********************************************************************
Perform mySQL query and try to determine result value
| public query ( $query ) |
/**
* Perform mySQL query
*
* Added to the original function: logging of all queries
*
* @since 1.7
*/
function query($query)
{
// Keep history of all queries
$this->debug_log[] = $query;
// Original function
return parent::query($query);
}
$site_users = $db->get_row("select user_id,user_name,user_level from site_users WHERE {$checkusing} = '{$user_login}' limit 1;");
$user_id = $site_users->user_id;
$user_name = $site_users->user_name;
$user_level = $site_users->user_level;
if ($user_level == 0) {
$_SESSION['admin'] = 1;
} else {
$_SESSION['user'] = 1;
}
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_level'] = $user_level;
$_SESSION['hit'] = 0;
include "includes/all-nav.php";
echo "<!-- <p>{$user_id}</p> -->";
echo "<h2>Welcome, {$user_name}</h2>";
//record some details about this login
$lastip = $_SERVER['REMOTE_ADDR'];
//$last_login = mktime($dateTime->format("n/j/y g:i a"));
$last_login = date(time());
//echo $dateTime->format("Y-m-d h:i:s");
$db->query("UPDATE site_users SET last_ip = '{$lastip}',last_login = '******' WHERE user_id = {$user_id};");
//$d_last_login = $db->get_var("select last_login from site_users where user_id = $num limit 1;");
?>
<h3><a href="fhd_user_call_add.php" class="btn btn-large btn-primary btn-success">Open Ticket</a></h3>
<h3><a href="fhd_calls.php" class="btn btn-large btn-primary">View Tickets</a></h3>
<?php
include "includes/footer.php";
//password function here
if (strlen($_POST['user_password']) > 4) {
$user_password = makepwd(trim($db->escape($_POST['user_password'])));
} else {
echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>";
include "ncl/footer.php";
exit;
}
$user_name = $db->escape($_POST['user_name']);
$user_phone = $db->escape($_POST['user_phone']);
$user_address = $db->escape($_POST['user_address']);
$user_city = $db->escape($_POST['user_city']);
$user_state = $db->escape($_POST['user_state']);
$user_zip = $db->escape($_POST['user_zip']);
$user_country = $db->escape($_POST['user_country']);
$db->query("INSERT INTO site_users(user_login,user_email,user_password,user_name,user_phone,user_address,user_city,user_state,user_zip,user_country,user_level,user_status)VALUES('{$user_login}','{$user_email}','{$user_password}','{$user_name}','{$user_phone}','{$user_address}','{$user_city}','{$user_state}','{$user_zip}','{$user_country}',1,1);");
//$db->debug();
$actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n User Added.\n </div>";
}
}
//</ADD>
$nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"));
?>
</head>
<body class="pace-done skin-blue">
<?php
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
// <UPDATE>
if (isset($_POST['update'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
$note_id = checkid($_POST['note_id']);
$call_id = checkid($_POST['call_id']);
$user_id = $_SESSION['user_id'];
if ($user_id == $db->get_var("select note_post_user from site_notes where note_post_user = {$user_id};")) {
$note_body = trim(htmlentities($db->escape($_POST['note_body'])));
$note_post_ip = $db->escape($_SERVER['REMOTE_ADDR']);
$db->query("UPDATE site_notes SET note_body='{$note_body}',note_post_ip='{$note_post_ip}' WHERE note_id={$note_id};");
header("Location: fhd_call_edit.php?call_id={$call_id}");
//echo exit;
}
} else {
//not verified, warning and exit!
echo "<p>Warning: Verification Error!</p>";
exit;
}
}
// </UPDATE>
// <ADD>
if (isset($_POST['add'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$note_relation = checkid($_POST['note_relation']);
echo "<p>Database specified in fhd_config.php [ " . db_name . " ] does not exist, please check the <a href='readme.htm' target='_blank'>readme file</a>.</p>";
include "includes/footer.php";
exit;
}
//check if tables actually exist.
