/** * Perform mySQL query * * Added to the original function: logging of all queries * * @since 1.7 */ function query($query) { // Keep history of all queries $this->debug_log[] = $query; // Original function return parent::query($query); }
$site_users = $db->get_row("select user_id,user_name,user_level from site_users WHERE {$checkusing} = '{$user_login}' limit 1;"); $user_id = $site_users->user_id; $user_name = $site_users->user_name; $user_level = $site_users->user_level; if ($user_level == 0) { $_SESSION['admin'] = 1; } else { $_SESSION['user'] = 1; } $_SESSION['user_id'] = $user_id; $_SESSION['user_name'] = $user_name; $_SESSION['user_level'] = $user_level; $_SESSION['hit'] = 0; include "includes/all-nav.php"; echo "<!-- <p>{$user_id}</p> -->"; echo "<h2>Welcome, {$user_name}</h2>"; //record some details about this login $lastip = $_SERVER['REMOTE_ADDR']; //$last_login = mktime($dateTime->format("n/j/y g:i a")); $last_login = date(time()); //echo $dateTime->format("Y-m-d h:i:s"); $db->query("UPDATE site_users SET last_ip = '{$lastip}',last_login = '******' WHERE user_id = {$user_id};"); //$d_last_login = $db->get_var("select last_login from site_users where user_id = $num limit 1;"); ?> <h3><a href="fhd_user_call_add.php" class="btn btn-large btn-primary btn-success">Open Ticket</a></h3> <h3><a href="fhd_calls.php" class="btn btn-large btn-primary">View Tickets</a></h3> <?php include "includes/footer.php";
//password function here if (strlen($_POST['user_password']) > 4) { $user_password = makepwd(trim($db->escape($_POST['user_password']))); } else { echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>"; include "ncl/footer.php"; exit; } $user_name = $db->escape($_POST['user_name']); $user_phone = $db->escape($_POST['user_phone']); $user_address = $db->escape($_POST['user_address']); $user_city = $db->escape($_POST['user_city']); $user_state = $db->escape($_POST['user_state']); $user_zip = $db->escape($_POST['user_zip']); $user_country = $db->escape($_POST['user_country']); $db->query("INSERT INTO site_users(user_login,user_email,user_password,user_name,user_phone,user_address,user_city,user_state,user_zip,user_country,user_level,user_status)VALUES('{$user_login}','{$user_email}','{$user_password}','{$user_name}','{$user_phone}','{$user_address}','{$user_city}','{$user_state}','{$user_zip}','{$user_country}',1,1);"); //$db->debug(); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n User Added.\n </div>"; } } //</ADD> $nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};")); ?> </head> <body class="pace-done skin-blue"> <?php
include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); // <UPDATE> if (isset($_POST['update'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) { $note_id = checkid($_POST['note_id']); $call_id = checkid($_POST['call_id']); $user_id = $_SESSION['user_id']; if ($user_id == $db->get_var("select note_post_user from site_notes where note_post_user = {$user_id};")) { $note_body = trim(htmlentities($db->escape($_POST['note_body']))); $note_post_ip = $db->escape($_SERVER['REMOTE_ADDR']); $db->query("UPDATE site_notes SET note_body='{$note_body}',note_post_ip='{$note_post_ip}' WHERE note_id={$note_id};"); header("Location: fhd_call_edit.php?call_id={$call_id}"); //echo exit; } } else { //not verified, warning and exit! echo "<p>Warning: Verification Error!</p>"; exit; } } // </UPDATE> // <ADD> if (isset($_POST['add'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $note_relation = checkid($_POST['note_relation']);
