/** * Creates the user's session and log him in * * @param unknown_type $StPwd * @return unknown */ public function getLogged($StLogin, $StPwd) { UserHandler::SQLInjectionHandle($StLogin); UserHandler::SQLInjectionHandle($StPwd); $this->StLogin = $StLogin; $StSQL = "\nSELECT\n IDUser, StPassword, StName, StEmail, StHash\nFROM\n " . DBPREFIX . "User\nWHERE\n StEmail = '{$this->StLogin}'"; $this->execSQL($StSQL); $this->commit(); if ($this->getNumRows() != 1) { throw new ErrorHandler(EXC_USER_NOTREG); } $ArResult = $this->getResult('string'); if ($ArResult[0]['StPassword'] == $this->myHash($ArResult[0]['StHash'], $StPwd)) { $StSQL = "\nSELECT\n C.IDClient, S.IDSupporter\nFROM\n " . DBPREFIX . "User U\nLEFT JOIN\n " . DBPREFIX . "Supporter S ON (U.IDUser = S.IDUser)\nLEFT JOIN\n " . DBPREFIX . "Client C ON (U.IDUser = C.IDUser)\nWHERE\n U.IDUser = {$ArResult[0]['IDUser']}"; $this->execSQL($StSQL); $ArResult = array_merge($ArResult, $this->getResult('string')); setSessionProp('StName', $ArResult[0]['StName']); setSessionProp('IDUser', $ArResult[0]['IDUser']); setSessionProp('StEmail', $ArResult[0]['StEmail']); setSessionProp('StHash', md5($ArResult[0]['IDUser'] . $ArResult[0]['StName'])); if (!isset($ArResult[1]['IDClient']) && isset($ArResult[1]['IDSupporter'])) { setSessionProp('isSupporter', 'true'); setSessionProp('IDSupporter', $ArResult[1]['IDSupporter']); } else { setSessionProp('isSupporter', 'false'); setSessionProp('IDClient', $ArResult[1]['IDClient']); } return true; } else { throw new ErrorHandler(EXC_USER_WRONGPASS); } }
<?php require_once 'main.php'; /*************************************** * Create Submit * ****************************************/ $ObjTicket = new TicketHandler(); if (!empty($_POST) && $_POST['StAction'] == 'create') { foreach ($_POST as &$StArg) { UserHandler::SQLInjectionHandle($StArg); } $IDCategory = $_POST['StCategory']; $IDPriority = $_POST['StPriority']; $StTitle = $_POST['StTitle']; $TxMessage = f1desk_escape_html($_POST['TxMessage']); $IDDepartment = $_POST['IDRecipient'] != 'null' ? $_POST['IDRecipient'] : ''; $IDDepartmentReader = isset($_POST['IDReader']) && $_POST['IDReader'] != 'null' ? $_POST['IDReader'] : ''; $ArUsers = isset($_POST['ArRecipients']) ? explode(',', $_POST['ArRecipients']) : array(); $ArReaders = isset($_POST['ArReaders']) ? explode(',', $_POST['ArReaders']) : array(); $ArAttached = isset($_POST['ArAttached']) ? explode(',', $_POST['ArAttached']) : array(); if (F1DeskUtils::IsSupporter()) { if (!empty($_FILES['Attachment']['name'])) { $IDTicket = $ObjTicket->createSupporterTicket(getSessionProp('IDSupporter'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $IDDepartmentReader, $ArUsers, $ArReaders, true, $_FILES); } else { $IDTicket = $ObjTicket->createSupporterTicket(getSessionProp('IDSupporter'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $IDDepartmentReader, $ArUsers, $ArReaders, true); } } else { if (!empty($_FILES['Attachment']['name'])) { $IDTicket = $ObjTicket->createUserTicket(getSessionProp('IDClient'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $_FILES); } else { $IDTicket = $ObjTicket->createUserTicket(getSessionProp('IDClient'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment);
<?php require_once 'main.php'; Validate::Session(); if (isset($_GET['IDAttach'])) { $IDAttachment = $_GET['IDAttach']; } $TicketHandler = new TicketHandler(); UserHandler::SQLInjectionHandle($IDAttachment); $ID = getSessionProp('IDUser'); $ArResult = $TicketHandler->canDownload($IDAttachment, $ID); if (F1DeskUtils::isSupporter()) { $ArResult['BoPermission'] = 'true'; } if (isset($ArResult['BoPermission']) && $ArResult['BoPermission'] == 'true') { if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { $StFileName = preg_replace('/\\./', '%2e', $ArResult['StFile'], substr_count($ArResult['StFile'], '.') - 1); } else { $StFileName = $ArResult['StFile']; } $StFileName = strtr($StFileName, ' ', '_'); if (isset($ArResult['StLink']) && !is_dir($ArResult['StLink'])) { $ItFileSize = filesize($ArResult['StLink']); $tmpFile = F1DeskUtils::toTMP($ArResult['StLink'], 'path'); } else { $ItFileSize = mb_strlen($ArResult['ByFile'], 'latin1'); $tmpFile = F1DeskUtils::toTMP($ArResult['ByFile'], 'file'); } # # Verificar este header pois o mesmo não exibe corretamente o tamanho do arquivo, quando disponiblizado para download #
<?php # # Load Language and configs # require_once 'main.php'; handleLanguage(__FILE__); $ObjTicket = new TicketHandler(); $ObjUser = new UserHandler(); $isSupporter = F1DeskUtils::isSupporter(); /************************** ### Actions ### ***************************/ if (isset($_POST['StAction'])) { foreach ($_POST as $Post) { UserHandler::SQLInjectionHandle($Post); } $StAction = $_POST['StAction']; switch ($StAction) { case 'ignore': if (!$isSupporter) { throw new ErrorHandler(INVALID_OPTION); } if (!is_numeric($_POST['IDSupporter']) || !is_numeric($_POST['IDTicket'])) { ErrorHandler::setNotice('ticket', EXC_GLOBAL_EXPPARAM, 'error'); } else { if (F1DeskUtils::isIgnored($_POST['IDSupporter'], $_POST['IDTicket'])) { ErrorHandler::setNotice('ticket', ALREADY_IGNORED, 'error'); } else { if (!$ObjTicket->ignoreTicket($_POST['IDSupporter'], $_POST['IDTicket'])) { ErrorHandler::setNotice('ticket', ERROR_IGNORING, 'error'); } else { $BoIgnored = true;