die('Access Denied'); } //Get the config info. $config = Format::htmlchars($errors && $_POST ? $_POST : $cfg->getConfig()); //Basic checks for warnings... $warn = array(); if ($config['allow_attachments'] && !$config['upload_dir']) { $errors['allow_attachments'] = 'You need to setup upload dir.'; } else { if (!$config['allow_attachments'] && $config['allow_email_attachments']) { $warn['allow_email_attachments'] = '*Attachments Disabled.'; } if (!$config['allow_attachments'] && ($config['allow_online_attachments'] or $config['allow_online_attachments_onlogin'])) { $warn['allow_online_attachments'] = '<br>*Attachments Disabled.'; } } //Not showing err on post to avoid alarming the user...after an update. if (!$errors['err'] && !$msg && $warn) { $errors['err'] = 'Possible errors detected, please check the warnings below'; } $gmtime = Misc::gmtime(); $depts = db_query('SELECT dept_id,dept_name FROM ' . DEPT_TABLE . ' WHERE ispublic=1'); $templates = db_query('SELECT tpl_id,name FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE tpl_id=1 AND cfg_id=' . db_input($cfg->getId())); ?> <div class="msg">System Preferences and Settings (v<?php echo $config['ostversion']; ?> )</div>
<?php /********************************************************************* file.php Simply downloads the file...on hash validation as follows; * Hash must be 64 chars long. * First 32 chars is the perm. file hash * Next 32 chars is md5(file_id.session_id().file_hash) Peter Rotich <*****@*****.**> Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require 'staff.inc.php'; require_once INCLUDE_DIR . 'class.file.php'; $h = trim($_GET['h']); //basic checks if (!$h || strlen($h) != 64 || !($file = AttachmentFile::lookup(substr($h, 0, 32))) || strcasecmp(substr($h, -32), md5($file->getId() . session_id() . $file->getHash()))) { //next 32 is file id + session hash. die('Unknown or invalid file. #' . Format::htmlchars($_GET['h'])); } $file->download();
?> js/redactor-fonts.js?19292ad"></script> <?php if ($ost && ($headers = $ost->getExtraHeaders())) { echo "\n\t" . implode("\n\t", $headers) . "\n"; } ?> </head> <body> <div id="container"> <div id="header"> <div class="pull-right flush-right"> <p> <?php if ($thisclient && is_object($thisclient) && $thisclient->isValid() && !$thisclient->isGuest()) { echo Format::htmlchars($thisclient->getName()) . ' |'; ?> <a href="<?php echo ROOT_PATH; ?> profile.php"><?php echo __('Profile'); ?> </a> | <a href="<?php echo ROOT_PATH; ?> tickets.php"><?php echo sprintf(__('Tickets <b>(%d)</b>'), $thisclient->getNumTickets()); ?> </a> -
} ?> <tr class="info"> <td><?php echo Format::display($msg_row['message']); ?> </td></tr> </table> <?php //get answers for messages $sql = 'SELECT resp.*,count(attach_id) as attachments FROM ' . TICKET_RESPONSE_TABLE . ' resp ' . ' LEFT JOIN ' . TICKET_ATTACHMENT_TABLE . ' attach ON resp.ticket_id=attach.ticket_id AND resp.response_id=attach.ref_id AND ref_type=\'R\' ' . ' WHERE msg_id=' . db_input($msg_row['msg_id']) . ' AND resp.ticket_id=' . db_input($ticket->getId()) . ' GROUP BY resp.response_id ORDER BY created'; //echo $sql; $resp = db_query($sql); while ($resp_row = db_fetch_array($resp)) { $respID = $resp_row['response_id']; $name = $cfg->hideStaffName() ? 'staff' : Format::htmlchars($resp_row['staff_name']); ?> <table align="center" class="response" cellspacing="0" cellpadding="1" width="100%" border=0> <tr> <th><?php echo Format::db_daydatetime($resp_row['created']); ?> - <?php echo $name; ?> </th></tr> <?php if ($resp_row['attachments'] > 0) { ?> <tr class="header"> <td><?php
case 'update': if (!$user) { $errors['err'] = 'Unknown or invalid user.'; } elseif (($acct = $user->getAccount()) && !$acct->update($_POST, $errors)) { $errors['err'] = 'Unable to update user account information'; } elseif ($user->updateInfo($_POST, $errors)) { $msg = 'User updated successfully'; $_REQUEST['a'] = null; } elseif (!$errors['err']) { $errors['err'] = 'Unable to update user profile. Correct any error(s) below and try again!'; } break; case 'create': $form = UserForm::getUserForm()->getForm($_POST); if ($user = User::fromForm($form)) { $msg = Format::htmlchars($user->getName()) . ' added successfully'; $_REQUEST['a'] = null; } elseif (!$errors['err']) { $errors['err'] = 'Unable to add user. Correct any error(s) below and try again.'; } break; case 'confirmlink': if (!$user || !$user->getAccount()) { $errors['err'] = 'Unknown or invalid user account'; } elseif ($user->getAccount()->isConfirmed()) { $errors['err'] = 'Account is already confirmed'; } elseif ($user->getAccount()->sendConfirmEmail()) { $msg = 'Account activation email sent to ' . $user->getEmail(); } else { $errors['err'] = 'Unable to send account activation email - try again!'; }