$user_table_exists = $db->get_var("SHOW TABLES LIKE 'site_users';");
if ($user_table_exists != "site_users") {
echo "<p></p><strong>Notice:</strong> Software Configuration Needed</p>";
echo "<p>One or more database tables are missing from database (named: " . db_name . "). Please run <strong>site.sql</strong> against your databsae to create the tables. Please check the <a href='readme.htm' target='_blank'>readme file</a></p>";
include "includes/footer.php";
exit;
}
//create upload table if it does not exist.
$upload_exists = $db->get_var("SHOW TABLES LIKE 'site_upload';");
if ($upload_exists != "site_upload") {
$db->query("CREATE TABLE `site_upload` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `call_id` int(11) NOT NULL,\n `file_name` varchar(255) DEFAULT NULL,\n `file_ext` varchar(4) DEFAULT NULL,\n `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n PRIMARY KEY (`id`),\n KEY `call_id` (`call_id`)\n) ;");
}
//create options table if it does not exist.
$options_exists = $db->get_var("SHOW TABLES LIKE 'site_options';");
if ($options_exists != "site_options") {
$db->query("CREATE TABLE `site_options` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `option_name` varchar(255) DEFAULT NULL,\n `option_value` varchar(500) DEFAULT NULL,\n `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n PRIMARY KEY (`id`),\n KEY `option_name` (`option_name`)\n) ;");
$db->query("INSERT INTO site_options(option_name) VALUES ('encrypted_passwords');");
}
if (isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
include "includes/all-nav.php";
echo "<p>Welcome</p>";
echo "<p><a href='fhd_dashboard.php'>Help Desk Dashboard</a></p>";
} else {
?>
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$actionstatus = "";
// <UPDATE>
//to do: need to check for duplicates...
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type_id = checkid($_POST['type_id']);
$type_name = $db->escape($_POST['type_name']);
// $type_email = $db->escape($_POST['type_email']);
// $type_location = $db->escape($_POST['type_location']);
// $type_phone = $db->escape($_POST['type_phone']);
// $db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;");
$db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};");
$actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n Updated.\n </div>";
}
}
// </UPDATE>
//check type variable
$type_id = checkid($_GET['id']);
$num = $db->get_var("select count(type_id) from site_types where type_id = {$type_id};");
if ($num == 0) {
echo "<p>Type does not exist (error 2)</p>";
include "includes/footer.php";
exit;
}
$nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"));
?>
echo '<h4>One-Time Password Encryption</h4>';
$encrypted_passwords = $db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';");
if ($encrypted_passwords == "yes") {
echo "<p class='text-danger'><strong>This function has already been run!</strong></p>";
include "includes/footer.php";
exit;
}
?>
<h4><strong>Please <u>backup database</u> before starting.</strong></h4>
<p><a href="fhd_admin_e.php?start=1" class="btn btn-success" onclick="return confirm('Please be sure you have a good database backup!')">Start</a> <a href="fhd_settings.php" class="btn btn-danger">Cancel</a></p>
<?php
if (isset($_GET['start'])) {
$db->query("ALTER TABLE `site_users` CHANGE `user_password` `user_password` VARCHAR( 225 );");
$myquery = "SELECT user_id,user_login,user_password from site_users;";
$e = $db->get_results($myquery);
foreach ($e as $ep) {
$user_id = $ep->user_id;
$user_login = $ep->user_login;
$user_password = $ep->user_password;
$hasher = new PasswordHash(8, false);
$hash = $hasher->HashPassword($user_password);
echo $user_login . " -> <i class='fa fa-lock'></i><br />";
$db->query("UPDATE `site_users` SET user_password = '******' WHERE user_id = {$user_id} limit 1;");
}
echo "<h4>Update Complete!</h4>";
//mark passwords as updated.
