?> <!DOCTYPE html> <html> <head> <title>Note Add/Edit</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); // <UPDATE> if (isset($_POST['update'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) { $note_id = checkid($_POST['note_id']); $call_id = checkid($_POST['call_id']); $user_id = $_SESSION['user_id']; if ($user_id == $db->get_var("select note_post_user from site_notes where note_post_user = {$user_id};")) { $note_body = trim(htmlentities($db->escape($_POST['note_body']))); $note_post_ip = $db->escape($_SERVER['REMOTE_ADDR']); $db->query("UPDATE site_notes SET note_body='{$note_body}',note_post_ip='{$note_post_ip}' WHERE note_id={$note_id};"); header("Location: fhd_call_edit.php?call_id={$call_id}"); //echo exit; } } else { //not verified, warning and exit! echo "<p>Warning: Verification Error!</p>"; exit; }
<th>Date</th> <th>Type</th> <th>Dept</th> <th>Device</th> </tr> <?php foreach ($site_calls as $call) { $call_id = $call->call_id; // $call_date = date("n/j/y g:i a",$call->call_date); $call_date = date("m/d/y", $call->call_date); $call_first_name = $call->call_first_name; $call_last_name = $call->call_last_name; $call_request = $call->call_request; $call_department = $call->call_department; $call_device = $call->call_device; $request_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_request});"); $department_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_department});"); $device_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_device});"); $note_count = $db->get_var("SELECT count(note_id) from site_notes WHERE (note_relation = {$call_id}) and (note_type = 1);"); echo "<tr>\n<td style='text-align: center;'><a href='fhd_call_details.php?call_id={$call_id}'><i class='fa fa-eye'></i></a></td>\n"; if ($user_level != 1) { echo "<td style='text-align: center;'><a href='fhd_call_edit.php?call_id={$call_id}'><i class='fa fa-pencil-square-o' title='edit'></i></a><td>{$call_first_name}</td>\n</td>\n"; } echo "<td>{$note_count}</td>\n<td>{$call_date}</td>\n"; echo "<td>{$request_name}</td>\n<td>{$department_name}</td>\n<td>{$device_name}</td>\n</tr>\n"; } } ?> </table> <?php
<th>Type</th> <th>Dept</th> <th>Device</th> </tr> <?php foreach ($site_calls as $call) { $call_status = $call->call_status; $call_id = $call->call_id; //$call_date = date("Y-m-d",$call->call_date); $call_date = date("m/d/y", $call->call_date); $call_first_name = $call->call_first_name; $call_last_name = $call->call_last_name; $call_request = $call->call_request; $call_department = $call->call_department; $call_device = $call->call_device; $request_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_request});"); $department_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_department});"); $device_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_device});"); //show closed or deleted as muted. $display = ""; if ($call_status != 0) { $display = " class='text-muted'"; } echo "<tr{$display}>\n<td style='text-align: center;'><a href='fhd_call_details.php?call_id={$call_id}'><i class='fa fa-eye' title='view'></i></a></td>\n"; if ($user_level != 1) { echo "<td style='text-align: center;'><a href='fhd_call_edit.php?call_id={$call_id}'><i class='fa fa-pencil-square-o' title='edit'></i></a></td>\n"; } echo "<td>" . call_status($call_status) . "</td></td><td>{$call_date}</td>\n<td>{$call_first_name} {$call_last_name}</td>\n<td>{$request_name}</td>\n<td>{$department_name}</td>\n<td>{$device_name}</td>\n</tr>\n"; } ?> </table>
<html lang="en"> <head> <meta charset="utf-8"> <title>My Account</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; $user_id = checkid($user_id); include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $actionstatus = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //check that user exists before continuing. $isuser = $db->get_var("SELECT count(*) from site_users WHERE (user_id = {$user_id});"); if ($isuser == 0) { echo "<p>Error</p>"; echo exit; } //check if user is locked out from changes $user_protect_edit = $db->get_var("select user_protect_edit from site_users where user_id = {$user_id};"); if ($user_protect_edit == 1) { echo "<br /><div class=\"alert alert-success\" style=\"max-width: 220px;\"><i class='fa fa-lock'></i> Account Changes Locked</div>"; include "includes/footer.php"; exit; } //<UPDATE> if (isset($_POST['update'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue.
