public function setUp()
{
parent::setUp();
// create app
$config = $this->appConfig + array('base_url' => 'http://localhost/');
$app = new \FelixOnline\Core\App($config);
$dbuser = getenv('DB_USER') ? getenv('DB_USER') : 'root';
$dbpass = getenv('DB_PASS') ? getenv('DB_PASS') : '';
$db = new \ezSQL_mysqli();
$db->quick_connect($dbuser, $dbpass, 'test_media_felix', 'localhost', 3306, 'utf8');
$app['db'] = $db;
$app['safesql'] = new \SafeSQL_MySQLi($db->dbh);
$app['env'] = \FelixOnline\Core\Environment::mock();
// Initialize Akismet
$connector = new \Riv\Service\Akismet\Connector\Test();
$app['akismet'] = new \Riv\Service\Akismet\Akismet($connector);
// Initialize email
$transport = \Swift_NullTransport::newInstance();
$app['email'] = \Swift_Mailer::newInstance($transport);
$session = $this->mock('FelixOnline\\Core\\Session')->getId(1)->start(1)->reset()->new();
$this->reflect($session)->__set('session', array());
$app['env']['session'] = $session;
$cookies = $this->mock('FelixOnline\\Core\\Cookies')->set(true)->delete(true)->new();
$this->reflect($cookies)->__set('cookies', array());
$app['env']['cookies'] = $cookies;
if ($this->setCurrentUser) {
$app['currentuser'] = new \FelixOnline\Core\CurrentUser();
}
// Set empty cache so data isn't cached in tests
$app['cache'] = new \Stash\Pool();
$app->run();
$this->app = $app;
}
/**
* Perform mySQL query
*
* Added to the original function: logging of all queries
*
* @since 1.7
*/
function query($query)
{
// Keep history of all queries
$this->debug_log[] = $query;
// Original function
return parent::query($query);
}
public function createApp($config)
{
$app = new \FelixOnline\Core\App($config);
$dbuser = getenv('DB_USER') ? getenv('DB_USER') : 'root';
$dbpass = getenv('DB_PASS') ? getenv('DB_PASS') : '';
$db = new \ezSQL_mysqli();
$db->quick_connect($dbuser, $dbpass, 'test_media_felix', 'localhost', 3306, 'utf8');
$app['db'] = $db;
$app['safesql'] = new \SafeSQL_MySQLi($db->dbh);
$app['env'] = \FelixOnline\Core\Environment::mock();
$session = $this->mock('FelixOnline\\Core\\Session')->getId(1)->start(1)->reset()->new();
$this->reflect($session)->__set('session', array());
$app['env']['session'] = $session;
$app->run();
return $app;
}
include "includes/session.php";
include "includes/checksession.php";
include "includes/checksessionadmin.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Edit Types</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$actionstatus = "";
// <UPDATE>
//to do: need to check for duplicates...
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type_id = checkid($_POST['type_id']);
$type_name = $db->escape($_POST['type_name']);
// $type_email = $db->escape($_POST['type_email']);
// $type_location = $db->escape($_POST['type_location']);
// $type_phone = $db->escape($_POST['type_phone']);
// $db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;");
$db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};");
$actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n Updated.\n </div>";
}
<head>
<meta charset="utf-8">
<title>Help Desk</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
?>
<h3><i class="fa fa-tachometer fa-lg"></i> Help Desk Dashboard</h3>
<hr>
<?php
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//only show tickets for the user if not admin.
switch ($user_level) {
case 0:
$queryadd = "";
break;
case 1:
$queryadd = " AND call_user = {$user_id}";
break;
case 2:
$addpage = "";
break;
}
$opentickets = $db->get_var("select count(call_id) from site_calls where call_status = 0 {$queryadd};");
$button_style = ' class="btn btn-default btn-lg" style="width: 250px;"';
?>
exit;
}
//limit login tries.