$db->query("UPDATE `site_options` SET option_value = 'yes' WHERE option_name = 'encrypted_passwords';");
}
} else {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Password must be at least 5 characters.</div>";
include "includes/footer.php";
exit;
}
}
//pending
if (REGISTER_APPROVAL == "yes") {
$user_pending = 1;
} else {
$user_pending = 0;
}
//user_msg_send
$user_msg_send = 1;
$query = "INSERT into site_users(user_login,user_email,user_name,user_password,last_ip,user_status,user_level,user_pending,user_msg_send)VALUES('{$login}','{$email}','{$name}','{$user_password}','{$ip}',1,1,{$user_pending},{$user_msg_send});";
$db->query($query);
//notify admin
$from = FROM_EMAIL;
$to = TO_EMAIL;
$subject = FHD_TITLE . ' New Registration';
// message
$message = '
<html>
<head>
<title>New Registration</title>
</head>
<body>
<p>New User Registration</p>
<p>Name: ' . $name . '</p>
<p>Login: '******'</p>
<p>Email: ' . $email . '</p>
$action = $db->escape($_GET['action']);
$key = $db->escape($_GET['key']);
//check if action is to reset password and that the key is not blank.
if ($action == "rp") {
if (!empty($key)) {
$myquery = "SELECT user_id,user_email FROM site_users WHERE user_im_other = '{$key}' limit 1;";
$resets = $db->get_row($myquery);
// if a record is returned then continue
if ($db->num_rows == 1) {
$user_email = $resets->user_email;
$user_id = $resets->user_id;
//generage a new password, set resetcode to blank so link cannot be used again.
$user_password_plain = generatePassword(8, 9);
$user_password = makepwd(trim($db->escape($user_password_plain)));
//update the password in the database.
$db->query("UPDATE site_users set user_password = '******',user_im_other = '' WHERE user_id = {$user_id} limit 1;");
//send out the message
$from = FROM_EMAIL;
$to = $user_email;
$subject = 'Your new password';
// message
$message = '
<html>
<body>
<p>HelpDesk New Password</p>
<p>Email: ' . $user_email . '</p>
<p>Password: '******'</p>
</body>
</html>
';
$headers = "From:" . $from . "\r\n";
include "includes/ez_sql_mysqli.php";
include "includes/class.phpmailer.php";
$action = "";
$actionstatus = "";
$close_email = "";
$statusquery = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$isnotes = $db->get_var("SELECT count(*) from site_notes WHERE (note_relation = {$call_id}) AND note_type = 1;");
//<DELETE>
if (isset($_GET['action'])) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$call_id = checkid($_GET['call_id']);
$db->query("UPDATE site_calls SET call_status = 3 WHERE call_id = {$call_id} limit 1;");
$db->query("UPDATE site_notes SET note_type = 0 WHERE note_relation = {$call_id};");
header("Location: fhd_calls.php");
}
}
}
}
//</DELETE>
//<UPDATE>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$call_id = checkid($_POST['call_id']);
//call details
$call_first_name = $db->escape($_POST['call_first_name']);
$call_email = $db->escape($_POST['call_email']);
$user_id = 0;
$call_status = 0;
$call_date = strtotime(date('n/j/y g:i a'));
$call_first_name = $db->escape($_POST['call_first_name']);
$call_email = $db->escape($_POST['call_email']);
if (!filter_var($call_email, FILTER_VALIDATE_EMAIL)) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>";
include "includes/footer.php";
exit;
}
$call_phone = $db->escape($_POST['call_phone']);
$call_department = $db->escape((int) $_POST['call_department']);
$call_request = $db->escape((int) $_POST['call_request']);
$call_device = $db->escape((int) $_POST['call_device']);
$call_details = $db->escape($_POST['call_details']);
$db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');");
$insert_id = $db->insert_id;
//<SEND EMAIL>
$headers = "From:" . FROM_EMAIL . "\r\n";
$headers .= "Reply-To: " . $from . "\r\n";
$headers .= "X-Mailer: PHP/" . phpversion() . "\r\n";
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$subject = "Ticket " . FHD_TITLE . " [# {$insert_id}]";
$message = "\n\t\t<html>\n\t\t<head>\n\t\t <title>Ticket</title>\n\t\t</head>\n\t\t<body>\n\t\t <p>Ticket Request Received.</p>\n\t\t <p>Ticket Number: {$insert_id}</p>\n\t\t <p>Name: {$call_first_name}</p>\n\t\t <p>Ticket Details: {$call_details}</p>\n\t\t\t";
