PageRenderTime 45ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/trunk/inc/admin_pref.php

#
PHP | 196 lines | 169 code | 11 blank | 16 comment | 53 complexity | adaf9e4db5d2c2db788bd31f41ae1fdf MD5 | raw file
    

  1. <?php

    2. 

  2. /*

    3. 

  3. 	eTicket, Open Source Support Ticket System

    4. 

  4. 	http://eticket.sourceforge.net/

    5. 

  5. 

    6. 

  6. 	Released under the GNU General Public License

    7. 

  7. */

    8. 

  8. 

    9. 

  9. if(!defined('ISINC')) die('serious error');

    10. 

  10. if ($_SESSION['user']['type'] !== 'admin') { die(LANG_ERROR_DENIED); }

    11. 

  11. 

    12. 

  12. if ($login[$a] || $login['ID'] == ADMIN) {

    13. 

  13.     if ($_POST['submitpref']) {

    14. 

  14.     	$sqls=array();

    15. 

  15.         if ($_POST['accept_attachments']) {

    16. 

  16.             if (!(is_writable($config['attachment_dir'])) && (file_exists($config['attachment_dir']))) {

    17. 

  17.                 unset($config['accept_attachments']);

    18. 

  18.                 $inc = 'pref';

    19. 

  19.             }

    20. 

  20.         }

    21. 

  21.         $_POST['accept_attachments']=isset($_POST['accept_attachments'])?1:0;

    22. 

  22.         $_POST['remove_original']=isset($_POST['remove_original'])?1:0;

    23. 

  23.         $_POST['search_disp']=isset($_POST['search_disp'])?1:0;

    24. 

  24.         $_POST['save_headers']=isset($_POST['save_headers'])?1:0;

    25. 

  25.         //keys for config table

    26. 

  26.         $query=mysql_query("SHOW COLUMNS FROM ".$db_table['config']);

    27. 

  27.         $keys=array();

    28. 

  28.         while ($fields=mysql_fetch_array($query)) {

    29. 

  29.         	$keys[]=$fields['Field'];

    30. 

  30.         }

    31. 

  31.         foreach ($keys as $key) {

    32. 

  32. 	        if (isset($_POST[$key])) $sqls[]="UPDATE ".$db_table['config']." SET ".$key." = ".escape_string($_POST[$key]).";";

    33. 

  33.       	}

    34. 

  34. 	    if (!empty($sqls)) {

    35. 

  35. 				if (mysql_error()) { $err[] = LANG_FAILED.': '.mysql_error(); }

    36. 

  36. 	      foreach ($sqls as $sql) {

    37. 

  37. 	      	if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    38. 

  38. 	      }

    39. 

  39. 	    }

    40. 

  40. 	    if (empty($err)) { header('Location: '.$_SERVER['REQUEST_URI']); die(); }

    41. 

  41.     }

    42. 

  42.     elseif ($_POST['submitset']) {

    43. 

  43.     	$sqls=array();

    44. 

  44.         //normal keys for settings

    45. 

  45.         $query=@mysql_query("SELECT `key` FROM `".$db_table['settings']."` WHERE `group`='' OR `group` IS NULL");

    46. 

  46.         if ($query) {

    47. 

  47. 	        while ($keys=mysql_fetch_array($query)) {

    48. 

  48. 	        	$key=$keys['key'];

    49. 

  49. 		        if (isset($_POST[$key])) $sqls[]="UPDATE ".$db_table['settings']." SET VALUE = ".escape_string($_POST[$key])." WHERE `key` = '".$key."' LIMIT 1;";

    50. 

  50. 	      	}

    51. 

  51.       	}

    52. 

  52. 	    if (!empty($sqls)) {

    53. 

  53. 				if (mysql_error()) { $err[] = LANG_FAILED.': '.mysql_error(); }

    54. 

  54. 	      foreach ($sqls as $sql) {

    55. 

  55. 	      	if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    56. 

  56. 	      }

    57. 

  57. 	    }

    58. 

  58. 	    if (empty($err)) { header('Location: '.$_SERVER['REQUEST_URI']); die(); }

    59. 

  59.     }

    60. 

  60.     elseif ($_POST['remove_filetype'] && $_POST['filetypes']) {

    61. 

  61.         $sql="UPDATE ".$db_table['config']." SET filetypes = REPLACE(filetypes, ".escape_string($_POST['filetypes'].';').", '')";

    62. 