if (isset($_SESSION['hit'])) {
$_SESSION['hit'] += 1;
if ($_SESSION['hit'] > LOGIN_TRIES) {
echo "<p><i class='fa fa-lock fa-2x pull-left'></i> Access Locked</p>";
include "includes/footer.php";
exit;
}
} else {
$_SESSION['hit'] = 0;
}
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
if (isset($_POST['user_login'])) {
$user_login = trim($db->escape($_POST['user_login']));
} else {
echo "<div class='alert alert-warning' style='width: 375px;'><i class='glyphicon glyphicon-info-sign'></i> Username / Email is Required.</div>";
include "includes/footer.php";
exit;
}
if (isset($_POST['user_password'])) {
$user_password = trim($db->escape($_POST['user_password']));
$is_valid = checkpwd($user_password, $user_login);
}
//uesrs can login with either login name or email address.
$pos = strrpos($user_login, "@");
if ($pos === false) {
// note: three equal signs
ob_start();
include "includes/session.php";
include "includes/checksession.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Note Add/Edit</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
// <UPDATE>
if (isset($_POST['update'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
$note_id = checkid($_POST['note_id']);
$call_id = checkid($_POST['call_id']);
$user_id = $_SESSION['user_id'];
if ($user_id == $db->get_var("select note_post_user from site_notes where note_post_user = {$user_id};")) {
$note_body = trim(htmlentities($db->escape($_POST['note_body'])));
$note_post_ip = $db->escape($_SERVER['REMOTE_ADDR']);
$db->query("UPDATE site_notes SET note_body='{$note_body}',note_post_ip='{$note_post_ip}' WHERE note_id={$note_id};");
header("Location: fhd_call_edit.php?call_id={$call_id}");
//echo exit;
}
} else {
//not verified, warning and exit!
include "includes/session.php";
include "includes/checksession.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Laporan Masalah</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$queryadd = "";
$colspan = 2;
if ($user_level == 1) {
$queryadd = " AND call_user = {$user_id}";
$colspan = 1;
}
if (isset($_GET['user_id'])) {
$queryadd = " AND call_user = "******"SELECT call_id,call_date,call_first_name,call_last_name,call_request,call_department,call_device from site_calls WHERE (call_status = 0) $queryadd order by call_id desc;";
$myquery = "SELECT call_id,call_date,call_first_name,call_last_name,call_request,call_department,call_device from site_calls WHERE (call_status = 0) order by call_id desc;";
$site_calls = $db->get_results($myquery);
$num = $db->num_rows;
//$db->debug();
<head>
<title>Ticket Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
$call_id = checkid($_REQUEST['call_id']);
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/class.phpmailer.php";
$action = "";
$actionstatus = "";
$close_email = "";
$statusquery = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$isnotes = $db->get_var("SELECT count(*) from site_notes WHERE (note_relation = {$call_id}) AND note_type = 1;");
//<DELETE>
if (isset($_GET['action'])) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$call_id = checkid($_GET['call_id']);
$db->query("UPDATE site_calls SET call_status = 3 WHERE call_id = {$call_id} limit 1;");
$db->query("UPDATE site_notes SET note_type = 0 WHERE note_relation = {$call_id};");
header("Location: fhd_calls.php");
}
}
}
}
include "includes/session.php";
include "includes/checksession.php";
include "includes/checksessionadmin.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Settings</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<DELETE>
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type_id = checkid($_GET['type_id']);
$action = $db->escape($_GET['action']);
$type = checkid($_GET['type']);
if ($action == 'delete') {
$db->query("DELETE FROM site_types where type_id = {$type_id};");
header("Location: fhd_settings_action.php?type={$type}");
}
}
}
//</DELETE>
//check type variable
include "includes/session.php";
include "includes/checksession.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Users</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$pending = "";
$title = "";
if (isset($_GET['pending'])) {
$pending = "AND user_pending = 1";
}
if (isset($_GET['support_staff'])) {
$pending = "AND user_level = 2";
$title = "Support Staff";
}
$myquery = "SELECT user_id,user_name,user_email,user_pending,user_level,user_protect_edit,user_msg_send from site_users where 1 {$pending} order by user_level,user_id desc;";
$site_calls = $db->get_results($myquery);
$num = $db->num_rows;
echo "<p><a href='fhd_settings.php'>Settings</a></p>";
echo "<h4>{$num} {$title} Users</h4>";
if ($num > 0) {
include "includes/session.php";
include "includes/checksession.php";
include "includes/checksessionadmin.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Add</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
// <ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type = checkid($_POST['type']);
$type_name = $db->escape($_POST['type_name']);
$type_email = $db->escape($_POST['type_email']);
$type_location = $db->escape($_POST['type_location']);
$type_phone = $db->escape($_POST['type_phone']);
$db->query("INSERT INTO site_types(type,type_name,type_email,type_location,type_phone) VALUES( {$type},'{$type_name}','{$type_email}','{$type_location}','{$type_phone}');");
header("Location: fhd_settings_action.php?type={$type}");
} else {
//not verified, warning and exit!