mail($call_email, $subject, $message, $headers);
$mailsent = "&mailsent=yes";
//notify admin
mail(TO_EMAIL, "New Ticket [# {$insert_id}]", $message, $headers);
//</SEND EMAIL>
header("Location: fhd_any_call_add.php?added=yes&mailsent&insert_id={$insert_id}");
include "fhd_config.php";
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<DELETE>
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type_id = checkid($_GET['type_id']);
$action = $db->escape($_GET['action']);
$type = checkid($_GET['type']);
if ($action == 'delete') {
$db->query("DELETE FROM site_types where type_id = {$type_id};");
header("Location: fhd_settings_action.php?type={$type}");
}
}
}
//</DELETE>
//check type variable
$type = checkid($_GET['type']);
?>
<p><a href="fhd_settings.php">Settings</a></p>
<h4><?php
show_type_name($type);
?>
</h4>
<h5><i class="fa fa-plus"></i> <a href="fhd_add_type.php?type=<?php
include "includes/header.php";
include "includes/all-nav.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
// <ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$type = checkid($_POST['type']);
$type_name = $db->escape($_POST['type_name']);
$type_email = $db->escape($_POST['type_email']);
$type_location = $db->escape($_POST['type_location']);
$type_phone = $db->escape($_POST['type_phone']);
$db->query("INSERT INTO site_types(type,type_name,type_email,type_location,type_phone) VALUES( {$type},'{$type_name}','{$type_email}','{$type_location}','{$type_phone}');");
header("Location: fhd_settings_action.php?type={$type}");
} else {
//not verified, warning and exit!
echo "<p class='save'>Warning: Verification Error!</p>";
exit;
}
}
// </ADD>
//check type variable
$type = checkid($_GET['type']);
$nacl = md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"));
?>
<h4>Add: <?php
show_type_name($type);
}
$user_date = date(time());
$user_phone = $db->escape($_POST['user_phone']);
$user_address = $db->escape($_POST['user_address']);
$user_city = $db->escape($_POST['user_city']);
$user_state = $db->escape($_POST['user_state']);
$user_zip = $db->escape($_POST['user_zip']);
$user_country = $db->escape($_POST['user_country']);
$user_msg_send = 0;
if (isset($_POST['user_msg_send'])) {
$user_msg_send_value = $db->escape($_POST['user_msg_send']);
if ($user_msg_send_value == 1) {
$user_msg_send = 1;
}
}
$db->query("UPDATE site_users SET {$user_password_set} user_email='{$user_email}',user_name='{$user_name}',user_phone='{$user_phone}',user_address='{$user_address}',user_city='{$user_city}',user_state='{$user_state}',user_zip='{$user_zip}',user_country='{$user_country}',user_msg_send={$user_msg_send} where user_id = {$user_id};");
$actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 110px;\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>Updated.</div>";
}
}
//</UPDATE>
$nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"));
$site_users = $db->get_row("SELECT user_login,user_password,user_name,user_address,user_city,user_state,user_zip,user_country,user_phone,user_email,user_msg_send,user_level FROM site_users WHERE (user_id = {$user_id}) limit 1;");
$user_msg_send = $site_users->user_msg_send;
?>
<?php
echo $actionstatus;
?>
<h4><i class="fa fa-user"></i> My Account <small>(<?php
echo $user_id;
?>
$actionstatus = "";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.";
$call_status = 0;
$call_date = strtotime(date('n/j/y g:i a'));
$call_first_name = $db->escape($_POST['call_first_name']);
$call_email = $db->escape($_POST['call_email']);
$call_phone = $db->escape($_POST['call_phone']);
$call_department = $db->escape((int) $_POST['call_department']);
$call_request = $db->escape((int) $_POST['call_request']);
$call_device = $db->escape((int) $_POST['call_device']);
$call_details = $db->escape($_POST['call_details']);
$db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');");
$insert_id = $db->insert_id;
//********** manage file upload
if (isset($insert_id)) {