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Administration Dashboard</title> <?php include "fhd_config.php"; include "includes/PasswordHash.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); echo '<h4>One-Time Password Encryption</h4>'; $encrypted_passwords = $db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';"); if ($encrypted_passwords == "yes") { echo "<p class='text-danger'><strong>This function has already been run!</strong></p>"; include "includes/footer.php"; exit; } ?> <h4><strong>Please <u>backup database</u> before starting.</strong></h4> <p><a href="fhd_admin_e.php?start=1" class="btn btn-success" onclick="return confirm('Please be sure you have a good database backup!')">Start</a> <a href="fhd_settings.php" class="btn btn-danger">Cancel</a></p> <?php if (isset($_GET['start'])) { $db->query("ALTER TABLE `site_users` CHANGE `user_password` `user_password` VARCHAR( 225 );"); $myquery = "SELECT user_id,user_login,user_password from site_users;";
include "includes/footer.php"; exit; } if (isset($_POST['user_password'])) { $user_password = trim($db->escape($_POST['user_password'])); $is_valid = checkpwd($user_password, $user_login); } //uesrs can login with either login name or email address. $pos = strrpos($user_login, "@"); if ($pos === false) { // note: three equal signs $checkusing = "user_login"; } else { $checkusing = "user_email"; } $is_pending = $db->get_var("select user_pending from site_users where user_login = '******' OR user_email = '{$user_login}' limit 1;"); if ($is_pending == 1) { //if user is pending, then set invalid to 0 $is_valid = 0; } if ($is_valid != 1) { $_SESSION['hit'] += 1; echo "<div class='alert alert-warning' style='width: 375px;'><i class='glyphicon glyphicon-info-sign'></i> Login incorrect, or your registration is pending.</div>"; include "includes/footer.php"; exit; } $site_users = $db->get_row("select user_id,user_name,user_level from site_users WHERE {$checkusing} = '{$user_login}' limit 1;"); $user_id = $site_users->user_id; $user_name = $site_users->user_name; $user_level = $site_users->user_level; if ($user_level == 0) {
include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //only show tickets for the user if not admin. switch ($user_level) { case 0: $queryadd = ""; break; case 1: $queryadd = " AND call_user = {$user_id}"; break; case 2: $addpage = ""; break; } $opentickets = $db->get_var("select count(call_id) from site_calls where call_status = 0 {$queryadd};"); $button_style = ' class="btn btn-default btn-lg" style="width: 250px;"'; ?> <p><i class="fa fa-user fa-sm fa-border"></i> <?php echo $user_name; ?> </p> <p><a href="fhd_calls.php"<?php echo $button_style; ?> ><i class="fa fa-folder-open-o pull-left"></i> Laporan Masalah: <?php echo $opentickets; ?> </a></p>
include "includes/footer.php"; exit; } } //IP and DATE field $ip = $_SERVER['REMOTE_ADDR']; //EMAIL address $email = $db->escape(trim($_POST['email'])); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>"; include "includes/footer.php"; exit; } if ($email) { //check if email already exists. $num = $db->get_var("select count(user_email) from site_users where user_email = '{$email}';"); if ($num > 0) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address has already registered.</div>"; include "includes/footer.php"; exit; } } else { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Please check the email address field again.</div>"; include "includes/footer.php"; exit; } //NAME FIELD $name = $db->escape(trim(strip_tags($_POST['name']))); $strlen = strlen($name); if ($strlen < 3) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Name is to short, it must be at least 3 characters.</div>";
