?>
<!DOCTYPE html>
<html>
<head>
<title>Note Add/Edit</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
// <UPDATE>
if (isset($_POST['update'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
$note_id = checkid($_POST['note_id']);
$call_id = checkid($_POST['call_id']);
$user_id = $_SESSION['user_id'];
if ($user_id == $db->get_var("select note_post_user from site_notes where note_post_user = {$user_id};")) {
$note_body = trim(htmlentities($db->escape($_POST['note_body'])));
$note_post_ip = $db->escape($_SERVER['REMOTE_ADDR']);
$db->query("UPDATE site_notes SET note_body='{$note_body}',note_post_ip='{$note_post_ip}' WHERE note_id={$note_id};");
header("Location: fhd_call_edit.php?call_id={$call_id}");
//echo exit;
}
} else {
//not verified, warning and exit!
echo "<p>Warning: Verification Error!</p>";
exit;
}
<th>Date</th>
<th>Type</th>
<th>Dept</th>
<th>Device</th>
</tr>
<?php
foreach ($site_calls as $call) {
$call_id = $call->call_id;
// $call_date = date("n/j/y g:i a",$call->call_date);
$call_date = date("m/d/y", $call->call_date);
$call_first_name = $call->call_first_name;
$call_last_name = $call->call_last_name;
$call_request = $call->call_request;
$call_department = $call->call_department;
$call_device = $call->call_device;
$request_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_request});");
$department_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_department});");
$device_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_device});");
$note_count = $db->get_var("SELECT count(note_id) from site_notes WHERE (note_relation = {$call_id}) and (note_type = 1);");
echo "<tr>\n<td style='text-align: center;'><a href='fhd_call_details.php?call_id={$call_id}'><i class='fa fa-eye'></i></a></td>\n";
if ($user_level != 1) {
echo "<td style='text-align: center;'><a href='fhd_call_edit.php?call_id={$call_id}'><i class='fa fa-pencil-square-o' title='edit'></i></a><td>{$call_first_name}</td>\n</td>\n";
}
echo "<td>{$note_count}</td>\n<td>{$call_date}</td>\n";
echo "<td>{$request_name}</td>\n<td>{$department_name}</td>\n<td>{$device_name}</td>\n</tr>\n";
}
}
?>
</table>
<?php
<th>Type</th>
<th>Dept</th>
<th>Device</th>
</tr>
<?php
foreach ($site_calls as $call) {
$call_status = $call->call_status;
$call_id = $call->call_id;
//$call_date = date("Y-m-d",$call->call_date);
$call_date = date("m/d/y", $call->call_date);
$call_first_name = $call->call_first_name;
$call_last_name = $call->call_last_name;
$call_request = $call->call_request;
$call_department = $call->call_department;
$call_device = $call->call_device;
$request_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_request});");
$department_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_department});");
$device_name = $db->get_var("SELECT type_name from site_types WHERE (type_id = {$call_device});");
//show closed or deleted as muted.
$display = "";
if ($call_status != 0) {
$display = " class='text-muted'";
}
echo "<tr{$display}>\n<td style='text-align: center;'><a href='fhd_call_details.php?call_id={$call_id}'><i class='fa fa-eye' title='view'></i></a></td>\n";
if ($user_level != 1) {
echo "<td style='text-align: center;'><a href='fhd_call_edit.php?call_id={$call_id}'><i class='fa fa-pencil-square-o' title='edit'></i></a></td>\n";
}
echo "<td>" . call_status($call_status) . "</td></td><td>{$call_date}</td>\n<td>{$call_first_name} {$call_last_name}</td>\n<td>{$request_name}</td>\n<td>{$department_name}</td>\n<td>{$device_name}</td>\n</tr>\n";
}
?>
</table>
<html lang="en">
<head>
<meta charset="utf-8">
<title>My Account</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
$user_id = checkid($user_id);
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$actionstatus = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//check that user exists before continuing.