echo "<p class='save'>Warning: Verification Error!</p>";
exit;
include "includes/checksession.php";
include "includes/checksession_ss.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Ticket Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$actionstatus = "";
//<ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$call_status = $db->escape($_POST['call_status']);
$call_date = $db->escape(strtotime($_POST['call_date']));
$call_first_name = $db->escape($_POST['call_first_name']);
$call_email = $db->escape($_POST['call_email']);
$call_phone = $db->escape($_POST['call_phone']);
$call_department = $db->escape($_POST['call_department']);
$call_request = $db->escape($_POST['call_request']);
$call_device = $db->escape($_POST['call_device']);
$call_details = $db->escape($_POST['call_details']);
$call_solution = $db->escape($_POST['call_solution']);
<?php
include "fhd_config.php";
if (ALLOW_REGISTER == "yes") {
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$q = $db->escape($_GET["q"]);
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$q = $db->escape($q);
$num = $db->get_var("select count(user_login) from site_users where user_login = '******';");
if ($num == 0) {
echo "<i class='glyphicon glyphicon-ok'></i> <small><em>available</em></small>";
} else {
echo "<i class='glyphicon glyphicon-ban-circle'></i> <small><em>name not available</em></small>";
}
}
<?php
/**********************************************************************
* ezSQL initialisation for mySQLi
*/
// Include ezSQL core
include_once "../shared/ez_sql_core.php";
// Include ezSQL database specific component
include_once "ez_sql_mysqli.php";
// Initialise database object and establish a connection
// at the same time - db_user / db_password / db_name / db_host
// db_host can "host:port" notation if you need to specify a custom port
$db = new ezSQL_mysqli('db_user', 'db_password', 'db_name', 'db_host');
/**********************************************************************
* ezSQL demo for mySQLi database
*/
// Demo of getting a single variable from the db
// (and using abstracted function sysdate)
$current_time = $db->get_var("SELECT " . $db->sysdate());
print "ezSQL demo for mySQL database run @ {$current_time}";
// Print out last query and results..
$db->debug();
// Get list of tables from current database..
$my_tables = $db->get_results("SHOW TABLES", ARRAY_N);
// Print out last query and results..
$db->debug();
// Loop through each row of results..
foreach ($my_tables as $table) {
// Get results of DESC table..