if (FHD_UPLOAD_ALLOW == "yes") {
$file_name = $_FILES['hasupload']['name'];
if ($file_name != '') {
$files_var1 = $_FILES["hasupload"]["name"];
$files_var2 = explode(".", $files_var1);
$extension = end($files_var2);
if (in_array(strtolower($extension), $allowedExts)) {
$db->query("INSERT into site_upload(call_id,file_name,file_ext)VALUES({$insert_id},'{$file_name}','{$extension}');");
$upload_id = $db->insert_id;
$path = "upload/" . md5(UPLOAD_KEY . $upload_id) . "." . $extension;
copy($_FILES['hasupload']['tmp_name'], $path);
}
}
$user_msg_send = 0;
if (isset($_POST['user_msg_send'])) {
$user_msg_send_value = $db->escape($_POST['user_msg_send']);
if ($user_msg_send_value == 1) {
$user_msg_send = 1;
}
}
$user_pending = 0;
if (isset($_POST['user_pending'])) {
$user_pending_value = $db->escape($_POST['user_pending']);
if ($user_pending_value == 1) {
$user_pending = 1;
}
}
$db->query("UPDATE site_users SET {$user_password_set} user_email='{$user_email}',user_name='{$user_name}',user_phone='{$user_phone}',user_address='{$user_address}',user_city='{$user_city}',user_state='{$user_state}',user_zip='{$user_zip}',user_country='{$user_country}',user_level={$user_level},user_msg_send={$user_msg_send},user_protect_edit={$user_protect_edit},user_pending={$user_pending} where user_id = {$url_user_id};");
$actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n User Update Successful.\n </div>";
//$db->debug();
}
}
//</UPDATE>
if (isset($_REQUEST['url_user_id'])) {
$url_user_id = valid_user($_REQUEST['url_user_id']);
$site_users = $db->get_row("SELECT user_login,user_password,user_name,user_address,user_city,user_state,user_zip,user_country,user_phone,user_email,user_msg_send,user_protect_edit,user_pending,user_level FROM site_users WHERE (user_id = {$url_user_id}) limit 1;");
$user_msg_send = $site_users->user_msg_send;
$user_protect_edit = $site_users->user_protect_edit;
$user_pending = $site_users->user_pending;
}
$nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"));
echo $actionstatus;
?>
include "includes/header.php";
include "includes/session.php";
include "includes/checksession.php";
include "fhd_config.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//DELETE FILE
//check nacl
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] != md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>";
exit;
}
} else {
echo "<div class=\"alert alert-danger\" style=\"width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>";
exit;
}
if (isset($_GET['delete'])) {
if ($_GET['delete'] == 1) {
$file_id = $db->escape($_GET['file_id']);
$call_id = $db->escape($_GET['call_id']);
$file_ext = $db->get_var("SELECT file_ext FROM site_upload WHERE (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;");
$realpath = md5(UPLOAD_KEY . $file_id) . "." . $file_ext;
unlink("upload/" . $realpath);
$db->query("DELETE FROM site_upload where (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;");
header("Location: fhd_call_edit.php?call_id={$call_id}");
exit;
}
}
//END DELETE FILE
include "includes/session.php";
include "includes/checksession.php";
include "includes/checksession_ss.php";
include "fhd_config.php";
include "includes/ez_sql_core.php";
include "includes/ez_sql_mysqli.php";
include "includes/functions.php";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
//<EDIT NOTE>
if ($_GET['action'] == 'delete') {
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$note_id = checkid($_GET['note_id']);
$call_id = checkid($_GET['call_id']);
$db->query("UPDATE site_notes SET note_type = 0 where note_id = {$note_id} limit 1;");
header("Location: fhd_call_edit.php?call_id={$call_id}");
}
}
}
//</EDIT NOTE>
//<DELETE NOTE>
if ($_GET['action'] == 'delete') {
if (isset($_GET['nacl'])) {
if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$note_id = checkid($_GET['note_id']);
$call_id = checkid($_GET['call_id']);
$db->query("UPDATE site_notes SET note_type = 0 where note_id = {$note_id} limit 1;");
header("Location: fhd_call_edit.php?call_id={$call_id}#notes");
}