$isuser = $db->get_var("SELECT count(*) from site_users WHERE (user_id = {$user_id});");
if ($isuser == 0) {
echo "<p>Error</p>";
echo exit;
}
//check if user is locked out from changes
$user_protect_edit = $db->get_var("select user_protect_edit from site_users where user_id = {$user_id};");
if ($user_protect_edit == 1) {
echo "<br /><div class=\"alert alert-success\" style=\"max-width: 220px;\"><i class='fa fa-lock'></i> Account Changes Locked</div>";
include "includes/footer.php";
exit;
}
//<UPDATE>
if (isset($_POST['update'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Administration Dashboard</title>
<?php
include "fhd_config.php";
include "includes/PasswordHash.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
echo '<h4>One-Time Password Encryption</h4>';
$encrypted_passwords = $db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';");
if ($encrypted_passwords == "yes") {
echo "<p class='text-danger'><strong>This function has already been run!</strong></p>";
include "includes/footer.php";
exit;
}
?>
<h4><strong>Please <u>backup database</u> before starting.</strong></h4>
<p><a href="fhd_admin_e.php?start=1" class="btn btn-success" onclick="return confirm('Please be sure you have a good database backup!')">Start</a> <a href="fhd_settings.php" class="btn btn-danger">Cancel</a></p>
<?php
if (isset($_GET['start'])) {
$db->query("ALTER TABLE `site_users` CHANGE `user_password` `user_password` VARCHAR( 225 );");
$myquery = "SELECT user_id,user_login,user_password from site_users;";
include "includes/footer.php";
exit;
}
if (isset($_POST['user_password'])) {
$user_password = trim($db->escape($_POST['user_password']));
$is_valid = checkpwd($user_password, $user_login);
}
//uesrs can login with either login name or email address.
$pos = strrpos($user_login, "@");
if ($pos === false) {
// note: three equal signs
$checkusing = "user_login";
} else {
$checkusing = "user_email";
}
$is_pending = $db->get_var("select user_pending from site_users where user_login = '******' OR user_email = '{$user_login}' limit 1;");
if ($is_pending == 1) {
//if user is pending, then set invalid to 0
$is_valid = 0;
}
if ($is_valid != 1) {
$_SESSION['hit'] += 1;
echo "<div class='alert alert-warning' style='width: 375px;'><i class='glyphicon glyphicon-info-sign'></i> Login incorrect, or your registration is pending.</div>";
include "includes/footer.php";
exit;
}
$site_users = $db->get_row("select user_id,user_name,user_level from site_users WHERE {$checkusing} = '{$user_login}' limit 1;");
$user_id = $site_users->user_id;
$user_name = $site_users->user_name;
$user_level = $site_users->user_level;
if ($user_level == 0) {
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//only show tickets for the user if not admin.
switch ($user_level) {
case 0:
$queryadd = "";
break;
case 1:
$queryadd = " AND call_user = {$user_id}";
break;
case 2:
$addpage = "";
break;
}
$opentickets = $db->get_var("select count(call_id) from site_calls where call_status = 0 {$queryadd};");
$button_style = ' class="btn btn-default btn-lg" style="width: 250px;"';
?>
<p><i class="fa fa-user fa-sm fa-border"></i> <?php
echo $user_name;
?>
</p>
<p><a href="fhd_calls.php"<?php
echo $button_style;
?>
><i class="fa fa-folder-open-o pull-left"></i> Laporan Masalah: <?php
echo $opentickets;
?>
</a></p>
include "includes/footer.php";
exit;
}
}
//IP and DATE field
$ip = $_SERVER['REMOTE_ADDR'];
//EMAIL address
$email = $db->escape(trim($_POST['email']));
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>";
include "includes/footer.php";
exit;
}
if ($email) {
//check if email already exists.
$num = $db->get_var("select count(user_email) from site_users where user_email = '{$email}';");
if ($num > 0) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address has already registered.</div>";
include "includes/footer.php";
exit;
}
} else {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Please check the email address field again.</div>";
include "includes/footer.php";
exit;
}
//NAME FIELD
$name = $db->escape(trim(strip_tags($_POST['name'])));
$strlen = strlen($name);
if ($strlen < 3) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Name is to short, it must be at least 3 characters.</div>";
if (empty($_POST['user_email'])) {
// At least one of the file is empty, display an error
echo '<p style="color: red;">email address is required</p>';
} else {
// User has filled it all in.