$db->get_results("DESC {$table['0']}");
// Print out last query and results..
function sendmessage_closed($call_id)
{
$call_id = valid_id($call_id);
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$mail = new PHPMailer();
//Set who the message is to be sent from
$mail->SetFrom(FROM_EMAIL);
//Set who the message is to be sent to
$call_email = $db->get_var("SELECT call_email FROM site_calls WHERE call_id = {$call_id};");
$mail->AddAddress($call_email);
//Set the subject line
$mail->Subject = 'Ticket ' . FHD_TITLE . ' [# ' . $call_id . '] Closed.';
//Read an HTML message body from an external file, convert referenced images to embedded, convert HTML into a basic plain-text alternative body
$call_solution = $db->get_var("SELECT call_solution FROM site_calls WHERE call_id = {$call_id};");
$econtent = "Ticket Closed.<br><hr>" . $call_solution;
$mail->MsgHTML($econtent . "<br>");
//Send the message
$mail->Send();
}
include "includes/checksessionadmin.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Administration Dashboard</title>
<?php
include "fhd_config.php";
include "includes/PasswordHash.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
echo '<h4>One-Time Password Encryption</h4>';
$encrypted_passwords = $db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';");
if ($encrypted_passwords == "yes") {
echo "<p class='text-danger'><strong>This function has already been run!</strong></p>";
include "includes/footer.php";
exit;
}
?>
<h4><strong>Please <u>backup database</u> before starting.</strong></h4>
<p><a href="fhd_admin_e.php?start=1" class="btn btn-success" onclick="return confirm('Please be sure you have a good database backup!')">Start</a> <a href="fhd_settings.php" class="btn btn-danger">Cancel</a></p>
<?php
if (isset($_GET['start'])) {
include "includes/checksessionadmin.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Help Desk Settings</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$encrypted_passwords = $db->get_var("SELECT option_value from site_options where option_name = 'encrypted_passwords';");
$encrypted_link = "";
if ($encrypted_passwords != 'yes') {
$encrypted_link = " <small><a href='fhd_admin_e.php'>Encrypt Passwords</a></small>";
}
$date = date_create();
$fhddate = date_format($date, 'U');
?>
<h4>Help Desk Settings</h4>
<a href="fhd_settings_action.php?type=1" class="btn btn-default btn-sm"><i class="fa fa-cog"></i> Departments</a>
<a href="fhd_settings_action.php?type=2" class="btn btn-default btn-sm"><i class="fa fa-cog"></i> Request Types</a>
<a href="fhd_settings_action.php?type=3" class="btn btn-default btn-sm"><i class="fa fa-cog"></i> Device Type</a>
<a href="fhd_users.php?support_staff=show" class="btn btn-default btn-sm"><i class="fa fa-cog"></i> Support Staff</a>
<title>Ticket Search</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$searchquery = "";
$colspan = 2;
$num = "";
if ($user_level == 1) {
$searchquery = " AND call_user = {$user_id}";
$colspan = 1;
}
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<SEARCHQUERY>
if (isset($_GET['search'])) {
$call_status = $db->escape((int) $_GET['call_status']);
$call_date1 = strtotime($_GET['call_date1']);
$call_date2 = strtotime($_GET['call_date2']);
if ($call_date2 == "") {
$call_date2 = $call_date1;
}
$call_first_name = $db->escape($_GET['call_first_name']);
$call_email = $db->escape($_GET['call_email']);
$call_phone = $db->escape($_GET['call_phone']);
$call_department = $db->escape((int) $_GET['call_department']);
$call_request = $db->escape((int) $_GET['call_request']);
$call_device = $db->escape((int) $_GET['call_device']);
$call_staff = $db->escape((int) $_GET['call_staff']);
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Open Ticket</title>
<?php
include "includes/header.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$date = date_create();
$fhddate = date_format($date, 'U');
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<ADD>
if (isset($_POST['nacl'])) {
//authentication verified, continue.";
$user_id = 0;
$call_status = 0;
$call_date = strtotime(date('n/j/y g:i a'));
$call_first_name = $db->escape($_POST['call_first_name']);
$call_email = $db->escape($_POST['call_email']);
if (!filter_var($call_email, FILTER_VALIDATE_EMAIL)) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>";
include "includes/footer.php";
exit;
}
$call_phone = $db->escape($_POST['call_phone']);
$call_department = $db->escape((int) $_POST['call_department']);
exit;
}
//limit login tries.