<?php if (!defined('SETUPINC')) { die('Kwaheri!'); } $info = $_POST && $errors ? Format::htmlchars($_POST) : array('prefix' => 'ost_', 'dbhost' => 'localhost'); ?> <div id="main" class="step2"> <h1>osTicket Basic Installation</h1> <p>Please fill out the information below to continue your osTicket installation. All fields are required.</p> <font class="error"><strong><?php echo $errors['err']; ?> </strong></font> <form action="install.php" method="post" id="install"> <input type="hidden" name="s" value="install"> <h4 class="head system">System Settings</h4> <span class="subhead">The URL of your helpdesk, its name, and the default system email address</span> <div class="row"> <label>Helpdesk URL:</label> <span><strong><?php echo URL; ?> </strong></span> </div> <div class="row"> <label>Helpdesk Name:</label> <input type="text" name="name" size="45" tabindex="1" value="<?php echo $info['name']; ?> ">
<?php if (!defined('OSTADMININC') || !$thisuser->isadmin()) { die('Access Denied'); } //Get the config info. $config = $errors && $_POST ? Format::input($_POST) : Format::htmlchars($cfg->getConfig()); //Basic checks for warnings... $warn = array(); if ($config['allow_attachments'] && !$config['upload_dir']) { $errors['allow_attachments'] = 'You need to setup upload dir.'; } else { if (!$config['allow_attachments'] && $config['allow_email_attachments']) { $warn['allow_email_attachments'] = '*Attachments Disabled.'; } if (!$config['allow_attachments'] && ($config['allow_online_attachments'] or $config['allow_online_attachments_onlogin'])) { $warn['allow_online_attachments'] = '<br>*Attachments Disabled.'; } } if (!$errors['enable_captcha'] && $config['enable_captcha'] && !extension_loaded('gd')) { $errors['enable_captcha'] = 'GD required for captcha to work'; } //Not showing err on post to avoid alarming the user...after an update. if (!$errors['err'] && !$msg && $warn) { $errors['err'] = 'Possible errors detected, please check the warnings below'; } $gmtime = Misc::gmtime(); $depts = db_query('SELECT dept_id,dept_name FROM ' . DEPT_TABLE . ' WHERE ispublic=1'); $templates = db_query('SELECT tpl_id,name FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE cfg_id=' . db_input($cfg->getId())); ?> <div class="msg">System Preferences and Settings (v<?php
<?php echo $row['onvacation'] ? '<small>(<i>vacation</i>)</small>' : ''; ?> </td> <td><a href="groups.php?id=<?php echo $row['group_id']; ?> "><?php echo Format::htmlchars($row['group_name']); ?> </a></td> <td><a href="departments.php?id=<?php echo $row['dept_id']; ?> "><?php echo Format::htmlchars($row['dept']); ?> </a></td> <td><?php echo Format::db_date($row['created']); ?> </td> <td><?php echo Format::db_datetime($row['lastlogin']); ?> </td> </tr> <?php } //end of while. }
<p align="center" id="infomessage"><?php echo $msg; ?> </p> <?}elseif($warn) {?> <p id="warnmessage"><?php echo $warn; ?> </p> <?}?> </div> <div align="left"> <form action="directory.php" method="POST" > <input type='hidden' name='a' value='search'> Search for : <input type="text" name="query" value="<?php echo Format::htmlchars($_REQUEST['query']); ?> "> Dept. <select name="dept"> <option value=0>All Department</option> <? $depts= db_query('SELECT dept_id,dept_name FROM '.DEPT_TABLE); while (list($deptId,$deptName) = db_fetch_row($depts)){ $selected = ($_POST['dept']==$deptId)?'selected':''; ?> <option value="<?php echo $deptId; ?> "<?php echo $selected; ?>
<?php echo $row['onvacation'] ? '(<i>vacation</i>)' : ''; ?> </td> <td><a href="admin.php?t=grp&id=<?php echo $row['group_id']; ?> "><?php echo Format::htmlchars($row['group_name']); ?> </a></td> <td><a href="admin.php?t=dept&id=<?php echo $row['dept_id']; ?> "><?php echo Format::htmlchars($row['dept_name']); ?> </a></td> <td><?php echo Format::db_date($row['created']); ?> </td> <td><?php echo Format::db_datetime($row['lastlogin']); ?> </td> </tr> <?php $class = $class == 'row2' ? 'row1' : 'row2'; } //end of while.