  62.         if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    63. 

  63.         if (empty($err)) { header('Location: '.$_SERVER['REQUEST_URI']); die(); }

    64. 

  64.     }

    65. 

  65.     elseif ($_POST['add_filetype'] && $_POST['ext']) {

    66. 

  66.     		$ext=$_POST['ext'];

    67. 

  67.     		if ($ext{0} != '.') { $ext='.'.$ext; }

    68. 

  68.         $sql="UPDATE ".$db_table['config']." SET filetypes = CONCAT(filetypes, '$ext;')";

    69. 

  69.         if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    70. 

  70.         if (empty($err)) { header('Location: '.$_SERVER['REQUEST_URI']); die(); }

    71. 

  71.     }

    72. 

  72.     elseif ($_POST['answer_add']) {//button submit

    73. 

  73.     	$group=escape_string('answers');

    74. 

  74.     	$value=escape_string($_POST['answer_value']);

    75. 

  75.     	$key=escape_string($_POST['answer_key']);

    76. 

  76.     	$sql = "INSERT INTO ".$db_table['settings']." (`group`,`key`,`value`) VALUES (".$group.",".$key.",".$value.");";

    77. 

  77.     	if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    78. 

  78.     	$config['answers'][$_POST['answer_key']]=$_POST['answer_value'];

    79. 

  79.     	$_POST['answer']=$_POST['answer_key'];

    80. 

  80.     }

    81. 

  81.     elseif ($_POST['answer_save']) {//button submit

    82. 

  82.     	$group='answers';

    83. 

  83.     	$value=escape_string($_POST['answer_value']);

    84. 

  84.     	$key=escape_string($_POST['answer']);

    85. 

  85.     	$sql = "UPDATE `".$db_table['settings']."` SET `value` = ".$value." WHERE `key` = ".$key." AND `group` = '".$group."' LIMIT 1;";

    86. 

  86.     	if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    87. 

  87.     	$config['answers'][$_POST['answer']]=$_POST['answer_value'];

    88. 

  88.     }

    89. 

  89.     elseif ($_POST['answer_remove']) {//button submit

    90. 

  90.     	$group='answers';

    91. 

  91.     	$key=escape_string($_POST['answer']);

    92. 

  92.     	$sql="DELETE FROM `".$db_table['settings']."` WHERE `key` = ".$key." AND `group` = '".$group."' LIMIT 1";

    93. 

  93.     	if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    94. 

  94.     	if (empty($err)) { header('Location: '.$_SERVER['REQUEST_URI']); die(); }

    95. 

  95.     }

    96. 

  96.     elseif ($_POST['pri_save']) {//button submit

    97. 

  97.     	$key=(string) escape_string($_POST['pri']);

    98. 

  98.     	$group='pri_text';

    99. 

  99.     	$value=escape_string($_POST[$group]);

    100. 

  100.     	$sql = "UPDATE `".$db_table['settings']."` SET `value` = ".$value." WHERE `key` = ".$key." AND `group` = '".$group."' LIMIT 1;";

    101. 

  101.     	if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    102. 

  102.     	$config['pri_text'][(string) $config['pri'][$_POST['pri']]]=stripslashes($_POST['pri_text']);

    103. 

  103.     	$group='pri_style';

    104. 

  104.     	$value=escape_string($_POST[$group]);

    105. 

  105.     	$sql = "UPDATE `".$db_table['settings']."` SET `value` = ".$value." WHERE `key` = ".$key." AND `group` = '".$group."' LIMIT 1;";

    106. 

  106.     	if (!mysql_query($sql)) { $err[] = LANG_FAILED.': '.mysql_error()." :<br>\n $sql"; }

    107. 

  107.     	$config['pri_style'][(string) $config['pri'][$_POST['pri']]]=stripslashes($_POST['pri_style']);

    108. 

  108.     }

    109. 

  109.     $inc = 'admin_pref.html';

    110. 

  110. }

    111. 

  111. 

    112. 

  112. /* html start */

    113. 

  113. 

    114. 

  114. //filetypes

    115. 

  115. $array=explode(';', $config['filetypes']);

    116. 

  116. $tmp='';

    117. 

  117. if (!empty($array)) {

    118. 

  118.   foreach ($array as $key => $val) {

    119. 