//run the password reset.
$user_email = $db->escape($_POST['user_email']);
if (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>";
include "includes/footer.php";
exit;
}
$finish = 1;
//check to make sure the email addreess is in the database
$myquery = "select count(user_id) from site_users where user_email = '{$user_email}' AND user_pending = 0 limit 1;";
$count = $db->get_var($myquery);
//if the email is valid then continue
if ($count == 1) {
//insert a random code into the database for the user
$resetpasswordcode = generatePassword(9, 4);
//$resetdate = date("Y-m-d H:i:s");
$query = "UPDATE site_users set user_im_other = '{$resetpasswordcode}' WHERE user_email = '{$user_email}' limit 1;";
$db->query($query);
//send out the message
$from = FROM_EMAIL;
$to = $user_email;
$subject = 'HelpDesk Confirmation';
// message
$message = '
<html>
<body>
<th>Level</th>
<th>Email Ticket Updates</th>
<th>Pending</th>
<th>Edit Locked</th>
</tr>
<?php
foreach ($site_calls as $call) {
$user_id = $call->user_id;
$user_name = $call->user_name;
$user_email = $call->user_email;
$user_pending = $call->user_pending;
$user_protect_edit = $call->user_protect_edit;
$user_level = $call->user_level;
$user_msg_send = $call->user_msg_send;
$bg = $user_pending == 1 ? " class='usernote'" : "";
$call_count = $db->get_var("SELECT count(call_id) from site_calls WHERE (call_user = {$user_id}) AND (call_status = 0);");
echo "<tr>\n";
echo "<td" . $bg . "><a href='fhd_edit_user.php?url_user_id={$user_id}'>{$user_id}</a></td>\n";
echo "<td align='center'><a href='fhd_calls.php?user_id={$user_id}'>{$call_count}</a></td>\n";
echo "<td>{$user_name}</td>\n";
echo "<td>{$user_email}</td>\n";
echo "<td>" . show_user_level($user_level) . "</td>\n";
echo "<td style='text-align: center;'>" . onoff($user_msg_send) . "</td>\n";
echo "<td style='text-align: center;'>" . onoff($user_pending) . "</td>\n";
echo "<td style='text-align: center;'>" . onoff($user_protect_edit) . "</td>\n";
echo "</tr>\n";
}
}
?>
</table>
?>
<!DOCTYPE html>
<html>
<head>
<title>Settings</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<DELETE>
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type_id = checkid($_GET['type_id']);
$action = $db->escape($_GET['action']);
$type = checkid($_GET['type']);
if ($action == 'delete') {
$db->query("DELETE FROM site_types where type_id = {$type_id};");
header("Location: fhd_settings_action.php?type={$type}");
}
}
}
//</DELETE>
//check type variable
$type = checkid($_GET['type']);
?>
<p><a href="fhd_settings.php">Settings</a></p>
?>
<!DOCTYPE html>
<html>
<head>
<title>Add</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
// <ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type = checkid($_POST['type']);
$type_name = $db->escape($_POST['type_name']);
$type_email = $db->escape($_POST['type_email']);
$type_location = $db->escape($_POST['type_location']);
$type_phone = $db->escape($_POST['type_phone']);
$db->query("INSERT INTO site_types(type,type_name,type_email,type_location,type_phone) VALUES( {$type},'{$type_name}','{$type_email}','{$type_location}','{$type_phone}');");
header("Location: fhd_settings_action.php?type={$type}");
} else {
//not verified, warning and exit!