if (empty($_POST['user_email'])) { // At least one of the file is empty, display an error echo '<p style="color: red;">email address is required</p>'; } else { // User has filled it all in. //run the password reset. $user_email = $db->escape($_POST['user_email']); if (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>"; include "includes/footer.php"; exit; } $finish = 1; //check to make sure the email addreess is in the database $myquery = "select count(user_id) from site_users where user_email = '{$user_email}' AND user_pending = 0 limit 1;"; $count = $db->get_var($myquery); //if the email is valid then continue if ($count == 1) { //insert a random code into the database for the user $resetpasswordcode = generatePassword(9, 4); //$resetdate = date("Y-m-d H:i:s"); $query = "UPDATE site_users set user_im_other = '{$resetpasswordcode}' WHERE user_email = '{$user_email}' limit 1;"; $db->query($query); //send out the message $from = FROM_EMAIL; $to = $user_email; $subject = 'HelpDesk Confirmation'; // message $message = ' <html> <body>
<th>Level</th> <th>Email Ticket Updates</th> <th>Pending</th> <th>Edit Locked</th> </tr> <?php foreach ($site_calls as $call) { $user_id = $call->user_id; $user_name = $call->user_name; $user_email = $call->user_email; $user_pending = $call->user_pending; $user_protect_edit = $call->user_protect_edit; $user_level = $call->user_level; $user_msg_send = $call->user_msg_send; $bg = $user_pending == 1 ? " class='usernote'" : ""; $call_count = $db->get_var("SELECT count(call_id) from site_calls WHERE (call_user = {$user_id}) AND (call_status = 0);"); echo "<tr>\n"; echo "<td" . $bg . "><a href='fhd_edit_user.php?url_user_id={$user_id}'>{$user_id}</a></td>\n"; echo "<td align='center'><a href='fhd_calls.php?user_id={$user_id}'>{$call_count}</a></td>\n"; echo "<td>{$user_name}</td>\n"; echo "<td>{$user_email}</td>\n"; echo "<td>" . show_user_level($user_level) . "</td>\n"; echo "<td style='text-align: center;'>" . onoff($user_msg_send) . "</td>\n"; echo "<td style='text-align: center;'>" . onoff($user_pending) . "</td>\n"; echo "<td style='text-align: center;'>" . onoff($user_protect_edit) . "</td>\n"; echo "</tr>\n"; } } ?> </table>
?> <!DOCTYPE html> <html> <head> <title>Settings</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<DELETE> if (isset($_GET['nacl'])) { if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_GET['type_id']); $action = $db->escape($_GET['action']); $type = checkid($_GET['type']); if ($action == 'delete') { $db->query("DELETE FROM site_types where type_id = {$type_id};"); header("Location: fhd_settings_action.php?type={$type}"); } } } //</DELETE> //check type variable $type = checkid($_GET['type']); ?> <p><a href="fhd_settings.php">Settings</a></p>
?> <!DOCTYPE html> <html> <head> <title>Add</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); // <ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type = checkid($_POST['type']); $type_name = $db->escape($_POST['type_name']); $type_email = $db->escape($_POST['type_email']); $type_location = $db->escape($_POST['type_location']); $type_phone = $db->escape($_POST['type_phone']); $db->query("INSERT INTO site_types(type,type_name,type_email,type_location,type_phone) VALUES( {$type},'{$type_name}','{$type_email}','{$type_location}','{$type_phone}');"); header("Location: fhd_settings_action.php?type={$type}"); } else { //not verified, warning and exit! echo "<p class='save'>Warning: Verification Error!</p>"; exit; } } // </ADD>
<?php include "fhd_config.php"; if (ALLOW_REGISTER == "yes") { include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $q = $db->escape($_GET["q"]); $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $q = $db->escape($q); $num = $db->get_var("select count(user_login) from site_users where user_login = '******';"); if ($num == 0) { echo "<i class='glyphicon glyphicon-ok'></i> <small><em>available</em></small>"; } else { echo "<i class='glyphicon glyphicon-ban-circle'></i> <small><em>name not available</em></small>"; } }