  119.   	if (!empty($val)) {

    120. 

  120.   		$tmp.=sprintf($html['option'],$val,'',$val)."\n";

    121. 

  121.   	}

    122. 

  122.   }

    123. 

  123. }

    124. 

  124. $vars['filetypes']=$tmp;

    125. 

  125. 

    126. 

  126. //timezones

    127. 

  127. if ($timezones) { $array=$timezones; }

    128. 

  128. $tmp='';

    129. 

  129. if (!empty($array)) {

    130. 

  130. 	foreach ($array as $key => $val) {

    131. 

  131. 		$selected=($config['timezone'] == $key)?' SELECTED':'';

    132. 

  132. 		$tmp.=sprintf($html['option'],$key,$selected,$val)."\n";

    133. 

  133. 	}

    134. 

  134. }

    135. 

  135. $vars['timezones']=$tmp;

    136. 

  136. 

    137. 

  137. //tickets per page

    138. 

  138. $array=array(5,10,15,20,25,50,100);

    139. 

  139. $tmp='';

    140. 

  140. if (!empty($array)) {

    141. 

  141.   foreach ($array as $key => $val) {

    142. 

  142.   	$selected=($config['tickets_per_page'] == $val)?' SELECTED': '';

    143. 

  143.   	$tmp.=sprintf($html['option'],$val,$selected,$val)."\n";

    144. 

  144.   }

    145. 

  145. }

    146. 

  146. $vars['tickets_per_page']=$tmp;

    147. 

  147. 

    148. 

  148. //number of last answered to display

    149. 

  149. $array=array(5,10,15,20,25,50,100);

    150. 

  150. $tmp='';

    151. 

  151. if (!empty($array)) {

    152. 

  152.   foreach ($array as $key => $val) {

    153. 

  153.   	$selected=($config['umq'] == $val)?' SELECTED': '';

    154. 

  154.   	$tmp.=sprintf($html['option'],$val,$selected,$val)."\n";

    155. 

  155.   }

    156. 

  156. }

    157. 

  157. $vars['umq']=$tmp;

    158. 

  158. 

    159. 

  159. //predef_answers

    160. 

  160. $tmp='';

    161. 

  161. if ($config['answers']) { $array=$config['answers']; }

    162. 

  162. if (!empty($array)) {

    163. 

  163. 	foreach ($array as $key => $val) {

    164. 

  164. 		$selected=($_POST['answer'] == $key) ? ' SELECTED': '';

    165. 

  165. 		$key=htmlspecialchars($key);

    166. 

  166. 		$tmp.=sprintf($html['option'],$key,$selected,$key)."\n";

    167. 

  167. 	}

    168. 

  168. }

    169. 

  169. $vars['predef_answers']=$tmp;

    170. 

  170. 

    171. 

  171. //pri text/pri style

    172. 

  172. $tmp='';

    173. 

  173. $pri=$config['pri'][(string) $_POST['pri']];

    174. 

  174. if ($config['pri']) { $array=$config['pri']; }

    175. 

  175. if (!empty($array)) {

    176. 

  176. 	foreach ($array as $key => $val) {

    177. 

  177. 		$selected=($pri == $val) ? ' SELECTED': '';

    178. 

  178. 		$tmp.=sprintf($html['option'],$key,$selected,$val)."\n";

    179. 

  179. 	}

    180. 

  180. }

    181. 

  181. $vars['pri']=$tmp;

    182. 

  182. $vars['pri_text']=$pri?htmlspecialchars($config['pri_text'][$pri]):'';

    183. 

  183. $vars['pri_style']=$pri?htmlspecialchars($config['pri_style'][$pri]):'';

    184. 

  184. 

    185. 

  185. $array=getdirs($themes_dir);

    186. 

  186. $tmp='';

    187. 

  187. if (!empty($array)) {

    188. 

  188.   foreach ($array as $key => $val) {

    189. 

  189.   	$selected=($config['theme'] == $val) ? ' SELECTED': '';

    190. 

  190.   	$tmp.=sprintf($html['option'],$val,$selected,$val)."\n";

    191. 

  191.   }

    192. 

  192. }

    193. 

  193. $vars['themes']=$tmp;

    194. 

  194. 

    195. 

  195. /* html end */

    196. 

  196. ?>

    197. 

  197.