echo "<p class='save'>Warning: Verification Error!</p>";
exit;
}
}
// </ADD>
<?php
include "fhd_config.php";
if (ALLOW_REGISTER == "yes") {
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$q = $db->escape($_GET["q"]);
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$q = $db->escape($q);
$num = $db->get_var("select count(user_login) from site_users where user_login = '******';");
if ($num == 0) {
echo "<i class='glyphicon glyphicon-ok'></i> <small><em>available</em></small>";
} else {
echo "<i class='glyphicon glyphicon-ban-circle'></i> <small><em>name not available</em></small>";
}
}
/**********************************************************************
* ezSQL initialisation for mySQLi
*/
// Include ezSQL core
include_once "../shared/ez_sql_core.php";
// Include ezSQL database specific component
include_once "ez_sql_mysqli.php";
// Initialise database object and establish a connection
// at the same time - db_user / db_password / db_name / db_host
// db_host can "host:port" notation if you need to specify a custom port
$db = new ezSQL_mysqli('db_user', 'db_password', 'db_name', 'db_host');
/**********************************************************************
* ezSQL demo for mySQLi database
*/
// Demo of getting a single variable from the db
// (and using abstracted function sysdate)
$current_time = $db->get_var("SELECT " . $db->sysdate());
print "ezSQL demo for mySQL database run @ {$current_time}";
// Print out last query and results..
$db->debug();
// Get list of tables from current database..
$my_tables = $db->get_results("SHOW TABLES", ARRAY_N);
// Print out last query and results..
$db->debug();
// Loop through each row of results..
foreach ($my_tables as $table) {
// Get results of DESC table..
$db->get_results("DESC {$table['0']}");
// Print out last query and results..
$db->debug();
}
define('css', 'css/bootstrap.min.css');
echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>";
echo "<p>Please check the <strong>fhd_config.php</strong> file.</p>";
echo "<p>If this is a new install, you can <strong>rename fhd_config_sample.php to fhd_config.php</strong></p>";
echo "<p>Open fhd_config.php in a text editor and <strong>configure your settings</strong>.</p>";
echo "<p>For more information, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>";
include "includes/footer.php";
exit;
}
include "fhd_config.php";
include "includes/header.php";
//check database settings.
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$SCHEMA_NAME = $db->get_var("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '" . db_name . "';");
if ($SCHEMA_NAME != db_name) {
echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>";
echo "<p>Database specified in fhd_config.php [ " . db_name . " ] does not exist, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>";
include "includes/footer.php";
exit;
}
//check if tables actually exist.
$user_table_exists = $db->get_var("SHOW TABLES LIKE 'site_users';");
if ($user_table_exists != "site_users") {
echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>";
echo "<p>One or more database tables are missing from database (named: " . db_name . "). Please run <strong>site.sql</strong> against your databsae to create the tables. Please check the <a href='readme.htm' target='_blank'>readme file</a></p>";
include "includes/footer.php";
exit;
}
//create upload table if it does not exist.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Ticket Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
$call_id = checkid($_GET['call_id']);
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
//echo date('l jS \of F Y h:i:s A');
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"));
$site_calls = $db->get_row("SELECT call_id,call_first_name,call_last_name,call_phone,call_email,call_department,call_request,call_device,call_details ,call_date,call_date2,call_status,call_solution,call_user,call_staff FROM site_calls WHERE (call_id = {$call_id}) limit 1;");
?>
<h4><i class='fa fa-tag'></i> Ticket Details [ #<?php
echo $call_id;
?>
]</h4>
<?php
if ($user_level != 1) {
?>
<p><i class="glyphicon glyphicon-edit"></i> <a href="fhd_call_edit.php?call_id=<?php
echo $call_id;
?>
">Edit Ticket</a></p>
<?php
<!DOCTYPE html>
<html lang="es">
<head>
<?php
include "ncl/session.php";
include "ncl/checksession.php";
include "ncl/checksessionadmin.php";
include "ncl/head.php";
include "ncl/functions.php";
include "ncl/ez_sql_core.php";
include "ncl/ez_sql_mysqli.php";
$actionstatus = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$user_login = $db->escape($_POST['user_login']);
$user_email = $db->escape($_POST['user_email']);
//check email exists
$num = $db->get_var("select count(user_email) from site_users where (user_email = '{$user_email}');");