/********************************************************************** * ezSQL initialisation for mySQLi */ // Include ezSQL core include_once "../shared/ez_sql_core.php"; // Include ezSQL database specific component include_once "ez_sql_mysqli.php"; // Initialise database object and establish a connection // at the same time - db_user / db_password / db_name / db_host // db_host can "host:port" notation if you need to specify a custom port $db = new ezSQL_mysqli('db_user', 'db_password', 'db_name', 'db_host'); /********************************************************************** * ezSQL demo for mySQLi database */ // Demo of getting a single variable from the db // (and using abstracted function sysdate) $current_time = $db->get_var("SELECT " . $db->sysdate()); print "ezSQL demo for mySQL database run @ {$current_time}"; // Print out last query and results.. $db->debug(); // Get list of tables from current database.. $my_tables = $db->get_results("SHOW TABLES", ARRAY_N); // Print out last query and results.. $db->debug(); // Loop through each row of results.. foreach ($my_tables as $table) { // Get results of DESC table.. $db->get_results("DESC {$table['0']}"); // Print out last query and results.. $db->debug(); }
define('css', 'css/bootstrap.min.css'); echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>"; echo "<p>Please check the <strong>fhd_config.php</strong> file.</p>"; echo "<p>If this is a new install, you can <strong>rename fhd_config_sample.php to fhd_config.php</strong></p>"; echo "<p>Open fhd_config.php in a text editor and <strong>configure your settings</strong>.</p>"; echo "<p>For more information, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>"; include "includes/footer.php"; exit; } include "fhd_config.php"; include "includes/header.php"; //check database settings. include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $SCHEMA_NAME = $db->get_var("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '" . db_name . "';"); if ($SCHEMA_NAME != db_name) { echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>"; echo "<p>Database specified in fhd_config.php [ " . db_name . " ] does not exist, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>"; include "includes/footer.php"; exit; } //check if tables actually exist. $user_table_exists = $db->get_var("SHOW TABLES LIKE 'site_users';"); if ($user_table_exists != "site_users") { echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>"; echo "<p>One or more database tables are missing from database (named: " . db_name . "). Please run <strong>site.sql</strong> against your databsae to create the tables. Please check the <a href='readme.htm' target='_blank'>readme file</a></p>"; include "includes/footer.php"; exit; } //create upload table if it does not exist.
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Ticket Details</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; $call_id = checkid($_GET['call_id']); include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; //echo date('l jS \of F Y h:i:s A'); $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};")); $site_calls = $db->get_row("SELECT call_id,call_first_name,call_last_name,call_phone,call_email,call_department,call_request,call_device,call_details ,call_date,call_date2,call_status,call_solution,call_user,call_staff FROM site_calls WHERE (call_id = {$call_id}) limit 1;"); ?> <h4><i class='fa fa-tag'></i> Ticket Details [ #<?php echo $call_id; ?> ]</h4> <?php if ($user_level != 1) { ?> <p><i class="glyphicon glyphicon-edit"></i> <a href="fhd_call_edit.php?call_id=<?php echo $call_id; ?> ">Edit Ticket</a></p> <?php
<!DOCTYPE html> <html lang="es"> <head> <?php include "ncl/session.php"; include "ncl/checksession.php"; include "ncl/checksessionadmin.php"; include "ncl/head.php"; include "ncl/functions.php"; include "ncl/ez_sql_core.php"; include "ncl/ez_sql_mysqli.php"; $actionstatus = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $user_login = $db->escape($_POST['user_login']); $user_email = $db->escape($_POST['user_email']); //check email exists $num = $db->get_var("select count(user_email) from site_users where (user_email = '{$user_email}');"); if ($num > 0) { echo "<div class='alert alert-danger'><strong>Error:</strong> that email address is already in use.</div>"; include "ncl/footer.php"; exit; } //password function here if (strlen($_POST['user_password']) > 4) { $user_password = makepwd(trim($db->escape($_POST['user_password']))); } else { echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>";