if (isset($_SESSION['hit'])) {
$_SESSION['hit'] += 1;
if ($_SESSION['hit'] > LOGIN_TRIES) {
echo "<p><i class='fa fa-lock fa-2x pull-left'></i> Access Locked</p>";
include "includes/footer.php";
exit;
}
} else {
$_SESSION['hit'] = 0;
}
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
if (isset($_POST['user_login'])) {
$user_login = trim($db->escape($_POST['user_login']));
} else {
echo "<div class='alert alert-warning' style='width: 375px;'><i class='glyphicon glyphicon-info-sign'></i> Username / Email is Required.</div>";
include "includes/footer.php";
exit;
}
if (isset($_POST['user_password'])) {
$user_password = trim($db->escape($_POST['user_password']));
$is_valid = checkpwd($user_password, $user_login);
}
//uesrs can login with either login name or email address.
$pos = strrpos($user_login, "@");
if ($pos === false) {
// note: three equal signs
include "includes/session.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Registration</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
//initilize db
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
if (ALLOW_REGISTER != "yes") {
echo "<p>Registration is Closed</p>";
include "includes/footer.php";
exit;
}
if (CAPTCHA_REGISTER == "yes") {
$captchasession = $_SESSION['captcha']['code'];
$captcha = $db->escape(trim($_POST['captcha']));
if ($captchasession != $captcha) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Invalid Captcha Code.</div>";
include "includes/footer.php";
exit;
}
}
//IP and DATE field
if (!file_exists($filename)) {
define('css', 'css/bootstrap.min.css');
echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>";
echo "<p>Please check the <strong>fhd_config.php</strong> file.</p>";
echo "<p>If this is a new install, you can <strong>rename fhd_config_sample.php to fhd_config.php</strong></p>";
echo "<p>Open fhd_config.php in a text editor and <strong>configure your settings</strong>.</p>";
echo "<p>For more information, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>";
include "includes/footer.php";
exit;
}
include "fhd_config.php";
include "includes/header.php";
//check database settings.
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$SCHEMA_NAME = $db->get_var("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '" . db_name . "';");
if ($SCHEMA_NAME != db_name) {
echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>";
echo "<p>Database specified in fhd_config.php [ " . db_name . " ] does not exist, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>";
include "includes/footer.php";
exit;
}
//check if tables actually exist.
$user_table_exists = $db->get_var("SHOW TABLES LIKE 'site_users';");
if ($user_table_exists != "site_users") {
echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>";
echo "<p>One or more database tables are missing from database (named: " . db_name . "). Please run <strong>site.sql</strong> against your databsae to create the tables. Please check the <a href='readme.htm' target='_blank'>readme file</a></p>";
include "includes/footer.php";
exit;
}
include "fhd_simple-php-captcha.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Forgot Password</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$thedomain = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
//initilize db
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//if STEP 2 of the process
if (isset($_GET['action'])) {
$action = $db->escape($_GET['action']);
$key = $db->escape($_GET['key']);
//check if action is to reset password and that the key is not blank.
if ($action == "rp") {
if (!empty($key)) {
$myquery = "SELECT user_id,user_email FROM site_users WHERE user_im_other = '{$key}' limit 1;";
$resets = $db->get_row($myquery);
// if a record is returned then continue
if ($db->num_rows == 1) {
$user_email = $resets->user_email;
$user_id = $resets->user_id;
//generage a new password, set resetcode to blank so link cannot be used again.