echo "<p>Database specified in fhd_config.php [ " . db_name . " ] does not exist, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>"; include "includes/footer.php"; exit; } //check if tables actually exist. $user_table_exists = $db->get_var("SHOW TABLES LIKE 'site_users';"); if ($user_table_exists != "site_users") { echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>"; echo "<p>One or more database tables are missing from database (named: " . db_name . "). Please run <strong>site.sql</strong> against your databsae to create the tables. Please check the <a href='readme.htm' target='_blank'>readme file</a></p>"; include "includes/footer.php"; exit; } //create upload table if it does not exist. $upload_exists = $db->get_var("SHOW TABLES LIKE 'site_upload';"); if ($upload_exists != "site_upload") { $db->query("CREATE TABLE `site_upload` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `call_id` int(11) NOT NULL,\n `file_name` varchar(255) DEFAULT NULL,\n `file_ext` varchar(4) DEFAULT NULL,\n `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n PRIMARY KEY (`id`),\n KEY `call_id` (`call_id`)\n) ;"); } //create options table if it does not exist. $options_exists = $db->get_var("SHOW TABLES LIKE 'site_options';"); if ($options_exists != "site_options") { $db->query("CREATE TABLE `site_options` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `option_name` varchar(255) DEFAULT NULL,\n `option_value` varchar(500) DEFAULT NULL,\n `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n PRIMARY KEY (`id`),\n KEY `option_name` (`option_name`)\n) ;"); $db->query("INSERT INTO site_options(option_name) VALUES ('encrypted_passwords');"); } if (isset($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; include "includes/all-nav.php"; echo "<p>Welcome</p>"; echo "<p><a href='fhd_dashboard.php'>Help Desk Dashboard</a></p>"; } else { ?>
include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $actionstatus = ""; // <UPDATE> //to do: need to check for duplicates... if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_POST['type_id']); $type_name = $db->escape($_POST['type_name']); // $type_email = $db->escape($_POST['type_email']); // $type_location = $db->escape($_POST['type_location']); // $type_phone = $db->escape($_POST['type_phone']); // $db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;"); $db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};"); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n Updated.\n </div>"; } } // </UPDATE> //check type variable $type_id = checkid($_GET['id']); $num = $db->get_var("select count(type_id) from site_types where type_id = {$type_id};"); if ($num == 0) { echo "<p>Type does not exist (error 2)</p>"; include "includes/footer.php"; exit; } $nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};")); ?>
echo '<h4>One-Time Password Encryption</h4>'; $encrypted_passwords = $db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';"); if ($encrypted_passwords == "yes") { echo "<p class='text-danger'><strong>This function has already been run!</strong></p>"; include "includes/footer.php"; exit; } ?> <h4><strong>Please <u>backup database</u> before starting.</strong></h4> <p><a href="fhd_admin_e.php?start=1" class="btn btn-success" onclick="return confirm('Please be sure you have a good database backup!')">Start</a> <a href="fhd_settings.php" class="btn btn-danger">Cancel</a></p> <?php if (isset($_GET['start'])) { $db->query("ALTER TABLE `site_users` CHANGE `user_password` `user_password` VARCHAR( 225 );"); $myquery = "SELECT user_id,user_login,user_password from site_users;"; $e = $db->get_results($myquery); foreach ($e as $ep) { $user_id = $ep->user_id; $user_login = $ep->user_login; $user_password = $ep->user_password; $hasher = new PasswordHash(8, false); $hash = $hasher->HashPassword($user_password); echo $user_login . " -> <i class='fa fa-lock'></i><br />"; $db->query("UPDATE `site_users` SET user_password = '******' WHERE user_id = {$user_id} limit 1;"); } echo "<h4>Update Complete!</h4>"; //mark passwords as updated. $db->query("UPDATE `site_options` SET option_value = 'yes' WHERE option_name = 'encrypted_passwords';"); }