<html lang="en"> <head> <meta charset="utf-8"> <title>Edit User Details</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $actionstatus = ""; //<UPDATE> if (isset($_POST['update'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $url_user_id = valid_user($_POST['url_user_id']); $user_date = date(time()); $user_login = $db->escape($_POST['user_login']); //password function here $user_password_set = ""; if (strlen($_POST['user_password']) > 4) { $user_password = makepwd(trim($db->escape($_POST['user_password']))); $user_password_set = "user_password='******',"; } $user_name = $db->escape($_POST['user_name']); $user_email = $db->escape($_POST['user_email']); $user_phone = $db->escape($_POST['user_phone']); $user_address = $db->escape($_POST['user_address']); $user_city = $db->escape($_POST['user_city']);
<html lang="en"> <head> <meta charset="utf-8"> <title>Ticket Details</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $actionstatus = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue."; $call_status = 0; $call_date = strtotime(date('n/j/y g:i a')); $call_first_name = $db->escape($_POST['call_first_name']); $call_email = $db->escape($_POST['call_email']); $call_phone = $db->escape($_POST['call_phone']); $call_department = $db->escape((int) $_POST['call_department']); $call_request = $db->escape((int) $_POST['call_request']); $call_device = $db->escape((int) $_POST['call_device']); $call_details = $db->escape($_POST['call_details']); $db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');"); $insert_id = $db->insert_id; //********** manage file upload if (isset($insert_id)) { if (FHD_UPLOAD_ALLOW == "yes") {
function sendmessage_closed($call_id) { $call_id = valid_id($call_id); $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $mail = new PHPMailer(); //Set who the message is to be sent from $mail->SetFrom(FROM_EMAIL); //Set who the message is to be sent to $call_email = $db->get_var("SELECT call_email FROM site_calls WHERE call_id = {$call_id};"); $mail->AddAddress($call_email); //Set the subject line $mail->Subject = 'Ticket ' . FHD_TITLE . ' [# ' . $call_id . '] Closed.'; //Read an HTML message body from an external file, convert referenced images to embedded, convert HTML into a basic plain-text alternative body $call_solution = $db->get_var("SELECT call_solution FROM site_calls WHERE call_id = {$call_id};"); $econtent = "Ticket Closed.<br><hr>" . $call_solution; $mail->MsgHTML($econtent . "<br>"); //Send the message $mail->Send(); }
<?php ob_start(); include "includes/header.php"; include "includes/session.php"; include "includes/checksession.php"; include "fhd_config.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //DELETE FILE //check nacl if (isset($_GET['nacl'])) { if ($_GET['nacl'] != md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { echo "<div class=\"alert alert-danger\" style=\"max-width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>"; exit; } } else { echo "<div class=\"alert alert-danger\" style=\"width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>"; exit; } if (isset($_GET['delete'])) { if ($_GET['delete'] == 1) { $file_id = $db->escape($_GET['file_id']); $call_id = $db->escape($_GET['call_id']); $file_ext = $db->get_var("SELECT file_ext FROM site_upload WHERE (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;"); $realpath = md5(UPLOAD_KEY . $file_id) . "." . $file_ext; unlink("upload/" . $realpath); $db->query("DELETE FROM site_upload where (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;"); header("Location: fhd_call_edit.php?call_id={$call_id}"); exit;
<html> <head> <title>Edit Types</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $actionstatus = ""; // <UPDATE> //to do: need to check for duplicates... if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_POST['type_id']); $type_name = $db->escape($_POST['type_name']); // $type_email = $db->escape($_POST['type_email']); // $type_location = $db->escape($_POST['type_location']); // $type_phone = $db->escape($_POST['type_phone']); // $db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;"); $db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};"); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n Updated.\n </div>"; } } // </UPDATE> //check type variable $type_id = checkid($_GET['id']); $num = $db->get_var("select count(type_id) from site_types where type_id = {$type_id};");