<h1><?php echo __('Forgot My Password'); ?> </h1> <p><?php echo __('Enter your username or email address in the form below and press the <strong>Send Email</strong> button to have a password reset link sent to your email account on file.'); ?> <form action="pwreset.php" method="post" id="clientLogin"> <div style="width:50%;display:inline-block"> <?php csrf_token(); ?> <input type="hidden" name="do" value="sendmail"/> <strong><?php echo Format::htmlchars($banner); ?> </strong> <br> <div> <label for="username"><?php echo __('Username'); ?> :</label> <input id="username" type="text" name="userid" size="30" value="<?php echo $userid; ?> "> </div> <p> <input class="btn" type="submit" value="<?php
<th >Actualizado</th> <th>Estado</th> <th>Asunto</th> <!-- <th width="150">Email</th> --> </tr> </thead> <tbody> <?php $class = "row1"; $total = 0; if ($tickets_res && ($num = db_num_rows($tickets_res))) { $defaultDept = Dept::getDefaultDeptName(); while ($row = db_fetch_array($tickets_res)) { $dept = $row['ispublic'] ? $row['dept_name'] : $defaultDept; //Don't show hidden/non-public depts. $subject = Format::htmlchars(Format::truncate($row['subject'], 40)); $ticketID = $row['ticketID']; if ($row['isanswered'] && !strcasecmp($row['status'], 'open')) { $subject = "<strong>{$subject}</strong>"; $ticketID = "<strong>{$ticketID}</strong>"; } $stati = $row['status']; switch (strtolower($stati)) { //Status is overloaded case 'open': $stati = 'Abierto'; break; case 'closed': $stati = 'Cerrado'; break; }
<?php if (!defined('OSTSCPINC') or !$thisuser->canManageKb()) { die('Acceso Denegado'); } $info = $errors && $_POST ? Format::input($_POST) : Format::htmlchars($answer); if ($answer && $_REQUEST['a'] != 'add') { $title = 'Editar Respuesta Predefenida'; $action = 'update'; } else { $title = 'Nueva Respuesta predefinida'; $action = 'add'; $info['isenabled'] = 1; } ?> <div> <?php if ($errors['err']) { ?> <p align="center" id="errormessage"><?php echo $errors['err']; ?> </p> <?php } elseif ($msg) { ?> <p align="center" id="infomessage"><?php echo $msg; ?> </p>
} ?> <div id="selected-org-info" style="display:<?php echo $org ? 'block' :'none'; ?>;margin:5px;"> <form method="post" class="org" action="<?php echo $info['action'] ?: '#orgs/lookup'; ?>"> <input type="hidden" id="org-id" name="orgid" value="<?php echo $org ? $org->getId() : 0; ?>"/> <i class="icon-group icon-4x pull-left icon-border"></i> <a class="action-button pull-right" style="overflow:inherit" id="unselect-org" href="#"><i class="icon-remove"></i> <?php echo __('Add New Organization'); ?></a> <div><strong id="org-name"><?php echo $org ? Format::htmlchars($org->getName()) : ''; ?></strong></div> <?php if ($org) { ?> <table style="margin-top: 1em;"> <?php foreach ($org->getDynamicData() as $entry) { ?> <tr><td colspan="2" style="border-bottom: 1px dotted black"><strong><?php echo $entry->getForm()->get('title'); ?></strong></td></tr> <?php foreach ($entry->getAnswers() as $a) { ?> <tr style="vertical-align:top"><td style="width:30%;border-bottom: 1px dotted #ccc"><?php echo Format::htmlchars($a->getField()->get('label')); ?>:</td> <td style="border-bottom: 1px dotted #ccc"><?php echo $a->display(); ?></td> </tr> <?php } } ?> </table> <?php } ?> <div class="clear"></div> <hr> <p class="full-width"> <span class="buttons pull-left"> <input type="button" name="cancel" class="close" value="<?php echo __('Cancel'); ?>"> </span> <span class="buttons pull-right">
function clientLoginPage($msg = 'Unauthorized') { Http::response(403, 'Must login: ' . Format::htmlchars($msg)); exit; }