} else { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Password must be at least 5 characters.</div>"; include "includes/footer.php"; exit; } } //pending if (REGISTER_APPROVAL == "yes") { $user_pending = 1; } else { $user_pending = 0; } //user_msg_send $user_msg_send = 1; $query = "INSERT into site_users(user_login,user_email,user_name,user_password,last_ip,user_status,user_level,user_pending,user_msg_send)VALUES('{$login}','{$email}','{$name}','{$user_password}','{$ip}',1,1,{$user_pending},{$user_msg_send});"; $db->query($query); //notify admin $from = FROM_EMAIL; $to = TO_EMAIL; $subject = FHD_TITLE . ' New Registration'; // message $message = ' <html> <head> <title>New Registration</title> </head> <body> <p>New User Registration</p> <p>Name: ' . $name . '</p> <p>Login: '******'</p> <p>Email: ' . $email . '</p>
$action = $db->escape($_GET['action']); $key = $db->escape($_GET['key']); //check if action is to reset password and that the key is not blank. if ($action == "rp") { if (!empty($key)) { $myquery = "SELECT user_id,user_email FROM site_users WHERE user_im_other = '{$key}' limit 1;"; $resets = $db->get_row($myquery); // if a record is returned then continue if ($db->num_rows == 1) { $user_email = $resets->user_email; $user_id = $resets->user_id; //generage a new password, set resetcode to blank so link cannot be used again. $user_password_plain = generatePassword(8, 9); $user_password = makepwd(trim($db->escape($user_password_plain))); //update the password in the database. $db->query("UPDATE site_users set user_password = '******',user_im_other = '' WHERE user_id = {$user_id} limit 1;"); //send out the message $from = FROM_EMAIL; $to = $user_email; $subject = 'Your new password'; // message $message = ' <html> <body> <p>HelpDesk New Password</p> <p>Email: ' . $user_email . '</p> <p>Password: '******'</p> </body> </html> '; $headers = "From:" . $from . "\r\n";
include "includes/ez_sql_mysqli.php"; include "includes/class.phpmailer.php"; $action = ""; $actionstatus = ""; $close_email = ""; $statusquery = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $isnotes = $db->get_var("SELECT count(*) from site_notes WHERE (note_relation = {$call_id}) AND note_type = 1;"); //<DELETE> if (isset($_GET['action'])) { if ($_GET['action'] == 'delete') { if (isset($_GET['nacl'])) { if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $call_id = checkid($_GET['call_id']); $db->query("UPDATE site_calls SET call_status = 3 WHERE call_id = {$call_id} limit 1;"); $db->query("UPDATE site_notes SET note_type = 0 WHERE note_relation = {$call_id};"); header("Location: fhd_calls.php"); } } } } //</DELETE> //<UPDATE> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $call_id = checkid($_POST['call_id']); //call details $call_first_name = $db->escape($_POST['call_first_name']); $call_email = $db->escape($_POST['call_email']);
$user_id = 0; $call_status = 0; $call_date = strtotime(date('n/j/y g:i a')); $call_first_name = $db->escape($_POST['call_first_name']); $call_email = $db->escape($_POST['call_email']); if (!filter_var($call_email, FILTER_VALIDATE_EMAIL)) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>"; include "includes/footer.php"; exit; } $call_phone = $db->escape($_POST['call_phone']); $call_department = $db->escape((int) $_POST['call_department']); $call_request = $db->escape((int) $_POST['call_request']); $call_device = $db->escape((int) $_POST['call_device']); $call_details = $db->escape($_POST['call_details']); $db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');"); $insert_id = $db->insert_id; //<SEND EMAIL> $headers = "From:" . FROM_EMAIL . "\r\n"; $headers .= "Reply-To: " . $from . "\r\n"; $headers .= "X-Mailer: PHP/" . phpversion() . "\r\n"; $headers .= "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; $subject = "Ticket " . FHD_TITLE . " [# {$insert_id}]"; $message = "\n\t\t<html>\n\t\t<head>\n\t\t <title>Ticket</title>\n\t\t</head>\n\t\t<body>\n\t\t <p>Ticket Request Received.</p>\n\t\t <p>Ticket Number: {$insert_id}</p>\n\t\t <p>Name: {$call_first_name}</p>\n\t\t <p>Ticket Details: {$call_details}</p>\n\t\t\t"; mail($call_email, $subject, $message, $headers); $mailsent = "&mailsent=yes"; //notify admin mail(TO_EMAIL, "New Ticket [# {$insert_id}]", $message, $headers); //</SEND EMAIL> header("Location: fhd_any_call_add.php?added=yes&mailsent&insert_id={$insert_id}");