if ($num > 0) {
echo "<div class='alert alert-danger'><strong>Error:</strong> that email address is already in use.</div>";
include "ncl/footer.php";
exit;
}
//password function here
if (strlen($_POST['user_password']) > 4) {
$user_password = makepwd(trim($db->escape($_POST['user_password'])));
} else {
echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>";
<html lang="en">
<head>
<meta charset="utf-8">
<title>Edit User Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$actionstatus = "";
//<UPDATE>
if (isset($_POST['update'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$url_user_id = valid_user($_POST['url_user_id']);
$user_date = date(time());
$user_login = $db->escape($_POST['user_login']);
//password function here
$user_password_set = "";
if (strlen($_POST['user_password']) > 4) {
$user_password = makepwd(trim($db->escape($_POST['user_password'])));
$user_password_set = "user_password='******',";
}
$user_name = $db->escape($_POST['user_name']);
$user_email = $db->escape($_POST['user_email']);
$user_phone = $db->escape($_POST['user_phone']);
$user_address = $db->escape($_POST['user_address']);
$user_city = $db->escape($_POST['user_city']);
<html lang="en">
<head>
<meta charset="utf-8">
<title>Ticket Details</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/functions.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$actionstatus = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.";
$call_status = 0;
$call_date = strtotime(date('n/j/y g:i a'));
$call_first_name = $db->escape($_POST['call_first_name']);
$call_email = $db->escape($_POST['call_email']);
$call_phone = $db->escape($_POST['call_phone']);
$call_department = $db->escape((int) $_POST['call_department']);
$call_request = $db->escape((int) $_POST['call_request']);
$call_device = $db->escape((int) $_POST['call_device']);
$call_details = $db->escape($_POST['call_details']);
$db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');");
$insert_id = $db->insert_id;
//********** manage file upload
if (isset($insert_id)) {
if (FHD_UPLOAD_ALLOW == "yes") {
function sendmessage_closed($call_id)
{
$call_id = valid_id($call_id);
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$mail = new PHPMailer();
//Set who the message is to be sent from
$mail->SetFrom(FROM_EMAIL);
//Set who the message is to be sent to
$call_email = $db->get_var("SELECT call_email FROM site_calls WHERE call_id = {$call_id};");
$mail->AddAddress($call_email);
//Set the subject line
$mail->Subject = 'Ticket ' . FHD_TITLE . ' [# ' . $call_id . '] Closed.';
//Read an HTML message body from an external file, convert referenced images to embedded, convert HTML into a basic plain-text alternative body
$call_solution = $db->get_var("SELECT call_solution FROM site_calls WHERE call_id = {$call_id};");
$econtent = "Ticket Closed.<br><hr>" . $call_solution;
$mail->MsgHTML($econtent . "<br>");
//Send the message
$mail->Send();
}
<?php
ob_start();
include "includes/header.php";
include "includes/session.php";
include "includes/checksession.php";
include "fhd_config.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//DELETE FILE
//check nacl
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] != md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>";
exit;
}
} else {
echo "<div class=\"alert alert-danger\" style=\"width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>";
exit;
}
if (isset($_GET['delete'])) {
if ($_GET['delete'] == 1) {
$file_id = $db->escape($_GET['file_id']);
$call_id = $db->escape($_GET['call_id']);
$file_ext = $db->get_var("SELECT file_ext FROM site_upload WHERE (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;");
$realpath = md5(UPLOAD_KEY . $file_id) . "." . $file_ext;
unlink("upload/" . $realpath);
$db->query("DELETE FROM site_upload where (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;");
header("Location: fhd_call_edit.php?call_id={$call_id}");
exit;
<html>
<head>
<title>Edit Types</title>
<?php
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$actionstatus = "";
// <UPDATE>
//to do: need to check for duplicates...
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type_id = checkid($_POST['type_id']);
$type_name = $db->escape($_POST['type_name']);
// $type_email = $db->escape($_POST['type_email']);
// $type_location = $db->escape($_POST['type_location']);
// $type_phone = $db->escape($_POST['type_phone']);
// $db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;");
$db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};");
$actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n Updated.\n </div>";
}
}
// </UPDATE>
//check type variable
$type_id = checkid($_GET['id']);
$num = $db->get_var("select count(type_id) from site_types where type_id = {$type_id};");