$user_password_plain = generatePassword(8, 9);
<!DOCTYPE html>
<html lang="es">
<head>
<?php
include "ncl/session.php";
include "ncl/checksession.php";
include "ncl/checksessionadmin.php";
include "ncl/head.php";
include "ncl/functions.php";
include "ncl/ez_sql_core.php";
include "ncl/ez_sql_mysqli.php";
$actionstatus = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$user_login = $db->escape($_POST['user_login']);
$user_email = $db->escape($_POST['user_email']);
//check email exists
$num = $db->get_var("select count(user_email) from site_users where (user_email = '{$user_email}');");
if ($num > 0) {
echo "<div class='alert alert-danger'><strong>Error:</strong> that email address is already in use.</div>";
include "ncl/footer.php";
exit;
}
//password function here
if (strlen($_POST['user_password']) > 4) {
$user_password = makepwd(trim($db->escape($_POST['user_password'])));
} else {
echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>";
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Ticket Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
$call_id = checkid($_GET['call_id']);
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
//echo date('l jS \of F Y h:i:s A');
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"));
$site_calls = $db->get_row("SELECT call_id,call_first_name,call_last_name,call_phone,call_email,call_department,call_request,call_device,call_details ,call_date,call_date2,call_status,call_solution,call_user,call_staff FROM site_calls WHERE (call_id = {$call_id}) limit 1;");
?>
<h4><i class='fa fa-tag'></i> Ticket Details [ #<?php
echo $call_id;
?>
]</h4>
<?php
if ($user_level != 1) {
?>
<p><i class="glyphicon glyphicon-edit"></i> <a href="fhd_call_edit.php?call_id=<?php
echo $call_id;
?>
">Edit Ticket</a></p>
include "includes/checksession.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Ticket Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$actionstatus = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.";
$call_status = 0;
$call_date = strtotime(date('n/j/y g:i a'));
$call_first_name = $db->escape($_POST['call_first_name']);
$call_email = $db->escape($_POST['call_email']);
$call_phone = $db->escape($_POST['call_phone']);
$call_department = $db->escape((int) $_POST['call_department']);
$call_request = $db->escape((int) $_POST['call_request']);
$call_device = $db->escape((int) $_POST['call_device']);
$call_details = $db->escape($_POST['call_details']);
$db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');");
$insert_id = $db->insert_id;
include "includes/checksession.php";
include "includes/checksessionadmin.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Edit User Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$actionstatus = "";
//<UPDATE>
if (isset($_POST['update'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$url_user_id = valid_user($_POST['url_user_id']);
$user_date = date(time());
$user_login = $db->escape($_POST['user_login']);
//password function here
$user_password_set = "";
if (strlen($_POST['user_password']) > 4) {
$user_password = makepwd(trim($db->escape($_POST['user_password'])));
$user_password_set = "user_password='******',";
}
$user_name = $db->escape($_POST['user_name']);
<?php
ob_start();
include "includes/header.php";
include "includes/session.php";
include "includes/checksession.php";
include "fhd_config.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//DELETE FILE
//check nacl
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] != md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>";
exit;
}
} else {
echo "<div class=\"alert alert-danger\" style=\"width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>";
exit;
}
if (isset($_GET['delete'])) {
if ($_GET['delete'] == 1) {
$file_id = $db->escape($_GET['file_id']);
$call_id = $db->escape($_GET['call_id']);
$file_ext = $db->get_var("SELECT file_ext FROM site_upload WHERE (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;");
$realpath = md5(UPLOAD_KEY . $file_id) . "." . $file_ext;
unlink("upload/" . $realpath);
$db->query("DELETE FROM site_upload where (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;");
header("Location: fhd_call_edit.php?call_id={$call_id}");
exit;
<?php
ob_start();
include "includes/session.php";
include "includes/checksession.php";
include "includes/checksession_ss.php";
include "fhd_config.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<EDIT NOTE>
if ($_GET['action'] == 'delete') {
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$note_id = checkid($_GET['note_id']);
$call_id = checkid($_GET['call_id']);
$db->query("UPDATE site_notes SET note_type = 0 where note_id = {$note_id} limit 1;");
header("Location: fhd_call_edit.php?call_id={$call_id}");
}
}
}
//</EDIT NOTE>
//<DELETE NOTE>
if ($_GET['action'] == 'delete') {
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$note_id = checkid($_GET['note_id']);
$call_id = checkid($_GET['call_id']);