include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<DELETE> if (isset($_GET['nacl'])) { if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_GET['type_id']); $action = $db->escape($_GET['action']); $type = checkid($_GET['type']); if ($action == 'delete') { $db->query("DELETE FROM site_types where type_id = {$type_id};"); header("Location: fhd_settings_action.php?type={$type}"); } } } //</DELETE> //check type variable $type = checkid($_GET['type']); ?> <p><a href="fhd_settings.php">Settings</a></p> <h4><?php show_type_name($type); ?> </h4> <h5><i class="fa fa-plus"></i> <a href="fhd_add_type.php?type=<?php
include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); // <ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type = checkid($_POST['type']); $type_name = $db->escape($_POST['type_name']); $type_email = $db->escape($_POST['type_email']); $type_location = $db->escape($_POST['type_location']); $type_phone = $db->escape($_POST['type_phone']); $db->query("INSERT INTO site_types(type,type_name,type_email,type_location,type_phone) VALUES( {$type},'{$type_name}','{$type_email}','{$type_location}','{$type_phone}');"); header("Location: fhd_settings_action.php?type={$type}"); } else { //not verified, warning and exit! echo "<p class='save'>Warning: Verification Error!</p>"; exit; } } // </ADD> //check type variable $type = checkid($_GET['type']); $nacl = md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};")); ?> <h4>Add: <?php show_type_name($type);
} $user_date = date(time()); $user_phone = $db->escape($_POST['user_phone']); $user_address = $db->escape($_POST['user_address']); $user_city = $db->escape($_POST['user_city']); $user_state = $db->escape($_POST['user_state']); $user_zip = $db->escape($_POST['user_zip']); $user_country = $db->escape($_POST['user_country']); $user_msg_send = 0; if (isset($_POST['user_msg_send'])) { $user_msg_send_value = $db->escape($_POST['user_msg_send']); if ($user_msg_send_value == 1) { $user_msg_send = 1; } } $db->query("UPDATE site_users SET {$user_password_set} user_email='{$user_email}',user_name='{$user_name}',user_phone='{$user_phone}',user_address='{$user_address}',user_city='{$user_city}',user_state='{$user_state}',user_zip='{$user_zip}',user_country='{$user_country}',user_msg_send={$user_msg_send} where user_id = {$user_id};"); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 110px;\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>Updated.</div>"; } } //</UPDATE> $nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};")); $site_users = $db->get_row("SELECT user_login,user_password,user_name,user_address,user_city,user_state,user_zip,user_country,user_phone,user_email,user_msg_send,user_level FROM site_users WHERE (user_id = {$user_id}) limit 1;"); $user_msg_send = $site_users->user_msg_send; ?> <?php echo $actionstatus; ?> <h4><i class="fa fa-user"></i> My Account <small>(<?php echo $user_id; ?>
$actionstatus = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue."; $call_status = 0; $call_date = strtotime(date('n/j/y g:i a')); $call_first_name = $db->escape($_POST['call_first_name']); $call_email = $db->escape($_POST['call_email']); $call_phone = $db->escape($_POST['call_phone']); $call_department = $db->escape((int) $_POST['call_department']); $call_request = $db->escape((int) $_POST['call_request']); $call_device = $db->escape((int) $_POST['call_device']); $call_details = $db->escape($_POST['call_details']); $db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');"); $insert_id = $db->insert_id; //********** manage file upload if (isset($insert_id)) { if (FHD_UPLOAD_ALLOW == "yes") { $file_name = $_FILES['hasupload']['name']; if ($file_name != '') { $files_var1 = $_FILES["hasupload"]["name"]; $files_var2 = explode(".", $files_var1); $extension = end($files_var2); if (in_array(strtolower($extension), $allowedExts)) { $db->query("INSERT into site_upload(call_id,file_name,file_ext)VALUES({$insert_id},'{$file_name}','{$extension}');"); $upload_id = $db->insert_id; $path = "upload/" . md5(UPLOAD_KEY . $upload_id) . "." . $extension; copy($_FILES['hasupload']['tmp_name'], $path); }