?> (<?php echo $thisclient->getNumClosedTickets(); ?> )</option> <?php } ?> </select> <input type="submit" value="<?php echo __('Go'); ?> "> </form> <a class="refresh" href="<?php echo Format::htmlchars($_SERVER['REQUEST_URI']); ?> "><?php echo __('Refresh'); ?> </a> <table id="ticketTable" width="800" border="0" cellspacing="0" cellpadding="0"> <caption><?php echo $showing; ?> </caption> <thead> <tr> <th nowrap> <a href="tickets.php?sort=ID&order=<?php echo $negorder;
</tr> <tr> <td width="180"> Auto-Response Email: </td> <td> <span> <select name="autoresp_email_id"> <option value="0" selected="selected">— Department Email —</option> <?php $sql = 'SELECT email_id,email,name FROM ' . EMAIL_TABLE . ' email ORDER by name'; if (($res = db_query($sql)) && db_num_rows($res)) { while (list($id, $email, $name) = db_fetch_row($res)) { $selected = isset($info['autoresp_email_id']) && $id == $info['autoresp_email_id'] ? 'selected="selected"' : ''; if ($name) { $email = Format::htmlchars("{$name} <{$email}>"); } echo sprintf('<option value="%d" %s>%s</option>', $id, $selected, $email); } } ?> </select> <span class="error"><?php echo $errors['autoresp_email_id']; ?> </span> <i class="help-tip icon-question-sign" href="#auto_response_email"></i> </span> </td> </tr> <tr>
</thead> <tbody> <?php $total=0; $ids=($errors && is_array($_POST['ids']))?$_POST['ids']:null; if($res && db_num_rows($res)): while ($row = db_fetch_array($res)) { $sel=false; if($ids && in_array($row['log_id'],$ids)) $sel=true; ?> <tr id="<?php echo $row['log_id']; ?>"> <td width=7px> <input type="checkbox" class="ckb" name="ids[]" value="<?php echo $row['log_id']; ?>" <?php echo $sel?'checked="checked"':''; ?>> </td> <td> <a class="tip" href="#log/<?php echo $row['log_id']; ?>"><?php echo Format::htmlchars($row['title']); ?></a></td> <td><?php echo $row['log_type']; ?></td> <td> <?php echo Format::db_daydatetime($row['created']); ?></td> <td><?php echo $row['ip_address']; ?></td> </tr> <?php } //end of while. endif; ?> </tbody> <tfoot> <tr> <td colspan="6"> <?php if($res && $num){ ?> <?php echo __('Select');?>: <a id="selectAll" href="#ckb"><?php echo __('All');?></a> <a id="selectNone" href="#ckb"><?php echo __('None');?></a>
?> :</label></td><td> <?php } $field->render('client'); ?> <?php if ($field->get('required')) { ?> <font class="error">*</font> <?php } if ($field->get('hint') && !$field->isBlockLevel()) { ?> <br /><em style="color:gray;display:inline-block"><?php echo Format::htmlchars($field->get('hint')); ?> </em> <?php } foreach ($field->errors() as $e) { ?> <br /> <font class="error"><?php echo $e; ?> </font> <?php } $field->renderExtras('client'); ?>
?> <div style="width:700;padding-top:10px; float:left;"> <h2>Frequently Asked Questions</h2> </div> <div style="float:right;text-align:right;padding-top:5px;padding-right:5px;"> </div> <div class="clear"></div> <br> <div><strong><?php echo $category->getName(); ?> </strong></div> <p> <?php echo Format::safe_html($category->getDescription()); ?> </p> <hr> <?php $sql = 'SELECT faq.faq_id, question ' . ' FROM ' . FAQ_TABLE . ' faq ' . ' LEFT JOIN ' . FAQ_ATTACHMENT_TABLE . ' attach ON(attach.faq_id=faq.faq_id) ' . ' WHERE faq.ispublished=1 AND faq.category_id=' . db_input($category->getId()) . ' GROUP BY faq.faq_id'; if (($res = db_query($sql)) && db_num_rows($res)) { echo '<div id="faq"> <ol>'; while ($row = db_fetch_array($res)) { echo sprintf(' <li><a href="faq.php?id=%d" >%s</a></li>', $row['faq_id'], Format::htmlchars($row['question'])); } echo ' </ol> </div>'; } else { echo '<strong>Category does not have any FAQs. <a href="index.php">Back To Index</a></strong>'; }