} $user_msg_send = 0; if (isset($_POST['user_msg_send'])) { $user_msg_send_value = $db->escape($_POST['user_msg_send']); if ($user_msg_send_value == 1) { $user_msg_send = 1; } } $user_pending = 0; if (isset($_POST['user_pending'])) { $user_pending_value = $db->escape($_POST['user_pending']); if ($user_pending_value == 1) { $user_pending = 1; } } $db->query("UPDATE site_users SET {$user_password_set} user_email='{$user_email}',user_name='{$user_name}',user_phone='{$user_phone}',user_address='{$user_address}',user_city='{$user_city}',user_state='{$user_state}',user_zip='{$user_zip}',user_country='{$user_country}',user_level={$user_level},user_msg_send={$user_msg_send},user_protect_edit={$user_protect_edit},user_pending={$user_pending} where user_id = {$url_user_id};"); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n User Update Successful.\n </div>"; //$db->debug(); } } //</UPDATE> if (isset($_REQUEST['url_user_id'])) { $url_user_id = valid_user($_REQUEST['url_user_id']); $site_users = $db->get_row("SELECT user_login,user_password,user_name,user_address,user_city,user_state,user_zip,user_country,user_phone,user_email,user_msg_send,user_protect_edit,user_pending,user_level FROM site_users WHERE (user_id = {$url_user_id}) limit 1;"); $user_msg_send = $site_users->user_msg_send; $user_protect_edit = $site_users->user_protect_edit; $user_pending = $site_users->user_pending; } $nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};")); echo $actionstatus; ?>
include "includes/header.php"; include "includes/session.php"; include "includes/checksession.php"; include "fhd_config.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //DELETE FILE //check nacl if (isset($_GET['nacl'])) { if ($_GET['nacl'] != md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { echo "<div class=\"alert alert-danger\" style=\"max-width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>"; exit; } } else { echo "<div class=\"alert alert-danger\" style=\"width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>"; exit; } if (isset($_GET['delete'])) { if ($_GET['delete'] == 1) { $file_id = $db->escape($_GET['file_id']); $call_id = $db->escape($_GET['call_id']); $file_ext = $db->get_var("SELECT file_ext FROM site_upload WHERE (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;"); $realpath = md5(UPLOAD_KEY . $file_id) . "." . $file_ext; unlink("upload/" . $realpath); $db->query("DELETE FROM site_upload where (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;"); header("Location: fhd_call_edit.php?call_id={$call_id}"); exit; } } //END DELETE FILE
include "includes/session.php"; include "includes/checksession.php"; include "includes/checksession_ss.php"; include "fhd_config.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<EDIT NOTE> if ($_GET['action'] == 'delete') { if (isset($_GET['nacl'])) { if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $note_id = checkid($_GET['note_id']); $call_id = checkid($_GET['call_id']); $db->query("UPDATE site_notes SET note_type = 0 where note_id = {$note_id} limit 1;"); header("Location: fhd_call_edit.php?call_id={$call_id}"); } } } //</EDIT NOTE> //<DELETE NOTE> if ($_GET['action'] == 'delete') { if (isset($_GET['nacl'])) { if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $note_id = checkid($_GET['note_id']); $call_id = checkid($_GET['call_id']); $db->query("UPDATE site_notes SET note_type = 0 where note_id = {$note_id} limit 1;"); header("Location: fhd_call_edit.php?call_id={$call_id}#notes"); }